LoRa (long-range) technology is widely used in IoT applications because it can transmit data over long distances without requiring internet access. Because of its long range and low power consumption, LoRa can be used to remotely control devices — even from miles away. Hackers and security researchers have experimented with LoRa for everything from remote payload activation to off-grid communications. In this test, we explore how far LoRa can actually reach using a simple but effective setup: a Bluetooth Nugget and a camera speedlight. Understanding LoRa technologyLoRa operates in the sub-gigahertz frequency range, offering a significantly greater range than Wi-Fi or Bluetooth at the cost of bandwidth. Unlike Wi-Fi, which typically operates at 2.4 GHz or 5 GHz, LoRa uses lower frequencies to achieve long-distance communication. The actual transmission frequency varies depending on your region, so it's essential to check legal operating frequencies before using LoRa devices. In...more

As drone technology continues to evolve, so do the systems designed to track and regulate them. One such system is Open Drone ID, an FAA-recognized remote identification protocol that allows drones to broadcast telemetry and identification data, similar to ADS-B for airplanes. While this was implemented for safety and accountability, serious security flaws leave it wide open to spoofing attacks that can flood drone tracking systems with fake UAVs. Because Open Drone ID transmits unencrypted data over Bluetooth and, in some cases, Wi-Fi beacon frames, anyone with a basic ESP8266 microcontroller can intercept and spoof drone signals, generating phantom drone swarms that appear in real-time on tracking apps, law enforcement tools, and airspace monitoring systems. In tests, we were able to spawn up to 16 fake drones per module, each with its own GPS coordinates, altitude, speed, and operational status — all indistinguishable from legitimate UAVs. This vulnerability presents serious risks...more

If you started your ethical hacking journey with our recommended Raspberry Pi 3 B+ setup, it's time to consider upgrading your beginner's ethical hacking kit to the Raspberry Pi 5 for even better performance and capabilities. After a nearly four-year hiatus, Kody Kinzie returns as the host of Null Byte's popular YouTube channel, where he walks you through everything you need to get started with the Raspberry Pi 5. Compared to the Raspberry Pi 3 B+, the Raspberry Pi 5 gives you all of these upgrades: a 2.4 GHz quad-core processor that's three to four times faster, way more RAM (2 GB, 4 GB, 8 GB, or 16 GB), a faster microSD card slot, Bluetooth 5.0, gigabit ethernet with high-speed PoE+ support, a PCI Express slot for additional expansion, a UART header for serial communication, an on/off button, dual 4K display support at 60 Hz, a built-in real-time clock (RTC), and more. While both Pi models support dual-band 802.11ac Wi-Fi, the Raspberry Pi 5 does not support monitor mode or packet...more

When I see the words "free trial," I know I'm probably going to have to whip out my credit card and enter in the number to "not get charged." Then I end up forgetting about the trial and want to kick myself in the ass when I see my statement at the end of the month. In order to avoid that rigmarole, you can actually use fake credit numbers instead of your own, and you can do that using the site getcreditcardnumbers.com, which can generate up to 9,999 credit card numbers at a time, or just one. Now, to be completely clear, these numbers cannot be used to purchase any item. Nada. Zilch. Nothing. For that to work, you would need a valid expiration date and CVV or CSV number. This site merely provides the standard 16 digit credit card number that can be used to bypass certain online forms that only ask for the number. How Does It Work?The credit card number generator uses a system based off of the Luhn Algorithm, which has been used to validate numbers for decades. You can learn more...more

When setting up a Raspberry Pi, it's easy to overlook changing the default password. Like many IoT devices, the Raspberry Pi's default Raspbian operating system installs with a widely-known default password, leaving the device vulnerable to remote access. Using a tool called rpi-hunter, hackers can discover, access, and drop custom payloads on any weak Pi connected to the same network. While this tool is primarily for local networks, it's also capable of discovering and attacking Pi models connected directly to the internet from anywhere. Far from a simple prank, a vulnerable Pi on your network can give hackers unfettered access to other devices on your internal network — and even spread payloads to other vulnerable devices. Don't Miss: Set Up Kali Linux on the $10 Raspberry Pi Zero WWhy Default Credentials Are a ProblemDevices still using the default passwords are a considerable risk to connect to a network. Because many IoT devices don't even allow the owner of the device to change...more

The ESP32-CAM is a convenient little camera module with a lot of built-in power, and you can turn one into an inconspicuous spy camera to hide in any room. There's only one issue: it does omit a USB port. That makes it a little harder to program, but with an ESP32-based board, FTDI programmer, and some jumper wires, you'll have a programmed ESP32 Wi-Fi spy camera in no time. To build the program for the spy camera, which includes facial detection and recognition, we'll be using Arduino IDE, and to flash the program over to the ESP32-CAM, we'll need the FTDI programmer and either male-to-mail jumper wires and a breadboard or female-to-female jumpers. If you want to power the board independently after it's been programmed, you can add a LiPo battery board meant for a D1 mini, which will let you add a rechargeable LiPo battery. Don't Miss: Null Byte's Hacker Guide to Buying an ESP32 Camera Module That's Right for Your ProjectParts NeededThis is the basic stuff you need to continue with...more

Project managers — and those hoping to become one — should rejoice at this killer deal. The Project Manager's Essential Certification Bundle Ft. Scrum, Agile & PMP usually runs for $1,990 but is only $49.99 for a limited time. The bundle features training on all the essential tools highly efficient program managers should know. This includes Scrum, Agile, and PMP. Scrum is most common in software development, but it also lends itself well to professionals in the marketing world. As for Agile, it's supposed to help keep you self-organized and find the proper solutions to serve your customer. PMP, meanwhile, is considered the gold standard of project management certification; it's a formal certification, and the courses in this bundle can help you secure it. The Project Manager's Essential Certification Bundle Ft. Scrum, Agile & PMP comes with ten courses that include over 700 lessons. The courses cover a lot of ground, from training for certification to more advanced techniques. For...more

A man-in-the-middle attack, or MitM attack, is when a hacker gets on a network and forces all nearby devices to connect to their machine directly. This lets them spy on traffic and even modify certain things. Bettercap is one tool that can be used for these types of MitM attacks, but Xerosploit can automate high-level functions that would normally take more configuration work in Bettercap. Xerosploit rides on top of a few other tools, namely, Bettercap and Nmap, automating them to the extent that you can accomplish these higher-level concepts in just a couple of commands. However, Xerosploit can be hit or miss, so don't be surprised if some webpages can't be spoofed because the target is using HTTPS or funneling traffic through a VPN. Considering 73% of all websites use HTTPS, you'll only have success manipulating webpages on the remaining 27%, and only if no VPN is being used. Don't Miss: How to Flip Photos, Change Images & Inject Messages into Friends' Browsers on Your Wi-Fi...more

If you've recently built a Wi-Fi spy camera out of an ESP32-CAM, you can use it for a variety of things. A baby monitor at night, a security camera for catching package thieves, a hidden video streamer to catch someone going somewhere they shouldn't be — you could use it for pretty much anything. Best of all, this inexpensive camera module can perform facial detection and facial recognition! The low-cost ESP32-CAM is an interesting camera module because it has enough RAM to perform those facial detection and facial recognition processes. The detection can spot faces whenever they pop in the frame, while the recognition can spot intruders or identify faces that you've enrolled into its code. It's not the most accurate camera that can do these tasks, but it does it well enough. It's pretty good as not mixing up faces (we couldn't trip it up at all), but it can show an enrolled ID as an intruder because of the limited number of facial scans it records for the database. You can overcome...more

The ability to browse the web in coffee shops, libraries, airports, and practically anywhere else you can imagine is more than convenient, but convenience has risks. Using public Wi-Fi allows others to spy on you easily. Even your own internet service provider can see every website you've ever visited. Don't fall into the trap of protecting your identity, data, and devices after it's too late. A Virtual Private Network (VPN) provides safety and security online, and the leading VPN is also one of the most reliable and trusted services — Private Internet Access. What's a VPN? Watch this, and you'll understand in less than a minute: Private Internet Access is based in the U.S. with over a decade of expertise and is trusted by CBS News, Forbes, Lifehacker, and Wired. Setting up your secure account is instant, and the service is easy to use and compatible with all popular desktop and mobile operating systems. Immediately secure your data and access restricted content from anywhere in the...more

An ESP32-based microcontroller with a camera is an amazing platform for video, but not all modules are created equal. We'll go over the pros and cons of some of the popular low-cost camera modules you can use with ESP32-based development boards, as well as what features they support. The ESP32-based microcontroller is the big brother to the ESP8266-based board, which we've covered extensively on Null Byte. The ESP32 is more powerful, comes with Bluetooth, and has an additional core for processing. That means it's capable of a lot more interesting things that the ESP8266 simply can't do. The camera modules we're covering today are all super cheap, ranging from about five dollars all the way up to $25. And it might surprise you that the cheapest camera modules may have cooler capabilities such as facial recognition. Don't Miss: Program an ESP32 Microcontroller Over Wi-Fi with MicroPythonWe'll break down the most common camera modules you'll find for sale, explain the benefits you get...more

The Deauther Watch by Travis Lin is the physical manifestation of the Wi-Fi Deauther project by Spacehuhn, and it's designed to let you operate the Deauther project right from your wrist without needing a computer. That's pretty cool if you want to do all the interesting things that the Wi-Fi Deauther can do without plugging it into a device. If you missed our guide on using an ESP8266-based Wi-Fi Deauther, you might be confused about what the Deauther does. For one, it can create deauthentication and disassociation packets, which can kick devices off the same Wi-Fi network the Deauther is attacking. It can do this over and over again, constantly jamming the network so that devices can't connect or stay connected. Don't Miss: How to Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi DeautherWi-Fi security cameras are an interesting use-case for this type of attack. You could use the Deauther Watch wearable hacking tool, then hunt down the Wi-Fi network that a security...more

