Joshua Prince

Resetting a Nessus Home Edition Password in Kali Linux

Open a terminal, and type the command “cd /opt/nessus/sbin” to navigate to the sbin directory.Open a terminal, and type the command “cd /opt/nessus/sbin” to navigate to the sbin directory.

ext type command “./nessuscli lsuser ” to see all the nessus users present. Here, we have only one.  Ok, let’s reset the password for user root. Type command ” ./nessuscli chpasswd (username) “. The system will prompt you to enter the new password. Enter the password two times as shown below. You have successfully changed the nessus password. Now logon with the new password.

Retriving Wifi Password from Command Prompt

OSWAP Directory Buster

A good hacker will not directly attack a website without proper information gathering. It is a good practice of understanding the structure of a website by busting the directories and files.

This may give you an opportunity to find some hidden and confidential dictories and files that are considered to be inaccessible by the public. This may lead you to gain important information like password, encryption keys, certificate files etc.

Before getting into it, I ll show you some additional details

•  Code 100 -> Continue : codes in this range denotes that the user / client request has not been completed for some reasons but the client can continue.
•  
• Code 200 -> Successful : Codes in this range denotes that the request was successful.

• Code 300 -> Multiple Choice : Codes in this range denotes bad request . The most common codes are 404 [not found ] and 403 [forbidden].

Busting Time 

Goto Applications -> kali LInux -> Web Application -> Web Crawlers -> dirbuster

 Now, open DirBuster and enter the target website. Don't forget to mention http | https and port number 80 | 443 . eg: http://www.examplewebsite.com:80

Wordist:

Next, all you have to do is to choose the wordlist which contains the directories and files names. Here I've chose /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt

Finally, when we click the "start" DirBuster will generate GET requests and send them to the target website with a request for watch of the files and directories listed in our wordlist.

Once everything finished all the directories and files will be busted to you.

Top 10 Activities in Internet that makes you sit in Jail.

1.OPEN WIFI

Are you having a open wifi access at your home? Be ready to answer cops about the purpose.
* It is considered to be an offence to have an open wifi access point because there are chances to sniff the packets of the users who are using your account.
* Also, anyone can use your network with criminal intentions,that you may be answerable.

Better use WPA/2 with strong passwords to avoid getting caught.

2. Deleting your Search History

Although it is usual for us to delete the search history in our browser but there is a problem of doing it. If you happen to get caught for some hacking allegations cops will check your browser history, if it is not there..Then you have to sit behind bars. Even Indian Government  insisting people to have their search history for the past three months..

3. Posting Offensive and abusive contents in social Media.

This is simply a wrong doing of posting offensive and abusive contents in social media, may be they wont consider this if you do this against some common people, but if you do against a actor or actress then you have to face many consequences. So dont post gossips online.

4. Online Gambling

This is quite banned in some of the countries but not in many countries because of the implementation in the deep web. So better check for the policies before playing gambling online.

5. Dancing videos in Online

You'll be arrested if the cops find you dancing in a video.. though it is not illegal but it is banned in some mid east countries.

6. Commenting on Facebook and twitter.

Check before posting your comments in your facebook or twitter.. abusive comments are considered to be an offence. Also confirm that no one is using your Facebook or twitter instead of you.. you have to face the consequences.

7. Sharing Files in Internet

Do not share files that consist of malicious contents. If the owner of the website found that you are sharing a malicious file through his website..You have to sit behind bars..you may ask how can they find it, the answer is often website owners has malicious file checking system in their server.

8. Using Sniffers in Public Network.

It often happens for hackers to use public networks for sniffing passwords and raw data. It is an offence if you get caught for using sniffers in public network.

9. Accessing others account.

This is also consider as a part of cracking which is exactly illegal. Don't open others account even if you have their passwords and details.

10.  Plagiarism

If want to add someones content in your website, you have to ask them their permission. Most of the content posting websites will have a content tracking system that was monitored by 3rd party website. If you post you'll get caught for plagiarism.

There are many activities which can put you behind bars but this is the top most.

War Driving

Wireless networking is the most popular and fast growing technology, from home networking to the enterprise networking, wireless network now become a way of life and way of networking. As more wireless network are deployed, the need to secure them increase. But this is totally illegal and its only for educational purposes.
 

Here we are going to discuss about mapping a wireless network and exploit it.

War Driving also known as access point mapping, is a act for searching, locating and possibly exploit the Wireless LAN while driving on a vehicle.

Requirement

The requirement for effective wardriving is based on both hardware and software.

 Hardware:  

• Portable Computer (Laptop and Netbook etc.) or PDA (Personal digital assistance) 

• A Wireless NIC card

• An Antenna 

• A handheld GPS unit (Optional)

• GPS data Cable (Optional) 

• A pigtail to connect NIC to external antenna software: 

• A software program for wardriving is freely available on Internet.

