Gaurav Mahajan

I am Gaurav Mahajan a blogger, songwriter, code learner, tech enthusiast, food inhaler and overall a nice lazy guy that just loves tech of all forms

How to use dnsenum for dns enumeration – Kali

How to use dnsenum for dns enumeration - Kali

Why in the DNS enumeration we need dnsenum?

Just like previous tools this is also used for the purpose of gathering information. This is used if we require to access whatever scraps and metal information of the domain sites that we can. What it basically does is enumerates the  DNS enumeration (Information)  about domains. Its a neat way to say that , it provides more organized shit we want to know about the domain. So neat+enumeration+info= YO ASS NEEDS dnsenum. Now, before I carry on let me tell you a little about information……WHAT IS ENUMERATION?? I have no intention of insulting you, I didn’t even catch the meaning of ‘ DNS enumeration’ the first time it fell on my ears.

Enumeration means uniquely identifying a sub-data within a larger Data.

usage:-

dnsenum [options] [domain name]kali linux

Further down

,kali linux 2

Now , let walk you through all the stuff that is happening above,

  • First, the query is going through all the google addresses , in a specific order. Now depending upon the availability of the addresses the order in which the query traverses is different.
  • Second is the wildcard detection. Now wildcards are basically a symbol that are used to represent multiple characters. the registry of the wildcard is stored in the somttneiwwyh. Its like throwing a drop of acid in water , It looks the same , it feels different now the look is the wild card here that can define both the acid and the water as a single substance , but seeking the registry it can detect the difference.Depending upon the number of subdomains the Wildcard registry is different.
  • The third query is the name-servers , what NS are present in google. depending upon how well google is secured, we may find nothing at all. Now, number of name serversnis equal to the number of subdomains.

THAT IS ALL ABOUT DNSENUM FOLKS!! FOR MORE INFO. GIVE THE OPTION IN THE SYNTAX AS -h TO FIND THE APPROPRIATE HELP THAT YOU NEED.

Life and lies go hand in hand, one cannnot live without another, I mean come on, telling truth ain’t fun at all’

MODULE 4:- Information Gathering

  1. How to use dnsenum for dns enumeration – Kali
  1. How to use dig command in Kali Linux
  1. whois Kali Linux commands with example
  1. Enumerating DNS Records through dnsenum tool in Kali Linux
  1. Email Harvesting by theharvester tool in Kali Linux
  1. Google Hacking | Open Web Information Gathering
  1. dnsmap | DNS Domain name system brute force attacks
  1. Zone Transfer using dnswalk tool
  1. Website information Gathering through Nikto tool
  1. Search Senstive Data through Metagoofil Kali Linux 2.0
  1. 8 Steps to run Maltego Kali Linux – beginner guide

4 Steps of Penetration Testing

Module 1 :- Overview Of Penetration Testing

  1. What is Penetration Testing?
  2. Why Penetration Testing?
  3. Steps of Penetration Testing?

All Right all right. now we all know “what is Penetration Testing?”, “Why it is needed?”. Now its time for ‘How it is done?’   

There are four basic steps of Penetration Testing…….Well the fifth one is filing the report but you don’t need to know THAt!! SO, 5 steps of awesomeness. These steps area  as follows:

  1. Information Gathering:

    The more you know about the target, the more easily its going to be for you to influence him. The easier to influence will in turn make you avail to more information, and more influence and more information and on and on and on until you know everything about that target……..OH LOOK!! YOU HAVE A LIFE PARTNER NOW!!Gathering Information

  2. Scanning:

    Information is gathered at  first, now you gotta find out the information available for that moment. That is accomplished by scanning. it is used to know whether the host is up, which port is open and then finding vulnerability a structural weakness if you will. No system is invincible, there is a kryptonite for every superman. THAT’s what the purpose of scanning is, finding the superman system’s kruptonite.  Vulnerability_Scanner

  3. Sniffing:

    Its more like a blood hound activity, finding the weakness and sniff out whatever you can from the cracks or in the system’s case passwords, usernames, secrets normally anything not everyone would want you to see. in kali sniffing techniques include wireshark, ettercap etc. Then the companies will ask you to fix this, and yo ass get paid.Sniffing

  4. Exploitation

     Now the stage is a set, you know the info, the weaknesses, the passwords. Its now time to whoop them up for action. Expliotation deals with exploiting whatever the attacker has gathered in the last 3 steps and then explioting the system, or the organization. Its the final test that a Pen-Tester use to look down on companies and say”YOU ARE WEAK!!” and then the companies ask them for tips on how to fix it.  hacker

Nothing in the world is impenetrable, Invincibility is an illusion used on the people so they can look the other way and get their ass handed to them”

 

Top 10 android apps for visually impaired

android apps for visually impaired

daredevil

Android apps for visually impaired

We all saw Matt Murdock using an Android phone. it has android apps for visually impaired pre installed. The world is on the rise with this tech, the blind should too. So here today, we are going to discuss the apps that can help the visually stunted.

