>

ABOUT US

Our development agency is committed to providing you the best service.

OUR TEAM

The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.

OUR SKILLS

We pride ourselves with strong, flexible and top notch skills.

Marketing

Development 90%
Design 80%
Marketing 70%

Websites

Development 90%
Design 80%
Marketing 70%

PR

Development 90%
Design 80%
Marketing 70%

ACHIEVEMENTS

We help our clients integrate, analyze, and use their data to improve their business.

150

GREAT PROJECTS

300

HAPPY CLIENTS

650

COFFEES DRUNK

1568

FACEBOOK LIKES

STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

  • Anonymous Hackers Directly Target TikTok: ‘Delete This Chinese Spyware Now’


    Anonymous Hackers Directly Target TikTok: ‘Delete This Chinese Spyware Now’




    This has been a week that TikTok—the Chinese viral video giant that has soared under lockdown—will want to put quickly behind it. The ByteDance-owned platform was under fire anyway, over allegations of data mishandling and censorship, but then a beta version of Apple’s iOS 14 caught the app secretly accessing users’ clipboards and a backlash immediately followed.



    Whether India had always planned to announce its ban on TikTok, along with 58 other Chinese apps, on June 29, or was prompted by the viral response to the iOS security issue is not known. But, as things stand, TikTok has been pulled from the App Store and Play Store in India, its largest market, and has seen similar protests from users in other major markets around the world, including the U.S.Anonymous Hackers Directly Target TikTok: ‘Delete This Chinese Spyware Now’

    One of the more unusual groups campaigning against TikTok is the newly awakened Anonymous hactivist group. As ever with Anonymous, it’s difficult to attribute anything to the non-existent central core of this loosely affiliated hacker collective, but one of the better followed Twitter accounts ostensibly linked to the group has been mounting a fierce campaign against TikTok for several weeks, one that has now gained prominence given the events of the last few days.



    “Delete TikTok now,” the account tweeted today, July 1, “if you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.”









    The account linked to a story that has been doing the rounds in recent days, following a Reddit post from an engineer who claimed to have “reverse engineered” TikTok to find a litany of security and privacy abuses. There has been no confirmation yet as to the veracity of these allegations, and TikTok did not provide any comment on the claims when I approached them.




    The original issue that prompted Anonymous to target TikTok appears to be the “misrepresentation” of Anonymous on TikTok itself, with the setting up of an account. “Anonymous has no TikTok account,” the same Twitter account tweeted on June 6, “that is an App created as spyware by the Chinese government.”



    Those affiliated with Anonymous take exception to copycat accounts, which is complicated by the lack of any central function. In the aftermath of the Minneapolis Police story, someone affiliated with the group took exception to a Twitter account that was monetising the brand, telling me: “We do not appreciate false flag impersonations. There will be consequences.”



    See also




    This has now become an interesting collision of two completely different viral stories in their own right. Anonymous hit the headlines a month ago, when the “group” seemed to mount a comeback in the wake of the killing of George Floyd. A video posted on Facebook threatened to “expose the many crimes” of the Minneapolis Police unless the officers responsible were held to account.



    There have been various stories since then, with reports of DDoS attacks on police service websites, the hacking of data and even the compromise of radio systems. But, as ever, with Anonymous, it is always critical to remember that you are seeing that loose affiliation of like-minded individuals, with Anonymous used as a rallying cry and an umbrella for claims and counter-claims. Attribution, as such, is not possible.



    This also puts TikTok in the somewhat unique position of having united various governments, including the U.S., and Anonymous behind the same cause.


    For TikTok, whether there is any hacking risk following these social media posts we will have to wait and see. Again, you have to remember the way this works. A rallying call has gone out to like-minded hacking communities worldwide. A target has been named and shamed. It would not be a surprise if claims of hacks or DDoS website attacks followed. That’s the patten now.



