Category Archives: Hacking

how to install fluxion in Kali Linux

Welcome readers to this article that is about how to install fluxion in Kali Linux for wifi cracking. This post is for if you are trying to get a tool to help you to crack wifi. Well, in our previous post we discussed how to test wifi vulnerability using airgeddon. And I’m also sure some of you enjoyed that article because I got some positive reactions from you.

Well, without wasting time let me introduce you to Fluxion the sweet tool that we are going to discuss today.

Also for those who are new to the topic of Kali Linux or Linux itself, I suggest you have a look at these articles below:

Then, we can continue, now we can discuss what the Fluxion tool is.

What is Fluxion?

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. 

It’s compatible with the latest release of Kali (rolling). Fluxion’s attacks’ setup is mostly manual, but experimental auto-mode handles some of the attacks’ setup parameters.

How does Fluxion work?

The first step is to scan for a target wireless network. And then launch the Handshake snooper attack. The next step is to capture a handshake (necessary for password verification).

Then the tool will launch a Captive Portal attack. spawns a rogue (fake) AP, imitating the original access point. spawns a DNS server, redirecting all requests to the attacker’s host running the captive portal.

Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key. Spawns a jammer, deauthenticating all clients from the original AP and luring them to the rogue AP. All authentication attempts at the captive portal are checked against the handshake file captured earlier.

Then, the attack will automatically terminate once a correct key has been submitted. And then the key will be logged and clients will be allowed to reconnect to the target access point.

Captive Portal Attack for fluxion

The captive portal attack when fluxion attempts to retrieve the target access point’s WPA/WPA2 key by means of a rogue network with a border authentication captive portal.

Handshake Snooper Attack

The Handshake snooper attack is when fluxion attempts to retrieve WPA/WPA2 authentication hashes (the 4-way handshake), to be used later by the captive portal attack for key verification.


Before we discuss how to install fluxion let us first discuss what are some requirements.

Fluxion community recommend Kali Linux 2 & rolling because it supports the latest aircrack-ng versions. But you can also install it if you have a Linux-based operating system.

Also, an external wifi adapter is recommended.

And other information for windows users, Fluxion DOES NOT WORK on Linux Subsystem For Windows 10, because the subsystem doesn’t allow access to network interfaces

How to install fluxion in Kali Linux? 

Now to install fluxion in Kali Linux, open your terminal and then navigate to the desktop using the command: cd desktop. Then, after that create a folder with the command mkdir and name it fluxion: “mkdir fluxion“. Then, we are going to clone fluxion tool from Github using the command:

git clone

Then, when cloning will finish we can now Switch to the tool’s directory using the command:

cd fluxion 

Now we can run fluxion, no need for installation it will only install missing dependencies automatically.

sudo ./

Well done, you are now ready to use fluxion congratulation. If you don’t get the same screen short as me. means you didn’t follow all procedures, you can restart the process if you still get the same error. comment it down to get help from us, thanks.

Visit fluxion home page for more information about it:


Author: Cyberfee, l3op, dlinkproto, vk496, MPX4132

License: GPLv3

Exploit Wi-Fi vulnerabilities with Routersploit on termux and Linux

Welcome user, to this article that is about RouterSploit. In the previous article, we discussed how to hack a Wi-Fi password using a dictionary attack. Then in this article, we are going to discuss how to use Routersploit for vulnerabilities analysis.

Today, routers are a priority target of network attacks that allows the stealing of money and data while bypassing local protection systems. How can you personally check the quality of firmware and adequacy of settings? You can do this by using free utilities, online test services

By using the vulnerable CWMP implementation, an attacker could do practically anything, such as setting and reading the configuration parameters, resetting parameters to their default values, and remotely rebooting the device.

The most common type of attack is to substitute DNS addresses in the router settings for addresses of servers controlled by the attacker. They filter the web requests and redirect those addressed to banking services to fake pages. The fake pages have been created for all popular payment systems, such as PayPal, Visa, MasterCard, QIWI, and others.

Why should you use RouterSploit?

It’s clear that there are always some bad practices that users do when it comes to security. Then, by using RouterSploit you can be the first to discover your Network vulnerability before a hacker discovers it. To discover your device’s vulnerabilities RouterSploit is powerful for that reason why you should use it.

As you know if a hacker arrives to hack your device that means he can have access to your network. Also, he can do any modification and can also get some information he wants.

What is RouterSploit?

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. Also, it consisted of various modules that aid penetration testing operations:

  • exploits – modules that take advantage of identified vulnerabilities
  • creds – modules designed to test credentials against network services
  • scanners – modules that check if a target is vulnerable to any exploit
  • payloads – modules that are responsible for generating payloads for various architectures and injection points
  • generic – modules that perform generic attacks

Who can install this tool?

Before we go to the installation, we have to make sure everyone knows if you have what is required.


  • future
  • requests
  • paramiko
  • pysnmp
  • pycrypto

We are going to see how you can install RouterSploit on kali-Linux, Ubuntu 20.04, Ubuntu 18.04, OSx, Docker, and Termux. Now we are going to start with the installation process, we are going to use some basics Linux commands if you are not familiar with Linux you can look at this article Linux for beginners.

Installation process

How to install RouterSploit on kali Linux?

Now, the first step is to install python3 pip, open your Kali Linux terminal then type the command,

apt-get install python3-pip

Then, after that, you can clone RouterSploit from GitHub by using the command. First, you have to choose the destination where you want to store RouterSploit.

git clone

Now, you have to navigate in the RouterSploit folder with the command.

cd routersploit

Then, we are going to install requirements.txt using python3.

python3 -m pip install -r requirements.txt
then use

Bluetooth Low Energy support:

apt-get install libglib2.0-dev
python3 -m pip install bluepy

How to install RoiterSploit on Ubunu 20.04?

