Tuesday, 23 May 2017

PYTHON - Simple Calculator

PYTHON - Simple Calculator



print("RoCk StAr DeViL")
while True:
  print("Options:")
  print("Enter 'add' to add two numbers")
  print("Enter 'subtract' to subtract two numbers")
  print("Enter 'multiply' to multiply two numbers")
  print("Enter 'divide' to divide two numbers")
  print("Enter 'quit' to end the program")
  user_input = input(":")
  if user_input == "quit":
    break
  elif user_input == "add":
    num1 = float(input("Enter a number: "))
    num2 = float(input("Enter another number: "))
    result = str(num1 + num2)
    print("The answer is " + result)
  elif user_input == "multiply":
    num1 = float(input("Enter a number: "))
    num2 = float(input("Enter another number: "))
    result = str(num1 * num2)
    print("The answer is " + result)
  elif user_input == "subtract":
    num1 = float(input("Enter a number: "))
    num2 = float(input("Enter another number: "))
    result = str(num1 - num2)
    print("The answer is " + result)
  elif user_input == "divide":
    num1 = float(input("Enter a number: "))
    num2 = float(input("Enter another number: "))
    result = str(num1 / num2)
    print("The answer is " + result)
  elif user_input != "add" or "subtract" or "mulitply" or "divide" or "quit":
    print("Please enter a valid option.")


















EXAMPLE - 
 
 

python - example "for while loop" for addtion and substration

a = 1
s = 0
print('enter number to add to the sum')
print ('enter 0 to quit')

while a != 0:
    print('current sum', s)
    a = float(input('no.?     '))
    s = s + a
    print ('total sum =  ' ,s)

Monday, 22 May 2017

VMware Workstation 6,7,8,9,10,11,12 Universal License Keys for Win & Linux

universal License Keys for all old versions of VMware Workstation 6.x, 7.x, 8.x, 9.x, 10.x, 11.x and 12.x on Windows & Linux (supports both 32-bit and 64-bit OS) in this one post. If you�re finding the ones for VMware Workstation 12.x, go here.

