-->

ABOUT US

Our development agency is committed to providing you the best service.

OUR TEAM

The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.

OUR SKILLS

We pride ourselves with strong, flexible and top notch skills.

Marketing

Development 90%
Design 80%
Marketing 70%

Websites

Development 90%
Design 80%
Marketing 70%

PR

Development 90%
Design 80%
Marketing 70%

ACHIEVEMENTS

We help our clients integrate, analyze, and use their data to improve their business.

150

GREAT PROJECTS

300

HAPPY CLIENTS

650

COFFEES DRUNK

1568

FACEBOOK LIKES

STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label cyber security. Show all posts
Showing posts with label cyber security. Show all posts
  • Can i learn hacking on my own ?

     

    Can i learn hacking on my own ?

     

     

     

    Can i learn hacking on my own ?


    Yes, if you follow these rules :

    Be a problem solver

     

    First, you have to be a problem sovler instead of complaining about it, like you face a computer error will try to setup something than fix it on you own by googling or youtube. This improves your knowledge about how things work and its very important for a hacker.




    Join Community of Hacker


    Yes, you have to join a community of like minded people so you can see what actually happening in the technical world and you can discuss your doubts and also help others with their problems and indirectly it improves your skills and knowledge.




    Save Bookmark of Hacking Blogs


    Find at least 3 website that post tutorials or guides about pen-testing, computer tricks, smartphone tricks, etc. So, you will learn the latest things which newly discovered or developed.



    Find a problem then fix it


    This technical world is full of problems, daily people face many problems and its oportunity for hackers or technical experts by finding their solutions and become famous or increase your value. It helps you give motivation for your journey and you start thinking out of the box.


    Disclaimer

     
     
    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     



  • Python projects you must try

     

     

    Python projects you must try

     



     

    Python projects you must try


    The best way to learn programming language is to build project with it. Here are some python projects you must try.


    Difficulty Level : Easy(I)


    1. Send Automatic Emails using python
    2. Defang IP address
    3. Password authentication using python
    4. Web scrapping to create a dataset
    5. Resume Scanner
    6. Merge sort algorithm
    7. Pick a random card using python
    8. Quartile deviation using python
    9. Count character occurrences
    10. Pyramid pattern using python





    Difficulty Level : Easy(II)

    11. Sequential Search
    12. Swap variables using python
    13. Sorting NumPy Arrays
    14. Validate anagrams
    15. Create tables with python
    16. Recursive binary search
    17. Dijkstra's algorithm using python
    18. Hash tables using python
    19. Queues using python
    20. Validate a binary search tree




    Difficulty Level : Intermediate


    1. Visualize a neural network using python
    2. Bias and variance using python
    3. Get live weather updates using python
    4. Count objects in image using python
    5. Scrape trending news using python
    6. Real-time stock price data visualization using python
    7. OTP verification using python
    8. Choropleth map with python
    9. Egg catcher game
    10. Extract country details




    Difficulty Level : Hard


    1. Convert text to numberical data
    2. AUC and ROC using python
    3. Interactive language translator
    4. Maximum profit finder
    5. Language detection
    6. Histogram and density plots with python
    7. Radar plot with python
    8. Create a chatbot with python
    9. Stopwords removal
    10. Unicode characters removal

     

     

    Disclaimer

     
     
    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     

     




  • Make money legally as a Hacker without degree

     

    Make money legally as a Hacker without degree

     

    Make money legally as a Hacker


    It's okay if you don't have college degree

    Without a college degree you can make money as a hacker and you won't get arrested for it. Even this is possible you are just in your first year and you are already earning a good lumpsum of money. It's just matter of effort
    you execute over things.

    You don't need certificate to earn money, you'll just need skills to earn money!




    Teaching cyber security


    Teaching hacking is one of the most easy may to make money with the help of your skills, even the best hackers of
    world still write books related to hacking.


    Writing articles on cyber security, helping others with tutorial videos and ebooks will helo you out in earning.

    If you are an undergraduate, don't go for making tutorials, you can sell your skill in your campus.




    Bug Bounty Programs


    Companies are on the rise looking to reward ethical hackers who notify them of any bug in their software before it could be exploited by malicious hackers.

