Website



Visit our website :- www.techtrick.in

Thursday, May 2, 2019

Using the Social Engineering Toolkit (SET) to Create a Backdoor Executable

Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software.

Social Engineer Toolkit (SET)

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering . SET has been given at large-scale conferences together with Blackhat, DerbyCon, Defcon, and ShmooCon. With over 2 million downloads, SET is that the standard for social-engineering penetration tests and supported heavily within the protection community.
It is an application used by pen testers, hackers etc… it can be found in Kali Linux, parrot-sec, backbox and different pentesting OS otherwise you can install by downloading from github or simply type in terminal apt search set toolkit or search in synaptic for synaptic type in terminal synaptic otherwise you have not installed then type apt-get install synaptic then open synaptic look for set toolkit then right click on set and mark for installation then click on apply it will automatically install set for you.

What are Social Engineering Attacks ?

Social Engineering attacks are the various cons used by the hackers to trick people into providing sensitive data to the attackers. There are various type of social engineering attacks,some of the popular attacks are :-

What you will need:

  • Kali Linux
  • A little background on Networking and its terms (Private vs Public IPs esp.) would be good.
  • You should be online.

In the last decade, there were major hacks and leaks in social media platforms like Twitter,Facebook , LinkedIn and several others. currently the social media platforms take security very seriously and it has become very tough to hack directly into social media platforms, currently the hackers have moved the focus towards Social Engineering Attacks.

Lets start with the SetoolKit to create a backdoor executable

Step 1 : Open Terminal and Type setoolkit

Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 2 :Once SET is loaded it will show few options as shown in the image below. Select "Social-Engineering Attacks" by entering "1" and hit enter.

Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 3 :Now it will show you another set of options, select "Create a Payload and Listener" by entering "4" and hit enter.

Using the Social Engineering Toolkit (SET) to create a backdoor executable



Step 4 :Type 1 for Windows shell Reverse_Tcp Payload

Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 5 :The payload.exe has been exported to the SET Directory Under Root Folder.

Using the Social Engineering Toolkit (SET) to create a backdoor executable




Read More :- http://www.techtrick.in/description/3539-using-the-social-engineering-toolkit-set-to-create-a-backdoor-executable

How to Hack Facebook using SEToolKit (Phishing attack)

Hack Facebook with Social Engineering, you can apply this method to hack Instagram accounts as well. But this tutorial is focused exclusively on how to hack facebook accounts on Kali Linux with the Social Engineering Toolkit. But if you have just a little imagination you can apply the same steps you will learn in this tutorial and duplicate the process to hack another account for another website as well. Is pretty much the same with just a few small variations.

Social Engineer Toolkit (SET)

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering . SET has been given at large-scale conferences together with Blackhat, DerbyCon, Defcon, and ShmooCon. With over 2 million downloads, SET is that the standard for social-engineering penetration tests and supported heavily within the protection community.
It is an application used by pen testers, hackers etc… it can be found in Kali Linux, parrot-sec, backbox and different pentesting OS otherwise you can install by downloading from github or simply type in terminal apt search set toolkit or search in synaptic for synaptic type in terminal synaptic otherwise you have not installed then type apt-get install synaptic then open synaptic look for set toolkit then right click on set and mark for installation then click on apply it will automatically install set for you.

What are Social Engineering Attacks ?

Social Engineering attacks are the various cons used by the hackers to trick people into providing sensitive data to the attackers. There are various type of social engineering attacks,some of the popular attacks are :-

What you will need:

  • Kali Linux
  • A little background on Networking and its terms (Private vs Public IPs esp.) would be good.
  • You should be online.

In the last decade, there were major hacks and leaks in social media platforms like Twitter,Facebook , LinkedIn and several others. currently the social media platforms take security very seriously and it has become very tough to hack directly into social media platforms, currently the hackers have moved the focus towards Social Engineering Attacks.

Lets start with Hack Facebook using SEToolKit (Phishing attack)

Step 1 : Once you have installed SEToolkit, open up bash and type setoolkit.

How to Hack Facebook using SET (Phishing attack) | Kali Linux


Step 2 :Once SET is loaded it will show few options as shown in the image below. Select "Social-Engineering Attacks" by entering "1" and hit enter.

How to Hack Facebook using SET (Phishing attack) | Kali Linux

Step 3 :We will be greeted with a screen similar to this that has many different attacks.
I will be guiding you through one of the most effective options: Website Attack Vectors. Pretty much everyone who has used a computer has used the Internet, and pretty much everyone on the Internet will click on a link . Social Engineering is a society like Facebook or Twitter, but can also be as simple as, well, a link. SEToolkit helps you abuse that trust people have on the Internet, so not only do you have over 5 billion targets, but you can also recognize attacks like these.
Type 2 and press [Enter] to continue.

How to Hack Facebook using SET (Phishing attack) | Kali Linux



Step 4 :We now have a list of 7 different attack vectors, all very effective. The 3 most effective vectors are the Credential Harvester, Metasploit Browser, and Java Applet Attack. Lets say that you want to get your friends Facebook login. By choosing Credential Harvester Attack Method, SEToolkit will copy any website you want and add a credential stealing code to the HTML.
Type 3 and press [Enter] to continue.

