๐ฐ John The Ripper ๐ฐ
โ๏ธ John the Ripper is often used in the enterprise to detect weak passwords that could put network security at risk, as well as other administrative purposes. The software can run a wide variety of password-cracking techniques against the various user accounts on each operating system and can be scripted to run locally or remotely. โ๏ธ
โ๏ธ Originally developed for Unix-derived systems, John the Ripper is available for most common platforms. The free and open source (FOSS) version is generally distributed as source code. A commercial version, John the Ripper Pro, is a more user-friendly version distributed as native code for a given system. โ๏ธ
โ @HackWormAdmin โ
โ๏ธ John the Ripper is often used in the enterprise to detect weak passwords that could put network security at risk, as well as other administrative purposes. The software can run a wide variety of password-cracking techniques against the various user accounts on each operating system and can be scripted to run locally or remotely. โ๏ธ
โ๏ธ Originally developed for Unix-derived systems, John the Ripper is available for most common platforms. The free and open source (FOSS) version is generally distributed as source code. A commercial version, John the Ripper Pro, is a more user-friendly version distributed as native code for a given system. โ๏ธ
โ @HackWormAdmin โ
๐ฐ Steps To Perform SQL Injection Using Havij Pro SQL Injection Software ๐ฐ
1โฃStep 1 โ Run Havij.exe The software will open a window for you. At โTargetโ field enter your SQL vulnerable URL โ http://www.radiomiriam.com.br/noticia.php?id=5084
2โฃStep 2 โ Hit โAnalyzeโ button here.
Havij will start SQL injection to the target URL you have provided.
Havij analyzing Target Site
It perform queries to analyze IP, web server, PHP version, Database MySQL version. Then, using Insertion type (โ) string, it proceeds to find column count, column string, finally Database name. ( Check LOG window)
After it finds out Database name, Status becomes Idle saying โIโm IDLEโ.
3โฃStep 3 โ Now, from above, go to Tables >> Get Tables. Make sure, the database is selected in the respective screen.
Havij Pro will fetch all the tables for the selected Database.
4โฃStep 4 โ Tick the table which you finds important regarding your aim and click Get Columns button. For example, here, I want to know username, password and email ID of this site. So, I have to tick โadminโ and โemailsโ table and then click โGet Columnโ button.
This step reveals all the columns in selected table.
5โฃStep 5 โ Finally, select important columns of a table (for ex., admin) and click โGet Dataโ button.
In my case, admin table has columns โ id, nome (name), email, senha (password), and nivel (level). (Website is Spanish) As all these columnsโ details are important to me so, I selected them all and clicked โGet Dataโ button.
Username Password Hacked Using Havij Pro
Hence, you can see the result that name, email, password, user ID everything is revealed. Havij Pro have SQL Injected the website and if a hacker want, he can just go ahead using these important confidential information to hack a website.
โ @HackWormAdmin โ
1โฃStep 1 โ Run Havij.exe The software will open a window for you. At โTargetโ field enter your SQL vulnerable URL โ http://www.radiomiriam.com.br/noticia.php?id=5084
2โฃStep 2 โ Hit โAnalyzeโ button here.
Havij will start SQL injection to the target URL you have provided.
Havij analyzing Target Site
It perform queries to analyze IP, web server, PHP version, Database MySQL version. Then, using Insertion type (โ) string, it proceeds to find column count, column string, finally Database name. ( Check LOG window)
After it finds out Database name, Status becomes Idle saying โIโm IDLEโ.
3โฃStep 3 โ Now, from above, go to Tables >> Get Tables. Make sure, the database is selected in the respective screen.
Havij Pro will fetch all the tables for the selected Database.
4โฃStep 4 โ Tick the table which you finds important regarding your aim and click Get Columns button. For example, here, I want to know username, password and email ID of this site. So, I have to tick โadminโ and โemailsโ table and then click โGet Columnโ button.
This step reveals all the columns in selected table.
