Making a simple webcrawler

As it is said a hacker without the ability of writing their own codes is always treated as n00bs. Now the next question lies which program one should learn for being a successful penetration tester. As being a penetration tester one need to automate their daily job of identifying vulnerability and then searching for the best exploit. No matter which programming language you learn or work with, you should have the ability to go deeper with the language and interact to the web with that.

As per my personal experience, I usually recommend Python. It has almost all the available modules which penetration tester will need in order to automate their task.

Today I will be posting a video on how to make a simple web crawler. One can download the source code from my Github page. Click here to see the code. Further more, I am sorry if you face any difficulty with the ascent.

Don't forget to subscribe my Youtube channel, My Facebook page. 

For more information feel free to write me at prashantsavior@gmail.com

Hacking Whatsapp Account

It has been long since I wrote something over here. Today I am going to cover up some of the hot topic of hacking which every individual wants to know.

Disclaimer: This is for educational purpose. Author doesn't hold responsible if it was used for un-ethnic purpose.

Technique 1: MAC Spoofing 

Initially, you must uninstall your Whatsapp account from your device. 

Don’t worry! Your account can be reinstalled and configured at the end of your Hacking process. Be Careful! Make sure that your Whatsapp account on your mobile device is completely uninstalled successfully. Get the mobile phone of the victim that you desire to access. Though it is little bit rugged, try to acquire the mobile phone of the victim. The victim’s mobile phone will be essential at two variant steps throughout the hacking process. 

Be cautious while using the victim’s phone. Don’t take much time and try to place it back before the victim starts to locate the device. 

A MAC address is a 12-character unique identifier assigned to the mobile device which can be served as its online identity. 

A MAC address varies from one device to other. So, find the platform of the smart phone that is used by the victim. 

A MAC address consists of six pairs of digits that are separated by colons. For Example, it looks like (01:53:35:47:78: cb). 

Smartphone Platform: How to find MAC Address? 

Android : Settings >> About Phone >> Status >> Wi- Fi MAC address 

iPhone : Settings >> General >> About >> Wi-Fi Address. 

Windows Phone : Settings >> About >> More info >> MAC Address. 

BlackBerry : Options >> Device >> Device and Status Info >> WLAN MAC 

Get the MAC address of your Mobile device and save and ensure that you store it in a secure manner. 

Again, you’ll require your MAC address to use your mobile device after completion of your hacking process. 

Spoofing the MAC address allows your mobile device look similar as victim’s device. 

By spoofing there is an advantage of letting you to persuade Whatsapp that you are logging into your own account. 

But, truly you are trying to log in into the victim’s Whatsapp account. 

A Media Access Control address (MAC address) is a 12-character unique identifier assigned to the network adapter of your WiFi device. A MAC address can be used to uniquely identify the smart phone of your friend whom you want to hack the Whatsapp account on the Internet or the local network.

If you want to access the whatsapp account of your friend, you need to find the MAC address of their account. Follow the below steps in order to hack your friend’s account.

Step 1: Uninstall Whatsapp Account from your device

Step 2: Acquire the smart phone of the target (victim) that you wish to Hack

Step 3: Locate the MAC (Media Access Control) Address from the Target’s Phone

Step 4: Find the MAC address of your own Mobile Phone

Step 5: Alter [Spoof] your MAC address similar to the victim’s MAC address

Step 6: Install variant spoofing apps depending on the victim’s mobile device.

MAC Spoofing App for various device are given below:

iPhone (or) other device : MacDaddy X or WifiSpoof.

–>Use this app to change your MAC address. 

Android : BusyBox, Terminal Emulator 

–>Both these apps are available for free on Google Play. 

In the terminal, type “ip link show” and you can view a list of interfaces. 

Identify the one that has your MAC address. 

Example:

Assume we’ll use the eth0 interface. In the terminal emulator, enter “ip link set eth0 address XX:XX:XX:XX:XX:XX” and “ip link set eth0 broadcast XX:XX:XX:XX:XX:XX”, where eth0 is the interface you identified and XX:XX:XX:XX:XX:XX is your target’s MAC address. In order to verify that you’ve changed your MAC address successfully, enter “ip link show eth0.”

Step 7: Re-Install and configure whatsapp account on your Device. After installing and configuring Whatsapp account on your device, you access the victim’s whatsapp account. 

Enter the victim’s phone number so as to set up WhatsApp rather than your own. 

This allows you to receive and send messages from the victim’s account. 

Step 8: Attain Confirmation Code from the victim’s mobile phone. During the WhatsApp configuration process, confirmation code will be sent to the victim’s phone number. 

