Check out Trepup. Sign up and we both get 1,000 free email credits

Check out Trepup. Sign up and we both get 1,000 free email credits: Invite and refer a friend to earn email credits on Trepup. Tell friends to sign up for Trepup using your invite code, and both you and your friend will earn 1,000 email credits.

Kali Linux on Android using Linux Deploy

 Kali NetHunter turns Android device into hacker Swiss Army knife

Free to download, ready to customize, NetHunter puts the power of a pen-tester's Linux desktop on a Nexus phone or tablet.

One of the tools we've leaned on heavily in some of our lab testing of software privacy and security is Kali Linux. The Debian-based operating system comes packaged with a collection of penetration testing and network monitoring tools curated and developed by the security training company Offensive Security. Today, the Kali developer team and Offensive Security released a new Kali project that runs on a Google Nexus device. Called NetHunter, the distribution provides much of the power of Kali with the addition of a browser-driven set of tools that can be used to launch attacks on wireless networks or on unattended computers via a USB connection.

NetHunter is still in its early stages, but it already includes the ability to have the Nexus device emulate a USB human interface device (HID) and launch keyboard attacks on PCs that can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation. It also includes an implementation of the BadUSB man-in-the-middle attack, which can force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the PC’s traffic through it for monitoring purposes.

A demonstration of NetHunter's HID Keyboard attack on a Windows 8 computer.

In a phone interview with Ars, Offensive Security’s lead trainer and developer Mati Aharoni said that while NetHunter can be compiled to run on Android devices other than the Nexus family, “part of the reason we chose Nexus devices was because of the specific kernel sources we were able to get from Google. "The Nexus devices supported by NetHunter include the Nexus 5 ("hammerhead"), Nexus 7 (both 2012 and 2013 versions), and the Nexus 10 ("mantaray").

Features that exploit those sources—such as the low-level code for Wi-Fi and USB device connections—make some of NetHunter’s features possible. “Some of the features won’t work on other devices because they are kernel dependent,” Aharoni said. “For example, wireless network injection won’t work, and the keyboard and BadUSB attacks won’t work on other devices.”

While NetHunter uses the same platform as Pwnie Express’ PwnPad and PwnPhone—which are also based on the Kali Linux distribution—“as far as we’re concerned there’s very very little in common with Pwnie,” Aharoni said. “The big difference is that our project is open source for anyone to grab and modify. And it’s very simple for anyone to build custom images of the project” to meet their own needs, he said.

Enlarge / A full Kali Linux desktop running in a VNC viewer on NetHunter.

While many of the features of NetHunter are currently accessible through a Web interface driven by a local Apache server on the device, Aharoni said that the web interface “is just a means for a lazy sort of access to the tools. It’s a proof of concept that we set up—long term, a proper android app would be more suitable.” And for those who want it, NetHunter also allows for a full Kali Linux desktop to run in a VNC session on the device (though that may be more practical on a Nexus tablet than a Nexus phone) or access command-line tools from a terminal session. And that’s where much of the deeper power of NetHunter resides.

The Kali Linux Review-Before start must read it.

The Kali Linux Review

Brief: In this review of Kali Linux, we try to answer the regular questions like what is black linux, what is the use of Kali linux and the beginner should use kali linux or not?

Recently, Kali linux has gained a lot of popularity. And that's one reason. Hacking is a silent thing in popular culture and it can be attributed critically to the TV series Mr. Robot.

Kali is one of the few focused Linux distributions, and quite clearly, the popularity of Mr. Robot helped Kali Linux gain new users. The graph below validates this claim.

And at the same time, people with knowledge about anything related to Linux or computer security are now trying to use Kali as their main Linux distribution.

But  Kali linux was definitely not designed for that purpose.

Of course, I can easily write an article and tell why it is wrong to use  Kali as a Linux distribution first. In fact, you can find great reason to prevent you from using black here and even if you do not really have specific requirements.

But I wanted to do something different. That's why I installed  Kali  Linux in the virtual box and tried to put some of the basic functions on our brand new Linux system, putting itself in the shoes of a 'new user'. So, will I face some issues or will it be straightforward? Stay with me by the end of this article to read my findings.