// 6~12 Universal License Keys List //

VersionLicense Keys
VMware Workstation 6.x
  • A0E8R-YUDFV-6AK2F-4GAN2
  • CRX0D-VWL0V-7CJ6C-46C7A
  • NA8RX-QPNDU-D2LA9-4WAZL
  • 1H4WM-N21FZ-7GK2A-44U5U
  • 6AJ6N-THY2P-42KEF-4WTFG
VMware Workstation 7.x
  • FU3D8-28X0N-H8DJQ-4GZZX-MY2T8
  • ZY7M2-8ZX81-0813Y-AWPG9-PP0G6
  • CC3W8-DTX9M-4853Y-HPQGX-NU8X6
  • YU15U-6TWDQ-H88RZ-GGNXC-QFATA
  • AF1T0-FMZEL-H88FQ-N5NXG-PZUX0
  • GC3MU-28W06-M80WQ-R4ZXV-YFK98
  • UA5J0-0HW13-48EMY-VXQNZ-NFUD2
  • VF7WU-2GF14-488CP-R4Z7Z-NL2YF
VMware Workstation 8.x
  • 0A494-8U0EM-UZ2A9-0105M-A303M
  • MA406-25387-7ZNW8-F197P-1AL2D
  • 4A4GP-6PLD0-QZTP9-WK0NK-C3UQD
  • 4A2XP-D03DN-7Z6H9-Z2ANM-0C9PFD
  • 0F0G8-FK29Q-AZ529-2J1NP-AC02F
VMware Workstation 9.x
  • 5U63Y-6QL1K-GZ7K0-ZV17M-3CMQ0
  • JY4TJ-68L9H-8ZQE1-GA1Q2-03K22
  • MF471-0R007-RZHD9-TLCNK-3204G
  • JF09R-AU34Q-7Z6R8-JKAN0-9C7QJ
  • HY4KG-6KK47-CZCC1-Y8CQ4-13DK1
  • 0U28Q-DP31H-QZL68-8J0QH-AAUK4
  • 0F0PV-AWJ0L-GZLM0-H1874-CA839
  • 0A6H6-4DL4N-KZQX9-Y09QH-9AF3G
  • 0F23V-4D38L-9ZQ38-2K37H-83C50
  • 0F03K-80JEQ-8ZF89-8287H-A2R47
  • 0A22R-400EM-EZ4W8-3K9NK-3AUPL
  • NA64Z-0V054-UZVC0-2L370-837K4
VMware Workstation 10.x
  • 5F211-0MJ82-LZE99-9LCN0-A3A3M
  • 4F4HJ-FDL83-KZVL9-LC17P-22JJG
  • HV0RV-00K4K-GZ8N1-XUAN2-23Z4A
  • MY2A4-DMJ8N-HZUA8-2V2Q6-02EKD
  • NY65G-6238N-PZQ59-1L172-9AT4L
  • 5Y2RY-FK21L-YZZY8-VV1Q4-1A24R
  • JY65Q-43L9J-TZGP8-80AQH-3AG3H
  • 0Z6PT-F0K50-QZXW8-698Q0-3AR69
  • NF05Z-08346-TZDE0-213NK-C3Q59
  • 1F0ML-FRH97-0ZZA8-1JA74-8AF6X
  • 5F29M-48312-8ZDF9-A8A5K-2AM0Z
VMware Workstation 11.x
  • VV7XU-F6DDQ-485DZ-X4M7T-PF8ZD
  • ZG75H-FZF83-M8DLZ-4ZW5E-NP0W0
  • AV518-09FD0-48D1P-EMQEX-Z72C6
  • GG7W0-DAY5Q-0858Q-6GWZ9-W7RT8
  • CV512-FAW91-085NP-DMXQX-QLHAF
  • AA7DU-APW15-H848Q-P5ZGZ-PCRC2
  • VU1N2-6DE5N-M8DLQ-AEMEV-XA2Z4
  • UV3NR-AMZ17-08EZP-9YQQE-MZAY8
  • GC75U-21E50-M8D5Q-K6YQX-W28V8
  • 1F04Z-6D111-7Z029-AV0Q4-3AEH8
  • CZ7E2-2FY5P-08DUP-6XNXG-WPKE8
VMware Workstation 12.x
  • AG31K-0GD5P-08ERP-TEQZV-WG09A
  • UA7T0-2HF5L-080FP-MMPZ9-PKAC6
  • VA3RR-4HF4Q-M89DY-G7PG9-PVUY2
  • ZG1TK-DQE8L-H882Q-PFW7G-ZC0EF
  • YA5N8-DAFD1-085FY-RFZE9-N62U6
  • GZ1D0-8WZ93-H881Y-WGZGV-ZZ0A2
  • CY5HR-A0E94-489UZ-TZZX9-NPH9A
  • FZ11A-F3YDK-084WZ-HYWZT-W30A8
  • 5A02H-AU243-TZJ49-GTC7K-3C61N
  • VF5XA-FNDDJ-085GZ-4NXZ9-N20E6
  • UC5MR-8NE16-H81WY-R7QGV-QG2D8
  • ZG1WH-ATY96-H80QP-X7PEX-Y30V4
  • AA3E0-0VDE1-0893Z-KGZ59-QGAVF


// Supported OS //

  • Windows 32-bit & 64-bit
  • Linux 32-bit & 64-bit

Sunday, 21 May 2017

How was the WannaCry virus stopped?

The Spread:

Spread to host computer through exploits in network infrastructure (since patched).

Hold Drive Hostage:

Encrypt the user's entire drive, display a message to pay up for the encryption key.

Repeat.

So a cyber security analyst who was digging through code the worm uses to spread realized something. There was a website url that is referenced in a few places. He tried to go to the website, but found it didn't exist. So he bought the domain for $10 from a site like godaddy.com and forwarded it to a sinkhole server where it couldn't do damage.
Once he set this up, almost immediately he was getting thousands of connections a second.

What happened?

