Monday, 12 December 2016

Wfuzz - Web Application Password Cracking Tool

Wfuzz is a web application password cracker that has a lot of features such as post data brute-forcing, header brute-forcing, colored output, URL encoding, cookie fuzzing, multi-threading, multiple proxy support, SOCK support, authentication support, baseline support, and more.



It also offers multiple Injection points capability with multiple dictionaries, and recursion (when doing directory brute-force), and the HEAD scan (faster resource discovery) feature.

Wfuzz allows you to define as many encoders as you need for each payload independently. It also allows you to combine your payloads in different ways by specifying iterators.




Saturday, 12 November 2016

100+ Hacking Books to Download

Hackers education is very important. Most hackers attend college or reached that level by self-taught.
Best Hacking Books Only on Hackerposts.com

There’s a saying: ” Hacking Is Not A Crime; It Is An Art “and artists aren’t made without going the extra mile. The very best are self taught and you can learn a lot by reading hacking books. If you want to become a hacker then here is good source of knowledge.


Over more than 100+ hacking books available to download. By reading these hacking books,  you can learn some basic and advanced tricks to hacking Wifi, pentesting,cracking passwords, hacking websites and many more…
Simply add the below books to your google drive or download them for easy access.


Special Tag : Best Hacking E-Books, Best Hacking E-Books 2016, download hacking ebooks, Best Hacking EBooks Free Download, 100+ Hacking Books to Download

CEH Certification Overview


CEH Certification Overview


ceh1The CEH (Certified Ethical Hacker) certification has an exciting name. After all, what I.T. nerd didn’t dream of becoming a hacker after seeing the latest action film hero save the world with a few sly keystrokes against a black command prompt with cryptic text and commands? The name is a lot more enticing than more boring certifications, like the Cisco Certified Network Associate. It just has more appeal, because after passing the exam, you are a bonafied hacker with a piece of paper to prove it!


Well, not exactly. It’s just another stepping stone toward becoming a penetration tester or white hat hacker. There are many other security technologies and certifications that will need to be explored in depth to help you rise to the level of penetration testing expert. Still, the CEH is a good choice to prove to employers you have more security knowledge than the average I.T. bear, which will make you more a more marketable professional.
And it is, of course, a vendor-neutral exam. As stated on the CEH website, “A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s).”
The exam is composed of 125 questions, which may seem formidable. However, as we’ll discuss in the next section, it isn’t one of the most challenging exams available. The test is administered in multiple choice format, and candidates have four hours to complete the examination. Still, you’ll want to make sure you pass on the first try, since the latest version of the exam costs a whopping $500.00 USD.
Difficulty
There seems to be a lot subjectivity whenever talking about the difficulty of an exam. So, let’s try to get a few things straight. First of all, before taking the CEH exam, I’d recommend you start with the Security+ exam. Some people have commented in forums that they thought both exams were roughly the same difficulty level. But in my humble opinion, I’d have to disagree.
I personally thought that the CEH exam was slightly more difficult than the Security+ exam, but I’d recommend starting with certification that makes you more professionally marketable. Networking disciplines are the foundation of most types of Internet security, with exception to higher level attacks like cross site scripting and phishing.
Visit this too 


