Cyber Weapons Lab « Null Byte

How To: Fingerprint Web Apps & Servers for Better Recon & More Successful Hacks

Web applications are ubiquitous in the modern online world, and knowing how to attack them is an increasingly valuable skill. But the key to a successful attack is good recon since it's easier to be focused and efficient with the more information you have. There are many fingerprinting tools available, such as httprint and WebTech, but there are even more that can aid us in reconnaissance.

How To: Install Kali Linux as a Portable Live USB for Pen-Testing & Hacking on Any Computer

Kali Linux is the go-to Linux distribution for penetration testing and ethical hacking. Still, it's not recommended for day-to-day use, such as responding to emails, playing games, or checking Facebook. That's why it's better to run your Kali Linux system from a bootable USB drive.

How To: Clear the Logs & Bash History on Hacked Linux Systems to Cover Your Tracks & Remain Undetected

As a hacker, the final stage of exploitation is covering their tracks, which involves wiping all activity and logs so that they can avoid being detected. It's especially crucial for persistence if the target will be accessed again in the future by the attacker.

How To: Play Wi-Fi Hacking Games Using Microcontrollers to Practice Wi-Fi Attacks Legally

ESP8266-based microcontrollers can be used to create exciting and legal Wi-Fi hacking games to test your or your friends' Wi-Fi hacking skills.

How To: Use a Directional Antenna with ESP8266-Based Microcontroller

Microcontrollers like ESP8266-based boards have built-in Wi-Fi, and that's really cool, but what's even cooler is that certain pro models of the D1 Mini also have a port where you can connect a directional antenna. This can give you exceptional range, but if you were to just plug one in after opening the package, it most likely wouldn't work.

How To: There Are Hidden Wi-Fi Networks All Around You — These Attacks Will Find Them

There are hidden Wi-Fi networks all around you — networks that will never show up in the list of available unlocked and password-protected hotspots that your phone or computer can see — but are they more secure than regular networks that broadcast their name to any nearby device?

How To: Generate Crackable Wi-Fi Handshakes with an ESP8266-Based Test Network

If you've wanted to get into Wi-Fi hacking, you might have noticed that it can be pretty challenging to find a safe and legal target to hack. But you can easily create your own test network using a single ESP8266-based microcontroller like the D1 Mini.

How To: Automate Remote SSH Control of Computers with Expect Scripts

If you're getting into automation, Bash scripting is usually the way to go. However, there are a couple of limitations, and one of them is logging into another device like a Raspberry Pi and running a script automatically. To help in those situations, we're going to automate delivering an SSH payload with an "expect" script.

How To: Make Spoofed Calls Using Any Phone Number You Want Right from Your Smartphone

Spoofed phone calls originate from one source that's disguising its phone number as a different one, and you probably get these calls all the time. Maybe they're numbers from your local area code or for prominent businesses, but the callers are just hijacking those digits to fool you into picking up. Turns out, making a spoofed call is something anybody can do — even you.

How To: Perform Advanced Man-in-the-Middle Attacks with Xerosploit

A man-in-the-middle attack, or MitM attack, is when a hacker gets on a network and forces all nearby devices to connect to their machine directly. This lets them spy on traffic and even modify certain things. Bettercap is one tool that can be used for these types of MitM attacks, but Xerosploit can automate high-level functions that would normally take more configuration work in Bettercap.

How To: Unlock Facial Detection & Recognition on the Inexpensive ESP32-Based Wi-Fi Spy Camera

If you've recently built a Wi-Fi spy camera out of an ESP32-CAM, you can use it for a variety of things. A baby monitor at night, a security camera for catching package thieves, a hidden video streamer to catch someone going somewhere they shouldn't be — you could use it for pretty much anything. Best of all, this inexpensive camera module can perform facial detection and facial recognition!

How To: Set Up a Wi-Fi Spy Camera with an ESP32-CAM

The ESP32-CAM is a convenient little camera module with a lot of built-in power, and you can turn one into an inconspicuous spy camera to hide in any room. There's only one issue: it does omit a USB port. That makes it a little harder to program, but with an ESP32-based board, FTDI programmer, and some jumper wires, you'll have a programmed ESP32 Wi-Fi spy camera in no time.

How To: Hack Networks & Devices Right from Your Wrist with the Wi-Fi Deauther Watch

The Deauther Watch by Travis Lin is the physical manifestation of the Wi-Fi Deauther project by Spacehuhn, and it's designed to let you operate the Deauther project right from your wrist without needing a computer. That's pretty cool if you want to do all the interesting things that the Wi-Fi Deauther can do without plugging it into a device.

How To: Write Your Own Bash Scripts to Automate Tasks on Linux

Bash scripting is a convenient way to automate things on any Linux system, and we're going to use it here to automate certain tasks we use all the time.

How To: Create a USB Mouse Jiggler to Keep a Target Computer from Falling Asleep (& Prank Friends Too)

While obvious, it's a lot more difficult to hack into a locked computer than an unlocked computer. As a white-hat hacker, pentester, cybersecurity specialist, or someone working in digital forensics, there's an easy solution — make it so that the computer won't fall asleep and lock automatically in the first place.

How To: Use RedRabbit for Pen-Testing & Post-Exploitation of Windows Machines

RedRabbit is an ethical hacking toolkit built for pen-testing and reconnaissance. It can be used to identify attack vectors, brute-force protected files, extract saved network passwords, and obfuscate code. RedRabbit, which is made specifically for red teams, is the evil twin of its brother, BlueRabbit, and is the offensive half of the "Rabbit Suite."

How To: Null Byte's Hacker Guide to Buying an ESP32 Camera Module That's Right for Your Project

An ESP32-based microcontroller with a camera is an amazing platform for video, but not all modules are created equal. We'll go over the pros and cons of some of the popular low-cost camera modules you can use with ESP32-based development boards, as well as what features they support.

How To: Perform Keystroke Injection Attacks Over Wi-Fi with Your Smartphone

With just two microcontrollers soldered together, you can inject keystrokes into a computer from a smartphone. After building and programming the device, you plug it into a desktop or laptop, access it over a smartphone, and inject keystrokes as you would with a USB Rubber Ducky.

How To: Get an Internet Connection in the Middle of Nowhere to Hack Remotely

If you're living or staying out in the middle of nowhere or a rural area outside of a big city or town — where there are no reliable cable, fiber, or wireless networks available — how can you get an internet connection? There are several possibilities, but they all come with tradeoffs, which we'll go over in detail.

How To: Use Upip to Load MicroPython Libraries onto a Microcontroller Over Wi-Fi

MicroPython is an exciting language to use on ESP8266 boards and ESP32-based microcontrollers, but it doesn't always include all of the libraries you'll need for a specific project. This issue is less of a problem, thanks to the upip package manager.