How to Gather Information on PostgreSQL Databases with Metasploit :: Null Byte
Attacks against databases have become one of the most popular and lucrative activities for hackers recently. New data breaches seem to be popping up every...| Null Byte
LoRa (long-range) technology is widely used in IoT applications because it can transmit data over long distances without requiring internet access. Because of its long range and low power consumption, LoRa can be used to remotely control devices — even from miles away. Hackers and security researchers have experimented with LoRa for everything from remote payload activation to off-grid communications. In this test, we explore how far LoRa can actually reach using a simple but effective setu...| Null Byte
As drone technology continues to evolve, so do the systems designed to track and regulate them. One such system is Open Drone ID, an FAA-recognized remote identification protocol that allows drones to broadcast telemetry and identification data, similar to ADS-B for airplanes. While this was implemented for safety and accountability, serious security flaws leave it wide open to spoofing attacks that can flood drone tracking systems with fake UAVs. Because Open Drone ID transmits unencrypted d...| Null Byte
If you started your ethical hacking journey with our recommended Raspberry Pi 3 B+ setup, it's time to consider upgrading your beginner's ethical hacking kit to the Raspberry Pi 5 for even better performance and capabilities. After a nearly four-year hiatus, Kody Kinzie returns as the host of Null Byte's popular YouTube channel, where he walks you through everything you need to get started with the Raspberry Pi 5. Compared to the Raspberry Pi 3 B+, the Raspberry Pi 5 gives you all of these up...| Null Byte
When I see the words "free trial," I know I'm probably going to have to whip out my credit card and enter in the number to "not get charged." Then I end up forgetting about the trial and want to kick myself in the ass when I see my statement at the end of the month. In order to avoid that rigmarole, you can actually use fake credit numbers instead of your own, and you can do that using the site getcreditcardnumbers.com, which can generate up to 9,999 credit card numbers at a time, or just one...| Null Byte
When setting up a Raspberry Pi, it's easy to overlook changing the default password. Like many IoT devices, the Raspberry Pi's default Raspbian operating system installs with a widely-known default password, leaving the device vulnerable to remote access. Using a tool called rpi-hunter, hackers can discover, access, and drop custom payloads on any weak Pi connected to the same network. While this tool is primarily for local networks, it's also capable of discovering and attacking Pi models co...| Null Byte
The ESP32-CAM is a convenient little camera module with a lot of built-in power, and you can turn one into an inconspicuous spy camera to hide in any room. There's only one issue: it does omit a USB port. That makes it a little harder to program, but with an ESP32-based board, FTDI programmer, and some jumper wires, you'll have a programmed ESP32 Wi-Fi spy camera in no time. To build the program for the spy camera, which includes facial detection and recognition, we'll be using Arduino IDE, a...| Null Byte
Project managers — and those hoping to become one — should rejoice at this killer deal. The Project Manager's Essential Certification Bundle Ft. Scrum, Agile & PMP usually runs for $1,990 but is only $49.99 for a limited time. The bundle features training on all the essential tools highly efficient program managers should know. This includes Scrum, Agile, and PMP. Scrum is most common in software development, but it also lends itself well to professionals in the marketing world. As for Ag...| Null Byte
A man-in-the-middle attack, or MitM attack, is when a hacker gets on a network and forces all nearby devices to connect to their machine directly. This lets them spy on traffic and even modify certain things. Bettercap is one tool that can be used for these types of MitM attacks, but Xerosploit can automate high-level functions that would normally take more configuration work in Bettercap. Xerosploit rides on top of a few other tools, namely, Bettercap and Nmap, automating them to the extent ...| Null Byte
If you've recently built a Wi-Fi spy camera out of an ESP32-CAM, you can use it for a variety of things. A baby monitor at night, a security camera for catching package thieves, a hidden video streamer to catch someone going somewhere they shouldn't be — you could use it for pretty much anything. Best of all, this inexpensive camera module can perform facial detection and facial recognition! The low-cost ESP32-CAM is an interesting camera module because it has enough RAM to perform those fa...| Null Byte
The ability to browse the web in coffee shops, libraries, airports, and practically anywhere else you can imagine is more than convenient, but convenience has risks. Using public Wi-Fi allows others to spy on you easily. Even your own internet service provider can see every website you've ever visited. Don't fall into the trap of protecting your identity, data, and devices after it's too late. A Virtual Private Network (VPN) provides safety and security online, and the leading VPN is also one...| Null Byte
An ESP32-based microcontroller with a camera is an amazing platform for video, but not all modules are created equal. We'll go over the pros and cons of some of the popular low-cost camera modules you can use with ESP32-based development boards, as well as what features they support. The ESP32-based microcontroller is the big brother to the ESP8266-based board, which we've covered extensively on Null Byte. The ESP32 is more powerful, comes with Bluetooth, and has an additional core for proces...| Null Byte
The Deauther Watch by Travis Lin is the physical manifestation of the Wi-Fi Deauther project by Spacehuhn, and it's designed to let you operate the Deauther project right from your wrist without needing a computer. That's pretty cool if you want to do all the interesting things that the Wi-Fi Deauther can do without plugging it into a device. If you missed our guide on using an ESP8266-based Wi-Fi Deauther, you might be confused about what the Deauther does. For one, it can create deauthentic...| Null Byte