The code he edited basically (over simplified) said:
  1. Try and connect to the website: qwhnamownflslwff.co
  2. If the website doesn't exist, keep on spreading.
  3. If the website exists, halt spreading of the malware.
It was essentially a kill-switch programmed in he accidentally stumbled upon.
Note: When we say the virus was "stopped", we are only talking about "The Spread"

linux - reverse engineering tool

Examine Browser Malware

Examine Document Files

Extract and Decode Artifacts

Handle Network Interactions

Process Multiple Samples

Examine File Properties and Contents

Investigate Linux Malware

Edit and View Files

Examine Memory Snapshots

Statically Examine PE Files

Investigate Mobile Malware

Perform Other Tasks

Install Additional Tools

  • Metasploit Framework is not installed on REMnux; however, you can run it as a Docker container if the need arises.
  • WIPSTER offers a web-based interface to several REMnux tools. You can easily install WIPSTER on REMnux by running the command install-wipster.
  • BinNavi is a tool for statically examining disassembled code. You can install it on REMnux by running the command install-binnavi.

Friday, 19 May 2017

python - script count whatever you write there

 this script help to check letter, number whatever even space button to write or past in terminal...

bydevilzlinux
byrockstardevil



print "this script made to check number of message you enter it."
print "\nthis script created by ROCK STAR DEVIL devilzlinux.blogspot.com"
print "\nthis script check space button too.."
message = raw_input("enter a message:")

print "\nThe length of the message is: ", len(message)

raw_input("\n\npress the enter key to exit" )


Wednesday, 17 May 2017

wifijammer

wifijammer

Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective targeting.
Requires: python 2.7, python-scapy, a wireless card capable of injection

Usage

Simple

python wifijammer.py
This will find the most powerful wireless interface and turn on monitor mode. If a monitor mode interface is already up it will use the first one it finds instead. It will then start sequentially hopping channels 1 per second from channel 1 to 11 identifying all access points and clients connected to those access points. On the first pass through all the wireless channels it is only identifying targets. After that the 1sec per channel time limit is eliminated and channels are hopped as soon as the deauth packets finish sending. Note that it will still add clients and APs as it finds them after the first pass through.
Upon hopping to a new channel it will identify targets that are on that channel and send 1 deauth packet to the client from the AP, 1 deauth to the AP from the client, and 1 deauth to the AP destined for the broadcast address to deauth all clients connected to the AP. Many APs ignore deauths to broadcast addresses.
python wifijammer.py -a 00:0E:DA:DE:24:8E -c 2
Deauthenticate all devices with which 00:0E:DA:DE:24:8E communicates and skips channel hopping by setting the channel to the target AP�s channel (2 in this case). This would mainly be an access point�s MAC so all clients associated with that AP would be deauthenticated, but you can also put a client MAC here to target that one client and any other devices that communicate with it.

Advanced

python wifijammer.py -c 1 -p 5 -t .00001 -s DL:3D:8D:JJ:39:52 -d --world
  • -c, Set the monitor mode interface to only listen and deauth clients or APs on channel 1
  • -p, Send 5 packets to the client from the AP and 5 packets to the AP from the client along with 5 packets to the broadcast address of the AP
  • -t, Set a time interval of .00001 seconds between sending each deauth (try this if you get a scapy error like �no buffer space�)
  • -s, Do not deauth the MAC DL:3D:8D:JJ:39:52. Ignoring a certain MAC address is handy in case you want to tempt people to join your access point in cases of wanting to use LANs.py or a Pineapple on them.
  • -d, Do not send deauths to access points� broadcast address; this will speed up the deauths to the clients that are found
  • --world, Set the max channel to 13. In N. America the max channel standard is 11, but the rest of the world uses 13 channels so use this option if you�re not in N. America

Walking/driving around

python wifijammer.py -m 10
The -m option sets a max number of client/AP combos that the script will attempt to deauth. When the max number is reached, it clears and repopulates its list based on what traffic it sniffs in the area. This allows you to constantly update the deauth list with client/AP combos who have the strongest signal in case you were not stationary. If you want to set a max and not have the deauth list clear itself when the max is hit, just add the -n option like: -m 10 -n
All options:
python wifijammer.py [-a AP MAC] [-c CHANNEL] [-d] [-i INTERFACE] [-m MAXIMUM] [-n] [-p PACKETS] [-s SKIP] [-t TIME INTERVAL]


Download Link: https://github.com/DanMcInerney/wifijammer

Autovpn � Easily connect to a VPN in a country of your choice

Download autovpn
autovpn is a tool to automatically connect you to a random VPN in a country of your choice. It uses openvpn to connect you to a server obtained from VPN Gate.