Access the victim’s phone for the last time to acquire that verification code. 

Enter it into WhatsApp that is on your phone. 

Finally, you have successfully hacked the Whatsapp account of your target. 

If you don’t wish the victim to detect about your spoofing, make sure to delete the confirmation code from their device. 

Step 9: Change your MAC address as earlier after successfully accessing the victim’s mobile. Similarly, repeat the instructions to change the MAC address, but you need to change it to your original address rather than the victim’s MAC address. 

Now, your mobile will be restored to its original position and ensures that there are no future problems with Internet usage or connectivity issues. 

Technique 2: Spy Software : Nothing is free until you make it

The easiest way of spying WhatsApp messages is to use a spy software program. In the current marketing trend, there are bounteous companies that are promoting WhatsApp spy programs. In spite of many companies, we must choose genuine spy apps that are trustworthy. One of the best software to spy on WhatsApp is mySpy which is well-known for its quality and it is one of the top-notch features. You will have to download and install the mySpy app onto the victim’s phone on which you want to access and monitor the WhatsApp messages. Make sure that you can keep the victim’s phone with you for few minutes.

1. Get permission to monitor victim’s phone

The spy apps that you use are very much essential and intended for the employees, parents, government officials in order to access or monitor the activities of subordinates, children and other . Before proceeding, make sure that the victim gives permission to access and monitor their mobile.

2. Select apt SPY program or app

Various spy apps or programs are offered by various app providers. Study and analyse in order to find a best spy program that best suits your mobile device. You need to consider the following factors to select a genuine app. These points should be kept in mind before purchasing the app.

Purpose of the app 

Efficiency of the app 

Whether it hides spy activity undetected from the victim 

mySpy and Spymaster Pro are very good apps or programs that can be used to access other’s whatsapp account.

Step 3: Purchase and install best spy program

Buy a genuine app and install the app by following the on-screen instructions. 

This app must be installed on your phone as well as the victim’s phone. 

Step 4: Configure the app and initiate tracking

Follow the instructions so as to install the app and make sure that you complete all the settings properly so as to start the hacking process. 

Now, you can receive all the conversation on the victim’s account. Successfully, you’ve accessed the whatsapp account of your friend or beloved ones. 

How to Protect from getting Hacked? 

Make sure that your software is up to date. 

Use some good antivirus which helps you from spyware. A good antivirus doesn’t allow others to install spyware on your phone. 

Protect your phone with some lock screen, so that others cannot access your mobile phone without your permission. 

For more information like my page on facabook or write to me @ prashantsavior@gmail.com

How To Find Android Phone if it is Lost or stolen

Hey folks! It has been long since my last post. So here is what I have for you.

You all will agree that it becomes very difficult to find your phone when you have lost your phone somewhere around. Most of us start making calls although it does not make any sense if vibration mode too is off. Here I am going to tell you a better way to find your android device if it is lost somewhere around.
You can use Google’s official Android Device Manager to locate your phone, here are the simple steps:

1. Go to Android Device Manager by Google in your desktop browser, follow the link HERE.
2. Login with the same Gmail account you used to activate your Android Device before and registered in Google Play.
3. Now you will see your device name and last login date. Also, you will be seeing three options i.e. Ring, Lock and Erase.
4. By clicking on Ring, your device starts ringing at high volume which help you find your phone in seconds. This function works even when your phone is in silent mode.
5. You can also Lock your device with a password in case device is lost. You have to input a message and a number to make sure whoever finds your phone, can call you back at that number.
6. If the Location services of the device are turned on, you can find the exact location of the device by clicking on locate service which is at the right side of the device name.

You can also wipe off the data by clicking on Erase. It’ll perform a factory reset on your device. Your apps, photos, music and settings will be deleted. After you erase the device, Android Device Manager will no longer work. Factory reset setting will start working automatically when your device is online.

Author: Unpredictable
Feel free to write us @ prashantsavior@gmail.com

Harvesting Email Address (Part-1)

Today we will learn about harvesting email address from any domain. For this you need Kali Linux or Backtrack, if you don't have any of this then first install them on your virtual machine (recommended). Refer to my earlier post on how to install Kali Linux or Backtrack.

Step 1: Start your Kali Linux machine.

Step 2: Open terminal.

Step 3: Type:   theharvester

            Here you will come to see many options on using this.

Step 4: To harvest email address from a site: victimsite.com... 

            Type: theharvester -d victimsite.com -b google

            Here we have chosen Google to harvest site. You can choose any other option like Linkedin, Bing, pgp or even all by just typing all.

