Home / Linux Hacking
Showing posts with label Linux Hacking. Show all posts
Showing posts with label Linux Hacking. Show all posts

Sunday, 22 May 2016

Linux 101 Hacks eBook Free Download

Comment

Linux 101 Hacks eBook Free Download
Linux 101 Hacks” by Ramesh Natarajan is available in PDF format for free. This book gives you practical examples to build a strong foundation in Linux.


Author(s): Ramesh Natarajan
File Size: 838 KB
File Format: PDF
Number of pages: – 140

Table of Contents:
    • Chapter 1: Powerful CD Command Hacks
      • Hack 1. Use CDPATH to define the base directory for cd command
      • Hack 2. Use cd alias to navigate up the directory effectively
      • Hack 3. Perform mkdir and cd using a single command
      • Hack 4. Use “cd -” to toggle between the last two directories
      • Hack 5. Use dirs, pushd and popd to manipulate directory stack
      • Hack 6. Use “shopt -s cdspell” to automatically correct mistyped directory names on cd
    • Chapter 2: Date Manipulation
      • Hack 7. Set System Date and Time
      • Hack 8. Set Hardware Date and Time
      • Hack 9. Display Current Date and Time in a Specific Format
      • Hack 10. Display Past Date and Time
      • Hack 11. Display Future Date and Time
    • Chapter 3: SSH Client Commands
      • Hack 12. Identify SSH Client Version
      • Hack 13. Login to Remote Host using SSH
      • Hack 14. Debug SSH Client Session
      • Hack 15. Toggle SSH Session using SSH Escape Character
      • Hack 16. SSH Session Statistics using SSH Escape Character
    • Chapter 4: Essential Linux Commands
      • Hack 17. Grep Command
      • Hack 18. Find Command
      • Hack 19. Suppress Standard Output and Error Message
      • Hack 20. Join Command
      • Hack 21. Change the Case
      • Hack 22. Xargs Command
      • Hack 23. Sort Command
      • Hack 24. Uniq Command
      • Hack 25. Cut Command
      • Hack 26. Stat Command
      • Hack 27. Diff Command
      • Hack 28. Display total connect time of users
    • Chapter 5: PS1, PS2, PS3, PS4 and PROMPT_COMMAND
      • Hack 29. PS1 – Default Interaction Prompt
      • Hack 30. PS2 – Continuation Interactive Prompt
      • Hack 31. PS3 – Prompt used by “select” inside shell script
      • Hack 32. PS4 – Used by “set -x” to prefix tracing output
      • Hack 33. PROMPT_COMMAND
    • Chapter 6: Colorful and Functional Shell Prompt Using PS1
      • Hack 34. Display username, hostname and current working directory in the prompt
      • Hack 35. Display current time in the prompt
      • Hack 36. Display output of any command in the prompt
      • Hack 37. Change foreground color of the prompt
      • Hack 38. Change background color of the prompt
      • Hack 39. Display multiple colors in the prompt
      • Hack 40. Change the prompt color using tput
      • Hack 41. Create your own prompt using the available codes for PS1 variable
      • Hack 42. Use bash shell function inside PS1 variable
      • Hack 43. Use shell script inside PS1 variable
    • Chapter 7: Archive and Compression
      • Hack 44. Zip command basics
      • Hack 45. Advanced compression using zip command
      • Hack 46. Password Protection of Zip files
      • Hack 47. Validate a zip archive
      • Hack 48. Tar Command Basics
      • Hack 49. Combine gzip, bzip2 with tar
    • Chapter 8: Command Line History
      • Hack 50. Display TIMESTAMP in history using HISTTIMEFORMAT
      • Hack 51. Search the history using Control+R
      • Hack 52. Repeat previous command quickly using 4 different methods
      • Hack 53. Execute a specific command from history
      • Hack 54. Execute previous command that starts with a specific word
      • Hack 55. Control the total number of lines in the history using HISTSIZE
      • Hack 56. Change the history file name using HISTFILE
      • Hack 57. Eliminate the continuous repeated entry from history using HISTCONTROL
      • Hack 58. Erase duplicates across the whole history using HISTCONTROL
      • Hack 59. Force history not to remember a particular command using HISTCONTROL
      • Hack 60. Clear all the previous history using option -c
      • Hack 61. Substitute words from history commands
      • Hack 62. Substitute a specific argument for a specific command
      • Hack 63. Disable the usage of history using HISTSIZE
      • Hack 64. Ignore specific commands from the history using HISTIGNORE
    • Chapter 9: System Administration Tasks
      • Hack 65. Partition using fdisk
      • Hack 66. Format a partition using mke2fsk
      • Hack 67. Mount the partition
      • Hack 68. Fine tune the partition using tune2fs
      • Hack 69. Create a swap file system.
      • Hack 70. Create a new user
      • Hack 71. Create a new group and assign to an user
      • Hack 72. Setup SSH passwordless login in OpenSSH
      • Hack 73. Use ssh-copy-id along with ssh-agent
      • Hack 74. Crontab
      • Hack 75. Safe Reboot Of Linux Using Magic SysRq Key
    • Chapter 10: Apachectl and Httpd Examples
      • Hack 76. Pass different httpd.conf filename to apachectl
      • Hack 77. Use a temporary DocumentRoot without modifying httpd.conf
      • Hack 78. Increase the Log Level temporarily
      • Hack 79. Display the modules inside Apache
      • Hack 80. Show all accepted directives inside httpd.conf
      • Hack 81. Validate the httpd.conf after making changes
      • Hack 82. Display the httpd build parameters
      • Hack 83. Load a specific module only on demand
    • Chapter 11: Bash Scripting
      • Hack 84. Execution Sequence of .bash_* files
      • Hack 85. How to generate random number in bash shell
      • Hack 86. Debug a shell script
      • Hack 87. Quoting
      • Hack 88. Read data file fields inside a shell script
    • Chapter 12: System Monitoring and Performance
      • Hack 89. Free command
      • Hack 90. Top Command
      • Hack 91. Ps Command
      • Hack 92. Df Command
      • Hack 93. Kill Command
      • Hack 94. Du Command
      • Hack 95. lsof commands.
      • Hack 96. Sar Command
      • Hack 97. vmstat Command
      • Hack 98. Netstat Command
      • Hack 99. Sysctl Command
      • Hack 100. Nice Command
      • Hack 101. Renice Command