5โฃStep 5 โ Finally, select important columns of a table (for ex., admin) and click โGet Dataโ button.
In my case, admin table has columns โ id, nome (name), email, senha (password), and nivel (level). (Website is Spanish) As all these columnsโ details are important to me so, I selected them all and clicked โGet Dataโ button.
Username Password Hacked Using Havij Pro
Hence, you can see the result that name, email, password, user ID everything is revealed. Havij Pro have SQL Injected the website and if a hacker want, he can just go ahead using these important confidential information to hack a website.
โ @HackWormAdmin โ
๐ข FlexiSPY ๐ข
FlexiSPY is one of the most advanced iPhone hacking tools in the market. It has some of the most advanced features amongst all other apps. It has the ability to let you listen to live phone calls or record them in secret. You can also activate the microphone so you can listen to whatโs happening in the surrounding, or take secret pictures with the camera. However, the reason FlexiSPY is so low in this list because jailbreaking the iPhone is necessary. Furthermore, even the basic package of FlexiSPY is a lot more expensive than the top-end packages of other apps.
โ@HackWormAdminโ
FlexiSPY is one of the most advanced iPhone hacking tools in the market. It has some of the most advanced features amongst all other apps. It has the ability to let you listen to live phone calls or record them in secret. You can also activate the microphone so you can listen to whatโs happening in the surrounding, or take secret pictures with the camera. However, the reason FlexiSPY is so low in this list because jailbreaking the iPhone is necessary. Furthermore, even the basic package of FlexiSPY is a lot more expensive than the top-end packages of other apps.
โ@HackWormAdminโ
Script for penetration testing
----> Websites
----> Exploit Scanner
----> vulnerable
----> Find Admin pages
Git: github.com/AlisamTechnology/ATSCAN
โ@HackWormAdminโ
----> Websites
----> Exploit Scanner
----> vulnerable
----> Find Admin pages
Git: github.com/AlisamTechnology/ATSCAN
โ@HackWormAdminโ
Learning Shell Scripting: How to Automate Your Tasks
Learn how to Automate Your Tasks using shell programming and solve real-world problems using Bash Scripting
Wirte your first Shell Script
Use Shell Script to Automate Tasks. Such as Collect thousands of Developer Emails from Github
Solving real-world problems with shell scripts,
Deep knowledge of linux command
http://bit.ly/2DoSSb1
Enroll as soon as possible
Learn how to Automate Your Tasks using shell programming and solve real-world problems using Bash Scripting
Wirte your first Shell Script
Use Shell Script to Automate Tasks. Such as Collect thousands of Developer Emails from Github
Solving real-world problems with shell scripts,
Deep knowledge of linux command
http://bit.ly/2DoSSb1
Enroll as soon as possible
Udemy
Online Courses - Anytime, Anywhere | Udemy
Udemy is the world's largest destination for online courses. Discover an online course on Udemy.com and start learning a new skill today.
Media is too big
VIEW IN TELEGRAM
๐ฐ How criminals can clone your cards ๐ฐ
Be aware of this โผ๏ธ
Stay safeโผ๏ธ
โ @HackWormAdminโ
Be aware of this โผ๏ธ
Stay safeโผ๏ธ
โ @HackWormAdminโ
Group Rules โ๏ธ
No Spamming ๐ซ
Only Discussions and No Arguments ๐ค
No Foul Words and No Abusing Any Individual/Group/Organisation/Institution/Ethnicity or Nationality ๐ท
Feel free to ask doubts about Hacking here ๐
No External Link/URL
No Self Promotion
No Warning Direct Ban
Keep the Group Clean ๐
https://t.me/joinchat/GOkdVVS7nueAfF3uMFghBg
No Spamming ๐ซ
Only Discussions and No Arguments ๐ค
No Foul Words and No Abusing Any Individual/Group/Organisation/Institution/Ethnicity or Nationality ๐ท
Feel free to ask doubts about Hacking here ๐
No External Link/URL
No Self Promotion
No Warning Direct Ban
Keep the Group Clean ๐
https://t.me/joinchat/GOkdVVS7nueAfF3uMFghBg
Hack Worm pinned ยซGroup Rules โ๏ธ No Spamming ๐ซ Only Discussions and No Arguments ๐ค No Foul Words and No Abusing Any Individual/Group/Organisation/Institution/Ethnicity or Nationality ๐ท Feel free to ask doubts about Hacking here ๐ No External Link/URL No Self Promotionโฆยป
COMMAND INJECTION PRIMER
Command injection is a type of attack in which arbitrary operating system commands are executed on the host via a vulnerable web application. Usually, this occurs when an application passes unsafe user input from a form to the server, but this can also happen with cookies, HTTP headers, and other sources of data.