Web applications are ubiquitous in the modern online world, and knowing how to attack them is an increasingly valuable skill. But the key to a successful attack is good recon since it's easier to be focused and efficient with the more information you have. There are many fingerprinting tools available, such as httprint and WebTech, but there are even more that can aid us in reconnaissance. Common Frameworks & TechnologiesGone are the days of simple websites using HTML, CSS, and vanilla Ja...| Null Byte
There are tons of tools out there that do all kinds of recon, but it can be hard to narrow down what to use. A great way to be more efficient is by taking advantage of scripting. This doesn't have to mean writing everything from scratch — it can simply mean integrating existing tools into a single, comprehensive script. Luckily, it's easy to create your own subdomain enumeration script for better recon. Install DependenciesBefore we begin, there are a few things we need to install and set u...| Null Byte
Kali Linux has come a long way since its BackTrack days, and it's still widely considered the ultimate Linux distribution for penetration testing. The system has undergone quite the transformation since its old days and includes an updated look, improved performance, and some significant changes to how it's used. Offensive Security is the team behind Kali Linux, a Debian-based system. Kali is the preferred weapon of choice on Null Byte, and you can install it as your primary system (not recom...| Null Byte
Kali Linux is the go-to Linux distribution for penetration testing and ethical hacking. Still, it's not recommended for day-to-day use, such as responding to emails, playing games, or checking Facebook. That's why it's better to run your Kali Linux system from a bootable USB drive. The hacker-friendly Debian-based distro did receive a major update by Offensive Security in late-2019 that changed the default desktop environment from the heavyweight Gnome to a more lightweight Xfce, making Kali ...| Null Byte
As a hacker, the final stage of exploitation is covering their tracks, which involves wiping all activity and logs so that they can avoid being detected. It's especially crucial for persistence if the target will be accessed again in the future by the attacker. To show you the basics of covering your tracks, we'll compromise a target first, then explore some techniques used to delete Bash history, clear logs, and remain hidden after exploiting a Linux system. You can check out our Cyber Weapo...| Null Byte
ESP8266-based microcontrollers can be used to create exciting and legal Wi-Fi hacking games to test your or your friends' Wi-Fi hacking skills. When you first start learning how to hack Wi-Fi, it can be tempting to use your powers on Wi-Fi networks you don't have permission to use. Needless to say, this can get you into a lot of trouble because Wi-Fi hacking isn't particularly subtle, so it's easy to get caught. To keep you from getting into a predicament, we want to make sure you have access...| Null Byte
A PirateBox creates a network that allows users to communicate wirelessly, connecting smartphones and laptops even when surrounding infrastructure has been disabled on purpose or destroyed in a disaster. Using a Raspberry Pi, we will make a wireless offline server that hosts files and a chat room as an educational database, a discreet local chat room, or a dead-drop file server. The Need for Offline File SharingIf you can't think of a use for an offline file server with a built-in wireless ho...| Null Byte
Python is one of the most commonly used programming languages in the world. From data science to game design, Python appears in almost every industry that requires coding of some kind. If you're looking to get into or get promoted to a higher level in one of those industries, then your next step is to learn this versatile programming language. The 2021 Premium Python Certification Bootcamp Bundle can be your guide from Python beginner to master, and it is currently on sale for $34.99. Whether...| Null Byte
Microcontrollers like ESP8266-based boards have built-in Wi-Fi, and that's really cool, but what's even cooler is that certain pro models of the D1 Mini also have a port where you can connect a directional antenna. This can give you exceptional range, but if you were to just plug one in after opening the package, it most likely wouldn't work. The problem, as Glytch covered in a Hak5 video last year, is that there's a tiny zero-ohm resistor on the board that's connecting the built-in antenna t...| Null Byte
There are hidden Wi-Fi networks all around you — networks that will never show up in the list of available unlocked and password-protected hotspots that your phone or computer can see — but are they more secure than regular networks that broadcast their name to any nearby device? The short answer is no, and that could be for any number of reasons. Hidden networks are actually the same as regular Wi-Fi networks; only they don't broadcast their names (ESSID) in the beacon frames that regula...| Null Byte
If you've wanted to get into Wi-Fi hacking, you might have noticed that it can be pretty challenging to find a safe and legal target to hack. But you can easily create your own test network using a single ESP8266-based microcontroller like the D1 Mini. Our goal is to crack a handshake that we capture from our wireless card. So what we'll do here is flash an Arduino sketch onto an ESP8266-based board that allows us to play both sides of a Wi-Fi conversation, simulating a device joining a Wi-Fi...| Null Byte
If you're getting into automation, Bash scripting is usually the way to go. However, there are a couple of limitations, and one of them is logging into another device like a Raspberry Pi and running a script automatically. To help in those situations, we're going to automate delivering an SSH payload with an "expect" script. Bash scripting is more like duct-taping things together, so it isn't able to do everything, including predicting and then reacting to certain variables. So we're going to...| Null Byte