Read More

Sunday, 8 May 2016

How to Steal Password Saved In Chrome, Firefox & Safari

3 Comment
Steal saved passwords from Browser
You may be surprised to see that how simple it can be to see your saved password on Google chrome, Mozilla Firefox, Safari and any latest popular browser.

Google chrome is probably the worst in protecting your passwords since it stores them in plain text and it can be accessed by any user accessing google chrome. Other browsers are storing them with login protection e.g. Firefox supports master password to protect all saved passwords.



There are many security threats related to password strength, password reuse, plain text password storage, password hashing and password encryption. In this article we are not focusing on any of those threats, However we are trying to demonstrate that anyone can see your saved password in any browser very easily by following below simple steps. A pro hacker will not even consider this a hack since its so simple and does not even require special knowledge or understanding of hacking or use of any sophisticated hacking tools.

Let me remind you that the purpose of this tutorial is demonstrate how unsafe your passwords are with browser save password feature. Therefore try to avoid using the password save features if you system can be accessed by untrusted people.




It may happen sometimes when you leave your work computer unlocked for few minutes. Therefore must be a strong reason for leaving your workstation locked when stepping out (even if for few minutes).

Please do not use this technique unethically.

 Step 1:  Open your favorite browser (Lets say Chrome). The below steps are going to work same on Latest versions of Safari, Mozilla Firefox and Google Chrome.

Step 2:  Go the site that has a username and password saved. (Lets Say http://www.evernote.com )

Step 3: Let the browser fill your username & password information.
Facebook Login page
Step 4:  Now right click on the password field and select "Inspect Element". This should bring the source of html page.

Inspect Element in Firefox


 Step 5:  Double click on the text type="password"
Inspect Element in Firefox
Step 6:  Done - you will be able to see the password in clear text on the browser.
View saved Password By Inspect Element
This trick will work on almost all browsers that support developer tools for debugging. If you do not see "Inspect Element" option in right click menu you may try addons like FireBug that can provide it.

 The technique we used is very common in web development world for debugging web pages. Though its use for retrieving someone's password is not very common.

