-->

ABOUT US

Our development agency is committed to providing you the best service.

OUR TEAM

The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.

OUR SKILLS

We pride ourselves with strong, flexible and top notch skills.

Marketing

Development 90%
Design 80%
Marketing 70%

Websites

Development 90%
Design 80%
Marketing 70%

PR

Development 90%
Design 80%
Marketing 70%

ACHIEVEMENTS

We help our clients integrate, analyze, and use their data to improve their business.

150

GREAT PROJECTS

300

HAPPY CLIENTS

650

COFFEES DRUNK

1568

FACEBOOK LIKES

STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label cyber security. Show all posts
Showing posts with label cyber security. Show all posts
  • Crack password with Hashcat

     


     

     

    Hashcat is a password cracker used to crack password hashes. A hash is a one-way function that takes a word or string of words and turns them into a fixed length of random characters. This is a much more secure method of storing passwords rather than storing them in plain text. It is not reversible.


    Hashcat attempts to crack these passwords by guessing a password, hashing it, and then comparing the resulting hash to the one it’s trying to crack.


    Hash Analyzer Tunnelsup.com Hash Analyser allows you to stick a hash into there site and will give you there best guess at what the hash is. This was all i used for the Crack the hash challenge and was pretty much spot on until some of the later tasks.


    Hash-Identifier can be found pre-installed in Kali Linux and will tell you the possible hashing algorithm for the hash you enter. The Nice thing about this other then it already being installed in kali is that it gives you a few alternatives which can help finding finding the right mode in hashcat.


    HashID This is a python based hash identifying tool which needs to be downloaded from there GitHub Repo. The cool thing about this tool is not only does it identify the hashes but also can give you the corresponding hashcat mode as part of the output.


     


     



    hashcat -h | grep sha256
    hashcat -h | grep md5
    hashcat -h | grep salt
    hashcat -h | grep sha
    hashcat --help

     


    In this lab, we will create a set of hashes and then use a dictionary to crack these hashes. The first step is to create the hashes. Open a terminal and use the following command to create a new txt document filled with some hashes: 

     


    echo "dc647eb65e6711e155375218212b3964
    eb61eead90e3b899c6bcbe27ac581660
    958152288f2d2303ae045cffc43a02cd
    2c9341ca4cf3d87b9e4eb905d6a3ec45
    75b71aa6842e450f12aca00fdf54c51d
    031cbcccd3ba6bd4d1556330995b8d08
    b5af0b804ff7238bce48adef1e0c213f" > target-hashes.txt
    


     


     

    These hashes comprise 7 different password which we will attempt to crack.

     

    The next step is to choose the wordlist we will use for cracking the hashes. We will be using the “rockyou.txt” file. Type the following to locate the file:

    locate rockyou.txt

     

    Navigate back to the home directory by typing cd. We are now ready to begin the attack.

    We will use the following command to crack the password hashes:



    hashcat -m 0 -a 0 -o cracked.txt target-hashes.txt /home/hackerboy/Dcouments/rockyou.txt


    Let’s break down each of these options.


    # The -m 0 option tells hashcat that we are attempting to crack MD5 hash types
    # The -a 0 option tells hashcat we are using a dictionary attack
    # The -o cracked.txt option is creating the output file for the cracked passwords
    # The target_hashes.txt is the file containing the hashes
    # The /home/hackerboy/Dcouments/rockyou.txt is the wordlist we will use for this dictionary attack

     

     




     

    If you want to more cracking hashes, follow below the article on TryHackMe Cracking Hashes.

     

    Click Here 

     

     

     

    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.



     

     

  • How to use Burp Suite to intercept client-side requests

     

    How to use Burp Suite to intercept client-side requests

     

     

    Intercept client-side requests 


    Burp Suite, a framework of web application pentesting tools, is widely regarded as the de facto tool to use when performing web app testing. Throughout this room, we'll take a look at the basics of installing and using this tool as well as it's various major components. Reference links to the associated documentation per section have been provided at the bottom of most tasks throughout this room. full tutorial of burp suite

     

    we will learn how to use Burp to intercept browser network traffic.

    Once the web browser opens, navigate to the following site:

    http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F

     

    Once there, go back to Burp and turn ON intercept mode. Then, enter any username and password combination into the site and click “Login”. As you will see, the page will remain in a loading state. This is because Burp has now intercepted the request we sent to the server, and is holding it for us to manipulate.