Web applications are ubiquitous in the modern online world, and knowing how to attack them is an increasingly valuable skill. But the key to a successful attack is good recon since it's easier to be focused and efficient with the more information you have. There are many fingerprinting tools available, such as httprint and WebTech, but there are even more that can aid us in reconnaissance. Common Frameworks & TechnologiesGone are the days of simple websites using HTML, CSS, and vanilla JavaScript. Frameworks dominate the landscape today, providing a robust and modular approach to modern web development. And with more complicated web apps comes more data, so there are now more types of databases than ever. MySQL, SQL Server, and Oracle are still around, but newer players like Redis, PostgreSQL, and MongoDB are gaining popularity. Don't Miss: How to Fingerprint an Entire Network Using a Domain NameAs far as frameworks go, JavaScript-based ones are arguably the most popular. React,...more

There are tons of tools out there that do all kinds of recon, but it can be hard to narrow down what to use. A great way to be more efficient is by taking advantage of scripting. This doesn't have to mean writing everything from scratch — it can simply mean integrating existing tools into a single, comprehensive script. Luckily, it's easy to create your own subdomain enumeration script for better recon. Install DependenciesBefore we begin, there are a few things we need to install and set up for everything to work properly. First, make sure Go and Subfinder are installed on the system. Second, we'll be using a tool called assetfinder for additional subdomain recon; we can get the latest release from GitHub with: ~# wget https://github.com/tomnomnom/assetfinder/releases/download/v0.1.0/assetfinder-linux-amd64-0.1.0.tgz --2021-04-28 15:00:12-- https://github.com/tomnomnom/assetfinder/releases/download/v0.1.0/assetfinder-linux-amd64-0.1.0.tgz Resolving github.com (github.com)......more

Kali Linux has come a long way since its BackTrack days, and it's still widely considered the ultimate Linux distribution for penetration testing. The system has undergone quite the transformation since its old days and includes an updated look, improved performance, and some significant changes to how it's used. Offensive Security is the team behind Kali Linux, a Debian-based system. Kali is the preferred weapon of choice on Null Byte, and you can install it as your primary system (not recommended), use it with dual boot, use it in a virtual workstation, or create a portable live version on a USB flash drive. We'll be walking you through a very basic installation today, just enough to get you up and running to follow along with Null Byte guides. There are actually many things that can be done to customize the installation, but we just want the quick-and-dirty process. What's New in Kali Linux?In Kali Linux version 2019.4, released at the end of 2019, Offensive Security made...more

Kali Linux is the go-to Linux distribution for penetration testing and ethical hacking. Still, it's not recommended for day-to-day use, such as responding to emails, playing games, or checking Facebook. That's why it's better to run your Kali Linux system from a bootable USB drive. The hacker-friendly Debian-based distro did receive a major update by Offensive Security in late-2019 that changed the default desktop environment from the heavyweight Gnome to a more lightweight Xfce, making Kali more snappy and responsive overall. But we still can't recommend it as your daily driver unless you hack 24 hours a day, 7 days a week. Using Kali in a dual-boot situation is the way to go if you have a dedicated machine, but for something more portable, the live version on a USB flash drive is what you want. If you have a spare computer that you're going to be using for your white-hat endeavors only, then yes, by all means, install Kali as the primary system so that you can take full use of the...more

As a hacker, the final stage of exploitation is covering their tracks, which involves wiping all activity and logs so that they can avoid being detected. It's especially crucial for persistence if the target will be accessed again in the future by the attacker. To show you the basics of covering your tracks, we'll compromise a target first, then explore some techniques used to delete Bash history, clear logs, and remain hidden after exploiting a Linux system. You can check out our Cyber Weapons Lab video below that outlines my guide or skip below to get right to the written steps. Compromise a TargetThe first thing we need to do is exploit the target. We can use command injection to abuse the way the server handles OS commands to get a shell. We'll also want to upgrade our new shell to a fully interactive one. Doing so will make it easier to work in general, and it will also let us use tab completion and terminal history. Don't Miss: Use Websploit to Scan Websites for Hidden...more

ESP8266-based microcontrollers can be used to create exciting and legal Wi-Fi hacking games to test your or your friends' Wi-Fi hacking skills. When you first start learning how to hack Wi-Fi, it can be tempting to use your powers on Wi-Fi networks you don't have permission to use. Needless to say, this can get you into a lot of trouble because Wi-Fi hacking isn't particularly subtle, so it's easy to get caught. To keep you from getting into a predicament, we want to make sure you have access to a couple of fun Wi-Fi hacking games. The games we've created can be used for a CTF (capture-the-flag) game, a hackerspace, or just a group of friends that want to practice their hacking skills. There are actually five different scenarios we'll cover. In order, we'll cover how to use the handshake injector, make a reactive target, create a Wi-Fi access point, generate a hidden network, and play the Chicken Man Game. What You'll NeedAll you need to follow along with this guide is at least one...more

A PirateBox creates a network that allows users to communicate wirelessly, connecting smartphones and laptops even when surrounding infrastructure has been disabled on purpose or destroyed in a disaster. Using a Raspberry Pi, we will make a wireless offline server that hosts files and a chat room as an educational database, a discreet local chat room, or a dead-drop file server. The Need for Offline File SharingIf you can't think of a use for an offline file server with a built-in wireless hotspot, the list is nearly endless. Imagine you're a Red Cross volunteer in Florida after Hurricane Irma, and the power goes out. You're volunteering in a center to help storm victims find their lost pets, but with no cellular data, Wi-Fi, or Ethernet, cell phones and laptops aren't able to send photos of missing animals and everything must be done by paper. With a PirateBox and a big battery, you're able to host a server that anyone can post their missing pet photos and information to, as well as...more

Python is one of the most commonly used programming languages in the world. From data science to game design, Python appears in almost every industry that requires coding of some kind. If you're looking to get into or get promoted to a higher level in one of those industries, then your next step is to learn this versatile programming language. The 2021 Premium Python Certification Bootcamp Bundle can be your guide from Python beginner to master, and it is currently on sale for $34.99. Whether you're looking at game design or app building, The 2021 Premium Python Certification Bootcamp Bundle has a class suited for your ambition. With 13 different courses covering over 500 lessons, ranging from "Ethical Hacking Using Python from A to Z" to "Artificial Intelligence (AI) in Python," you will find a course that covers the interests you already have — and many more that will broaden your professional knowledge. Each course is taught by an expert who has used Python professionally for...more

Microcontrollers like ESP8266-based boards have built-in Wi-Fi, and that's really cool, but what's even cooler is that certain pro models of the D1 Mini also have a port where you can connect a directional antenna. This can give you exceptional range, but if you were to just plug one in after opening the package, it most likely wouldn't work. The problem, as Glytch covered in a Hak5 video last year, is that there's a tiny zero-ohm resistor on the board that's connecting the built-in antenna to the chip, but it needs to connect to the external directional antenna. To do so, that tiny resistor needs to be changed to a different pad that connects it to the breakout adapter. So a little bit of surface mount soldering is needed to fix the issue. Things You'll NeedA couple of things are needed to connect a directional antenna to a D1 Mini successfully. First, a soldering station, also known as a helping hands stand, is needed to hold onto the D1 Mini so that you don't burn yourself in the...more

There are hidden Wi-Fi networks all around you — networks that will never show up in the list of available unlocked and password-protected hotspots that your phone or computer can see — but are they more secure than regular networks that broadcast their name to any nearby device? The short answer is no, and that could be for any number of reasons. Hidden networks are actually the same as regular Wi-Fi networks; only they don't broadcast their names (ESSID) in the beacon frames that regular networks send out. If the name isn't included, your phone or computer will never find it just by scanning for nearby hotspots to join. To join a hidden network, you need to know its name first, and there are a few attacks that can accomplish this. There is no elaborate, crazy attack needed to discover hidden Wi-Fi networks in your area, so virtually anybody that can work their way around a computer can find one. You don't have to be a hacker, pentester, cybersecurity professional, or someone with...more

If you've wanted to get into Wi-Fi hacking, you might have noticed that it can be pretty challenging to find a safe and legal target to hack. But you can easily create your own test network using a single ESP8266-based microcontroller like the D1 Mini. Our goal is to crack a handshake that we capture from our wireless card. So what we'll do here is flash an Arduino sketch onto an ESP8266-based board that allows us to play both sides of a Wi-Fi conversation, simulating a device joining a Wi-Fi network. From our computer, we'll listen for the attempt to join and then try to crack the password. For this to work, you'll need a computer with Arduino IDE installed, as well as a D1 Mini or another type of ESP8266-based development board. You can pick one of these up below. I personally recommend the D1 Mini. IZOKEE ESP8266 ESP-12F D1 Mini (3 Pack) (currently $12.69)IZOKEE ESP8266 ESP-12F D1 Mini (5 Pack) (currently $15.79)Organizer ESP8266 ESP-12F D1 Mini (5 Pack) (currently $15.69) Get the...more

If you're getting into automation, Bash scripting is usually the way to go. However, there are a couple of limitations, and one of them is logging into another device like a Raspberry Pi and running a script automatically. To help in those situations, we're going to automate delivering an SSH payload with an "expect" script. Bash scripting is more like duct-taping things together, so it isn't able to do everything, including predicting and then reacting to certain variables. So we're going to use an "expect" script to log in to our Raspberry Pi and automatically shut it down. We could also adapt the script to pass pretty much any payload we want to the Pi. It's a pretty awesome use of an expect script, and there are lots of different things you can do with it, so know that our guide is just scratching the surface of how you can take an expect script and use it to actually do things that otherwise would require a lot more user interaction. Don't Miss: Discover & Attack Raspberry...more

