All posts by Rushabh Gedam

Doxagram : Selling of instagram accounts

After the Facebook data breach the hackers target the bigger community i.e Instagram. Now it is confirmed that the hacker is from Russia and nearly thousands of accounts hacked including the 6 millions celebrities. All this accounts and details are available on Doxagram. Which is shop of 6 million “High Profile” verified accounts leaked database.

Also Read:- Download Everything Regarding your Personal FACEBOOK Data

Just yesterday, we reported that Instagram had patched a critical API vulnerability that allowed the attacker to access phone numbers and email addresses for high-profile verified accounts.

Now it is to be assumed whatever data that has been leaked it can be one of yours, so reset your password.

How to set secured password ?

  1. Password must contain at least 6-8 Characters in which you must use uppercase 2-3 elements.
  2. It must have 2-3 Special characters.
  3. It must contain at least 4-5 numeric digits.

In this way it is considered as the much stronger password like [email protected]

After the Facebook security Breach, Instagram data is available for sale at Doxagraminstagram hacked+knowledgesuttra

Now reportedly Instagram delivers the notification to each account whose password stolen/hacked by the hackers. To take care of their accounts.

 

 

Keep shortened URL’s away and reach the Destiny URL

Hi,welcome to KnowledgeSuttra .Now-a-days the mysterious thing that actually happens for earning is links shortening. Links that are shortened first goes to the owner’s page and then redirects to the hidden link.

How It Works?

What it actually does is the Link shortener’s attempt to get multiple links and then rewards their user’s by small amount/price. But the thing which is irritating users is waiting for destiny.

To skip the time wasting reach the destiny URL’s directly, here’s the small but useful guide.

Fire up browser(Mozilla FireFox, Google Chrome recommended).

Search for Tampermonkey Extension, Or click on for chrome for FireFox Download it.

Now go to Bypasser script

Click on Install Lite Edition.

Here’s the end of article for the tutorial/hands on follow the instructions.

Steganography : Catch your victim behind the Filesystem

Hi,welcome to KnowledgeSuttra . It happens many times when we try to download the pirated software like Adobe Photoshop, Adobe Premier Pro, Microsoft Office for FREE. They are available on many sites for FREE with its crack and available patch. But we don’t have an idea what actually the patch is going to do.

We only know that it will give us the Paid Software for Free. In this era of 21st century, even asking a girl for kiss it will also cost something then how could anyone give you a Completely paid software’s for FREE ?

What actually happens in backend during using those cracked software’s ?

Maximum times it comes with malfunctioned. Malfunctioned means a program that able to run automatically with the cracked software to grab what is doing the FREE user. Hackers even monitors the Screen, Ctrl + C, Ctrl + V events, as well as keystrokes our bank info also leaked during this, and many more.

How they actually do this ? They compose their own malware’s and combine it into cracked softwares. And easily upload it to web. We visit their sites, and download it.

Hiding .txt behind .mp3

Hiding .doc behind .jpeg/jpg/png

Here’s the tutorial how to combine malware into software.

There’s a command lines also available, but GUI is preferable.

Download OpenPuff.

Open OpenPuff, it will gives options to hide, unhide, etc. openpuff:-Steganography+knowledgesuttra

Click on Hide.

openpuff:-Steganography+knowledgesuttra
openpuff:-hiding

It will open the screen as shown above.

  1. Enable/Disable both B/C password protection.
  2. Target will be the software or any file which we don’t want to show to user.
  3. Add other files that we want to show to user.
  4. Select the methods to encrypt file which is same as the extension of selected file in third step.
  5. Click on hide data.
  6. Then select the destination folder to save the file.
  7. Done

Now you can send that Malfunctioned file to the intended user.

You caught the victim.

 

 

How to gain complete access on Router/ DHCP server ?

Well ! Sometimes it happens like a single router/DHCP server is available at the location and many user get connected to that, in such cases the surfing speed is not so good. And obviously what we actually think “Somehow I can disconnect everyone and utilize the whole Wi/Fi router speed for my surfing.” But can’t actually perform the blocking of other devices to restrict service of server only for self surfing.

This professionally it is also termed https://somethingelse.com/wp-admin as DHCP Starvation !

Why Professionally it is termed as DHCP Starvation ?

Answer is quite simple. GO through The Hacking Grammar.

Let’s get back to the topic.

DHCP Starvation is a process of acquiring all the IP’s throughout the whole range provided by the Router/DHCP server. And here we can do this by a small and open source tool known as Yersinia.

What do you actually gonna perform ?

We will install the tool, run it, and grab the whole range of IP that could be served by the DHCP server/Router/Wi-Fi. I prefer to use the Linux and recommend to use the backtrack for this session. Configure the validated Backtrack and open the command prompt. Here it is not recommended to do the practical to harm any system.

Open the terminal of backtrack i.e command prompt.