Compiling

First clone the repo and cd into the directory:
$ git clone https://github.com/adtac/autovpn
$ cd autovpn
Then run this to generate the executable:
$ go build autovpn.go
It�s Go. What do you expect?

Requirements

This requires openvpn. To install this on a yum-based distro:
$ sudo dnf install openvpn
If you�re on a apt-based distro:
$ sudo apt-get install openvpn
Tested and works on Fedora 23. Dunno about Windows. Patches welcome.

Usage

Simply run:
$ ./autovpn
and you�re done. You�ll be connected to a server in the US. Welcome to the US!
You can give a country if you want. For example, if you want to connect to a server in Japan:
$ ./autovpn JP
You may need superuser privileges. Don�t worry, I�m not running rm -rf --no-preserve-root / underneath. It�s for openvpn.

Contributing

All patches welcome!

Disclaimer

This is completely insecure. Please do not use this for anything important. Get a real and secure VPN. This is mostly a fun tool to get a VPN for a few minutes.

License

    autovpn - simple automatic VPN in a country of your choice
Copyright (C) 2017 Adhityaa Chandrasekar

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.

Scan website for vulnerabilities with Uniscan Kali Linux Tutorial


Scan website for vulnerabilities with Uniscan Kali Linux tut


Welcome back, in this tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities.  To achieve this we will be using a tool called Uniscan.
This tutorial will require a Linux Operating system we recommend installing Kali Linux if you have not already done so.
Requirements:
Kali Linux
Uniscan (Comes Pre-Installed in Kali Linux)
What is Uniscan ? Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner that was written in Perl by Douglas Poerschke Roch.
Installing Uniscan

root@kali:~# apt-get install uniscan
listing usage: You can use command uniscan -h to list help options and display usage.
root@kali:~# uniscan -h
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.2


OPTIONS:
    -h  help
    -u  <url> example: https://www.example.com/
    -f  <file> list of url's
    -b  Uniscan go to background
    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks
    -r  Enable Stress checks
    -i  <dork> Bing search
    -o  <dork> Google search
    -g  Web fingerprint
    -j  Server fingerprint

usage:
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r

Uniscan Usage Example

Open a new terminal and enter the following command this will start finger printing and scanning the target web server for vulnerabilities.
uniscan.pl -u http://www.example.com/ -qweds
Replace URL with target URL.
In this tutorial I will be running Uniscan using options � qwedsgj
uniscan.pl -u http://www.example.com/ -qwedsgj
What these options do.
    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks
 
-g  Web fingerprint
    -j  Server fingerprint

Uniscan GUI
Uniscan also has a GUI for those who prefer a graphical interface.
To access Uniscan-Gui we can use the following command from a new terminal.
uniscan-gui

Rollmac � Bypass Free Wifi Time & Data Restriction




free wifi
Rollmac

Free networks often impose either a time or data restriction and this can be used quickly. When this happens you can change your mac address and reconnect, but this is annoying, and it takes time. In addition, most networks will ask you to re-accept the terms and conditions of the network in order to continue.