Bash scripting is a convenient way to automate things on any Linux system, and we're going to use it here to automate certain tasks we use all the time. Bash is a simple language for stringing together several different Linux utilities. Its simplicity makes it easy for beginners to create lots of scripts that would otherwise be pretty complicated or require some pretty hefty programming skills. If you know the right Bash commands, you can do all sorts of things. In this guide, we'll use Bash ...| Null Byte
While obvious, it's a lot more difficult to hack into a locked computer than an unlocked computer. As a white-hat hacker, pentester, cybersecurity specialist, or someone working in digital forensics, there's an easy solution — make it so that the computer won't fall asleep and lock automatically in the first place. One way to stop a laptop or desktop computer from sleeping into a locked state is to use a mouse jiggler. It's a tactic used frequently by law enforcement to avoid having to get ...| Null Byte
RedRabbit is an ethical hacking toolkit built for pen-testing and reconnaissance. It can be used to identify attack vectors, brute-force protected files, extract saved network passwords, and obfuscate code. RedRabbit, which is made specifically for red teams, is the evil twin of its brother, BlueRabbit, and is the offensive half of the "Rabbit Suite." The creator of RedRabbit, Ashley Moran, better known as securethelogs, makes a plethora of Windows-based ethical hacking and penetration testin...| Null Byte
With just two microcontrollers soldered together, you can inject keystrokes into a computer from a smartphone. After building and programming the device, you plug it into a desktop or laptop, access it over a smartphone, and inject keystrokes as you would with a USB Rubber Ducky. However, with a Rubber Ducky, you need to first know the type of computer and its operating system, followed by the payload you want to use, so you can program the hacking device to do your bidding. There is no real-...| Null Byte
If you're living or staying out in the middle of nowhere or a rural area outside of a big city or town — where there are no reliable cable, fiber, or wireless networks available — how can you get an internet connection? There are several possibilities, but they all come with tradeoffs, which we'll go over in detail. Normally, rural, more isolated areas in the U.S. are usually only served by one internet provider, whether that's dial-up or some other connection type. These providers offer ...| Null Byte
Social media accounts are a favorite target for hackers, and the most effective tactics for attacking accounts on websites like Facebook, Instagram, and Twitter are often based on phishing. These password-stealing attacks rely on tricking users into entering their passwords into a convincing fake webpage, and they have become increasingly easy to make thanks to tools like BlackEye. BlackEye is a tool to rapidly generate phishing pages that target social media websites, making it much easier t...| Null Byte
Airgeddon is a multi-Bash network auditor capable of Wi-Fi jamming. This capability lets you target and disconnect devices from a wireless network, all without joining it. It runs on Kali, and we'll cover installing, configuring, and using its jamming functionalities on a small, inexpensive Raspberry Pi. When done correctly, it will deny service to a wireless network for up to several blocks. Airgeddon has been covered as a useful tool many timesonNull Byte, but in this guide, I want to show ...| Null Byte
Besside-ng is the hidden gem of the Aircrack-ng suite of Wi-Fi hacking tools. When run with a wireless network adapter capable of packet injection, Besside-ng can harvest WPA handshakes from any network with an active user — and crack WEP passwords outright. Unlike many tools, it requires no special dependencies and can be run via SSH, making it easy to deploy remotely. In my opinion, it's one of the most powerful Wi-Fi hacking tools currently available. First written in 2010 in C, Besside-...| Null Byte
MicroPython is an exciting language to use on ESP8266 boards and ESP32-based microcontrollers, but it doesn't always include all of the libraries you'll need for a specific project. This issue is less of a problem, thanks to the upip package manager. Upip lets you download any package in the standard MicroPython library over a Wi-Fi connection. That's really useful if you're in a project that needs another library and you don't want to go through the tedious process of trying to load it yours...| Null Byte
You've protected your Ubuntu system from physical attacks, annoyed network hackers, and sandboxed potentially malicious applications. Great! Now, the next logical steps to locking down your OS include thoroughly auditing Ubuntu for weak points, using antivirus software that respects your privacy, and monitoring system logs like a boss. This is the final part of our mini-series on strengthening your primary Ubuntu system. You'll learn about hardening weak points in the OS using a well-respecte...| Null Byte
Once you've installed Ubuntu with security in mind and reduced the possibility of network attacks on your system, you can start thinking about security on an application level. If a malicious file is opened on your system, will an attacker be able to access every file on the computer? The chances are much slimmer if you put the proper defenses in place. In this third part of our mini-series on strengthening your primary Ubuntu installation, you'll learn how Ubuntu package repositories work, w...| Null Byte
After installing Ubuntu as your primary OS, you should have protected against USB Rubber Ducky payloads, defended against hard drive forensics, and reduced the overall attack surface against physical strikes. When defending against network-based attacks, you'll want to minimize hardware disclosures, prevent packet sniffers, harden firewall rules, and much more. To be more specific, in this part of the mini-series for strengthening your primary Ubuntu installation, you'll learn to spoof your M...| Null Byte
Windows 10 and macOS have poor reputations when it comes to customer privacy and user policies. Our hacking Windows 10 and hacking macOS articles might make it seem like a reasonably secure operating system doesn't exist. But I'm here to tell you that there is a viable alternative that could provide some sense of security and trust. There are quite a few noteworthy Linux distributions with excellent development records and support communities to choose from. To name just a few, there's Manjar...| Null Byte