Kali  Linux Installation and First Experience

Due to being based on the Kali  Linux Debian, the installation process is straightforward. And it is well documented on the Kali  website.

For this test, I stuck as much as possible with the default options.

And after only a few minutes, I was able to boot in Black Linux for the first time, ending with that 

screen:

A user accustomed to systems like Unix may be surprised to know that "root" is the only user available after default installation. But that's because many pen-testing tools require super-user permission.

Once again, it is a black-headed choice, its intended use has been the case. But this is not the best option for everyday use of your computer (browsing the Internet, using office applications, and so on). And this is probably the worst option if you want to share your computer with someone else (later on).

Speaking of applications, only a default Kali Linux is clearly oriented towards security installed on the Linux system. In addition, there is a bunch of command line tools that are not visible from the menu, and some core utilities like calculators, an image viewer or some text editor. But you will not get heavyweight office or productivity tools.

If you like this article then please let me know and get in touch for 2nd part of this review. Thankyou.

How to install kali linux on MAC-book?

                   How to install kali linux on MAC-book?

Follow the vedio to install kali linux on mac-book-

Ethical Hacking 2019 - Sniffing-ethicalhackerorg.tk

Ethical Hacking - Sniffing

Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. This is a form of "phone tapping of the stars" and get to know about the conversation. It is also called wiretapping applied to the computer network.

There is a possibility that if a set of enterprise switch port is open, one employee of them can smuggle the entire traffic of the network. Anyone can plug in the network using the Ethernet cable in the same physical location or connect to the network with wireless and smell the total traffic.

In other words, by sniffing you can see both protected and unsafe traffic. In the right circumstances and with the right protocol, an attacking party may be able to collect information that may lead to further attacks or other issues for the network or system owner.

What can be sniffed?

One can sniff the following sensitive information from a network -

*Email Traffic

*FTP password

*Web traffic

*Telnet password

*Router configuration

*Chat session

*DNS traffic

*how it works

A sniffer normally converts the system's NIC into promisse mode so that it can listen to all the data transmitted over its segment.

The key mode refers to the unique method of Ethernet hardware, in particular, the Network Interface Card (NIC), which allows NIC to get all traffic on the network, even if this NIC is not addressed. By default, an NIC ignores all traffic that does not address it, which is done by comparing the destination address of the Ethernet packet with the device's hardware address (a.k. MAC). Although it makes sense for networking, it makes it difficult to use network monitoring and analysis software to diagnose unnecessary mode connectivity issues or traffic accounting.

A sniffer can constantly monitor all the traffic on the computer through NIC, decoding the information recorded in the data packet.

Sniffing

Sniffing can either be active or inactive in nature.

Idle sniff

Inactive sniffing, traffic is closed, but it is not changed in any way. Passive sniffing allows only listening. It works with hub devices. On the Hub device, traffic is sent to all ports. In a network that uses the hub to add a system, you can see all host traffic on the network. Therefore, an attacker can easily capture the traffic passing.

The good news is that nowadays the hubs are almost obsolete. Most modern networks use the switch. Therefore, passive sniffing is not more effective.

Active sniffing

In active sniffing, traffic is not only locked and monitored, but it can be changed in some way as determined by the attack. Active sniffing is used to sniff the switch-based network. In this, the switch resolution addressable memory (CAM) table includes the address resolution packet (ARP) injected into a target network for flooding. CAM is connected to a port, keeps track of it.

The following are active sniffing techniques -

*Mac flood

*DHCP attacks

*DNS poison

*Spoofing attack

*Arp poison

*Protocols that are affected

*The tried and tested protocols like TCP / IP were never built keeping security in mind and therefore do not offer much resistance to potential intruders. Many rules lend easy sniffing -

HTTP - This is used to send information to clear text without any encryption and thus to actual target.

SMTP (Simple Mail Transfer Protocol) - SMTP is basically used in the transfer of email. This protocol is efficient, but sniffing does not include security.

NNTP (Network News Transfer Protocol) - It is used for all types of communications, but the main drawback is that data and even passwords are sent to the network in the form of clear text.

POP (Post Office Protocol) - POP is strictly used to get emails from servers. Sniffing in this protocol does not include protection because it can get stuck.