    So, why does this matter? Well, it’s one thing for the U.S. government or even the Indian government to warn hundreds of millions of users about the dangers of TikTok, but various celebrities and influencers have also been swayed by the latest claims and have publicly expressed their concerns. Anonymous is a viral movement that is targeting some of the same user base that has driven TikTok’s growth. It is campaigning against TikTok, and that campaign will drive its own viral message.



    And while until now that user base has remained steadfastly resilient to any of those warnings, sticking with the video sharing app in droves, you can start to get the feeling now that come of this might stick. It’s subtle, and it’s always risky to judge the world by the twitter-sphere, but there’s a change now in the wind.



    Credit : Forbes


    Disclaimer for Hacking Truth


    If you require any more information or have any questions about our site's disclaimer, please feel free to contact us by email at kumaratuljaiswal222@gmail.com

     

    Disclaimers for Hacking Truth


    All the information on this website - https://www.kumaratuljaiswal.in/ - is published in good faith and for general information purpose only. Hacking Truth does not make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this website (Hacking Truth), is strictly at your own risk. Hacking Truth will not be liable for any losses and/or damages in connection with the use of our website.


    From our website, you can visit other websites by following hyperlinks to such external sites. While we strive to provide only quality links to useful and ethical websites, we have no control over the content and nature of these sites. These links to other websites do not imply a recommendation for all the content found on these sites. Site owners and content may change without notice and may occur before we have the opportunity to remove a link which may have gone 'bad'.
    Please be also aware that when you leave our website, other sites may have different privacy policies and terms which are beyond our control. Please be sure to check the Privacy Policies of these sites as well as their "Terms of Service" before engaging in any business or uploading any information.

     

    Consent


    By using our website, you hereby consent to our disclaimer and agree to its terms.

    Update


    Should we update, amend or make any changes to this document, those changes will be prominently posted here.




    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)



  • Digital strike on 59 Chinese apps including TikTok, UC Browser, India banned



    Digital strike on 59 Chinese apps including TikTok, UC Browser, India banned




    Complete list of Chinese apps banned by Indian government: TikTok ,, India has banned 59 Chinese apps including UC browser. Let us know that the government has banned these Chinese apps under the IT Act 2000.



    A big decision has been taken amidst the deadlock on the border with China. 59 Chinese apps have been banned in India. Among the apps that have been banned are TicketLock, UC Browser, Share It etc. Apart from these, Hello, Like, Cam Scanner, Sheen Kwai have also been banned. Baidu Map, KY, DU Battery Scanner has also been banned. Let us know that the government has banned these Chinese apps under the IT Act 2000. Digital strike on 59 Chinese apps including TikTok, UC Browser, India banned



    Earlier, Indian security agencies had prepared a list of Chinese apps and appealed to the central government to ban them or people should be asked to immediately remove them from their mobiles. The reasoning behind this was that China could hack Indian data.



    At the same time, 20 soldiers of India were martyred in the recent violent clash with the Chinese army in the Galvan Valley of Ladakh. Since then, there was anger among the people of India about all the apps including China and its products. Prime Minister Narendra Modi also appealed to the people to become a self-reliant India.



    However, the decision to ban these 59 apps from China has been taken at a time when the third round of core commander level meeting between the two countries is going to be held in Ladakh. The special thing is that this meeting is being held on the call of India this time. Earlier, both the meetings were held at the invitation of China.





    FULL LIST OF CHINESE APPS BANNED BY GOVT:
    1. TikTok
    2. Shareit
    3. Kwai
    4. UC Browser
    5. Baidu map
    6. Shein
    7. Clash of Kings
    8. DU battery saver
    9. Helo
    10. Likee
    11. YouCam makeup
    12. Mi Community
    13. CM Browers
    14. Virus Cleaner
    15. APUS Browser
    16. ROMWE
    17. Club Factory
    18. Newsdog
    19. Beutry Plus
    20. WeChat
    21. UC News
    22. QQ Mail
    23. Weibo
    24. Xender
    25. QQ Music
    26. QQ Newsfeed
    27. Bigo Live
    28. SelfieCity
    29. Mail Master
    30. Parallel Space 31. Mi Video Call – Xiaomi
    32. WeSync
    33. ES File Explorer
    34. Viva Video – QU Video Inc
    35. Meitu
    36. Vigo Video
    37. New Video Status
    38. DU Recorder
    39. Vault- Hide
    40. Cache Cleaner DU App studio
    41. DU Cleaner
    42. DU Browser
    43. Hago Play With New Friends
    44. Cam Scanner
    45. Clean Master – Cheetah Mobile
    46. Wonder Camera
    47. Photo Wonder
    48. QQ Player
    49. We Meet
    50. Sweet Selfie
    51. Baidu Translate
    52. Vmate
    53. QQ International
    54. QQ Security Center
    55. QQ Launcher
    56. U Video
    57. V fly Status Video
    58. Mobile Legends
    59. DU Privacy