Then, the first step is to install python3 pip, open your Ubuntu terminal then type the command,

sudo apt-get install git python3-pip

Then, get RouterSploit from Github. First, you have to choose the destination where you want to store RouterSploit.

git clone

Now, you have to navigate in the RouterSploit folder with the command.

cd routersploit

Then, we are going to install requirements.txt using python3.

python3 -m pip install -r requirements.txt
then use

Bluetooth Low Energy support:

apt-get install libglib2.0-dev
python3 -m pip install bluepy

How to install RoiterSploit on Ubuntu 18.04 & 17.04?

Then, the first step is to install python3 pip, open your Ubuntu terminal then type the command,

sudo add-apt-repository universe
sudo apt-get install git python3-pip

Then, after that, you can clone RouterSploit from Github. First, you have to choose the destination where you want to store RouterSploit.

git clone

Now, you have to navigate in the RouterSploit folder with the command.

cd routersploit

Then, we are going to install requirements.txt using python3.

python3 -m pip install -r requirements.txt
then use

Bluetooth Low Energy support:

apt-get install libglib2.0-dev
python3 -m pip install bluepy

Usage of RouterSploit

Then, after installation, you can use the command Routersploit to run this tool.

To list all the RouterSploit options just use the command show all.

Then, a very long list of all the features of Routersploit will appear, each, in turn, allows you to perform all kinds of actions to breach routers. Likewise, other devices capable of connecting to the network such as security cameras can be exploited by this framework. Take a few minutes and you will see how no (especially reputable) manufacturer is immune to vulnerabilities.

Then, if we want to test a particular router, we have to choose the order.

use scvanners/autopwn

Now, we use the command:

show options

As you have seen, it is extremely easy to find a way to breach multiple devices with just RouterSploit. Also, you don’t need a computer or a specialized server for this, remember that, especially Kali Linux distributions, can be used live. So there are more possibilities for a cybercriminal to take control of devices such as Wi-Fi routers.

However, depending on each country, if you try to exploit vulnerabilities and take control of a device that is not originally managed by you, you could face some very serious legal issues. Today we have many options for network devices that we can purchase so that we can set up a small lab in our homes.

How to hack a wifi using airgeddon

airgeddon is a multi-use bash script for Linux to audit wireless networks. Also, it automates using different tools, so it is not necessary for you to type commands. Airgeddon usage does not require a deep understanding of Wi-Fi protocols or performed attacks. Therefore, absolute beginners are able to audit wireless networks. This article is about how to hack wifi using airgeddon.

Airgeddon features – hack wifi

Airgeddon is an alive project growing day by day. Then, here we are going to see the list of its features.

  • Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing
  • DoS over wireless networks using different methods (mdk3, mdk4, aireplay-ng
  • Full support for 2.4Ghz and 5Ghz bands
  • Assisted WPA/WPA2 personal networks Handshake file and PMKID capturing
  • Cleaning and optimizing Handshake captured files
  • Offline password decrypting on WPA/WPA2
  • Evil Twin attacks (Rogue AP)
  • Also, you can get airgeddon more features

Airgeddon requirements – hack wifi

Then, if you want to use airgeddon, know that it is compatible with any Linux distribution that has the needed tools installed. Then, the script checks if all tools are installed to begin the process, otherwise it won’t start.

You may also, like how tos tart with metasploit framework – penetration testing

Essential tools

Then, for airgeddon to work properly these essential tools must be installed in the Linux distribution that you are using.

CommandPossible package nameCommandPossible package name
iwiwawkawk | gawk
lspcipciutilspsprocps | procps-ng

NOTE: Regarding xterm and tmux, only one of them is really needed. airgeddon will use only one of them, which you configure in its options file and only the selected one will be validated on dependency checks. Options file can be located as .airgeddonrc usually in the same dir as the main script but for some distros like Pentoo it is located at /etc/airgeddonrc.

Optional tools

Appropriate checks are done at the beginning to determine if you are able to use some features. Optional but recommended to have. airgeddon will block the ability to use some features if the needed optional tool is not present.

Also, know that not necessary to have them installed for airgeddon to work, but only needed for some features.

CommandPossible package nameCommandPossible package name
wpacleanaircrack-ngettercapettercap | ettercap-text-only | ettercap-graphical
crunchcrunchetterlogettercap | ettercap-text-only | ettercap-graphical
aireplay-ngaircrack-ngtsharktshark | wireshark-cli
mdk3/mdk4mdk3/mdk4dhcpdisc-dhcp-server | dhcp-server | dhcp
beefbeef-xss | beef-projectasleapasleap

update tools

Also, these tools are only used for auto-update, not necessary but needed.

CommandPossible package name

airgeddon uses curl to update itself and to update also the WPS PIN database. It will be checked at the beginning to determine if updates are possible. It’s not mandatory to have it but it’s highly recommended.

who can install and use airgeddon – hack using airgeddon

Also, you have to know that airgeddon was developed on Linux and designed for Linux. Also, it can run on any Linux distribution that passes the tool’s validations.

