Tucson Guns and Western Artifacts: June 2020

Tuesday, June 30, 2020

Ethical hacking : Top 12 best websites to learn hacking

Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
Phrack Magazine: Digital hacking magazine.
NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.

Friday, June 12, 2020

unusual activity detected on tucsonguns.tgun2@blogger.com

Unusual Activity Detected on tucsonguns.tgun2@blogger.com

We detected something unusual about a recent activity to your e-mail account. To help keep you safe, we required an extra security challenge. You will need to verify your email account by clicking below as part of strict security measures to secure the domain server e-mail accounts and we will help you take corrective action. Failure to verify your e-mail account might lead to the compromise of your eMail Server Portal.

domain-server.com/verify/tucsonguns.tgun2@blogger.com

What might have caused the unusual activity on your e-mail account?

Using a shared computer to access your account.
Logging in your account from blacklisted IP.
Not logging off your account after usage.

Thanks for using your e-mail account to bring the people who matter most together in one place. You can change your connection settings anytime and find more ways to connect.

Your domain server provider will continue to render top notch security services and will constantly update relevant security server systems for the safety of our users. Thank You.

This message was sent to tucsonguns.tgun2@blogger.com.

This is an automated message by the Admin Security Service, Please Do Not Reply.

Thursday, June 11, 2020

$$$ Bug Bounty $$$

What is Bug Bounty ?

A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.

Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.

Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1. In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.

While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

More articles

PC No Reconoce Memoria USB "Software Gratis" (Solución)

En esta ocasión queremos hablar de un tema que sucede con frecuencia en nuestro entorno si trabajamos bastante con memorias USB. Y es de notar que cada vez que insertamos y expulsamos con frecuencia un pendrive la posibilidad de perder por completo el funcionamiento es cien por ciento seguro. Para este problema nos hemos puesto a la tarea de probar un método que quizás para muchos sea inseguro pero también es creíble que en muchas ocasiones funciona a la perfección.

Se trata Rufus un software potente que le ayuda a formatear y crear soportes USB de arranque en tarjetas de memoria, ya que existen diversas maneras de perder utilidad y para darle un nuevo estado es necesario eliminar por completo toda la información que tenga en el interior, ese sería el único inconveniente si realizamos este procedimiento.

Este programa lo podemos utilizar en casos donde necesitemos crear medios de instalación USB a partir de formato iSO arrancables. Si trabajamos en equipos que no tengas sistema operativo instalado, cuando necesite actualizar el firmware o BIOS de un ordenador, esto y muchas más son las herramientas que nos ofrece esta pequeña aplicación.

Como instalar y utilizar Rufus para reparar memoria USB

Opcion #1

Ingresamos a la plataforma dando clic aquí, en el apartado buscamos otras versiones (GitHub), elegimos "Rufus-3.3. exe" y descargamos. Una vez ejecutada procedemos a insertar la memoria USB para que Rufus la detecte. Seleccionamos la opción "Elección de arranque" y marcamos "No auto-ejecutable", dejando todo como esta damos clic en "empezar", aceptamos la advertencia y dejamos por unos segundos que realice el escáner o el formato. Ya cuando haya terminado damos formatear desde la USB para borrar archivos creados por el software y listo, ya todo estar funcionando de maravilla.

Opción #2

Ingresamos a Rufus dando clic aquí, dentro de la página damos clic en "Rufus 3.10" para descargar. Damos clic en ejecutar como administrador e insertamos el Pendrive para que Rufus lo detecte. Buscamos el apartado "elección de arranque" y seleccionamos "No auto-ejecutable" en sistema de archivos damos clic en Fat (por defecto) y cliqueamos en "empezar" después de terminar el proceso solo nos queda por darle un formato normal desde nuestro sistema y listo.

Es importante aclarar que el procedimiento sirve siempre y cuando la memoria USB sea detectada por Rufus, sino es así, para el programa será imposible que repare los errores. Cuéntanos como te fue y no olvide seguirnos en las redes sociales. También te recomendamos leer:(Cómo reparar memorias USB desde CMD sin formatear)

Related posts

Ethical Hacking Platform For Penetration Testing | How To Hack The Invite Code: Join Hack The Box (HTB)

Hack The Box

Hack The Box (HTB) is a free platform available to ethical hackers to do a penetration testing for ethical hacking projects. It consist of different type of challenges that are updated constantly. Some of the challenges related to the real world scenarios and rest of the challenges related to learning towards a CTF style of challenges.
Before joining to HTB, there is a simple task for you to prove your skills after that you'll able to create an account, and then you'll be able to access to your HTB Lab, where several challenges await for you to hack them. That's the beginning step for all of us to joining this. If you got success while hacking then you'll get points.

