Stay Anonymous with kali-anonsurf

Greetings all,

Its been a while since i actually wrote a tutorial. I have been lost in space but i think i am back now.

The tutorial i want to share today is in regards to a tool call “kali-anonsurf”, this is by far the best and easiest method to set your kali system to run all its services through Tor. And more importantly, the setup is fast and convenient.

Personally i happen to cross upon this while using “The Lazy Script” and found it to be really convenient. But for this tutorial, instead of using The Lazy Script, we shall manually install it.

Lets Begin:

1) Start up your kali and load up a terminal.

2) Type : git clone https://github.com/Und3rf10w/kali-anonsurf

3) Type : cd kali-anonsurf to make your way into the directory.

4) To begin installing, type : ./installer.sh

5) To launch kali-anonsurf , type : anonsurf

6) As you can see the switches are pretty straight foward. But lets go througt them.

7) To start your anonsurf, simply open a terminall and type : anonsurf start

8) In the event you would like to stop and restart your Anonsurf, simply type : anonsurf restart

9) If you feel the need to change your identity on your Tor network, simply type : anonsurf change

10)  To check if your Tor is set up successfully, type: anonsurf status

11) To check your new IP address, simply type : anonsurf myip

12)  To launch the i2p service, type : anonsurf starti2p

13) You will be presented the page shown below to adjust your settings.

14) And ofcourse to stop your i2p service, type : anonsurf stopi2p

15) Lets take a look at my current Tor enabled IP address.

16) 5 mins later, the IP successfully changes.

17)  As you can see, kali-anonsurf is successfully set up! Happy Anonymous Surfing!!

Hope that helps.

Regards,
The Messiah

Bruteforcing Instagram Accounts With InstaShell

Greetings all,

Today yet another tutorial on how to bruteforce an Instagram password, this time using a script called “InstaShell.Sh”.

Now before we begin, lets get into some scenario phases first.

a) If the target is someone you have not much information on, then i suggest using the two largest password list that can be found here.

Rockyou.txt

darkc0de.lst

If you would like to go through other already prepared wordlist, check this link out.

b) If the target is someone you know personally, then to prepare the password list, i suggest using cupp.py. You can refer to my video here.

c) Finally place the newly created password list in the instashell folder.

Lets Begin:

1) Open a terminal and type “git clone https://github.com/thelinuxchoice/instashell”

2) Upon downloading instashell, make your way into the folder by typing “cd instashell”

3) Next before we can install and use this script, we will need to make it executable. To do that, firstly type : chmod+x install.sh and next type : chmod +x instashell.sh

4) Type: ./install.sh to install.

4) Now before we begin running instashell, its best to turn on your tor service. If you do not already have tor installed, refer here.

5) For those with tor installed, type : service tor start

6) Type: ./instashell.sh

7) Type in target Instagram username.

8) Type in the name of the password list you placed in the instashell folder, or you could rename your password file to “passwords.lst” which is the default password list provided by instahack and just press enter at this stage.

9) Lastly choose the amount of threads, as shown 20 and below.

10) And finally press the magic button. “Enter”.

11) The bruteforcing has begun, you just got a sit back and cross your fingers that the password is in your list 🙂

Hope that helps.

*This is for educational purposes only.*

Regards,
The Messiah

 

Using WhatsApp Anonymously ( No Sim Card Required )

Greetings all,

Today a demonstration on how to use your Whatsapp Anonymously, we can even do this with just a wifi / without using a sim card. The purpose of this objective is to remain anonymous so that your whatsapp contacts will not know your real number.

Why would we want to remain anonymous? In my case i like my privacy.

Lets Begin:

1) Firstly make sure you have uninstall any previous Whatsapp on your phone.

2) Next i would like for you to go to Google Playstore on your device and download 2 apps.

a) TextNow – free text + calls

b) Fake GPS Location.

3) Now download a fresh version of Whatsapp onto your mobile and open it up.

4) Click on agree and continue.

5) This will send you the page that requires you to verify your number. Now this is where it begins. Ready?

6) Before i start i must clarify that Textnow is an app that works for American & Canadian numbers only. I am currently not in one of those regions, so that is where the use of the Fake GPS Location app will come into play.

7) Leave the Whatsapp number verification page alone and open up Fake GPS Location App.

8) I decided to be an American so i moved the cursor to the state of Texas and pressed on the play button on the bottom right.

9) As you can see below, my hp is currently faking the location of Texas. Perfect.

10) Open up TextNow App and click on the button that says ” Get a free phone number”.

11) You will then be required to create an account with TextNow. Sign up with any unused email if possible.

12) The next screen that pops up will require you to key in your area code. Since we faked Texas, i am going to google “Texas area codes”.
.
13) The following screen will provide you with a list of available numbers, if you dont like them, wait for 1 min and the numbers will refresh.

14) Select a number you desire and press continue.

15) Congratulation, you have a Texas, Houston number now. 🙂

16) Lets return to the Whatsapp number verification page we placed aside earlier, key in this your new found US area code & number.

17) Next on whatsapp, wait for the “sms verfication” to fail and then click on the “call me” option.

18) You will receive an automated call from whatsapp revealing your verification code number. Manually key it in and voila! You have a new Whatsapp account 🙂

19) Go to your Whatsapp settings and you will notice that you are successfully using an American line.

Hope that helps.

Regards,
The Messiah


“This is for educational purposes testing only”

Brute-forcing Instagram on your Android Device (No Root)

Good day to all!

In this tutorial i will do a demonstration on how to bruteforce the login credentials of an instagram account to test for the security level of a passwordw.

We will be using the tool instahack.

I will be using a samsung S8+ for this demonstration. Lets start.

1) Load up your android device.