  • Arch
  • Backbox
  • BlackArch
  • CentOS
  • Cyborg Hawk
  • Debian
  • Fedora
  • Gentoo
  • Kali Linux
  • Manjaro
  • Mint
  • Open Mandriva LX3
  • OpenSUSE
  • Parrot Security
  • Pentoo
  • Raspbian
  • red Hat
  • Ubuntu/Xubuntu
  • wifislax

Also, you might like Top 6 Best OS for hacking and penetration testing

Installation and Usage

Then, before we proceed with the installation of Airgeddon we have to check first if airgeddon is already installed on your Linux. Some pentest Linux distributions have it preinstalled or available on their repositories.

Also, you have to know that it’s essential to run airgeddon as root, otherwise, it won’t work. And if you don’t know how to turn into a root user. you can read Basic Linux commands for beginners to advanced

then, open your terminal. and tape the command.

git clone --depth 1

Then, navigate into the cloned directory.

cd airgeddon

Now, we run airgeddon. Also, remember you must run airgeddon as root

chmod +x
sudo bash

Then, checking all required dependencies packages will start. and if your distribution doesn’t have all the required dependencies airgeddon will ask your permission to install them, but make sure you have good internet.

You may also, like TheFatRat hacking tool to create undetectable backdoors


airgeddon should be used for authorized penetration testing and/or nonprofit educational purposes only. Also, any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner’s permission.

you may also, like how to install kali linux properly

TheFatRat hacking tool to create undetectable backdoors

What is TheFatRat ?

TheFatRat is an exploit and hacking tool that compiles well-known payload malware and then compiled malware that can run on Linux, Windows, Mac and Android. In addition, it provides an easy way to create backdoors and payloads that can bypass most anti-virus software.

What is a backdoor

A backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.

TheFatRat features

TheFatRat is a powerful tool and it also has many features which can impress you and convince you to use it.

  • Fully Automating MSFvenom & Metasploit.
  • Local or remote listener Generation.
  • Easily Make Backdoor by category Operating System.
  • Generate payloads in Various formats.
  • Bypass anti-virus backdoors.
  • File pumper that you can use for increasing the size of your files.
  • The ability to detect external IP & Interface address.
  • Automatically creates AutoRun files for USB / CDROM exploitation

Uses of TheFatRat

  • FatRat is used for exploitation.
  • Is used to create malware
  • TheFatRat is used to combine payload with malware.
  • Also, TheFatrat is used for creating Backdoors for Post Exploitation.
  • TheFatRat is used for browser attacks.
  • FatRat is used to get DDL files from Linux.
  • FatRat can create malware in different extensions.

You may also like how to use John The Ripper password cracker


Then, let us see how we can get and install TheFatRat. Before you install make sure you have kali Linux installed on the pc.

NB: In this article, we are going to use Kali Linux. But if you don’t have Kali Linux installed just have a look at how to start with Kali Linux. best way to follow. It may work also with other Linux distribution like Parrot.

Also, in this article we will be using some Linux basic commands, if you are not familiar with linux don’t continue this article. But read Basic Linux commands for beginners to advance and then continue after .

Installation procedures

log into the Kali Linux machine and open the terminal windows. type git clone

After cloning is completed, type cd TheFatrat, and then hit enter.

We can see the file. To execute this file we need to give executable permission, to do that we run the following command in the terminal. Then, type chmod +x and hit enter.

Type sudo ./ and hit enter the start the installation it will ask you your root password. Then, an updating Kali repo popup appears. Then, the tool starts the installation process. It will check for all the necessary tools are installed in the system to run FatRat. If some tools are missing in the system FatRat will auto-install them.

After the update windows close, TheFatRat asks to create a shortcut in the system type y, and hit enter. Take a cup of coffee and relax

Then. after the installation is complete, in the terminal type fatrat and hit enter.

You must know that TheFatRat work together with Metasploit Framework (MSF) is far more than just a collection of exploits–it is also a solid foundation that you can build upon and easily customize to meet your needs. This allows you to concentrate on your unique target environment and not have to reinvent the wheel.

How to troubleshoot TheFatRat

chk_tools script to use in case of problems in of fatrat this script will check if everything is in the right version to run fatrat and will also provide you a solution for the problem

cd TheFatRat
chmod +x chk_tools 


This article is for educational purposes only, usage of TheFatRat for attacking targets without prior mutual consent is illegal. We assume no liability and are not responsible for any misuse or damage caused by this program.

get into the penetration testing field

Do you want to get into the penetration testing field?. if yes, we are going to discuss how you can stop being a script-kiddies and become a good penetration tester. If you are reading this article, you are on a good way to become an expert in penetration testing.

The way has never been easy but you can reach it if others reached it. But depend on the energy and effort you are going to put into it.

Then, before we continue with this article, let us see first what penetration testing really is. because some are having confusion about penetration testing and Ethical hacking.

Also you should read this article, how to become an ethical hacker

What is penetration testing?

Penetration testing is a type of security testing that is used to test the security of an application. It is conducted to find a security risk that might be present in a system.

When a system is not secure, then it’s easy for an attacker to get into it. Security is normally an accidental error that occurs while developing a system.

why is penetration testing important?

You must understand that penetration testing is very important to assured the system or network security. Also, penetration testing normally must evaluate the system’s ability in order to be protected.

Also, penetration testing must assure that only external or internal authorized users can access the system.

Then, penetration testing is important because:

  • It provides evidence to suggest why it is important to increase investment in security aspect of technology
  • also, it estimates the volume of the attack
  • It supports avoid black hat attack and also protects the original data.
  • helps also to detect the weakness of the system

Attention: penetration testing is not only to know the list of tools used to test and to know how to use them. But a real penetration tester must be able to proceed rigorously and detect the weaknesses of a system. They must be able to identify the technology behind them and test every single door that might be open to attackers.