    Become a bug bounty hunter, no legislation is against it, you make money when you win it. Any no company will ask for your certificate, all they need are your fingers on those keys.


    Write Software securities


    The government won't blame you making money writing software securities that abort malicious attacks. Instead, you will get some accolades for that.

     

    Disclaimer

     
     
    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     

  • Killer website for hackers

     

    Killer website for hackers

     

     

    Killer website for hackers


    Exploit Database


    Exploit database (ExploitDB) is an archive of exploits for the purpose of public security, and it explains what can be found on the database. The ExploitDB is a very useful resource for identifying possible weakness in your network and for staying up to date on current attacks occuring in other networks.




    Shodan


    Shodan works by requesting connections to every imaginable internet protocol (IP) address on the internet and indexing the information that it gets back from those connection requests. Shodan crawls the web for devices using a global network of computers and servers that are running 24/7.





    Archive org


    Intenet Archive is a non-profit library of millions of free books, Movies, software, music, websites, and more.



    Nmmapper


    Pentest tool from nmap online to subdomain finder, theHarvester, wappalyzer. Discover dns records of domains, detect cms using cmseek & whatweb.





    Builtwith


    Builtwith is a website profiler, lead generation, competitive analysis and business intelligence tool providing technology adoption, ecommerce data and usage analytics for the internet.




    Disclaimer

     
     
    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.



  • Python Libraries that can automate your life

     

     

    Python Libraries that can automate your life

     

    Python Libraries that can automate your life


    1) Openpxl

    Automate excel reporting

    Openpyxl is a python library that can help us automate our excel reporting. With openpyxl, we can read an Excel file, write excel formulas, make charts, and format a worksheet using python.


    Installation

    • pip install openpyxl




    2) SMTPLIB


    Email automation

    smtplib is a built-in python module used for sending emails using the Simple Mail Transfer Protocol (SMTP).


    • You dont need to install smtplib or email because thay come with python.




    3) Camelot


    Automate table extraction from

    PDFs

    These tables can be exported into a Pandas dataframe and other formats such as CSV, JSON, Excel, HTML, Markdown, and SQLite.

    Installation

    • pip install "camelot-py[base]"




    4) Requests: Make Your Life Easier With an API


    Automation sometimes involves working with an API. APIs can help you collect real-world data and also simplify the development process of an application.

    To work with an API you need to send requests to a server and then read the responses. The message sent by a client to a server is known as an HTTP request.

    With the Requests library, we can interact with an API by sending HTTP requests and accessing the response data. This library has useful features such as passing parameters in URLs, sending custom headers, form data, and more.
    Installation

    To install Requests, we only need to run the command below in our terminal.
     

    • python -m pip install requests




    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.



  • Useful Github Repositories


    Useful Github Repositories

     

    Useful Github Repositories


    1) Project Based Learning

    A list of programming tutorials in which aspiring software developers learn how to build an applications from scratch.


    Link - https://github.com/practical-tutorials/project-based-learning



    2) Free Programming Books

    The Free Ebook Foundation now administers the repo, a not-for-profit organization devoted to promoting the creation, distribution, archiving, and sustainability of free ebooks. Donations to the Free Ebook Foundation are tax-deductible in the US.


    This list was originally a clone of StackOverflow - List of Freely Available Programming Books with contributions from Karan Bhangui and George Stocker.

    The list was moved to GitHub by Victor Felder for collaborative updating and maintenance. It has grown to become one of GitHub's most popular repositories, with 226,000+ stars, about 9,600 watchers, more than 7,000 commits, 1,900+ contributors, and 47,700+ forks.


    Link - https://github.com/EbookFoundation/free-programming-books





    3) Developer Roadmap

    Roadmaps are being made interactive and have been moved to website.
    View all Roadmaps

    Here is the list of available roadmaps with more being actively worked upon.

    •     Frontend Roadmap
    •     Backend Roadmap
    •     DevOps Roadmap
    •     React Roadmap
    •     Angular Roadmap
    •     Android Roadmap
    •     Python Roadmap
    •     Go Roadmap
    •     Java Roadmap
    •     DBA Roadmap
    •     Etc...




