Just dump it.

Hexdump or hexadecimal dumping is a way to represent a file in hexadecimal format which helps the investigators to find out some basic things about the file and its contents. This is a primitive way to find out details regarding a file, but this can be helpful if you are doing a black box investigation on a file. The major draw back about this trick is that hexadecimal format is hard to read. 

How to?
Linux:-

1. To do an hexadecimal dump on any Linux machine just open the terminal and type hexdump <filename>. This will generate a flow of hexadecimal stream which keeps on going. To get this stream in a proper representation you might have to pipe it with less or more like hexdump <filename>  | less.                                     
2. A better version of this command is hexdump -c.

Windows:-

1. There is no predefined package in windows to get the hexdump value, thus you might have to download & install the application Hxd which is a hex editor.
2. Now select open under the file menu and select your file and that's all.

Note:-

This is the most easy way to find out some basic properties of the file. But this is not effective for more descriptive analysis.

Shit I forgot my RTL-SDR !!

Till now we have seen how to use the rtl-sdr dongle but what if you can't afford one or forgot your at home. sdr.hu is great website which allows you to access open sourced sdr receivers around the world. This helps you to study software defined radio even without owning it. 

To get access to a sdr dongle which is openly hosted you can select any one of the receivers from the huge list. The receivers are voted by the users as per their performance. You might not be able to get the entire radio spectrum as the receivers vary from provider to provider. The deceives may work or not as these devices are not installed by the website or maintained by it. This might not be helpful for IOT(internet of things) testing. This can be a great starter kit as it can help a noob to learn the basics about SDR. While using it we found that some of the devices were a bit slow or it might just be my internet connection. The "how to?" is quite easy hence help your self around. It's as easy as opening a website and going around it.  

Note:-  
If you are using a proxy then you might have to stop it or use a VPN to bypass it.

Stalking advanced:Personal information gatheringher the fun way.

Disclaimer:-
This post is not based on any real life incident. The characters in this post are imaginary. Resemblance might be a coincidence. Through this post we don't intend to disrespect women or men in any way. This post is for mere entertainment and understanding of personal information gathering.  


At an airport, I saw a girl she was beautiful. I was standing behind her in the line to get the boarding cards. When she got her boarding card I was able to get a gaze on it. I saw some major details about her.
After getting my boarding card, I sat down at the lounge. I switched on my laptop. I was eager to know about her so I started searching, first I wanted to know where she was going so I searched the her fight  number on http://planefinder.net/ it was Goa

This is just a random search

then I was curious about her social life so I searched on  https://pipl.com/ for all the profiles with her name. I got her Facebook profile where I saw her about and found out her dad's name in family. So to find out how hard my ass will be kicked if I asked for her I searched her dad's name in linkedin.com this was a little horrifying. 

Then I went through her Facebook profile to find out her address. And luckily she had added a location of her house in a post which she had made public so I searched the coordinates in Google which gave me her address.

Then I opened https://emkei.cz/ to send her a fake mail but something stopped me. I found out that she was taken as I saw her boyfriend who came late and was on another flight. I switched off by laptop and when towards gate 5 to board the aircraft. Thinking that the people should have some representation that  can differentiate single and taken. 

Port Scan:The easy way

Port scanning is a technique to scan a system for open ports which can be used for exploitation. This can be considered the first step for hacking. This process can be sometime more technical but we would like you to learn the easy way to do it.

How to?

Android:-

1. In Fing, you can scan the ports just by selecting the host machine and then Service Scan.
   
2. In Landroid, you can select port scan and then entering the ip of the target and then selecting Go.
   
3. In Dsploit, you can select the host then select port scanner.
   

Kali Linux:-

1. Open the terminal then type zenmap (GUI for nmap) and hit enter.
2. Now in the target box type the target's ip and then select the scan type then hit scan.
   

Note:- If the system detects the scan or the port discovery is off then you will not get the results. 

Creating a disk image:1st step in digital forensics

A disk image is a virtual image of a storage device which functions like a actual physical drive. It is the first step in digital forensics. In other words you don't what to contaminate the evidence with your shit. This can also be used to recover a complete disk.

How to?
Windows:-

1.  Download Winimage and install it.
2. Run it with administrative privilege and now click OK.
   
3. Now click on disk and then click on "create virtual hard disk image from physical drive".
   
4. Now select your drive and click on OK and select the path of the directory in which you would like to save the disk image..
   
   
   
   

 Linux:-

1. Open a terminal and type fdisk -l and hit enter.
   
2. Now note the drive name.
3. Now type dcfldd if=drive name of=file.dd and hit enter.
   
4. Now type ls and hit enter to see if the file is created or not.  

Note:-
The file created by Winimage has .vhd extension and the file created on Kali Linux has .dd extension. Similarly if you use other programs then the extension may vary. The only thing you need to keep in mind is that you should be sure of the extensions which your forensics tool supports.

