joana&pedro

joana&pedro

About TorghostNG
TorghostNG is a tool that make all your internet traffic anonymized with Tor network. TorghostNG is rewritten from TorGhost with Python 3.

TorghostNG was tested on:

Kali Linux 2020a

Manjaro

...

What's new in TorghostNG 1.2

Fixed update_commands and others in torghostng.py

Changed a few things in theme.py

Changed a few things in install.py

Now you can change Tor circuit with -r

Before you use TorghostNG

For the goodness of Tor network, BitTorrent traffic will be blocked by iptables. Although you can bypass it with some tweaks with your torrent client 😥 It's difficult to completely block all torrent traffic.

For security reason, TorghostNG is gonna disable IPv6 to prevent IPv6 leaks (it happened to me lmao).

Screenshots of Torghost (Version 1.0)
Connecting to Tor exitnode in a specific country: torghostng -id COUNTRY ID

Changing MAC address: torghostng -m INTERFACE

Checking IP address: torghostng -c

Disconnecting from Tor: torghostng -x

Uninstalling TorghostNG: python3 install.py

Installing TorghostNG
TorghostNG installer currently supports:

GNU/Linux distros that based on Arch Linux

GNU/Linux distros that based on Debian/Ubuntu

GNU/Linux distros that based on Fedora, CentOS, RHEL, openSUSE

Solus OS

Void Linux

Anh the elder guy: Slackware

(Too much package managers for one day :v)

To install TorghostNG, open your Terminal and enter these commands:
But with Slackware, you use sudo python3 torghostng.py to run TorghostNG :v

Help
You can combine multiple choices at the same time, such as:

torghostng -s -m INTERFACE: Changing MAC address before connecting

torghostng -c -m INTERFACE: Checking IP address and changing MAC address

torghostng -s -x: Connecting to Tor anh then stop :v

...

If you have any questions, you can watch this tutorial videos 🙂
I hope you will love it 😃

How to update TorghostNG
Open Terminal and type sudo torghostng -u with sudo to update TorghostNG, but it will download new TorghostNG to /root, because you're running it as root. If you don't like that, you can type git pull -f and sudo python3 install.py.

Notes before you use Tor
Tor can't help you completely anonymous, just almost:

Tor's Biggest Threat – Correlation Attack

Is Tor Broken? How the NSA Is Working to De-Anonymize You When Browsing the Deep Web

Use Traffic Analysis to Defeat TOR

...

It's recommended that you should use NoScript before before surfing the web with Tor. NoScript shall block JavaScript/Java/Flash scripts on websites to make sure they won't reveal your real identify.

And please

Don't spam or perform DoS attacks with Tor. It's not effective, you will only make Tor get hated and waste Tor's money.

Don't torrent over Tor. If you want to keep anonymous while torrenting, use a no-logs VPN please.

Bittorrent over Tor isn't a good idea
Not anonymous: attack reveals BitTorrent users on Tor network

Changes log
Version 1.2

Fixed update_commands and others in torghostng.py

Changed a few things in theme.py

Changed a few things in install.py

Now you can change Tor circuit with -r

Version 1.1

Check your IPv6

Change all "TOR" to "Tor"

Block BitTorrent traffic

Auto disable IPv6 before connecting to Tor

Contact to the coder

Twitter: @SecureGF

Github: @GitHackTools

Website: GitHackTools 🙂

To-do lists:

Block torrent, for you - Tor network (Done 😃)

Connect to IPv6 relays (maybe?)

GUI version

Fix bug, improve TorghostNG (always)

And finally: You can help me by telling me if you find any bugs or issues. Thank you for using my tool 😊

Download TorghostNG

Watch tutorial videos

More information

joana&pedro

How do I get started with bug bounty hunting? How do I improve my skills?

These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.

Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

More information

joana&pedro

Passwords are the key element of information require to access the system. Similarly, the first step is to access the system is that you should know how to crack the password of the target system. There is a fact that users selects passwords that are easy to guess. Once a password is guessed or cracked, it can be the launching point for escalating privileges, executing applications, hiding files, and covering tracks. If guessing a password fails, then passwords may be cracked manually or with automated tools such as a dictionary or brute-force method.

