Tryhackme Ignite walkthrough | Web App Pentesting Techniques

It a cool room that teaches u how to hack into a webserver in this boot-to-root machine. Powered by Fuel CMS, we are even given valid credentials to get in the Admin panel to find XSS is one of the few vulnerabilities that are possible to exploit. We can also do Remote Code Execution(RCE) in two ways to load a PHP shell to get access as www-data, and the webpage is leaking where they stored the database file that has the root password. From there we switch-user(su) to root and grab the root flag.

Click the link below to watch the full video

 https://www.youtube.com/watch?v=oO7uSM3JzQU

Share:

Read More

What is Footprinting?

Footprinting is also known as Reconnaissance, is the technique used for gathering information about target computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies. This information is very useful to a hacker who is trying to crack a whole system.

We perform footprinting with the help of various tools which are already installed in Kali-Linux some of these tools are Nmap, Whois, dig, thHaverster, curl, nslookup, nikto, dnsenum, etc and in android u have to install it in Termux. There also some website which you can use to perform footprinting, some of these websites are; google hacking database, shodan, etc.

Information to be gathered using Footprinting.

If the attack is to be performed on a company, then the following information will be gathered.
Company details, Employee Details and their E-mail addressses.
Relation with other companies.
Project details involving other companies.
Legal documents of the company.
News relating company website.
Patents and Trademarks regarding that particular company.
Important dates regarding new projects.

If you have any suggestion or question please leave it in the comment area.

Share:

Read More

How To Protect Your System From KeyLoggers

KeyLoggers have been a major problem today as it does not require any Prior Knowledge of Computers to use it. So it is often used by Hackers to steal the Passwords, Credit card Numbers and Other confidential information from your computers....

To protect your system from keyloggers you need to install a good antivirus on your systems.

This is the First step you need to take in order to protect your system(s) from keyloggers and Other Online THREATS....

Secondly, use a good antispyware.

If you are frequent on the Internet, then you could be exposed to spywares on the Internet. Since KeyLoggers are spywares, It is better to Install a Good antispyware program.

Thirdly, use an antilogger.

Antiloggers are Programs that Detect  the Presence of KeyLoggers on a system.

Finally, use KEYSCRAMBLER.

KEYSCRAMBLER is one of the best program that offer protection against KeyLoggers, it is small program which encrypts your keystrokes so that, even if your computer has a KeyLogger installed on it , then only the Encrypted Keystrokes are captured by the KeyLogger and not the Actual ones...

If you have any suggestion or question please leave it on the comment section.

Share:

Read More

LiveChat Partner Program

LiveChat Partners Program enables you to monetize your content as a blogger, social media creator, website owner, or a marketer. You can just simply copy a referral link from the Partner dashboard or create dedicated advertising campaigns that will help you earn passive income in no time!

With the LiveChat Partner Program, you can get closer to financial independence, support your passions, and gain more time to spend it with your family and friends, with (almost) no effort. Imagine that you could travel more, and not be reliant on a 9-5 job!

The Program has all the resources to help you succeed. Once you register on their website, you’ve got access to multiple marketing resources, including ready-to-use tweets, screenshot, and branded visuals. All of which are fully customizable so - with basic coding skills - you can mix and match them without any limits.

Ready to start your affiliate marketing journey? Create your free account today!

Share:

Read More

Tips on Hacking Social Media Accounts (This is for educational purpose only)

Here are some tips

for hacking social media accounts.

Let me show you some methods,

1.MITM attack (Man in the middle attack)

Wireshark (Capturing data packets).

2.Phishing

*Via mail*,(normal phishing)

*Via evilgnix,*

(data going to FB/install/Twitter server via evilgnix server, evilgnix server is where hacker stays and captures data packets, that is nothing but your passwords.

The thing that here is you can't address that you been hacked. Cause of your account login normally to your FB server, you can't address evilgnix server.

*This when happens*

Someone or attacker mailed you with a link from the respective platform like twitter@support.com/google@support.com

(email spoofing)

And you, without notice you go with the link and proceed with your credentials.

This also comes under email but not a normal phishing.

*Difference b/w normal and evilgnix*

*URL*

You can notice the URL

Normal phishing ( www.furnituregoogle.com)

Evilgnix phishing (www.facebook.com)

THIS EVILGNIX SERVER IS CREATED BY ATTACKER, AND STAYS IN B/W CLIENT AND ORGINAL SERVER TO CAPTURE DATA.

*via ?*

May I ask you a question.

_How to find some phishing link?_

If a link is HTTP, not HTTPS then

Is it phishing link or not?

Answer and I will tell what it is!

*via ?*

ínstagram

tell me what is the name that  above?

I will answer what it is!

3.RAT Trojan (using remote access tool you can hack the account , capturing keystrokes orelse capturing OTP and  you can hack the account.

4. Keylogger,

This is what rat already does, yeah capturing keystrokes.

5. USB stealer

It steals the passwords  Which is stored on the browser by extracting from browser.

Don't save pwds in browser.

If you have any suggestions or questions please leave it in the comment area and don't forget to subscribe for more update.

Share:

Read More