Now write

[email protected]:~# yersinia -G

And then hit Enter ┘

It will open a prompt window with a GUI(Graphical User Interface).

Just few clicks will allow a hacker to victimize a Router/DHCP server.DHCP Starvation

Click on DHCP tab.DHCP Starvation+knowledgesuttra+image 2 Click on launch attack.DHCP Starvation+knowledgesuttra+image 3

The last Pop-up asks for how the attack should be ?

Select the option to discover.DHCP Starvation+knowledgesuttra+image 4

All the steps are noted and the resultant Router/DHCP server status will look like busy Up to range 253 as 255 is broadcast IP and 254 allocated by router itself.DHCP Starvation+knowledgesuttra+image 5

Now last but not least, question arises is A single MAC id can have only one Network connectability, but as mentioned above Yersinia tool catches all IP that can be provided, HOW ?

The yersinia itself created as to automatically spoof the MAC address and get the every possible combination

FREE : Proxy, VPN & Accomplishing Safety

Hi,welcome to KnowledgeSuttra.In order to deal with hacking the very first thing that you hide is your Virtual Identity. So how actually we are dealing with the VPN’s and proxy’s,

Kindly go through :-

Why to do so ?

Because it will clear all the concepts of how IP actually works, in which you will go through its construction. And here we go for changing the static IP address.

There are many guides available that enables user to change IP address for browser dependency. Like changing the static IP address in Chrome Browser, Mozilla Firefox Browser, Internet Explorer, Opera, etc. But configuring the application we might get diverted our focus from PC(system) IP address.

Now go to www.proxyswitcher.com, click on download tab, there is option for Purchase & Download. It will give you a 15 days FREE trial. As most of us want many contents for FREE, here it is but for 15days only.free vpn 1+knowledgesuttra

 After few clicks you will easily get the setup is to be installed. And make sure to do the below step.free VPN 2+knowledgesuttra

 Uncheck the entire checked box.

Now click on Start your 15 Day Trial.

The screen which appears will give you a choice to do the final setup which allows the ProxySwitcher to find active IP address range and select whatever you wish.

And now connecting the available IP’s.

There’s a switch available before IP address click on that and check your IP at any IP checker website.

Keep in touch for next update regarding to Cyber Security.

Special technique to Grab every sale and offer

Hi,welcome to KnowledgeSuttra . As many time it happens with me, may be with you also. like you seen an add regarding any sale or offer and when ready to grab it. It prompt with out of stock . Here is small trick it might help you. let’s take deep dive into it

The very first thing you are going to check

“Amazon’s offer, Flipkart Big Billion Days, Free days offer’s, MI 4th anniversary”

Consider it is declared that tomorrow is the date of sale, Big billion days, etc. You will create an account for the same sale shop, the carefully fills the all updated account details. Now here is the time for sale lets consider 4PM.

3:59:57 – 3:59:58 – 3:59:59 -Sale On-4:00:00-Out of stock-4:00:00

Where you are wrong ? What thing you missed out ?

All excitement that you think you will put on store’s database gone into dumpbase.

Here’s somewhat tricky methods that will lead you to grab them ! Yes ! Surely you gonna get that stuffs from particular shops.

First of all, Go to https://archive.org

As obviously whatever we are missing we makes it archived. Same thing we will going to with the shopping sites.

We will submit the URL of shop which is generated during the sale, once anyone submitted that URL everyone able to get that link back and use your archived link and avail offer.

Well, the summary of submitted URL will look like

Now the question arises is How to submit the URL ?archive image 2

In the above image the very easy step to do is click on the search bar, and hit ENTER.

Automatically it will promt for page are not archived, want to archive all pages under www.url.domain

Everything is in your hands. Do not use it maliciously

NESSUS : Tool to discover, scan and find Vulnerability in NETWORK

In the previous session we’ve discussed about gaining the information of our victim. This guide is about scanning the network of a victim. But here we deal with the tool called as NESSUS. Yes ! Its open source(FREE).

Available on www.tenable.com/products/nessus. There is no need of Linux system to use this tool. You can easily download it from the link given above for MAC OS X, MICROSOFT WINDOWS , LINUX, FREEBSD, GPG KEYS. So there is no question about which GUI OS to be used for this.

Causes of vulnerabilities in Network !

1. Networking devices shouldn’t connected in proper manner.
2. Networking device’s configuration isn’t done properly.
3. A silly mistake in the OPEN/CLOSED ports setting.

If you have downloaded the tool called Nessus ,then proceed for the further tutorial.

As the IP of victim we got from the Fingerprinting. We will use that IP address to check vulnerabilities in network of the victim either it is organization or individual the Network configuration is important.
Click on new scan as shown in the image.