2) Next click on your playstore app and search for “Termux” & install it.

3) Open Termux app and type: “pkg install git”.

4) To update available packages type: “pkg update”.

5) Lets install python by typing ” pkg install python”

5) We will need to download the tool we will be using for this bruteforce exercise. To download, on your terminal…type: “git clone https://github.com/avramit/instahack

6) Once the download is complete, type: “ls” to list the available folders/files in current directory.

7) As you can see you have a folder call “instahack”, now make your way into that folder by typing “cd instahack”.

8) Type: “ls” to list the available files.

9) Ok we are nearly there. Next lets install an editor so we can edit the password file. To install nano, type : “pkg install nano” .

10) Ok lets stop for a second. Now allow me to explain a few things for the beginners. As the article said , this is a bruteforce method. So whats a bruteforce method? A bruteforce method is when the target credentials are ran against a list of possible passwords. The only thing about bruteforcing is that you are responsible for the strength of your own password list. Meaning the probability of cracking the password depends on the strength of the wordlist and the amount of possible words we put in. This will take time to build or you can use cupp.py to custom make a wordlist.

11) Fine so lets edit our password list. In instahack directory, type: ls.

12) As you can see there is a file named pass.txt. This is the file that you will need to place all the possible passwords in.

13) To edit the pass.txt, we will be using the nano editor that we just installed. Type: “nano pass.txt”.

14) Below you will see a small list of passwords that comes with it by default, you can now add as many words as possible for it to run against the target. You could use cupp.py to custom build password lists.

15)When you are done , press alt x, yes, enter. For those using samsung s8+ like myself, the alt button is replaced on ur phone as the volume down button. Press on to the volume down button and press x at the same time.

16) And now for the final installation, type : “pip install requests”.

17) We are ready!! Lets run the script, type: “python hackinsta.py” .

18) You will first be asked for your target username.

19) Next you will be given an option to use a proxy or not. I wont be using any for this tutorial

20) And lastly u can set the intervals between tries. I have set mine to 6.

21) Once you have it all keyed in, press enter.

13) As you can see upon enter, instahack starts running the pass.txt against the target username. If the password is incorrect it will show incorrect, otherwise as shown below, it will show the correct login credentials.

So this is how i bruteforce IG on my android mobile. In my next tutorial i will show you how to make a custom wordlist specifically for your target. Happy Hacking.

Till then,
The Messiah

 

Turning my Xiaomi Redmi Note 5a into an elite hacking tool ( Step 1 : Unlocking Bootloader)

Greetings all,

In this tutorial i will demonstrate how to turn a Xiaomi Redmi Note5a into a walking hacking device. But to get there, in the first stage, we will first have to unlock the bootloader on a Xiaomi Redmi Note 5a.

This tutorial will guide you through the necessary steps required in unlocking the bootloader on a Xiaomi Redmi Note5a.

Step One : Unlocking Bootloader

Firstly the prerequisities :

a) A Xiaomi Redmi Note5a

b) Make sure that you have performed a full backup of your device to prevent data loss during unlock process.

c) Your phone battery should have at least 85% charge remaining.

d) Install Xiaomi USB Drivers on your computer. ( Locate the correct version for your phone)

e) Enable USB Debugging on your Xiaomi device.

 

Lets Begin:

1) In the first stage,  for those with a brand new phone, you will need to request for an unlocking permission from Xiaomi, to do that, click here.

2)  Upon clicking the link above you will be presented with the screen shown below. Click on the Unlock Now button.

3) On the next page you will have to log in to your MI Account.

4) Before we move into the next part, allow me to explain two possible outcomes for you guys. For those with a brand new Xiaomi,  as shown below, follow through carefully and fill up the necessary information required.

a)

b)

5) Once you have successfully made a request, be patient as the approval might take up to 10 days. You will be notified through SMS service on your mobile.

6) If your mobile already has been registered with the unlock dastabase or ; Once you get the approval, you will be led to the page shown below.

7) Click on “Download Mi Unlock” and save it to your download folder.

9) Extract the newly downloaded MiUnlock file.

 

 

 

 

 

 

 

 

 

 

 

 

 

10) Run the file “miflash_unlock.exe”

11) Click on the “Agree” button.

12) Sign in with your Mi Account.

13) As you can see the from the image shown below, your device is not yet connected, thuus the unlock button is defunct.

14) To reboot your device to fastboot mode, switch off your device and use (power on + volume down) button, to invoke the fastboot mode.

15) Using your USB wire, connect your device in fastboot mode to your  PC.

16) As you can see from the image shown below, it now shows device connected.

17) Go ahead and click on the Unlock button.

 

18) Congrats! You have successfully made it through the bootloader unlocking phase! In part 2 of this tutorial, we will proceed to root our Xiaomi device.

Regards,

TheMessiah

* This is for educational purposes only, any misuse of information will not be held liable by the author of this article*

Slowloris : Low bandwidth DoS tool

Hola mi hermanos!

Today an old tool that was and is still used by a lot of activist and hackers.

What it does is to send excessive packets to the target server…causing it to crash.

Ofcourse one attacker alone would not do, you will need a team of ddosers when using slowloris.

Lets begin:

1) Load up your terminal and type : git clone https://github.com/llaera/slowloris.pl.

2) Next lets move into the newly created folder, type cd slowloris.pl-master.

4) Lets go through the instructions, type : perl slowloris.pl -h.

5) As you can see the instructions are very basic.

6) Now lets try execute the program my own domain.

7) As you can see from the above image, it is sending mass packets to cause disruption to the target server.

8) Ofcourse this is worthless used alone. To see real results, you will need a team of ddoser to work at the same time on the same target as you.

Regards,
James Messiah