But even phishing attacks touch on networking concepts, such as DNS resolution. So, I’d say start with a networking certification first, and then branch out from there into security disciplines. It may sound counter intuitive, but I think the best thing to do is to get more general certifications first (like the Network+ and CCNA certifications). Even though the CCNA is generally thought of as being harder than the CEH, the CEH is no cakewalk.
They’re putting more emphasis on policy, theory, and best practices (I can already hear you yawning) than they did in the past, and a lot of the exam questions are centered around special scenarios.
Professional Value and Marketability
Payscale reports that Information Security Analysts with the CEH certification have salaries that range from approximately $53,000 to $109,000. Since the CEH certification is more of a specialty qualification, you can expect to earn more money and gain more professional value than you would with other general knowledge certifications, like the Comptia Security+ certification.
Don’t get me wrong, the Security+ exam does still hold value. But in all reality, HR staffers and I.T. departments would prefer a candidate who has the CEH certification over another candidate that only has the Security+ certification – all other things equal. However, I must give you a fair word of caution. Some people are extremely book smart, but lack real world experience.
When these types of people move from the books (or lab) to the real world, they often find that without experience, they struggle to adapt to real world practices. For that reason, don’t think that this certification guarantees a free ride to a six figure income. And don’t make the mistake of thinking that you’ll launch your career into the stratosphere and start out making $53,000 per year. The data from Payscale can be a little misleading, so we need to talk about it in greater detail.
The CEH exam isn’t really an entry level exam (though there are tougher security exams out there, such as the CCIE Security exam). Because this isn’t an entry level certification, you can expect that the majority of people in the Payscale data already have other certifications under their belts, and years of experience as well. But if it doesn’t guarantee you a high salary out of the gate, why bother with it at all?
Well, there are several reasons. The first of which is that studying for the exam will increase your knowledge, thereby making you a more well-rounded professional. Some people try to pigeonhole themselves into one area of knowledge, such as routing an switching. And though they may be good at what they do, it’s better to have an eclectic knowledge of computer systems for several reasons. Firstly, it allows you to wear several hats, thereby making you more marketable to potential employers.
Secondly, it will help you understand and communicate with security professionals, even if they are from a different department. And thirdly, it will, of course, bring you one step closer towards becoming a white hat hacker or penetration tester. You’d be shocked to discover how much money expert penetration testers make when they work for a big corporation. Some of them make six figure incomes greater than $150,000 – some make even more than that.
But now consider that these salaries are only achievable with decades of experience and expert level certifications. However, when you look at things from a consulting perspective, the sky is the limit. You’re only bound by how much time you have and how many clients you can service. Either way you slice it, whether you end up consulting or working for a salary, the CEH is an ideal certification that will serve as a stepping stone to bring you closer to becoming an ethical hacker.
Though I can’t hope to prepare you for the exam in a single post, I do want to take a moment to provide a high level overview of the exam’s topics, and how they relate to penetration testing and ethical hacking. The following are CEH certification topics, concepts, and objectives. This is not intended to be a comprehensive list, because each topic is comprised of many sub-topics, but this should paint an accurate picture of the exam’s objectives.
Footprinting and Reconnaissance
ceh2Footprinting and reconnaissance techniques are essential for any type of hacker, good or bad. The idea is to gather as much information about a target system as possible to help identify weaknesses and vulnerabilities. Though black hat hackers use reconnaissance to find exploits, penetration testers and white hat hackers use them to plug up security holes. Ideally, you want make it impossible for a black hat hacker to gather information about private networks and computer systems (i.e. preventing systems from responding to pings to mitigate ping sweeps), though no network is ever 100% infallible.
Scanning Networks
Network scans are used for a variety of reasons, but the point is to identify hosts, services, and other network details. For example, a ping sweep is a type of reconnaissance scan that looks for active hosts on a given network subnet. Other types of scans look for individual sockets and ports to see if a host is accepting certain connections. For instance, a penetration tester might want to scan a network to verify that no hosts are accepting Telnet connections, since it is less secure than SSH and sends passwords in plain text.
Malware Threats