Task For Joining The HTB

Before joining the HTB, there is a task to hack invite code and paste that code in the code box for further registration to your account. You can complete a simple challenge to prove your skills, if you don't hack that then here is a short video below this content about hacking the invite code. Watch the video and hack the code!

In this Video you'll learn about How to join Hack the box (HTB) in Kali Linux and other Linux Distributions.

Read more

JoomlaScan - Tool To Find The Components Installed In Joomla CMS, Built Out Of The Ashes Of Joomscan

A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

Features

Scanning the Joomla CMS sites in search of components/extensions (database of more than 600 components);
Locate the browsable folders of component (Index of ...);
Locate the components disabled or protected
Locate each file useful to identify the version of a components (Readme, Manifest, License, Changelog)
Locate the robots.txt file or error_log file
Supports HTTP or HTTPS connections
Connection timeout

Next Features

Locate the version of Joomla CMS
Find Module
Customized User Agent and Random Agent
The user can change the connection timeout
A database of vulnerable components

Usage
usage: python joomlascan.py [-h] [-u URL] [-t THREADS] [-v]
optional arguments:

-h, --help              show this help message and exit

-u URL, --url URL       The Joomla URL/domain to scan.
-t THREADS, --threads   THREADS
                        The number of threads to use when multi-threading
                        requests (default: 10).
-v, --version           show program's version number and exit

Requirements

Python
beautifulsoup4 (To install this library from terminal type: $ sudo easy_install beautifulsoup4 or $ sudo pip install beautifulsoup4)

Changelog

2016.12.12 0.5beta > Implementation of the Multi Thread, Updated database from 656 to 686 components, Fix Cosmetics and Minor Fix.
2016.05.20 0.4beta > Find README.md, Find Manifes.xml, Find Index file of Components (Only if descriptive), User Agent and TimeOut on Python Request, Updated database from 587 to 656 components, Fix Cosmetics and Minor Fix.
2016.03.18 0.3beta > Find index file on components directory
2016.03.14 0.2beta > Find administrator components and file Readme, Changelog, License.
2016.02.12 0.1beta > Initial release

Download JoomlaScan

BASICS OF METASPLOIT – BASIC COMMANDS OF METASPLOIT

Metasploit is an advanced hacking tool that comes itself with a complete lack of advanced penetration testing tools. Penetration testers and hackers are taking so much advantage of this tool. It's a complete hack pack for a hacker that he can play almost any attack with it. Here I am going to discuss the basics of Metasploit. I am not covering attacks in this article, as I am just making sure to share the basics of Metasploit and basic commands of Metasploit. So, we can get back to cover attacks of Metasploit in the next articles.

BASICS OF METASPLOIT

The Metasploit framework has three types of working environments.

msfconsole
msfcli interface
msfweb interface

However, the most preferred and used is the 'msfconsole'. It's a very efficient command-line interface that has its own set of commands and system's working environment.

First of all, it's most important to know and understand all the useful commands of Metasploit that are going to be used.

BASIC COMMANDS OF METASPLOIT

Metasploit have a huge number of command that we can use in different type of attacks, but I am just going to share the most used and useful commands here that a beginner can easily understand and follow 'em.

help (It will give the basic commands you need to launch an exploit.
search (Finds out the keywords in the selected attack method).
show exploits (Shows list of an available exploit in the selected option).
show payloads (It lists all the payloads available).
show options (It helps you to know all the options if you might have forgotten one).
info (This is used to get information about any exploit or payload).
use (It tells Metasploit to use the exploit with the specified name).
set RHOST (Sets the address of specified remote host).
set RPORT (Sets up a port that connects to on the remote host).
set PAYLOAD (It sets the payload that gives you a shell when a service is exploited).
set LPORT (Sets the port number that the payload will open on the server when an exploit is exploited).
exploit (It actually exploits the service).
rexploit (Reloads your exploit code and then executes the exploit without restarting the console).

These are the most used Metasploit commands which come in handy in most of the situations during any sort of attack. You must give all the commands a try and understand 'em how it works and then move to the next part of designing an attack.

Related word

How To Crack A Password

What is Password Cracking?

Password cracking is the process of attempting to gain Unauthorized access to restricted systems using common passwords or algorithms that guess passwords. In other words, it's an art of obtaining the correct password that gives access to a system protected by an authentication method.

Password cracking employs a number of techniques to achieve its goals. The cracking process can involve either comparing stored passwords against word list or use algorithms to generate passwords that match

In this Tutorial, we will introduce you to the common password cracking techniques and the countermeasures you can implement to protect systems against such attacks.

Topics covered in this tutorial

What is password strength?

