My Hack Stuff https://myhackstuff.com Exploring Things on Internet Sun, 14 Oct 2018 21:39:20 +0000 en hourly 1 https://wordpress.org/?v=4.9.8 https://myhackstuff.com/wp-content/uploads/2018/03/cropped-1-3-32x32.jpg My Hack Stuff https://myhackstuff.com 32 32 Apple going to Release Its Own Clear Case for IPhone XR https://myhackstuff.com/apple-going-release-clear-case-iphone-xr/ https://myhackstuff.com/apple-going-release-clear-case-iphone-xr/#respond Sun, 14 Oct 2018 21:39:20 +0000 https://myhackstuff.com/?p=1177 When Apple announced the iPhone XS and iPhone XR last month, it began selling a range of cases for the XS, including its usual Apple-branded silicone and leather cases. For the iPhone 5c, Apple had the infamous holey rubber cases, which showed off the color of the unapologetically plastic iPhone 5c it protected with a […]

The post Apple going to Release Its Own Clear Case for IPhone XR appeared first on My Hack Stuff.

]]>
When Apple announced the iPhone XS and iPhone XR last month, it began selling a range of cases for the XS, including its usual Apple-branded silicone and leather cases.

For the iPhone 5c, Apple had the infamous holey rubber cases, which showed off the color of the unapologetically plastic iPhone 5c it protected with a polkadot grid of circular cutouts.

Rather than trying something more extravagant like the iPhone 5c case design, Apple is keeping it simple, and launching their first ever clear plastic case.

This is a marketing image of what it looks like, per sources: It’s not exactly going to win any awards for design innovation – it’s a pretty standard clear case that allows the color of the phone to shine through from all sides.

There’s not much to distinguish between the Speck and the official Apple case, but the Apple case has the aforementioned open bottom design and is not emblazoned with any third-party logos.

Amazon Says India ūüáģūüá≥ Customer Base Surges During Festive Sale

U.S. online giant Amazon said its festive season sale in India had got off to a strong start, with three times the number of people signing up to shop in the first two days compared to last year.

Amazon and homegrown Indian rival Flipkart, owned by Walmart, kicked off competing sales events on Wednesday, jostling to grab shoppers in India’s October-December festive season when households make most big-ticket purchases.

‚ÄúWe are particularly excited by the three times higher new customer and Prime sign ups,‚ÄĚ Amit Agarwal, Amazon‚Äôs India head said on Friday, adding the site is becoming the destination of choice for existing and new customers across India.

The comment comes after Flipkart chief Kalyan Krishnamurthy, late on Wednesday, told Reuters Amazon was losing relevance in the country.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, WordPress website using WPSeku from My Hack Stuff.

The post Apple going to Release Its Own Clear Case for IPhone XR appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/apple-going-release-clear-case-iphone-xr/feed/ 0
Why Facebook Lost 30% of Its Value Since July 2018 https://myhackstuff.com/facebook-lost-30/ https://myhackstuff.com/facebook-lost-30/#respond Sun, 14 Oct 2018 21:34:03 +0000 https://myhackstuff.com/?p=1174 Facebook stock opened at $150.13 on Thursday, down more than 30% from the high it hit in July, as the company continues to grapple with privacy scandals, fake news and a broader market selloff hitting the tech industry particularly hard. In fact, Facebook stock is hovering around its lowest point from the days after the […]

The post Why Facebook Lost 30% of Its Value Since July 2018 appeared first on My Hack Stuff.

]]>
Facebook stock opened at $150.13 on Thursday, down more than 30% from the high it hit in July, as the company continues to grapple with privacy scandals, fake news and a broader market selloff hitting the tech industry particularly hard.

In fact, Facebook stock is hovering around its lowest point from the days after the Cambridge Analytical data scandal came to light in March and ignited a wave of consumer and regulatory scrutiny on both sides of the Atlantic.

“For the first time, we’ve heard some grumblings from the advertiser community that the hot water that Facebook is in politically is creating some hesitation on budget allocations (for some),” Ross Sandler, an analyst with Barclays, wrote in an investor note this week.

Meanwhile, Facebook’s long awaited push into hardware this week — with a video calling device called Portal — was mired by the same user trust issues over privacy concerns that have plagued the company all year.

Adding to Facebook’s uncertainty right now: The company is making a big bet across its products on Stories, a visual format popularized by Snapchat, but one with unknown potential for advertisers.

Google Tells U.S. Lawmakers It Is Mulling ūü§Ē Options on China Services

Alphabet Inc‚Äôs (GOOGL.O) Google unit has told U.S. lawmakers it was considering ‚Äúa variety of options‚ÄĚ to offer additional services in China, but declined to detail plans for addressing Chinese censorship.

The company has come under criticism after reports it was considering re-entering China’s search engine market and would comply with its internet censorship and surveillance policies.

In an Aug. 31 letter to six senators made public on Friday, Google Chief Executive Sundar Pichai said the company was ‚Äúthoughtfully considering a variety of options for how to offer services in China in a way that is consistent with our mission.‚ÄĚ

The letter was reported earlier by The Intercept, a news website. Google declined to comment.

Reuters and other outlets had reported in August that Google planned to launch a version of its search engine in China that would block some websites and search terms. The move would mark its return to a market it abandoned eight years ago on censorship concerns.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, WordPress website using WPSeku from My Hack Stuff.

The post Why Facebook Lost 30% of Its Value Since July 2018 appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/facebook-lost-30/feed/ 0
Scapy Python Tool for Fabricating Handshake Method https://myhackstuff.com/scapy-python-tool-fabricating-handshake/ https://myhackstuff.com/scapy-python-tool-fabricating-handshake/#respond Sun, 09 Sep 2018 07:20:52 +0000 https://myhackstuff.com/?p=1163 Introduction In this article we are going to discuss about Scapy Python Tool for Fabricating Handshake Method. Kali Linux 2018.3 has Scapy¬†Python Tool ready to go, but it’s good to make sure you have all your dependencies in order. My copy of Kali didn’t have the Python ECDSA cryptography installed, for example. We don’t need […]

The post Scapy Python Tool for Fabricating Handshake Method appeared first on My Hack Stuff.

]]>
Introduction

In this article we are going to discuss about Scapy Python Tool for Fabricating Handshake Method. Kali Linux 2018.3 has Scapy¬†Python Tool ready to go, but it’s good to make sure you have all your dependencies in order. My copy of Kali didn’t have the Python ECDSA cryptography installed, for example. We don’t need it here, but I don’t like to have alerts when I fire up Scapy Python Tool. You can run this command before we get started:

# apt-get install graphviz imagemagick python-gnuplot python-pyx python-ecdsa

You can bring up the Scapy Python Tool interpreter interface by simply commanding scapy, but for this discussion, we’ll be importing its power into a Python script.