Bash scripting is a convenient way to automate things on any Linux system, and we're going to use it here to automate certain tasks we use all the time. Bash is a simple language for stringing together several different Linux utilities. Its simplicity makes it easy for beginners to create lots of scripts that would otherwise be pretty complicated or require some pretty hefty programming skills. If you know the right Bash commands, you can do all sorts of things. In this guide, we'll use Bash to automate a few commonly used tasks. We'll also cover aliasing briefly, which will make things even more convenient. For instance, if we have something we want to do, we'll just use an alias command to call a Bash script and have it run whatever it's programmed to do so that we don't have to run and call the script manually every time from wherever it's saved. RequirementsTo follow along, all you'll need is an Ubuntu or Kali Linux system. Really, any Linux system will do. If you want to pick up...more

While obvious, it's a lot more difficult to hack into a locked computer than an unlocked computer. As a white-hat hacker, pentester, cybersecurity specialist, or someone working in digital forensics, there's an easy solution — make it so that the computer won't fall asleep and lock automatically in the first place. One way to stop a laptop or desktop computer from sleeping into a locked state is to use a mouse jiggler. It's a tactic used frequently by law enforcement to avoid having to get a password for the account later when examining the data for evidence. The suspect will likely not give up the credentials, but if the suspect was caught off-guard during a raid, a mouse jiggler could be planted quickly to make sure the computer doesn't doze off, avoiding the need for a password altogether. Don't Miss: How to Run USB Rubber Ducky Scripts on a Digispark BoardA mouse jiggler simply moves the mouse pointer or cursor around just enough to keep the operating system in an active state....more

RedRabbit is an ethical hacking toolkit built for pen-testing and reconnaissance. It can be used to identify attack vectors, brute-force protected files, extract saved network passwords, and obfuscate code. RedRabbit, which is made specifically for red teams, is the evil twin of its brother, BlueRabbit, and is the offensive half of the "Rabbit Suite." The creator of RedRabbit, Ashley Moran, better known as securethelogs, makes a plethora of Windows-based ethical hacking and penetration testing tools. RedRabbit just happens to be one of my favorites. RedRabbit offers pen-testers of Windows systems an alternative to tools such as PowerShell Empire (or just Empire), which is no longer in development. While not quite picking up the torch in terms of the scope of Empire, a now-depreciated, catch-all tool, RedRabbit is both lightweight and up to date, guaranteeing it will run on most Windows systems. Don't Miss:How to Use The Koadic Command & Control Remote Access Toolkit for Windows...more

With just two microcontrollers soldered together, you can inject keystrokes into a computer from a smartphone. After building and programming the device, you plug it into a desktop or laptop, access it over a smartphone, and inject keystrokes as you would with a USB Rubber Ducky. However, with a Rubber Ducky, you need to first know the type of computer and its operating system, followed by the payload you want to use, so you can program the hacking device to do your bidding. There is no real-time interaction from you — it just does whatever you preloaded on it. With our homemade device, you don't have to know what the computer model and operating system is beforehand that you want to hack. Instead, you load a ton of different payloads onto the device so that you can choose from any one of them after connecting to a computer you hadn't laid eyes on until right before you plugged your hacking device in. Don't Miss: Spy on Traffic from a Smartphone with WiresharkThe device we're creating...more

If you're living or staying out in the middle of nowhere or a rural area outside of a big city or town — where there are no reliable cable, fiber, or wireless networks available — how can you get an internet connection? There are several possibilities, but they all come with tradeoffs, which we'll go over in detail. Normally, rural, more isolated areas in the U.S. are usually only served by one internet provider, whether that's dial-up or some other connection type. These providers offer slower speeds than most ISPs in more populated locations. Because they are the only ones in the community, there isn't any pressure for them to innovate and upgrade their infrastructure to give users higher speeds. Don't Miss: Turn Your Raspberry Pi into a Wireless HotspotDSL ProvidersDSL is the service that knocked dial-up off the map. It's faster than dial-up, always-on, and you can use your landline phone while you're surfing the web. This is the most common type of internet connection you'll be...more

Social media accounts are a favorite target for hackers, and the most effective tactics for attacking accounts on websites like Facebook, Instagram, and Twitter are often based on phishing. These password-stealing attacks rely on tricking users into entering their passwords into a convincing fake webpage, and they have become increasingly easy to make thanks to tools like BlackEye. BlackEye is a tool to rapidly generate phishing pages that target social media websites, making it much easier to phish targets of opportunity on the same network. After redirecting a target to the phishing page, it's easy to capture passwords to social media accounts harvested from unwitting targets. BlackEye for Social Media PhishingUsers place a lot of trust in their social media accounts. If the target doesn't have 2FA enabled, the ease with which an attacker can access them may be surprising. A single mistake typing a password into the wrong website can be all it takes to lose access to your account....more

Airgeddon is a multi-Bash network auditor capable of Wi-Fi jamming. This capability lets you target and disconnect devices from a wireless network, all without joining it. It runs on Kali, and we'll cover installing, configuring, and using its jamming functionalities on a small, inexpensive Raspberry Pi. When done correctly, it will deny service to a wireless network for up to several blocks. Airgeddon has been covered as a useful tool many timesonNull Byte, but in this guide, I want to show how electronic warfare techniques, such as jamming, can be used by hackers to disable devices such as wireless security cameras. Electronic warfare is a fairly new concept. Communications like GPS and Wi-Fi make more complex processes — and our way of life — possible. There are many ways to attack systems like drones (UAVs) or networked security cameras, but their data connection is often the most vulnerable. Electronic warfare favors avoiding engaging these systems directly, instead choosing to...more

Besside-ng is the hidden gem of the Aircrack-ng suite of Wi-Fi hacking tools. When run with a wireless network adapter capable of packet injection, Besside-ng can harvest WPA handshakes from any network with an active user — and crack WEP passwords outright. Unlike many tools, it requires no special dependencies and can be run via SSH, making it easy to deploy remotely. In my opinion, it's one of the most powerful Wi-Fi hacking tools currently available. First written in 2010 in C, Besside-ng is an incredibly aggressive and persistent WPA handshake mass-harvester and WEP cracker. It features customizable options to upload handshakes to distributed WPA password crackers, which, on average, crack over 18% of networks submitted automatically. Don't Miss: Hack WPA & WPA2 Passwords with a Pixie-Dust AttackSound Simple? Let's Look at How It WorksEncrypted Wi-Fi networks come in two primary flavors, WEP and WPA. While WEP can be broken easily, WPA and WPA2 networks require us to record a...more

MicroPython is an exciting language to use on ESP8266 boards and ESP32-based microcontrollers, but it doesn't always include all of the libraries you'll need for a specific project. This issue is less of a problem, thanks to the upip package manager. Upip lets you download any package in the standard MicroPython library over a Wi-Fi connection. That's really useful if you're in a project that needs another library and you don't want to go through the tedious process of trying to load it yourself. To follow along, you'll need to have an ESP8266, ESP8285, or ESP32 board, such as the NodeMCU or D1 Mini. Designed for wearables, the ESP8285 is a smaller version of the ESP8266 with less flash memory. The ESP32 is the successor to the other models and has faster Wi-Fi, an extra CPU core, touch-sensitive pins, more GPIOs, and more. Buy on Amazon: D1 Mini ESP8266 Board for $8.99Buy on Amazon: D1 Mini ESP8285 Board for $10.99Buy on Amazon: D1 Mini ESP32 Acrobotic WeMos Board for $12.49Buy on...more

You've protected your Ubuntu system from physical attacks, annoyed network hackers, and sandboxed potentially malicious applications. Great! Now, the next logical steps to locking down your OS include thoroughly auditing Ubuntu for weak points, using antivirus software that respects your privacy, and monitoring system logs like a boss. This is the final part of our mini-series on strengthening your primary Ubuntu system. You'll learn about hardening weak points in the OS using a well-respected, open-source auditing tool. Besides that, we'll check out ClamAV, an antivirus software that won't send your sensitive files to for-profit company servers. You'll also see how to allow or deny web access for all the apps on your computer. And when I say "monitoring system logs like a boss," I'm talking about the /var/log/ directory. If you missed the beginning of this article series, you should check out the first part to learn more about my motivations for starting this four-part guide. Part 3:...more

Once you've installed Ubuntu with security in mind and reduced the possibility of network attacks on your system, you can start thinking about security on an application level. If a malicious file is opened on your system, will an attacker be able to access every file on the computer? The chances are much slimmer if you put the proper defenses in place. In this third part of our mini-series on strengthening your primary Ubuntu installation, you'll learn how Ubuntu package repositories work, which repos you should avoid, and how to update. You'll also see how to import additional AppArmor profiles to limit resources that apps can use and create sandboxes to isolate unsafe applications from the operating system completely. If you missed the beginning of this article series, you should check out the first part to learn more about my motivations for starting this four-part guide. Part 2: Using Ubuntu as Your Primary OS, Part 2 (Network Attack Defense) Install the Lastest System...more

After installing Ubuntu as your primary OS, you should have protected against USB Rubber Ducky payloads, defended against hard drive forensics, and reduced the overall attack surface against physical strikes. When defending against network-based attacks, you'll want to minimize hardware disclosures, prevent packet sniffers, harden firewall rules, and much more. To be more specific, in this part of the mini-series for strengthening your primary Ubuntu installation, you'll learn to spoof your MAC address to trick passive attackers, disable unused networking services such as CUPS and Avahi, create specific firewall rules to block data exfil on certain ports, and prevent hackers from sniffing passwords and cookies in your packets with a VPN. If you missed the previous article, you should check out part one to learn more about my motivations for starting this four-part guide — even if you already have Ubuntu installed and just want to lock it down. Part 1: Using Ubuntu as Your Primary OS...more

Windows 10 and macOS have poor reputations when it comes to customer privacy and user policies. Our hacking Windows 10 and hacking macOS articles might make it seem like a reasonably secure operating system doesn't exist. But I'm here to tell you that there is a viable alternative that could provide some sense of security and trust. There are quite a few noteworthy Linux distributions with excellent development records and support communities to choose from. To name just a few, there's Manjaro, BlackArch, Parrot Security OS, and Kali, but I decided to feature Ubuntu for several reasons: Ubuntu has a strong support community. This is the primary reason for choosing Ubuntu over other popular Linux distros. Compared to others, Ubuntu has a large support community that can be found at Ask Ubuntu, UbuntuForums, and on many IRC channels. In my experience, these communities are very receptive to beginner questions and will make users transitioning from a Windows 10 environment feel at...more