Denial of service attacks:Dos attacks

Denial of service attack(DOS) is one of the most basic attack which can be done against any network. In this attack we flood the network or web server with different legitimate looking requests an the legitimate user is unable to access the service. There are various types of denial of service attack depending on the type of request used. A distributed denial of service attack is a denial of service attack in which the web server or the network is flooded by different attackers at the same time so that the network or web server crashes(party play).

How to?
There are various ways and tools to perform a denial of service attack.

1. The most basic way to perform an denial of service attack with and windows machine is by typing in the command ping ip -t -l 19000 here -t is for delay time of the packets and -l is for the length of the packet. But this method is outdated and hence the magnitude required to crash is very high. You can consider this as the method your grandfather will use to attack the networks which are of his age and are still being used without any alterations. 
   
2. The second way to attack is by using the famous LOIC. Low Orbit Ion Cannon is an open source stress testing tool which has a GUI. It is easy to use as you only need to set the URL or ip and then hit lock on then you can change the settings as per your requirements and then just hit fire. This tool is available in both windows as well as android. According to some rumors the famous hacktivist group "Anonymous" use this tool in most of their attacks.
3. There are various tools in Kali Linux to perform such attacks but the best way is by using the command flood_router6 interface where interface can be eth0 or any other interface if your target is using an windows regular or server version lower than 8. We haven't tested this on higher versions so we don't know how it may react against this attack.
   
4. To attack a router with a SYN dos attack you can use the tool present in msfconsole. Just type use auxiliary/dos/tcp/synflood. Now type set rhost ip to set the ip of the host machine. At the end type exploit to start the exploitation.

Note:- 
These attacks can be easily detected by intrusion detection system which might block the specific port or alert the system admin.  This attack is often exaggerated by the media but is very weak against large setups. 

Recover & Retrive:Find out what your friend's secrets

Whenever we get a pendrive even if the drive is empty it still has a lot of information about what was stored on it. This can help you find out what he/she had saved on that drive or recover sensitivity information about your company which an employee had leaked. Recovery can be done for various reasons but the tricks remain the same.

What you need?
All you need is Kali Linux on Vmware.

How to? 

Level-1:- Recuva
Recuva is one of the basic file recovery software which can be used to recovery files deleted on a regular windows computer. This software is also portable, to make a portable version you only need to copy the files from the program files directory to your pendrive. It can recovery the files of a specific file format like images, videos, music, etc. It is useful to quickly recover the file which you might have accidentally deleted.
  

 We need to run a basic command which is fdisk -l which gives you the names of all devices which is used for tools to recover files of a USB stick mounted to your Linux system.

You can consider this as the first step towards file recovery in Kali Linux.






Level-2:- foremost
 foremost is a quick recovery tool available in Kali Linux. This tool can be used in audits where you need to recover the files deleted quickly. You can use various parameters according to the requirements of the audit. To find out about all the parameters you can run the command foremost -h. But if you want to recover all files and save them on a file then you can use the command foremost -t all -v -i device name -o directory.   Here -t is the parameter which decides the type of file, -i is the parameter which decides the device name or image name, -o is the parameter which decides the output directory.

Level-3:- scalpel
scalpel is like a bazooka  in the field of recovery. This is the ultimate recovery tool which can recover all the files deleted from a derive or image of that drive. To use this tool you will need to first do some changes in the .confg file which is present in etc/scalpel. You have to delete the # present in front of the file type. The best thing you can do is delete all the # persent in front of all the file formats. After this save it and then open a terminal and then type scalpel -h to find out about the different parameters you can use. To recover the files to a specific directory type the command scalpel device name or image file path -o output directory.


Note:- When you use tools like scalpel and foremost you get and audit.txt file with the actual files. This audit.txt file is consist the log of all files which were recovered by the tools. 

Another great feature of these tools is that it save all the different file extensions under different folders which is systematic and is helpful to sort the files and locate the file which is needed.

Ghost on the web: Science of private browsing

Whenever you go on the net there are various organizations that track your activity on the net which is then used for various purpose. This data is used for advertising and censorship. Some countries block certain content for its citizens. Now some of these organization also try to trace you back to your house. Now if you are trying to view the content blocked in your country and the government traces your IP then the next second you will find government at your doorstep.
 There are various methods to anonymously access the net.

Private windows:- 
Now a days all the browsers have a feature for private window(incognito in chrome) this can be consider as the first line of defense from cyber espionage but it is not that efficient as the IP remains the same. Such the methods can be easily bypassed. This kind of browsing can only protect you from the individuals who are have physical access to your computer. In other  words mom wont know about the site which you accessed.

