Everything Else
How To: Gain Control of WordPress by Exploiting XML-RPC
WordPress did not become what is arguably the most popular blogging and CMS platform on the planet because it was difficult to use. Rather, its user-friendly and rich feature set led to it finding a home on somewhere north of 70 million websites—and that's just counting blogs hosted on WordPress.com.
Mac for Hackers: How to Organize Your Tools by Pentest Stages
With all of the bare-bones setup out of the way in our Mac for Hackers series, your Apple machine should be ready to run a significant amount of pentesting tools. We can pull tools from GitHub and compile them, we can pull dependencies or tools from Homebrew, we have both Python and Ruby. Everything is ready to go and now it's time to start building a toolbox on our local host.
How To: Install Gitrob on Kali Linux to Mine GitHub for Credentials
GitHub is an extremely popular site that allows developers to store source code and interact with other users about their projects. Anyone can download public, open-source files on GitHub manually or with Git, and anyone can fork off someone's project to expand or improve it into its own project. It's a really great site for programmers, developers, and even inspiring hackers.
How To: An Intro to Vim, the Unix Text Editor Every Hacker Should Be Familiar With
As pentesters and hackers, we're going to be working with text frequently — wordlists, configuration files, etc. A lot of this we'll be doing on our machine, where we have access to whatever editor we prefer. The rest of it will be on remote machines, where the tools for editing will be limited. If nano is installed, we have an easy-to-use terminal text editor, but it isn't very powerful.
Mac for Hackers: How to Install the Metasploit Framework
Metasploit is an extremely popular pentesting tool capable of enumeration, exploitation, and injecting shell code, and is a part of almost every hacking toolkit. So there's no way I could leave this out of our series on getting your Mac set up for hacking.
Mac for Hackers: How to Install Kali Linux as a Virtual Machine
We're nearly done getting our Mac set up for hacking. If you haven't checked out previous tutorials, I'd recommend you do so first before diving right into this one.
Mac for Hackers: How to Install RVM to Maintain Ruby Environments in macOS
We're almost there to completing the setup of your Mac for hacking! Now that we have Git and Homebrew under our belts, it's time to take on something fairly easy, but very important for our hacking needs.
Mac for Hackers: How to Set Up Homebrew to Install & Update Open-Source Tools
After enabling disk encryption, creating encrypted disk images, installing KeePassX and iTerm2, and using Git with local repositories, the next step to getting your Mac computer ready for hacking is setting up a package manager that can install and update open-source hacking tools. There are multiple options to choose from, but Homebrew has a slight advantage.
Mac for Hackers: How to Use Git to Clone, Compile & Refine Open-Source Hacking Tools
With some of the groundwork out of the way in getting a Mac set up for hacking, it's time to start looking at toolboxes. Our first toolbox is Git, which will be used throughout future tutorials.
Mac for Hackers: How to Install iTerm2 Using the Terminal
Now that we've talked about encryption and managing your passwords, let's continue this series on getting your Mac ready for hacking by turning our attention to the terminal.
Mac for Hackers: How to Manage Your Passwords with KeePassX
Now that we've learned about keeping all our data safe with encryption, it's time to continue progressing through getting your Mac set up for hacking.
How To: Use UFONet
With the release of the Mirai source code, botnets are back in a big way. In the early days of botnets, zombies (infected hosts) would report to IRC (Internet Relay Chat) channels for CNC (command and control) instructions. Modern botnets have evolved, but they continue to use the same concepts as their predecessors.
Mac for Hackers: How to Create an Encrypted Disk Image
Before we dive any further into getting your Mac ready for hacking, I wanted to continue on with the concept of encryption. In the last part, we talked about full disk encryption on your Mac, but now I want to quickly cover the encryption of disk images before we dive into managing passwords, terminal emulators, etc.
How To: Use a Misconfigured SUID Bit to Escalate Privileges & Get Root
Gaining access to a system is always exciting, but where do you go from there? Root or bust. Sure, a compromised host is a great way to run a botnet, or do some other boring, nefarious thing—but as hackers, we want root. We also want to take the easiest path possible, search out low-hanging fruit, and exploit them. SUID programs are the lowest of the low-hanging fruit.
How To: Diceware Gives You Truly Random Yet Easy-to-Memorize Passwords
Passwords are everywhere. We use them to unlock phones, computers, websites, encrypted disks, encrypted files... the list just goes on and on. Savvy users will already have a password manager of some sort that can generate a very strong password on a per site basis. However, these password managers also require a password. Not only that, it has to be something memorable.
Mac for Hackers: How to Enable Full Disk Encryption to Protect Your Data
This is the very first article in my series on setting up a Mac for hacking. In this series, I will be operating under the assumption that you have a clean install of macOS (previously OS X). If you aren't starting with a clean installation, there may be a few differences, but nothing we can't help you out with.
Mac for Hackers: How to Get Your Mac Ready for Hacking
When it comes to hacking guides, most are written from the perspective of a Linux user. There are a few outliers, but it's mainly Linux, which leads to the idea that Linux is the only OS that's viable for hacking. This couldn't be further from the truth. A properly set up Apple machine can do quite a bit of heavy lifting.
How To: Disable WPAD on Your PC So Your HTTPS Traffic Won't Be Vulnerable to the Latest SSL Attack
You may not know what HTTP is exactly, but you definitely know that every single website you visit starts with it. Without the Hypertext Transfer Protocol, there'd be no easy way to view all the text, media, and data that you're able to see online. However, all communication between your browser and a website are unencrypted, which means it can be eavesdropped on.