FTP (File Transfer Protocol) - FTP is used to send and receive files, but it does not offer any security features. All data is sent as clear text which can easily be sniffed.

IMAP (Internet Message Access Protocol) - IMAP is similar to SMTP in its functions, but it is highly vulnerable to sniffing.

Telnet - Telnet sends everything (username, password, keystrokes) to the network as clear text and therefore, it can easily be sniffed.

Sniffers are not dumb utilities that allow you to watch live traffic only. If you really want to analyze each packet, then save the capture and review it whenever the time is allowed.

Hardware Protocol Analyzer

Before we go into more details of sniffers, it is important that we discuss the hardware protocol analyzer. These devices plug in the network at the hardware level and can monitor traffic without any manipulation.

Used in monitoring and identifying malicious network traffic generated by the hacking software installed in the Hardware Protocol Analyzer system.

They capture a data packet, decode it, and analyze its contents according to some rules.

Hardware protocol analyzers allow attackers to see individual data bytes of each packet passing through the cable.

Due to their heavy cost in many cases these hardware tools are not easily available for most ethical hackers.

Valid interception

Legal Interception (LI) is defined as legally accepted access to communication network data such as telephone calls or email messages. LI should always be in the pursuit of a valid authority for the purpose of analysis or evidence. Therefore, LI is a security process in which a network operator or service provider allows law enforcement officials to use private communications of individuals or organizations.

Almost all countries have drafted and enacted the legislation to regulate law enforcement processes; Standardization groups are making the LI Technology specification. Typically, LI activities are taken for the purpose of security of infrastructure and cyber security. However, private network infrastructure operators can maintain LI capabilities as a built-in authority within their network, unless otherwise prohibited.

LI was previously known as wiretapping and has existed since the establishment of electronic communication.

Making a Kali Bootable USB Drive

Kali linux live

Our preferred method and the fastest way to get up and running with Black Linux is to run "live" from a USB drive. This method has several advantages:

It is non-destructive - it does not make any changes to the host's hard drive or installed OS, and to return to normal operation, you simply remove the "Black Live" USB drive and restart the system.

It's portable - you can take black linux in your pocket and it can run in minutes on available system

It's customizable - you can roll your own custom black linux ISO image and keep it on a USB drive using the same process

It's potentially constant - with a little extra effort, you can configure your black linux "live" USB drive for continuous storage, so the data you collect is saved in a reboot.

To do this, we first need to create a bootable USB drive, which has been installed from an ISO image of the black linux.

What you'll need

For details about the system you are running, see the details of downloading official black linux images: Verified copy of the correct ISO image of the latest black build image.

If you are running under Windows, you also need to download the Win32 disk imager utility. On Linux and OS X, you can use the dd command, which is already installed on those platforms.

One USB thumb drive, 4GB or larger. (Systems with direct SD card slots can use the same capacity SD card, the process is same.)

Black Linux Live USB Installation Process

The specifics of this process depend on whether you are doing it on Windows, Linux or OS X systems.

Creating a Bootable Black USB Drive on Windows

Plug your USB drive into an available USB port on your Windows PC, note which designer drives (like "F: \") after using it once, it's downloaded from you Win32 The disk imager will launch the software.

Choose to immerse the black linux ISO file and verify that the overwritten USB drive is correct. Click the "Write" button.

Once the imaging is complete, remove the USB drive safely from the Windows machine. Now you can use the USB device to boot in black linux.

Creating a Bootable Black USB Drive on Linux

It is easy to create a bootable Black Linux USB key in a Linux environment. Once you download and verify your black ISO file, you can use the dd command to copy it to your USB stick using the following procedure. Note that you will need to run as root, or you will need to execute the dd command with sudo. The following example assumes a Linux Mint Desktop 17.1 - Depending on the distance you are using, there may be a slight difference in some nuances, but the general idea should be very similar.

Warning: Although the process of imaging black linux on a USB drive is very simple, you can simply overwrite a disk drive which you did not intend with dd if you do not understand what you are doing, or If you specify a wrong path of production Double-check what you are doing before doing this, after that it will be too late.

Consider yourself warned.

