KALI Linux Mailing List Website Hacked Using Heartbleed Vulnerability.

When it comes to Digital Forensics, Penetration and Security testing, we mostly relies on Kali Linux distribution (also known as Backtrack), which is designed for security professionals and packed with more than 300 security testing tools.

But Today, Mailing List sub-domain of Kali Linux get hacked and defaced by Libyan hacking group known as ‘The GreaT TeAm (TGT)’.

A mailing list is simply a list of email addresses to which the same information is being sent. A discussion list is used to allow a group of people to discuss topics amongst themselves, with everyone able to send mail to the list and have it distributed to everyone in the group. Mailing lists have become a popular way for Internet users to keep up with topics they're interested in.

At the time of writing, The Homepage of Kali Linux mailing list domain was displaying two lists, i.e.

• Kali with description "Hacked By The GreaT TeAm -TGT"
• Kali-Dev with description “Libyan Hackers”

Somehow Hackers managed to exploit some unknown vulnerability, either on Kali Linux web server or in Mailing list software used by Offensive Security team, and posted a Batman movie pic with Greetings text, “h4x3d by The GreaT TeAm” and “Libyan H4x0rz :D”, as shown in the above screenshot.

Hackers have also shared mirror of the defacement attack at Zone-H website.

Update: Hacker told 'The Hacker News' editorial via email that lists.kali.org domain is hosted on https://mailmanlist.net/, who offers an easy web interface for administrators to manage their discussion lists. Hacker claimed that 'Mailman List' website is affected by 'Heartbleed' vulnerability.

He said, "First I got access to one of the Mailmanlist.net user acount with stolen cookies, collected by exploiting Heartbleed vulnerability and then I searched for other web application vulnerabilities", that allowed him to extract the administrative username and password of the Kali Malining list account.

Heartbleed vulnerability in OpenSSL is a serious and widespread problem and despite having a team of top Security Researchers, Kali Linux too didn't remain untouched from it.

Update: Kali team tweeted, "Looks like our inactive, 3rd party, 0 volume mailing list was hacked. DNS entry removed - back to sleep, problem solved."

Read More

Phishing Method Facebook Mobile Hacking using Wapka.

Phishing Method Facebook Mobile Hacking using Wapka [undetectable].

What is Phishing ?
Phishing is a way of deceiving your victim by making him login through one of your webpages which is a copy of the original one. By doing so the fake webpage will save his E-mail ID or username and password. This is used for criminal activities for stealing Credits Cards and So on.

Now we are going to make a fake login page of Facebook Mobile.

Lets start the tutorial...

Step 1: Register a new Wapka Account
First create a new wapka account from the link below.

Step 2: Editing Wapka Texts
Login to your Wapka account. Goto Settings>Edit text> Forum/chat and change the following words,

Name: Email or Phone
Text: Password
Submit: Log In
It's shown in the screenshot below.

Click 'Edit' to save and Login to your account in ADMIN mode.

Step 3: Create a new forum
Create a new forum to save all hacked usernames and passwords in your site.
You can do it by Edit Site>Forum

Get inside your newly created forum and note down its Forum ID. You can find it at the right bottom corner of the forum. Its shown below.

Step 4: Change Forum Visibility
The forum we create above will be visible to everyone. Now we have to change its visiblity, so that admin can only view the hacked usernames and passwords.
You can do it by Edit site>Users>Items visibility
Mark 'X' to make it visible only in admin mode.

Step 5: Uploading Facebook Mobile Phisher Page Source Code
Just copy and paste the code below in your site.

You can add it by Edit site>WML/HTML code

Note: But before pasting, edit the code and replace 'XXXXXXX' with your Forum ID( as you found it in step 4) and remove spaces in small form tag.

Now you can see your fully designed facebook phishing page.
But there'll be only one filed instead of 'Email or Phone' and 'Password' fields.
Don't worry, wapka won't ask usernames when you are logged in.
So just logout your admin mode or open your site url in a new tab. You'll see a page like this.

* You can find all hacked usernames and passwords in the forum by logging in as ADMIN.
Now use your social engineering skill to make the vitim to login in your site. You can send him a message with your link.

Disclaimer: DO NOT use this for fraudulent activities use this just to gain knowledge and not to cause harm to other people in any sort.

By trying this trick, you'll surely learn the basics of Hacking, HTML and Wapka.

If you got any problem, then describe the problem in comments below...

Earn money by  AdSense   click here and SignUp 

Read More

Create Binary Virus To Format Hard Disk

Create Binary Virus To Format Hard Disk.

1. Copy the below codes into Notepad.

01001011000111110010010101010101010000011111100000

2. Save the file as Format.exe

3. You just created virus to format Hard Drive. Enjoy !!!
Warning: Please don't try to run on your own computer or else it will delete all the content of your C Drive. I will not be responsible for any damage done to your computer.

Read More

Ethical Hacking Basics: Here Are 10 Awesome SSH Hacks.

Ethical Hacking Basics: Here Are 10 Awesome SSH Hacks.

Secure Shell (SSH) is widely used by network administrators to control Web and other kinds of servers remotely. The UNIX-based command interface and protocol can also be used to tunnel your traffic, transfer files, mount remote file systems, and much more. We have compiled here a list of 10 awesome SSH Hacks.

