Posts

Installation of Dirb on Kali Linux

 Introduction to Dirb – Kali Linux Last Updated : 01 Sep, 2023 Dirb is an online directory scanner that searches web servers for hidden files, directories, and pages. It is a free and open-source utility included in the Kali Linux distribution, a popular operating system for penetration testing and ethical hacking. Dirb may be used to detect typical web server folders and files, such as admin pages, backup files, and configuration files. It operates by sending HTTP queries to the server and analyzing the answers to identify the existence of a file or directory. Working It features an internal word list file with roughly 4000 words for brute force attacks. There are many updated wordlists accessible on the internet that may be utilized as well. Dirb scans every directory or object of a website or server for the terms in its wordlist. There might be an admin panel or a subfolder that is under assault. The trick is to locate the things, which are usually hidden. Installation of Dirb on Ka

hacking wp

 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-09 13:41 EDT NSE: Loaded 156 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 13:41 Completed NSE at 13:41, 0.00s elapsed Initiating NSE at 13:41 Completed NSE at 13:41, 0.00s elapsed Initiating NSE at 13:41 Completed NSE at 13:41, 0.00s elapsed Initiating Ping Scan at 13:41 Scanning www.jtkswk.gov.my (103.42.207.56) [4 ports] Completed Ping Scan at 13:41, 0.03s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 13:41 Completed Parallel DNS resolution of 1 host. at 13:41, 0.48s elapsed Initiating SYN Stealth Scan at 13:41 Scanning www.jtkswk.gov.my (103.42.207.56) [1000 ports] Discovered open port 443/tcp on 103.42.207.56 Discovered open port 21/tcp on 103.42.207.56 Discovered open port 80/tcp on 103.42.207.56 Discovered open port 554/tcp on 103.42.207.56 Discovered open port 1723/tcp on 103.42.207.56 Completed SYN Stealth Scan at 13:41, 4.89s elapsed (1000 total ports) Initiating Service scan

How to Perform WordPress Vulnerability Assessment & Penetration Testing – Tools, Checklist, & Sample Report

Image
  WordPress Penetration Testing: Getting Ready In order to start testing your WordPress site for vulnerabilities, you need to  set up the environment  first. So, when it comes to WordPress security audit or any other kind of  penetration test , Kali Linux is considered the holy grail. The reason being that Kali provides a huge amount of hacking tools for free. Therefore, first, we need to install Kali Linux on a system to pentest our WordPress site. Multiple approaches can be followed for this as Kali can be installed on a virtual box, a PC, or even an Android phone! However, for this article, we shall be using the virtual box. It is noteworthy here that in a real attack scenario, using Virtual Box to obtain reverse shell can become tricky due to multiple port forwarding involved. Installing Kali Linux for WordPress Security Audit Step1:   Download and install  the latest version of Virtual box or any other emulator of your choice. Step2:  Now  download and install  the latest version

Armitage - r00t0v3rr1d3 / Armitage Public forked from malleum.inc

  ============================================================================= <Armitage - 12/05/2022> ============================================================================= Thanks to redcanari for the fixes and updates - I forked from his work. Instructions for Armitage on Kali 2022.3 with latest updates. Java 18 breaks EVERYTHING, so avoid for now. Do everything below within a root prompt!: msfdb init edit /etc/postgresql/15/main/pg_hba.conf on the line 97 (IPV4 local connections) switch “scram-sha-256” to “trust” systemctl enable postgresql systemctl stop postgresql systemctl start postgresql java -version if it says anything other than 11, lets go way back - because why not: apt update; apt install -y openjdk-11-jdk update-alternatives --config java choose the openjdk-11 as the default. then run java -version to make sure it is good to go. cd /opt git clone https://github.com/r00t0v3rr1d3/armitage.git cd armitage ./package.sh cd release/unix ./armita