Scapy Python Tool is a sophisticated packet manipulation and crafting program. Scapy¬†Python Tool is a Python program, but Python plays an even bigger role in Scapy as the syntax and interpreter for Scapy’s domain-specific language. What this means for the pen tester is a packet manipulator and forger with unmatched versatility because it allows you to literally write your own network tools, on the fly, with very few lines of code ‚Äď and it leaves the interpretation up to you, instead of within the confines of what a tool author imagined.



What we’re doing here is a crash course in scripting with Python and Scapy, so don’t be intimidated. We will be covering Scapy and Python in detail in our upcoming articles. We’ll step through everything happening here in our NAC bypass scenario so that, when we fire up Scapy¬†Python Tool in the future, it will quickly make sense. If you’re like me, you learn faster when you’re shoved into the pool. That being said, don’t neglect curling up with Scapy documentation and some hot cocoa. The documentation on Scapy is excellent.

As you know, we set up our captive portal listener and OS fingerprinter at 192.168.108.215. Let’s try to browse this address with an unmodified Firefox ESR in Kali and see what p0f picks up:

scapy python tool

We can see in the very top line, representing the very first SYN packet received, that p0f has already identified us as a Linux client. Remember, p0f is looking at how the TCP packet is constructed, so we don’t need to wait for any HTTP requests to divulge system information. Linux fingerprints are all over the TCP¬†three-way handshake, before the browser has even established a connection to the site.



In our example, we want to emulate an iPad (specifically, one running iOS 9.3.2 to match our user-agent spoof from earlier). Putting on our hacker hat (the white one, please), we can put two and two together:

  • p0f has a database of signatures (p0f.fp) that it references in order to fingerprint a source.
  • Scapy¬†Python Tool allows us to construct TCP packets and, with a little scripting, we can tie together several Scapy lines into a single TCP three-way handshake utility.

We now have a recipe for our spoofing attack. Now, Scapy lets you construct communications in its interpreter, using the same syntax as Python, but what we’re going to do is fire up nano and put together a Python script that will import Scapy. We’ll discuss what’s happening here after we confirm the attack works:

#!/usr/bin/python
from scapy.all import *
CPIPADDRESS=”192.168.108.215″
SOURCEP=random.randint(1024,65535)
ip=IP(dst=CPIPADDRESS, flags=”DF”, ttl=64)
tcpopt=[(“MSS”,1460), (“NOP”,None), (“WScale”,2), (“NOP”,None), (“NOP”,None), (“Timestamp”,(123,0)), (“SAckOK”,””), (“EOL”,None)]
SYN=TCP(sport=SOURCEP, dport=80, flags=”S”, seq=1000, window=0xffff, options=tcpopt)
SYNACK=sr1(ip/SYN)
ACK=TCP(sport=SOURCEP, dport=80, flags=”A”, seq=SYNACK.ack+1, ack=SYNACK.seq+1, window=0xffff)

send(ip/ACK)
request=”GET / HTTP/1.1\r\nHost: ” + CPIPADDRESS + “\rMozilla/5.0 (iPad; CPU OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13F69 Safari/601.1 \r\n\r\n”
PUSH=TCP(sport=SOURCEP, dport=80, flags=”PA”, seq=1001, ack=0, window=0xffff)
send(ip/PUSH/request)
RST=TCP(sport=SOURCEP, dport=80, flags=”R”, seq=1001, ack=0, window=0xffff)
send(ip/RST)

Once I’m done typing this up in nano, I save it as a .py file and chmod it to allow execution. That’s it ‚Äď the attack is ready:

scapy python tool

The iptables outbound rule is set, and the script is ready to execute. Let it fly:

scapy python tool

That’s it; not very climactic on this end. But, let’s take a look at the receiving end.¬†Click Next for remaining process.

Scapy Python Tool for Fabricating Handshake

scapy python tool

Voila! The OS fingerprinter is convinced that the packets were sent by an iOS device. When we scroll down, we can see the actual HTTP request with the¬†user agent data. At this point, the NAC allows access and we can go back to doing our usual business. Don’t forget to open up iptables:

# iptables -F

So what happened here, exactly? Let’s break it down:

CPIPADDRESS="192.168.108.215"
SOURCEP=random.randint(1024,65535)

We’re declaring a variable for the captive portal IP address and the source port. The source port is a random integer between 1024 and 65535 so that an ephemeral port is used:

ip=IP(dst=CPIPADDRESS, flags=”DF”, ttl=64)
tcpopt=[(“MSS”,1460), (“NOP”,None), (“WScale”,2), (“NOP”,None), (“NOP”,None), (“Timestamp”,(123,0)), (“SAckOK”,””), (“EOL”,None)]
SYN=TCP(sport=SOURCEP, dport=80, flags=”S”, seq=1000, window=0xffff, options=tcpopt)
SYNACK=sr1(ip/SYN)

Now we’re defining the layers of the packets we will send.¬†ip is the IP layer of our packet with our captive portal as the destination, a don’t-fragment flag set, and a TTL of 64. Now, when Scapy¬†Python Tool is ready to send this particular packet, we’ll simply reference ip.

We define tcpopt¬†with the TCP options we’ll be using. This is the meat and potatoes of the OS signature, so this is based on our signature research.

Next we declare SYN, which is the TCP layer of our packet, defining our randomly chosen ephemeral port, the destination port 80, the SYN flag set, a sequence number, and a window size (also part of the signature). We set the TCP options with our just-defined tcpopt.