Rollmac � Bypass Free Wifi Time & Data Restriction

Rollmac is designed to automate this process by using the WPAD protocol to discover the login page and automatically re-accept the terms and conditions. It also maintains a watch of the network current usage and/or time limit to ensure it is never reached. This means you can run downloads overnight or while you are away from your computer, automatically rolling mac�s and reconnecting to the free network.
The entire operation usually takes about 10 seconds.
You may need to configure the script slightly to adjust to individual network specifics, however, Rollmac allows you to download massive amounts of data without user input by setting the conf file and leaving it running overnight.
DOWNLOAD ROLLMAC

The program is controlled by variables inside the conf.json file. Modify these to meet your network/host machine:

Set to network ssid (Must have matching profile in �netsh wlan show profiles�:
ssid = 'Free WiFi'
Set to data limit inMB or 99999999999 for ifinite:
MB_limit = 250
Set to time limit in mins or 99999999999 for infinite:
TIME_limit = 60
Set to your wireless interface name:
interface = 'Wireless Local Area Connection'
Set to the domain of the network you are joining (You can get it from ipconfig /all):
domain = 'freewifi.com'
You may want to change this value to 1 to stop ie/browser opening again on each reconnect:
# 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WPAD\WpadOverride'
then run python script in that file..

brut3k1t � Server Side Bruteforce Module

brutekit
Brute-force (dictionary attack, jk) attack that supports multiple protocols and services http://ex0dus-0x.github.io

Introduction

brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are:
ssh
ftp
smtp
XMPP
instagram
facebook
There will be future implementations of different protocols and services (including Twitter, Facebook, Instagram).

Installation

Installation is simple. brut3k1t requires several dependencies, although they will be installed by the program if you do not have it.
  • argparse � utilized for parsing command line arguments
  • paramiko � utilized for working with SSH connections and authentication
  • ftplib � utilized for working with FTP connections and authentication
  • smtplib � utilized for working with SMTP (email) connections and authentication
  • fbchat � utilized for connecting with Facebook
  • selenium � utilized for web scraping, which is used with Instagram (and later Twitter)
  • xmppy � utiized for XMPP connections �and more within the future!
Downloading is simple. Simply git clone.
git clone https://github.com/ex0dus-0x/brut3k1t
Change to directory:
cd /path/to/brut3k1t

Usage

Utilizing brut3k1t is a little more complicated than just running a Python file.
Typing python brut3k1t -h shows the help menu:
usage: brut3k1t.py [-h] [-s SERVICE] [-u USERNAME] [-w PASSWORD] [-a ADDRESS]
[-p PORT] [-d DELAY]

Server-side bruteforce module written in Python

optional arguments:
-h, --help show this help message and exit
-a ADDRESS, --address ADDRESS
Provide host address for specified service. Required
for certain protocols
-p PORT, --port PORT Provide port for host address for specified service.
If not specified, will be automatically set
-d DELAY, --delay DELAY
Provide the number of seconds the program delays as
each password is tried

required arguments:
-s SERVICE, --service SERVICE
Provide a service being attacked. Several protocols
and services are supported
-u USERNAME, --username USERNAME
Provide a valid username for service/protocol being
executed
-w PASSWORD, --wordlist PASSWORD
Provide a wordlist or directory to a wordlist

Examples of usage:

Cracking SSH server running on 192.168.1.3 using root and wordlist.txt as a wordlist.
python brut3k1t.py -s ssh -a 192.168.1.3 -u root -w wordlist.txt

The program will automatically set the port to 22, but if it is different, specify with -p flag.

Cracking email test@gmail.com with wordlist.txt on port 25 with a 3 second delay. For email it is necessary to use the SMTP server�s address. For e.g Gmail = smtp.gmail.com. You can research this using Google.
python brut3k1t.py -s smtp -a smtp.gmail.com -u test@gmail.com -w wordlist.txt -p 25 -d 3


Cracking XMPP test@creep.im with wordlist.txt on default port 5222. XMPP also is similar to SMTP, whereas you will need to provide the address of the XMPP server, in this case creep.im.
python brut3k1t.py -s xmpp -a creep.im -u test -w wordlist.txt


Cracking Facebook is quite a challenge, since you will require the target user ID, not the username.
python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt


Cracking Instagram with username test with wordlist wordlist.txt and a 5 second delay
 python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5

KEY NOTES TO REMEMBER

  • If you do not supply the port -p flag, the default port for that service will be used. You do not need to provide it for Facebook and Instagram, since they are um� web-based.
  • If you do not supply the delay -d flag, the default delay in seconds will be 1.
  • Remember, use the SMTP server address and XMPP server address for the address -a flag, when cracking SMTP and XMPP, respectively.
  • Facebook requires the username ID. This is a little bit of a setback since some people do not display their ID publicly on their profile.
  • Make sure the wordlist and its directory is specified. If it is in /usr/local/wordlists/wordlist.txt specify that for the wordlist -w flag.
  • Remember that some protocols are not based on their default port. A FTP server will not necessarily always be on port 21. Please keep that in mind.
  • Use this for educational and ethical hacking purposes, as well as the sake of learning code and security-oriented practices. No script kiddies!


