Showing posts with label others. Show all posts
Showing posts with label others. Show all posts

SMS Bombing in Mobile using Burpsuite

In this article we will learn about SMS bombing. It is used to prank your friends by sending those hundreds and thousands of SMS at once. There are many third party sites to do so but there are usually of no use. We are introducing a different method to do so and all you need is you Kali.


We are going to use BurpSuite that means we have to set up proxy first. And for that go to browser settings and select prefences.


Then select advanced option and then go to network settings.


A dialogue box will open and from it select Manual Proxy Configuration. As you have selected this, you can either keep the http proxy as localhost or you can set it to 127.0.0.1


Now that proxy has been set up open BurpSuite.

Now select the proxy tab and then the options tab and check the check box of interface. Then click on Edit button on the left side.


It will open a dialogue box. In this select Support invisible proxying option. Click on OK.

When you return to the previous window check the invisible box too.


As of now all the settings have been done. Now what we need is to send the message and for that we will log in to way2sms.com.


After logging in generate the message and give the contact number to which you want to send the messages. Before clicking on send turn on the interception in BurpSuite.


When you click the send button the request will first go to Burpsuite as it captures the traffic. When the traffic has been captured right clicks anywhere and select Send to intruder option or simply use keyboard shortcut i.e. ctrl+i.


Now in the intruder tab select options tab. It will show you the details of the traffic that is the number to which the SMS was destined to and the text message.


Select the part of the text message and click on add.

Now go to Payloads tab and select Brute Force in the Payload type option.


Then give the character set of 123456789 i.e. 1-9 numbers. And give the minimum length of 1 and the maxumum length of 3. Here, minimum and maximum length means the length of digits that will created using character set. From the customization that we have done it will create 1100 messages for the receiver.

 Now finally to start the attack goes to the intruder menu and select Start Attack from the drop down menu.


Once the attack starts you can see that the receiver will start receiving all the messages in the interval of 1 to 5 seconds as shown in the image below:

I stopped the attack after 29 messages which were send in the time span of 1 to 2 minutes.

Shodan a Search Engine for Hackers (Beginner Tutorial)

Many people have described Shodan as a search engine for hackers, and have even called it "the world's most dangerous search engine". It was developed by John Matherly in 2009, and unlike other search engines, it looks for specific information that can be invaluable to hackers. John Matherly is an Inernet Cartographer, hence the shodan.

Shodan is a type of search engine that allows users to search for Internet-connected devices and explicit website information such as the type of software running on a particular system and local anonymous FTP servers. Shodan can be used much in the same way as Google, but indexes information based on banner content, which is meta-data that servers send back to hosting clients. For the best results, Shodan searches should be executed using a series of filters in a string format.

So in conclusion we can say that, Shodan is a search engine for finding specific devices, and device types, that exist online. It is like an internet map that lets us see which device is connected to which or ports are open on a specific device or what operating system a certain system is using, etc. Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners.

What Shodan can do?
Shodan pulls service banners from servers and devices on the web, mostly port 80, but also ports 21 (ftp), 22 (SSH), 23 (telnet), 161 (SNMP), and 5060 (SIP). Since almost every new device now has a web interface (maybe even your refrigerator) to ease remote management, we can access innumerable web-enabled servers, network devices, home security systems, etc. Shodan can find us webcams, traffic signals, video projectors, routers, home heating systems, and SCADA systems that, for instance, control nuclear power plants and electrical grids. If it has a web interface, Shodan can find it! Although many of these systems communicate over port 80 using HTTP, many use telnet or other protocols over other ports. Keep that in mind when trying to connect to them.

How to use Shodan?

Understanding shodan is very important at first you might find it complex but once yu get to know it you will find it very handy in use and  very resourcefull too. So, now let us learn how to work with fasinating search engine. To use shodan to your advantage you have to first register to it.


Follow the steps to register. After registration a link will be sent to your e-mail ID for your activation of account on Shodan. Once your account is activated login to Shodan and now that you are logged in you are free to search anything.
Here are some examples for which you can use shodan to search up the things you want.
Webcam
When you search for webcam, it will show you all the webcam present in the world. It will show the results as shown in the image below :


Traffic Signals
Seaching about traffic signals or traffic signaks camera then it will show you all the traffic survallaince camera present.


Cisco
Searching about cisco will show you all the cisco routers in the world but you can search them by country. Like, here, i have found cisco routers in India and result is below image :


Scada
You can also search about Scada and you will get its information arround the whole world as shown :


netcam
Shodan can also show you about all the netcams in world and you can access them too with your hacking skills.


GPS
Shodan even lets you find all the GPS devices all over the world and for this you just have to type gps in the search box.


Port
Not only the devices but it can help find which port is open in which device. For example I have here searched port : 1723. Now we all know this port is used for VPN so through this we can know which device is using VPN as shown in image below :


When you search for port : 3389 it will show the operating system used by the device too which can be very useful.

This is how Shodan is useful for hackers as it gives all the information necessary to collect that too all over the world. And so you can manipulate this information as you desire.

How to Setup own Cloud Computing Lab



XAMPP is the most popular PHP development environment. XAMPP is a completely free, easy to install Apache distribution containing MariaDB, PHP and Perl. The XAMPP open source package has been set up to be incredibly easy to install and to use.
Download XAMPP from here:

https://www.apachefriends.org/index.html

To install XAMPP, run the XAMPP setup and follow the on screen commands.