Withstanding an attack from a motivated hacker is one of the most important responsibilities a system administrator must undertake. This is especially true for websites that may contain sensitive customer information and a high volume of users. So it's important for a sysadmin to take proactive measures to find and fix vulnerabilities in their websites. One tool that can help with this is Vega Vulnerability Scanner, a free, open-source, graphical web-auditing tool developed by the security company Subgraph. This tool contains several interesting features, such as a proxy scanner, but we'll be focusing on the automated security testing aspect that can help us find and validate SQL injection, cross-site scripting (XSS), inadvertently disclosed sensitive information, and many other vulnerabilities. There are similar web application scanners to Vega. Portswigger's Burp Suite Scanner and Netsparker's Security Scanner both ofter premium vulnerability scanners, but Vega's scanner can perform...more

While there are completely legitimate reasons to use Bitcoin, it's also used by terrorists, drug dealers, and other shady people that need to be investigated. That's where SpiderFoot comes in, which has a command-line interface to search for Bitcoin wallet addresses on a website and query the balances associated with them. SpiderFoot is a great tool overall for automating OSINT (open-source intelligence), and there are two different versions: the free open-source project and SpiderFoot HX, a paid service that costs almost $800 a year. For our use, the free version is adequate for investigating Bitcoin wallets and balances, and we won't have to run a web server to do it, which is necessary if using SpiderFoot outside of the CLI. Don't Miss: This 10-Course Blockchain & Ethereum Training Is Just $29Let's say an organization is raising funds using Bitcoin. Whether it's a legitimate or illegitimate organization that's asking for donations, you can monitor its performance by first...more

What appears to be an ordinary MP4 may have been designed by an attacker to compromise your Linux Mint operating system. Opening the file will indeed play the intended video, but it will also silently create a connection to the attacker's system. Understanding the AttackWhile this article uses Linux Mint as an example, the attack takes advantage of an issue in several Linux file managers. The below GIF demonstrates the attack. Two files are being extracted in the GIF. The first (real_video.mp4) is a real MP4 of a movie trailer. The second file (fake_video.mp4) is a .desktop file, configured to look like an ordinary MP4 in this file manager. What we can't see in the GIF is the Netcat connection being made to the attacker's system when fake_video.mp4 opens. The target believes fake_video.mp4 is legitimate and has no idea the operating system was just compromised. The .desktop file extension is used in Linux systems to create application launchers. Linux Mint users can list files in the...more

The USB Rubber Ducky is a well-known hacking device in the cybersecurity industry, but it needs to be preprogrammed before it can be used. That means it's not easy to issue commands to a target computer since you can't interact with it from afar after plugging it in. And if you don't know what the target computer is, you might come up empty. That's where the WiFi Duck comes in handy. The WiFi Duck is a project created by Stefan Kremser, also known as Spacehuhn. With it, you can plug the WiFi Duck into a target computer that's exposed even for just a minute, then connect to it over Wi-Fi from another device to issue whatever payloads you have ready or can build before you have to disconnect. The advantage is that you can connect to a slick web interface, save your own codes, and run them one by one, or write code on the fly to cause effects on the computer that you might not have intended before you knew what was on the computer. For example, if you didn't know the operating system. Or...more

One of the most promising avenues of attack in a web application is the file upload. With results ranging from XSS to full-blown code execution, file uploads are an attractive target for hackers. There are usually restrictions in place that can make it challenging to execute an attack, but there are various techniques a hacker could use to beat file upload restrictions to get a shell. Bypassing BlacklistsThe first method we'll explore is how to bypass blacklisting. Blacklisting is a type of protection where certain strings of data, in this case, specific extensions, are explicitly prohibited from being sent to the server. At first glance, it might seem like an optimal solution to prevent bad extensions, often executables, from being uploaded, but it is trivial to bypass. Don't Miss: How to Compromise a Web Server & Upload Files to Check for Privilege EscalationIn addition to the regular extensions, there are alternative extensions that can be used to get around blacklist filters....more

A dead man's switch is a fairly simple concept. If you don't perform a specific task before a set amount of time, it'll perform a specific action you set. They can be handy not just for hackers but for everyone who wants to protect themselves, someone else, or something tangible or intangible from harm. While there are more nefarious uses for a dead man's switch, white hats can put one to good use. These switches have appeared in pop culture in many different forms, and examples can be seen in films such as "Point Break," "Speed," and "Crimson Tide." For a more recent example, in the film "Tenet," Sator (the antagonist) had implemented a dead man's switch to go off whenever his heart stopped, which would activate the algorithm that would end the entire world. Notorious whistleblower Edward Snowden even used one in real life when he leaked all of those sensitive NSA documents to journalists. He sent encrypted versions to people he could trust who would receive the decryption key if he...more

As we've seen with other tools and utilities, administrators typically use certain things to do their job more efficiently, and those things are often abused by attackers for exploitation. After all, hacking is just the process of getting a computer to do things in unexpected ways. Today, we will be covering various methods to perform banner grabbing to learn more about the target system. Banner grabbing is a technique used to gather information about running services on a computer system. Banners refer to the messages on the host that usually provide a greeting or version information. An attacker can use banner data to their advantage by obtaining specific version numbers of services to aid in reconnaissance and exploitation. Don't Miss: Conduct Recon on a Web Target with Python ToolsTo learn about banner grabbing, we will be using Metasploitable 2 as the target and Kali Linux as our local machine. In a terminal window, let's do a quick Nmap scan on the target to see what's running:...more

One of the most exciting things as an ethical hacker, in my opinion, is catching a reverse shell. But often, these shells are limited, lacking the full power and functionality of a proper terminal. Certain things don't work in these environments, and they can be troublesome to work with. Luckily, with a few commands, we can upgrade to a fully interactive shell with all the bells and whistles. It can often be frustrating when working with reverse shells if all you have is a "dumb" shell. A dumb shell is a type of shell that doesn't have a proper terminal's full functionality. That means things like tab completion, keyboard shortcuts, and terminal history simply aren't present. Specific commands like su will not work in dumb shells, which makes things complicated when trying different privilege escalation techniques. Text editors don't work very well in these conditions either, which can be a pain. Don't Miss: Use Command Injection to Pop a Reverse Shell on a Web ServerPerhaps the most...more

When approaching a target, having a precise and detailed plan of attack is absolutely necessary. One of the main goals is to increase the attack surface since the more opportunities there are for exploitation, the greater the chances of success. Subdomain enumeration is one method used to increase the attack surface, and we'll be using a tool called Subfinder to discover hidden subdomains. Subdomain Enumeration OverviewSubdomain enumeration is an indispensable, often overlooked part of the reconnaissance phase. It is basically the process of finding subdomains for any given domain or set of domains. This enumeration can often reveal many subdomains that are hidden or not publicly exposed — plus the chance of finding vulnerabilities on forgotten resources is generally much higher than on those that are more frequently tended to. Things like admin panels, staging sites, and other internal resources are often found living on subdomains of the target. The thought is, if it is not on the...more

Hackers often find fascinating files in the most ordinary of places, one of those being FTP servers. Sometimes, luck will prevail, and anonymous logins will be enabled, meaning anyone can just log in. But more often than not, a valid username and password will be required. But there are several methods to brute-force FTP credentials and gain server access. File Transfer Protocol is a network protocol used to transfer files. It uses a client-server model in which users can connect to a server using an FTP client. Authentication takes place with a username and password, typically transmitted in plaintext, but can also support anonymous logins if available. Don't Miss: Brute-Force SSH, FTP, VNC & More with BruteDumFTP usually runs on port 21 by default but can be configured to run on a non-standard port. It is often used in web development and can be found in pretty much any large organization where file transfer is essential. Initial SetupBefore we begin, let's run a simple Nmap...more

GTFOBins and LOLBAS are projects with the goal of documenting native binaries that can be abused and exploited by attackers on Unix and Windows systems, respectfully. These binaries are often used for "living off the land" techniques during post-exploitation. In this tutorial, we will be exploring gtfo, a tool used to search these projects for abusable binaries right from the command line. What Is Living Off the Land?Living off the land is a method used by attackers that utilizes existing tools and features in the target environment to further the attack. Goals can include privilege escalation, lateral movement, persistence, data exfiltration, spawning reverse shells, and more. This technique is great at flying under the radar and can be difficult for defenders to detect. Since many of these tools are used for legitimate administration, it can be hard to separate malicious activity from normal activity. Windows PowerShell is a good example. Despite being abused by attackers for years,...more

The moment arrives when you finally pop a shell on the web server you've been working on, only you find yourself in a strange environment with limited functionality. Restricted shells are often used as an additional line of defense and can be frustrating for an attacker to stumble upon. But with enough patience and persistence, it is possible to escape these restricted environments. What Are Restricted Shells?Restricted shells are simply shells with restricted permissions, features, or commands. They are primarily used to ensure that users can perform the minimum operations necessary for daily function in a secure, contained environment. Administrators might also use them to make sure they don't enter any dangerous commands accidentally. Sometimes, these restricted shells might even be put in place to dissuade hackers. Recommended Book on Amazon: The Linux Command Line, 2nd Edition: A Complete Introduction (Illustrated Edition)The most common types of restricted shells are just normal...more