     

    How to use Burp Suite to intercept client-side requests

     

    Now, we will start FoxyProxy in our browser.



    How to use Burp Suite to intercept client-side requests


    Go back to Burp and you will find the intercepted request, along with the username and password data that we entered. To navigate through the different requests Burp is intercepting, simply press the “Forward” button to send the request to the server and view the next request.

     

    How to use Burp Suite to intercept client-side requests


    How to use Burp Suite to intercept client-side requests


     You can also alter any text portion of web traffic when Burb interception mode is ON. Try to change “tfUName=admin” and “tfUPass=none” and press the “Forward” button. Those are valid credentials for the green-colored page, and you will be granted access to the next page.

     

     

    How to use Burp Suite to intercept client-side requests


    How to use Burp Suite to intercept client-side requests

     

     

    Full Tutorial of Burp Suite

     




    Brought to you by Hacking Truth


     

      to you by Hacking Truth

     

     

    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


     

     

  • ARP Poisoning Attack to defend

     

    ARP Poisoning Attack to defend

     

     

    ARP Poisoning is a protocol that associates a given IP Address with the Link Layer address of the relevant physical machine. Since IPv4 is still the most commonly used internet protocol. ARP generally bridges the gap between 32 bit IPv4 address and 48 bit mac addresses. It works in both direction. ARP Poisoning Attack to defend

     

    ARP is a stateless protocol that is used within a broadcast domain to ensure the communication by resolving the IP address to MAC address maping. The relationship between a given MAC address and its IP address in kept in  a table known as the ARP cache. ARP protocol ensure the binding of IP address and mac address. By borad casting the ARP request with IP addresses, the switch can learn the associated MAC Address information form the reply of the specific host.

     

    In the event that there is a no map or the map is unknown, the source will send a  broadcast to all nodes just the node with a coordinating MAC address for that IP will answer to the demand with the packet that involves the MAC address mapping. The switch will learn the MAC address and its connected port information into its fixed length CAM table.

     

     


     

    As shown in the figure, the source generates the ARP query by broadcasting the ARP packet, A node  having the MAC address, the query is destined for will reply only to the packet. The frames  is floaded out all ports (other than the port on which the frame was received). If CAM table entries are full this also happen when the destination MAC Address in the frame is the broadcast address. MAC flooding technique is used to turn a switch into a hub in which switch starts broadcasting each and every packet. In the scenario,  each user can catch the packet even those packets which is not intende.



    ARP Code Poisoning





    Brought to you by Hacking Truth


    Defend ARP Poisoning Attack


     



    Brought to you by Hacking Truth

     

     

    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


     

  • All about LDAP enumeration

     


     

    LDAP Enumeration



    LDAP stands for light weight directory access protocol and it is an internet protocol for accessing disturbed directory services like active directory or openLDAP etc. A directory service is a hirerchical and logical structure for storing records of users. LDAP is based on client and server transmitted b/w client and server using basic encoding rules (BER).


    LDAP Enumeration - LDAP  supports anonymous remote query on the server. The query will disclose sensitive information such as username, address, contact details, department details etc.



    LDAP Enumeration Tools



    The following table shows the list of tools to perform LDAP enumeration.


    1) Softerra LDAP

    http://www.idapadministrator.com/


    2) Jxplorer

    http://jsxplorer.org/


    3) Active directory domain services management pack for system center

    https://www.microsoft.com/en-in/download/details.aspx?id=21357


    4) LDAP Admin Tool


    http://www.idapadmin.org/


    5) LDAP adminstrator tool

    https://sourceforge.netprojects/idapadmin/



    LDAP Security Controls



    The following are the security controls to prevent LDAP enumeration attacks.

    # Use SSL to encrypt LDAP communication.

    # Use kerberos to restrict the access to known users.

    # Enable account lockout to restrict brute forcing.




    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.
     

  • All About NetBIOS Enumeration

     


     

    NetBIOS  Enumeration



    NetBIOS stands for network basic input output system. IBM developed it along with sytek. The primary intention of NetBIOS was developed as application programming interfae (API) to enable access to LAN resources by the client's software.


    NetBIOS naming convention start with 16-ASCII character string used to identify the network devices over TCP/IP. 15 characters are used for the device name and the 16 characters is reserved for the service or name record type.




    NetBIOS enumeration explained



    NetBIOS software runs on PORT 139 on windows operating system file and printer service needs to be enabled to enumerate NetBIOS over windows operating system.

    An attacker can perform the below on the remote machine.