    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)



  • 35 lakh rupees waiting for you even a little knowledge of hacking is there


    35 lakh rupees waiting for you even a little knowledge of hacking is there



    35 lakh rupees waiting for you even a little knowledge of hacking is there


    If you too have a fondness for hacking, you know about coding, then 35 lakh rupees are waiting for you. Sony, the leading electronic company, has announced the bug bounty program for the gaming console PlayStation. Under this program, gamers or any common man may be entitled to this award by removing bugs in the PlayStation 4 and PlayStation Network. Earlier, Sony's PlayStation bug bounty program used to be private, but this year for the first time the company has announced to make it public. hacker101




    Announcing this bug bounty program, Sony wrote in its blog, 'It is a fundamental part of our product security that gives a great experience to our community. To strengthen the security, we attach great importance to the research community. We are excited to announce the new bug bounty program. hackerone



    The company has partnered with HackerOne for this and under this program, work is going on to find flaws in PS4 system, operating system, accessories and PlayStation network. It must be mentioned here that PS3 and PS2 are not part of this program. Bug Bounty Program



    35 lakh rupees waiting for you even a little knowledge of hacking is there





    Sony has divided the prize money of Bug Bounty into four parts, which include Critical, High Severity, Medium Severity and Low Severity. For finding Critical Bugs in PlayStation 4, you will get 50,000 dollars i.e. about 38 lakh rupees, while searching for High, Medium and Low Severity bugs will get 10,000 dollars i.e. about 7.5 lakh rupees, 2,500 dollars i.e. two lakh rupees and 500 dollars i.e. about 38,000 rupees respectively. Bug crowd





    Talking about the PlayStation Network (PSN), if you find a critical bug in it, then you will get 3,000 dollars i.e. about 2.5 lakh rupees, while on searching for high, medium and low severity bugs, 1,000 dollars i.e. about 75,500 rupees, 400 dollars i.e. 30,000 rupees respectively. 100 dollars i.e. about 7,500 rupees.



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

  • Background concept about cross site scripting with examples







    Background Concept About Cross Site Scripting ( XSS ) With Examples



    Now we are going to talk about XSS cross site scripting. XSS Vulnerabilities are among the most wide spread wab application vulnerabilities on the internet. 


    Cross-site-scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicous code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur antwhere a web application uses input from a user within the output  it generates without validating or encoding it. Background concept about cross site scripting with examples



    An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browsers has no way to kmow that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens or, other sensitive information retined by the browser and used with that site. cross site scripting with examples



    It's refer to client side injection attack where an attacker can execute malicious scripts into a legitimate website or web application.  By leavrging a cross site scipting, an attacker doesn't target the victim directly instead an attacker would exploit a vulnerability within a web applications or websites that the victim would visit essentially using the vulnerable website as a vehicle the deliver the malcious script to the victim's browser. basicallly we will use a website to deliver our payloads to the victime, when victim visit into that they paylaod are will executed and the payload will to our job, payload can be malicious, payload can be simple whatever. xss examples



    Let's talk about impact of XSS



    1) Cookie theft
    2) Keylogging
    3) Phishing
    4) URL Redirection



    cross site scripting can be used to a part of URL redirection. Cookies stealing, Keylogging, Phishing etc.


    so, in order to run our javascript malicious script in a victim's browser, an attacker must first find a way to inject a payload into web page. That's the victim visit. 


    for exploitation, attacker can used social engineering way such as email, click jacking to manipulate user for executation to our payload.