Browser extensions are extremely useful since they can expand web browsers like Google Chrome and Mozilla Firefox beyond their built-in features. However, we don't always know who's behind a browser add-on or what it's doing beyond what's advertised. That's where ExtAnalysis comes into play. ExtAnalysis will unpack an extension so that we can see what's really going on inside. To start using it, you just need to use either Chrome or Firefox, as well as an extension you want to investigate for possible malicious background activities. We'll be examining a Firefox extension from a computer science student to see how a more amateurish add-on will leak its hidden intentions. Don't Miss: Top 10 Browser Extensions for Hackers & OSINT ResearchersRequirementsChrome (or Brave) or FirefoxInstalled or uninstalled extension from Chrome Web Store or Firefox AddonsLinux or Windows PC (or macOS for uninstalled extensions only)ExtAnalysis FeaturesExtAnalysis is somewhat similar to Jupyter...more

Web applications are becoming more and more popular, replacing traditional desktop programs at an accelerated rate. With all these new apps out on the web comes various security implications associated with being connected to the internet where anyone can poke and prod at them. One of the simplest, yet the most prevalent types of security flaws found in modern web apps are SQL injections. A typical web app doesn't actually store any information in the app itself, but rather it communicates with a backend database where data is stored. These requests are handled by SQL queries in which the application passes a statement to the database, thus returning the requested data to the application. What Is SQL Injection?SQL injection is a technique used to attack applications utilizing a database by sending malicious code with the intention of accessing or modifying restricted information in the database. There are many reasons why this vulnerability exists, including improper input filtering...more

Sudo is a necessity on most Linux systems, most of which are probably being used as web servers. While the principle of least privilege is typically applied, sudo misconfigurations can easily lead to privilege escalation if not properly mediated. Which brings us to SUDO_KILLER, a tool used to identify sudo misconfigurations that can aid in privilege escalation. The most glaring misconfiguration is running an outdated version of sudo, especially one that has known vulnerabilities. There is simply no excuse for it, and often the best course of action from a defensive point of view is just keeping everything updated. Don't Miss: Steal Ubuntu & MacOS Sudo Passwords Without Any CrackingOther issues arise from being able to run sudo without a password — all it takes is one command to get root in a situation like that. Sometimes, even just knowing if another user has used sudo can be advantageous to an attacker. Other things related to sudo, like enabling the SUID bit, can lead to some...more

Ports allow network and internet-connected devices to interact using specified channels. While servers with dedicated IP addresses can connect directly to the internet and make ports publicly available, a system behind a router on a local network may not be open to the rest of the web. To overcome the issue, port forwarding can be used to make these devices publicly accessible. Networked services and apps running on various devices make use of ports at specific numbers as a means to initiate connections and establish communications. Different ports can be used simultaneously to separate and parse different types of traffic or requests easily. Ports are generally associated with specific services, such that a client can connect to a server on a particular port and assume that the server will accept a connection at that port and respond appropriately. Some commonly used ports are shown below. 21: FTP (File Transfer Protocol)22: SSH (Secure Shell)23: Telnet (Teletype Network)25: SMTP...more

Web browser extensions are one of the simplest ways to get starting using open-source intelligence tools because they're cross-platform. So anyone using Chrome on Linux, macOS, and Windows can use them all the same. The same goes for Firefox. One desktop browser add-on, in particular, makes OSINT as easy as right-clicking to search for hashes, email addresses, and URLs. Mitaka, created by Manabu Niseki, works in Google Chrome and Mozilla Firefox. Once installed, it lets you select and inspect certain pieces of text and indicators of compromise (IoC), running them through a variety of different search engines, all with just a few clicks. The tool can help investigators identify malware, determine the credibility of an email address, and see if a URL is associated with anything sketchy, to name just a few things. Don't Miss: Find OSINT Data on License Plate Numbers with SkiptracerInstalling Mitaka in Your BrowserIf you've ever installed a browser extension before, you know what to do....more

Privilege escalation is the technique used to exploit certain flaws to obtain elevated permissions relative to the current user. There are a vast number of methods out there to go from user to root on Linux, and keeping track of them all can be difficult. This is where automation comes into play, and a privilege escalation script called Linux Smart Enumeration is one to take advantage of. LSE vs LinEnumLinux Smart Enumeration sets itself apart from other privilege escalation scripts because of the features it has. One of the most significant differences between it and other scripts like LinEnum is the ability to display more information about the target gradually. LSE has three verbosity levels that will show more details depending on what level is run. Don't Miss: Use One-Lin3r to Quickly Generate Reverse Shells, Privesc Commands & MoreAnother fantastic feature of LSE is the process monitor. At the end of the script, it will determine what processes are running on the host as...more

In the first guide, we laid the groundwork for our ultimate goal of uploading and running the unix-privesc-check script on our target. We identified an input field vulnerable to SQL injection and utilized Sqlmap to set up a file stager on the server. Now, we're ready to upload files and execute the script, so we can identify any misconfigurations that could lead to privilege escalation. The unix-privesc-check script is a Bash script that runs on Unix systems and tries to identify misconfigurations that could allow for privilege escalation. It can run in either the standard mode, which is speed-optimized, or detailed mode, which checks for even more stuff. The standard mode still checks for a lot of things, including file permissions, user permissions, SSH keys, and other security settings. The detailed mode, while more thorough, is slower and can be prone to false positives. Previously: How to Compromise a Web Server & Upload Files to Check for Privilege Escalation, Part 1 Upload...more

Microsoft's built-in antimalware solution does its best to prevent common attacks. Unfortunately for Windows 10 users, evading detection requires almost no effort at all. An attacker armed with this knowledge will easily bypass security software using any number of tools. As Microsoft's antimalware solution is Windows 10's first line of defense, it's the subject of a lotofexcellentsecurityresearch. This article will provide a brief introduction to how attackers will evade it entirely. What Is Antimalware Scan Interface (AMSI)?The backbone of Microsoft's antimalware, introduced in Windows 10, is the Windows Antimalware Scan Interface, or AMSI. Antivirus applications, including Windows Defender, can call its set of APIs to request a scan for malicious software, scripts, and other content. To describe it briefly, let's look at Microsoft's definition: The Windows Antimalware Scan Interface (AMSI) is a versatile interface standard that allows your applications and services to integrate...more

The internet has undoubtedly changed the way we work and communicate. With technological advances, more and more people can collaborate on the web from anywhere in the world. But this remote-friendly environment inherently brings security risks, and hackers are always finding ways to exploit systems for other uses. WebDAV, or Web Distributed Authoring and Versioning, is a protocol that allows users to remotely collaborate and edit content on the web. It is an extension of HTTP but uses its own distinct features to enhance the standard HTTP methods and headers. The protocol is mainly used for remote editing and collaboration, but it can also be used to transfer files. It usually runs on port 80 by default, or sometimes port 443 for encrypted communications. While WebDAV offers users the ability and convenience to access web content from anywhere, this same remote function can be a huge security hole if not correctly configured. Don't Miss: Probe Websites for Vulnerabilities with the...more

The art of fuzzing is a vital skill for any penetration tester or hacker to possess. The faster you fuzz, and the more efficiently you are at doing it, the closer you come to achieving your goal, whether that means finding a valid bug or discovering an initial attack vector. A tool called ffuf comes in handy to help speed things along and fuzz for parameters, directors, and more. What Is Fuzzing?Fuzzing, or fuzz testing, is the automated process of providing malformed or random data to software to discover bugs. Typically, when it comes to pentesting, a wordlist is used to iterate through values, and the results are observed and analyzed. Fuzzing usually involves testing input — this can be anything from alphanumeric characters to find buffer overflows, to odd characters to test for SQL injection. Fuzzing is also commonly used to discover hidden directories and files and to determine valid parameter names and values. We will be using Metasploitable 2 as our target and Kali Linux as...more

There are countless tutorials online that show how to use Netstat and Tasklist to find an intruder on your computer. But with a few PowerShell functions, it's possible for a hacker to evade detection from the almighty command line. Before we dive into the technical sections, have a look at the following GIF. The attacker has manipulated the PowerShell session in a way that's transparent to the target user. The netstat.exe command identifies an outgoing connection on TCP/4444. This is possibly an intruder as the port is common with default Meterpreter configurations. However, in the second netstat command, notice that the attacker's connection has disappeared? What's more unusual is that the ipconfig output doesn't print any IP addresses at all. The commands executed in the GIF are, in fact, PowerShell functions. In the case of netstat, it's designed to emulate an actual Netstat command while omitting the attacker's location. As defined by the MITRE ATT&CK framework:...more

Penetration testing, or pentesting, is the process of probing a network or system by simulating an attack, which is used to find vulnerabilities that could be exploited by a malicious actor. The main goal of a pentest is to identify security holes and weaknesses so that the organization being tested can fix any potential issues. In a professional penetration test, there are six phases you should know. Pentesting LingoLike many industries, and especially within IT, certain terms can cause initial confusion for people not familiar with them. Penetration testing can get pretty technical, but some of the confusion comes from words that are used before the engagement even begins. A pentest can either be internal or external. An internal test means the pentester starts inside the network and usually has some sort of access as if they were simulating a rogue employee or an attacker who has breached the perimeter. An external test begins outside the network or system, which most closely...more

OpenBSD implements security in its development in a way that no other operating system on the planet does. Learning to use the Unix-like operating system can help a hacker understand secure development, create better servers, and improve their understanding of the BSD operating system. Using VirtualBox, the OS can be installed within a host to create a full-featured test environment. This extremely secure operating system boasts features with which no other OS can compare. While OpenBSD is often regarded as a server OS, it can also be used on the desktop or within a virtual machine and still offer these same security features to regular users. This can be valuable to a device that stands at a higher risk of being attacked or to anyone who wants greater protection against the possibility of remote code execution exploits such as those found in Microsoft Windows. OpenBSD is derived from the Berkeley Software Distribution, or BSD, a Unix-like operating system developed initially at the...more