Proxy sites:- 
A proxy site is a special site which allows you to access the content blocked. These sites act as proxy server which relay all your traffic through the server to give you access of the blocked content. The problem with these sites is that they are hell slow and the problem that your IP is always out and hence the chance of getting traced is always there. In other words you can see YouTube videos on your college network. There are millions of such sites like Kproxy, boomproxy, etc.

 

 VPN:-

VPN is the acronym of virtual private network. A virtual private network is a virtual network in which a computer is connected like a regular network and in this process the public IP of the computer changes. To understand this we tried various android apps like psiphon, tunnelbear, etc. To check the public IP we used Landroid. The difference observed was that the public IP and IPS of my phone change. In other words you can teleport to any country.

 
This is understood that I didn't travel to Russia to connect to their network and take this screenshot. For security purpose I had to hide my IP.
This IP did change to US, Italian and many other countries IPs'.


We tried 2 services which was available for both windows as well as android which were psiphon and tunnelbear. Tunnelbear was a free to try VPN and psiphon was a completely free VPN. The main advantage of tunnelbear was that we could select the sever manually thus which offered you a little control. But psiphpn was more practical as per far as use was concerned. There are hundreds of other VPNs which are available on the net. 

The main drawbacks are that if the government wants to trace you it is easy as these servers have your IP. But all the VPNs require a stable internet connection if the connection keeps on dropping then these software can slow down the device and sometimes drain your battery.

TOR:-
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. It relays the traffic across various nodes. This channel is only open for 10 minutes and then it changes the nodes. This software was initially developed for the US armed forces so that they can connect to their home bases without any leaks, thus it is simple to install and use. Tor is available for android, windows, Linux and various other operating systems. 

You can host sites(onion sites) and access site of the dark web(hidden web) through this.This software does take a little more time for connecting but is highly secured. But it has a drawback that the initial and final connection isn't encrypted and it requires a special browser to work which is mostly a modified Firefox. There are ways to crack this as well but the skill set required is high enough. In other words you can be a ghost on the web.  

 













Conclusion:- 
Thus by using various techniques depending on the level of security you need on the web you can be a ghost on the web and browse the net privately.

OS fingerprinting

What is OS fingerprinting?

OS fingerprinting can be defined as the process of pinging a device and detecting which OS it is running. This can be don't using various tools on various operating system.

Why you need to do this?

 By detecting the OS running on a system you can filter and use the exploits which have the higher probability to give you access of the system and maintain it with ease. It also helps you save time as you need to try the vulnerabilities which the system is patched.

How to?

•  For android:- The best tool which you can use for OS fingerprinting on an android device is Dsploit. The time required for OS detection is mostly dependent on device's RAM. To detect the OS first you need to select the device o which you what to do the OS detection. After that you need to select the inspector and then hit start. After a few minutes you will see the results.
  
• For Kali liunx:- Kali Linux has 2 tools to do this task:- 

Nmap is a port scanning tool which can be used for OS fingerprinting. There are various parameters which can be used to detect different details about the system. The one which we used was "nmap -sV -n -T4 -O -F --version-light 192.168.1.* "(without quotes). The * helps you to detect all the devices and  their OS on the network. You can experiment with different parameters for help you can type "nmap -h" (without quotes) for help or you can refer the official site. 

Armitage is an GUI tool which is mostly used for network exploitation. This tool comes with an host scan option which can help you to scan an detect the OS. There is an quick scan(OS detection) option under host scan which can be used for OS fingerprinting. And after the scan ends the result is displayed in and graphical format which can be changed as per your wish. You can observe that it runs the nmap command in the command line. The main advantage is that you need not to type the command and the graphical format is easy to understand.










Note:-
In our tests we found that this methods were unable to detect the phone's operating systems like android, Blackberry OS,etc.
If you are unable to detect the exact system then you can use the guess command in nmap to find out the probabilities of the system running different operating systems.   

Overclocking systems

What is Overclocking system?
Overclocking is increasing the frequency at which a system works which makes the system work faster. For example you are making a 2.5Ghz processor to run at 3.2Ghz.

Which processors can be overclocked?
 Most of the older processors can be easily overclocked as they were not locked. But now a days we can only overclock the processors which are not locked. All the ARM processors used in android smartphones can be overclocked. In some smartphones we need to put a custom kernel to allow this. Most of the Intel k series processor are unlocked so we can only overclock the k series processors if the motherboard is compatible.

Some points to remember:-

1. Make sure that you don't overclock it too much.
2. Try to use a suitable voltage so that you don't end up frying the chip.
3. Make sure that your cooling system works fine. If you are planning to overclock it too much then install a liquid cooling system in your CPU.  

I would rather advice you not to overclock it unless you are working with software which needs a lot of processing power as it is a bit of a headache to implement.

Software which you may need:-

Android

Windows