    Let's talk about the Types of XSS...



    Mainly cross site scriptings are parts of three types :-


    1) Reflected XSS
    2) Stored XSS
    3) DOM-based XSS




    Reflected XSS or  Stored XSS 

    It's a most common types of Cross site scripting, attacker payload script has to be part of the request which is send to the website an reflect back in such as a way that the HTTP response includes that the payload.

    so, basically reflected cross site scripting are required client site interaction, if user will visit that the vulnerable web page and server will deliver our paylaod to the users browse here, then user stored this but server want any payload,we will deliver our paylaod to the client browser and if client visiting that then there's a client side attacks. sql injection cheatsheet




    DOM Based XSS :-

    it's a advance type of cross site scripting attack, which be made possibly when the web application client site scripting writes user provides a data into a document objects model. The Most dangerous parts of this attack is client side attacks. how to prevent from sql injection


    In the attacker's payload is never sent to the server, this makes it will more to detect web application firewall and security engineers.


    so basically let's take example of Reflected, stored and DOM through practially,




    This is a website testphp.vulnweb.com


    So we will type something in the search box like Hello or HackingTruth.in and hit go button...









    so it's a reflected but not stored, it's not storing..
    so there may be reflected cross site scripting.



    Now. let's click on the signup option and you can try withlogin based application and if i will give a any text like kumaratuljaiswal.in









    DOM XSS



    if i will give any parameter like hello

    paramter=hello


    <script></script>


    and just executing to the user's context, nor the server side to the sever application, then there may be DOM based...



    Example this


    prompt.mI/O


    this is not sending to the server there are executing to the our context, if i will give anypayload there and it will execute then this is called DOM based scripting. cross site scripting how to prevent


    see this








    so just only executing on the user's script, nor the server side  nor to the client side.




    How to Hunt for XSS ?


    • Find a Input parameter, Give any input there and not senitizer then If your input reflect or stored any where there may be XSS.
    • Try to execute any javascript code there, if you succeed to execute any javascript then there is a XSS
    • Exploitation of XSS.



    you'll find a input parameter then give input there , if your input reflect or stored anywhere there may be cross site scripting. cross site scripting example



    XSS Cheatsheet Here :- Click Here 



    I hope its clear to about The Background concept of cross site scripting :-)



    Disclaimer


    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal


    Video Tutorial :-  SooN

     


    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)





  • How Google Chrome will prevent websites from spying on you




    How Google Chrome will prevent websites from spying on you



    As part of its effort to maintain user-privacy, Google Chrome is building a feature that could ultimately keep websites from spying on you.

    The capability, which has been spotted in the developer build of the browser, will keep websites from accessing sensor data of your phone/computer.

    For those unaware, this information can be used by websites/advertisers for tracking your movements and more. How Google Chrome will prevent websites from spying on you



    Tracking using motion sensor


    A few years back, a study revealed that potential attackers can use websites to fetch the motion sensor (accelerometer and gyroscope) data from a visitor's device.

    The research claimed that the information mined by websites (via different APIs) could be used to determine your movements, including data like if you are moving, standing still, or traveling by car or train.





    Information


    Then, this information can be used to build user profiles

    The movement information from the sensors can then be combined with web activity to build unique profiles of the visitors and track, surveil and monetize them. MSPoweruser claims that sensor information could even be used to recognize your unique walking gait.




    Chrome is already working on a preventive method



    Since many users want to protect themselves from being tracked by websites, Google Chrome is testing an option to allow or block censors for websites in the Canary.

    These features will be available to both Android and desktop users, giving them the option to choose whether websites should know the speed and light sensors, and if the website starts getting information about things like light sensors in Chrome. There may be danger messages

    And while you will be reading this post, this feature will be available in Chrome.