Then, we send the SYN request with sr1. However, sr1 means send a packet, and record 1 reply. The reply is then stored as SYNACK:

ACK=TCP(sport=SOURCEP, dport=80, flags=”A”, seq=SYNACK.ack+1, ack=SYNACK.seq+1, window=0xffff)send(ip/ACK)

We sent a SYN packet with sr1, which told Scapy¬†Python Tool to record the reply ‚Äď in other words, record the SYN-ACK that comes back from the server. That packet is now stored as SYNACK. So, now we’re constructing the third part of the handshake, our ACK. We use the same port information and switch the flag accordingly, and we take the sequence number from the SYN-ACK and increment it by one. Since we’re just acknowledging the SYN-ACK and thus completing the handshake, we only send this packet without needing a reply, so we use the send command instead of sr1:

request=”GET / HTTP/1.1\r\nHost: ” + CPIPADDRESS + “\rMozilla/5.0 (iPad; CPU OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13F69 Safari/601.1 \r\n\r\n”PUSH=TCP(sport=SOURCEP, dport=80, flags=”PA”, seq=1001, ack=0, window=0xffff)send(ip/PUSH/request)

Now that the TCP session is established, we craft our GET request for the HTTP server. We’re constructing the payload and storing it as request. Note the use of Python syntax to concatenate the target IP address and create returns and new lines. We construct the TCP layer with the PSH + ACK flag and an incremented¬†sequence number. Finally, another send command to send the packet using the same IP layer, the newly defined TCP layer called PUSH, and the HTTP payload as request:

ST=TCP(sport=SOURCEP, dport=80, flags=”R”, seq=1001, ack=0, window=0xffff)
send(ip/RST)

Final Words

Finally, we tidy up, having completed our duty. We build a RST packet to tear down the TCP connection we just established, and send it with the send command. That’s it friends you can read my other articles about security like capturing passwords on Network¬†Bypass MAC Filtering and Locating someone online. Thanks for your time.

The post Scapy Python Tool for Fabricating Handshake Method appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/scapy-python-tool-fabricating-handshake/feed/ 0
Capture Windows Passwords on Network Pentester Guide https://myhackstuff.com/capture-windows-passwords/ https://myhackstuff.com/capture-windows-passwords/#respond Tue, 04 Sep 2018 19:01:58 +0000 https://myhackstuff.com/?p=1157 Capture Windows Passwords Guide We are going to discuss how to capture windows passwords. In the Kali Linux world, there is more than one way to set up an SMB listener (to capture windows passwords), but now’s a good time to bring out the framework that needs no introduction: Metasploit. The Metasploit Framework will play […]

The post Capture Windows Passwords on Network Pentester Guide appeared first on My Hack Stuff.

]]>
Capture Windows Passwords Guide

We are going to discuss how to capture windows passwords. In the Kali Linux world, there is more than one way to set up an SMB listener (to capture windows passwords), but now’s a good time to bring out the framework that needs no introduction: Metasploit. The Metasploit Framework will play a major role in attacks throughout the book, but here we’ll simply set up a quick and easy way for any Windows box on the network to attempt a file- sharing connection.

We start up the Metasploit console with:

# msfconsole

The Metasploit Framework comes with¬†auxiliary modules ‚Ästthey aren’t exploiters with payloads designed to get you shell, but they are wonderful sidekicks on a pen test as they can perform things such as fuzzing or, in our case here, server authentication captures. You can take the output from here and pass it right along to a cracker or to an exploit module to progress in your attack. To get a feel for the auxiliary modules available to you, you can type this command in the MSF prompt:

show auxiliary

We’ll be using the SMB capture auxiliary module. Before we configure the listener, let’s consider a real world pen test scenario where this attack can be particularly useful.

A real-world pentest scenario to capture windows passwords

You have physical access to a facility by looking the part: suit, tie, and a fake ID badge.  Walking around the office, you notice a multifunction printer and scanner. During the course of the day, you see employees walk up to the device with papers in hand, punch something into the user interface, scan the documents, and then walk back to their desks.  What is likely happening here is that the scanner is taking the images and storing them in a file share so that the user can access them from his or her computer.

In order to do this, the printer must authenticate to the file share. Printers are often left with default administrator credentials, allowing us to change the configuration. The accounts used are often domain administrators, or at the very least, have permissions to access highly sensitive data. How you modify the printer’s settings will depend on the specific model. Searching online for the user guide to the specific model is a no-brainer.

The idea is to temporarily change the destination share to the UNC path of your Kali box. When I did this, I kept a close eye on the screen; once I captured authentication attempts, I changed the settings back as quickly as I could to minimize any suspicion. The user’s documents never make it to the file share; if it only happens once, they’ll likely assume a temporary glitch and think nothing of it. But if multiple users are finding they consistently can’t get documents onto the share, IT will be called.

Configuring our SMB listener

We have the MSF console up and running, so let’s set up our SMB listener. We run this command at the MSF prompt:

use server/capture/smb

As with any Metasploit module, we can review the options available in this SMB capture module by commanding:

show options

The following screenshot illustrates the output of the preceding command:

Capture Windows Passwords

Let’s take a look at these settings in more detail to capture windows passwords:

  • CAINPWFILE¬†defines where captured hashes will be stored, but in the cain format. Cain (the powerful sniffing and cracking suite mentioned earlier, written for Windows) will capture hashes as it does its job, and then you have the option to save the data for later (capture windows passwords). The file that’s created puts the hashes in a format cain recognizes. You can point cain to the file that’s created here, using this flag. We aren’t using cain, so we leave this blank.
  • CHALLENGE¬†defines the server challenge that is sent at the start of the authentication process. You’ll recall that hashes captured off the network are not naked hashes like you’d find in the SAM, as they’re password equivalents. They are encrypted as part of a challenge-response mechanism. What this means for us is we need to crack the captured hash with the same challenge, a number that’s normally randomly generated ‚Äď so we define it, making it a known value. Why 1122334455667788? This is simply a common default in password crackers.¬† The only key factor here is that we can predict the challenge, so, in theory, you can make this number whatever you want. I’m leaving it as the default so I don’t have to toy around with cracker configuration later, but something to consider is whether a sneaky admin would notice predictable challenges being used. Seeing a server challenge of 1122334455667788 during SMB authentication is a dead giveaway that you’re playing shenanigans on the network.
  • JOHNPWFILE¬†is the same setting as CAINPWFILE, but for John the Ripper. I know what the 19th-century British historian in you is saying: His name
  • was Jack the Ripper. I’m referring to the password cracker, usually called John for short. We will be exploring John later, as it is probably the most popular cracker out there.¬† For now, I’ll define something here, as the John format is fairly universal and it will make my cracking job easier.
  • SRVHOST defines the IP address of the listening host. It has to point at your attacking box. The default of 0.0.0.0 should be fine for most cases, but this can be helpful to define when we are attached via multiple interfaces with different assignments.
  • SRVPORT defines the local listening port, and as you can imagine, we’d only change this in special situations. This should usually stay at the default of 445 (SMB over IP).

The challenge/response process described here is NTLMv1. NTLMv2 has the added element of a client-side challenge. Crackers are aware of this and our SMB capture module will show you the client challenge when it captures an authentication attempt.

