Hacking just for fun
The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute. Payloads are crafted using a simple scripting language and can be used to drop reverse shells, inject binaries, brute force pin codes, … Continue reading USB Rubber Ducky – Hacking like Angela in Mr. Robot – How to buy it
Sometimes, we forget our password, or we want to reset the Windows password for a friend, officemate or anyone’s laptop in legal way. Today, I’m am going to teach you how to reset a password using Kali Linux. Requirements: 1.Kali Operating System 2. USB or CD/DVD Steps: Step 1: Download Kali ISO and burn on … Continue reading Reset Your Windows Password Using Kali Linux
When a SQL Injection attack is performed, one of the many possibilities is that in which the contents of sensitive data can be extracted from the web server A very common example is the following: Assuming that you have found an SQL Injection on a site where a GNU / Linux system is installed. We … Continue reading Local File Inclusion using SQL Injection
requirements: - kali linux - setoolkit (Social Engineering Tool Kit). - an internet connection Alternatively, a linux distro is sufficient. You can download setoolkit from github: https://github.com/trustedsec/social-engineer-toolkit The installation is simple and is described on the github page, so we will skip this step. let's begin First we have to start setoolkit. Open the terminal … Continue reading How to make a Fake login page of Instagram/Facebook/Twitter and stoling passwords
Netdiscover is a network address discovering tool that was developed mainly for those wireless networks without DHCP servers, though it also works on wired networks. It sends ARP requests and sniffs for replies. This mean that it can find all the devices connected in the same network, giving you mac address and local ip Let's … Continue reading How to monitoring your network and see which devices are connected
» Generic – Bypass Authentication The following payloads are generally applied to login forms with a username and password. Correctly performing these attacks will allow you to authenticate to the web application (unless otherwise stated). Payload Description (if any) realusername OR 1=1 Authenticate as a real user without requiring a password. OR = Allows authentication … Continue reading SQL Injection Cheat Sheet
In this paper we will look at another method of attack using sql injection. In the previous paper (Click here to read) we have seen how to use SQL Injection in a GET form. An example was that of the news.php page that displayed the articles by selecting an id that would be visible in … Continue reading SQL Injection Authentication Bypass and POST Form Attack
One of the first questions that a new user of linux is about is how you can use his favorite games or software on windows that turned great and you can not do without. The answer is not as simple as one might think, but I would say that in two answers the solution can … Continue reading How to run a windows software on linux
WordPress has always been one of the most stable and secure CMS. But that does not mean that it is free of all kinds of bugs. They are certainly less likely than others to be hacked, but the presence of additional plugins makes it as versatile as it is at risk. The plugins available for … Continue reading WordPress vulnerabilities scanners and bruteforce tools – Part 1 – WPSCAN
Sometimes, some exploits are released as modules for metasploit-frameworks on online databases such as exploit-db but are not added to the metasploit database. So, how to add them manually? Simple, it is necessary that the form is written in ruby, and therefore has extension ".rb". Open console metasploit: sudo service postgresql start msfconsole IIIIII dTb.dTb … Continue reading How to add external modules to metasploit-framework
Goldenhacking 