    Link - https://github.com/kamranahmedse/developer-roadmap




    4) Public APIs

    A collective list of free APIs for use in software and web development


    Link - https://github.com/public-apis/public-apis



    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


  • India gave a befitting reply to foreign hackers in their stronghold, conspiracy being hatched from Malaysia and Indonesia

     

    India gave a befitting reply to foreign hackers in their stronghold, conspiracy being hatched from Malaysia and Indonesia

     

     

    India gave a befitting reply to foreign hackers


    India gave a befitting reply to foreign hackers in their stronghold, conspiracy being hatched from Malaysia and Indonesia


    After the remarks of former BJP spokesperson Nupur Sharma, hackers from some countries have hatched a cyber war against India. Information about attacks on the websites of government departments and some private institutions by hackers from countries like Malaysia and Indonesia has come to the fore. These hackers also made Nupur Sharma's mobile number and home address public on many websites.


    In order to give a befitting reply to the perpetrators of cyber attacks against India, the Ahmedabad Cyber ​​Crime Cell penetrated the hackers' website and their cyber network, found bugs and gave a befitting reply. Amit Vasava, Deputy Commissioner of Police, Ahmedabad Cyber ​​Crime Cell shared important information about this. He told that after such attacks, the cooperation of cyber expert Nisarga Shah was taken to answer the hackers in their own language.


    With the help of cyber expert Nisarg Shah, the Cyber ​​Crime Cell of Ahmedabad Police has found a bug in the network of these hackers and submitted a report to the governments of Indonesia and Malaysia. Have looked for flaws in over 100 Indonesian government websites and 70 Malaysian government websites.




    Hacker Groups of Malaysia and Indonesia


    According to Deputy Commissioner of Police Amit Vasava, with this conspiracy against India, hackers want to create disturbances by cyber attack on India's infrastructure, power grid, digital space. The names of hacker groups 'Dragon Force Malaysia' and 'Hectivist Indonesia' have come to the fore in this conspiracy so far. Their target is the websites of many important departments of the central and state government, police, universities, civic facilities networks and websites of many private industry groups.




    Inputs received from Andhra Pradesh and Maharashtra Police


    Hackers claim that so far they have hacked 200 websites in India. This is also corroborated on the basis of inputs received from Andhra Pradesh Police and Thane Police in Maharashtra. There are reports of hacking. The cyber cell of Ahmedabad Police has challenged by reaching the network of hackers. The cyber cell says that we cannot sit on our hands.




    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


     

  • Wireshark Packet Navigation

     


     

     

    Wireshark Packet Navigation


    Packet Numbers


    Wireshark calculates the number of investigated packets and assigns a unique number for each packet. This helps the analysis process for big captures and makes it easy to go back to a specific point of an event.  Wireshark Packet Navigation


     

    Wireshark Packet Navigation

     

     

    Go to Packet


    Packet numbers do not only help to count the total number of packets or make it easier to find/investigate specific packets. This feature not only navigates between packets up and down; it also provides in-frame packet tracking and finds the next packet in the particular part of the conversation. You can use the "Go" menu and toolbar to view specific packets.


    Wireshark - go to packet

     

    Wireshark Packet Navigation

     


    Find Packets


    Apart from packet number, Wireshark can find packets by packet content. You can use the "Edit --> Find Packet" menu to make a search inside the packets for a particular event of interest. This helps analysts and administrators to find specific intrusion patterns or failure traces.

    There are two crucial points in finding packets. The first is knowing the input type. This functionality accepts four types of inputs (Display filter, Hex, String and Regex). String and regex searches are the most commonly used search types. Searches are case insensitive, but you can set the case sensitivity in your search by clicking the radio button.

    The second point is choosing the search field. You can conduct searches in the three panes (packet list, packet details, and packet bytes), and it is important to know the available information in each pane to find the event of interest. For example, if you try to find the information available in the packet details pane and conduct the search in the packet list pane, Wireshark won't find it even if it exists.