Withstanding an attack from a motivated hacker is one of the most important responsibilities a system administrator must undertake. This is especially true for websites that may contain sensitive customer information and a high volume of users. So it's important for a sysadmin to take proactive measures to find and fix vulnerabilities in their websites. One tool that can help with this is Vega Vulnerability Scanner, a free, open-source, graphical web-auditing tool developed by the security co...| Null Byte
While there are completely legitimate reasons to use Bitcoin, it's also used by terrorists, drug dealers, and other shady people that need to be investigated. That's where SpiderFoot comes in, which has a command-line interface to search for Bitcoin wallet addresses on a website and query the balances associated with them. SpiderFoot is a great tool overall for automating OSINT (open-source intelligence), and there are two different versions: the free open-source project and SpiderFoot HX, a ...| Null Byte
What appears to be an ordinary MP4 may have been designed by an attacker to compromise your Linux Mint operating system. Opening the file will indeed play the intended video, but it will also silently create a connection to the attacker's system. Understanding the AttackWhile this article uses Linux Mint as an example, the attack takes advantage of an issue in several Linux file managers. The below GIF demonstrates the attack. Two files are being extracted in the GIF. The first (real_video.mp...| Null Byte
The USB Rubber Ducky is a well-known hacking device in the cybersecurity industry, but it needs to be preprogrammed before it can be used. That means it's not easy to issue commands to a target computer since you can't interact with it from afar after plugging it in. And if you don't know what the target computer is, you might come up empty. That's where the WiFi Duck comes in handy. The WiFi Duck is a project created by Stefan Kremser, also known as Spacehuhn. With it, you can plug the WiFi ...| Null Byte
One of the most promising avenues of attack in a web application is the file upload. With results ranging from XSS to full-blown code execution, file uploads are an attractive target for hackers. There are usually restrictions in place that can make it challenging to execute an attack, but there are various techniques a hacker could use to beat file upload restrictions to get a shell. Bypassing BlacklistsThe first method we'll explore is how to bypass blacklisting. Blacklisting is a type of p...| Null Byte
A dead man's switch is a fairly simple concept. If you don't perform a specific task before a set amount of time, it'll perform a specific action you set. They can be handy not just for hackers but for everyone who wants to protect themselves, someone else, or something tangible or intangible from harm. While there are more nefarious uses for a dead man's switch, white hats can put one to good use. These switches have appeared in pop culture in many different forms, and examples can be seen i...| Null Byte
As we've seen with other tools and utilities, administrators typically use certain things to do their job more efficiently, and those things are often abused by attackers for exploitation. After all, hacking is just the process of getting a computer to do things in unexpected ways. Today, we will be covering various methods to perform banner grabbing to learn more about the target system. Banner grabbing is a technique used to gather information about running services on a computer system. Ba...| Null Byte
One of the most exciting things as an ethical hacker, in my opinion, is catching a reverse shell. But often, these shells are limited, lacking the full power and functionality of a proper terminal. Certain things don't work in these environments, and they can be troublesome to work with. Luckily, with a few commands, we can upgrade to a fully interactive shell with all the bells and whistles. It can often be frustrating when working with reverse shells if all you have is a "dumb" shell. A dum...| Null Byte
When approaching a target, having a precise and detailed plan of attack is absolutely necessary. One of the main goals is to increase the attack surface since the more opportunities there are for exploitation, the greater the chances of success. Subdomain enumeration is one method used to increase the attack surface, and we'll be using a tool called Subfinder to discover hidden subdomains. Subdomain Enumeration OverviewSubdomain enumeration is an indispensable, often overlooked part of the re...| Null Byte
Hackers often find fascinating files in the most ordinary of places, one of those being FTP servers. Sometimes, luck will prevail, and anonymous logins will be enabled, meaning anyone can just log in. But more often than not, a valid username and password will be required. But there are several methods to brute-force FTP credentials and gain server access. File Transfer Protocol is a network protocol used to transfer files. It uses a client-server model in which users can connect to a server ...| Null Byte
GTFOBins and LOLBAS are projects with the goal of documenting native binaries that can be abused and exploited by attackers on Unix and Windows systems, respectfully. These binaries are often used for "living off the land" techniques during post-exploitation. In this tutorial, we will be exploring gtfo, a tool used to search these projects for abusable binaries right from the command line. What Is Living Off the Land?Living off the land is a method used by attackers that utilizes existing too...| Null Byte
The moment arrives when you finally pop a shell on the web server you've been working on, only you find yourself in a strange environment with limited functionality. Restricted shells are often used as an additional line of defense and can be frustrating for an attacker to stumble upon. But with enough patience and persistence, it is possible to escape these restricted environments. What Are Restricted Shells?Restricted shells are simply shells with restricted permissions, features, or comman...| Null Byte