    And you should not forget to check this post, this is also part of motion in censor motion or light and do not forget to follow



    How this feature would work





    The feature, enabled by default, can be accessed from the 'Content' section in browser settings.

    Meaning, whenever you open a page accessing sensors, the browser will generate an omnibox pop-up, similar to the one that opens for GPS or mic permissions, notifying about the access.

    It will have two options: either allow sensor access for the page or block it permanently for that page.



    Information


    Per-site control only for desktop users

    As of now, sensor access for individual websites can only be controlled on the desktop version of Chrome Canary. Android users, as HackingTruth.in(Kumaratuljaiswal) screenshots indicated, will get a single toggle to control access for all websites at once.





    When this feature will be available






    According to Chromium developers' message board, the feature has been targeted for Chrome 75.

    As of now, the browser is on version 73, which means it might be a few months before it debuts in a stable release.

    Also, in addition to this feature, Google has also been testing a dark mode for Chrome which would also recolor web pages.




    Disable Motion Sensors


    Load chrome://settings/content/sensors in the Chrome address bar(Computer/Smartphone).

    Doing so opens the Sensor permissions in the browser.

    Toggle "Allow sites to use motion and light sensors" to enable or disable Sensors globally.



    Disclaimer

     

    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    Video Tutorial :-  SooN


                
        


    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)




  • What is Port Forwarding ? use of ngrok ? Access localhost website from outside network






    What is Port Forwarding |  use of ngrok |  Access localhost website from outside network



    In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host.



    Port forwarding allows remote computers (for example, computers on the Internet) to connect to a specific computer or service within a private local-area network (LAN).[3]


    In a typical residential network, nodes obtain Internet access through a DSL or cable modem connected to a router or network address translator (NAT/NAPT). Hosts on the private network are connected to an Ethernet switch or communicate via a wireless LAN. The NAT device's external interface is configured with a public IP address. The computers behind the router, on the other hand, are invisible to hosts on the Internet as they each communicate only with a private IP address. What is Port Forwarding ? use of ngrok ? Access localhost website from outside network


    When configuring port forwarding, the network administrator sets aside one port number on the gateway for the exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal service. Often, the port numbers of well-known Internet services, such as port number 80 for web services (HTTP), are used in port forwarding, so that common Internet services may be implemented on hosts within private networks.





    Typical applications include the following:

    •     Running a public HTTP server within a private LAN
    •     Permitting Secure Shell access to a host on the private LAN from the         Internet
    •     Permitting FTP access to a host on a private LAN from the Internet
    •     Running a publicly available game server within a private LAN



    Administrators configure port forwarding in the gateway's operating system. In Linux kernels, this is achieved by packet filter rules in the iptables or netfilter kernel components. BSD and macOS operating systems prior to Yosemite (OS 10.10.X) implement it in the Ipfirewall (ipfw) module while macOS operating systems beginning with Yosemite implement it in the Packet Filter (pf) module.





    When used on gateway devices, a port forward may be implemented with a single rule to translate the destination address and port. (On Linux kernels, this is DNAT rule). The source address and port are, in this case, left unchanged. When used on machines that are not the default gateway of the network, the source address must be changed to be the address of the translating machine, or packets will bypass the translator and the connection will fail.



    When a port forward is implemented by a proxy process (such as on application layer firewalls, SOCKS based firewalls, or via TCP circuit proxies), then no packets are actually translated, only data is proxied. This usually results in the source address (and port number) being changed to that of the proxy machine.



    Usually only one of the private hosts can use a specific forwarded port at one time, but configuration is sometimes possible to differentiate access by the originating host's source address.



    Unix-like operating systems sometimes use port forwarding where port numbers smaller than 1024 can only be created by software running as the root user. Running with superuser privileges (in order to bind the port) may be a security risk to the host, therefore port forwarding is used to redirect a low-numbered port to another high-numbered port, so that application software may execute as a common operating system user with reduced privileges.