Cracking a Password

Passwords are stored in the Security Accounts Manager (SAM) file on a Windows system and in a password shadow file on a Linux system.

Manual password cracking involves attempting to log on with different passwords. The hacker follows these steps:

Find a valid user account (such as Administrator or Guest).
Create a list of possible passwords.
Rank the passwords from high to low probability.
Key in each password.
Try again until a successful password is found.

A hacker can also create a script file that tries each password in a list. This is still considered manual cracking, but it's time consuming and not usually effective.

A more efficient way of cracking a password is to gain access to the password file on a system. Most systems hash (one-way encrypt) a password for storage on a system. During the logon process, the password entered by the user is hashed using the same algorithm and then compared to the hashed passwords stored in the file. A hacker can attempt to gain access to the hashing algorithm stored on the server instead of trying to guess or otherwise identify the password. If the hacker is successful, they can decrypt the passwords stored on the server.

Understanding the LAN Manager Hash

Windows 2000 uses NT LAN Manager (NTLM) hashing to secure passwords in transit on the network. Depending on the password, NTLM hashing can be weak and easy to break. For example, let's say that the password is 123456abcdef . When this password is encrypted with the NTLM algorithm, it's first converted to all uppercase: 123456ABCDEF . The password is padded with null (blank) characters to make it 14 characters long: 123456ABCDEF__ . Before the password is encrypted, the 14-character string is split in half: 123456A and
BCDEF__ . Each string is individually encrypted, and the results are concatenated:

123456A = 6BF11E04AFAB197F
BCDEF__ = F1E9FFDCC75575B15

The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15 .

Cracking Windows 2000 Passwords

The SAM file in Windows contains the usernames and hashed passwords. It's located in the Windows\system32\config directory. The file is locked when the operating system is running so that a hacker can't attempt to copy the file while the machine is booted to Windows.

One option for copying the SAM file is to boot to an alternate operating system such as DOS or Linux with a boot CD. Alternately, the file can be copied from the repair directory. If a system administrator uses the RDISK feature of Windows to back up the system, then a compressed copy of the SAM file called SAM._ is created in C:\windows\repair . To expand this file, use the following command at the command prompt:

C:\>expand sam._ sam

After the file is uncompressed, a dictionary, hybrid, or brute-force attack can be run against the SAM file using a tool like L0phtCrack. A similar tool to L0phtcrack is Ophcrack.

Download and install ophcrack from http://ophcrack.sourceforge.net/

Redirecting the SMB Logon to the Attacker

Another way to discover passwords on a network is to redirect the Server Message Block (SMB) logon to an attacker's computer so that the passwords are sent to the hacker. In order to do this, the hacker must sniff the NTLM responses from the authentication server and trick the victim into attempting Windows authentication with the attacker's computer.

A common technique is to send the victim an email message with an embedded link to a fraudulent SMB server. When the link is clicked, the user unwittingly sends their credentials over the network.

SMBRelay

An SMB server that captures usernames and password hashes from incoming
SMB traffic. SMBRelay can also perform man-in-the-middle (MITM) attacks.

SMBRelay2

Similar to SMBRelay but uses NetBIOS names instead of IP addresses to capture usernames and passwords.

pwdump2

A program that extracts the password hashes from a SAM file on a Windows system. The extracted password hashes can then be run through L0phtCrack to break the passwords.

Samdump

Another program that extracts NTLM hashed passwords from a SAM file.

C2MYAZZ

A spyware program that makes Windows clients send their passwords as clear text. It displays usernames and their passwords as users attach to server resources.

NetBIOS DoS Attacks

A NetBIOS denial-of-service (DoS) attack sends a NetBIOS Name Release message to the NetBIOS Name Service on a target Windows systems and forces the system to place its name in conflict so that the name can no longer be used. This essentially blocks the client from participating in the NetBIOS network and creates a network DoS for that system.

Start with a memorable phrase, such as "Maryhadalittlelamb"
Change every other character to uppercase, resulting in "MaRyHaDaLiTtLeLaMb"
Change a to @ and i to 1 to yield "M@RyH@D@L1TtLeL@Mb"
Drop every other pair to result in a secure repeatable password or "M@H@L1LeMb"

Now you have a password that meets all the requirements, yet can be "remade" if necessary.