How To: Create an Undetectable Trojan Using a Domain Name
In this tutorial I am going to show you how to create an undetectable Meterpreter Trojan using a Domain name. I have taken a few guides/tutorials and built it into one. The first part is creating the DNS Payload. The second part is creating the Executable file. Part 3 is using both in Shellter to create your undetectable Trojan. Part 4 is setting up your listener using Armitage.
How To: VBScript for DDosing Sites
Hello Guys, Today I have made a script for ddosing sites with VBScript! And I don't know how you guys do it, but I've made a script that refreshes the page in a chosen amout of milliseconds. And if you want it a number of times or if you want it to go on and on. And this is a script to run it on your botnet. But again I don't know if this works on your botnet too.
How to: Bomb Someone's Whatsapp with VBScript 2.0
Hello guys, I recently made a how to about whatsapp but the problem with that script is that it is way to long and you need to copy and paste it so many times so I made a new one that works just fine and is more easy to use lets get into it (Here Is How The Code Supposed To Look)
How To: Kick People Off Your Internet
This is my first post please tell me what I can improve. (I don't claim any of the images. I tried taking screen shots but it froze my computer. ) I will be using wlan0 because thats my wireless but use yours.
How To: Untrust the Suspicious Blue Coat Certificate Authority on Mac or Windows
While it may not sound scary right off the bat, Blue Coat Systems now has an intermediate certificate authority. If you don't know what a certificate authority (CA) is, or who Blue Coat is, who cares, right? But you should... whether you use Mac or Windows.
How To: Perform a Local Privilege Escalation on Mac.
Hello null byte!! I found a local local privilege escalation exploit on Exploit-db known as CVE-2015-5889: issetugid() + rsh + libmalloc osx local root by rebel. You can visit the link here or find the code on pastebin here.
How To: Theme Your Kali Linux
I am back this time showing you guys how to theme your kali linux. Being true kali is good for pentesting but when it comes to looks it is lifeless , maybe the kali rolling could be an exception but even that makes you feel bored after a long time . So in this tutorial I am gonaShoe you how to theme up your kali
How To: Install Flash on Kali Linux 2.0 Rolling
Hey guys, I am back this time with another small tuto on how to install flash on kali linux . Kali linux is of course one of the best pentesting platforms available now but it's native web browser Iceweasel a modified firefox lacks in flash and java. Keeping java aside lets just talk about flash.If you are here to know how to install flash on kali then you are at the right place.Here we go .... ..... ....
How To: Change Grub Boot Loader Background
Hey guys, I am back this time with a small trick. Many of us do not like the old background in GRUB BOOT LOADER, you might be using kali linux or any other linux and using GRUB BOOT LOADER then this is for you.
How To: Port Forwarding for Newbies
I have came across a lot of members on the forum that didn't have a clear idea of what port forwarding is and what it does. So...Let's get started...
How To: Make a Python Basic Unix Password Cracker!
Greetings fellow students! I'm currently reading a book called "Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers"
How To: Use Dmitry Effectively.
Greetings comrades! Great leader has ordered that we gain intel on a website owned by the opposition. For all general purposes we will be scanning nmap.org because they really don't care if Big Brother decides to perform a whois on their IP. We will be using Dmitry for the scanning.
SPLOIT: Cryptography Is a Bitch (Ransomware Development): Part 2: Encrypting the File System with AES
Greetings my fellow hackers, In the previous article, I discussed briefly about ransomwares and their devastating capabilities. Devastating in a way that ransomwares are not only known to encrypt files but to also lockout some specific functions of the system and hold it up for a ransom.
How To: Create a Basic Client-Server Connection in C Part-3
Hello people, I'm back for Part-3. In this part, as promised, we are going to create a client program and then we are going to test it with our server program made in Part-2.
How To: Hack Metasploitable 2 Including Privilege Escalation
This guide is written for anyone who is practicing his penetration skills using the Metasploitable 2. The problem that we are facing here is that we have to penetrate to Metasploitable 2 and when this happens we understand that we are not logged in as root but as a user with less privileges!
How To: Create a Basic Client-Server Connection in C Part-2
Hello everybody. I'm back with Part-2 of this series. In this part we will be programming in C our server and i will be explaining one more "key concept" so everybody got a better understanding on this.
SPLOIT: Cryptography Is a Bitch (Ransomware Development): Part 1: Introduction to the Ransomware World
Greetings my fellow aspiring hackers,
How To: Create a Basic Client-Server Connection in C Part-1
Hello, I'm a new guy around here and since I'm not seeing much tutorials in C i thought of contributing with something relatively simple. This will be a short series.
How To: Brute-Force WPA/WPA2 via GPU
Most of you lot would be aware what WPA/WPA2 is so I won't bang on about the encryption or protocols a great deal. In short WPA and WPA2 both have a maximum of 256bit encrypted with a maximum of 64 characters in the password. The encryption is really only 64bit but x 4 because of the way the authentication functions as a 4 way handshake.
How To: Shellcoding Part 1.1
so in part 2 we will discuss more, liek, How to use this on windows???! And how to use the glibc function!!! Also we will discuss some other techniquez!
You're Being Tracked: How Google Inc. Spies on Your Every Digital Move
The biggest corporation we know today is called Google, I bet you've heard of it yeah? How Google Tracks You:
How To: Beginners x86 Linux Assembly
Hello everyone! This is my first attempt at a tutorial here. There are a couple great assembly tutorials here, and I wanted to toss my coin in the fountain.