    The Universal Plug and Play protocol (UPnP) provides a feature to automatically install instances of port forwarding in residential Internet gateways. UPnP defines the Internet Gateway Device Protocol (IGD) which is a network service by which an Internet gateway advertises its presence on a private network via the Simple Service Discovery Protocol (SSDP). An application that provides an Internet-based service may discover such gateways and use the UPnP IGD protocol to reserve a port number on the gateway and cause the gateway to forward packets to its listening socket.


    Types of port forwarding



    Port forwarding can be divided into the following specific types: local, remote, and dynamic port forwarding.


    Local port forwarding



    Local port forwarding is the most common type of port forwarding. It is used to let a user connect from the local computer to another server, i.e. forward data securely from another client application running on the same computer as a Secure Shell (SSH) client. By using local port forwarding, firewalls that block certain web pages are able to be bypassed.



    Remote port forwarding



    This form of port forwarding enables applications on the server side of a Secure Shell (SSH) connection to access services residing on the SSH's client side.[8] In addition to SSH, there are proprietary tunnelling schemes that utilize remote port forwarding for the same general purpose.[9] In other words, remote port forwarding lets users connect from the server side of a tunnel, SSH or another, to a remote network service located at the tunnel's client side.


    To use remote port forwarding, the address of the destination server (on the tunnel's client side) and two port numbers must be known. The port numbers chosen depend on which application is to be used.


    Remote port forwarding allows other computers to access applications hosted on remote servers. Two examples:


    An employee of a company hosts an FTP server at their own home and wants to give access to the FTP service to employees using computers in the workplace. In order to do this, an employee can set up remote port forwarding through SSH on the company's internal computers by including their FTP server’s address and using the correct port numbers for FTP (standard FTP port is TCP/21).


    Opening remote desktop sessions is a common use of remote port forwarding. Through SSH, this can be accomplished by opening the virtual network computing port (5900) and including the destination computer’s address.
       



    Dynamic port forwarding



    Dynamic port forwarding (DPF) is an on-demand method of traversing a firewall or NAT through the use of firewall pinholes. The goal is to enable clients to connect securely to a trusted server that acts as an intermediary for the purpose of sending/receiving data to one or many destination servers.[11]


    DPF can be implemented by setting up a local application, such as SSH, as a SOCKS proxy server, which can be used to process data transmissions through the network or over the Internet. Programs, such as web browsers, must be configured individually to direct traffic through the proxy, which acts as a secure tunnel to another server. Once the proxy is no longer needed, the programs must be reconfigured to their original settings. Because of the manual requirements of DPF, it is not often used.



    Once the connection is established, DPF can be used to provide additional security for a user connected to an untrusted network. Since data must pass through the secure tunnel to another server before being forwarded to its original destination, the user is protected from packet sniffing that may occur on the LAN.



    DPF is a powerful tool with many uses; for example, a user connected to the Internet through a coffee shop, hotel, or otherwise minimally secure network may wish to use DPF as a way of protecting data. DPF can also be used to bypass firewalls that restrict access to outside websites, such as in corporate networks.




    How to use Ngrok for Access outside Network ?



    1) first we need a localhost server such as hosting provider or need a web address to access the outside network ( For eg Ngrok )


    ngrok.com













    Spend more time programming. One command for an instant, secure URL to your localhost server through any NAT or firewall.




    2) Signup or login to ngrok and go to with download option for downloading a ngrok server ( application )


    https://ngrok.com/download




    3) First, download the ngrok client, a single binary with zero run-time dependencies. you can downloa for MAC OS X, Windows, Mac (32bit), Windows (32-bit), Linux (ARM), Linux (ARM64), Linux (32-bit), FreeBSD (64-Bit), FreeBSD (32-bit)...  


    4)  On Linux or OSX you can unzip ngrok from a terminal with the following command. On Windows, just double click ngrok.zip.


      $ unzip /path/to/ngrok.zip 


    Most people like to keep ngrok in their primary user folder or set an alias for easy command-line access.







    5)  Try it out by running it from the command line:


      ./ngrok help 




    6) To start a HTTP tunnel on port 80, run this next:


      ./ngrok http 80  











    OR


      ngrok http -subdomain=baz 8080 


    OR



      ngrok http foo.dev:80   




    OR


      ngrok http https://localhost 


    OR


      ngrok tcp 22 



    How To Access website from Outside Network ?