Also, this is important to inform yourself about the law and what you are allowed to do or not. According to your country, the computer laws are not the same. First, check laws about privacy and surveillance: Nine eyes countries, Five eyes, and Fourteen Eyes. Always check if what you’re doing is legal. Even when it’s not offensive, information gathering can also be illegal!

The penetration tester not only discovers vulnerabilities that could be used by attackers. But also must be able to exploit those vulnerabilities, to assess what attackers might gain after a successful exploitation

How is penetration testing Beneficial?

While the practice of penetration testing is growing in popularity, it comes with the benefit.

Identify and resolve system vulnerabilities: penetration testing is that penetration testers put themselves in a hacker’s position. By staying on the pulse of the cybersecurity world and regularly approaching IT systems from a cybercriminal’s perspective, penetration testers can identify a wide range of vulnerabilities and weaknesses in the system.

Gain valuable insights into digital systems: Reports from penetration testing can provide a valuable details about the network or system, its weak points, and how to strengthen it.

Establish trust with your clientele: A cyberattack or data breach negatively affects the confidence and loyalty of your customers, vendors, and partners.

Protection from financial damage: A simple breach of security system may cause millions of dollars of damage. Penetration testing can protect the organization from such damages.

some vocabulary related to penetration testing

Penetration tester: Is an ethical hacker who practices security, tests applications and systems to prevent intrusions or find vulnerabilities.

Reverse engineering: Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon.

Social engineering: In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information.

Security researcher: Someone who practices pen testing and browses the web to find phishing/fake websites, infected servers, bugs, or vulnerabilities. They can work for a company as a security consultant and are most like a Blue team.

Penetration tester skills required

A penetration tester need to know how to modify existing exploits to get them to work in specific networks for testing purposes. But no single tester can possibly be an expert across all domains, but they need to be active learners and develop real-world experiences.

Understanding of secure web communications and technologies

You need an understanding of web technologies. Web applications are a well-accepted portion of just about every assessment we do these days, and everybody needs to understand them. Our assessors need to know how web applications are built, how to identify input fields, and how to gather the information that can lead to exploiting the functionality of the web application.

You might like also Top 6 best OS for penetration testing

Ability to Script or Programming

Learning programming is the very first way to start learning about security. There’s a lot of languages, most people start with Python, which’s the easiest and the most popular one. PHP and Go are the less popular to write security-related stuff, but any of these can still be used in such context. Bash and PowerShell are mostly about scripting and writing simple CLI applications.

Programming language

You might like also 6 most common mistake that every beginner should avoid for the best result

Content Management Systems

First, a CMS is computer software used to manage the creation and modification of digital content. Digging into the functionalities and security of CMS’s will open your door to a better understanding of how you can manage when in front of one below:

  • WordPress
  • Joomla
  • Drupal
  • SPIP

Steps of Penetration Testing

Before the tester starts the vulnerability analysis of a system there are some crucial steps that he must follow. each step is important in order to elaborate a good report after finish the work.

  • Planning and preparation
  • Reconnaissance
  • Discovery
  • Analyzing information and risks
  • Active Intrusion Attempts
  • Final Analysis
  • Report Preparation

You can also read more about penetration method

Penetration testing tools

The Kali Linux penetration testing platform contains a vast array of tools and utilities. From information gathering to final reporting, Kali Linux enables security and IT professionals to assess the security of their systems.

Also, check this for more information about kali linux tools

Additional resources

Also, here are some of other additional resources’ that will help you in your jorney of becoming a pentester.

Notice: These resources are not only that you can use. But know that there are many resources over the internet and also books that can help you.

Man in the middle attack & how to prevent it

What is Man in the middle attack

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

The goal of an attack is to steal personal information, such as login credentials, account details, and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites, and other websites where logging in is required.

Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers, or an illicit password change.

Additionally, a man in the middle attack requires three players. There’s the victim is trying to communicate, and the man-in-the-middle, who is intercepting the victim’s communications. Critical to the scenario is that the victim isn’t aware of the MITM.

How does a Man In The Middle Attack work?

Let’s say you received an email that appeared to be from your bank, asking you to log in to your account to confirm your contact information. Then, you click on a link in the email received and are taken to what appears to be your bank’s website, where you log in and perform the requested task.

In such a scenario, the man in the middle (MITM) sent you the email, making it appear to be legitimate.

This attack also involves phishing, getting you to click on the email appearing to come from your bank.

Also, he created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login credentials after clicking the link in the email. And the time you log in, you are not logging into your bank account, but you are handing over your credentials to the attacker.

Man In The Middle attack progression

Man In The Middle attacks come in two forms, one that involves physical proximity to the intended target, and another that involves malicious software, or malware.

Successful MITM execution has two distinct phases: interception and decryption.


The first step intercepts user traffic through the attacker’s network before it reaches its intended destination.

The most common (and simplest) way of doing this is a passive attack in which an attacker makes free, malicious WiFi hotspots available to the public. Typically named in a way that corresponds to their location, they aren’t password protected. Once a victim connects to such a hotspot, the attacker gains full visibility to any online data exchange.

When an attacker wishing to take a more active approach to interception, he may launch one of the following attacks:

You may also like How to use john the ripper password cracker

  • IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website.
  • ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker.
  • DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.