  • Scanlife Barcode and QR Reader

scanlife

Reading embedded strings from the QR codes are the new cool. this apps helps a visually impaired to just take the picture of the QR Code and the embedded function inside the code does its own magic. This is not exclusively helpful to a visually stunted per se, but it’s damn well helpful,

  • Talkback 

Mobile_Accessibility_talkBack

Initiated as a part of Google’s Accessibility service, talkback is exclusive to help the blind and the visually impaired. Much like the Jaws in the Nokia phones, Talkback audibly informs the user about the option they just selected. To enable this after installing, one just needs to go to Settings–>Accessibility–>Enable talkback .

  • IDEAL Accessibility Installer

Ideal

Designed to be a complete package of Googles’ Accessibility Program , the IDEA Accessibility Installer is also known as the Platform Access Installer. It contains apps packages that are helpful to the people with disabilities. The applications found in this adds Audio, gestural and vibration feedback responses to the android phone to help the visually impaired.

  • Magnify

magnifier

This app is particularly useful for people with relatively inadequate vision(people like me). This app essentially turns your phone into a well made magnifier. this magnifier in turn will help read the miniscule writings of a very good book, or helpful you see the terms and conditions of an insurance policy that they mostly try to brush  under the table.

  • Font installer Root

font-installer-apk1

The large screen of the android phones appear to be relatively miniature when trying to read from it. For that Font Installer is boon. Font installer allows for the root acces s for the phone regarding font change, These font change in turn will improve the readability of the phone.

  • MessagEase Keyboard

messagease-screenshot-1-120404

Used for ultra fast typing, this app is useful for both tech addicts and visually impaired. With large visible letters, no need for autocorrect and straight forwardness this app is a gold in the world of android apps.

  • Classic Text to Speechclassic

Classic text to speak Engine is particularly accessible to the blind as it had 40 male/femal voices in 25 languages to enable reading of text , ebooks and other stuff. It makes the navigation easy for the blind.

  • WalkyTalky

zello-ptt

 

Navigation is the most brutal problem faced by the visually stunted. So WalkyTalky came into existense. Developed by the Eyes Free project WalkyTalky is a navigational tool that speaks out landmarks or vibrate s the obstacles as it comes on the road. This in tuen makes getting around town easy for the visually challenged. Some will still prefer a walking stick though. Because it may be good but noe perfect.

  • Ultra Magnifier

ultra

An advanced version of the Magnify app, Ultra magnifier helps the challenged by turning the smartphone into an ultiamate magnifying glass. Protip: Keep the phone 10 cm’s away from the the reading material to get the most out of the app.

  • NoLED

NoLED

An application that help not only the visually challenged but also with phones that have no dedicated LED, NoLED displays costum dots for notifications regarding respective functions of the phone i.e for  message , ext messages, voice messages, missed calls, Google Talk notifications, charging activities, calendar events, emails, and notifications from third-party apps.

 

So there you go fols the toip 10 android apps for visually impaired. Comment below if you got more of these apps

6 steps to change Kali Linux IP address (Easy)

6 steps to change Kali Linux IP address (Easy)

MODULE 3:- Basics of Kali Linux

  1. Install Kali Linux on Hard drive with Full disk Encryption
  2. How to create Kali Linux bootable USB live in windows 10
  3. 20 basics about how to use Kali Linux
  4. 6 steps to change Kali Linux IP address (Easy)
  5. How to Add Kali Linux repository – With pictures
  6. How to update and upgrade Kali Linux to 2017.1
  7. apt-get package handling utility in Kali Linux
  8. How to use Linux debian package manager “dpkg”
  9. How to use Kali Linux SSH Server and client
  10. Start Restart Apache2 Web Server In Kali Linux

Easy Steps to change Kali Linux IP address

When it comes to windows everything just comes too easy. I mean you gotta work for that too but the sense of accomplishment just ain’t there. When it comes too linux, everything feels like an accomplishment. So now today folks I am gonna teach you how to change Kali Linux IP address. Who knows when it is useful? I don’t even touch it much, coz I am lazy like that so here is how to change the IP configuration.

  • Step 1 : Boot you linux system and on the desktop, right-click on the network icon==> Those 2 computer thingies on the top right==>Then click on edit connectionsIpconfig_1

Step 2 : You will see this Dialogue box. Click on the Add button.