Browser extensions are extremely useful since they can expand web browsers like Google Chrome and Mozilla Firefox beyond their built-in features. However, we don't always know who's behind a browser add-on or what it's doing beyond what's advertised. That's where ExtAnalysis comes into play. ExtAnalysis will unpack an extension so that we can see what's really going on inside. To start using it, you just need to use either Chrome or Firefox, as well as an extension you want to investigate for...| Null Byte
Web applications are becoming more and more popular, replacing traditional desktop programs at an accelerated rate. With all these new apps out on the web comes various security implications associated with being connected to the internet where anyone can poke and prod at them. One of the simplest, yet the most prevalent types of security flaws found in modern web apps are SQL injections. A typical web app doesn't actually store any information in the app itself, but rather it communicates wi...| Null Byte
Sudo is a necessity on most Linux systems, most of which are probably being used as web servers. While the principle of least privilege is typically applied, sudo misconfigurations can easily lead to privilege escalation if not properly mediated. Which brings us to SUDO_KILLER, a tool used to identify sudo misconfigurations that can aid in privilege escalation. The most glaring misconfiguration is running an outdated version of sudo, especially one that has known vulnerabilities. There is sim...| Null Byte
Ports allow network and internet-connected devices to interact using specified channels. While servers with dedicated IP addresses can connect directly to the internet and make ports publicly available, a system behind a router on a local network may not be open to the rest of the web. To overcome the issue, port forwarding can be used to make these devices publicly accessible. Networked services and apps running on various devices make use of ports at specific numbers as a means to initiate ...| Null Byte
Web browser extensions are one of the simplest ways to get starting using open-source intelligence tools because they're cross-platform. So anyone using Chrome on Linux, macOS, and Windows can use them all the same. The same goes for Firefox. One desktop browser add-on, in particular, makes OSINT as easy as right-clicking to search for hashes, email addresses, and URLs. Mitaka, created by Manabu Niseki, works in Google Chrome and Mozilla Firefox. Once installed, it lets you select and inspect...| Null Byte
Privilege escalation is the technique used to exploit certain flaws to obtain elevated permissions relative to the current user. There are a vast number of methods out there to go from user to root on Linux, and keeping track of them all can be difficult. This is where automation comes into play, and a privilege escalation script called Linux Smart Enumeration is one to take advantage of. LSE vs LinEnumLinux Smart Enumeration sets itself apart from other privilege escalation scripts because o...| Null Byte
In the first guide, we laid the groundwork for our ultimate goal of uploading and running the unix-privesc-check script on our target. We identified an input field vulnerable to SQL injection and utilized Sqlmap to set up a file stager on the server. Now, we're ready to upload files and execute the script, so we can identify any misconfigurations that could lead to privilege escalation. The unix-privesc-check script is a Bash script that runs on Unix systems and tries to identify misconfigura...| Null Byte
Microsoft's built-in antimalware solution does its best to prevent common attacks. Unfortunately for Windows 10 users, evading detection requires almost no effort at all. An attacker armed with this knowledge will easily bypass security software using any number of tools. As Microsoft's antimalware solution is Windows 10's first line of defense, it's the subject of a lotofexcellentsecurityresearch. This article will provide a brief introduction to how attackers will evade it entirely. What Is...| Null Byte
The internet has undoubtedly changed the way we work and communicate. With technological advances, more and more people can collaborate on the web from anywhere in the world. But this remote-friendly environment inherently brings security risks, and hackers are always finding ways to exploit systems for other uses. WebDAV, or Web Distributed Authoring and Versioning, is a protocol that allows users to remotely collaborate and edit content on the web. It is an extension of HTTP but uses its ow...| Null Byte
The art of fuzzing is a vital skill for any penetration tester or hacker to possess. The faster you fuzz, and the more efficiently you are at doing it, the closer you come to achieving your goal, whether that means finding a valid bug or discovering an initial attack vector. A tool called ffuf comes in handy to help speed things along and fuzz for parameters, directors, and more. What Is Fuzzing?Fuzzing, or fuzz testing, is the automated process of providing malformed or random data to softwa...| Null Byte
There are countless tutorials online that show how to use Netstat and Tasklist to find an intruder on your computer. But with a few PowerShell functions, it's possible for a hacker to evade detection from the almighty command line. Before we dive into the technical sections, have a look at the following GIF. The attacker has manipulated the PowerShell session in a way that's transparent to the target user. The netstat.exe command identifies an outgoing connection on TCP/4444. This is possibly...| Null Byte
Penetration testing, or pentesting, is the process of probing a network or system by simulating an attack, which is used to find vulnerabilities that could be exploited by a malicious actor. The main goal of a pentest is to identify security holes and weaknesses so that the organization being tested can fix any potential issues. In a professional penetration test, there are six phases you should know. Pentesting LingoLike many industries, and especially within IT, certain terms can cause init...| Null Byte
OpenBSD implements security in its development in a way that no other operating system on the planet does. Learning to use the Unix-like operating system can help a hacker understand secure development, create better servers, and improve their understanding of the BSD operating system. Using VirtualBox, the OS can be installed within a host to create a full-featured test environment. This extremely secure operating system boasts features with which no other OS can compare. While OpenBSD is of...| Null Byte