Step 5: If you want more of the result you can use -l option. It restricts on how many result you want to see. By default its 100 for Google and 50 for Bing. 

            Type: theharvester -d victimsite.com -l 500 -b google

If you are facing any problem then view this video tutorial for complete reference.

Don't forget to subscribe my Youtube channel and Like us on Facebook.

Author: Unpredictable

Feel free to send us your query @ prashantsavior@gmail.com

Install Backtrack 5 in VMware

Hello friends, I hope you all must have enjoyed your holiday. So, lets get back on track and start the show once again. 

When we search for hacking related tutorials in Google, we come across many tutorials which require Backtrack or Kali Linux. But it is not possible for everyone to install Backtrack into their computer. So in that scenario we can install our penetration testing OS onto a Virtual machine. Before we go to the tutorial part lets have a basic idea on Backtrack and Virtual machine.

Q. What is Backtrack?

--> Backtrack is an OS which has all the pre-installed script and repositories required for performing a penetration testing (in layman language required for hacking). It is the Linux based OS. The present stable version of Backtrack is Backtrack 5. There are few other penetration testing OS like Kali Linux, Black Box, etc.

I would recommend you to use Kali Linux, because the online support for Kali Linux is available and is easy to get. Steps of using are some what same. However, here I will be using Backtrack 5, which is very famous in the field.

Q. What is Virtual Machine?

--> A virtual machine (VM) is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both. Some of the Virtual machines are VMware, Virtual Box, etc. Here we will be using VMware.

Lets start with the tutorial --------->

Requirement:

Before we start with our tutorial, download these things:

1. VMware

2. Kali Linux or Backtrack 5

Follow these simple steps to Install:

Step 1: Install VMware.

Step 2: Open Vmware 

Step 3: Click on Create a new virtual machine

Step 4: Click on next and select the iso file from your hardisk.

Step 5: Select Linux and select your version (I have 32 bit iso file so I selected just Ubuntu, if you have got 64 bit then go for 64 bit Ubuntu)

Step 6: Write the name of your machine and click on Next (make sure you have around 12 GB of space in your C drive else choose the path somewhere else where you have got ample of space)

Step 7: Finally click on Finish

Step 8: Press enter and the booting will start then select the first option and press enter

Step 9: To go into the GUI view type startx and press enter

Step 10: Click on install Backtrack and follow the further simple steps to install

Note:

Default username and password are:

username: root

password: toor

For more information feel free to write us @ prashantsavior@gmail.com and don't forget to like us in Facebook.

How To Change Mac Address

Note: This information is solely for the educational purpose. Author can't be blamed for the misuse of this information.

Everyone at some point of time wants to remain anonymous in the internet. Some thinks that just by changing the IP address we can remain anonymous. But its not obvious in all the cases. If you are working on the public wifi then anyone can track you down with your mac-id. Now talking about the MAC address (media access control address) is a unique identifier assigned to network interfaces for communications in the physical network segment. They are used as network address in most IEEE 802 network technologies, including ethernet.

A note to KIITians and to other college students: While using the college internet we are being restricted not to visit certain sites, torrent download, using Bluestack and even the proxy server are ban. And if someone tries to bypasses it they are being blocked by the college network. Then you need to contact the college authority to unblock your net connection. Now, what they actually do is that they keep a track on your MAC address and they block your MAC address and so you are not able to use the net. The best solution is that you change your MAC address whenever they block your net and you can access your net again.

Follow these simple steps to change the MAC address:

Step 1: First Download this software which is properly known as Technetium Mac-Changer Click Here to Download

Step 2: Extract it and install it on your computer. (hopefully you won't face problem in installing)

Step 3: Open it and then check in the "Link status" which are "up, operational".

Step 4: Click on Random MAC address and then finally click on change now. (Don't forget to check all the options especially "Use '02' as the first octet of MAC address".

Step 5: You can also change the name of the address from drop down menu.


If you face any further problem then don't hesitate to ping me up. You can comment below, or send me email at @ prashantsavior@gmail.com or even you can inbox me in Facebook. Don't forget to like our Facebook Page and stay updated.

Author: Unpredictable

Google Dork - A curse or A Blessing

It is said that everything you searches in google results in some answers. But do you know that the Google is so powerful that it can even reflect your private information. 
These private information are accessed by many hackers in order to exploit you. Some of them are even very helpful to make our search results more accurate and easy.

"Those who live the internet for them its a blessing and those who knows the internet for them its a curse. It depends upon you how you make it for you."Now we have done enough of talking lets get right into it.

I use google.com as my primary search engine because it presently tops the charts as far as
the sites that it indexes which means more pertinent info per search.

