Terminal Mode
This is a custom portable CTF server that I wrote in: HTML/CSS/JS, and PHP. Further languages used are SQL for the backend of the database which is MYSQL. The server is designed to allow you to pentest wherever you are locally vs the traditional meas of having to be connected to the internet in order to engage in web application pentesting CTF challenges, allowing you to get practice wherever you are on the go. Itโs also home lab friendly and allows you to practice network penetration testing as well, and includes a variety of challenges that test a lot of your hacking methodology and skill sets. Youโre going to have to apply yourself and LEARN if you want to secure all โ11 flagsโ. You can run this challenge as either locally on your system, or on another system that you can run either directly or vm machine. This makes it more accessiible to all users. If you have nethunter you can also participate in the challenge as well from you phone if you wanted to try mobile hacking. THIS DOES RUN ON NETHUNTER AS WELL THE SAME WAY. YOU NEED TO MAKE SURE YOU ARE ROOT WHEN YOU RUN NETHUNTER SO THE SCRIPT WORKS CORRECTLY OTHERWISE IT WILL CRASH AND FAIL! - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
Iโve included a safe UDP backdoor to run that only works on one system via 2 terminals. Iโve excluded the full version for safety purposes that utilizes TCP/IP in order to allow for remote data communication between said systems on the networks. Feel free to check out the SSH version. Iโve also created my own personal MITB(Man in the browser attack) program, that will launch a total โrealโ chrome browser (read the code in the description to download the module needed to run the program), which will keep track of any sites written in the code, and will log it down into a text file. For safety purposes it only tells you whether you visited the site or not. Iโve also written my own personal RSA encryption/decryption tool you can use to secure data. The program has a manual mode Iโve written that will explain how to use it. I primarily use python to program a series of low-level networking tools: Client/Servers via TCP, UDP, and SSH, HTML and flask Servers, as well as network sniffers to scan and monitor traffic on networks by sending UDP packet datagrams to wait for responses and see what machines I can talk to, as well as interacting with a variety of different network protocols. I also use python to develop: Encryption/Decryption tools, Man in the browser attack programs, mapping web applications, web brute forcing, as well as to develop trojan programs that I can update and communicate with on different systems, as well as for SQL injection attacks. Iโm learning machine learning with python at the moment, and I do also use it to develop fast GUIโs for pentesting tools using PYQT5. - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
This is an interchangeable rubber ducky script I wrote designed to run and execute various payloads. For demonstration purposes Iโve provided a safe version of the code you can run and script onto an arduino board that utilizes a micro USB port (The arduino Keyboard library only works with those types of boards). Simply load up the arduino program and sketch โKeyboardInjectionLINUX.inoโ to the board and the sample code will run. Iโve also included a set of functions in a text file, that you can use to edit and swap out functions in the original code should you wish to. Have fun!!! - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
This is a second build of a penetration testing app I've developed that is meant to automate a variety of the different tools I've written. The interface only includes code that has been fully tested thoroughly. Any others, feel free to browse and look at it. You won't see it in the interface but it's there in case you wish to see it. The following to look at first are: Bash_Interface.py (This is the main interface) LinuxInstall.py (Installs all needed components, including PYQ5 in case you don't have it installed. Also compatible with windows via pip installer) Installer Module.sh(Script that will install all needed compilers for Linux should you not have them installed) - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
Inspired by Marcus's drone from Watch Dogs 2 and as a tribute to the series, I'm developing a penetration testing drone, it's sole purpose, to fly around capturing packet data, as well as cracking Wireless encryptions, integrating the use of a raspberry pi zero to host my UDP BackDoor Server program in order to communicate with the drone and see what's on the pi as it's flying. Think of it as a flying wifi-pineapple. When the drone boots up, the pi zero will auto login, where a set of scripts will run, starting up the UDP Server. The flight controller for the drone is built up from scratch, rather than using a pre-built one. The drone will take a series of commands from the transmitter, the controller, also built from scratch (keyboard input option available as well), and depending on the value read from the analog of the joystick module, will move the drone either: forward, backward, left, right, up down, and shifts the values of the signal values sent to the ESC's of the drone in order to move the drone accordingly, all calibrated properly. The drone is still in prototype phase, and is near completion. In the future I will be diving into how to facial recognition software, which I will build from scratch in order to build a true replica of Wrench from Watch Dogs 2, his face mask that acts as a build board, where his facial expressions are scanned by the mask in order to display a a set of emojis that show his emotions. - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
Today we are going to be talking about how to build a custom backdoor exploit in Python3, as well as what RCE is, including various methods to achieve it. These two techniques are your bread and butter and are what youโll be going for during a lot of pentests, CTF challenges, etc, regardless of how you go about it: SQL injection, OS command injection, remote file inclusion, etc. Itโs really all the same. If youโve ever noticed, during a lot of big hacks, one of the most common things that ALWAYS happens is that the attackers somehow discover a way to RCE the system, allowing them to gain backdoor access and formulate something called a โbotnetโ, allowing them to deliver various payloads and command and control the network. Before I dive into this, as always I want to get you up to speed on some terminology so that you understand whatโs going on. Letโs go over the main TCP/IP handshake so you understand the overall process. Disclaimer: As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin! - The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Today we are going to be talking about ARP poisoning and how to poison a network. A lot of this is going to be heavy networking based, so do mind your fundamentals. I'll explain some stuff along the way. As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pentest on anyone's network unless it is your own, or you have permission to do so. - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