How to Hack Facebook using SET (Phishing attack) | Kali Linux


Step 5 :Type 2 for Site Cloner.

How to Hack Facebook using SET (Phishing attack) | Kali Linux



Read More :- http://www.techtrick.in/description/3538-how-to-hack-facebook-using-setoolkit-phishing-attack

Hack Tools | Finding Admin Panels, Sniffing, Backdoors - Katana Framework

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not completely stable, not complete.

Lets start with Hack Tools | Finding Admin Panels, Sniffing, Backdoors

Step 1 :Just Download or clone from github.
git clone https://github.com/PowerScript/KatanaFramework.git
cd KatanaFramework
sudo sh dependencies
 How to find admin panel/page of a website 2017 - Katana


Step 2 :Lets Install it.
sudo python install
 How to find admin panel/page of a website 2017 - Katana


Step 3 :Lets start with Katana Framework with just type a simple command.
ktf.console
 How to find admin panel/page of a website 2017 - Katana


Step 4 :Lets open of modules with command
show modules
 How to find admin panel/page of a website 2017 - Katana



Wednesday, April 24, 2019

How to Check valid login credentials using Credmap

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these.

Lets start with Check valid login credentials using Credmap

Step 1 : Just download or clone from github.
git clone https://github.com/lightos/credmap.git
How to Check valid login credentials using Credmap


Step 2 :Now you have to install it.
cd credmap
ls
chmod +x credmap.py
./credmap.py
How to Check valid login credentials using Credmap


Step 3 :Here i am using my email Id you can use any of them.
./credmap.py --email XXXXXXXXXXXX@gmail.com --user XXXXXXXXXXXX@gmail.com
How to Check valid login credentials using Credmap



Read More :- http://www.techtrick.in/description/3528-how-to-check-valid-login-credentials-using-credmap

Tuesday, April 23, 2019

A Linux Bing,Google Dorking and Web Vulnerability Scanner Tools -BinGoo

It is an all-in-one dorking tool written in pure bash. It leverages Google AND Bing main search pages to scrape a large amount of links based on provided search terms. You can choose to search a single dork at a time or you can make lists with one dork per line and perform mass scans. Once your done with that, or maybe you have links gathered from other means, you can move to the Analyzing tools to test for common signs of vulnerabilities.
The results are neatly sorted into their own respective files basedon findings. If you want to take further you can run them through the SQL or LFI tools which are some semi working homebrewed creations It is made in bash or you can use the SQLMAP and FIMAP wrapper tools They wrote which work much better and with greater accuracy and results.

Lets start with Linux Bing,Google Dorking and Web Vulnerability Scanner Tools

Step 1 : firsty,you have to install lynx before installing Bingoo .
apt-get install lynx
A Linux Bing,Google Dorking and Web Vulnerability Scanner Tools -BinGoo


Step 2 :Now you have to install curl.
apt-get install curl
A Linux Bing,Google Dorking and Web Vulnerability Scanner Tools -BinGoo


Step 3 :Just download or clone from github.
git clone https://github.com/Hood3dRob1n/BinGoo
A Linux Bing,Google Dorking and Web Vulnerability Scanner Tools -BinGoo



Read More :-  http://www.techtrick.in/description/3527-a-linux-bing-google-dorking-and-web-vulnerability-scanner-tools-bingoo

Monday, April 22, 2019

Auto Scanning to SSL Vulnerability - A2SV


A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.


Lets start With Auto Scanning to SSL Vulnerability - A2SV


Step 1 : Just download or a clone from github
git clone https://github.com/hahwul/a2sv.git
 Auto Scanning to SSL Vulnerability -  A2SV

Step 2 :Lets Install It.
cd a2sv
./install.sh
 Auto Scanning to SSL Vulnerability -  A2SV


Step 3 :Now Start a2sv Auto Scanning to SSL Vulnerability
ls
python a2sv.py
a2sv -h
 Auto Scanning to SSL Vulnerability -  A2SV


Hacking A WebServer Using Bruteforce SSH Login Module

The ssh_login module is quite versatile in that it can not only test a set of credentials across a range of IP addresses, but it can also perform brute-force login attempts. This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking A WebServer Using Bruteforce SSH Login Module

Step 1 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Hacking A WebServer Using Bruteforce SSH Login Module


Step 2 :- search ssh_login

Hacking A WebServer Using Bruteforce SSH Login Module


Step 3 :- This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space. We will configure the scanner to use a short usernames file and a passwords file and let it run against our subnet.
use auxiliary/scanner/ssh/ssh_login
Hacking A WebServer Using Bruteforce SSH Login Module


Step 4 :- Create a randomly User.txt file for brute force attack.

Hacking A WebServer Using Bruteforce SSH Login Module


Step 5 :- Create a randomly Password.txt file for brute force attack.

Hacking A WebServer Using Bruteforce SSH Login Module


Step 6 :-


set STOP_ON_SUCCESS true
set RHOSTS 192.168.69.131
set USER_FILE /root/Desktop/User.txt
set PASS_FILE /root/Desktop/Password.txt

Best Way To Archive Outlook And Gmail Emails

Gmail And Outlook is one of  the most important tools in their daily lives. The problem is that most get so many emails that it is hard to...