    DOWNLOAD BRUT3K1T

Creating WordPress Admin Phishing Pages

Creating WordPress Admin Phishing Pages..

Hi welcome back today I will show you how to create WordPress phishing pages. Phishing is the practice of sending emails or fake pages in order to trick targets into unknowingly giving personal information such as passwords and credit and debit card numbers.

Phishing attacks are a Social Engineering method that relies solely on human error and trickery.

Scenario
Lets assume we are doing a Pentest on a popular WordPress website the admin has giving us permission to try and phish information from staff members without breaking into their WordPress or gaining information from the SQLDatabases. The site admin has spent 1000�s of dollar maintaining security of his website and believes it to be quite safe although he can�t be to sure that his staff members will compromise his website through human error.
A lot of people come to the conclusion that a user must be stupid or an idiot to fall for phishing pages. This is not the case with 1000�s of emails per day going to businesses and personal inboxs it can be quite easy to fall into the trap especially in shared inboxs with multiple staff reading and responding to messages. Phishing pages can look identical and very believable. However we don�t blame the targets as most have not had sufficient training. The Admins idea of the Pentest is not to make the staff users feel stupid for falling for the phishing pages but to educate them in order to prevent further attacks in the future.

We could use SEToolkit to clone a login page to the WordPress site but this can be unconventional if running listeners from long periods of time using the output PHP from WP-Phishing-Maker script we can store plain text, MySQL Databases etc. This Phishing method will require a Web server to host the files generated by the script.
Requirements

Linux based operating system
WP-Phishing-Maker

First of all Download WP-Phishing-Maker.

You can download WP-Phishing Maker from the following download location.

https://github.com/4TT4CK3R/WP-Phishing-Maker

First of all we need to navigate to the script directory using cd command (change directory).

For example
cd Desktop/WP-Phishing-Maker
Then we will need to make the WP-Phishing-Maker bash script executable we can do this by using command chmod.
chmod +x WP-Phishin-Master
Now the bash script is ready to run from the same directory run command.
bash WP-Phishing-Maker



Now that WP-Phishing-Maker has loaded use options 1. Start.




The script will then prompt for a output location this can be any directory you would like save the WordPress phishing page generated by WP-Phisher-Maker. I will create a new directory inside root.
Open up a new terminal and create an empty directory using mkdir command.
 
mkdir /Test
 
 



The script will now prompt for a WordPress website to clone as a phishing page.




Choose if target is using HTTP or HTTPS and press Enter when the script has finished generating WordPress phishing page you will see a message telling you that the pages have been completed and ready to use. . .


We can now upload the Php files generated by WP-Phishing-Maker to a Webhost.

We have uploaded the generated Php files from the bash scripts output directory to a shared webhost.
Demo (Don�t enter any personal information into this page.)

You will then be able to gather credentials in plain text and receive them from your FTP directory.
This tutorial is for educational purposes only attack websites you own or have permission to pentest on.
Thanks for supporting rockstardevil

FIX �Could not get lock /var/lib/dpkg/lock � Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

Fix �Could not get lock /var/lib/dpkg/lock � Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

You been installing packages or updating your repositories and you run in an error message from apt. �Could not get lock /var/lib/dpkg/lock� this error can become quite annoying to beginners don�t worry I will show you how to remove the lock from /var/lib/dpkg/lock this will remove the lock and allow us to continue installing software and resources from Kali Linux repositories.
E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?