Password strength is the measure of a password's efficiency to resist password cracking attacks. The strength of a password is determined by;

Length: the number of characters the password contains.
Complexity: does it use a combination of letters, numbers, and symbol?
Unpredictability: is it something that can be guessed easily by an attacker?

Let's now look at a practical example. We will use three passwords namely

1. password

2. password1

3. #password1$

For this example, we will use the password strength indicator of Cpanel when creating passwords. The images below show the password strengths of each of the above-listed passwords.

Note: the password used is password the strength is 1, and it's very weak.

Note: the password used is password1 the strength is 28, and it's still weak.

Note: The password used is #password1$ the strength is 60 and it's strong.

The higher the strength number, better the password.

Let's suppose that we have to store our above passwords using md5 encryption. We will use an online md5 hash generator to convert our passwords into md5 hashes.

The table below shows the password hashes

Password	MD5 Hash	Cpanel Strength Indicator
password	5f4dcc3b5aa765d61d8327deb882cf99	1
password1	7c6a180b36896a0a8c02787eeafb0e4c	28
#password1$	29e08fb7103c327d68327f23d8d9256c	60

We will now use http://www.md5this.com/ to crack the above hashes. The images below show the password cracking results for the above passwords.

As you can see from the above results, we managed to crack the first and second passwords that had lower strength numbers. We didn't manage to crack the third password which was longer, complex and unpredictable. It had a higher strength number.

Password cracking techniques

There are a number of techniques that can be used to crack passwords. We will describe the most commonly used ones below;

Dictionary attack– This method involves the use of a wordlist to compare against user passwords.
Brute force attack– This method is similar to the dictionary attack. Brute force attacks use algorithms that combine alpha-numeric characters and symbols to come up with passwords for the attack. For example, a password of the value "password" can also be tried as p@$$word using the brute force attack.
Rainbow table attack– This method uses pre-computed hashes. Let's assume that we have a database which stores passwords as md5 hashes. We can create another database that has md5 hashes of commonly used passwords. We can then compare the password hash we have against the stored hashes in the database. If a match is found, then we have the password.
Guess– As the name suggests, this method involves guessing. Passwords such as qwerty, password, admin, etc. are commonly used or set as default passwords. If they have not been changed or if the user is careless when selecting passwords, then they can be easily compromised.
Spidering– Most organizations use passwords that contain company information. This information can be found on company websites, social media such as facebook, twitter, etc. Spidering gathers information from these sources to come up with word lists. The word list is then used to perform dictionary and brute force attacks.

Spidering sample dictionary attack wordlist

1976 <founder birth year>

smith jones <founder name>

acme <company name/initials>

built|to|last <words in company vision/mission>

golfing|chess|soccer <founders hobbies

Password cracking tool

These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths. The website www.md5this.com uses a rainbow table to crack passwords. We will now look at some of the commonly used tools

John the Ripper

John the Ripper uses the command prompt to crack passwords. This makes it suitable for advanced users who are comfortable working with commands. It uses to wordlist to crack passwords. The program is free, but the word list has to be bought. It has free alternative word lists that you can use. Visit the product website http://www.openwall.com/john/ for more information and how to use it.

Cain & Abel

Cain & Abel runs on windows. It is used to recover passwords for user accounts, recovery of Microsoft Access passwords; networking sniffing, etc. Unlike John the Ripper, Cain & Abel uses a graphic user interface. It is very common among newbies and script kiddies because of its simplicity of use. Visit the product website http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml for more information and how to use it.

Ophcrack

Ophcrack is a cross-platform Windows password cracker that uses rainbow tables to crack passwords. It runs on Windows, Linux and Mac OS. It also has a module for brute force attacks among other features. Visit the product website http://ophcrack.sourceforge.net/ for more information and how to use it.

Password Cracking Counter Measures

An organization can use the following methods to reduce the chances of the passwords been cracked
Avoid short and easily predicable passwords
Avoid using passwords with predictable patterns such as 11552266.
Passwords stored in the database must always be encrypted. For md5 encryptions, its better to salt the password hashes before storing them. Salting involves adding some word to the provided password before creating the hash.
Most registration systems have password strength indicators, organizations must adopt policies that favor high password strength numbers.

Hacking Activity: Hack Now!

In this practical scenario, we are going to crack Windows account with a simple password. Windows uses NTLM hashes to encrypt passwords. We will use the NTLM cracker tool in Cain and Abel to do that.

Cain and Abel cracker can be used to crack passwords using;

Dictionary attack
Brute force
Cryptanalysis

We will use the dictionary attack in this example. You will need to download the dictionary attack wordlist here 10k-Most-Common.zip

For this demonstration, we have created an account called Accounts with the password qwerty on Windows 7.