After an interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this:

  • HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumbprint associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The attacker is then able to access any data entered by the victim before it’s passed to the application.
  • SSL BEAST (browser exploit against SSL/TLS) targets a TLS version 1.0 vulnerability in SSL. Here, the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by a web application. Then the app’s cipher block chaining (CBC) is compromised so as to decrypt its cookies and authentication tokens.
  • SSL hijacking occurs when an attacker passes forged authentication keys to both the user and the application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session.
  • SSL stripping downgrades an HTTPS connection to HTTP by intercepting the TLS authentication sent from the application to the user. The attacker sends an unencrypted version of the application’s site to the user while maintaining the secured session with the application. Meanwhile, the user’s entire session is visible to the attacker.

You may also like How hackers hack Facebook Accounts, and How to prevent them

Man in the middle attack prevention

Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications.

Also, with the amount of tools readily available to cybercriminals for carrying out Man In The Middle attacks, it makes sense to take steps to help protect your devices, your data.

  • make sure you always visit website with the HTTPS
  • Be wary of potential phishing emails from attackers asking you to update your password or any other login credentials. Instead of clicking on the link provided in the email, manually type the website address into your browser.
  • Never connect to public WIFI routers directly, if possible a VPN encrypts your internet connection on public hotspots to protect the private data you send and receive while using public WIFI, like passwords or credit card information.
  • Avoiding WIFI connections that aren’t password protected.

For website operators, secure communication protocols, including TLS and HTTPS, help mitigate spoofing attacks by robustly encrypting and authenticating transmitted data. Doing so prevents the interception of site traffic and blocks the decryption of sensitive data, such as authentication tokens.

Technics used to hack facebook accounts & How to prevent them

Facebook is, undoubtedly, the most popular social networking website with more than 500 million active users. Due to its popularity, many bad guys (black hackers) are actively involved in hacking Facebook accounts of unsuspecting users. Most people may ask why hackers hack Facebook accounts.

This article outlines strategies that hackers use to gain access to the Facebook accounts of hundreds of users each day. Also, you will see how you can prevent some attacks from hacking your account. In the previous article, we discussed how to protect the Facebook account from hackers

Why do bad guys try to hack Facebook accounts?

As I mentioned above Facebook is a popular social networking website, this brings many people to try to access someone’s Facebook account without his consent.

You must also know that hackers can try to access your account for modifying your information, exposing your information, or maybe for fun. Some of the beginners in hacking (script kiddies) try to use some hacking tools developed by professional hackers to hack Facebook account. Also, they can try to hack Facebook account because of:

  • Exposing your information.
  • Modifying your data
  • Because of love reasons
  • For joking or celebrity.
  • For money

How do they do to hack Facebook accounts? and which technics do they use?

Although Facebook is more secure there are some technics hackers use to hack Facebook account like phishing, keylogging, Trojans/backdoors, Sniffing, Social Engineering, and Sessions Hijacking …

Phishing – hack Facebook accounts

Phishing is one of the easiest ways to trick users into giving out their login credentials. All a hacker does is set up a webpage similar in design to that of the Facebook homepage, attach a server-side script to track the username and password entered, and store it in a log.

 A new trend amongst phishers is creating Facebook look-a-like widgets for stealing user’s login credentials. The hacker sends you the link by using some attractive words or other technics like:

Hey, do you know that Facebook has a new update? Install the new update by following this link. 

And after the hacker has sent you the link and attractive message he will be waiting for you just to log in and get your information and your account will be hacked. But nowadays Facebook blocks phishing links. Then, know that it can’t block phishing links only if the hacker used another method to send the link.


I feel happy to present you NordVPN one of good VPN i have never used. With NordVPN No need to buy VPN subscriptions separately for your phone and PC.

NordVPN secures up to 6 devices and is compatible with Windows, macOS, Linux, Android, iOS, and even your Wi-Fi router.

How to prevent yourself from being phished?

At all costs, avoid clicking on suspicious links. Moreover, always check the URL in the address bar before signing in. Avoid logging in through various “Facebook widgets” offered by websites and blogs. Instead, use Facebook’s homepage to sign in.

Always try to use Safe Search while searching. If you do manage to get phished, report the website so that others may get a warning before visiting it. You can also read our article on how to secure a Facebook account from hackers to prevent attacks.

Keylogging – hack Facebook accounts

Keylogger is a type of computer virus that tracks keystrokes. Keyloggers can be installed remotely on a computer system by a cracker to record all the activity that is going on the victim’s computer. Also, it can get easier if the hacker has physical access to the victim’s computer.

Also, know that with this technic a hacker can record all your activities; he can get you username, password, and more other information.

How to stop keyloggers?

If you want stop to be keylogging install a good antivirus and update it frequently. Do not click on suspicious links and avoid downloading illegal software. Also, avoid installing free toolbars and other such spam software. Always scan third-person’s flash and pen drives before using them on your computer.

Social Engineering

Social engineering is the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives.

Also, social engineering involves using any trick to fool the user into making himself vulnerable to exploits. This could involve anything from sending spoof emails, pretending to be from Facebook, telling you to change your password to 123456 to a hacker maliciously getting out the answer to your Security Question in a friendly chat or discussion.

How to prevent yourself from being socially engineered?

The only true way to reduce the effect of these attacks is to know that they exist, to know how they are done, and to understand the thinking process and mentality of the people who would do such things. Also, stay aware during chats and discussions.

Also, use a tough security question, preferably one whose answer you would never disclose to anyone. Moreover, Facebook, or any other company for that matter, will never ask you to change your password or do something as silly as asking you to send out your login details to prove that you are an active user.

Always think before taking action and your e-life on Facebook will be safe from hackers looking to hack Facebook accounts.


Also, hackers try to hack your email address to get into your account. It can be easy for a hacker to access your account if he knows your email account used on your Facebook account.