    Type the following command and press enter :-


    1)   serivce apache2 start 


    otherwise i have already download and install external apache server ( XAMPP Server )









    For chech a service status , it's a start or not  


      service apache2 start 



    then we have ready to access our localhost website via inside and outside network  ( internet )



    Now, we have to copy a ngrok's link


    https://ab5ac26e3592.ngrok.io








    Then access






    Through Mobile








     ----------------





    Disclaimer

     

    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    Video Tutorial :- 


                
        


    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)



  • calculate first and last usable IP on the subnetwork





    Calculate First and Last Usable IP on The Subnetwork 


    The network ID is 192.168.1.0, so the first usable address is 192.168.1.1. The broadcast address is 192.168.1.63, so the last usable address is 192.168.1.1.62. As a simple rule, the first usable address is the network ID + 1, while the last usable address is the broadcast address - 1.

    You can use subnet calculators (tons are available online), but being able to calculate subnets is always handy. You can refer to a subnetting guide like this
    to learn, and then create several exercises on your own to practice, using subent calculators to check if you did them correctly.  calculate first and last usable IP on the subnetwork 




    See also :- Click Here For Bug find with ASN & CIDR Number





    Demonstrate Subnetting




    The best way to demonstrate subnetting method is by using an example. For example we are given a network address 192.168.116.0 with the default subnet mask of 255.255.255.0. The requirement is to perform subnetting such that we create as many subnets as we can with 30 hosts in each subnet. What is the network ID, broadcast address, first and last usable IP calculate on the subnetwork




    Our First step will be to determine how many bits do we need to borrow from the host portion such that the requirement of minimum 30 hosts per subnet is fulfilled. Using the formula below


    2n -2,


    Where the exponent n is equal to the number of bits left after subnet bits are borrowed.




    we can calculate how many bits will be required so that each subnet has 30 host addresses. 25 -2 =30, so 5 bits atleast must be available for host addressing and the remaining can be borrowed to create subnet addresses. The -2 in the formula accounts for two addresses the subnetwork address and the broadcast address which cannot be assigned to hosts.




    The network 192.168.116.0/24 has 8 bits for host portion and we will reserve 5 bits for the new host portion, the 3 bits remaining can now be used for creating subnets. To determine how many subnets we can


    create, use the following formula:


    2n = number of subnets


    where the exponent n is bits borrowed from the host portion.


    Thus in this case we can create 23 =8 subnets



    Our second step will be to calculate the new subnet mask, our previous subnet mask was 255.255.255.0 or 11111111.11111111.11111111.00000000 in binary. Since we have borrowed 3 bits from the host portion our new subnet mask will be 11111111.11111111.11111111.11100000 which is 255.255.255.224 when converted to decimal notation.



    We have discussed in detail the conversion process of binary to decimal and vice versa. When performing IP subnetting we will refer to the picture shown below which is very handy in this process.




    What is the network ID, broadcast address, first and last usable IP calculate on the subnetwork







    So our original subnet mask was 255.255.255.0 and we allocated 3 bits from the host portion which allowed us to have 8 subnets and 30 hosts within each subnet. We can quickly convert 255.255.255.0 to binary by looking at the table above. An octet which is 255 in decimal will be 11111111 in binary so 255.255.255.0 will be 11111111. 11111111. 11111111.00000000. We will set the first 3 bits of the last octet to 1 and last octet will now be 11100000 which from the table above will be 224 in decimal. So our new subnet mask is 255.255.255.224



    Our third step will be to determine the subnet multiplier which is fairly simple. All we have to do is subtract the last nonzero octet of the subnet mask from 256. So in this case our subnet multiplier will be 256-224 =32. We will use the subnet multiplier in the next step to list the subnets.



    Our final step will be to list the subnet address, host range and the broadcast address. The first subnet address will be 192.168.116.0/27 and the following subnets will be with increments of 32, the subnet multiplier we calculated in the previous step.