    1) Choose to read or write to a remote machine depending on the availability of shares.
    2) Launch a Denial of Service (DOS) attack on the remote machine.
    3) Enumerate password policies on the remote machine.



    NetBIOS Enumeration Tools


    The following tables shows the list of toolls to perform NetBIOS Enumeration.

    Name of the tools and web links.

    1) Nbstat - www.technet.microsoft.com

    2) Superscan - https://www.mcafe.com/in/downloads/free-tools/superscan.aspx

    3) Hyena - http://www.systemtools.com/hyena

    4) winfingerprint - http://packetstormsercurity.com/files/38356/winfingerprint-0.6.2.zip.html





    NetBIOS security controls 



    The following are the security controls to prevent NetBIOS enumeration attacks.

    # Minimize the attack surface by minimizing the unnecessary service like server message block (SMB).


    # Remove file and printer sharing in windows OS.




    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     
  • Can i learn hacking on my own ?

     

    Can i learn hacking on my own ?

     

     

     

    Can i learn hacking on my own ?


    Yes, if you follow these rules :

    Be a problem solver

     

    First, you have to be a problem sovler instead of complaining about it, like you face a computer error will try to setup something than fix it on you own by googling or youtube. This improves your knowledge about how things work and its very important for a hacker.




    Join Community of Hacker


    Yes, you have to join a community of like minded people so you can see what actually happening in the technical world and you can discuss your doubts and also help others with their problems and indirectly it improves your skills and knowledge.




    Save Bookmark of Hacking Blogs


    Find at least 3 website that post tutorials or guides about pen-testing, computer tricks, smartphone tricks, etc. So, you will learn the latest things which newly discovered or developed.



    Find a problem then fix it


    This technical world is full of problems, daily people face many problems and its oportunity for hackers or technical experts by finding their solutions and become famous or increase your value. It helps you give motivation for your journey and you start thinking out of the box.


    Disclaimer

     
     
    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     



  • Python projects you must try

     

     

    Python projects you must try

     



     

    Python projects you must try


    The best way to learn programming language is to build project with it. Here are some python projects you must try.


    Difficulty Level : Easy(I)


    1. Send Automatic Emails using python
    2. Defang IP address
    3. Password authentication using python
    4. Web scrapping to create a dataset
    5. Resume Scanner
    6. Merge sort algorithm
    7. Pick a random card using python
    8. Quartile deviation using python
    9. Count character occurrences
    10. Pyramid pattern using python





    Difficulty Level : Easy(II)

    11. Sequential Search
    12. Swap variables using python
    13. Sorting NumPy Arrays
    14. Validate anagrams
    15. Create tables with python
    16. Recursive binary search
    17. Dijkstra's algorithm using python
    18. Hash tables using python
    19. Queues using python
    20. Validate a binary search tree




    Difficulty Level : Intermediate


    1. Visualize a neural network using python
    2. Bias and variance using python
    3. Get live weather updates using python
    4. Count objects in image using python
    5. Scrape trending news using python
    6. Real-time stock price data visualization using python
    7. OTP verification using python
    8. Choropleth map with python
    9. Egg catcher game
    10. Extract country details




    Difficulty Level : Hard


    1. Convert text to numberical data
    2. AUC and ROC using python
    3. Interactive language translator
    4. Maximum profit finder
    5. Language detection
    6. Histogram and density plots with python
    7. Radar plot with python
    8. Create a chatbot with python
    9. Stopwords removal
    10. Unicode characters removal

     

     

    Disclaimer

     
     
    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     

     




  • Make money legally as a Hacker without degree

     

    Make money legally as a Hacker without degree

     

    Make money legally as a Hacker


    It's okay if you don't have college degree

    Without a college degree you can make money as a hacker and you won't get arrested for it. Even this is possible you are just in your first year and you are already earning a good lumpsum of money. It's just matter of effort
    you execute over things.

    You don't need certificate to earn money, you'll just need skills to earn money!




    Teaching cyber security


    Teaching hacking is one of the most easy may to make money with the help of your skills, even the best hackers of
    world still write books related to hacking.


    Writing articles on cyber security, helping others with tutorial videos and ebooks will helo you out in earning.

    If you are an undergraduate, don't go for making tutorials, you can sell your skill in your campus.




    Bug Bounty Programs


    Companies are on the rise looking to reward ethical hackers who notify them of any bug in their software before it could be exploited by malicious hackers.