I know you may ask yourself how can it be possible, but know that a hacker can use a brute force attack to get your password and access your account reason why avoid making public your email account. I will recommend you to read our article on how to protect your Facebook account from hackers.   

How to become an Ethical Hacker

This guide is all about how to become an ethical hacker. Then, before we continue we have first to know who are ethical hackers and what they can do. Becoming an ethical hacker may seem easy in theory. But to become a good hacker you have to follow some steps.

Who is a hacker?

The word hacker originally defined a skilled programmer proficient in machine code and computer operating systems. Also, a hacker is a person who breaks into a computer system. The reason for hacking can be many: installing malware, stealing, or destroying data.

Hackers can be also there to find software vulnerabilities in order to fix them.

How does hacking work?

Hackers breach defenses to gain unauthorized access into computers, phones, tablets, IoT devices, networks, or entire computing systems. Hackers also take advantage of weaknesses in network security to gain access. The weaknesses can be technical or social in nature. Let also see some types of hackers.

  • Cybercriminals
  • Hacktivists
  • Ethical hackers
  • Script kiddies

Now as you already know who is a hacker let us see also what is ethical hacking.

what is ethical hacking?

Ethical hacking involves the legal use of hacking techniques for benevolent versus malicious purposes. Ethical hackers use penetration testing and other tactics to find software vulnerabilities and other security weaknesses so they can be promptly addressed.

Who is a penetration tester?

Many people think that a Penetration Tester is just a White Hat Hacker but this is wrong… White Hat Hacker is anyone who works or fight to protect the cyber security…

Penetration Testers are essentially Gray Hat Hackers. They are between the two worlds… this makes Penetration Testers be the most Advanced Hackers because they know how to attack and how to protect!

who is an ethical hacker?

The term ethical hacker includes all security professionals that provide offensive services, whether red team, pentester, or freelance offensive consultant. Also, an ethical hacker’s primary purpose is to view security from the adversary’s perspective in an effort to find vulnerabilities that could be exploited by bad actors.

Role of an ethical hacker

Ethical hackers can be independent freelance consultants, employed by a firm that specializes in simulated offensive cybersecurity services, or they can be an in-house employee protecting a company’s website or apps.

Possessing ethical hacker skills and knowledge is helpful for many other security roles

Now can see then how to become an ethical hacker as you already who he is and what he can do.

The skills required to become an ethical hacker

While there are plenty of anecdotal stories of blackhat hackers being converted to be whitehats in a bygone era, the most important requirement for becoming a successful ethical hacker today is to have, as is found in the name, high ethical standards.

Ethics are what separates the good guys from the bad guys. There are plenty of blackhat hackers that have adequate technical skills to be ethical hackers, but they lack the discipline of character to do the right thing regardless of the perceived benefits of doing otherwise.

A candidate for an ethical hacker job must be able to demonstrate advanced cybersecurity technical skills. The ability to recommend mitigation and remediation strategies is a part of the desired experience.

To become an ethical hacker you have to understand the networks.

A hacker should be able to gather information about a network with the intent to secure the network system. He can also use various tools like Telnet, NS lookup, Ping, Tracert, etc.

Also an ethical hacker must know about the networking and how a network work. He must know about fundamentals of network such as: network models, IP address and network protocols etc. Networking skills is very important in ethical hacking field. Almost all devices are connected to the network.

An ethical hacker must be proficient with operating systems, especially Windows and Linux

Linux System hacking

Linux is an operating system that acts as an intermediary as a bridge between the physical device and the instruction code of the program. in our previous article, we discussed the Linux tutorial for beginners.

hacking a Linux-based computer system and get access to a password-protected Linux system, you must know Linux’s basic file structure. Also you can have a look on these top 6 Best operating system linux for hacking and penetration testing.

windows hacking

Microsoft Windows, commonly referred to as Windows, is a group of several proprietary graphical operating system families, all of which are developed and marketed by Microsoft.

An ethical hacker must have strong coding skills.

You may find that many people on the internet say that you don’t need to know how to program to be a hacker, I don’t judge them but programming is more important in hacking. Sure you may perform some attacks without programming skills by using other script, but at a given point it will require you to have skills in programming.

Programming languages that an ethical hacker need to know

  • Assembly
  • C Lang
  • C++
  • Go Lang
  • python

How to get experience as an ethical hacker

Experience with vulnerability testing tools, such as Metasploit, Netsparker,  and OpenVAS, is very helpful for ethical hackers. These tools and there are many more of them, are designed to save time when searching for known vulnerabilities. These or similar tools may provide a useful framework for vulnerability scanning and management but should represent only the starting point for an experienced ethical hacker. Also, get in hands with kali linux operating system.

What is the Outlook for Ethical Hackers?

Cyberwarfare is extremely common, and many high-profile enterprises have been subject to major hacking issues. In this day and age, spending on IT security on a global scale is reaching the trillion-dollar mark. What better way to combat the threat of black-hat hacking than by making use of an army of white-hat hackers?

The demand for ethical hackers is at an all-time high and rising. Many experienced, ethical hackers can expect to earn in excess of $120,000 per year, especially if they are running their own consultancies or penetration testing companies.

Basic Linux Commands for Beginners to Advanced

Dear friends, the big day has finally arrived. If you are reading basic Linux commands for beginners I suppose that you have already read our previous article, Linux tutorial for beginners, and if not yet I suggest you have a look at it in order to be on the same level otherwise continue reading. You will get the chance to write your first command in the console! Okay, not too stressed?

I assure you, we will start with simple things to become familiar with the console. We’ll really see the ABC, the basic survival guide of kits.