Identifying security software installed on a MacBook or other Apple computer is important to hackers and penetration testers needing to compromise a device on the network. With man-in-the-middle attacks, packets leaving the Mac will tell us a lot about what kind of antivirus and firewall software is installed. After gaining access to a Wi-Fi router, a hacker will perform a variety of network-based and reconnaissance attacks. Data traversing the network is viewable to anyone with the password without ever authenticating to the router. While that method is excellent for passive observations, we'll instead perform a man-in-the-middle attack to learn what's happening on the network. We'll start by installing a man-in-the-middle tool in Kali Linux. Packets moving through the network are redirected to the attacker's system and collected with Wireshark. The traffic is then vulnerable to packet inspection, allowing an attacker to identify installed security software on the macOS computer....more

Everybody knows not to store sensitive information in unencrypted files, right? PDFs and ZIP files can often contain a treasure trove of information, such as network diagrams, IP addresses, and login credentials. Sometimes, even certain files that are encrypted aren't safe from attackers. That's where Zydra comes in — a tool for cracking RAR files, ZIP files, PDF files, and Linux shadow files. How Are These Files Encrypted?Depending on the program used and its version, these sorts of files could be password protected using various encryption algorithms. For example, the Linux command line zip utility uses the older PKZIP algorithm, which is insecure and easy to crack. Other programs, like WinZip and 7-Zip, use strong AES-256 encryption. Earlier versions of the RAR protocol use a proprietary encryption algorithm, while newer versions use AES. WinRAR and PeaZip, popular choices that can deal with RAR files, also use the AES standard. Don't Miss: Crack Shadow Hashes After Getting Root on...more

If you're ever in a situation where you need to take a peek at the wireless spectrum, whether it's for Bluetooth or Wi-Fi devices, there's a fascinating Python 3-based tool called Sparrow-wifi you should check out. It's cross-platform, easy to use, and has an impressive GUI that shows you the signal strength of nearby devices. Sparrow-wifi, branded as a "next-generation" analysis tool for wireless reconnaissance and surveillance, is simple to install. There's just a bunch of Python libraries you need, and then no matter what system you're on, it should be pretty easy to use. It works great on a Raspberry Pi, and just as good on Kali Linux. What You Could Do with Sparrow-WifiGhostop14 created Sparrow-wifi to be installed on a Raspberry Pi attached to a drone or rover for war-flying or wardriving use cases. It was even tested out on a 3DR Solo aerial drone, and you can read more about their experience using Sparrow-wifi on Raspberry Pi and drone on the GitHub page. We'll just be using...more

PowerShell is an essential component of any Windows environment and can be a powerful tool in the hands of a hacker. During post-exploitation, PowerShell scripts can make privilege escalation and pivoting a breeze, but its execution policy can put a damper on even the best-laid plans. There are a variety of methods, however, that can be used to bypass PowerShell execution policy. PowerShell Execution Policy OverviewThe purpose of PowerShell's execution policy is to control how configuration files are loaded and how scripts are run. It's a safety feature that helps prevent malicious scripts from being executed. Policies can be set at the computer level, user level, and session level on Windows machines. It's important to note that the execution policy is not meant to be secure — it merely prevents users from unintentionally causing damage. As we'll soon find out, it can be bypassed in several ways. There are seven types of execution policies in PowerShell. These are only enforced on...more

SSH is one of the most common protocols in use in modern IT infrastructures, and because of this, it can be a valuable attack vector for hackers. One of the most reliable ways to gain SSH access to servers is by brute-forcing credentials. There are a few methods of performing an SSH brute-force attack that will ultimately lead to the discovery of valid login credentials. While not the only ways to do so, we'll be exploring tools such as Metasploit, Hydra, and the Nmap Scripting Engine in Nmap to accomplish this task, all of which are included in Kali Linux. As for the target, we will be practicing on Metasploitable 2, a purposely vulnerable test environment for pentesting and security research. Overview of SSHSSH, which stands for Secure Shell, is a network protocol that allows for encrypted communication over an insecure network. This was developed as an alternative to Telnet, which sends information in plaintext, which is clearly a problem, especially when passwords are involved....more

Internet Relay Chat, or IRC, is one of the most popular chat protocols on the internet. The technology can be connected to the Tor network to create an anonymous and secure chatroom — without the use of public IP addresses. IRC servers allow one to create and manage rooms, users, and automated functions, among other tools, to administer an instant messaging environment. IRC's roots began in 1988 when Jarkko Oikarinen decided to attempt to implement a new chat protocol for users at the University of Oulu, Finland. Since then, it's been widely adopted and used as a lightweight means of communication. The chat protocol has proven especially popular in tech communities, with channels for software user groups, support and help, and discussion areas for developers and programmers. Its user base eventually expanded to include hackers and security activists, many of whom enjoyed the protocol but found it lacked some aspects of privacy. Don't Miss: Access the Dark Web While Staying Anonymous...more

Hackers are always seeking zero-day exploits that can successfully bypass Windows 10's security features. There has been extensive research into creating undetectable malware and entire GitHub projects dedicated to automating the creation of undetectable payloads such as WinPayloads, Veil v3, and TheFatRat. With a bit of social engineering, tricking a target user into opening a malicious file can be as simple as injecting a bit of Unicode into the file name. For example, the below GIF shows a Windows executable (EXE) disguised to appear as a normal text file (TXT) — even with "Hide extensions for known file types" disabled in the File Explorer Options. Make no mistake, the file on the right is an executable and, more importantly, recognized by the Windows operating system as an executable. When the fake text file is clicked, it opens a new document using Notepad, the default text editor in Windows 10. After opening Notepad, it silently executes an embedded PowerShell payload (made...more

It's a common misconception that iPhones are impervious to cyberattacks and "more secure" than Android. And when an iPhone does get hacked, it's nearly impossible to tell that it happened. Vulnerabilities in iOS are common, and Apple tries to tackle them with each security update it releases. To get started, consider all of the CVEs disclosed in the last year. That we know of, Apple issued over 180 patches so far in 2020, and likely a lot more that weren't reported. How to Hack into an iPhone?Jailbreaks released over the last decade use an extensive range of iOS exploits. Government agencies use undisclosed exploits to compromise iPhone's every day. And exploit acquisition platforms like Zerodium offers up to $2 million for private iOS vulnerability disclosures. With that said, this article will not demonstrate a magic easy button for gaining access to anyone's iPhone. It will give readers an idea of what's possible with remote access to an iPhone and why it's dangerous to use...more

Automation has been a buzz word for quite some time now, but the principles behind it are as strong as ever. For a hacker or pentester, Bash scripting is one form of automation that cannot be ignored. Virtually any command that can be run from the terminal can be scripted — and should be, in many cases — to save valuable time and effort. And a Bash script just happens to be great for recon. Start the ScriptTo get started, create a Bash script and name it whatever you like. I'll call mine recon.sh. Using your favorite text editor, make the first line look like this: #!/bin/bashThis is called a shebang, or hashbang, and simply points to the system's interpreter for Bash. Next, we'll make sure the user supplies input to the script, and if not, prints a usage example and exits. Use a conditional if-then block: if [ -z "$1" ] then echo "Usage: ./recon.sh <IP>" exit 1 fiThe $1 is the argument we will pass to the script, and the -z option returns true if the string is...more

If you've spotted an unintended Ethernet connection and wondered what you could do with all of the information coursing through those wires, there's an easy way to hack into it and find out. Let's say there's a router that we need to know the password for, and we have physical access to an Ethernet connection where we can attach a Packet Squirrel, a pocket-sized tool to main-in-the-middle the network. If the router isn't using HTTPS, we can record all of the traffic over the Ethernet. Once somebody accesses the router, we gain access to the credentials to log in. Then we can do pretty much anything we want. RequirementsSince we're using a Packet Squirrel for this demonstration, we'll obviously need a Packet Squirrel, which was created by Hak5. You can get one from its website, Amazon, or possibly another shop online. Buy a Packet Squirrel: Hak5 Shop | AmazonIt doesn't come with a power adapter, so we'll also need a Micro-USB cable and power source. In our demonstration, we're just...more

To name just a few companies, VK, µTorrent, and ClixSense all suffered significant data breaches at some point in the past. The leaked password databases from those and other online sites can be used to understand better how human-passwords are created and increase a hacker's success when performing brute-force attacks. In other articles, we'll cover generating wordlists for use in password-cracking. But here, we'll learn how to create wordlists of statistical complexity and length based on actual passwords found in database leaks that occurred in recent years. Understanding how average, every-day people think about passwords will aid hackers during password-guessing attacks and greatly increase the statical probability of the success of the brute-force attacks. Don't Miss: The Terms & Technologies You Need to Before Hacking DatabasesDisclaimerThe leaked databases featured in this article were obtained using public and darknet resources. The databases are all at least four years...more

An attacker can create three, five, or even ten new Netcat connections to a compromised MacBook with one command. Performing complex post-exploitation attacks might otherwise be difficult from a single shell without this essential trick. Why Create Multiple Netcat Threads?With some macOS post-exploitation attacks, more than one shell may be required. Spawning additional Netcat connections from a single backdoor is possible but can be cumbersome and inconvenient. So I came up with a simple solution that relies on the current date to predict the next time and port number the backdoor will use. Don't Miss: Getting Started with Hacking macOS ComputersFive Netcat connections established at once. The GIF above demonstrates five Netcat connections being established at the same time. We can see how convenient it is to navigate multiple connections as some basic situational awareness attacks with system_profiler are performed. The following string is an example of a Bash command, used commonly...more

Secure Shell is one of the most common network protocols, typically used to manage remote machines through an encrypted connection. However, SSH is prone to password brute-forcing. Key-based authentication is much more secure, and private keys can even be encrypted for additional security. But even that isn't bulletproof since SSH private key passwords can be cracked using John the Ripper. SSH Key-Based AuthenticationThe standard way of connecting to a machine via SSH uses password-based authentication. This has the advantage of being easier to set up but suffers security-wise due to being prone to brute-forcing and password guessing. Key-based authentication, on the other hand, uses cryptography to ensure secure connections. A key pair is generated consisting of a public and private key. The private key should be kept secret and is used to connect to machines that have the matching public key. Don't Miss: Intercept & Decrypt Windows Passwords on a Local NetworkThe public key is...more