Identifying security software installed on a MacBook or other Apple computer is important to hackers and penetration testers needing to compromise a device on the network. With man-in-the-middle attacks, packets leaving the Mac will tell us a lot about what kind of antivirus and firewall software is installed. After gaining access to a Wi-Fi router, a hacker will perform a variety of network-based and reconnaissance attacks. Data traversing the network is viewable to anyone with the password ...| Null Byte
Everybody knows not to store sensitive information in unencrypted files, right? PDFs and ZIP files can often contain a treasure trove of information, such as network diagrams, IP addresses, and login credentials. Sometimes, even certain files that are encrypted aren't safe from attackers. That's where Zydra comes in — a tool for cracking RAR files, ZIP files, PDF files, and Linux shadow files. How Are These Files Encrypted?Depending on the program used and its version, these sorts of files ...| Null Byte
If you're ever in a situation where you need to take a peek at the wireless spectrum, whether it's for Bluetooth or Wi-Fi devices, there's a fascinating Python 3-based tool called Sparrow-wifi you should check out. It's cross-platform, easy to use, and has an impressive GUI that shows you the signal strength of nearby devices. Sparrow-wifi, branded as a "next-generation" analysis tool for wireless reconnaissance and surveillance, is simple to install. There's just a bunch of Python libraries ...| Null Byte
PowerShell is an essential component of any Windows environment and can be a powerful tool in the hands of a hacker. During post-exploitation, PowerShell scripts can make privilege escalation and pivoting a breeze, but its execution policy can put a damper on even the best-laid plans. There are a variety of methods, however, that can be used to bypass PowerShell execution policy. PowerShell Execution Policy OverviewThe purpose of PowerShell's execution policy is to control how configuration f...| Null Byte
SSH is one of the most common protocols in use in modern IT infrastructures, and because of this, it can be a valuable attack vector for hackers. One of the most reliable ways to gain SSH access to servers is by brute-forcing credentials. There are a few methods of performing an SSH brute-force attack that will ultimately lead to the discovery of valid login credentials. While not the only ways to do so, we'll be exploring tools such as Metasploit, Hydra, and the Nmap Scripting Engine in Nmap...| Null Byte
Internet Relay Chat, or IRC, is one of the most popular chat protocols on the internet. The technology can be connected to the Tor network to create an anonymous and secure chatroom — without the use of public IP addresses. IRC servers allow one to create and manage rooms, users, and automated functions, among other tools, to administer an instant messaging environment. IRC's roots began in 1988 when Jarkko Oikarinen decided to attempt to implement a new chat protocol for users at the Unive...| Null Byte
Hackers are always seeking zero-day exploits that can successfully bypass Windows 10's security features. There has been extensive research into creating undetectable malware and entire GitHub projects dedicated to automating the creation of undetectable payloads such as WinPayloads, Veil v3, and TheFatRat. With a bit of social engineering, tricking a target user into opening a malicious file can be as simple as injecting a bit of Unicode into the file name. For example, the below GIF shows a...| Null Byte
It's a common misconception that iPhones are impervious to cyberattacks and "more secure" than Android. And when an iPhone does get hacked, it's nearly impossible to tell that it happened. Vulnerabilities in iOS are common, and Apple tries to tackle them with each security update it releases. To get started, consider all of the CVEs disclosed in the last year. That we know of, Apple issued over 180 patches so far in 2020, and likely a lot more that weren't reported. How to Hack into an iPhone...| Null Byte
Automation has been a buzz word for quite some time now, but the principles behind it are as strong as ever. For a hacker or pentester, Bash scripting is one form of automation that cannot be ignored. Virtually any command that can be run from the terminal can be scripted — and should be, in many cases — to save valuable time and effort. And a Bash script just happens to be great for recon. Start the ScriptTo get started, create a Bash script and name it whatever you like. I'll call mine ...| Null Byte
If you've spotted an unintended Ethernet connection and wondered what you could do with all of the information coursing through those wires, there's an easy way to hack into it and find out. Let's say there's a router that we need to know the password for, and we have physical access to an Ethernet connection where we can attach a Packet Squirrel, a pocket-sized tool to main-in-the-middle the network. If the router isn't using HTTPS, we can record all of the traffic over the Ethernet. Once so...| Null Byte
To name just a few companies, VK, µTorrent, and ClixSense all suffered significant data breaches at some point in the past. The leaked password databases from those and other online sites can be used to understand better how human-passwords are created and increase a hacker's success when performing brute-force attacks. In other articles, we'll cover generating wordlists for use in password-cracking. But here, we'll learn how to create wordlists of statistical complexity and length based on ...| Null Byte
An attacker can create three, five, or even ten new Netcat connections to a compromised MacBook with one command. Performing complex post-exploitation attacks might otherwise be difficult from a single shell without this essential trick. Why Create Multiple Netcat Threads?With some macOS post-exploitation attacks, more than one shell may be required. Spawning additional Netcat connections from a single backdoor is possible but can be cumbersome and inconvenient. So I came up with a simple sol...| Null Byte