Method 1:
First open up a new terminal and use the following command to remove the lock.
rm /var/lib/dpkg/lock
If the lock does not remove first time repeat the process above. The screen shot below shows the process of removing the lock as you can see the lock did not remove the first time and I had to repeat the process.

Use dpkg �configure -a to force packages to reconfigure.
sudo dpkg --configure -a

Method 2:
Alternatively you could look up the suspected processes using commands below. By using ps and grep together to create a pipeline we can easily look up suspected packages.
ps -A | grep apt
And then killing all processes that can seen in the output in terminal first you will need to look up the processnum it will by listed by the side of the process then use the following commands to kill the processes.
sudo kill -6 processnum
Or we could alternatively use
sudo kill -SIGKILL processnum
I prefer using the first method by removing the Lock directly however use what ever method suits your situation best. Thanks for reading if you are still having trouble after reading the guide don�t hesitate to leave us a comment below.
Thanks for supporting rockstardevil

Saturday, 13 May 2017

how to install saavn songs in SD card / extract mp3 from saavn

how to  Extract MP3 from Saavn Songs..

 steps 1> download saavan mod version from osmdroid from here -: https://osmdroid.net/saavn-pro-apk-cracked-mod-unlocked-hack/

     ---> steps to install saavan hack version 
         

         Instructions :

          * Select which type of theme you want. (Original app theme is light)
          * Install apk & LOGIN from facebook account ( if facebook login      dos'nt work first time than try once again)

  • fix for "app not install error "  
    just rename the orginal apk name and again try to install 
     

    Extract MP3 from Saavn Songs


    There are lot of music streaming apps in app stores now. Gaana, Spotify, Saavn, Wynk etc. Most of them also allows you to download the music so that you can hear it offline. But it can be played only in the app itself. You won't get it as MP3 files. Instead they store it encrypted as app's data. I was using Saavn these days and I found some mistakes they did that would actually allow to get the MP3 of the music. Here is how it is done.

    First, they kept all the music files in the data folder in the internal memory which is obviously accessible from any file manager. Instead if they kept it inside the app's own data folder inside root folder it will not be accessible that easily. You will probably require root access to access it.

    They may have done this intentionally because this will allow the user to move app data (including offline songs) to SD card so that user will not lose his internal memory for storing the songs.

    So the song files are exposed. So can i play it in my favorite music player ? No. Because they have encrypted those files along with their file names. So you cannot identity which file is which song and you cannot directly play it also.

    Now here comes the interesting part. When you start playing a downloaded song the app decrypts the file and names it as curr.mp3. Which means the currently playing file, may be.

    They might have done this because they can avoid the burden of building their own music player by using the built in music player library of Android. But still the decoding process creates a delay in starting the playback of the song. Bad UX (User eXperience) !

    Now i can copy the curr.mp3 to anywhere i want even if it is being used by the app. Thanks to the shadow copy function of linux that allows me to access a file at the same time it is being used in some other application. But you will need to rename the file yourself.

    I will show you an example. Lets download Coldplay's Hymn For The Weekend. Let's party !

    After downloading completes, play it.
    Now open your file manager and goto Internal Memory � Android � data � com.saavn.android � songs.
    I have downloaded lot of songs. 68 i think. I love'em all. In the list you can find curr.mp3. Try to play it. Nice and clean.
    Okay devs. I think it is time to use some better strategies. 
    Anyway it is a nice app guys. I could find almost every song i love in that little app. Support them. Yaay !!!
    byrockstardevil

Friday, 12 May 2017

How to Organize Your Tools by Pentest Stages


How to Organize Your Tools by Pentest Stages


In this tut i will give you steps for hacking ... steps how hacking work and how to find everything about victim .. in every steps i have mention soft which we need to used in kali linux ... you can learn about their work from this website or from other....

I like to organize tools based on the phases of a pentest. Then, in each directory, I will symlink to the tool itself (if it's a tool I don't use often), unless I built the tool from source in that directory. With tools installed via Homebrew or from a .pkg, it can help to maintain a copy of the readme file in the directory with the tool named something like $toolname.readme. This will help with more obscure tools, and it can also help by giving you a place to note things about the tool.