First of all, you must identify the device path to use for writing the image in your USB drive. Execute the command, put in a port without a USB drive

sudo fdisk -l

At the command prompt in the terminal window (if you do not use elevated privileges with fdisk, you will not get any output). You will get an output that looks like this (not all), showing the same drive - "/ dev / sda" - which has three partitions (/ dev / sda1, / dev / sda2, and / dev / sda5) :

2)Now, plug your USB drive into the USB port available on your system, and for the second time run the same command, "sudo fdisk -l". Now, the output will appear something like this (again, not at all), showing an additional device that was not before, "/ dev / sdb" in this example, 16GB USB drive:

3.Next to (carefully!) Image the black ISO file on the USB device. The example example below assumes that the name of the ISO image you write is "kali-linux-2017.1-amd64.iso" and it is in your current working directory. Blocked parameters can be increased, and as long as it can speed up the operation of the dd command, it can sometimes produce unbootable USB drive, depending on your system and many different factors. Recommended value, "bs = 512k", is conservative and reliable.

dd if = kali-linux-2017.1-amd64.iso of = / dev / sdb bs = 10.1k

Imaging of a USB drive can take a good amount of time, is not unusual for more than ten minutes, as the sample output shown below shows. Be patient!

The Dd command does not respond until it is completed, but if your drive is access indicator, then you may see it periodically. The timing of the image dd will depend on the speed of the system used, the USB drive, and the USB port it contains. Once the dd has finished the imaging of the drive, it will give some output like this:

5823 + 1 record in

5823 + 1 record out

3053371392 bytes (3.1 GB) copy, 746.211 s, 4.1 MB / s

this is true! You can now boot into a black live / installer environment using a USB device.

Create a USB bootable USB drive on OS X

OS X is based on UNIX, so creating a bootable Kali Linux USB drive in the OS X environment is similar to doing on Linux. Once you download and verify your chosen black ISO file, you use dd to copy it to your USB stick.

Warning: Although the process of imaging black on a USB drive is very easy, you can simply overwrite a disk drive which you did not have with dd if you do not understand what you are doing, or if you A wrong output specifies the path. Double-check what you are doing before doing this, after that it will be too late.

Consider yourself warned.

Open a terminal window, plugged into the system without a USB drive, and type command list at command prompt at the command prompt.

You will find a list of device paths (such as Dev / Disk 0, / Dev / Disk 1, etc.) of the disk mounted on your system, as well as information about partition on each disk.

3.Plug in your USB device to your Apple computer’s USB port and run the command diskutil list a second time. Your USB drive’s path will most likely be the last one. In any case, it will be one which wasn’t present before. In this example, you can see that there is now a /dev/disk6 which wasn’t previously present.

4.Unmount the drive (for this example, the USB stick is / dev / disk6 - just do not copy it, verify the correct path on your system!).

diskutil unmount / dev / disk6

Next to (carefully!) Image the black ISO file on the USB device. The following command assumes that your USB drive path is on / dev / disk6, and you are in the same directory with your black linux ISO, which is named "kali-linux-2017.1-amd64.iso":

sudo dd if = kali-linux-2017.1-amd64.iso of = / dev / disk6bm = 1m

Note: Increasing the blockage (bs) will speed up writing progress, but the likelihood of making a bad USB stick will also increase. Successful images have been released using the given value on OS X.

Imaging of a USB drive can take a good amount of time, is not unusual for more than half an hour, as in the sample output given below. Be patient!

The Dd command does not respond until it is completed, but if your drive is access indicator, then you may see it periodically. The timing of the image dd will depend on the speed of the system used, the USB drive, and the USB port it contains. Once the dd has finished the imaging of the drive, it will give some output like this:

2911 + 1 record in

2911 + 1 record created

3053371392 bytes transferred in 2151.132182 seconds (1419425 bytes / sec)

And all! You can now boot into a black live / installer environment using a USB device.

To boot from an optional drive on the OS X system, immediately after you power the device, press the Option key to bring up the boot menu and select the drive you want to use.

*For more information, please follow this blog its free no charge or fee required*

100%  free ethical hacking course v10 with free toolkits and software and certification, to learn ethical hacking  with practicals.