  • Ipconfig_2

 Step 3 : The following dialogue box will appear that have already specified the connection name. Or you can rename it anything you like, name it Soul Sucking Pony if you like.

Ipconfig_3

  • Step 4   Click on Ipv4. Because Ipv6 is not used in common practice.

Ipconfig_4

  • Step 5 : Select the method as manual, because we hardworking, not lazy at all folks are making manual changes.Ipconfig_5

Step 6 :  Put the address , gateway and network, domain and so on

Ipconfig_7

  • A new Ip configuration will be formed.

    Now you have learnt successfully “how to change Kali Linux IP address” If you like this post dont forget to share on Facebook and tweeter! why are you going to forget LinkedIn.

Android for beginners-Part 1

Jelly Bean
This article marks for an inception of something new, something cool, something to brag about and something that makes you feel more tech savvy. Android started to come to the surface in 2008. Since then, billions of gadgets from thousands of companies have embedded it in their roots. And naturally, more developers, whether from a corporation or independent and trying their hands on it. So, we now begin

What is Android?

An operating system that is derived from java. Java is object-oriented, such that it’s workings mimic the real world objects. Programs have been made easy to comprehend, to create and to recreate due to this. Hence, derivatively, Android is easy to learn but difficult to master language whose only limitation, is your imagination and your tenacity. Okay now, enough with the emotional-motivational part.

A java program is needed to be compiled into a DEX file to be executed as an android one. I imagine that if you are reading this. you might understand how programming works exactly. You write thecode-> compile the code-> execute the code.

DEX

Dalvik executable. This executable file is mapped for efficient storage and memory mapped execution. Its history is not you should concern yourself with. This topic is about the future.

Below are the things you require before you go on to fondle with the android.

  • An IDE (Integrated Development Environment): This environment gives you developing tools, debugging tools(error removal) and an emulator to test your projects on. Use Android Studio, a free development IDE. Download using the given red colored link.
  • A JDK(Java development kit): Download and install it before downloading and installing the Android Studio. As I say, “Can’t do anything without a good java!”
  • A system with a minimum of 4gigs of RAM.
  • Windows 7/8/10. I am learning it on windows. So you get to do the same too.
  • An android powered tablet or phone with a minimum of Android 4.1 Jellybean.
  • Tenacity to learn

Accumulate these things and you are good to go. By the time we are done, you will be cooking android apps like instant noodles.

 

20 basics about how to use Kali Linux

how to use Kali Linux

MODULE 3:- Basics of Kali Linux

  1. Install Kali Linux on Hard drive with Full disk Encryption
  2. How to create Kali Linux bootable USB live in windows 10
  3. 20 basics about how to use Kali Linux
  4. 6 steps to change Kali Linux IP address (Easy)
  5. How to Add Kali Linux repository – With pictures
  6. How to update and upgrade Kali Linux to 2017.1
  7. apt-get package handling utility in Kali Linux
  8. How to use Linux debian package manager “dpkg”
  9. How to use Kali Linux SSH Server and client
  10. Start Restart Apache2 Web Server In Kali Linux

How to use Kali Linux?

Kali Linux is the best pen-testing software in existence. So you should know how to use Kali Linux. In Movies I thought they were using windows but HELL no!! Linux it was. In line with pen-testing, it makes you feel a lot smarter. So, without further a do, LETS BEGIN!!

1. Main window:

That’s what it looks like. the other articles have already shown what is kali Linux, so here is its look

kali linux startup

2. Now, to start with the basic operations:

1. Making a new Directory–> Open the terminal, The box thingyat the top left on the right of the globe. and Type –>mkdir  foldername

Making new folder

2. Creating a new file–> Type: touch Filename

Creating New File

3. Making multiple directories–> mkdir dir1 dire2 dir3Multiple folders

4. Creating Multiple files–>touch filea filebMultiple files  5. Deleting a directory–>rm -rf foldernameDeleting Directory5. Deleting a file–>      rm filenameDelete File 6.Copying sourcefile–> cp source destinationCopy sourefile7. Deleting multiple Directories–> rm -rf dir1 dir2 dir3deleting multiple files 8. Moving  a file: mv source Destinationmoving a file 9. Clearing the screen: it actually scrolls the window down rather then removing what was previously written: clearclearing screen 10. To see the Date: #dateDate11. To see the calendar: #calendarCalendar 12. Adding a new user: useradd usernameadding new user 13. Applying User Password: passwd usernameApplying password to user 14. Deleting User : userdel usernameDeleting user15. adding and creating password for a group :  groupadd groupname

gpasswd groupname   Addind group and applying password 16. Deleting Group: groupdel groupnamedeleting group  17. Help Commands such as man, info and pinfo: man commandname

info commandname

pinfo commandname
Help commands outputHelp command output info command makes more information availableHelp Command 2 outputHelp Command 2_output and so on