• NetStumbler or inSSIDer for Windows

• Kismet for Linux, FreeBSD, NetBSD, OpenBSD, DragonFly BSD 

This is not enough there is need to discuss on how to choose wireless NIC and antenna for wardriving. The IEEE 802.11 is a family of standards, each one defining and specifying parts of the standard.

• 802.11b, using the 2.4 GHz radio spectrum and 11 Mbps max data rate.

• 802.11a, using the 5 GHz radio spectrum and 54 Mbps max data rate. 

• 802.11g, using the 2.4 GHz radio spectrum and 54 Mbps max data rate.

802.11b cards are the most easiest to install and it supported by most wardriving tools (software's). 

Even we can use some android tools to do this job, Eg. WIFI Collector which can grab the following details:

• Time
• Latitude
• Longitude
• Vendor's Name
• Wifi Name
• Wifi Security : wep / wpa / wpa2 / open
• WPS True | False
• Signal Strength 

From this information a cracker can use the open networks and do any illegal things. 

Web Application Security Testing

Web Application Security Testing

security is vitally important in software applications. More and more people are using the Internet and computers to perform everyday tasks. Software is everywhere, in your cell phone, car, airplanes, televisions, and don't forget - your home computers. More and more of these appliances are being connected to the Internet. Everyday services, including banking, stock trading and taxes are all moving to an online approach. Today's software is being produced faster than ever. The majority of people using these software applications are unaware about security. With shrinking budgets, tight schedules, and without the knowledge of security testing, software vulnerabilities are everywhere. Software applications are being used by people all over the world. Hence application security testing and especially web application security testing is a must for software products to succeed in today's world.
Security testing, which aims to eliminate the aspects of systems that do not relate to application functionality but to the confidentiality, integrity, and availability of applications, is commonly referred as "nonfunctional requirements (NFR) testing." NFR testing, which is used to determine the quality, se­curity, and resiliency aspects of software, is based on the belief that nonfunctional requirements represent not what software is meant to do, but how the software might do it.
Security testing, when done properly, goes deeper and even beyond the functional testing/black-box probing on the presentation layer. By identifying risks in the system and creating tests driven by those risks, a software security tester can properly focus on areas of code in which an attack is likely to succeed. Software security is about making software behave in the presence of a malicious attack, even though in the real world, software failures usually happen spontaneously — that is, without intentional mischief.
The OWASP (Open Web Application Security Project) Top Ten is a list of the 10 most dangerous current Web application security flaws, which are listed below.

• Injection

• Cross-Site Scripting

• Broken Authentication and Session Management

• Insecure Direct Object References

• Cross-Site Request Forgery (CSRF)

• Security Misconfiguration

• Failure to Restrict URL Access

• Invalidated Redirects and Forwards

• Insecure Cryptographic Storage

• Insufficient Transport Layer Protection

Security testing takes a different mindset than functional QA testing. A security tester must think of how to break and abuse the application in the same way a black hat hacker or malicious user would. Trying to do something that will cause problems to the underlying code, thinking out of the box, will help the tester considerably in becoming more security oriented.
One of the most prevalent security-related issues to deal with is Input Validation. A functional quality assurance engineer can typically devise a variety of methods to verify the functionality of a feature or component. But a security tester needs to go deeper — he has to think like a malicious user, consider the cases that shouldn't be allowed, input things typical users would not attempt, and try to twist and break that application in any way possible. There are also many open source and licensed automation tools (Acuntix, Zed Attack proxy, Websecurify, etc.) available on the market which perform the dynamic analysis and penetration testing of web application to discover vulnerabilities such as:

• Client Certificate

• Proxy-Chaining

• Local and Remote File Include

• Cross-Site Scripting

• SQL injection

• Information Disclosure Problems

• Session Security Problems, etc.

If the program is vulnerable to overflows, a lack of input checks, or lacks proper encryption, it will quickly become known for its instability, and product sales will drop dramatically. Customers will purchase alternate products that perform the same task and that have been carefully checked by multiple tests. Thus, as more and more vital data is stored in web applications, and the number of transactions on the web increases, proper and robust security testing of web applications is becoming very important. Web application security testing is the process of determining if confidential data stays confidential, i.e. it is not exposed to individuals/entities for which it is not intended - this is enabled through specialized testing techniques like web application penetration testing - and users can perform only those tasks they are authorized to perform, e.g. a user should not be able to deny the functionality of the web site to other users nor be able to change the functionality of the web application in an unintended way. Hence, web application security and stability cannot be limited to the testing phase only, but must be a consistent and persistent endeavor right from the design phase itself.