WiFi jamming: a ‘DOS/Deauth attack

Image
Warning:   This hack/trick is only for educational purpose.  Do this attack on your own network or where you have permission to do so. Requirements:  Kali linux, wifi adapter which can do packet injection and operate in monitor mode like ALFA AWUS036NEH, TP-LINK TL-WN722N. Now, lets get things rolling. Enable monitor mode: Run command “ iwconfig ” or “ airmon-ng ” to see available wifi interfaces and choose accordingly. To enable monitor mode on the interface, run  “ airmon-ng start wlan0 “. If we see any processes which interfere with our attack, we kill them with “ airmon-ng check kill “. Also, ‘wlan0mon’ is my monitor mode interface name. Find the AP: “ airodump-ng wlan0mon ” scans for all nearby networks. I will select the AP with name(ESSID) ‘second floor’ and MAC(BSSID) ’04:95:E6:30:21:90′ operating on channel 5. FACT : We can use the power(PWR) value to locate an access point(AP), the higher the value(-40 > -68),the closer we are to the AP. Find clients of target: “ airodump-
Image
from Pocket https://ift.tt/pd8eDCj via IFTTT
Image
from Pocket https://ift.tt/rWVS9nQ via IFTTT

Multiple Ways to Embed a Payload in an Original APK File

Image
Hey Folks, as we know beginners try to find the best ways that they can embed the payload into the original APK, But it takes their long time to do research on it. from Pocket https://ift.tt/eaFBUS0 via IFTTT
Image
from Pocket https://ift.tt/ECsjNkw via IFTTT

How to change hostname in Kali Linux?

Image
Kali Linux is becoming popular and more and more users are using it to try out different things. When installing kali, you get to choose a hostname, but in case you accepted the default hostname (kali) and later want to change it, here’s a How to guide to change hostname in Kali Linux. from Pocket https://ift.tt/j7gyAdL via IFTTT
Image
from Pocket https://ift.tt/DlN2fuH via IFTTT

Giving the computer an IP address

Image
There are two ways that a computer can obtain those details. Either automatically, or via manual configuration. In a home network, the router usually decides how the LAN should work. The router will forward traffic between the clients on the LAN and also between the LAN and the Internet. from Pocket https://ift.tt/UT8c6S3 via IFTTT

How to set a static IP address on Windows 10

Image
On Windows 10, setting a static IP address to a computer is an essential configuration you may need to configure in many scenarios. For instance, if you plan to share files, a printer on a local network, or configure port forwarding. from Pocket https://ift.tt/6E2WLND via IFTTT

Windows: Configure Static Host Name to IP Address Mappings

Image
Using the hosts file, ip addresses can be mapped to hostnames. This is useful to access systems that do not have a DNS entry and for test and development purposes. The hosts file exists in the SYSTEM32\DRIVERS\ETC directory under the Windows root directory (i.e., \WINDOWS or \WINNT). from Pocket https://ift.tt/bVNkAuo via IFTTT

Port Forwarding & Tunnelling Cheatsheet

Image
In this article, we are going to learn about the concepts and techniques of Port forwarding and Tunnelling. This article stands as an absolute cheatsheet on the two concepts. from Pocket https://ift.tt/JBu2qX6 via IFTTT

Locator : Geolocator, IP Tracker, Device Info by URL (Serveo & Ngrok)

Image
Locator is a tool used for Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. from Pocket https://ift.tt/Qb9kzdV via IFTTT

The Real way to get geo-location of any device with Kali Linux

Image
In this post, learn how to locate any device through Kali Linux using tools. Here, i am using nGrok, sneeker, and IP locator tools . However, before diving into the practical let’s take a look at some theoretical aspects. from Pocket https://ift.tt/pKAcBhu via IFTTT

Metasploitable/SSH/Exploits

Image
is a virtual machine with baked-in vulnerabilities, designed to teach . This set of articles discusses the RED TEAM's tools and routes of attack. from Pocket https://ift.tt/EQz3ImG via IFTTT

Brute force against SSH and FTP services

Image
Bruteforce is among the oldest hacking techniques, it is also one of the simplest automated attacks requiring minimum knowledge and intervention by the attacker. The attack consists in multiple login attempts using a database of possible usernames and passwords until matching. from Pocket https://ift.tt/YO9hieu via IFTTT

Hacking Tools for Penetration Testing – Fsociety in Kali Linux

Image
Fsociety is a free and open-source tool available on GitHub which is used as an information-gathering tool. Fsociety is used to scanning websites for information gathering and finding vulnerabilities in websites and web apps. from Pocket https://ift.tt/m53YCR6 via IFTTT