Allow access to XAMPP in windows firewall


Now, start the XAMPP control panel and start Apache and MySQL services. If the Apache is not being started, then that is because the given ports 80 and/or 443 are not free. To change Apache ports, go to ‘Config’  button (next to admin button in control panel.)  and change the 1st and 2nd files.
In the first file, change all 80 with 81, and in the second file, change all 443 with 444


Now, go to the installed XAMPP directory and paste the ownCloud server folder in installed directory/htdocs.
Usually the installed directory is: C:\xampp\htdocs
About ownCloud:

OwnCloud is a self-hosted file sync and share server. It provides access to your data through a web interface, sync clients or WebDAV while providing a platform to view, sync and share across devices easily — all under your control. ownCloud’s open architecture is extensible via a simple but powerful API for applications and plug-in and it works with any storage.
Download ownCloud server and client software both from here


https://owncloud.org/



Now, open your web browser and type:
localhost:81/ownCloud (assuming the name of the server is ownCloud)
Type in your admin username and admin password then. Do remember this name and password.


A popup will then appear which will tell you that ownCloud clients are available for different mobile phones platform; you might want to check that out as well.


On the right hand side top you will see your admin name, click on that and a popup will fall having many options. Click on ‘users’.


You can see a bar on the top of the page, you ought to input your client ID and password. This client ID and password is the key to your cloud files for the client. So, the client will access the files you share with them in the next step with their ID and password that you give them. No one else but admin (that is you) can see all the clients. All you have to do is give your client their ID and password, and they are ready to use ownCloud.

Type in the details and click create.

Now once the client is created, go to home page again and click on the upload button.


Choose a file to upload. I choose a text file and in the same row as your uploaded file there will be an option to share the file on cloud. Choose that option and fill in the name of client with which you want to share your file. I input the name of client as Hacking Articles.


Now, on the client PC, install the ownCloud Desktop client software.


Input the IP address of the server followed by the port and directory.
In my case, the ownCloud client types:
https://192.168.0.102:81/ownCloud



Now, the client inputs his/her username and password and connects to the server.




Then, click on open ownCloud.


The client inputs his username and password again.


In the activity bar, he/she can see the file shared by the admin.

Beginner Guide of Cryptography (Part 1)

Cryptography is conversion of plain readable text into unreadable form. In cryptography first the data is coverted into cipher text (that is encryption) and then the cipher text is coverted back into readable form (that is decryption). Cryptography basically works on the concept of encryption and decryption. Encryption and decryption should not be confused with encoding and decoding, in which data is converted from one form to another but is not deliberately altered so as to conceal its content. Encryption is achieved through the algorythms. These algorythms are works with logic, mathematic calculations and its complexities.
Encryption : Encrypted data is refered to cipher text. Cipher text is conversion of readable text into undreadable form. It is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. 
Decryption : Decryption is the process of converting encrypted data back into its original form, so it can be understood. To decrypt the data one needs a secret key or password so it can be decrypted.
Encryption can be done through three ways:

1. Symmetric
2. Asymmetric
3. Hash

Symmetric :Symmetric encryption’s job is to take readable data, scramble it to make it unreadable, then unscramble it again when it’s needed. It’s generally fast, and there are lots of good encryption methods to choose from.  The most important thing to remember about symmetric encryption is that both sides—the encrypter, and the decrypter—need access to the same key.

Asymmetric :Asymmetric encryption also takes readable data, scrambles it, and unscrambles it again at the other end, but there’s a twist : a different key is used for each end.  Encrypters use a public key to scramble the data, and decrypters use the matching private (secret) key on the other end to unscramble it again.

Hash :Hashing is what is actually happening when you hear about passwords being “encrypted”.  Strictly speaking, hashing is not a form of encryption, though it does use cryptography.  Hashing takes data and creates a hash out of it, a string of data with three important properties : the same data will always produce the same hash, it’s impossible to reverse it back to the original data, given knowledge of only the hash, it’s infeasible to create another string of data that will create the same hash (called a “collision” in crypto parlance). hash is to authenticate otherwise clearly-transmitted data using a shared secret (effectively, a key.) The hash is generated from the data and this secret, so that only the data and the hash are visible; the shared secret is not transmitted and it thus becomes infeasible to modify either the data or the hash without such modification being detected.
Now, there are very simple methods to achieve cryptography in our day to day life so that our data sharing can be done securely.


For Symmetric encyption we can simply visit the website : www.aesencryption.net , shown below : 


On this is website in first box writing your message and in second box give your password and then click on encrypt button on the right side.


The website will now reload itself and will provide you the encrypted text. Send this encrypted text to the desired person and tell them the key (which, in this case, is time).

The said person, after receiving your encrypted message, can come on this website to decrypt it. He/She wil simple have to copy the encrypted text and paste it on the first box and enter the key in next box and click on decrypt button on the right side as shown below :


After clicking on decrypt the site will reload itself and will provide you with plain text.


Hence, symetric encryption.
For Asymmetric encryption, we can simply go to www.igolder.com/pgp/generate-key/ , the following website wil open:


Click on generate PGP keys, after opening the website. A public and private key will be generated.


Now, copy the public key and click on PGP encrypt message option, it will redirect to the following page


Paste the public key in the first box and write your message in the second box. By clicking on Encrypt Message, you will get your message ecrypted.


Now, copy this encrypted message to the desired person along with the private key which you generated in the first step. The same person can also visited this site and click on PGP decrypt message option to decrypt the message. After clicking on the said option, the following page will open:


He/She can copy the private key and ecrypted message and paste it on first and second box respectively.


At last click on Decrypt message and your message will be decrypted.