This type of vulnerability is especially dangerous because of the intrinsic power of system commands. Depending on the level of privilege an application is running with, command injection can lead to an attacker owning an entire system.
Command injection is a type of attack in which arbitrary operating system commands are executed on the host via a vulnerable web application. Usually, this occurs when an application passes unsafe user input from a form to the server, but this can also happen with cookies, HTTP headers, and other sources of data.
This type of vulnerability is especially dangerous because of the intrinsic power of system commands. Depending on the level of privilege an application is running with, command injection can lead to an attacker owning an entire system.
Information Gathering Tool
git clone https://github.com/Moham3dRiahi/Th3inspector.git
cd Th3inspector
chmod +x install.sh && ./install.sh
git clone https://github.com/Moham3dRiahi/Th3inspector.git
cd Th3inspector
chmod +x install.sh && ./install.sh
๐ฐ How to Get Almost All Udemy Courses for Free [Tested] ๐ฐ
1. Firstly go to http://dislooks.com/wgpwx
2. Search for your Course, or just look around.
3. There will be many courses with 100% discount, get one of those or any if you want.
4. Select your course.
5. Click on "Get Coupon".
6. And you will be redirected to Udemy's website and a coupon will be applied automatically.
๐That's it! Enjoy your free Courses!๐
โ @ElliotMalek โ
1. Firstly go to http://dislooks.com/wgpwx
2. Search for your Course, or just look around.
3. There will be many courses with 100% discount, get one of those or any if you want.
4. Select your course.
5. Click on "Get Coupon".
6. And you will be redirected to Udemy's website and a coupon will be applied automatically.
๐That's it! Enjoy your free Courses!๐
โ @ElliotMalek โ
git clone https://github.com/skavngr/rapidscan.git
Once the tool is installed, it can be launched using the following command.
./rapidscan.py <target website>
๐ @HackWormAdmin ๐
Once the tool is installed, it can be launched using the following command.
./rapidscan.py <target website>
๐ @HackWormAdmin ๐
Social Engineering for Absolute Beginners (no coding!)
The most common social engineering attacks every manager should know, because every hacker does!
Identify the most common social engineering attacks (no coding!)
Explain the threat, impact and remediation for the most common attacks
Strengthen your personal firewall!
Coupon Link
https://dislooks.com/YKwWjb
๐Education That Matters๐
The most common social engineering attacks every manager should know, because every hacker does!
Identify the most common social engineering attacks (no coding!)
Explain the threat, impact and remediation for the most common attacks
Strengthen your personal firewall!
Coupon Link
https://dislooks.com/YKwWjb
๐Education That Matters๐
๐ฐ Search Engine For Hackers ๐ฐ
1. Censys.io
2. Shodan.io
3. Viz.Greynoise.io/table
4. Zoomeye.org
5. Fofa.so
6. Onyphe.io
7. App.binaryedge.io
8. Hunter.io
9. Wigle.net
10. Ghostproject.fr
1. Censys.io
2. Shodan.io
3. Viz.Greynoise.io/table
4. Zoomeye.org
5. Fofa.so
6. Onyphe.io
7. App.binaryedge.io
8. Hunter.io
9. Wigle.net
10. Ghostproject.fr
Dehash password using Termux
Its purpose is to encode your desired hash text.
