"NetHunter" — Turn Your Android Device into hacking weapons

The developers of one of the most advance open source operating system for penetration testing, 'KALI Linux' have announced yesterday the release of a new Kali project, known as NetHunter, that runs on a Google Nexus device.Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security.After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and runon an Android phone.Kali Linux. NetHunter project provides much of the power to Nexus users, those running the NetHunter penetration testing platform can now launch attacks including Teensy keyboard via HID style attacks and BadUSB man-in-the-middle (MITM) networking attacks via USB human interface device (HID), wireless 802.11 frame injection, and could setup evil access points in a single click.
Nethunter is currently available for Nexus devices only, but builds for other Android devices are likely on the way. Nethunter contained a full Kali Linux toolset, including support for self destruction, software defined radio andthe ability to launch a Kali desktop VNC session on Nexus phone.The tools are designed for use by an attacker who has physical access to a device — an insider threat — or someone who gains access through social engineering, tailing etc.On one hand,Teensy Keyboard attackson PCs can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation. 
On the other hand,BadUSBcan force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the traffic of the PC through it for monitoring purposes.Additionally, the Kali NetHunter configuration interface helps users to easily manage complex configuration files through a local web interface, which together with 802.11 wireless injection and a pre-configured connect VPN service make it a “formidable network security tool or discrete drop box – with Kali Linux at the tip of your fingers wherever you are.
”Kali NetHunter open source security platform supports Nexus 10 and 7 tablets and Nexus 5 phones built on the existing Kali (formerly Backtrack) Linux platform.
Download It fromhttp://www.offensive-security.com/kali-linux-nethunter-download/ here

Hack Facebook by cookie stealing

Facebook Authentication Cookies

The cookie which facebook uses to authenticate it's users is called"Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account.

This is how a facebook authentication cookie looks like:

Cookie:  datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

How To Steal Facebook Session Cookies And Hijack An Account?

An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.

In this example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.

Hack facebook account with wireshark.

Step 1 -First of all download wireshark from the official website and install it.

Step 2 -Next open up wireshark click on analyze and then click on interfaces.

Step 3 -Next choose the appropriate interface and click on start.

Step 4 -Continue sniffing for around 10 minutes.

Step 5 -After 10 minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 -Next set the filter tohttp.cookie contains “datr”at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.

Step 7 -Next right click on it and gotoCopy- Bytes - Printable Text only.

Step 8 -Next you’ll want to open up firefox. You’ll need both. Greasemonkey and the cookieinjector script. Now open up Facebook.com and make sure that you are not logged in.

Step 9-Press. Alt C. to bring up the cookie injector, Simply paste in the cookie value into it.

Step 10 -Now refresh your page and viola you are logged in to the victims facebook account.

Note:This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.

How To Use Google Chrome For Hacking

Up till now, firefox was widely used by hackers and pentesters for their day to dayjob due to tremendous plugins that would make their work much easier for them.

However now a days i prefer google chrome more than firefox, due to wide variety of interesting extensions that may provide a great aid in hacking and pentration testing.Their are lots and lots of google chrome extension that can be used for hacking, however i have complied a list of my favorite ones, which i use frequently in order to test different types of web applications for security vulnerabilities.

How To Use Google Chrome For Hacking - Extensions

XSS Rays

Xss rays would certainly be at the top of mylist,  XSS rays includes a scanner, XSS reverser and a DOM inspection tool. Although it does makes the browser a bit unstable when you are performing heavy scans, However it's really handy in detecting XSS attacks. It's a perfect replacement to. XSSME. that is used in firefox for detecting XSS attacks.

Official Description

XSS Rays is asecuritytoolto help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.

Websecurify Scanner

Websecurify Scanner is a really powerful scanner capable of detecting lots of web application attacks. Although it generates lots of false positives, mostly related to. CSRF attacks. However it's really handy in detecting XSS attacks. It's fully awesome automated and very user friendly.

Usage

1.All you need to do is to install the websecurity scanner from the link above and visit the following page:https://suite.websecurify.com/foundation

2. Just enter the URL and it will automatically start scanning.

HPP Finder

HPP finder is capable of easily detecting Http Parameter Pollution attacks. HTTP Parameter Pollution is newest type of web application attacks, Their is not very much information available on it as compared to other attacks such as XSS,SQLinjection. However the one that's available is very handy.Official DescriptionHTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.XSS CHEFXSS Chef is a perfect replacement to BEEF (Browser Exploitation Framework) for google chrome Cookie EditorCookie Editor is a very useful google chrome extension for hackers, I mostly use it, when i am performing session hijacking attacks.