    Become a bug bounty hunter, no legislation is against it, you make money when you win it. Any no company will ask for your certificate, all they need are your fingers on those keys.


    Write Software securities


    The government won't blame you making money writing software securities that abort malicious attacks. Instead, you will get some accolades for that.

     

    Disclaimer

     
     
    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     

  • Killer website for hackers

     

    Killer website for hackers

     

     

    Killer website for hackers


    Exploit Database


    Exploit database (ExploitDB) is an archive of exploits for the purpose of public security, and it explains what can be found on the database. The ExploitDB is a very useful resource for identifying possible weakness in your network and for staying up to date on current attacks occuring in other networks.




    Shodan


    Shodan works by requesting connections to every imaginable internet protocol (IP) address on the internet and indexing the information that it gets back from those connection requests. Shodan crawls the web for devices using a global network of computers and servers that are running 24/7.





    Archive org


    Intenet Archive is a non-profit library of millions of free books, Movies, software, music, websites, and more.



    Nmmapper


    Pentest tool from nmap online to subdomain finder, theHarvester, wappalyzer. Discover dns records of domains, detect cms using cmseek & whatweb.





    Builtwith


    Builtwith is a website profiler, lead generation, competitive analysis and business intelligence tool providing technology adoption, ecommerce data and usage analytics for the internet.




    Disclaimer

     
     
    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.



  • Python Libraries that can automate your life

     

     

    Python Libraries that can automate your life

     

    Python Libraries that can automate your life


    1) Openpxl

    Automate excel reporting

    Openpyxl is a python library that can help us automate our excel reporting. With openpyxl, we can read an Excel file, write excel formulas, make charts, and format a worksheet using python.


    Installation

    • pip install openpyxl




    2) SMTPLIB


    Email automation

    smtplib is a built-in python module used for sending emails using the Simple Mail Transfer Protocol (SMTP).


    • You dont need to install smtplib or email because thay come with python.




    3) Camelot


    Automate table extraction from

    PDFs

    These tables can be exported into a Pandas dataframe and other formats such as CSV, JSON, Excel, HTML, Markdown, and SQLite.

    Installation

    • pip install "camelot-py[base]"




    4) Requests: Make Your Life Easier With an API


    Automation sometimes involves working with an API. APIs can help you collect real-world data and also simplify the development process of an application.

    To work with an API you need to send requests to a server and then read the responses. The message sent by a client to a server is known as an HTTP request.

    With the Requests library, we can interact with an API by sending HTTP requests and accessing the response data. This library has useful features such as passing parameters in URLs, sending custom headers, form data, and more.
    Installation

    To install Requests, we only need to run the command below in our terminal.
     

    • python -m pip install requests




    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.



  • Useful Github Repositories


    Useful Github Repositories

     

    Useful Github Repositories


    1) Project Based Learning

    A list of programming tutorials in which aspiring software developers learn how to build an applications from scratch.


    Link - https://github.com/practical-tutorials/project-based-learning



    2) Free Programming Books

    The Free Ebook Foundation now administers the repo, a not-for-profit organization devoted to promoting the creation, distribution, archiving, and sustainability of free ebooks. Donations to the Free Ebook Foundation are tax-deductible in the US.


    This list was originally a clone of StackOverflow - List of Freely Available Programming Books with contributions from Karan Bhangui and George Stocker.

    The list was moved to GitHub by Victor Felder for collaborative updating and maintenance. It has grown to become one of GitHub's most popular repositories, with 226,000+ stars, about 9,600 watchers, more than 7,000 commits, 1,900+ contributors, and 47,700+ forks.


    Link - https://github.com/EbookFoundation/free-programming-books





    3) Developer Roadmap

    Roadmaps are being made interactive and have been moved to website.
    View all Roadmaps

    Here is the list of available roadmaps with more being actively worked upon.

    •     Frontend Roadmap
    •     Backend Roadmap
    •     DevOps Roadmap
    •     React Roadmap
    •     Angular Roadmap
    •     Android Roadmap
    •     Python Roadmap
    •     Go Roadmap
    •     Java Roadmap
    •     DBA Roadmap
    •     Etc...