Encode & Decode as follows:
1. md5 [encode]
2. sha1 [encode]
3. sha224 [encode]
4. sha256 [encode]
5. sha384 [encode]
6. sha512 [encode]
7. base64 [encode/decode]
8. binary [encode/decode]
9. hexa decimal [encode/decode]
10. cipher of cesar [encode/decode]
11. reverse text
12. reverse words
๐ฐRequirements :- โข python 3.x
How to Install
$ apt install git
$ apt install python
$ git clone https://github.com/Sup3r-Us3r/HashCode
How to use
RUN:
$ cd HashCode
$ chmod +x *
$ python3 hashcode-en.py
Change Language:
$ ./hashcode-pt.py // For portuguese - mode text
$ ./hashcode-en.py / For english - mode text
Open GUI:
$ ./hashcodegui.py
Its purpose is to encode your desired hash text.
Encode & Decode as follows:
1. md5 [encode]
2. sha1 [encode]
3. sha224 [encode]
4. sha256 [encode]
5. sha384 [encode]
6. sha512 [encode]
7. base64 [encode/decode]
8. binary [encode/decode]
9. hexa decimal [encode/decode]
10. cipher of cesar [encode/decode]
11. reverse text
12. reverse words
๐ฐRequirements :- โข python 3.x
How to Install
$ apt install git
$ apt install python
$ git clone https://github.com/Sup3r-Us3r/HashCode
How to use
RUN:
$ cd HashCode
$ chmod +x *
$ python3 hashcode-en.py
Change Language:
$ ./hashcode-pt.py // For portuguese - mode text
$ ./hashcode-en.py / For english - mode text
Open GUI:
$ ./hashcodegui.py
GitHub
GitHub - Sup3r-Us3r/HashCode: Its purpose is to encode your desired hash text
Its purpose is to encode your desired hash text. Contribute to Sup3r-Us3r/HashCode development by creating an account on GitHub.
Installation
$ apt-get install git python
$ git clone https://github.com/jaxBCD/Zeebsploit.git
$ cd Zeebsploit
$ python -m pip install -r requirements.txt
$ python zsf.py
$ * and follow instruction
exploits 17
scanners 11
footprinting 10
-- @ElliotMalek --
$ apt-get install git python
$ git clone https://github.com/jaxBCD/Zeebsploit.git
$ cd Zeebsploit
$ python -m pip install -r requirements.txt
$ python zsf.py
$ * and follow instruction
exploits 17
scanners 11
footprinting 10
-- @ElliotMalek --
๐ PhishX โSpear Phishing Tool for Capturing Credentials ๐
PhishX is a python tool that can capture user credentials using a spear phishing attack. Spear phishing is a targeted form of phishing attack that is launched against specific individuals. Therefore, some information about an individual is required in order to launch such an attack. Since PhishX is used to capture userโs credentials, the tool generates fake pages and adds target information to said pages. The pages are shared with the target users. If the users share any data on the fake pages, the information is captured by the interface on the attackerโs machine. The pages that can be used (cloned) for spear phishing attack include Facebook, Google, Twitter, Instagram, LinkedIn, Pinterest, Quora, and Steam. All the available pages support the mobile version except LinkedIn.
PhishX is a python tool that can capture user credentials using a spear phishing attack. Spear phishing is a targeted form of phishing attack that is launched against specific individuals. Therefore, some information about an individual is required in order to launch such an attack. Since PhishX is used to capture userโs credentials, the tool generates fake pages and adds target information to said pages. The pages are shared with the target users. If the users share any data on the fake pages, the information is captured by the interface on the attackerโs machine. The pages that can be used (cloned) for spear phishing attack include Facebook, Google, Twitter, Instagram, LinkedIn, Pinterest, Quora, and Steam. All the available pages support the mobile version except LinkedIn.