Media is too big
VIEW IN TELEGRAM
Social Engineering Demonstrate
[@HackWorm] Social Engineering.pdf
15.6 MB
π° Kali Linux Social Engineering π°
Media is too big
VIEW IN TELEGRAM
π° Introduction to SQL Injections π°
Part 1 SQL Injection
Part 1 SQL Injection
π° WHAT IS SQL INJECTION π°
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.
Media is too big
VIEW IN TELEGRAM
MySQL Database Setup
Part 2 SQL injection
Part 2 SQL injection
π° Knowledge π°
Bypass 2-factor authentication
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.
Bypass 2-factor authentication
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.
π° Setoolkit π°
The Social Engineering Toolkit also includes a website tool that turns your Kali box into a webserver with a bunch of exploits that can compromise almost any browser. The idea is that we would send our target a link which routes them through to our website which automatically downloads and executes the exploit on the target system. You can even clone a valid website so the target is less suspicious. This becomes even more effective if you study your victims browser habits and clone one of their most frequently accessed sites.
The Social Engineering Toolkit also includes a website tool that turns your Kali box into a webserver with a bunch of exploits that can compromise almost any browser. The idea is that we would send our target a link which routes them through to our website which automatically downloads and executes the exploit on the target system. You can even clone a valid website so the target is less suspicious. This becomes even more effective if you study your victims browser habits and clone one of their most frequently accessed sites.
π° Trity π°
Trity is an advanced pentesting framework dedicated to everything from vulnerability testing to cryptography.
Script : https://github.com/samyoyo/Trity-1
ββ @HackWormAdmin ββ
Trity is an advanced pentesting framework dedicated to everything from vulnerability testing to cryptography.
Script : https://github.com/samyoyo/Trity-1
ββ @HackWormAdmin ββ
GitHub
GitHub - samyoyo/Trity-1: My most advanced framework yet!!
My most advanced framework yet!! . Contribute to samyoyo/Trity-1 development by creating an account on GitHub.
π theHarvester π
is a very simple, yet effective tool designed to be used in the early
stages of a penetration test. Use it for open source intelligence gathering and
helping to determine a company's external threat landscape on the internet. The
tool gathers emails, names, subdomains, IPs, and URLs using multiple public data
sources that include: all web pages
Command : root@kali:~# theharvester
ββ @HackWormAdmin ββ
is a very simple, yet effective tool designed to be used in the early
stages of a penetration test. Use it for open source intelligence gathering and
helping to determine a company's external threat landscape on the internet. The
tool gathers emails, names, subdomains, IPs, and URLs using multiple public data
sources that include: all web pages
Command : root@kali:~# theharvester
ββ @HackWormAdmin ββ
π°ARP Poisoningπ°
πARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC address is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch so that it can associate the fake MAC addresses with the IP address of a genuine computer on a network and hijack the traffic.π
β@HackWormAdminβ
πARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC address is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch so that it can associate the fake MAC addresses with the IP address of a genuine computer on a network and hijack the traffic.π
β@HackWormAdminβ
π° Brute-Force Nearly Any Website Login with Hatch π°
The tactic of brute-forcing a login, i.e., trying many passwords very quickly until the correct one is discovered, can be easy for services like SSH or Telnet. For something like a website login page, we must identify different elements of the page first. Thanks to a Python tool for brute-forcing websites called Hatch, this process has been simplified to the point that even a beginner can try it.
Full Tutorial : https://www.hackworm.ml/2019/03/brute-force-nearly-any-website-login.html
The tactic of brute-forcing a login, i.e., trying many passwords very quickly until the correct one is discovered, can be easy for services like SSH or Telnet. For something like a website login page, we must identify different elements of the page first. Thanks to a Python tool for brute-forcing websites called Hatch, this process has been simplified to the point that even a beginner can try it.
Full Tutorial : https://www.hackworm.ml/2019/03/brute-force-nearly-any-website-login.html
π°Web Vulnerability Scannersπ°
πΊNetsparker Application Security Scanner β Application security scanner to automatically find security flaws.
πΊNikto β Noisybut fast black box web server and web application vulnerability scanner.
πΊArachni β Scriptableframework for evaluating the security of web applications.
πΊw3af β Webapplication attack and audit framework.
πΊWapiti β Blackbox web application vulnerability scanner with built-in fuzzer.
πΊSecApps β In-browserweb application security testing suite.
πΊWebReaver β Commercial,graphical web application vulnerability scanner designed for macOS.
πΊWPScan β Blackbox WordPress vulnerability scanner.
πΊZoom β Powerfulwordpress username enumerator with infinite scanning.
πΊcms-explorer β Revealthe specific modules,plugins,components and themes that various websites powered by content management systems are running.
πΊjoomscan β Joomlavulnerability scanner.
πΊACSTIS β Automatedclient-side template injection (sandboxescape/bypass)detection for AngularJS.
πΊSQLmate β Afriend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
β @HackWormAdmin β
πΊNetsparker Application Security Scanner β Application security scanner to automatically find security flaws.
πΊNikto β Noisybut fast black box web server and web application vulnerability scanner.
πΊArachni β Scriptableframework for evaluating the security of web applications.
πΊw3af β Webapplication attack and audit framework.
πΊWapiti β Blackbox web application vulnerability scanner with built-in fuzzer.
πΊSecApps β In-browserweb application security testing suite.
πΊWebReaver β Commercial,graphical web application vulnerability scanner designed for macOS.
πΊWPScan β Blackbox WordPress vulnerability scanner.
πΊZoom β Powerfulwordpress username enumerator with infinite scanning.
πΊcms-explorer β Revealthe specific modules,plugins,components and themes that various websites powered by content management systems are running.
πΊjoomscan β Joomlavulnerability scanner.
πΊACSTIS β Automatedclient-side template injection (sandboxescape/bypass)detection for AngularJS.
πΊSQLmate β Afriend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
β @HackWormAdmin β
π° Bug Bounty Hunting π°
A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs,especially those pertaining to exploits and vulnerabilities.
Areward offered to a perform who identifies an error or vulnerability in a computer program or system.
βThecompany boosts security by offering a bug bountyβ
β @HackWormAdmin β
A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs,especially those pertaining to exploits and vulnerabilities.
Areward offered to a perform who identifies an error or vulnerability in a computer program or system.
βThecompany boosts security by offering a bug bountyβ
β @HackWormAdmin β