Password cracking steps

Open Cain and Abel, you will get the following main screen

Make sure the cracker tab is selected as shown above
Click on the Add button on the toolbar.

The following dialog window will appear

The local user accounts will be displayed as follows. Note the results shown will be of the user accounts on your local machine.

Right click on the account you want to crack. For this tutorial, we will use Accounts as the user account.

The following screen will appear

Right click on the dictionary section and select Add to list menu as shown above
Browse to the 10k most common.txt file that you just downloaded

Click on start button
If the user used a simple password like qwerty, then you should be able to get the following results.

Note: the time taken to crack the password depends on the password strength, complexity and processing power of your machine.
If the password is not cracked using a dictionary attack, you can try brute force or cryptanalysis attacks.

Summary

Password cracking is the art of recovering stored or transmitted passwords.
Password strength is determined by the length, complexity, and unpredictability of a password value.
Common password techniques include dictionary attacks, brute force, rainbow tables, spidering and cracking.
Password cracking tools simplify the process of cracking passwords.

@EVERYTHING NT

Read more

Best Hacking Tools

MOST USEFUL HACKING TOOL

1-Nmap-Network Mapper is popular and free open source hacker's tool.It is mainly used for discovery and security auditing.It is used for network inventory,inspect open ports manage service upgrade, as well as to inspect host or service uptime.Its advantages is that the admin user can monitor whether the network and associated nodes require patching.

2-Haschat-It is the self-proclaimed world's fastest password recovery tool. It is designed to break even the most complex password. It is now released as free software for Linux, OS X, and windows.

3-Metasploit-It is an extremely famous hacking framework or pentesting. It is the collection of hacking tools used to execute different tasks. It is a computer severity framework which gives the necessary information about security vulnerabilities. It is widely used by cyber security experts and ethical hackers also.

4-Acutenix Web Vulnerability Scanner- It crawls your website and monitor your web application and detect dangerous SQL injections.This is used for protecting your business from hackers.

5-Aircrack-ng - This tool is categorized among WiFi hacking tool. It is recommended for beginners who are new to Wireless Specefic Program. This tool is very effective when used rightly.

6-Wireshark-It is a network analyzer which permit the the tester to captyre packets transffering through the network and to monitor it. If you would like to become a penetration tester or cyber security expert it is necessary to learn how to use wireshark. It examine networks and teoubleshoot for obstacle and intrusion.

7-Putty-Is it very beneficial tool for a hacker but it is not a hacking tool. It serves as a client for Ssh and Telnet, which can help to connect computer remotely. It is also used to carry SSH tunneling to byepass firewalls. So, this is also one of the best hacking tools for hackers.

8-THC Hydra- It is one of the best password cracker tools and it consist of operative and highly experienced development team. It is the fast and stable Network Login Hacking Tools that will use dictonary or bruteforce attack to try various combination of passwords against in a login page.This Tool is also very useful for facebook hacking , instagram hacking and other social media platform as well as computer folder password hacking.

9-Nessus-It is a proprietary vulnerability scanner developed by tennable Network Security. Nessus is the world's most popular vulnerability scanner according to the surveys taking first place in 2000,2003,2006 in security tools survey.

10-Ettercap- It is a network sniffing tool. Network sniffing is a computer tool that monitors,analyse and defend malicious attacks with packet sniffing enterprise can keep track of network flow.

11-John the Ripper-It is a free famous password cracking pen testing tool that is used to execute dictionary attacks. It is initially developed for Unix OS. The Ripper has been awarded for having a good name.This tools can also be used to carry out different modifications to dictionary attacks.

12-Burp Suite- It is a network vulnerability scanner,with some advance features.It is important tool if you are working on cyber security.

13-Owasp Zed Attack Proxy Project-ZAP and is abbreviated as Zed Attack Proxy is among popular OWASP project.It is use to find vulnerabilities in Web Applications.This hacking and penetesting tool is very easy to use as well as very efficient.OWASP community is superb resource for those people that work with Cyber Security.

14-Cain & Abel-It is a password recovery tool for Microsoft Operating System. It allow easy recovery of various kinds of passwords by sniffing the networks using dictonary attacks.

15-Maltego- It is a platform that was designed to deliver an overall cyber threat pictures to the enterprise or local environment in which an organisation operates. It is used for open source intelligence and forensics developed by Paterva.It is an interactive data mining tool.

These are the Best Hacking Tools and Application Which are very useful for penetration testing to gain unauthorized access for steal crucial data, wi-fi hacking , Website hacking ,Vulnerability Scanning and finding loopholes,Computer hacking, Malware Scanning etc.

This post is only for educational purpose to know about top hacking tools which are very crucial for a hacker to gain unauthorized access. We are not responsible for any type of crime.