Today we are going to be covering the Shodan API and how to use it for CCTV hacking to tap into camera feeds, as well as how to gather information about various IoT gateway devices on the internet and exploit the services on them. This is also going to dive into complex topics like: port forwarding, router exploitation, the routersploit framework, the metasploit framework, as well as how the internet works under the hood. I'm not going to directly tap into a camera feed live as that's illegal (even if it's a public cam for a park), but I am going to show you how to talk to specific ports using an IP address, whether it be in numeral format or alphabetical format. It's the same process you'll be using to tap into camera feeds should you find an open port. For this demonstration, since we'll be using metasploit for it, you're going to need a Shodan premium membership to get a lifetime API key(s). Sadly, Shodan now requires you to be a premium member if you wish to use the API freely. Disclaimer As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin! - The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Today I'll be covering SQL injection and advanced fuzzing and filter bypassing techniques you need to know to be a successful pen-tester. You can't avoid not knowing this as you'll see it regardless of what side you are on: blue team, if you are defending against it, or red team, if you are checking if it's a weakness in the system. As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, lets begin! - The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Today, I'm going to show you how to make your own custom LAN turtle Rubber Ducky using Arduino. This is going to simulate connecting the target system back to a server side, much like a meterpreter shell, so that we can pipe over commands on our end and control the target system. The two scripts that are going to be used are the ones from the previous article on "How to Botnet". The client side is going to be integrated with Arduino, where it will will write its own code live and connect back to the server, whereas the server side, the python script, is going to sit in a listening state on the system, waiting for the client to connect to it so it can be fed instructions from the client side to control the system. Traditionally you always want to have the server sitting on the victim system so that you can connect and interact with it, but nowadays making your back-doors peer to peer is actually best because it allows your setup to be more versatile. For safety purposes, it's just going to connect back and that's it, nothing else! The real version that is unsafe to use stays with me. Sadly, this is one of those projects that you NEED to have the right equipment for to pull off, but you can still follow along the 2 demonstration videos here. One, that shows the code being automated, and then another, of me connecting it live in front of you as proof it works. Disclaimer As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin! - The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Today Iโm going to be going over Crypto malware/ransomware and how to fabricate your own for educational and study purposes. But before I start, I would like to mention as a disclaimer that I by no means condone any form of illegal behavior you might use this information for. It's STRICTLY for educational purposes ONLY. Due to the nature of how long my posts will be getting in the future I will be writing them in main news articles so I can fully flesh them out better in full detail. Link to the main article for the video and explanation is in the link below. Any and all major past content Iโve made will also be made available via my newsletter article following soon. - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
SOOOOOO, as promised, here is the list of any and all resources I wanted to openly share of mine that I personally recommend and use all the time. It's a special celebration for finally reaching close to 300 connections on here. If you would like to help other people have access to free resources so they can learn, then I suggest MEGA sharing this so that connections in your network see it! - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
Today we are going to talk about Social Engineering, specifically, a "man in the browser" exploit, as well as what social engineering is and how threat actors use it to exploit and leverage a system to gain access. There are various forms of social engineering, and we'll cover them all here today. Social engineering is one of the most commonly used tactics, as well as something that is known as a physical hack. As always, before we dive right into this, some terminology needs to be explained so that you can follow along with the article. Disclaimer As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin! - The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Today, in order to celebrate the launching of my new website, I have a special article for today. It's going to feature the first episode of "Mr.Robot", where Elliot hacks a pedophile. We are also going to talk about the TOR Onion protocol, as well as how to bypass it. We are also going to discuss online anonymity, and how to setup and configure TOR so you can be "truly" anonymous. In order to discuss this I need to go over the 3 layers of the internet: The surface web, deep web, and dark web. Disclaimer As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin! - The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Self-Taught Cyber Security Professional with a background in Software Engineering, IT Technical Support, Security Engineering, and proficiency in Electrical engineering and Reverse Engineering. I have a love and passion for offensive security. I reverse engineer various core APIโs and technologies in order to explore and fabricate new ideas that will make my projects come to life. I use my Software Engineering skills to design custom exploits and penetration testing tools, and CTF servers that demonstrate my Security Engineering skills and ingenious ingenuity. My Electrical Engineering skills allow me to devise various custom tools such as keyboard injection exploits that manipulate the virtual keyboard API of a system in order to inject payloads and bypass security measures for security testing, some with the ability to write their own code, which I use to extend further C/C++ Win32API and LinuxAPI exploits along with python scripts. On top of being proficient in C/C++ Iโm also proficient in 13 programming languages in total, my main ones being: C/C++, Python3, Bash, SQL, HTML/CSS/JS, PHP, and of course a bit of Powershell scripting as well. My IT skills are on par with level 4 tier experience. I use my reverse engineering skills in order to deduce probable causes and solutions for technical problems. Reverse engineering is my specialty and is how I learn. Given my level of ingenuity, I was allowed to operate above my tier level and demonstrate my skill sets to the fullest and solve lots of complex technical problems at the companies that I worked at, including the infamous Pfizer Pharmaceutical company, which I have thorough documentation of in my research portfolio. My skill sets wonโt disappoint you! Check out my work and my research. I take pride in what I do as a professional hacker. - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
Futaba_Webs is a new brand Iโm starting that focuses on developing a series of unique penetration testing tools with style, both software and hardware wise. I also develop and create educational resources that will help people learn how to program, as well as paint the clear pathway to the cyber security field and all itโs intricacies. The most difficult part of learning anything is knowing where to start. - The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
Check out my Linkedin Business Page to see more of my content!
This is a custom portable CTF server that I made! Try it out!
Take a loot at some of my projects available on my GitHub page!
Check out some of my live hacking exploit demonstrations.
Check out some of the demo code for my Pent-Testing Tools!
I was featured on a photography platform called โYouPicโ.
Check out some of my Keyboard Injection (Rubber Ducky) Scripts.
This is a penetration testing app I'm developing!
I'm developing a drone based on WatchDogs for penetration testing!