Final Steps to Capture Windows Passwords

Let’s define SRVHOST to the IP address assigned to our interface.

  1. I’ll run ifconfig and grep out inet to see my IP address
  2. Using the set command, we define SRVHOST with our IP
  3. Even though this isn’t technically an exploit, we use the same command to fire off our module

Capture Windows Passwords

And that is it to capture windows passwords. It runs in the background so you can keep working. The listener is running and all you need is to point a target at your IP address.

Check out the HTTP method for capturing NTLM authentication. Follow the same steps, except issue the following command at the MSF console prompt instead:  use auxiliary/server/capture/http_ntlm. This will create an HTTP link so the user will authenticate within their browser, which is potentially useful in certain social engineering scenarios. You can even SSL encrypt the session.

We have a hit! The screen lights up with the captured authentication attempts (capture windows passwords):

Capture Windows Passwords

We can open up our John capture file in nano to see the output formatted for cracking. This attack worked, but there’s one nagging problem with it: we had to trick the device into trying to authenticate with our Kali machine. With the printer, we had to modify its configuration, and a successful attack means lost data for the unsuspecting user, requiring our timing to be impeccable if we want the anomaly to be ignored.

Learn How to bypass Mac Filtering. Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, WordPress website using WPSeku from My Hack Stuff.

The post Capture Windows Passwords on Network Pentester Guide appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/capture-windows-passwords/feed/ 0
Updated VIP IPTV Channels List (Beginners Guide) https://myhackstuff.com/updated-vip-iptv-channels-list-beginners-guide/ https://myhackstuff.com/updated-vip-iptv-channels-list-beginners-guide/#respond Sat, 18 Aug 2018 07:30:15 +0000 https://myhackstuff.com/?p=1146 Introduction In this knowledge base article we‚Äôll discuss Updated VIP IPTV Channels List. First of all we should have some knowledge what IPTV channels are? Answer is that these are Internet Protocol television (IPTV) the delivery of television content over Internet Protocol (IP) networks. This is in contrast to delivery through traditional terrestrial, satellite, and […]

The post Updated VIP IPTV Channels List (Beginners Guide) appeared first on My Hack Stuff.

]]>
Introduction

In this knowledge base article we’ll discuss Updated VIP IPTV Channels List. First of all we should have some knowledge what IPTV channels are? Answer is that these are Internet Protocol television (IPTV) the delivery of television content over Internet Protocol (IP) networks. This is in contrast to delivery through traditional terrestrial, satellite, and cable television formats.

Is Netflix an IPTV?

Essentially, IPTV is a formally ordered subscription-based digital TV tune-up accessible to customers from ISPs. IPTV has a lot of similarities to the OTT content streams consumers enjoy from companies like Hulu and Netflix. In both cases, the content is delivered via the Internet and streamed on demand.

What does IPTV stand for on a TV?

IPTV stands for¬†Internet Protocol TV‚ÄĒbut what does “Internet Protocol” mean? It’s the essence of how the Internet works. Send an email to a friend or download a web page and the information you set in motion doesn’t travel in one big lump, as you might expect.

What is a m3u file used for?

M3U¬†(MP3 URL or Moving Picture Experts Group Audio Layer 3 Uniform Resource Locator in full) is a computer¬†file¬†format for a multimedia playlist. … Although originally designed for audio¬†files, such as MP3, it is commonly used to point media players to audio and video sources, including online sources.

What is a WPL or m3u file?

The main difference between¬†WPL and M3U¬†is the principal application that uses them.¬†WPL¬†was created for and is used by Microsoft’s Windows Media Player. It is the default file¬†format¬†and all playlists you create with WMP uses¬†WPL. On the other hand,¬†M3U¬†began with Winamp; a very popular and free music player.

What will play an Xspf file?

XSPF is a file format for sharing the kind of playlist that can be played on a personal computer or portable device. In the same way that any user on any computer can open any Web page, XSPF is intended to provide portability for playlists.

Can VLC play m3u8?

m3u8 files are m3u files encoded in utf8. m3u files are a text based playlist format. You can open the file with any text editor and see that it contains a list with files to be played. if you open the file with vlc, it has to download every single video before playing it. Click next if you want to read complete guide about how to use IPTV with VLC (Windows 7 and 10 Guide).

BT Sports HD and SD Channels List

How to use IPTV with VLC (Windows 7 and 10 Guide)

VLC is one of greatest media players if you want to stream Live TV from your PC and Laptop. You simply need an M3U format channel list to run it with this media player.

There are two different ways to use IPTV with VLC. Download and follow the step to install VLC Media Player

The first method

Upload file m3u. With this method please make sure you downloaded your M3U list. If you don’t have M3U list you can ask for it. After that, follow this guide step by step:

Step 1: Open up VLC Media Player

Step 2: Simply Drag & Drop the downloaded m3u file with your VLC or open it via Media > Open File > “Choose your .m3u file

Updated VIP IPTV Channels List

Now, you should be able to watch IPTV with VLC media player.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, WordPress website using WPSeku from My Hack Stuff.

 

The post Updated VIP IPTV Channels List (Beginners Guide) appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/updated-vip-iptv-channels-list-beginners-guide/feed/ 0
Bypass MAC filtering ‚Äď the physical assessor https://myhackstuff.com/bypass-mac-filtering-the-physical-assessor/ https://myhackstuff.com/bypass-mac-filtering-the-physical-assessor/#respond Sat, 18 Aug 2018 07:26:44 +0000 https://myhackstuff.com/?p=1140 Introduction In this article we are going to discuss about how to bypass MAC filtering. An attacker needs to be aware of methods for remote compromise: attacking the VPN, wireless infiltration from a distance using high-gain antennas, and so forth. However, the pen tester can never forget the big picture.¬†This is a field where it’s […]

The post Bypass MAC filtering ‚Äď the physical assessor appeared first on My Hack Stuff.

]]>
Introduction

In this article we are going to discuss about how to bypass MAC filtering. An attacker needs to be aware of methods for remote compromise: attacking the VPN, wireless infiltration from a distance using high-gain antennas, and so forth. However, the pen tester can never forget the big picture.¬†This is a field where it’s very easy to get caught up in the highly specific technical details and miss the human element of security design.