1. Page translation.
Just because someone speaks another language doesn't mean they dont have anything useful to say. I use translation tools like the ones found at

http://babelfish.altavista.com
and

http://world.altavista.com
to translate a few key words I am searching for. Be specific and creative because these tools arent the most accurate things on the planet.

2. Directories.
These days everything is about $$$. We have to deal/w SEO (search engine optimization) which seems like a good idea on paper until you do a search for toys and get 5 pornsites in the first 10 results. Using a sites directory will eliminate that. You can narrow your search down easily by looking for the info in specific catagories. (PS google DOES have directories, they're at: directory.google.com)

3. Here are some tips that google refers to as "advanced"

A. "xxxx" / will look for the exact phrase. (google isnt case sensitive)
B. -x / will search for something excluding a certain term
C. filetype:xxx / searches for a particular file extention (exe, mp3, etc)
D. -filetype:xxx / excludes a particular file extention
E. allinurl:x / term in the url
F. allintext:x / terms in the text of the page
G. allintitle:x / terms in the html title of that page
H. allinanchor:x / terms in the links

4. OR
Self explanatory, one or the other... (ie: binder OR joiner)

5. ~X
Synonyms/similar terms (in case you can't think of any yourself)

6. Numbers in a range.
Lets say you're looking for an mp3 player but only want to spend up to $90. Why swim through all the others? MP3 player $0..$90 The 2 periods will set a numeric range to search between. This also works with dates, weights, etc

7. +
Ever type in a search and see something like this:
"The following words are very common and were not included in your search:"
Well, what if those common words are important in your search? You can force google to search through even the common terms by putting a + in front of the denied word.

8. Preferences
It amazes me when I use other peoples PCs that they dont have their google search preferences saved. When you use google as much as I do, who can afford to not have preferences? They're located on the right of the search box, and have several options, though I only find 2 applicable for myself...
A. Open results in new browser
B. Display 10-100 results per page. (I currently use 50 per page, but thats a resolution preference, and 5X's the default)

9. *
Wildcard searches. Great when applied to a previously mentioned method. If you only know the name of a prog, or are looking for ALL of a particular file (ie. you're DLing tunes) something like *.mp3 would list every mp3.

10. Ever see this?
"In order to show you the most relevant results, we have omitted some entries very similar to the X already displayed. If you like, you can repeat the search with the omitted results included." The answer is YES. yes yes yes. Did I mention yes? I meant to.

11. Search EVERYWHERE
Use the engine to its fullest. If you dont find your answer in the web section, try the group section. Hell, try a whole different search engine. Dont limit yourself, because sometimes engines seem to intentionally leave results out.
ex. use google, yahoo, and altavista. search the same terms... pretty close, right? Now search for disney death. Funny, altavista has plenty of disney, but no death...hmmm.

12. Search for specific file type
Use the engine to search for the specific file type like 3gp, mp4, pdf, xls, doc, etc...
ex. if you want to search for a pdf on hacking just visit google.com and in search type:- hacking filetype:pdf

If you've read this far into this tutorial without saying, "Great, a guy that copied a few google help pages and thinks its useful info" then I will show you WHY (besides accuracy, speed, and consistancy finding info on ANYTHING) its nice to know how a search engine works. You combine it with your knowledge of other protocol.

Example:
Want free music? Free games? Free software? Free movies? God bless FTP! Try this search:
intitle:"Index of music" "rolling stones" mp3
Substitute rolling stones/w your favorite band. No? Try the song name, or another file format. Play with it. Assuming SOMEONE made an FTP and uploaded it, you'll find it.

For example....I wanted to find some Sepultura. If you don't know about this Brazillian band then google them out.
intitle:"Index of music" "Sepultura" mp3 <-- nothing
intitle:"Index of música" "Sepultura" mp3 <-- nothing
intitle:"Index of musica" "Sepultura" mp3 <-- not good enough
intitle:"Index of music" "Sepultura" * <-- found great stuff, but not enough Sepultura

At this point it occurs to me that I may be missing something, so I try:
intitle:"index of *" "sepultura" mp3 <-- BANG!
(and thats without searching for spelling errors)
Also try inurl:ftp

I find that * works better for me than trying to guess other peoples mis-spellings.

The same method applies for ebooks, games, movies, SW, anything that may be on an FTP site.

intitle:"index of" "google hacks" ebook

***Now sometimes there are certain searches which are blocked by college and still we want to open those sites and download their content. If you want such tricks to open them without using proxy then contact me @ prashantsavior@gmail.com or comment below.