Nessus+new scan+knowledgesuttra


Nessus+new scanttra+knowledgesu

There are various built-in templates available. Recommended to use advanced scan & set up the parameters according to you. It allows us to make our system behave like what we want.

You can setup port scan planning, you can setup host scan planning, you can setup discovery of host planning, etc.

Nessu+knowledgesuttra

Setup your NESSUS tool according to your requirements.

Now directly enter the victims IP and make sure internet connection is fast and run at least 2 hours. Because it is very useful tool which scans your victim from the starting IP range to end. And then scanning the devices present in network and then gives arise the report in the user convenient form that can be HTML, or anything. In that report some of the IP address highlighted by RED ORANGE GREEN. Hope you can easily understand the color coding system. Red identifies that the devices on that IP can be used for hacking and exploiting.nessus image 4+knowledgesuttra

Now you can check one by one all IP address and one by one all tabs to check the vulnerabilities.

Fingerprinting : The finest touch to your victim.

Hello,welcome to KnowledgeSuttra . As we saw in the past that there are total five phases in penetration testing/hacking/ pentesting.

For guide click here :-  Steps/Phases in System, Server, Organization Hacking

Here we go for the next tutorial which helps us to do the fingerprinting. In which we can get information including

  •   Operating System running on the target/victims machine.
  •  Applications running on the victims machine.

What will be the benefits of doing this ?

Vulnerability finding time is saved, so you got your victim in hand.

What’s next ?

After finding the Operating Systems & Applications running on the victims machine. You can go to the next phase Second Phase of Hacking is Scanning.

How ?

Fire up the kali linux machine. As already stated in

Check this for beneficial contents. In Kali Linux use ping commands to check whether the host is alive or not. If the response is fine then use command telnet victims IP port(80)

Here are some of the Screenshots which compromise my VMware machines.

No problem if you are not familiar with commands Use the GUI version of nmap called as ZenMap.

And when finding the OS information and Applications running on the victims machine by GUI use IDServe.

To download it visit :- www.grc.com/id/id-serrve.htm

fingerprinting +knowledgesuttra


fingerprinting+knowledgesuttra


fingerprinting+knowledgesuttra

For the next phase Keep in touch with us.

Phishing : Stay Safe or Sacrifice Yourself.

Hi,welcome to Knowledgesuttra.  Phishing, one of the most popular type of attack in cyber world. previously we  had uploaded blog regarding to types of attacks in cyber world . Let’s take deep dive into it ,and understand what is Phishing .Maximum time we made fool by an organization or a person who starts messaging like


“Hooola, I got $100 from this link visit here http://get-100$.com, register using facebook/google and get $10 for registration share link with 10 friends to get remaining $90.”


Hackers caught us on the huge platforms including Social Media like Facebook, WhatsApp, LinkedIn, Twitter,etc. They know very well that where their audience is interested, sometime that message could be changed, and after also you get hacked.

How these links works ?

As shown in above image, you can easily make sure that these links do not afford even a SSL certificate.

And if a money providing site can’t afford SSL certificate then how will you get paid.

How to check SSL certified or not ?

The green lock connected with the URL is the only identifier of a SSL certificate.how to check SSL certificate +knowledgesuttra

Here, we discussed about how we caught in hackers hand. Let’s start discussion on how to keep safe.

  • If you don’t find this lock then do not login on that links.
  • Whenever free reward, earn, anything like that which deceive us to click on that links, at least once think about that “Is it true ? Can it happen ? Can anyone give you free Money in the era of paid ?”
  • Never login any suspicious links from facebook. Copy them Open in browser, and then check is it legit or not.

Hope all these information might help you,  keep you safe from phishing attack . If you got any query’s feel free to ask me out in comment section or ping us on Facebook

Build your first Virus + Trojan + Malware

Hello ,welcome to KnowledgeSuttra .As everyone knows computer listen only one language which we don’t. It is coding. And what a hacker do during development of viruses, trojans, malware. Yes ! You are 100% right. They uses coding. But many of newbies confident on hating codes. We will see step by step.

What hackers actually do ?

As everyone knows hacker has knowledge of minimum coding & using toolkits. If you don’t have an idea about that, click here and get basic idea regarding  Attack in Cyber World

Now, what we can easily do to develop a virus.

Its recommended to every reader that Do not try to deploy your developed viruses at self machine. But it doesn’t means that you gonna deploy it on others(Schools, Colleges, Friends, organizations) PC.

As you can see in the above image, you wish to get that tool. But,….! Huuurreeeeeee !!! I  Am giving it to you guys.

Click Here ⇒ Download

Before using it on your Personal Computer Please read it carefully.

NOTE:

  1. Once you deploy this virus at any machine will disable to open your Terabit Virus maker too.
  2. After you made/deployed your VIRUS/MALWARE/TROJAN, the organization/this reference is not responsible for the any kind of malicious activity.
  3. If you liked it, share as much as possible.