Month: December 2020

  • Where do I hire professional hackers online? This is like asking, “which is the best website to hire a mechanic?” — without specifying whether you need an automobile mechanic, an air conditioning mechanic, a bicycle mechanic, a motorcycle mechanic, a tractor mechanic, etc. Going even further down, the best website to find a mechanic who works on VWs may not be the best website to find a mechanic who works on Mazdas. There’s more than one type of hacker. Hollywood depictions where “a hacker” can hack absolutely any type of computer are no more realistic than those where every doctor has the skills of a trauma surgeon, EMT, general practitioner, neurosurgeon, and so on — or those where every scientist is an expert at absolutely every kind of science, whether it’s biology, chemistry, physics, or whatever. (And typically has the skills of an engineer, mechanic, and electrician as well.) Those that operate outside of the law would also be those who would take advantage of you and may very well complicate what ever issue you are going through. That is why you will want to hire someone who understands the law and operates accordingly. By and large, hackers are considered either white hats (“ethical”) hackers or black hats. Keep in mind that as usual, the world is not black and white only, though. You can hire white hats quite easily from a lot of reputable companies and then they try to break into your system, your application or whatever. This is called a penetration test and is about as “unglamorous” as you can imagine. There are automated test tools available, some of them quite sophisticated (and expensive). They even provide you with neat reports. What a penetration tester then does is to reassess and verify the findings. Think of penetration...
  • TheFatRat is an exploiting tool which compiles a malware with famous payload, and then the compiled maware can be executed on Linux , Windows , Mac and Android. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus. TheFatRat is an easy to use tool which helps in generating backdoors, system exploitation, post exploitation attacks, browser attacks, DLL files, FUD payloads against Linux, Mac OS X, Windows, and Android. It can be combined with msfvenom (Metasploit framework) which can be then utilized to utilise a reverse shell. It offers a lot of features, but in this article, I backdoor with msfvenom. How to Install the FatRat? In order to install the FatRat tool, we need to download/clone the package from Github using the following command. git clone https://github.com/Screetsec/TheFatRat.git The downloaded package contains the setup file that can be executed as follows. cd TheFatRat ./setup.sh [Note: If the setup.sh is not an executable format, then change the file permission using the chmod +x setup.sh command] The installation process can take some time due to the installation of different bundles as shown in the following screenshot. How FatRat Works? After successful installation, the FatRat tool can be executed using the following command. fatrat The tool runs a dependency check before loading in the terminal. After verifying the dependencies, the FatRat menu appears on the screen. As we can see in the above screenshot, there are a number of ways we can create the backdoors.  For instance, we can generate payloads through PwnWinds by selecting the sequence number (#6) from the list. The PwnWind has the following set of backdoors/payloads to be automatically generated by the tool. Let’s generate a test (.exe) payload written in C# + Powershell (option#2). We need to embed the localhost IP address and...
  • Can I detect a spy camera with my mobile phone? The short answer is that you will not find a well hidden camera or microphone with your mobile phone. Cameras and microphones are passive devices and do not in themselves produce anything that can be detected. Detect Devices Using Arp Scan The job of the ARP protocol is to map IPs to MAC addresses. It provides a method for hosts on a LAN to communicate without knowing any address and create a cache of information. When a new computer enters the LAN, it receives an IP and updates its ARP cache with the Gateway information. Arping is a computer software tool that is used to discover hosts on a computer network. The program tests whether a given IP address is in use on the local network, and can get additional information about the device using that address. Arping operates work at the layer 2 (or the link layer of the OSI model) using the Address Resolution Protocol (ARP) for probing hosts. Since ARP is non-routable, this only works for the local network. However, in networks employing repeaters that use proxy ARP, the ARP response may be coming from such proxy hosts and not from the probed target. A detailed tutorial on Arp scan to detect available device and to show more information about the device would be posted soon, subscribe not to miss out. Hire a professional Hacker Without Upfront Payment for your hacking needs. Safe and secure .
  • December 13, 2020

    Take Over Any Android Device In Minutes.