Basic Linux Commands for beginners

Then, let us see what this article is going to cover.

  • First Commands on Linux command Line
  • Understand Super User on Linux
  • Commands & parameters
  • File operation Commands
  • Directory Commands
  • account manager commands
  • Permission Commands
  • System Command
  • Networking commands

What is the Linux shell?

Before we continue let me remind you what a Linux shell is. A Linux shell is a command-line interpreter or shell that provides a traditional user interface for the Linux operating system and for Linux-like systems. The shell understands plenty of shell commands and their options which change their action. The typical syntax of shell command looks like this: command –option argument (parameter).

In our previous article, we saw the history of Linux and other things, we also discussed Linux distributions and I’m very sure you have chosen what you found the best for you. Also, if you weren’t able to choose a distribution of your choice, you might find this article interesting for you, the top 6 best Linux operating systems for hacking and penetration testing.

First basics Linux commands for Beginners.

Then, the time of testing your first command is now; open your Linux command line to write your first command. Also, know that for my side I use Kali Linux and all command you will find on this article was tested on kali.

This is a command prompt. It is a message that prompts you to enter a command by giving you at the same time a lot of information. This command prompt is displayed before each command you type. 

Now let us explain something about what you are seeing in command line.

Anonymous: The first element is your nickname. This is the user name under which you are logged. Indeed, know that you can create multiple user accounts on Linux

@: This symbol indicates nothing special. It’s the symbol “at’”.

DESKTOP-4312L0R: That’s the name of the computer on which you are working. In my case it’s called DESKTOP-4312L0R, but I could give any name during OS installation.

~: That’s the folder where you currently are. You can also navigate folder to folder in the console and it’s very useful that you always be reminded where you are before each command.

$: Also, that symbol is very important, because it shows you your authority level. This symbol means you are currently a normal user with limited rights. If you are curious and you want to know why limited rights read the previous post about Linux tutorial for beginners-Linux guide in 2021.

Tasksel: This is a command to install some additional Linux components.

Understand Super User in Linux

In this part, we are going to see who is a root. Then, let us see what really Superuser means. know that in some distribution of Linux you are not allowed to log in as a superuser because of the security matters, the reason why by default Linux let you log in as a normal user.

Then, once you have log in, you can now run commands as a root but first, you have to run the command sudo su, and then it will ask you to confirm with the password. When typing a password it won’t show if you are typing, but if you write the right password confirm with the button enter. 

$: This symbol means you are currently using a user “normal” account with limited rights (he cannot change the most important system files).

Also, if the symbol is “#” that mean you are in super user mode. That is to say, you are connected under the pseudonym “root”.The root is the master who has the right to do everything on the computer he can even run harmful commands.

parameters & Basic Linux Commands .

Command: It is a directive to a computer program acting as an interpreter of some kind, in order to perform a specific task. In Linux when you are typing command you are ordering the terminal to execute task for you.

Example: mkdir genius – here you ask the computer to create a folder named genius.

Parameters: Parameters are options that are written after the command. The command and parameters are separated by a space. The parameters themselves can contain spaces, letters, numbers … a bit of everything, really. There is no real rule on how the settings, but fortunately programmers have adopted a sort of “agreement” so that we can recognize the different types of parameters.

Also, know that there are two differents of parameters.

  • Short parameters: The most common parameters are constituted by a single letter preceded by a dash. For instance: -d, –l, –a.

If you have to give several parameters, you can do it like this: -d, –a, –U, –h. Also, you have to know that each parameter has different meanings.

  • Long parameters: The parameters consist of several letters are preceded by two dashes like this: –all, –version, –help

Commands and parameters Examples

Then, let’s have a further look about the commands and their parameters.

  1. Su –l: switch user, (su:  login as the root super user and –l: is a parameter meaning “login”).
  2. Ls a: list all contents, (ls: list content and –a: is a parameter meaning “all contents”.
  3. rm -ri genius: (rm: removes a file or a directory, ri: is a parameter meaning remove a non-empty directory and its contents, and genius is the name of the directory to remove.)
  4. usermod -l anonymous genius: (usermod: modify an existing user account, -l: is a parameter meaning “login name change”, anonymous: is the old user name, and genius: is the new user name we want to set).
  5. whoami: shows the current user name, the output is “Anonymous”

File operation Basic Linux Commands

Then, let discuss how we can manage files on CL. Managing files on the Linux command line is not as complicate as beginners may think.

  • cp myfile/genius: the command cp: copy, myfile: is the name of file you want to copy, and genius: is the directory where you want to copy myfile.
  • mv myfile/genius: mv: command to move a file, myfile: is the name of file you want to move, and genius: is the directory where you want to move myfile.
  • rm genius: rm: command to remove a file or directory, and genius: name of the file you want to remove. Also, you can use –ri as parameters if you want to remove a directory with all its contents.
  • wc myfile.txt: This is a command to count words on a given file. wc: show word count, and myfile.txt: Name and extension of the file.
  • lpr myfile.txt: the command of sending the myfile.txt to the printer. lpq command help to display the print queue
  • diff myfile1.txt myfile2.txt: the command diff: show the differences between two files, myfile1.txt: is the file to compare to myfile2.txt.
  • cmp file1.text file2.txt: this is the command to compare two files byte by byte.
  • Md5sum myfile.txt: this command will create an md5 checksum number. Output: f7tkgu5orj1fjt8kelc2os95nd57jf8r myfile2.txt.
  • grep hacking myfile.txt: the command grep: show all lines that contain “hacking” string. It shows a specified string.
  • egrep excellent myfile.txt: It seems similar with grep but the difference is that this command show the unique lines in the file.
  • look ab: this command show words matching a given prefix. The output will be: aba,abb,abc,abd…

you may also like to know the difference between termux from Linux

Directory basic Linux commands for beginners

Also, you may find that managing directories is simple as a beginner. Then, in this part we won’t see many commands but you can do research to get more.

