DISCLAIMER : This video is intended to educate people on how hackers/pentesters scan or research for XSS vulnerability. Do not use this method on a website that you "DO NOT" have permission to do so.
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
#mitm #SSL #bettercap
SSL/TLS mitm downgrade attack. Tutorial by m0du5.
DISCLAIMER : This video is intended to educate people on how hackers/pentesters attack certain websites using man in the middle (mitm) technique. Do not use this method to perform any illegal activities.
Bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.
This tutorial uses Bettercap 1.6.2, if you are looking for the latest version check the link below.
Downloads :
Bettercap 1.6.2
https://packetstormsecurity.com/files...
HSTSPreload
https://hstspreload.org/
Linux Lite
https://www.linuxliteos.com/
Bettercap 2
https://github.com/bettercap/bettercap
Read:
SSL/TLS - Preventing Downgrade Attacks
https://www.venafi.com/blog/preventin...
If you are interested in learning a specific hacking/pentesting method please comment below.
Music: https://www.bensound.com
#seeker #geolocation #tracker
Accurately Locate Smartphones using Social Engineering. Tutorial by m0du5.
DISCLAIMER : This video is intended to educate people on the dangers of accepting and clicking on unknown links. Do not use this method to perform any illegal activities.
Seeker host phishing pages to get location. Seeker hosts a fake website on In Built PHP Server and uses Serveo/Ngrok to generate a link which than forwarded to the target to get location permission.
Downloads :
Seeker
https://github.com/thewhiteh4t/seeker
Linux Lite
https://www.linuxliteos.com/
Read:
Common Phishing Attacks
https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/
If you are interested in learning a specific hacking/pentesting method please comment below.
Music: https://www.bensound.com
#hashexploit #cracking #tutorial
Crack Hash with Hash Exploit tool. Tutorial by m0du5.
DISCLAIMER : This video is intended to educate people on how hackers/pentesters crack passwords, and how important the strength of the password is when it comes to security.
HashExpoit is Great Tool For Cracking Hash. There are many different types of Hash Algorithms. Hash Exploit supports 11 Hash such as md5, sha1, sha223, sha3_384, blake2s, blake2b, sha384, sha3_224, sha512, sha256, sha3_256 and so on.
Downloads :
Hash Exploit
https://github.com/farid007/HashExploit
Wordlist
https://crackstation.net/crackstation...
Linux Lite
https://www.linuxliteos.com/
Read:
Cryptographic Hash Function
https://www.lifewire.com/cryptographi...
If you are interested in learning a specific hacking/pentesting method please comment below.
Music: https://www.bensound.com
#prowl #linkedin #emails
Harvest emails with job titles using Prowl. Tutorial by m0du5.
DISCLAIMER : This video is intended to educate people on how hackers/pentesters harvest email addresses. Please do not use this technique to perform any illegal activities.
Prowl is an email harvesting tool that scrapes Yahoo for LinkedIn profiles associated to the users search terms and identifies job titles. It also identifies current job listings for the specified organisation.
Downloads :
Prowl
https://github.com/nettitude/Prowl
Linux Lite
https://www.linuxliteos.com/
Read:
NTLM Credentials Theft via PDF Files
https://research.checkpoint.com/2018/...
If you are interested in learning a specific hacking/pentesting method please comment below.
Music: https://www.bensound.com
#evillimiter #wifi #networking
Monitor, limit & block a device in a network. Tutorial by m0du5.
DISCLAIMER : Hack the planet videos are meant to educate and not encourage any illegal activities. Please practice within your own network!
A tool to monitor, analyze and limit the bandwidth (upload/download) of devices on your local network without physical or administrative access.
Downloads :
evillimiter
https://github.com/bitbrute/evillimiter
Linux Lite
https://www.linuxliteos.com/
Read:
Arp Spoofing
https://en.wikipedia.org/wiki/ARP_spo...
If you are interested in learning a specific hacking/pentesting method please comment below.
Music: https://www.bensound.com
#h8mail #password #osint
Email OSINT & password breach hunting with h8mail. Tutorial by m0du5.
DISCLAIMER : This video is meant to educate people on data breach and the severity of it and how important the strength of the password is when it comes to security.
h8mail, allows you to search across multiple data breaches to see if your email address has been compromised.
Downloads :
h8mail
https://github.com/khast3x/h8mail
Linux Lite
https://www.linuxliteos.com/
Check for compromised account, online.
https://haveibeenpwned.com/
Read:
Data Breach
https://www.troyhunt.com/the-773-mill...
If you are interested in learning a specific hacking/pentesting method please comment below.
Music: https://www.bensound.com
#captive_portal #ngrok #mysql
Create a custom captive portal and host it on a local machine using MySQL, PHPH, Apache2 Server & Ngrok. Tutorial by m0du5.
DISCLAIMER : This video is intended to educate people and not to perform any illegal activities.
Captive portal is a web page the user sees before accessing a public Wi-Fi network. It is also known as splash page, login page, splash portal and landing page. Through this web page, users can authenticate themselves and register to the WiFi network using their personal credentials.
Downloads :
Captive Portal
https://github.com/jeretc/captive-portal
Ngrok
https://ngrok.com/
Linux Lite
https://www.linuxliteos.com/
Read:
Ngrok
https://ngrok.com/docs
Captive Portal
https://www.securedgenetworks.com/blo...
MySQL
Commands to create DATABASE & TABLE:
create database rogue_AP;
USE rogue_AP;
create table social_login(socialn varchar(64), email varchar(64), userpassword varchar(64));
Command to view TABLE:
select * from social_login;
Ngrok
Command to start Ngrok:
./ngrok http 80
If you are interested in learning a specific hacking/pen-testing method please comment below.
Music: https://www.bensound.com
#wifibroot #PMKID #wpa2
Capture & Crack 4-way handshake and PMKID key. Tutorial by m0du5.
DISCLAIMER : This video is intended to educate people on how hackers gain access to a wireless network by hacking an Access Point that uses weak WiFi passwords. Do not use this method to perform any illegal activities.
Downloads :
WiFi-Broot
https://github.com/hash3liZer/WiFiBroot
Linux Lite
https://www.linuxliteos.com/
WPA / WPA2 Word List Dictionaries
https://www.wirelesshack.org/wpa-wpa2...
USB WiFi Adapters
https://www.kalilinux.in/2020/07/wifi...
Read:
PMKID (Pairwise Master Key Identifier)
https://www.nirico.com/what-should-i-...
If you are interested in learning a specific hacking/pentesting method please comment below.
Music: https://www.bensound.com
#honeypot #pentbox #cybersecurity
Setup and create honeypot to trap hackers. Tutorial by m0du5.
DISCLAIMER : This video is intended to educate people on how honeypot is used to trap a malicious hacker, hoping that they'll interact with it in a way that provides useful intelligence . Do not use this method to perform any illegal activities.
Downloads :
Pentbox
https://github.com/technicaldada/pentbox
Linux Lite
https://www.linuxliteos.com/
Honeypot Tools:
https://github.com/paralax/awesome-ho...
Read:
What is a Honeypot
https://linuxsecurity.expert/security...
If you are interested in learning a specific hacking/pentesting method please comment below.
Music: https://www.bensound.com