There’s a design flaw concept that pen testers like to call the candy bar model. This simply refers to a network that is tough and crunchy on the outside, but gooey on the inside. In other words, it’s a model that emphasizes the threats of the outside world when designing the security architecture, while assuming that someone who is physically inside company facilities has been vetted and is therefore trusted. The mindset here dates back many years; in the earliest days of what became the internet, the physical access points to the network were inside highly secure facilities. Packets coming in over the network were safely assumed to be from a secure environment and sent by an authorized individual. In today’s world, a packet hitting the border of a company’s network could be from an authorized individual on a business trip, or it could be from a clever teenager in Thailand eager to try out some newly learned tricks.

The candy bar model will come up in later chapters when we discuss other network attacks. Once you crack that outer shell, you’ll often find that the path forward seems paved especially for you‚ÄĒand a successful compromise will inform your client of the devastating consequences of this mistaken assumption.

How you social engineer your target is a subject for another book altogether, but for the purposes of this discussion, let’s assume that you have physical access to network drops. Not all physical access is the same, though: if you convinced your target to hire you as a full-time employee, then you’ll have constant physical access. They’ll even hand you a computer. However, what’s more likely is that you’ve exploited a small gap in their physical security stance, and your presence can be undetected or tolerated for only a short period of time. You’ve snuck in through the smoker’s door

after striking up some conversation with an unwitting employee; you’ve been given permission to walk around for an hour with a convincing-looking contractor uniform and clipboard; or (my personal favorite) you’ve earned trust and affection by bringing in a big box of doughnuts for the people expecting an auditor’s visit based on a well-scripted phone call. We’ll demonstrate how to set up a Kali box to function as a rogue wireless access point while impersonating the MAC address of a VoIP phone.

Configuring a Kali wireless access point to bypass MAC filtering

You’ve found an unoccupied cubicle with an empty desk and a generic IP Phone. The phone is plugged in and working, so you know the network drop is active. We’ll drop our small laptop running Kali here and continue the attack from outside.

First, we’ve unplugged the IP Phone so that our bad guy can take the port. We’re going to clone the MAC address of the IP Phone on our Kali box’s Ethernet port. From the perspective of a simple MAC address

whitelisting methodology of NAC, this will look like the phone merely rebooted.

I use ifconfig to bring up the interface configuration. In my example, my Ethernet port interface is called eth0 and my wireless interface is called wlan0. I’ll note this for later, as I will need to configure the system to run an access point with DHCP and DNS on wlan0, while running NAT through to my eth0 interface. I can use ifconfig eth0 hw ether to change the physical address of the eth0 interface. I’ve sneaked a peek at the label on the back of the IP Phone ‚Äď the MAC address is AC:A0:16:23:D8:1A.

So, I bring the interface down for the change, bring it back up, then run ifconfig one more time to confirm the status of the interface with the new physical address:

Bypass MAC filtering

Two handy tools in the Kali repository are dnsmasq and hostapd:

  • dnsmasq is a lightweight network infrastructure utility. Completely free and written in C, this is a nifty tool for setting up a quick and dirty network on the fly, complete with DHCP and DNS forwarding. In our example, we’re using it as a DHCP and DNS service for the wireless clients who connect to our access point (which would be you and your colleagues, of course).
  • hostapd (host access point daemon) is, as the name implies, access point software for turning your ordinary wireless network interface into an access point and even an authentication server. You can confirm that whatever Wi-Fi card you’re using supports AP mode with this command:

# iw list |grep “Supported interface modes” -A 8

If you see AP¬†in the results, you’re good to go.¬†We use apt-get install hostapd dnsmasq¬†to grab the tools.

If you run into problems with apt-get (for instance, package not found), always review your repository’s sources.list file as a first step. Don’t add arbitrary sources to the sources.list file; this is a great way to break your Kali installation. Since the release of Kali 2016.1, the active repository for rolling users is this:¬†deb http://http.kali.org/kali kali-rolling main contrib non-free.

First, let’s configure dnsmasq. Open up /etc/dnsmasq.conf using the¬†nano¬†command:

Bypass MAC filtering

You can see that the configuration file has everything you need to know commented out; I strongly recommend you sit down with the readme¬†file to understand the full capability of this tool, especially so you can fine-tune your use for whatever you’re doing in the field.¬† Since this is a hands-on demonstration, I’m keeping it pretty simple:

  • I set my interface to wlan0, where the USB wireless card that will play the role of access point is located.
  • I set the DHCP range where new clients will be assigned IP addresses when they request an assignment. The format is [bottom address],[top address],[lease time]. The address range here is what would be assigned to new clients, so make
  • sure you don’t overlap with the gateway address. You’re the gateway!
  • DHCP options specification. This isn’t arbitrary‚ÄĒthese numbers are specified in RFC 2132 and subsequent RFCs, so there’s a lot of power here. For our purposes here, I’m setting the gateway with option 3 and DNS with option 6. In this case, they’re the same address as we would expect on a tiny LAN like this one. Note the address:¬†10.11.12.1. That’s the gateway that by definition, will be your wlan0 interface. You’ll define that address when you bring up the wireless interface just prior to firing up the access point.
  • I defined the upstream DNS server; I set it to Google 8.8.8.8, but you can use something different.
  • I did some logging, just in case we need it.

Hit Ctrl + X and confirm the file name to save it. Now, we’ll move on to the hostapd configuration. Open up /etc/hostapd/hostapd.conf using the¬†nano¬†command:

Bypass MAC filtering

Again, this is a tool with a lot of power, so check out the readme¬†file so you can fully appreciate everything it can do. You can create a rather sophisticated access point with this software, but we’ll just keep it simple for this example:

  • I set the interface to wlan0, of course.
  • I defined the wireless driver; this is nl80211, the interface between cfg80211 and user space, and it allows for management of the device.
  • ssid is our service set identifier ‚Äď our network’s name. I’m using NotABadGuy because I want to convince the world that I’m really a good guy, but of course, you’ll fine-tune this to your needs. There’s a bit of social engineering potential here to minimize suspicion on the part of those casually scanning the environment.
  • hw_mode is the 802.11 modulation standard; b, g, and¬†n are common.
  • I’ve defined the channel here, but you can configure it to pick the channel automatically based on surveying.
  • macaddr_acl is a Boolean flag to tell hostapd if we’re using a MAC-based access control list. You’ll have to decide if this is something you need for your purposes. In my example, I’ve configured encryption, and I like to use randomly generated MACs on my devices anyway, so I’d rather not deal with whitelisting MACs.
  • max_num_sta is one way to keep the population of wireless clients restricted‚ÄĒ this is the maximum number of clients that are allowed to join. I set mine as 1 here since I only expect myself to be joining, but you could omit this.
  • ignore_broadcast_ssid simply allows you to hide the network. What it really does is cause your AP to ignore probe request frames that don’t specify the SSID, so it will hide your network from active scans, but you should never consider a functional access point to be hidden. I want to see it in my example, so I set it to 0.
  • The remaining options allow me to configure WPA2 encryption.