18. Editor: it is used to edit existing files or creating a file

a  file(created): vi filenameadded and edited Edited FileOnly edited vim- 2nd editing command

vim filename2nd editing command 19. Checking the Ip : ifconfig

Ip checking

20. To avail all that was done over above at the desk top you need to 1st go to the desktop, otherwise all the                                                         above is created in the root folder. To go to Desktop through the terminal

cd DesktopTo Open Desktop

Kali Linux has a different way of taking the screen shots. For this, exit the full screen in the virtual box–> click on Machine on the upper left–> select take screen shot. before 2day i didn’t even know this but it is helpful if you later want to see error in your working on this particular system

How to use dig command in Kali Linux [Tutorial]

How to use dig command in Kali Linux

What is dig command?

The ‘dig command‘ is used in network administration that check and lookup domain name server (DNS) It is dnssec and the part of information gathering.

Well further can’t be discussed much until I give you the definition of name servers….until then everything I say will be moot.

What is domain name server?

A name servers is a software and hardware server that provides provides a network service present at the application layer of the OSI model response  the queries against a directory service. The server component of the domain name system is the perfect example of that. Its job is to translate the ip address from the domain names provided.

So, bottom line dig is the shorthand of domain information groper (dig command), it uses DNS (Domain servers) lookups and gropes the information from the name servers.Why didn’t they use grabber is beyond me!!

So now the usage of this command in

Usage of the dig command.

First on the terminal use the command

dig -h

This command would show all the options used in dig

dig 1

 

In the similar way many of the given commands can be used. For eg, lets use authority now.

dig authority www.google.com

dig 2

 

in the above command, the result indicates that the authoritative search went from ns2->ns1->ns4->ns3, that means name server 2 have more authority over the search according to the context of the domain name over name server 1.

Now lets fool around with some other commands

dig nssearch www.facebook.com  **searches for name servers**dig 3

 

dig additional www.facebook.com **controls all additional queries **dig 4

dig nsid www.facebook.com ** searches for the name servers ID**

dig 5

Similarly , there are other options that can be used for several other purposes. Here we go folks yet another command prominent in information gathering.

 

MODULE 4:- Information Gathering

  1. How to use dnsenum for dns enumeration – Kali
  1. How to use dig command in Kali Linux
  1. whois Kali Linux commands with example
  1. Enumerating DNS Records through dnsenum tool in Kali Linux
  1. Email Harvesting by theharvester tool in Kali Linux
  1. Google Hacking | Open Web Information Gathering
  1. dnsmap | DNS Domain name system brute force attacks
  1. Zone Transfer using dnswalk tool
  1. Website information Gathering through Nikto tool
  1. Search Senstive Data through Metagoofil Kali Linux 2.0
  1. 8 Steps to run Maltego Kali Linux – beginner guide

whois Kali Linux commands with example

whois Kali Linux commands

Overview of Whois Kali Linux command

A whois Kali linux command is a utility as a part of the information gathering used in all of the Linux-based operating systems. this tool is part of information security assessment, and one of  information gathering techniques.  there are a lot of  information gathering strategies. It is used to identify domain information and more.

  • Unknown and distant hosts
  • Networks
  • Even Netadmins if you use the command the right way and you are lucky enough

IN TECHNICAL TERMS:

“WHOIS is a database managed by local internet registrar, availing to us the personal information about the owner for example`: his contact details, his organization, and his IP as well as his geographical location ” we can use whois command to retrieve that information. 

The usage of whois kali linux

The usage of the ‘whois’ varies widely from system to system, but nevertheless, a common ground is established where you have yo give the IP address after the command. The usage of the command in Kali Linux systems is as follows:

whois <ip address/name of the website you want to access the information to>

for example   

whois 74.125.68.106

whois ip address

or

whois www.google.com

whois site name

In the above pictorials, you note one thing==> whois  kali linux command is behaving differently for IP address and site name

  • For the IP addresses, the information is much more substantial. Here you got addresses, phone numbers, organization handles and everything
  • For the site name, you got the server name registrar and the referral URL which is of course for the whois command. as you can notice that the information is certainly less substantial but fun and relevant if you are just starting.