Phase 1: Reconnaissance

This is the information gathering stage, and can be either active or passive. The whole purpose of this phase is to learn�the more information you can gather on a target before the actual attack, the better.
Some examples of important information:
  • What is the target?
  • How do they operate?
  • What IP ranges do they have allocated?
  • What do they do for mail?
  • What do their DNS records show?
  • What subdomains do they have?
  • What's going on in their company?
  • Who works there?
  • How do they assign login names?
  • What's their password policy?
  • What do their networks look like?
  • Are any of the people who work there vulnerable to social engineering?
  • What are there valuable assets?
  • Where do they store valuable assets?
All of these are important questions, and it's just the tip of the iceberg. The more information you have going into the attack, the better off you are. Of course, the more information you gather, the more time you will have to spend analyzing it�unless you are working with a team, in which case you can divide the efforts. I keep OSINT (open-source intelligence) gathering tools here, as well as active recon tools. Some examples of tools that you might find in my ~/pentest/recon directory are:
Depending on how unwieldy the directory becomes, I might divide the tools into two categories: active and passive. Active recon tools actually send packets to the target, where as passive tools gather information without interacting with the target system(s).

Phase 2: Scanning & Enumeration

If we did Phase 1 properly, we should have a wealth of information, IP addresses, employee names and e-mail addresses, etc. The next phase is to begin scanning.
Not all of the information gathered will be fruitful, so we have to narrow down and hone into certain targets. We examine perimeter and internal network devices looking for weaknesses, and learn more about the systems they have in place, as well as the services those systems are running. We see what ports are open, look for firewalls, locate vulnerabilities, and detect operating systems.
Some examples of tools that fit this category:
  • Nmap
  • Nikto
  • WPScan
You'll notice that I've included Nmap in both Phase 1 and 2�there will be some intersection of tools in these phases.

Phase 3: Gaining Access

In this phase, we put the previous steps' information to use. We will have lots of data on our targets and some ideas on which hosts we'll be focusing on. We've researched out-of-date services and checked for vulnerabilities. We might launch a social engineering campaign and target some known vulnerable services on a host.
Some examples of tools that fit this category:
  • THC Hydra
  • Nmap
  • Armitage
  • Metasploit
  • SET (Social Engineering Toolkit)
Once again, Nmap make our list due to its scripting engine; it's a highly flexible tool. I included a brute-force tool even though we don't really want to be brute-forcing due to time constraints. Of course, it doesn't hurt to run brute-force in the background throughout the test, providing you can afford that level of noise on the target system.

Phase 4: Maintaining Access

Once we've compromised something, we want to maintain access to gather even more information. Stealth will play a roll here since we don't want to be discovered acting on the target host(s). This phase involves privilege escalation, RATs (remote access tools), root kits, etc. The goal is to be able to access the system whenever we want.
Some tools that might be in the maintaining access folder:
  • Metasploit
  • Shellter
  • Webshells
Metasploit makes the list again here, though really, it could be included in every phase of this list.

Phase 5: Covering Your Tracks

This can cover a wide variety of tools and actions. We want to alter (possibly corrupt) log files, delete any files we're not using on the system, clear our history, hide our maintaining access tools, etc. We don't want to leave any trace that we were there.
Making mistakes on a contracted pentest is just bad business. If you are accessing a system illegally, it can be even worse. Equation group actually messed up covering their tracks and their custom tools were put up for sale on the web. We'll want to keep our infected hosts to a minimum, use varied malware, and try to stay one step ahead of potential incident responders.
We could use Metasploit or ClearLogs to clear event logs, or we can just delete them with a simple text editor. We could also erase our commands history and shred the history file. For more information, make sure to check out the following guide.

Stay Organized

If we keep our tools organized, it will be easier to conduct a pentest in a reasonable amount of time. It is extremely important to be able to quickly evaluate what we need to use and when. In some cases, when attacks haven't been added to a tool yet, it maybe important to maintain a separate PoC folder, though many of these can be quickly located on the Exploit Database. By keeping our tools associated to phases, we're also able to transition through phases in a smooth fashion.