     

     

    Wireshark Packet Navigation



    Mark Packets


    Marking packets is another helpful functionality for analysts. You can find/point to a specific packet for further investigation by marking it. It helps analysts point to an event of interest or export particular packets from the capture. You can use the "Edit" or the "right-click" menu to mark/unmark packets.

    Marked packets will be shown in black regardless of the original colour representing the connection type. Note that marked packet information is renewed every file session, so marked packets will be lost after closing the capture file.

     


    Wireshark Packet Navigation


    Packet Comments


    Similar to packet marking, commenting is another helpful feature for analysts. You can add comments for particular packets that will help the further investigation or remind and point out important/suspicious points for other layer analysts. Unlike packet marking, the comments can stay within the capture file until the operator removes them.

     

     

    Wireshark Packet Navigation

     

     

    Export Packets


    Capture files can contain thousands of packets in a single file. As mentioned earlier, Wireshark is not an IDS, so sometimes, it is necessary to separate specific packages from the file and dig deeper to resolve an incident. This functionality helps analysts share the only suspicious packages (decided scope). Thus redundant information is not included in the analysis process. You can use the "File" menu to export packets.

     

     

    Wireshark Packet Navigation

     

     

     

    Export Objects (Files)


    Wireshark can extract files transferred through the wire. For a security analyst, it is vital to discover shared files and save them for further investigation. Exporting objects are available only for selected protocol's streams (DICOM, HTTP, IMF, SMB and TFTP).

     


    Wireshark Packet Navigation


    Time Display Format


    Wireshark lists the packets as they are captured, so investigating the default flow is not always the best option. By default, Wireshark shows the time in "Seconds Since Beginning of Capture", the common usage is using the UTC Time Display Format for a better view. You can use the "View --> Time Display Format" menu to change the time display format.

     

     

    Wireshark Packet Navigation


    Wireshark Packet Navigation

     

     

    Expert Info


    Wireshark also detects specific states of protocols to help analysts easily spot possible anomalies and problems. Note that these are only suggestions, and there is always a chance of having false positives/negatives. Expert info can provide a group of categories in three different severities. Details are shown in the table below.

     

     

    Wireshark Packet Navigation

     

    Frequently encountered information groups are listed in the table below. You can refer to Wireshark's official documentation for more information on the expert information entries.

     


    Wireshark Packet Navigation


     

    You can use the "lower left bottom section" in the status bar or "Analyse --> Expert Information" menu to view all available information entries via a dialogue box. It will show the packet number, summary, group protocol and total occurrence.

     

     

    Wireshark Packet Navigation

     

     

     


    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


     

  • HACK Your Offensive Security Side


    HACK Your Offensive Security Side

     

    HACK Your Offensive Security Side


    In short, offensive security is the process of breaking into computer systems, exploiting software bugs, and finding loopholes in applications to gain unauthorized access to them.


    To beat a hacker, you need to behave like a hacker, finding vulnerabilities and recommending patches before a cybercriminal does.

    On the flip side, there is also defensive security, which is the process of protecting an organization's network and computer systems by analyzing and securing any potential digital threats; learn more in the digital forensics room.

    In a defensive cyber role, you could be investigating infected computers or devices to understand how it was hacked, tracking down cybercriminals, or monitoring infrastructure for malicious activity.


    Practical


    First of for your kind information all kinds of things which is used here all exercises are fake simulations so don't panic and don't go dark side okay!!.


    Find hidden website pages



    Most companies will have an admin portal page, giving their staff access to basic admin controls for day-to-day operations. For a bank, an employee might need to transfer money to and from client accounts. Often these pages are not made private, allowing attackers to find hidden pages that show, or give access to, admin controls or sensitive data.


    HACK Your Offensive Security Side



    Type the following command into the terminal to find potentially hidden pages on FakeBank's website using GoBuster (a command-line security application).


    gobuster -u http://420fakebank.co.uk -w wordlist.txt dir




    HACK Your Offensive Security Side





    In the command above, -u is used to state the website we're scanning, -w takes a list of words to iterate through to find hidden pages.

    You will see that GoBuster scans the website with each word in the list, finding pages that exist on the site. GoBuster will have told you the pages it found in the list of page /directory names (indicated by Status: 200).