Believe it or not, those are the basics for our quick and dirty access point to the physical network. Now, I’ll bring up the wlan0 interface and specify the gateway

address I defined earlier. Then I bring up dnsmasq and tell it to use my configuration file. We enable IP forwarding to tell Kali to act like a router with sysctl. We allow our traffic through and enable NAT functionality with iptables. Finally, we fire up hostapd with our configuration file.

We’ll be looking at iptables again, so don’t worry about the details here.¬†

When a wireless client connects to this network, they will have access to the corporate network via eth0; to a MAC filter, traffic coming from that port will appear to be coming from a Cisco IP Phone:

Bypass MAC filtering

The post Bypass MAC filtering ‚Äď the physical assessor appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/bypass-mac-filtering-the-physical-assessor/feed/ 0
Search Engines Common Threads https://myhackstuff.com/search-engines-common-threads/ https://myhackstuff.com/search-engines-common-threads/#respond Sat, 18 Aug 2018 07:21:42 +0000 https://myhackstuff.com/?p=1137 Introduction to Search Engines Common Threads In this article we are going to discuss some known Search Engines Common Threads. To keep their results relevant, all search engines need to understand the main subject of a website. You can help the search engines find your website by keeping in mind the three major factors they‚Äôre […]

The post Search Engines Common Threads appeared first on My Hack Stuff.

]]>
Introduction to Search Engines Common Threads

In this article we are going to discuss some known Search Engines Common Threads. To keep their results relevant, all search engines need to understand the main subject of a website. You can help the search engines find your website by keeping in mind the three major factors they’re looking for:

Content:

Content is the meat and bones of your website. It‚Äôs all the information your website contains, not just the words but also the Engagement Objects (the images, videos, audio, interactive technologies, and so on that make up the visual space). Your page‚Äôs relevancy increases based upon your perceived expertise. And expertise is based on useful, keyword‚Äźcontaining content. The spiders, the software the search engines use to read your website, also measure whether you have enough content that suggests you know what it is you‚Äôre talking about. A website with ten pages of content is going to rank lower than a website with ten thousand pages of content, assuming that they are equally relevant.

Popularity:

The Internet is a little like high school in that you are popular as long as a lot of people know you exist and are talking about you. Search engine spiders are looking for how many people are linking to your website, along with the number of outgoing links you have on your own site. Google really loves this factor.

Architecture:

If you walk into a grocery store and find everything stacked haphazardly on the shelves, it‚Äôs going to be harder to find things, and you might just give up and go to another store that‚Äôs better organized. Spiders do the same thing. As we mention in Chapter¬†1 of this minibook, search engines love Wikipedia because of how it‚Äôs built. It‚Äôs full of searchable text, Alt attribute text, and keyword‚Äźcontaining hyperlinks that support terms used on the page. You also have some control over two variables that search engines are looking at when they set the spiders on you. One is your site‚Äôs response time, which is how fast your server is and how long it takes to load a page.

If you’re on a server that loads one page per second, the bots request pages at a very slow rate. A second seems fast to us, but it’s an eternity for a bot that wants five to seven pages per second. If the server can’t handle one page per second, imagine how long it would take the bots to go through 10,000 pages. In order not to crash the server, spiders request fewer pages; this puts a slow site at a disadvantage to sites with faster load times. Chances are bots will index sites on a fast server more frequently and thoroughly than sites on a slow server. Page speed has become very important to Google in particular and so deserves some attention.

The second variable is somewhat contested. Some SEOs believe that your rank could be affected by something called bounce rate, which measures how often someone clicks on a page and immediately hits the Back button. The search engines can detect when a user clicks on a result and then clicks on another result in a short time. If a website constantly has people loading the first page for only a few seconds before hitting the Back button to return to the search results, it’s a good bet that the website is probably not very satisfying.

Remember, engines strive for relevancy and user experience in their results, so they most likely consider bounce rate when they’re determining rankings. So if all search engines are looking at these things, does it matter if you’re looking at Bing versus Google versus Yahoo? Yes, it does, because all search engines evaluate subject relevance differently. The big players have their own algorithms that measure things in a different way than their competition.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, WordPress website using WPSeku from My Hack Stuff.

 

The post Search Engines Common Threads appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/search-engines-common-threads/feed/ 0
How to access Webcams around the World? https://myhackstuff.com/how-to-access-webcams-around-world/ https://myhackstuff.com/how-to-access-webcams-around-world/#respond Sat, 18 Aug 2018 07:18:55 +0000 https://myhackstuff.com/?p=1134 Beginners Guide to access Webcams around the World There are many sites offering free access webcams around the world. The following are the most popular ones: World Web Cam Search : This displays available webcams from around the world using Google Maps. Earth Cam : This is a live streaming webcam from different places around […]

The post How to access Webcams around the World? appeared first on My Hack Stuff.

]]>
Beginners Guide to access Webcams around the World

There are many sites offering free access webcams around the world. The following are the most popular ones:

World Web Cam Search : This displays available webcams from around the world using Google Maps.

Earth Cam : This is a live streaming webcam from different places around the globe. Another great way to access webcams around the world.

Fisgonia : This is a visual representation of a webcam‚ÄĒusing Google Maps‚ÄĒfrom different locations around the globe. You can filter the cameras according to different categories such as airports, train stations, animals, traffic, universities, and so on, and you can specify the country using Google Maps.

World Cam : This lists webcams in different places globally and offers information about the location such as their location on maps and weather information about the target area. Another great way to access webcams around the world.

UM Weather : This lists hundreds of weather cameras across North America.

Opentopia : This lists publicly accessible webcams from different places around the world.

Mila : This is a live webcam from Iceland. Another great way to access webcams around the world.

Package Tracking

Package tracking is useful to track shipments across the entire world. If your OSINT work requires investigating a package sent via land or air, you can use the following links to find more information about it:

After Ship : This tracks couriers worldwide. Just enter the package number, and it will automatically detect the courier company.

Tracking EX : This tracks 235 couriers.

17 Track : This is a package-tracking service.

Package trackr : This tracks global couriers and visualizes the delivery path with Google Maps.

Boxoh : This is a package-tracking service for USPS, UPS, FedEx, and DHL/AirBorne.

Canada Post : This tracks packages in Canada.