Article by: Unpredictable

Distributed Denial of Service Attack - DDoS attack (Part-1)

Hey guys! Sorry for being away for quite long. Today I am going to post on a very easy but harmful hack.
We can easily take down many sites from this although it is for small period but yet it can suffer a huge loss.
I hope many of you have guessed my topic of today's discussion. Yes its Distributed Denial of Service (DDoS) attack.
We can perform this attack in many ways but today I am posting the tutorial on slowloris but before we start lets see what is DDoS attack.

About: DDoS, fairly called as Denial of Service attack is one of the most powerful attack which is very tough to stop by any of the server although it takes time to perform.
In this we send a huge amount of packets to the port of the site which is open usually it is port 80 or attacks on those port which are open and ready to accept the packets.
These huge amount of packets creates a great traffic in the site and ultimately take it down till the attack is being performed or the server blocks the ip which is sending the packets.

Many of you must be thinking that what will happen if the site goes down for few hours???
Think about the big shopping sites like flipkart, ebay, amazon, etc., if they get down for few hours how much they will suffer a loss. Similarly, if someone attacks on stock exchange then just think how much unthinkable loss can happen in hours.

***Performing DDoS attack is under cyber crime. So think before you act.
Words for white hat hackers: Report the admin of the web page if you find any unimportant open port which is accepting the packets.
Words for programmers: Please check your codes and make sure most of the ports are closed and the codes are properly written and has no open segments.
Words for black hat hackers: Follow the tutorial to take down the site and don't forget to use proxy.

DDoSing via Slowloris:
Step 1: Download and install "active perl" from the link Click here to download Active Perl
Step 2: Download this slowloris script by clicking here Click here to download slowloris and save in any of your desired location and file extension as .pl (this is extension for perl script files). Like I have saved it in C:\downloads\DDOS\slowloris
Step 3: Open cmd by pressing windows+r (run dialog box appears) and then type cmd and hit enter.
Step 4: Go to the location by typing its address.
C:\downloads\DDOS
and press enter
Step 5: Run the slowloris script on the site. Here my target site is www.target-site.com
C:\downloads\DDOS> slowloris.pl -dns www.target-site.com -port 80 -timeout 1 -num 1000 -cache

Here you can change the port number to any other port which is open.

Check the site after few hours. Boom... You have taken it down.
For any query please comment below or write to us @ prashantsavior@gmail.com and don't forget to like our Facebook Page

Author: Unpredictable

Website Scanning Through Nikito (in Backtrack 5)

Website Scanning Tutorial Through Nikto

When we talk about scanning website to find the vulnerability, we have many tools in Backtrack 5/ Kali Linux which serves the best and "Nikto" is one of them. These tools are efficiently used to measure the security level of the web applications.

About Nikto:

• Nikto is an open source.

• It can check a web server for over 6400 potentially dangerous files/CGIs.

• It checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.

• It checks the plug in and un-configured files.

• Fast & Effective.

• It finds out the default files and programs.

• It finds out the insecure files and programs.

Features:

• Full HTTP proxy support.

• Apache user name enumeration.

• Logging to Metasploit.

• Secure Socket Layer support (SSL).

• Sub-domain brute forcing (guessing).

• Easy to update.

• Save report on multiple format.

Requirements:

• Backtrack 5 / Kali Linux with Perl installed in it.

• OpenSSL

• Active State Perl

Tutorial:

The basic scan requires a host to scan, that means you need a website to scan. You can use a IP of the website or just its website name. Here I have taken the website as http://www.mytargetsite.com/ . You can take the website which you want to scan.

Open Nikto by following this:

1. To scan a website for the vulnerability we type:

$ perl nikito.pl -host http://www.mytargetsite.com/

or

$ perl nikito.pl -h http://www.mytargetsite.com/

2. For help:

$ perl nikto.pl -H http://www.mytargetsite.com/

3. If you want to check different port than use:

$ perl nikto.pl -h http://www.mytargetsite.com/ -p [port number]

4. If you want this test via proxy than you can use by this command:

$ perl nikto.pl -h http://www.mytargetsite.com/ -useproxy http://localhost:8080/

5. Now for updating nikto use:

$ perl nikto.pl -update 

6. To search vulnerability in multiple port within a range (e.g., we are searching port no. 80 to 100):

$ perl nikto.pl -h http://www.mytargetsite.com/ -port 80-100

7. To save the scan result in a text file for later use:

$ perl nikto.pl -h http://www.mytargetsite.com/ -output ./filename.txt

Note: Nikto scans port no. 80 by default. If you want to scan different port then choose another port (step 3).

For any query comment below or write us @ prashantsavior@gmail.com

Article by: Unpredictable