1.Giving SSH keys unique names

Particularly useful when you're administering a number of remote computers. You can name the SSH keys anything you want.

2.Putting long commands in text files

In this way you can use your long command to log in and run on a remote PC:

xyz@local:~$ ssh user@remotehost "'cat filename.txt'"

Do not use fancy quotations copied from some Web page. Use back-ticks instead of single apostrophes.

3.Logging in and running a command in one step

When powering off a remote computer for instance, you can log in and run the command in one step:

xyz@local:~$ ssh user@remotehost sudo poweroff

4.Launching a remote screen session

This is how you do it:

host1 ~ $ ssh -t user@host2 /usr/bin/screen -xRR

5.Viewing all fingerprints and randomart images in known_hosts

View them all in your ~/.ssh/known_hosts file:

$ ssh-keygen -lvf ~/.ssh/known_hosts

6.Retrieving the fingerprint and randomart image of an SSH key

Here's how you do it:

$ ssh-keygen -lvf keyname

7.Logging in with server-specific keys

Here's how you do it:

$ ssh -i .ssh/web-admin.pub user@webserver

8.Fast easy known_hosts key management

Here's how you can do it:

$ ssh-keygen -R remote-hostname

9.Reading public key comments

Here's how you can do it:

$ less .ssh/web-admin.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1

[snip] KCLAqwTv8rhp downtown lan webserver

10.Giving SSH keys informative comments

Here's how you can do it:

$ ssh-keygen -t rsa -C "downtown lan webserver" -f .ssh/web-admin

Read More

Here are 20 ways to become a better Ethical Hacker.

Here are 20 ways to become a better ethical hacker:

1. Learning scripting languages such as Python, Perl and ruby is highly advisable. This in turn will help you in automating your tasks while also improving your skills. 

2. Good ethical hackers need to know and ynderstand all possible user inputs to stay ahead in their game.

3. Ok, so you have successfully gained access to someone's account! Pat your back soldier, but that doesn't mean you're good. A good hacker would ensure he/she does not leave behind any trail whatsoever. Take note and don't alter a thing, simply watch and fetch the relevant information you seek and off you go!

4. You know that thing about traveling and the art to discover new possibilities? Well, the same rules apply for any good hacker as well. Traveling to uncharted shores will make you better!

5. Google has been nothing short of a revelation for the world. Anything you need, is there at just a click of the mouse. Ethical hackers must not shy away from using either Google or resources like exploit-db to stay well ahead when it comes to all the information regarding various versions and bugs of your potential target. This would ensure you're up to date with the kind of versions that might be possibly used on a target website, thereby knowing everything about the possible vulnerabilities and their potential exploitation.

6. Man pages are in abundance out there. These online software documentations usually found on a Unix or Unix-like operating system have all the necessary information you need. A thoroughly informed hacker will obviously ask well informed questions.

7. Writing open source programs is both healthy and highly effective. Try out Linux and all its goodness. Programming Languages like C, Pearl, Lisp, Java and Html are there for help, and they are awesome!

8. While a personal interest in computers is quite an obvious, a good ethical hacker will take things one at a time rather than taking it all up from the word go and being frustrated at the end. Theory must be followed by practice. There are tutorials, yes, but avoid following them blindly. Watch tutorials only when you're stuck and need to take points.

9. Before plunging into programs like BACKTRACK, METASPLOIT etc, learn how old hackers did it. Start from scratch, learn manual hacking, coding one day at a time. And in time you'll be the master of your trade!

10. Rather than blindly relying on tricks, go for deeper understanding without rushing into topics, Remember, "Slow and Steady wins the race".

11. Don't ever be shy of asking. Go on and join various hacking groups and forums. This will not only help you ask fellow hackers but also keep you updated with latest hacking news.

12. Ok, if you don't know the basic difference between a scripting language and a programming language, you need to seriously reconsider what you're doing with your life! Well, if you do know the difference, proceed to understand what programming language to use when. Don't waste your time writing something that could have been completed way faster.

13. If you thought hacking was some sorcerer's magic, well you're sadly mistaken! It takes way lot of time, that could be mentally challenging. Remember, there is no shortcut in this game. Plan your every step carefully and link them carefully for effective execution.

14. "Sweat more in practice, so you bleed less in war!" Do I really need to explain that?

15. While testing, start with the basic stuff, and in case you don't know them, well better start learning!

16. You must remember: the more you enumerate, the more attack surface will be avaialable to feast upon.

17. You must be thorough with all the different protocols before diving in. Read the RFCs carefully in order to have a clear understanding of how these work and also in case there are any security by design issues. Understand your context next, then develop an exploit accordingly.

18. Burn the midnight oil. Learn, think, try, fail, try again!

19. Well, if you think you're the best, think again! Be your on competitor rather than going after some selfish wish to rule the world and stuff! Remember, there's always going to be a new vulnerabilty round the corner to be exploited, it might be you or somebody else! The important thing is to keep on learning.

20. Do you know your system inside out? Well, it's high time you do! You simply can't be a better hacker if you're not pretty sure of your own system.

Read More