Royal Mail : This tracks royal mail delivery.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, WordPress website using WPSeku from My Hack Stuff.

The post How to access Webcams around the World? appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/how-to-access-webcams-around-world/feed/ 0
Username, E-mail Search and Investigation https://myhackstuff.com/username-e-mail-search-and-investigation/ https://myhackstuff.com/username-e-mail-search-and-investigation/#respond Sat, 18 Aug 2018 07:16:04 +0000 https://myhackstuff.com/?p=1131 Beginners Guide to perform Username, E-mail Search and¬†Investigation In this article we‚Äôll discuss how to perform Username, E-mail Search and¬†Investigation. You can check specific usernames to see where they are being used (e.g., social media sites) or to know whether a particular username really exists. Check User Name : Check the use of a specific […]

The post Username, E-mail Search and Investigation appeared first on My Hack Stuff.

]]>
Beginners Guide to perform Username, E-mail Search and Investigation

In this article we’ll discuss how to perform Username, E-mail Search and Investigation.

You can check specific usernames to see where they are being used (e.g., social media sites) or to know whether a particular username really exists.

  1. Check User Name : Check the use of a specific username on 160 social networks. This is useful to discover target social media accounts to see if they are using the same username on multiple platforms.
  2. Namechk : Check to see whether a specified username is used for major domain names and social media sites.
  3. Namecheckr : Check a domain and social username availability across multiple networks.
  4. User Search : Scan 45 popular social media websites.

Free services can help you to locate people according to their associated e-mail address. E-mail validation services check whether an e-mail address exists and gives other detailed technical information about it.

  1. E-mail Dossier : This site gives detailed technical validation reports about e-mails.
  2. Emailhippo : Free Email address verification service.
  3. Hunter : This website offers free Email address verification service/100 email per month.
  4. E-mail Checker : You can use this site to verify whether an e-mail address is real.
  5. Mail Tester : This site offers e-mail address verification.
  6. Byte Plant E-mail Validator : You can validate e-mail addresses in bulk.
  7. E-mail Format : Find the e-mail address formats in use at thousands of companies.
  8. E-mail Permutator+ : This is a free e-mail permutator service.
  9. com: Provide e-mail address patterns for more than 1,000 companies.
  10. Scam Dex : This is a huge archive of scam e-mails.
  11. E-mail Header Analysis : Get detailed technical information extracted from e-mail headers. This includes the sender IP address, e-mail, and sender ISP in addition to geographical information. To use this service, you need to copy the e-mail header and paste it into the E-mail Header Analysis engine and click ‚ÄúSubmit header for analysis.‚ÄĚ See the following note to learn how to extract the Gmail message header.

Follow these steps to extract e-mail headers from Gmail:

  1. Open the target e-mail.
  2. Click the down arrow located next to the Reply button and select ‚ÄúShow original‚ÄĚ

Data Compromised Repository Websites

These sites hold a list of websites that have suffered from a data breach in the past. When a site suffers from a data breach, registered user details especially usernames and passwords usually get revealed to the public. Many people have a bad practice of using the same password for more than one account (e.g., using the same password for Facebook and for an e-mail account), so knowing one password may grant access to other social accounts/services belonging to the same user.

The following sites are popular websites that list information from a data breach; you can use them to gain intelligence about any target online:

Have I been Pwned : This site lists half a billion real-world passwords previously exposed in data breaches. You can also download the Pwned Passwords list, which contains additional data about each breached account (such as the number of times that password had been seen in the source data breaches). This site can be searched using a target e-mail address or the password itself to see whether it appears in plain text on any public password dump list. This is a recommended site.

Breach Alarm : Enter your e-mail address to see whether your associated online account passwords have been exposed in a previous data breach. Results will get sent to the specified e-mail address.

Global Cyber Vandalism Statistics : This site holds information about the most active website hackers, most active hacker groups, recently hacked government and academic websites, recently reported hacked websites, and reported defacements on hold (not verified).

Hacked E-mails : Check anonymously whether your e-mail has been compromised in a previous data breach.

 

 

Phone Number Search

A reverse phone lookup service is useful to find out who is behind a specific phone number. Some services also specify the carrier name and type in addition to phone number type. The following are some phone lookup services:

Z lookup : This is a site that does international reverse phone lookups including cell phones.

Reverse Phone Lookup : This site traces a telephone back to its owner for free.

Inter800 : Search for phone numbers within the United States.

Twilio : Identify phone number formats, find caller names, find caller types (business or personal), identify phone number carrier, and check phone number type (landline, VoIP, or mobile).

Spy Dialer : This is a reverse phone lookup for cell phones and landlines.

Who calld : This is a reverse phone lookup service for international numbers.

Info Bel : Search for the phone number of a person or company anywhere in the world.

Fone Finder : Search for U.S./Canadian telephone numbers.

True Caller : This is an international reverse phone number lookup.

Free Carrier Lookup : This is a carrier lookup service.

Phone Lookup : This is a reverse phone number lookup service.

You cannot get reverse phone lookup for mobile phones easily for free; however, there are many paid websites that offer such services.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, WordPress website using WPSeku from My Hack Stuff.

The post Username, E-mail Search and Investigation appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/username-e-mail-search-and-investigation/feed/ 0
How to Locate Someone Online? https://myhackstuff.com/how-to-locate-someone-online/ https://myhackstuff.com/how-to-locate-someone-online/#respond Sat, 18 Aug 2018 07:11:01 +0000 https://myhackstuff.com/?p=1128 Locate Someone Online Techniques Introduction In this article we are going to discuss about how to locate someone online? There are various techniques to locate someone online. Following are the most popular sites used to locate information about people online. TruthFinder: Popular site to locate someone online TruthFinder is one of the most popular people […]

The post How to Locate Someone Online? appeared first on My Hack Stuff.

]]>
Locate Someone Online Techniques Introduction

In this article we are going to discuss about how to locate someone online? There are various techniques to locate someone online. Following are the most popular sites used to locate information about people online.

TruthFinder: Popular site to locate someone online

TruthFinder is one of the most popular people search engines; it is a public search record that gives instant access to a wide set of personal information about anyone living in the United States. TruthFinder has a huge database of social media profiles, address history, contact information, public records (federal, country, and state data sources), and other commercial sources. You can search using the target’s first and/or last name in addition to the city/state where the target lives or lived before. TruthFinder scans the deep web of Internet resources to fetch results from places that conventional search engines cannot operate; it also searches the dark web for exposed personal information, providing a great service for anyone who may suspect that their personal details have been sold on the dark web (it offers a free dark web monitoring service for its registered members). A valid search in TruthFinder will produce a report with detailed information about the target such as birth and death records, property records, criminal records, education history, work history, location history, social media and dating profiles, relatives’ names, family members, contact information, and more.