    Hack the bank


    You should have found a secret bank transfer page that allows you to transfer money between accounts at the bank (/bank-transfer). Type the hidden page into the FakeBank website on the machine.

     

     

    HACK Your Offensive Security Side
     



    This page allows an attacker to steal money from any bank account, which is a critical risk for the bank. As an ethical hacker, you would (with permission) find vulnerabilities in their application and report them to the bank to fix before a hacker exploits them.

     

     

    HACK Your Offensive Security Side

     

     


    Transfer $2000 from the bank account 2276, to your account (account number 8881).




    HACK Your Offensive Security Side



    How can I start learning?


    People often wonder how others become hackers (security consultants) or defenders (security analysts fighting cybercrime), and the answer is simple. Break it down, learn an area of cyber security you're interested in, and regularly practice using hands-on exercises. Build a habit of learning a little bit each day on differnt types of website, and you'll acquire the knowledge to get your first job in the industry.



    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


     

  • web5 is here

     

    web5 is here web2+web3

     

     

    Currently we are working on web 2 and we are excited about web 3 and then jack dorsey says hey we are coming up with web 5 that is correct but then why do we need web 3 and web 5 when we have web 2.  web5 is here with web2+web3
     
    Now think about this what is happening in the web 2 world now basically it provides you multiple services right so we have so many websites so many applications and they provide you some awesome services the only problem is for every different service you have to provide your information you share your personal information you share your post you share your photos you share your location and all this data is there with that particular website i mean that that is okay right not exactly you're not sure how they are using that data maybe they're using your data for marketing purpose they're using your data to sell to someone or they are using your data to influence you so that's one thing and again you might be thinking when you upload a photo on a website. web2


    When you upload a post somewhere basically you own that data not exactly this company owns your data not just your post and photos your personal data as well so that's one issue the second issue is let's say if you are using a particular service maybe apple music so what you do is if you want to use that service you share information you share your email id phone number and all the details and then you are enjoying that particular service but what if you want to move to some other service again!! web3

    You have to go to that particular website on an app you have to share your information then only you can access that particular service so basically if you want to switch you again have to share the information and this company they actually lock your data with them you can't even delete it and of course with the help of GDPR it may be possible but not in all the countries right so this company actually hold your information so can we do it this way can we just reverse it can we say hey let me hold my information. web2 tech

    I have a box here in this box i will have my information and if you want to give that particular service you have to request for the service you have to request for the data i will give you data and then i'll be there of course when you don't have to share everything you just have to share that you have an identity and maybe a particular key and they can verify this is you what you're claiming to be right so that's the box.

    I want that's the wallet that's the right word in the terms of web three we call it as a wallet which has your identity so that's why we were going for web3 right and that's where jack dorsey the founder of twitter says hey we have a better solution let's go for web 5 which is actually a combination of web 2 all the services and web 3 technology and that's your web 5 and this is actually built on bitcoin blockchain so basically web5 provides you with decentralized identity and the storage for your application to learn more let's go to that particular website so this is basically the company by jack dorsey a blockchain project company and it was formerly called as square and now we have a different name they're coming up with web five it's an extra decentralized web platform and you can see this is actually a combination of web 2 and web3. world wide web



    If you want to learn more about it there's a amazing pdf available you can just explore that pdf in fact i will show you some introduction part as well now what they are providing you is first they are providing you with the wallets they are providing you with a decentralized web application uh in the web3 world we call them as dapps and they are also giving you decentralized web nodes the blockchain nodes actually if you explore this pdf which is an amazing pdf to go through so this is the same thing i've explained right so basically to access any a web you have to share information with each service but how about this can we just have one particular identity and we can share with multiple service and you don't even have to share information basically you will own your data and that's what i actually was talking about from a long time on this channel right basically we need privacy where you need to have a power where you need to have the hold on your own data.

     

    web5 is here web2+web3
    image credit prototypr


     


    So, we have talked about this this is actually web 2 and web3 which is creating web 5 and this is interesting so decentralized web application enables developers to write dapps or decentralized web application using the identifiers basically you'll be having your own identities and this identity is actually verifiable on the on the chain or on the network and important thing is they don't have a token here and don't think about the pricing of token or you know the inflation of tokens so that's a different thing.