Malware, despite the latest and greatest security software, still continues to plague the modern Internet. But malware (malicious software) is really an umbrella term that could refer to a wide variety of threats. Such threats include viruses, Trojans, adware, spyware, keyloggers, and other similar applications. Not only does a penetration tester need to know what all of these threats are, you’ll also need to know best practices for mitigating threats.
Sniffing
Have you ever wondered how a hacker can capture raw data in transit through a network? They use applications called packet sniffers, and they can be used to capture just about any type of data imaginable (wireless frames, protocol handshakes, session data, etc.). Security professional and penetration testers can use them to ensure that blocked services are truly disabled on a network to plug up vulnerabilities. There’s about a thousand and one uses for packet sniffers, but just know that they’re used to see the raw data flowing over a network interface.
Social Engineering
Social engineering has been around since the dawn of the username and password, but hackers and thieves still use social engineering to successfully prey on unsuspecting victims. As a security specialist, you’ll not only need to be able to identify social engineering techniques, but also help create policies that thwart them ahead of time. One example of social engineering is a bogus impersonator of an I.T. department, claiming that it’s imperative to forfeit their username and password.
Denial-of-Service
Denial-of-service attacks come in many shapes and sizes, but they all seek to do the same thing. As the name implies, the attacker attempts to overwhelm a server, service, or resource to make it inaccessible for other users – hence denying a service. Naturally, as an ethical hacker, you’ll need to implement best practices and security techniques that help reduce the risk of successful DoS attacks and mitigate damage.
Session Hijacking
Session hijacking is a serious threat because most end users won’t know if an attacker has stolen their session. To the end user, it will appear as though the service or website is temporarily unavailable, when in reality, the attacker stole access to their online account. This is easily solved with endpoint encryption, but there are other best practices to follow as well.
Hacking Web Servers, Hacking Web Applications, and SQLi Attacks
Hacking web servers, applications, and databases is a pretty scary notion given that the attacks are so easy to carry out. For some of them, you don’t need any special software apart from a web browser. Tightening down web resources is critical these days, and I’m sure you’ve heard of instances of a website losing thousands (or hundreds of thousands) of accounts to an unknown hacker. Hackers can even inject malicious SQL (SQL is a database query language) code into a website under special circumstances, and then either insert, update, read, or delete all of the data contained on the website’s back end.
Hacking Wireless Networks
It doesn’t take much to hack a wireless network these days. Even if you use an 802.11 wireless security standard, chances are a hacker can break into. The software used to hack into wireless networks is completely free (Kali Linux), and hackers can easily force their way into wireless networks using WEP and WPA. There are a lot of different wireless vulnerabilities, and a competent penetration tester needs to be able to secure wireless networks from potential hackers.
Hacking Mobile Platforms
Given that mobile searches have overtaken traditional desktop searches in Google, it’s clear that mobile devices are here to stay. But they pose some terrible security risks, especially when connected to a corporate networks. Most people carry a lot of sensitive personal data on their mobile devices, and the lines between work and personal life blur. If a hacker gets their hot little hands on a user’s smartphone, there’s no telling what kind of information they could unearth. As a security engineer, you need to be up to speed on the latest mobile security best practices.
Evading IDS, Firewalls, and Honeypots
Firewalls and IDS’s (Intrusion Detection Systems) are the pinnacle of modern network security. Though the CEH is vendor neutral, there are plenty of other certifications that focus on individual appliances. For example, the CCNA Security certification will introduce you to Cisco’s line of hardware appliances, like their IDS solutions and ASAs (Adaptive Security Appliance). However, the CEH certification takes a look at these concepts without focusing on any particular vendor.
Cryptography
Cryptography is an absolutely essential staple in modern security strategies. Any competent penetration tester is going to know how various cryptographic systems, such as VPNs (Virtual Private Networks) operate – as well as their shortcomings. For example, it’s actually possible to break certain encryption technologies, such as PPTP. Apart from knowing the latest standards, you’ll also have to understand how various key exchange processes work. You’ll want to have a high level understanding of how various encryption protocols work on a fundamental level.
Final Thoughts
Though the CEH certification isn’t a golden ticket that guarantees a six figure salary (far from it), it does make you one heck of a lot more marketable to prospective employers. Plus, data security is an increasingly growing field, so you’ll have good job opportunities and job security. I might recommend starting with the Security+ exam, but if you feel up to the challenge, the CEH is a great way to showcase your knowledge about the latest security trend