411 : Another site to locate someone online

On 411 you can search for people within the United States. Search parameters include the full name, location, reverse phone lookup, e-mail, and business. The free account returns basic information such as location, contact information, and possible relatives; however, the paid subscription returns in-depth results.

Pipl : A popular site to locate someone online

Pipl is another popular way to locate someone online and people search engine that covers the entire world. It allows you to search for people using their e-mail address, phone number, or social username. Pipl collaborates with other people search engine services to return comprehensive results. These services can be accessed by clicking the sponsored links that appear on your search result page. The current associates are Peoplelooker.com, Archives.com, and Spokeo.com. These services charge fees for giving deeper details about the person of interest.

These are other important people search engines that you should consider during your search:

Spokeo : This is a commercial people search engine that gives detailed reports about any target.

TruePeopleSearch : You can search by target name, reverse phone, and reverse address. The service is free and shows the contact information (phone and e-mail) in addition to current and previous addresses.

US Search : This gives basic information about the person of interest such as address, relatives, work, and age. To unlock the full profile, you need to pay for a premium subscription. The service is limited to the United States only.

Peek You : This is another popular way to locate someone online, aggregates information from social media profiles, news sources, blogs, and other public databases. To unlock the full details, you need to pay.

Zaba Search : You can find people in the United States using a name or phone number. The service is free, and you can register using your Facebook account for free to get the benefits of the premium service and another popular way to locate someone online

White Pages : You can search for people within the United States using their name, phone number, business, or address. The White Pages database includes more than 500 million people. The free subscription account gives the following information about the person of interest: landline numbers, current and previous residences, relatives, and associates.

Been Verified : You can search for people within the United States using their name, phone, e-mail, or mailing address. The basic report gives general information about the subject, while the commercial subscription gives a detailed report about anyone, including criminal records (where available) and property tax records. This service is popular in the United States and used by millions each year.

Address Search : You can search for someone’s e-mail or mailing address using a name and location. The service is limited to the United States.

Lullar : You can search social media websites using the target’s e-mail address or first and last names or username.

Yasni : You can search for people based on their work history.

My Life : This is another popular way to locate someone online shows the reputation score of any target based on the information gathered from government, social, and other sources, plus personal reviews written by others. To unlock the full report, you need to register and pay for the service.

Snoop Station : You can search for people using their full name and location. This is a commercial service.

Advanced Background Check : You can give basic details about the target such as mailing address, phone, and e-mail; to unlock the full details, you need to pay.

Family Tree Now : Discover your family tree by searching with first and last names and city/state. This is a free service.

Radaris : This is another popular way to locate someone online and a public record deep search engine; it returns comprehensive information about a target. It also lists the online mentions about the target such as résumé, business records, publications, videos and images, social networking profile, and web references.

Profile Engine : This is is another popular way to locate someone online and a social network search engine.

Info Space : This is a metasearch engine that returns comprehensive results from different public data sources and other people search engine sites.

Cubib : You can search millions of online data records for free. Aggregated data is derived from people search, marketing data, property records, vehicle records, court records, patents, business registration, domain name registration, and White House visitation records.

Fast People Search : This is a reverse name, address, or phone lookup for free.

Speedy hunt : You can search for people in the United States and return a detailed report where available about them, which include arrest and sex offender records. You need to pay to use this service.

That’s Them : You can search for people using their name, address, phone, and e-mail for free.

Webmii : You can search for people and for their visibility score for free.

How Many of Me : You write the name, and the site will return the number of people in the United States who have your entered first and last names.

Genealogy : You can search family history records using the information originally posted in GenForum.

Sorted By Name : This is another popular way to locate someone online  and a list of links to genealogy details based on the first letter of the person’s surname mentioned on other websites.

Vital Records

A major portal for locating vital records within the United Sates is Vitalrec . This site tells you how to obtain vital records (birth certificates, death records, and marriage license information) from each state and territory in the United Sates. All you need to do is to select the person of interest’s state and then browse the available vital records links for that area. This should be your first place to search for vital records in the United Sates.

Please note that Vitalrec.com does not store any information in its database; it just offers links directly to each state’s page, and it mentions where and how to get state’s vital records. The international section  gives details on where to find such information in other countries.

Vital records are government records usually created by local authorities. They include birth and death records, marriage licenses, and divorce decrees. When searching for vital records, the returned result will usually come with the target’s personal details. For instance, a birth record will usually come with the parent’s full name, the child’s name, and the place where the event took place. The death record will come with the location where the person buried, a death certificate, and the name of the person who reported the event to the authorities.

Marriage records will hold the couple’s parents’ names and the place where the marriage was registered. Finally, the divorce record will hold information about the couple’s children’s names. Other related records such as ancestry records (offered by some databases) and the mailing address of the person of interest can also appear when searching in vital records.

Sorted by Birth Date : This site uses the Death Master File as of March 2014. The Death Master File is a database made publicly available by the US Social Security Administration since 1980, it contains personal information about people who had Social Security numbers and whose deaths were reported to Social Security Administration from 1962 to present.

DeathIndexes : This site holds a directory of links to websites with online death indexes categorized by state and country.

Family Search : This is a U.S. Social Security death index.

Find a Grave : You can find information about people, including their birth, death, and burial information, and it may include pictures, biographies, family information, and more. The site holds more than 170 million memorials in its database.

Deaths of U.S. citizens in foreign countries : This is a record of deaths overseas.

Obits Archive : You can search more than 53 million U.S. obituaries here.

U.S., Department of Veterans Affairs BIRLS Death File, 1850‚Äď2010 : This database contains birth and death records for more than 14 million veterans and VA beneficiaries who died between the years 1850 and 2010.

Melissa : This displays a list of people who have died in the last 24 months within the United States.

Deceased Online : This is the central database for U.K. burials and cremations.

National Records of Scotland : This includes links to births, deaths, and marriage government records in Scotland and selected countries like the United States and Canada.

Find My Past : You can search for vital records in the United Kingdom, Australia, New Zealand, the United States, Canada, and Ireland.

Forebears : International genealogical records are kept here. Select your country and record type to display related results.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, WordPress website using WPSeku from My Hack Stuff.

The post How to Locate Someone Online? appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/how-to-locate-someone-online/feed/ 0