How To Use Google Chrome For Hacking

Up till now, firefox was widely used by hackers and pentesters for their day to dayjob due to tremendous plugins that would make their work much easier for them.

However now a days i prefer google chrome more than firefox, due to wide variety of interesting extensions that may provide a great aid in hacking and pentration testing.Their are lots and lots of google chrome extension that can be used for hacking, however i have complied a list of my favorite ones, which i use frequently in order to test different types of web applications for security vulnerabilities.

How To Use Google Chrome For Hacking - Extensions

XSS Rays

Xss rays would certainly be at the top of mylist,  XSS rays includes a scanner, XSS reverser and a DOM inspection tool. Although it does makes the browser a bit unstable when you are performing heavy scans, However it's really handy in detecting XSS attacks. It's a perfect replacement to. XSSME. that is used in firefox for detecting XSS attacks.

Official Description

XSS Rays is asecuritytoolto help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.

Websecurify Scanner

Websecurify Scanner is a really powerful scanner capable of detecting lots of web application attacks. Although it generates lots of false positives, mostly related to. CSRF attacks. However it's really handy in detecting XSS attacks. It's fully awesome automated and very user friendly.

Usage

1.All you need to do is to install the websecurity scanner from the link above and visit the following page:https://suite.websecurify.com/foundation

2. Just enter the URL and it will automatically start scanning.

HPP Finder

HPP finder is capable of easily detecting Http Parameter Pollution attacks. HTTP Parameter Pollution is newest type of web application attacks, Their is not very much information available on it as compared to other attacks such as XSS,SQLinjection. However the one that's available is very handy.Official DescriptionHTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.XSS CHEFXSS Chef is a perfect replacement to BEEF (Browser Exploitation Framework) for google chrome Cookie EditorCookie Editor is a very useful google chrome extension for hackers, I mostly use it, when i am performing session hijacking attacks

"NetHunter" — Turn Your Android Device into Hacking Weapons

The developers of one of the most advance open source operating system for penetration testing, 'KALI Linux' have announced yesterday the release of a new Kali project, known as NetHunter, that runs on a Google Nexus device.Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security.After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and runon an Android phone.Kali Linux. NetHunter project provides much of the power to Nexus users, those running the NetHunter penetration testing platform can now launch attacks including Teensy keyboard via HID style attacks and BadUSB man-in-the-middle (MITM) networking attacks via USB human interface device (HID), wireless 802.11 frame injection, and could setup evil access points in a single click.

Nethunter is currently available for Nexus devices only, but builds for other Android devices are likely on the way. Nethunter contained a full Kali Linux toolset, including support for self destruction, software defined radio andthe ability to launch a Kali desktop VNC session on Nexus phone.The tools are designed for use by an attacker who has physical access to a device — an insider threat — or someone who gains access through social engineering, tailing etc.On one hand,Teensy Keyboard attackson PCs can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation.

On the other hand,BadUSBcan force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the traffic of the PC through it for monitoring purposes.Additionally, the Kali NetHunter configuration interface helps users to easily manage complex configuration files through a local web interface, which together with 802.11 wireless injection and a pre-configured connect VPN service make it a “formidable network security tool or discrete drop box – with Kali Linux at the tip of your fingers wherever you are.

”Kali NetHunter open source security platform supports Nexus 10 and 7 tablets and Nexus 5 phones built on the existing Kali (formerly Backtrack) Linux platform.
download it here

Reveal *****(Asterisk) PasswordsUsing Javascript

Reveal *****(Asterisk) PasswordsUsing Javascript

Want to Reveal the Passwords Hidden Behind Asterisk (****) ?

Is it is possible to reveal by using only simple Javascript ..?

The Answer isYES  it is possible just copy this few lines into your browser & Hit Enter then the password will show..!!

Follow this simple procedure to get passwords that you have entered.

1. Open the Login Page of any website.(eg. http://mail.yahoo.com)

2. Type your 'Username' and 'Password'.

3. Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'. Copy without bracket

[
javascript:
alert(document.getElementById('Passwd').value);

]
4. As soon as you press 'Enter',

A window pops up showing Password typed by you..!

Note :- This trick may not be working with firefox.

Feel free to comment.. : )