How to Use the Harvester on Kali Linux

How to Use the Harvester on Kali Linux

Today we’ll be running through a simple tutorial with the Harvester. Apart from showing you how to run the command, we’ll also be talking about how it’s supposed to be used, and what value it provides for a penetration tester or hacker.
It does come packaged with Kali, though it can be installed on other Linux systems. Also, I’m going to assume that you already have Kali (or another Linux distribution) installed. Furthermore, you should be comfortable running commands from the BASH shell. But I would also like to point out that this isn’t an overly complex tool that takes advanced knowledge to use.
In fact, it’s actually rather simple. And it’s really more of an automated information gathering tool than anything else. Nevertheless, the Harvester is pretty darn useful for hackers, and it shouldn’t take very long to pick up, either.
Not Your Typical Hacking Tool
The Harvester isn’t your usual hacking tool. Whenever someone mentions command line hacking utilities, your thoughts probably naturally gravitate towards programs like NMAP, Metasploit, Reaver, and wireless password cracking utilities. But the Harvester doesn’t use advanced algorithms to crack passwords, test firewalls, or capture local network data.
Instead, it gathers public information such as the names of employees, their email addresses, subdomains, banners, and other similar information. But why collect this information, you might ask? Well, it is extremely important in the first stage of reconnaissance and information gathering. Knowing these types of information will help a hacker or penetration tester gather an idea of their target, and understand them better.
theharvester2
Furthermore, it will help paint a picture of just how big the target’s Internet footprint is. In addition, it’s useful for organizations who want to see how much of their employees’ information is available to the public on freely accessible web pages. The latest version of the tool has added some useful features such as the ability to set time delays between web server requests, improved sources search, enumeration techniques, graph and statistic plotting, SHODAN integration, and more.
Essentially, given certain criteria, the Harvester will run around on the Internet as your surrogate, snatching up any and all information that fits certain criteria. I would also like to point out one more thing before moving forward. This tool can be used to gather email addresses, which could be incredibly useful to an attacker trying to crack online login credentials or gain access to an individual’s email account.
Using The Harvester
theharvester3
The Harvester has a rather basic command syntax. And it isn’t as complicated as some other hacking procedures such as cracking a Wi-Fi password, which can have as many as 10 steps or more. The following outlines the Harvester’s basic command syntax:
  • theharvester -d [domain] -l [number_of_results] -b [source_of_search_query]
However, first you’ll need to type ‘theharvester’ into the shell to launch the program. Using the preceding query on a domain of your choice will return email addresses, depending on how many you set the limit to. And the results can be stored in a file of your choosing. For instance, I could run the following query on a school’s website to gather email addresses of all the faculty:
  • theharvester -d myuniversity.com -l 500 -b google
…and that’s about all there is to it. See? I told you it was simple! Of course, there are some additional special options and flags, but that’s the Harvester in a nutshell. Note that you can substitute different domains and search engines, too. Also consider that you could use the collected email addresses as tools to attack login passwords through account recovery procedures. But don’t do that in real life – just know that hackers can utilize the Harvester this way.
Final Thoughts
Normally with Kali tutorials, I have to give a disclaimer detailing a spiel about how you shouldn’t abuse the tool we used. After all, breaking into computer systems is against the law. However, the Harvester program is different. You can use it to your hearts desire to gather information as much as you want – so long as you don’t abuse the data.
I don’t need to provide a disclaimer because all the information it gathers is already in the public domain. If you really wanted to, I suppose you could manually crawl the web to gather all the information that this tool collects – but it would take a while. The only real abuse I can see someone easily committing with this tool (without the aid of more sophisticated hacking, reconnaissance, and information gather tools) is farming email addresses for a spammy marketing campaign. Other than that, feel free to play around with this tool and craft your own unique queries.
via hackingloops

How to Build an SSH Password Cracker in Java

Welcome back everybody! I’m back and better than ever with a new round of fresh hacks to share with you! So, with that out of the way, let’s talk about what we’ll be doing today.
There are many services that require passwords in order to access their goodies. Often times we, the attackers, need to steal these passwords in order take said goodies. One of these services is SSH (Secure SHell). SSH allows for the remote management and use of things like network devices and servers. If we could find the SSH password, we could have control over the target system!

SSH Password Cracker in java

Normally, we could look for some password disclosure vulnerability or do some social engineering. But, when all else fails, we can use brute force to try and crack the password the hard way. Today we’ll be building a tool that will go through a list of possible passwords to see if they’re correct. We’ll be building our password cracker in Java, so let’s get started!

Step 1: Downloading JSch

To make a long story short, Java does not natively support the SSH protocol. This means that we’ll have to use a third-party package in order to build our password cracker.
The package we’ll be using is JSch. This will allow us to perform the SSH logins, so we need to download it and import it in our Java code. You can download it by running the following command:
wget https://sourceforge.net/projects/jsch/files/jsch.jar/0.1.54/jsch-0.1.54.jar/download -q –show-progress -O jsch.jar
We should get output that looks like this:
downloading_jsch
Now that we’ve downloaded the package we need, we can get to actually coding our password cracker!