If you want to control electronic devices, such as a relay or motor, you can do so using MicroPython with an ESP8266 and web browser. Usually, you'd program an ESP8266 using Arduino, but C++, which Arduino uses, is not always the easiest programming language for beginners to learn. MicroPython is much simpler to program in. Plus, it's a great way to utilize Python code on a microcontroller, such as an ESP8266 or ESP32, to control basically any electronic component you want from your computer running Jupyter Notebook in a browser. If you're new to MicroPython, check out our previous guides on using it with a microcontroller; one covers creating rogue access points, while the other talks about programming an MCU over Wi-Fi. Don't Miss: Program an ESP8266 or ESP32 Over Wi-Fi with MicroPythonOur Example ScenarioTo help show you how MicroPython, an MCU, and Jupyter Notebook could be used together to control electronic components, we'll be using a setup that's normally very difficult to do...more

Individually addressable LEDs, also commonly called "NeoPixels" after the popular Adafruit product, are a bright and colorful way to get started with basic Python programming. With an inexpensive ESP8266 or ESP32 microcontroller, it's easy to get started programming your own holiday lighting animations on a string of NeoPixels with beginner-friendly MicroPython! NeoPixels are a great way to get started programming hardware, and if you want to get started using Python to create your own holiday light animations, you can get started using ultra-cheap components. Thanks to how easy it is to load MicroPython on an ESP8266 microcontroller, you can pick up a D1 Mini development board for less than $5 and start programming holiday animations on a strip of LEDs without needing to know much programming at all. In our example today, we'll take a strip of NeoPixels and cut a strip of ten to program in MicroPython. We'll connect it to a D1 mini development board and then use Jupyter Notebook to...more

Flight disruptions can cost billions of dollars, but most modern commercial flights rely on air traffic control systems that harbor serious vulnerabilities. The Federal Aviation Administration uses an infrastructure called NextGen, which relies on Automatic Dependent Surveillance – Broadcast, or ADS-B for short. Since the beginning of 2020, all aircraft that fly within the U.S. must be equipped with ADS-B Out. This aspect of ADS-B broadcasts an airplane's vital information, in plain text, for everyone in broadcast range to receive. Below, we'll learn more about ADS-B and how it allows anyone to track flights from airlines to Air Force One on a smartphone, as well as how hackers can hijack it. How Important Is ADS-B?Imagine you're a pilot just finishing up a long transatlantic flight. It's night, and you're relying primarily on your instruments, when out of the blue, your traffic collision avoidance system (TCAS) yells at you "Traffic one mile ahead. Descend. Descend!" After thousands...more

Network enumeration is one of the essential phases of an attack, but it can take a lot of time and effort depending on the size. We've all been spoiled by Nmap and similar tools, and while there is a learning curve involved, they are extremely useful. But there's also GoScan, a tool that builds upon Nmap, offering an automated way to enumerate networks and services quickly. GoScan vs. Other Network ScannersGoScan is an interactive network scanner written in Go that automates certain aspects of Nmap and service enumeration. It features intelligent tab auto-completion and an SQLite database on the back end to maintain connections and data, even in unstable environments. GoScan also features other external integrations, such as sqlmap, DNSenum, Hydra, Nikto, EyeWitness, and NBTScan. GoScan differs from other network scanners in that it's more of a framework, built upon other tools for abstraction and automation purposes. It primarily uses Nmap's functionality to perform port scanning and...more

A mention of the deep web can bring to mind images of drugs, hackers, and other criminal activity. Despite the presence of these elements, the Tor network is a valuable tool for preserving privacy and anonymity. And browsing the deep web and any hidden services can be as simple as downloading the Tor Browser. So what's a hidden service? It's pretty much the same thing as a website on the regular internet, only it uses Tor's technology to stay secure. In some cases, someone who creates a hidden service, also known as an onion service, can remain anonymous. Anyone can create a hidden service and make them accessible via a custom onion address, as you'll soon see. Understand How the Tor Network WorksAccessing the internet directly without a proxy, VPN, or other privacy service relays information in a relatively linear fashion. A device attached to the internet via a router follows a series of lookup requests for a specific URL or IP address and returns the content to the device which...more

Python is commonly touted as one of the best programming languages for beginners to learn, and its straightforward syntax and functionality makes that hard to argue with. But a lot of tutorials still use Python 2, which is outdated now. Python 3 introduces many new features, and it's important to be aware of them going forward, as well as the key differences between Python 3 and its predecessor. Python 2 was first released in 2000. It improved upon earlier versions of the language and introduced features common to other programming languages such as garbage collection, list comprehension, and Unicode support. Version 2.1 saw a few minor upgrades, and 2.2 was released at the tail end of 2001. Version 2.2 featured type unification, which merged types and classes into a single hierarchy, transforming Python into an object-oriented language. Versions progressed until Python 2.7, which was to be the last major release until Python 3. Python 2 was officially retired on the first day of...more

Data can be injected into images quickly without the use of metadata tools. Attackers may use this knowledge to exfiltrate sensitive information from a MacBook by sending the pictures to ordinary file-sharing websites. Continuing on the topics of DPI evasion, payload obfuscation, and utilizing popular websites to bypass firewalls, we'll be looking at an alternative way of embedding data into images. Unlike using metadata tags to store payloads inside a picture, this method involves injecting text directly into the footer of the image file. Understanding the AttackA simple Bash script was created for this article to demonstrate how an attacker can easily exfiltrate data inside images found on a target Mac computer. The script is below, and it's available on my GitHub as well. #!/bin/bash # `if` statement to detemine if the message is a 'response' one # This is the command being executed and embedded in the photo. # Single-quotes are used here to help with escaping special # characters...more

3D printers allow hackers and makers alike to create something from nothing. They're an incredible technology that lets you build protective cases and covers for gear such as a wardriving phone and Raspberry Pi-Hole. 3D printers can even help you out in a bind when something breaks, and it's impossible to get the part, since you can just print one out yourself. And with 3D printers being relatively cheap these days, there's little reason not to get one if you think you'd have many uses for it. Anyone with $200 to $300 can get started 3D printing simple or sophisticated plastic objects at home using affordable options like the Creality Ender 3. If you're new to 3D printing, we'll dive into the basics that any first-time 3D printer user will need to go through to create their first print. 3D printing isn't exactly straightforward, so you can't just put any sort of plastic in the machine and get started right away. However, it won't take long to get up to speed with the general steps....more

Determining the antivirus and firewall software installed on a Windows computer is crucial to an attacker preparing to create a targeted stager or payload. With covert deep packet inspection, that information is easily identified. This attack assumes the Wi-Fi password to the target network is already known. With the password, an attacker can observer data traversing the network and enumerate installed security software. Popular antivirus and firewall solutions become easily identifiable when benign web traffic is filtered out. We'll learn how to capture and decrypt Wi-Fi traffic without authenticating to the target router, and we'll perform packet inspection to figure out the kinds of third-party security applications installed on the operating system. Don't Miss: Intercept Windows Passwords on a Local Network Capture Wi-Fi TrafficTo get started in Kali, use the airmon-ng command to stop all of the processes running in the background that may interfere with the wireless card. ~#...more

Post-exploitation is often not quite as exciting as popping the initial shell, but it's a crucial phase for gathering data and further privilege escalation. Once a target is compromised, there's a lot of information to find and sift through. Luckily, there are tools available that can make the process easy. One such tool is Postenum. To show everything Postenum has to offer for post-exploitation, we're using Kali Linux as our local machine. As for the target, if you want to follow along and try the tool out as a white hat or penetration tester, Metasploitable 2 is a good intentionally vulnerable virtual machine to use. Initial CompromiseBefore we can use Postenum, we must first exploit the target and get a shell. We can use command injection to run operating system commands on the server and abuse its functionality to get a reverse shell. Don't Miss: Getting Started with Post-Exploitation of Windows HostsWe'll also want to upgrade our new shell to a fully interactive one. That will...more

A lot of time can be wasted performing trivial tasks over and over again, and it's especially true when it comes to hacking and penetration testing. Trying different shells to own a target, and testing out privilege escalation commands afterward, can eat up a lot of time. Fortunately, there is a tool called One-Lin3r that can quickly generate shells, privesc commands, and more. One-Lin3r is a Python tool that acts as a framework to automate the generation of one-liners commonly used in pentesting and hacking. Its usage is very similar to Metasploit, so it's natural and simple to pick up for most people. The tool contains features such as auto-complete, search suggestion, automatic copying, and smart searching, making it a breeze to find whatever you're looking for. Don't Miss: Hack UnrealIRCd Using Python Socket ProgrammingIn this tutorial, we will be using Metasploitable 2 as the target and Kali Linux as our local machine. You can use a similar setup to follow along. Once we get to...more

The only thing better than programming MicroPython is programming MicroPython over Wi-Fi. So once you set up MicroPython on a microcontroller and have it on its own power source, you won't need to use a data cable to connect to it whenever you need to interact with it, program it, upload files, or grab data. The MicroPython REPL interface is very simple, which makes it an attractive option for an ESP8266 or EP32 board, and the WebREPL interface is even more convenient. After setting everything up initially, you can connect and control the board over its Wi-Fi access point, then program or upload code from the handy web client. Previously: How to Get Started with MicroPython for MicrocontrollersWhat You'll NeedTo get started with programming MicroPython on a microcontroller over Wi-Fi, you'll need an ESP8266 or ESP32 development board with Wi-Fi, such as one of these: D1 Mini ESP8266NodeMCU ESP8266D1 Mini ESP32NodeMCU ESP32You'll also need a Micro-USB cable to connect your board to...more

