Today we are going to be talking about how to build a custom backdoor exploit in Python3, as well as what RCE is, including various methods to achieve it. These two techniques are your bread and butter and are what you’ll be going for during a lot of pentests, CTF challenges, etc, regardless of how you go about it: SQL injection, OS command injection, remote file inclusion, etc. It’s really all the same.

If you’ve ever noticed, during a lot of big hacks, one of the most common things that ALWAYS happens is that the attackers somehow discover a way to RCE the system, allowing them to gain backdoor access and formulate something called a “botnet”, allowing them to deliver various payloads and command and control the network. Before I dive into this, as always I want to get you up to speed on some terminology so that you understand what’s going on. Let’s go over the main TCP/IP handshake so you understand the overall process.

Disclaimer:

As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin!

- The Hacker Who Laughs 🕸🕸🎃🕸🕸

Today we are going to be talking about ARP poisoning and how to poison a network. A lot of this is going to be heavy networking based, so do mind your fundamentals. I'll explain some stuff along the way. As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pentest on anyone's network unless it is your own, or you have permission to do so.

- The Hacker Who Laughs 🕸🕸🎃🕸🕸

Today we are going to be covering the Shodan API and how to use it for CCTV hacking to tap into camera feeds, as well as how to gather information about various IoT gateway devices on the internet and exploit the services on them.

This is also going to dive into complex topics like: port forwarding, router exploitation, the routersploit framework, the metasploit framework, as well as how the internet works under the hood.

I'm not going to directly tap into a camera feed live as that's illegal (even if it's a public cam for a park), but I am going to show you how to talk to specific ports using an IP address, whether it be in numeral format or alphabetical format. It's the same process you'll be using to tap into camera feeds should you find an open port.

For this demonstration, since we'll be using metasploit for it, you're going to need a Shodan premium membership to get a lifetime API key(s). Sadly, Shodan now requires you to be a premium member if you wish to use the API freely.

Disclaimer

As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin!

- The Hacker Who Laughs 🕸🕸🎃🕸🕸

Today I'll be covering SQL injection and advanced fuzzing and filter bypassing techniques you need to know to be a successful pen-tester. You can't avoid not knowing this as you'll see it regardless of what side you are on: blue team, if you are defending against it, or red team, if you are checking if it's a weakness in the system.

As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, lets begin!

- The Hacker Who Laughs 🕸🕸🎃🕸🕸

Today, I'm going to show you how to make your own custom LAN turtle Rubber Ducky using Arduino. This is going to simulate connecting the target system back to a server side, much like a meterpreter shell, so that we can pipe over commands on our end and control the target system.

The two scripts that are going to be used are the ones from the previous article on "How to Botnet". The client side is going to be integrated with Arduino, where it will will write its own code live and connect back to the server, whereas the server side, the python script, is going to sit in a listening state on the system, waiting for the client to connect to it so it can be fed instructions from the client side to control the system. Traditionally you always want to have the server sitting on the victim system so that you can connect and interact with it, but nowadays making your back-doors peer to peer is actually best because it allows your setup to be more versatile. For safety purposes, it's just going to connect back and that's it, nothing else! The real version that is unsafe to use stays with me.

Sadly, this is one of those projects that you NEED to have the right equipment for to pull off, but you can still follow along the 2 demonstration videos here. One, that shows the code being automated, and then another, of me connecting it live in front of you as proof it works.

Disclaimer

As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin!

- The Hacker Who Laughs 🕸🕸🎃🕸🕸

Today I’m going to be going over Crypto malware/ransomware and how to fabricate your own for educational and study purposes. But before I start, I would like to mention as a disclaimer that I by no means condone any form of illegal behavior you might use this information for. It's STRICTLY for educational purposes ONLY.

Due to the nature of how long my posts will be getting in the future I will be writing them in main news articles so I can fully flesh them out better in full detail.

Link to the main article for the video and explanation is in the link below. Any and all major past content I’ve made will also be made available via my newsletter article following soon.

- The Hacker Who Laughs 🕸🕸🎃🕸🕸

SOOOOOO, as promised, here is the list of any and all resources I wanted to openly share of mine that I personally recommend and use all the time. It's a special celebration for finally reaching close to 300 connections on here.

If you would like to help other people have access to HIGH QUALITY resources so they can learn, then I suggest MEGA sharing this so that connections in your network see it!

- The Hacker Who Laughs 🕸🕸🎃🕸🕸

Today we are going to talk about Social Engineering, specifically, a "man in the browser" exploit, as well as what social engineering is and how threat actors use it to exploit and leverage a system to gain access. There are various forms of social engineering, and we'll cover them all here today.

Social engineering is one of the most commonly used tactics, as well as something that is known as a physical hack.

As always, before we dive right into this, some terminology needs to be explained so that you can follow along with the article.

Disclaimer

As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin!

- The Hacker Who Laughs 🕸🕸🎃🕸🕸

Today, in order to celebrate the launching of my new website, I have a special article for today. It's going to feature the first episode of "Mr.Robot", where Elliot hacks a pedophile.

We are also going to talk about the TOR Onion protocol, as well as how to bypass it. We are also going to discuss online anonymity, and how to setup and configure TOR so you can be "truly" anonymous. In order to discuss this I need to go over the 3 layers of the internet: The surface web, deep web, and dark web.

Disclaimer

As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin!

- The Hacker Who Laughs 🕸🕸🎃🕸🕸

So today, I wanted to talk about WIFI hacking, how to perform it, as well as how to defend against it. Link to the demonstration video is at the end of the post.

Disclaimer

As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin!

- The Hacker Who Laughs 🕸🕸🎃🕸🕸