    Link - https://github.com/kamranahmedse/developer-roadmap




    4) Public APIs

    A collective list of free APIs for use in software and web development


    Link - https://github.com/public-apis/public-apis



    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


  • India gave a befitting reply to foreign hackers in their stronghold, conspiracy being hatched from Malaysia and Indonesia

     

    India gave a befitting reply to foreign hackers in their stronghold, conspiracy being hatched from Malaysia and Indonesia

     

     

    India gave a befitting reply to foreign hackers


    India gave a befitting reply to foreign hackers in their stronghold, conspiracy being hatched from Malaysia and Indonesia


    After the remarks of former BJP spokesperson Nupur Sharma, hackers from some countries have hatched a cyber war against India. Information about attacks on the websites of government departments and some private institutions by hackers from countries like Malaysia and Indonesia has come to the fore. These hackers also made Nupur Sharma's mobile number and home address public on many websites.


    In order to give a befitting reply to the perpetrators of cyber attacks against India, the Ahmedabad Cyber ​​Crime Cell penetrated the hackers' website and their cyber network, found bugs and gave a befitting reply. Amit Vasava, Deputy Commissioner of Police, Ahmedabad Cyber ​​Crime Cell shared important information about this. He told that after such attacks, the cooperation of cyber expert Nisarga Shah was taken to answer the hackers in their own language.


    With the help of cyber expert Nisarg Shah, the Cyber ​​Crime Cell of Ahmedabad Police has found a bug in the network of these hackers and submitted a report to the governments of Indonesia and Malaysia. Have looked for flaws in over 100 Indonesian government websites and 70 Malaysian government websites.




    Hacker Groups of Malaysia and Indonesia


    According to Deputy Commissioner of Police Amit Vasava, with this conspiracy against India, hackers want to create disturbances by cyber attack on India's infrastructure, power grid, digital space. The names of hacker groups 'Dragon Force Malaysia' and 'Hectivist Indonesia' have come to the fore in this conspiracy so far. Their target is the websites of many important departments of the central and state government, police, universities, civic facilities networks and websites of many private industry groups.




    Inputs received from Andhra Pradesh and Maharashtra Police


    Hackers claim that so far they have hacked 200 websites in India. This is also corroborated on the basis of inputs received from Andhra Pradesh Police and Thane Police in Maharashtra. There are reports of hacking. The cyber cell of Ahmedabad Police has challenged by reaching the network of hackers. The cyber cell says that we cannot sit on our hands.




    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


     

  • Wireshark Packet Navigation

     


     

     

    Wireshark Packet Navigation


    Packet Numbers


    Wireshark calculates the number of investigated packets and assigns a unique number for each packet. This helps the analysis process for big captures and makes it easy to go back to a specific point of an event.  Wireshark Packet Navigation


     

    Wireshark Packet Navigation

     

     

    Go to Packet


    Packet numbers do not only help to count the total number of packets or make it easier to find/investigate specific packets. This feature not only navigates between packets up and down; it also provides in-frame packet tracking and finds the next packet in the particular part of the conversation. You can use the "Go" menu and toolbar to view specific packets.


    Wireshark - go to packet

     

    Wireshark Packet Navigation

     


    Find Packets


    Apart from packet number, Wireshark can find packets by packet content. You can use the "Edit --> Find Packet" menu to make a search inside the packets for a particular event of interest. This helps analysts and administrators to find specific intrusion patterns or failure traces.

    There are two crucial points in finding packets. The first is knowing the input type. This functionality accepts four types of inputs (Display filter, Hex, String and Regex). String and regex searches are the most commonly used search types. Searches are case insensitive, but you can set the case sensitivity in your search by clicking the radio button.

    The second point is choosing the search field. You can conduct searches in the three panes (packet list, packet details, and packet bytes), and it is important to know the available information in each pane to find the event of interest. For example, if you try to find the information available in the packet details pane and conduct the search in the packet list pane, Wireshark won't find it even if it exists.

     

     

    Wireshark Packet Navigation



    Mark Packets


    Marking packets is another helpful functionality for analysts. You can find/point to a specific packet for further investigation by marking it. It helps analysts point to an event of interest or export particular packets from the capture. You can use the "Edit" or the "right-click" menu to mark/unmark packets.

    Marked packets will be shown in black regardless of the original colour representing the connection type. Note that marked packet information is renewed every file session, so marked packets will be lost after closing the capture file.

     


    Wireshark Packet Navigation


    Packet Comments


    Similar to packet marking, commenting is another helpful feature for analysts. You can add comments for particular packets that will help the further investigation or remind and point out important/suspicious points for other layer analysts. Unlike packet marking, the comments can stay within the capture file until the operator removes them.