    Shown in the table below are the subnet addresses, their respective host ranges and the broadcast addresses.




    What is the network ID, broadcast address, first and last usable IP calculate on the subnetwork





    As shown in the table, once we have listed the subnet addresses, calculating the host range and broadcast address is relatively simple. The broadcast address will be the last address of the subnet and one less the preceding subnet address. For example for the subnet 192.168.116.0/27 the broadcast address will be 192.168.1.31 which is last address of this subnet and in binary it will be all 1s in the host portion, this address is preceded by the next subnet address.



    The host range will start from the next address after the subnet address for example for the subnet 192.168.116.32/27 the host range will start at 192.168.116.33 and end at one less the broadcast address which will be 192.168.116.62 since the broadcast address is 192.168.1.63. The host address must exactly be 30 in number since we have reserved 5 bits for the host portion.





    Top 100 Ethical Hacking Interview Question & Ans


    Click Here :- Let's Visit




    The methods shown above to calculate the range of valid host IP addresses and the broadcast address are very easy and quick. We will also learn another way to perform these calculations.




    To calculate the broadcast address of a subnet change all the host bits values in the subnet address to binary 1s. For example if we need to find the broadcast address of the subnet 192.168.116.32/27 we will first list the subnet address in binary, (we have previously discuses the mathematical conversion process in a previous article). So 192.168.116.0/27 will result in 11000000.10101000.01110100.00100000. Then we will change all host bits values to binary 1s which will be 11000000.10101000.01110100.00111111. So now we have the broadcast address in binary. Converting this to decimal will result in 192.168.116.63.





    We can also calculate a range of valid host IP addresses in a subnet using the binary method. For example if need to calculate the range of host addresses in the subnet 192.168.116.32/27 we will first find the first usable host IP address by changing the right-most host bit to 1 of the subnet address . Our subnet address in binary is 11000000.10101000.01110100.00100000 and when we change the right-most host bit to 1 it will be 11000000.10101000.01110100.00100001 which is 192.168.116.33, this is our first usable host IP address of the subnet. Now we will find the last usable host IP address of the subnet by changing all host bits in the subnet address to 1 except for the right-most host bit which will be 11000000.10101000.01110100.00111110, converting this to decimal will result in 192.168.116.62. So now we have the valid host IP address range for the subnet 192.168.116.32/27 which is from 192.168.116.33 to 192.168.116.62. It can also be confirmed from the table above.




    This brings us to the end of this article in which we covered basic subnetting techniques. There are several techniques and each person has his favorite. The technique demonstrated in the article is simple and quick technique of performing subnetting.




    Out first octet 11000000 can be converted to decimal by picking the bits which are 1 and adding the corresponding decmial values shown in the table above. So 11000000 will be 128 + 64 = 192.



    Similarly the second octet 10101000 will be 128 + 32 + 8 = 168, third octet 01110100 will be 64 + 32 +16 +4 = 116 and the finally the fourth octet 11010010 will be 128 + 64 + 16 + 2 = 210.



    This results in the IP address 192.168.116.210.







    This brings us to the end of this article in which we learn the architecture of IP addresses and also explained the purpose of a subnet mask. We also covered a very imporant tutuorial on binary to decimal conversion and vice versa. It is very important to have firm concepts as these are the base for the entire upcoming CCNA lessons.




    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)






  • Anonymous Hackers Directly Target TikTok: ‘Delete This Chinese Spyware Now’

    This has been a week that TikTok—the Chinese viral video giant that has soared under lockdown—will want to put quickly behind it. Th...

    Popular

    WHAT WE DO

    We've been developing corporate tailored services for clients for 30 years.

    CONTACT US

    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Harmu
    • Person :Kumar Atul Jaiswal
    • Phone :+918877372173
    • Country :India
    • Email :kumaratuljaiswal222@gmail.com

    The page name itself is a call-to-action; Treat it with some respect.!

    Ethical Hacking, web developing, web penetesting etc you can contact me on any kind of information