    We don't have any tokens here and it is decentralized web notes and they are combining everything to give you web five in fact this is just an introduction video of web5 i have not gone through the entire documentation how it will work how what kind of application you can build but this looks a promising start but again my bet is on web3 web5 is just an implementation just an idea so it's not a replacement for web3 in fact on twitter i saw this amazing tweet this is web one is scientists where in the driver's seat web 2 is techno entrepreneurs why the driver said web 3 is vcs because the entire web 3 is funded by vcs again it's a promising start but what about web five and jack dorsey said it is for the people uh people will be driving it and that looks promising so in future for sure we are moving from web 2 to web 3 it doesn't matter or i mean web 2 to web 3 or f5 so it doesn't matter whatever people are claiming about it's a scam or something you know maybe lack of knowledge but blockchain is there blockchain will be coming and then it will disrupt the entire ecosystem most of the companies are using private blockchains because they don't want to share the data with the world they want to use it for their own use cases maybe for supply chain maybe for hospital management or all those use cases and then for the consumer side.

     

     

    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


     

  • Dig Dug DNS Server Enumeration

     

    Dig Dug DNS Server Enumeration

     



    Dig Dug DNS Server Enumeration


    Turns out this machine is a DNS server - it's time to get your shovels out


    Oooh, turns out, this 10.10.5.208 machine is also a DNS server! If we could dig into it, I am sure we could find some interesting records! But... it seems weird, this only responds to a special type of request for a givemetheflag.com domain?
     

    Use some common DNS enumeration tools installed on the AttackBox to get the DNS server on 10.10.5.208 to respond with the flag.

    Click on the link below -




    DNS in detail

    Dig in Networking 

    WHOIS in Networking 

    CEHv10 DNS

     
    Passive Reconnaissance
    DNS Manipulation

     

    First, it is worth checking what ports are open on the machine. but we will jump into directly dns enumeration. If you wanna dns enumeration with dnspython then you can do it but first we will dns tool in linux after that we will make a DNS tool with the help of python programming language.



    Dig


    Dig is a versatile DNS lookup utility that can query domain name server records. Using Dig, we can get the flag by specifying the name server (target host’s address), the domain name, and A at the end to establish we are looking for the A record.


    When you visit a website in your web browser this all happens automatically, but we can also do it manually with a tool called dig . Like ping and traceroute, dig should be installed automatically on Linux systems.


    Dig allows us to manually query recursive DNS servers of our choice for information about domains:
    dig <domain> @<dns-server-ip>

    It is a very useful tool for network troubleshooting.


     


     

     

    dig @10.10.5.208 givemetheflag.com A 

     

     


     

     

    nslookup


    nslookup is another tool excellent for query domain name servers. Using the target host IP as the DNS server, we can query the A record to get the flag.


     


     

     

     

      
      ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
    └─$ nslookup -type=A givemetheflag.com 10.10.5.208                                                                                                                  1 ⨯
    Server:         10.10.5.208
    Address:        10.10.5.208#53
    
    givemetheflag.com       text = "flag{0767ccd06e79853318f25aeb08ff83e2}"
    
                                                                                                                                                                            
    ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
    └─$ 
      

     

     

    DNS in python 


    dnspython is a DNS toolkit for Python. It supports almost all record types. It can be used for queries, zone transfers, and dynamic updates. It supports TSIG authenticated messages and EDNS0.

    dnspython provides both high and low level access to DNS. The high level classes perform queries for data of a given name, type, and class, and return an answer set. The low level classes allow direct manipulation of DNS zones, messages, names, and records.

     

     

     

    ┌──(test)─(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
    └─$ cat dns-find.py                                                                                                                                                 1 ⨯
    #!/usr/bin/python
    #import dnspython as dns
    import dns
    #import dns.resolver
    from dns import resolver
    
    #result = dns.resovler.query('hackingtruth.org', 'A')
    
    result = dns.resolver.resolve('google.com', 'A')
    for ipval in result:
        print('IP', ipval.to_text())
                                                                                                                                                                            
    ┌──(test)─(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
    └─$ 
    
    

     

     


     

     

     


    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.



  • Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough

     

    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough

     

     

    We'll be looking at a tryhackme room called MrPhisher so it says that i received a suspicious email with a very weird looking attachment it keeps on asking me to enable Macros what are those so this straight away gives us a hint that we are going to deal with Macros So, Macros is a type of scripting language that you know you can embed in a excel or a word file so that it can even try to automate things to an extent so nothing challenging it just says that files you need are located in the home ubuntu MrPhisher on virtual machine and i have the vm(virtual machine) open up right here.
     

     

    When we start the machine, we found two files in home directory. “MrPhisher.docm” is a document with the ability to run macros and the zip file has the same file but compressed.

     

     

     

    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough
     

     

    If we try to get open the file, we see the document indeed contain macros.

     

    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough

     


    The document shows this one image.


    Now, to view and edit macros using Libre Office, go to Tools menu, choose Macros > Edit Macros. This opens a list of macros available in the currently open document.


    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough



    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough



    This macro contains a visual basic script...

     

    If you want copy this file in your loca;l machine then you can try this with netcat, To make easy the analysis and be able to download needed tools, I transferred the file to my local machine with netcat.

     

    Local machine:


    nc -nlvp <PORT> > MrPhisher.docm


    Remote machine:


    Setting listener and getting file.

    nc <IP> <PORT> < MyPhisher.docm



    As a note, is important to verify the integrity of the transferred file, in previous images you can see I checked MD5 hash, and it’s the same.

    via md5sum

    md5sum MrPhisher.docm
     


    But we will use into vm direct.. this code is here...

     

     

     

    Rem Attribute VBA_ModuleType=VBAModule
    Option VBASupport 1
    
    Sub Format()
    
    Dim a()
    
    Dim b As String
    
    a = Array(102, 109, 99, 100, 127, 100, 53, 62, 105, 57, 61, 106, 62, 62, 55, 110, 113, 114, 118, 39, 36, 118, 47, 35, 32, 125, 34, 46, 46, 124, 43, 124, 25, 71, 26, 71, 21, 88)
    
    For i = 0 To UBound(a)
    
    b = b & Chr(a(i) Xor i)
    
    Next
    
    End Sub
    

     

     

     

    Three things are done here:

    •     XOR operation is done with a value and it's index in the array.
    •     The result of this operation is converted to a character.
    •     This character is appended to a string. The resulting string is a flag for this challenge.



    I wrote a Python script to solve this challenge. The code can be found down below.

     

     

    #! /usr/bin/env python3
    
    # Values array
    a = [102, 109, 99, 100, 127, 100, 53, 62, 105, 57, 61, 106, 62, 62, 55, 110, 113, 114, 118, 39, 36, 118, 47, 35, 32, 125, 34, 46, 46, 124, 43, 124, 25, 71, 26, 71, 21, 88]
    
    # Array to store letters
    flag = []
    
    # Do XOR operation with a value and it's index
    for i in range(len(a)):
        flag.append(chr(a[i] ^ int(i)))
    
    # Join letters to a word
    print("".join(flag))
    

     

     

    Lets Run

     

     

    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough

     

     

     
    ubuntu@thm-mr-phisher:~/mrphisher$ nano hackingtruth-oledump.py
    ubuntu@thm-mr-phisher:~/mrphisher$ nano hackingtruth-oledump.py
    ubuntu@thm-mr-phisher:~/mrphisher$ nano hackingtruth-oledump.py
    ubuntu@thm-mr-phisher:~/mrphisher$ python3 hackingtruth-oledump.py
    flag{a39a07a239aacd40c948d852a5c9f8d1}
    ubuntu@thm-mr-phisher:~/mrphisher$ #hackingtruth.org
    ubuntu@thm-mr-phisher:~/mrphisher$ #hackingtruth.in
    ubuntu@thm-mr-phisher:~/mrphisher$ 
    
    
    

     

     

    Done.

     

     


    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


  • WHAT WE DO

    We've been developing corporate tailored services for clients for 30 years.

    CONTACT US

    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.