     

     

    Wireshark Packet Navigation

     

     

    Export Packets


    Capture files can contain thousands of packets in a single file. As mentioned earlier, Wireshark is not an IDS, so sometimes, it is necessary to separate specific packages from the file and dig deeper to resolve an incident. This functionality helps analysts share the only suspicious packages (decided scope). Thus redundant information is not included in the analysis process. You can use the "File" menu to export packets.

     

     

    Wireshark Packet Navigation

     

     

     

    Export Objects (Files)


    Wireshark can extract files transferred through the wire. For a security analyst, it is vital to discover shared files and save them for further investigation. Exporting objects are available only for selected protocol's streams (DICOM, HTTP, IMF, SMB and TFTP).

     


    Wireshark Packet Navigation


    Time Display Format


    Wireshark lists the packets as they are captured, so investigating the default flow is not always the best option. By default, Wireshark shows the time in "Seconds Since Beginning of Capture", the common usage is using the UTC Time Display Format for a better view. You can use the "View --> Time Display Format" menu to change the time display format.

     

     

    Wireshark Packet Navigation


    Wireshark Packet Navigation

     

     

    Expert Info


    Wireshark also detects specific states of protocols to help analysts easily spot possible anomalies and problems. Note that these are only suggestions, and there is always a chance of having false positives/negatives. Expert info can provide a group of categories in three different severities. Details are shown in the table below.

     

     

    Wireshark Packet Navigation

     

    Frequently encountered information groups are listed in the table below. You can refer to Wireshark's official documentation for more information on the expert information entries.

     


    Wireshark Packet Navigation


     

    You can use the "lower left bottom section" in the status bar or "Analyse --> Expert Information" menu to view all available information entries via a dialogue box. It will show the packet number, summary, group protocol and total occurrence.

     

     

    Wireshark Packet Navigation

     

     

     


    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


     

  • HACK Your Offensive Security Side


    HACK Your Offensive Security Side

     

    HACK Your Offensive Security Side


    In short, offensive security is the process of breaking into computer systems, exploiting software bugs, and finding loopholes in applications to gain unauthorized access to them.


    To beat a hacker, you need to behave like a hacker, finding vulnerabilities and recommending patches before a cybercriminal does.

    On the flip side, there is also defensive security, which is the process of protecting an organization's network and computer systems by analyzing and securing any potential digital threats; learn more in the digital forensics room.

    In a defensive cyber role, you could be investigating infected computers or devices to understand how it was hacked, tracking down cybercriminals, or monitoring infrastructure for malicious activity.


    Practical


    First of for your kind information all kinds of things which is used here all exercises are fake simulations so don't panic and don't go dark side okay!!.


    Find hidden website pages



    Most companies will have an admin portal page, giving their staff access to basic admin controls for day-to-day operations. For a bank, an employee might need to transfer money to and from client accounts. Often these pages are not made private, allowing attackers to find hidden pages that show, or give access to, admin controls or sensitive data.


    HACK Your Offensive Security Side



    Type the following command into the terminal to find potentially hidden pages on FakeBank's website using GoBuster (a command-line security application).


    gobuster -u http://420fakebank.co.uk -w wordlist.txt dir




    HACK Your Offensive Security Side





    In the command above, -u is used to state the website we're scanning, -w takes a list of words to iterate through to find hidden pages.

    You will see that GoBuster scans the website with each word in the list, finding pages that exist on the site. GoBuster will have told you the pages it found in the list of page /directory names (indicated by Status: 200).




    Hack the bank


    You should have found a secret bank transfer page that allows you to transfer money between accounts at the bank (/bank-transfer). Type the hidden page into the FakeBank website on the machine.

     

     

    HACK Your Offensive Security Side
     



    This page allows an attacker to steal money from any bank account, which is a critical risk for the bank. As an ethical hacker, you would (with permission) find vulnerabilities in their application and report them to the bank to fix before a hacker exploits them.

     

     

    HACK Your Offensive Security Side

     

     


    Transfer $2000 from the bank account 2276, to your account (account number 8881).




    HACK Your Offensive Security Side



    How can I start learning?


    People often wonder how others become hackers (security consultants) or defenders (security analysts fighting cybercrime), and the answer is simple. Break it down, learn an area of cyber security you're interested in, and regularly practice using hands-on exercises. Build a habit of learning a little bit each day on differnt types of website, and you'll acquire the knowledge to get your first job in the industry.



    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


     

  • WHAT WE DO

    We've been developing corporate tailored services for clients for 30 years.

    CONTACT US

    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.