  • mkdir genius: this command hell to create a new directory with the name genius.
  • rmdir genius: help to remove an empty directory. That mean you ask to the CL to remove the directory genius.
  • zip myfile.txt: this file help to compress a file to zipe format.
  • unzip Also, this command help to unzip a file from zip format.

Account manager Commands

Let us see how we can manage users accounts using Command line.

  • useradd username: add a new user account.
  • usermod -l oldname newname: Also, help to change the username.
  • userdel username: this command help to delete a user account.
  • passwd username: set a user account password

permission basic Linux commands

  • chmod 752 myfile.txt: the command chmod: change the mode of access permission for myfile1.txt, 7: set user permission with write, read, execute, 5: set group permission with read, execute, 2: set others permission with write only.
  • chgrp groupname myfile.txt: chgrp: change group membership of a file. Also, groupname is the name of a given group if you created a group.
  • chown username myfile2.txt: the command chown: change ownership of myfile2.txt.

System basic Linux commands

  • job: this command displays the status of all jobs.
  • fg: Also, this command run a suspended job in foreground.
  • bg: run a suspended job in background
  • kill %4: this command kill a job by number or a process by pid
  • at 9:30 pm: Also, this command help to schedule a job run at a specified time. You can also display the scheduled jobs wit at command, and if you want remove a schedule use atrm command.
  • uptime: It also shows the system uptime.
  • top: Also, help to view the top active or specified process.
  • tar -xf archive.tar: it also help to extract an archived tar file.
  • tar -cf archive.tar: create an archived tar file
  • date: also, help to display the date and time.
  • cal: it also help to display a calendar of month.
  • df: This command help to show disk usage of file system

Networking commands

  • host display remote hostname and IP
  • ifconfig: Also, display local network configuration
  • ping -c3 it also send packets to test if remote is reacheable
  • ssh: securely connect to a remote computer ftp: files transfer by “File Transfer Protocol”
  • mesg: it also enable or disable messaging
  • write: write a messages to other users
  • open: it help to connect to an ftp server
  • mail: Also, send and receive mails locally and globally.
  • dhclient: provides a means for configuring one or more network interfaces
  • nslookup: query internet name servers interactively for IP information.


Well done, this article was only for basic Linux commands hope now you are able to use your CL. If you want to know more about a command just use command man “name of command””

How to use John the Ripper: Password cracker.

John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems.

Many people are asking this question, “How can I crack any password”. But let me tell you that if you are reading this post don’t worry you are in a good place. In this article, we are going to dive into John the Ripper (JtR), you will see how it work and explain to you why it’s important to use it.

In the previous article, we have seen how to install and start with Kali Linux. Now in this article, we are going to see how to start with John the Ripper and to use it. Then first let us see what is John the Ripper.

What is John the Ripper?

First, you have to know that John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. It is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs.

John the Ripper is available for several different platforms which enables you to use the same cracker everywhere. Also, It can support hundreds of hash and cipher types.

How can I get John the Ripper?

This is an amazing question that people may ask because after knowing what is John the Ripper, the next question must be how to get it. Now as you know what is John the Ripper let us see how to get it.

from John the Ripper official site

As I mentioned before John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product, please consider John the Ripper Pro, which is distributed primarily in the form of “native” packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Now, you can download John the Ripper on Linux, macOS, Windows, and Android on its official page You must verify the authenticity and integrity of your John the Ripper downloads to make sure you downloaded a good one. Once you visit the official page you will get more information about that.

John the Ripper is available on Kali Linux as part of their password cracking metapackages.

You may also like how to install kali nethunter on android

What is John the Ripper is used for?

This is another question that some of you must ask, so let us respond to this question to satisfy everyone.

John the Ripper is a primary password cracker used during pen-testing exercises that can help IT guys spot weak passwords and poor password policies. It also supports several common encryption technologies for Unix and Windows-based Systems. It also autodetects the encryption on the hashed data.

John the Ripper also includes its own wordlists of common passwords for 20+ languages. John the RipperIs included in the pen-testing versions of Kali Linux.

Attack types

John the Ripper uses the dictionary attack. it takes text string samples from a wordlist. It offers also brute force attacks. In this type of attack John the Ripper goes through all the possible plaintext, hashing data, and then compares them to the input hash.

Also, it uses character frequency tables to try plaintext containing more frequently used characters first.

You may also like to see How to install Tool-X on termux

Some basic commands

Now we are going to go over some basics commands that you need to start using John the Ripper. To get started you need a file that contains a hash value to decrypt.

John usage example. (Tested in Kali Linux.)

Using a wordlist (–wordlist=/usr/share/john/password.lst), apply mangling rules(-rules) and attempt to crack the password hashes in the given file (unshadowed.txt).

root@kali:~# john --wordlist=/usr/share/john/password.lst --rules unshadowed.txt

Unique Usage Example

Using verbose mode (-v), read a list of passwords (-inp=allwords.txt) and save only unique words to a file (uniques.txt):

root@kali:~#  unique -v -inp=allwords.txt uniques.txt

This is the end of this article hope you get a clear understanding of John the Ripper. If you are having question or suggestion don’t keep it for your self just share with us Thank you.