The Pi-hole project is a popular DNS-level ad blocker, but it can be much more than that. Its DNS-level filtering can also be used as a firewall of sorts to prevent malicious websites from resolving, as well as to keep privacy-killing trackers such as Google Analytics from ever loading in the browser. Let's take a look at setting a Pi-hole up and customizing a blacklist to suit your needs. If you're not familiar with what DNS is, let's start there. A domain name server, or DNS, is the equivalent of the internet's address book. It's what translates between human-readable websites such as wonderhowto.com and network-navigable IP addresses such as 104.193.19.59. In typical operation, your device will issue a DNS request to its assigned router. Then the router will forward that request to an upstream DNS server, one typically provided by your internet service provider. Don't Miss: Turn a Raspberry Pi 4 into the Ultimate Mini Hacking StationThe Pi-hole works by replacing your router in...more

PirateBox is a great way to communicate with others nearby when cellular and Wi-Fi networks aren't available. With it, you can anonymously share any kind of media or document and even talk to one another by voice — without being online. However, it needs a Raspberry Pi, which is more expensive than ESP32 boards, and if you only need a text-based chat, there's a much simpler option. With a cheap ESP32 microcontroller and the ChatterBox sketch for Arduino, you can create an offline anonymous chat server for communicating with others via text. As long as they can connect to the ESP32's network and visit the server's chat page, they can leave messages for others to read, as well as see everything that's already been written in there. Something like this might be useful for a variety of situations, such as after a disaster in an area that's super remote or as a pop-up community billboard to learn about important things going on in the area. For example, during protests and demonstrations,...more

When you don't have a steady cellular signal or immediate Wi-Fi access but need to communicate with others around you, you can set up an off-the-grid voice communications network using a Raspberry Pi and an Android app. There are apps such as Bridgefy that will create a mesh network to communicate with other devices over Bluetooth. Still, when you're traveling in a convoy and want to message people in other vehicles, all the metal will make that nearly impossible. Even in situations where you're outside, but there are a lot of obstructions to block a Bluetooth signal, you're better off using something else. In cases where a hotspot router won't be powerful enough to connect everyone, a Raspberry Pi with a decent wireless network adapter can help. With that and a PirateBox server running on it, you'll be able to anonymously share images, videos, audio files, documents, voice communications, and other content, as long as everyone is connected to its Wi-Fi hotspot. Don't Miss: Do This...more

Privilege escalation is one of the essential skills a hacker can have and often separates the newbies from the pros. With a continually changing landscape and a plethora of exploits out there, it can be a problematic aspect of any attack. Luckily, some tools can help expedite the process. Linux Exploit Suggester is just one of many to help you get root. Privilege escalation is the act of gaining access to the privileges of another user on the system. It comes in two flavors: horizontal and vertical privilege escalation. Horizontal privilege escalation is when an attacker gains access to another user account, typically with the same status and permissions. It can allow them access to additional systems or data but isn't quite as serious as its vertical cousin. Vertical privilege escalation is when an attacker obtains access to an account with elevated privileges, such as that of a system administrator. Don't Miss: How to Get Root with Metasploit's Local Exploit SuggesterPrivilege...more

You may be familiar with image-based or audio-based steganography, the art of hiding messages or code inside of pictures, but that's not the only way to conceal secret communications. With zero-width characters, we can use text-based steganography to stash hidden information inside of plain text, and we can even figure out who's leaking documents online. Image- and audio-based steganography has been covered severaltimeson Null Byte, which involves changing the least significant digit of individual pixels on a photo or audio file. While plain text characters don't have a least significant digit that we can manipulate in the same fashion, we can still use Unicode to our advantage. Unicode is the standardized encoding format for text, specifically, UTF-8, that most web browsers use for text. Don't Miss: How to Hide Payloads Inside Photo MetadataBecause Unicode needs to support almost all written languages in the world, there are some counterintuitive characters such as zero-width...more

While conducting an OSINT investigation, it's important to be able to pull in information based on any clue you uncover. In particular, license plate information can turn up everywhere, from photos to live data to on your own street. You could use that data to find the VIN, see if a Tinder date has hit anyone, find out who's blocking your driveway, and so on. Skiptracer can help get the ball rolling. To get started, you'll need to have Python 2 installed and updated on your system. The developer of Skiptracer, xillwillx, is in the process of updating the tool to Python 3 since Python 2 is no longer supported, but it's not entirely done yet, so Python 2 is what we'll need for now. To see if you have Python 2 installed, use: ~$ python 2 --version Python 2.7.18Python 2.7.18 is the latest version, so you're good if that's what comes up. If you don't have it yet, install or update it using: ~$ sudo apt install python2 [sudo] password for kali: Reading package lists... Done Building...more

It's exciting to get that reverse shell or execute a payload, but sometimes these things don't work as expected when there are certain defenses in play. One way to get around that issue is by obfuscating the payload, and encoding it using different techniques will usually bring varying degrees of success. Graffiti can make that happen. Graffiti is a tool that can generate obfuscated payloads using a variety of different encoding techniques. It offers an array of one-liners and shells in languages such as Python, Perl, PHP, Batch, PowerShell, and Bash. Payloads can be encoded using base64, hex, and AES256, among others. It also features two modes of operation: command-line mode and interactive mode. Don't Miss: How to Create an Undetectable Payload for Windows 10 SystemsOther useful features of Graffiti include the ability to create your own payload files, terminal history, option to run native OS commands, and tab-completion in interactive mode. Graffiti should work out of the box on...more

Penetration-testing frameworks can be incredibly useful since they often streamline certain processes and save time by having a lot of tools available in one place. Of course, the most popular pentesting framework is undoubtedly Metasploit, but there are many others out there that cater to particular needs. For auditing web applications and servers, Tishna comes in handy. The Tishna pentesting framework is designed to automate some of the processes involved in auditing web apps and web servers. The tool is useful for administrators and IT professionals in that it can audit critical applications, like those used in banks and other enterprise environments. It's also beneficial from an attacker's point of view since it can scan and enumerate a variety of services and check for specific vulnerabilities. Don't Miss: Scan Sites for Vulnerabilities Using an Android Without RootTishna offers a self-contained framework that utilizes a variety of modules and scripts to perform its functions....more

Whether you miss the good old days of Telnet or you want to know what hacking was like when security was nothing but an afterthought, Telehack is the game for you. The text-based hacking game is a simulation of a stylized combination of ARPANET and Usenet, circa 1985 to 1990, with a full multi-user universe and player interactions, including 26,600 hosts. Before cloud computing, social media, and online shopping, there existed something called ARPANET, the precursor to the internet as we know it. When ARPANET expanded in the '80s, it became the wild west of computers. PCs were just becoming a thing and were no longer reserved for prestigious universities and national laboratories. And hacking didn't even become illegal until 1986 when the Federal Computer Fraud and Abuse Act became law. After that, pop culture made hackers out to be super intelligent savants capable of doing anything with a computer, and movies like "WarGames" exacerbated the notion. Hacking back then was far from...more

Welcome back, my apprentice hackers! As many of you know, I have been hesitant to adopt the new Kali hacking system from Offensive Security. This hesitancy has been based upon a number of bugs in the original release back in March of 2013 and my belief that BackTrack was easier for the novice to work with. In recent days, Office Security has discontinued the downloads of BackTrack (although it is still available from many torrent sites), and the release of Kali 1.0.6 in January of 2014 repaired many of the known bugs, so I am now converting to Kali! Update: How to Get Started with Kali Linux (2020 Version)The Differences Between Kali & BackTrackThose of you who are using BackTrack, don't worry, things are very similar. Some tools are in different places, but in general, Kali is very similar to BackTrack. One of the first things you may notice different about Kali is that it is built on Debian Linux instead of Ubuntu Linux. This won't create dramatic differences, but some subtle...more

For a hacker, there are a lot of advantages to creating a fake network. One advantage forces nearby devices to use their real MAC address if you happen upon a network that's stored in their preferred network list. There are a lot of tools out there for creating fake access points. Spacehuhn has designed one called the Beacon Spammer that's based in Arduino and allows you to create hundreds of artificial networks, all spammed out regularly using different MAC addresses. We can even create fake access points that have passwords, which can trick smartphones that have encrypted networks stored on the OS. In this article, we're going to create an elementary version of the Beacon Spammer in MicroPython. The advantage of doing so is that a beginner can get started with creating a fake access point with just a couple of lines of code, and it works against both encrypted and unencrypted networks stored in nearby users' phones. The big difference here is that we'll be creating real fake...more

For anyone interested in using cheap, Wi-Fi-connected microcontrollers like the ESP8266, the Arduino programming language can be a barrier to entry. Based on C++, Arduino requires knowledge of more computer science than languages like Python. Fortunately for beginners, setting up MicroPython on an ESP8266 allows anyone to write Python on affordable microcontrollers in a matter of minutes. Cheap Prices Come with a Learning CurveOne of the first languages many people learn for programming electronics is Arduino, which requires knowledge of the specific structure needed to make a sketch work. Because of the way microcontrollers run code, even a simple Arduino sketch will typically consist of two functions: setup and loop. To write a sketch that blinks an LED attached to pin D1 (also called GPIO pin 5), we can use the following sketch in Arduino to set the LED to output, turn it on for a second, and then turn it off for a second. void setup() { pinMode(D4, OUTPUT); } void loop() { ...more

Attacks against databases have become one of the most popular and lucrative activities for hackers recently. New data breaches seem to be popping up every week, but even with all of that attention, databases continue to be a prime target. All of these attacks have to start somewhere, and we'll be exploring a variety of methods to gather information on PostgreSQL databases with Metasploit. PostgreSQL is an open-source relational database management system (RDBMS) that uses the SQL language, along with many other features, to handle a wide variety of data workloads. Initially developed for Unix, PostgreSQL runs on all major operating systems and is the default database for macOS Server. Don't Miss: How to Fingerprint Databases & Perform General ReconnaissancePostgreSQL is known for its extensibility, reliability, data integrity, strong architecture, and robust feature set, including the popular PostGIS geospatial database extender. It's also ACID compliant and has a dedicated...more