Step 2: Importing Packages

In Java, we need to import quite a number of packages before we can get started building. This step is rather simple to explain, we’re just going to import a bunch of packages. So, let’s do that now:
imports
We can see here that we import a small number packages, ending with our newly downloaded JSch package. Now that we have our packages, we can get started on the exciting stuff!

Step 3: Declaring Class and Checking Host

In Java, all functions for a certain program must be stored under the class for that program. So, since our program name is sshbrute then our class name will also be sshbrute. Pretty simple, right? After we declare our class, we’re going to make our first function. This function will attempt to connect to a given port on the target system. This is to ensure that the port specified by the attacker is, in fact, open. So, let’s take a look at this code:
class_and_checkhost
Let’s break this down really quick. First, we declare our sshbrute class, nothing special there. Next, we make a function named checkHost. This function opens a socket and attempts to connect to a port given as an argument (this connection attempt does have a timeout set). Let’s move on to the next section!

Step 4: Reading a Wordlist

The way this password cracker will work is that it will attempt to log in to an SSH service with a set of passwords. This set of passwords is called a wordlist. These are normally stored in normal text files, so we need to have a function to read a text file and extract all the passwords we need to try. Let’s take a look at it:
getting_wordlist
First of all, our function takes a single argument, a file path. This will be the path to the wordlist file we need to read. Next, it declares an array list to store the passwords in. An array list is like a dynamic array, so we don’t have to give it a buffer, we can just add things to it (that makes our job much easier).
After declaring our array list, we open up the wordlist file with a buffered reader. We then read the file line-by-line and add each line to the array list until there are no more lines left in the file. Once this is complete, we return our completed array list. Now that we can read and store a wordlist, we can build the function to try them.

Step 5: Attempting Logins

Before we try all of these passwords, we need a function that will accept one password and try it out. This will keep everything organized in our final function. We’ll take a look at the code, then break it down:
crackpass
This function is rather simple. We simply dissected the example code given by the JSch developer website and ripped out the code that is used to log in to SSH. This function will make a new session, configure the password and key checking, and attempt to log in to the service. It will then disconnect from the service and return true or false.
Now that we have all our base functions, we can finally make our main function.

Step 6: Build the Main Function

Every Java program must have a main function. This is the function that will executed when we run our program. We’ll start the main function by taking some command line arguments and assigning some variables. Let’s take a look at the first half of our main function:
main1
We start by checking for the correct amount of arguments, if not, we provide a very basic usage message to the user. If the correct amount of arguments are supplied, we declare two variables; one being the host address, the other being the port running the SSH service (normally this port is 22, but an admin may configure it to run on a different port for added security).
We then do some checking on the first argument and fill out our variables accordingly. Now that we’ve got this out of the way, we can see the second half of our main function:
main2
In the second half of our main function, we use all the functions we made earlier. First, we call the checkHost function to make sure the target is up and running. We’ve also assigned the target username to it’s own variable. We then make a new array list and store the result of our wordlist-reading function in it.
Next, we print that the cracking has started, along with some information about the attack. Once this print happens, the cracking begins! We start by making a for loop that will iterate through the length of our wordlist. For each iteration, it will call that password out of the wordlist and pass it to the crackPass function. If the login is successful, we inform the user and shutdown the program. Otherwise, we keep going until we run out of passwords.
There we have it, our SSH password cracker is complete! Now we move on to the final step.

Step 7: Testing it Out

Before we end our session today, we’re going to test out our new password cracker..I have a simple server set up on my local network running OpenSSH server. So let’s crack this password!
First, we need to compile our Java code into a class file that we can execute:
compiling-and-help-page
We can see here that we need to use the -cp flag to force the JSch package to be used in the compilation. Then, we execute the program while again forcing it to use the JSch package. Now that we have our program compiled, we need a wordlist to use. Let’s make a simple wordlist now:
making-wordlist
Nothing really special here, just using some commands to make a very small wordlist. Now that we have a wordlist, we can use it to crack the SSH password:
cracking-pass
We then execute the program again (forcing the JSch package) and pass all our arguments. We see the functions executing before our eyes for a minute before it returns that the credentials were found. We successfully cracked an SSH password!
That’s it for this one, I’ll see you all soon with interesting new attacks!
via hackingloops