Secure Shell is one of the most common network protocols, typically used to manage remote machines through an encrypted connection. However, SSH is prone to password brute-forcing. Key-based authentication is much more secure, and private keys can even be encrypted for additional security. But even that isn't bulletproof since SSH private key passwords can be cracked using John the Ripper. SSH Key-Based AuthenticationThe standard way of connecting to a machine via SSH uses password-based auth...| Null Byte
If you want to control electronic devices, such as a relay or motor, you can do so using MicroPython with an ESP8266 and web browser. Usually, you'd program an ESP8266 using Arduino, but C++, which Arduino uses, is not always the easiest programming language for beginners to learn. MicroPython is much simpler to program in. Plus, it's a great way to utilize Python code on a microcontroller, such as an ESP8266 or ESP32, to control basically any electronic component you want from your computer ...| Null Byte
Individually addressable LEDs, also commonly called "NeoPixels" after the popular Adafruit product, are a bright and colorful way to get started with basic Python programming. With an inexpensive ESP8266 or ESP32 microcontroller, it's easy to get started programming your own holiday lighting animations on a string of NeoPixels with beginner-friendly MicroPython! NeoPixels are a great way to get started programming hardware, and if you want to get started using Python to create your own holida...| Null Byte
Flight disruptions can cost billions of dollars, but most modern commercial flights rely on air traffic control systems that harbor serious vulnerabilities. The Federal Aviation Administration uses an infrastructure called NextGen, which relies on Automatic Dependent Surveillance – Broadcast, or ADS-B for short. Since the beginning of 2020, all aircraft that fly within the U.S. must be equipped with ADS-B Out. This aspect of ADS-B broadcasts an airplane's vital information, in plain text, f...| Null Byte
Network enumeration is one of the essential phases of an attack, but it can take a lot of time and effort depending on the size. We've all been spoiled by Nmap and similar tools, and while there is a learning curve involved, they are extremely useful. But there's also GoScan, a tool that builds upon Nmap, offering an automated way to enumerate networks and services quickly. GoScan vs. Other Network ScannersGoScan is an interactive network scanner written in Go that automates certain aspects o...| Null Byte
A mention of the deep web can bring to mind images of drugs, hackers, and other criminal activity. Despite the presence of these elements, the Tor network is a valuable tool for preserving privacy and anonymity. And browsing the deep web and any hidden services can be as simple as downloading the Tor Browser. So what's a hidden service? It's pretty much the same thing as a website on the regular internet, only it uses Tor's technology to stay secure. In some cases, someone who creates a hidde...| Null Byte
Python is commonly touted as one of the best programming languages for beginners to learn, and its straightforward syntax and functionality makes that hard to argue with. But a lot of tutorials still use Python 2, which is outdated now. Python 3 introduces many new features, and it's important to be aware of them going forward, as well as the key differences between Python 3 and its predecessor. Python 2 was first released in 2000. It improved upon earlier versions of the language and introdu...| Null Byte
Data can be injected into images quickly without the use of metadata tools. Attackers may use this knowledge to exfiltrate sensitive information from a MacBook by sending the pictures to ordinary file-sharing websites. Continuing on the topics of DPI evasion, payload obfuscation, and utilizing popular websites to bypass firewalls, we'll be looking at an alternative way of embedding data into images. Unlike using metadata tags to store payloads inside a picture, this method involves injecting ...| Null Byte
3D printers allow hackers and makers alike to create something from nothing. They're an incredible technology that lets you build protective cases and covers for gear such as a wardriving phone and Raspberry Pi-Hole. 3D printers can even help you out in a bind when something breaks, and it's impossible to get the part, since you can just print one out yourself. And with 3D printers being relatively cheap these days, there's little reason not to get one if you think you'd have many uses for it...| Null Byte
Determining the antivirus and firewall software installed on a Windows computer is crucial to an attacker preparing to create a targeted stager or payload. With covert deep packet inspection, that information is easily identified. This attack assumes the Wi-Fi password to the target network is already known. With the password, an attacker can observer data traversing the network and enumerate installed security software. Popular antivirus and firewall solutions become easily identifiable when...| Null Byte
Post-exploitation is often not quite as exciting as popping the initial shell, but it's a crucial phase for gathering data and further privilege escalation. Once a target is compromised, there's a lot of information to find and sift through. Luckily, there are tools available that can make the process easy. One such tool is Postenum. To show everything Postenum has to offer for post-exploitation, we're using Kali Linux as our local machine. As for the target, if you want to follow along and t...| Null Byte
A lot of time can be wasted performing trivial tasks over and over again, and it's especially true when it comes to hacking and penetration testing. Trying different shells to own a target, and testing out privilege escalation commands afterward, can eat up a lot of time. Fortunately, there is a tool called One-Lin3r that can quickly generate shells, privesc commands, and more. One-Lin3r is a Python tool that acts as a framework to automate the generation of one-liners commonly used in pentes...| Null Byte
The only thing better than programming MicroPython is programming MicroPython over Wi-Fi. So once you set up MicroPython on a microcontroller and have it on its own power source, you won't need to use a data cable to connect to it whenever you need to interact with it, program it, upload files, or grab data. The MicroPython REPL interface is very simple, which makes it an attractive option for an ESP8266 or EP32 board, and the WebREPL interface is even more convenient. After setting everythin...| Null Byte