 A better way to protect your passwords will be to not save if in browsers unless you are sure it will not be accessed by any other person.
In general, saving password in browsers is not a good practice since the encryption level in browsers are not very strong. You may want to choose a dedicated password saving application with strong encryption. Mac Keychain is a very good example of secured password storage since it has good encryption and passwords are not revealed without a master/ admin password.
Read More

Tuesday, 9 February 2016

8 Best Mozilla addons used by the Hackers

Comment

The creation of penetration testing labs in Kali Linux or Backtrack, has been a popular topic for a long time, but the fact remains that all challenges, practice, and hacking need tools. One of the better known tools is the Addons which comes in many types and forms. We thought it would be fun to bring to you a list of important add-ons for hackers and pentesters. Here are the top 8 that we shortlisted:

1. Tamper Data: This is one of the most used Addons for Pentesters, who traditionally make use of it for viewing and modifying HTTP/HTTPS headers and post parameters, trace and time HTTP response or requests, security test web applications by modifying POST parameters and a lot more. Download Tamper Data

2. Hack Bar: Another well known and very often used tool, it is mostly used for security audit , and comes strongly recommended for installation and XSS, SQL Encoding/Decoding - MD5, SH1, Base64, Hexing, Splitting etc. Download Hack Bar

3. Live HTTP Headers: Similar to the Tamper Data add-on, the one big difference this add-on has is that it allows for viewing HTTP headers of a page while browsing. Download Live HTTP Headers

4. User Agent Switcher: This particular add-on works wonders in adding a menu and a toolbar button to switch the user agent of a browser. This is, in turn, helpful in the changing of a User Agent to IE, Search Robots, I-Phone (I-OS). Besides this, the user can also use this add-on in the creation of his or her own User Agent. Download User Agent Switcher

5. Cookie Manager+ : This is a great add-on for viewing, editing, creating and injecting cookies. The best thing about the add-on is the fact that it displays extra information about cookies, allows edit multiple cookies at once & backup/restore. Download Cookie Manager+

6. HTTP Fox: This add-on works for those looking to monitor and analysing all incoming and outgoing HTTP traffic between the browser and the web servers. The aim of the add-on is to bring the functionality known from tools like Http Watch or IE Inspector to the Firefox browser. Download HTTP Fox

7. Passive Recon: This add-on gives its users the capability of performing "packetless" discovery of target resources utilizing publicly available information. Download Passive Recon

8.SQL Inject Me : SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.Download SQL Inject Me
Read More

Wednesday, 9 December 2015

Wifi Hacking - WEP with Kali Linux Aircrack-ng

Comment
Firstly, create a wireless network to crack. Don't use this method on others. It is illegal. Then proceed with the steps below.

1. Find out the name of your wireless adapter.

Alright, now, your computer has many network adapters, so to scan one, you need to know its name. So there are basically the following things that you need to know-
  • lo - loopback. Not important currently.
  • eth - ethernet
  • wlan - This is what we want. Note the suffix associated.
Now, to see all the adapters, type ifconfig on a terminal. See the result. Note down the wlan(0/1/2) adapter.

2. Enable Monitor mode

Now, we use a tool called airmon-ng to  create a virtual interface called mon. Just type 
airmon-ng start wlan0
 Your mon0 interface will be created.


3. Start capturing packets

Now, we'll use airodump-ng to capture the packets in the air. This tool gathers data from the wireless packets in the air. You'll see the name of the wifi you want to hack.
airodump-ng mon0


4. Store the captured packets in a file 

This can be achieved by giving some more parameters with the airodump command
airodump-ng mon0 --write name_of_file


Now the captured packets will be stored in name_of_file.cap
You have to wait till you have enough data (10000 minimum)

5. Crack the wifi

If all goes well ,then you'll be sitting in front of your pc, grinning, finally you've got 10000 packets (don't stop the packet capture yet). Now, you can use aircrack-ng to crack the password. (in a new terminal)
aircrack-ng name_of_file-01.cap 
The program will ask which wifi to crack, if there are multiple available. Choose the wifi. It'll do its job. If the password is weak enough, then you'll get it in front of you. If not, the program will tell you to get more packets. The program will retry again when there are 15000 packets, and so on.

Read More
Subscribe to: Posts (Atom)