Typing   whois –help will grant you further information on the command on the Linux itself.

whois help

The modern versions of whois try to guess the specific object. If no conclusive result is found the query goes straight to whois.arin.net for ipv4 addresses(like we can do anything with ipv6 just yet!! huh SARCASM) or whois.networksolutions.com for NIC handles. Basically, NIC is network interface controller used to connect the computer  to the computer network. Further information is available on the WIKI(The blue link I gave).

“If you are in love with someone, that someone is not obliged to love you in return. that person could be a bitch, male or female really doesn’t make a difference.”

MODULE 4:- Information Gathering

  1. How to use dnsenum for dns enumeration – Kali
  1. How to use dig command in Kali Linux
  1. whois Kali Linux commands with example
  1. Enumerating DNS Records through dnsenum tool in Kali Linux
  1. Email Harvesting by theharvester tool in Kali Linux
  1. Google Hacking | Open Web Information Gathering
  1. dnsmap | DNS Domain name system brute force attacks
  1. Zone Transfer using dnswalk tool
  1. Website information Gathering through Nikto tool
  1. Search Senstive Data through Metagoofil Kali Linux 2.0
  1. 8 Steps to run Maltego Kali Linux – beginner guide

The first JavaScript powered RansomWare Ransom32

Ransomware: What is it?

Let’s go by the wiki definition with this one. The meaning is simple enough, the RansomWare infects the system and holds it for ransom. By infecting here, it means that the malware operators disable one particular(mostly crucial) function in the system and will only enable it back if the victim system’s owner pays up. Its traversal across the system is like trojan, that means, it will look like a legit file.

Introducing a new RansomWare for the new year: Ransom32

Morever, its the world’s first javaScript powered ransomware. This badboy is capable of infecting Windows, linux and Mac. Its quick and easily accessible to even a lay user. This is available for free download. To use it, one only has to have a bitcoin address.

The first instant of the new Ransom32 was found by the guys at Emsisoft. They found that the new ransom malware is using the NW.js(JavaScript) platform to do its deed. The malware infiltrates as a winrar  archive and encrypts the victims’ files with 128bit AES encryption. Now, an AES encryption is a symmertrical encryption algorithm. Symmetrical Encryption is the oldest encryption method, used since the ancient Rome, a place where stones contained spirits and werewolves walked among…wolves. However, the technique is a pain in the arse. Its as simple as shifting an alphabet by a number of places and as complex as to shifting the entire lines.

What is Nw.js?

Its a app development JavaScript platform that allows a lot more interaction with the central Operating system, much like the C++ and the Delphi.

“Hiding behond the guise of legitimacy, malwares created through NW.js can infect aacross platforms”

How to keep your system safe?

They are the simple everyday for every security for every platform dos and donts of the internet

  • Always form backups of important stuff
  • Run the Anivirus everytime
  • Spam unknown email attachments
  • Internet is a vast and treacherous place, browse safe

 

 

 

World’s first Power outage using Malware

Die Hard 4.0 seems real enough now as we have the world’s first power outage accomplished by a malware. The culprits are…..you guessed it, the blackhats.

Now hackers have used a highly elegant and destructive malware to successfully infect at least three regional Ukrainian power authorities. So, their pre-Christmas 23rd December was pretty much a …lights out.

The region Infected was the Ivano-Frankivsk.

Prykarpattyaoblenergo, a local energy provider was claimed to be under the attack of cyber crooks by the energy ministry. As I said, Christman kinda went a dud!

The malware responsible disconnected the electrical substation. Now, this is frighteningly believable as no power grids were touched but the computers controlling them were.

World’s First power-outage-inducing malware

The name that is given to this malware that brought down the power is dubbed BLACKENERGY. 

This BlackEnergy trojan was first discovered in 2007. Back then, it was a relatively simple tool to conduct DDoS attacks(Denial Of Service). It got an update about two years ago with a butt-load of new features. Features that were not limited to making a computer unbootable.

“Russian Security Service” was the launcher of this malware. its targets were industrial control systems and sensitive politicians.

The internet antivirus provider called ESET said that the virus was recently updated to include utilities such as

  • KillDisk: As the name suggests, kills  the disk or to be more sophisticated “Screws with the crucial parts of an industrial system”
  • Backdoored Secure Shell Turns your computer into infidel women aka infects the computer with a permanent access of the “other guy”/the hacker.

The how?

Researchers revealed that the hackers’ backdoor came from the macros linked in the booby-trapped Microsoft office documents. Malicious macros caused the Ukraine’s power pop. The initial point of infection is believed to be caused by just that.

My two cents

This is definitely a disturbing news. A simple SE(Social Engineering) trick, however inelegant, can also be used to disrupt the power. What’s sad is that there might be no John McLane to save us this time.