The Pi-hole project is a popular DNS-level ad blocker, but it can be much more than that. Its DNS-level filtering can also be used as a firewall of sorts to prevent malicious websites from resolving, as well as to keep privacy-killing trackers such as Google Analytics from ever loading in the browser. Let's take a look at setting a Pi-hole up and customizing a blacklist to suit your needs. If you're not familiar with what DNS is, let's start there. A domain name server, or DNS, is the equival...| Null Byte
PirateBox is a great way to communicate with others nearby when cellular and Wi-Fi networks aren't available. With it, you can anonymously share any kind of media or document and even talk to one another by voice — without being online. However, it needs a Raspberry Pi, which is more expensive than ESP32 boards, and if you only need a text-based chat, there's a much simpler option. With a cheap ESP32 microcontroller and the ChatterBox sketch for Arduino, you can create an offline anonymous ...| Null Byte
When you don't have a steady cellular signal or immediate Wi-Fi access but need to communicate with others around you, you can set up an off-the-grid voice communications network using a Raspberry Pi and an Android app. There are apps such as Bridgefy that will create a mesh network to communicate with other devices over Bluetooth. Still, when you're traveling in a convoy and want to message people in other vehicles, all the metal will make that nearly impossible. Even in situations where you...| Null Byte
Privilege escalation is one of the essential skills a hacker can have and often separates the newbies from the pros. With a continually changing landscape and a plethora of exploits out there, it can be a problematic aspect of any attack. Luckily, some tools can help expedite the process. Linux Exploit Suggester is just one of many to help you get root. Privilege escalation is the act of gaining access to the privileges of another user on the system. It comes in two flavors: horizontal and ve...| Null Byte
You may be familiar with image-based or audio-based steganography, the art of hiding messages or code inside of pictures, but that's not the only way to conceal secret communications. With zero-width characters, we can use text-based steganography to stash hidden information inside of plain text, and we can even figure out who's leaking documents online. Image- and audio-based steganography has been covered severaltimeson Null Byte, which involves changing the least significant digit of indiv...| Null Byte
While conducting an OSINT investigation, it's important to be able to pull in information based on any clue you uncover. In particular, license plate information can turn up everywhere, from photos to live data to on your own street. You could use that data to find the VIN, see if a Tinder date has hit anyone, find out who's blocking your driveway, and so on. Skiptracer can help get the ball rolling. To get started, you'll need to have Python 2 installed and updated on your system. The develo...| Null Byte
It's exciting to get that reverse shell or execute a payload, but sometimes these things don't work as expected when there are certain defenses in play. One way to get around that issue is by obfuscating the payload, and encoding it using different techniques will usually bring varying degrees of success. Graffiti can make that happen. Graffiti is a tool that can generate obfuscated payloads using a variety of different encoding techniques. It offers an array of one-liners and shells in langu...| Null Byte
Penetration-testing frameworks can be incredibly useful since they often streamline certain processes and save time by having a lot of tools available in one place. Of course, the most popular pentesting framework is undoubtedly Metasploit, but there are many others out there that cater to particular needs. For auditing web applications and servers, Tishna comes in handy. The Tishna pentesting framework is designed to automate some of the processes involved in auditing web apps and web server...| Null Byte
Whether you miss the good old days of Telnet or you want to know what hacking was like when security was nothing but an afterthought, Telehack is the game for you. The text-based hacking game is a simulation of a stylized combination of ARPANET and Usenet, circa 1985 to 1990, with a full multi-user universe and player interactions, including 26,600 hosts. Before cloud computing, social media, and online shopping, there existed something called ARPANET, the precursor to the internet as we know...| Null Byte
Welcome back, my apprentice hackers! As many of you know, I have been hesitant to adopt the new Kali hacking system from Offensive Security. This hesitancy has been based upon a number of bugs in the original release back in March of 2013 and my belief that BackTrack was easier for the novice to work with. In recent days, Office Security has discontinued the downloads of BackTrack (although it is still available from many torrent sites), and the release of Kali 1.0.6 in January of 2014 repair...| Null Byte
For a hacker, there are a lot of advantages to creating a fake network. One advantage forces nearby devices to use their real MAC address if you happen upon a network that's stored in their preferred network list. There are a lot of tools out there for creating fake access points. Spacehuhn has designed one called the Beacon Spammer that's based in Arduino and allows you to create hundreds of artificial networks, all spammed out regularly using different MAC addresses. We can even create fake...| Null Byte
For anyone interested in using cheap, Wi-Fi-connected microcontrollers like the ESP8266, the Arduino programming language can be a barrier to entry. Based on C++, Arduino requires knowledge of more computer science than languages like Python. Fortunately for beginners, setting up MicroPython on an ESP8266 allows anyone to write Python on affordable microcontrollers in a matter of minutes. Cheap Prices Come with a Learning CurveOne of the first languages many people learn for programming elect...| Null Byte
Attacks against databases have become one of the most popular and lucrative activities for hackers recently. New data breaches seem to be popping up every...| Null Byte