    Android Remote Administration Tool (RAT) named Ahmyth which is being trojanized into other Android apps and is getting distributed in the wild. Upon infecting an Android device this RAT can send sensitive information present on the device like SMS and call logs as well as perform functions like taking a picture, sending a text message or record audio via the microphone. Download & Install AhMyth There are two ways to download and install AhMyth. The first is to directly use the source code from GitHub. The second is to use the binaries they provide. Method 1 From Source Code If you chose to start with the source code, then you’ll need to check that you have a few prerequisites installed. Java — it’s used to generate the APK backdoor. Electron — it’s used to start the desktop application. Electron-builder and Electron-packer — they are used to build the binaries for macOS, Windows, and Linux. Once you have those prerequisites, you’re ready to proceed. First clone the code from GitHub with the following commands. git clone https://github.com/AhMyth/AhMyth-Android-RAT.git Then move to the AhMyth-Android-Rat directory with the following. cd AhMyth-Android-RAT/AhMyth-Server Once you’re in, start AhMyth with the command below. npm start This program is still in beta development, and as such, it isn’t as robust as it could be. Some users have gotten errors when attempting to start it. If you do, try again running it as root, as seen below. sudo npm start --unsafe-perm You’ll know it’s working when you see the GUI launch. Method 2 From Binaries The source code is one way to download it, but if you’re lazy like me, there’s a slightly easier way — use the binaries! It’s particularly nice when you’re working on a Windows computer and don’t want to mess around with the command line....
  • DISCLAIMER: The answer provided is intended to be used and must be used for informational purposes only. PullOutCorrWhatsApp (also known as POCWAPP) was developed by Chinese hacker With this program, Whatsapp can be hacked remotely and hackers can hack several accounts at once. For now, the program is compatible with Android only. The app is paid and can be found in DarkNet, POCWAPP can process up to 15 users within 1 connection to the servers. How the program works: To hack WhatsApp with this program, it’s obligatory to have a good Internet connection. it identifies the user by the phone number and finds their id number in the server, bypassing the device and cloud storage. It analyzes the size of the whole chat history (with all media files), excluding the content of voice calls. Further, the app uploads the data to its temporal server and decrypts it. Once uploaded, every user’s chat history is available for saving on your smartphone. The device owner has no idea that the copy of their chat history has been leaked from the server and keeps using the messenger. Apparently this is the only method that has worked for me since they all require physical access to the target device one way or the other. DISCLAIMER: The answer provided is intended to be used and must be used for informational purposes only.
  • December 1, 2020

    Hack Passwords and Bypass 2FA .

    I have always manually setup phishing campaigns. I’d create servers, configure domains, copy web applications, setup TLS certificates and everything else that goes with a phish, all by myself. I never used phishing frameworks because I wanted to make sure everything I was doing would meet my expectations. I recently looked at phishing frameworks and came across Evilginx2. Wow, this tool is awesome and so user friendly! A lot of the manual work is really not necessary when using this tool, and thus, here’s a tut. How to Setup EvilGinx2 To start with, you really want a new server and public IP for this, rather than using your own IP address within a LAN, which may cause NAT issues. The easiest way to get up and running is by using a cloud provider like AWS or Digital Ocean. I use Digital Ocean because it has a very simple ‘one click’ style install for Linux servers. You won’t need a huge amount of resources for this, so feel free to chose a $10 package. It really depends on how many users you expect to be processing though your host. Once you have the infrastructure bought, you will need a domain to pair with it, more on this later. Evilginx2 Installation Before we get into using Evilginx2, you will want to install it onto your server. You can download the tool from the following URL: https://github.com/kgretzky/evilginx2. The installation instructions on GitHub are pretty straight forward, but I found they don’t cover everything you need to install on Ubuntu, so here you go: Step 0: Ensure DNS will not conflict with Evilginx2 Firstly, edit the nameserver in “/etc/resolv.conf” to a DNS provider of your choosing. I used Google which is 8.8.8.8, shown below. Now run the following command: systemctl stop systemd-resolved Step 1: Install GoLang...