Hiring React.js developers for your tech project can be a tough job because it’s one of the most popular JavaScript frameworks in the world. Facebook, Uber, Airbnb, Netflix, PwC, Amazon, Twitter, Udemy, and nearly 9,000 others worldwide use it for web, desktop, and mobile apps. To hire React programmer, you need to challenge the competition, and as you can imagine, the talent pool isn’t infinite. In this article, we will show you where to hire React js developer for your business.

React js is popular, and it is here to stay

When the latest StackOverflow survey appeared, the statistics were more than clear: React js has conquered the category “Web Frameworks”. React is a high-performance JavaScript framework. Its simple, component-based architecture allows developers to be more productive and code faster. The framework’s minimal API is focused on solving performance issues, enabling lightning-fast rendering speeds with a small overall footprint.

Where to find React js developers for hire

There are many ways to hire React js developers. Some of them are cheaper, others – more efficient. After all, it all depends on the project size and the budget.

Job sites

You can hire React js developers from a job site. When hiring React developers, know that the job seekers who want to work in the office are often eligible to receive better benefits. However, this isn’t always the case when hiring remotely. Remote staff members typically don’t have access to company benefits like healthcare, which is why they’re typically less expensive to hire.

Freelance platforms

Freelance platforms provide a great way to find a large pool of React JS developers at a low cost. Freelancers might not have the same company loyalty as full-time employees, but most will be able to produce results that meet or exceed hiring a full-time employee. Finding a quality freelancer on any of these platforms takes time and effort — make sure you browse all of your options before hiring anyone! When you employ someone, remember they’re working for money — and if they think they’ll get more elsewhere, they’ll leave.

Hire React programmer for an outstaffing agency

Outstaffing agencies are the best of both worlds. They have all the resources of a full-fledge company while cutting down on other expenses that would take a toll on your budget. Their big talent pools, excellent management, and other resources help companies achieve their goals without breaking the bank.

Skills that you should look for when hiring React js developer

• Ability to work on other Javascript libraries — You have various options when hiring React developers, but what you want is someone with experience in the Javascript ecosystem. That way, they won’t need to spend time and energy learning all of the intricacies of your library — they can dive right in and start delivering value.
• In-depth knowledge of React Js framework — One of the must-haves for developers is understanding React js concepts. Using JSX, understanding the component lifecycle, and working with the virtual DOM are necessary skills that every good developer should have. These abilities will get you started quickly on your projects.
• Ability to write good code — React js developers who want to create polished products should be familiar with the Google JavaScript Style Guide so they can follow the correct standard. This will help keep code readable, consistent, and scalable on large projects.

While a React js developer might have the skillset to build a functional prototype, a good React js developer will be able to collect business requirements and turn them into a set of technical specs. Communication skills are important for this, as well as their ability to work in a team. In addition to creativity and the desire to learn, any success in this role will also depend on their problem-solving skills.

In conclusion

It is not an easy task to hire React programmer. Finding a great React js developer takes a lot of time and effort — but you don’t have to work with a remote freelancer or a company, or a person from a different part of the world. A trusted technology partner knows everyone in the development community, so they can help you find your ideal hire.

In our some previous articles we discussed about some penetration testing labs, like PentestLab , DVWA where we can practice and improve our attacking skills. In today’s article we are going to discuss about how to set SQLi lab on Kali Linux to test our SQL Injection skills. Advanced SQL Injection is still a major bug can be found on various sites. That because still learning and growing SQL Injection skills are profitable for cybersecurity experts and bug bounty hunters.

For this lab setup we are going to use SQLi_Edited, this is a upgraded fork of sqli-labs (Dhakkan Labs). Before cloning it from GitHub let we move to our /var/www/html directory, we are going to clone it there to make things easy.

cd /var/www/html

Here we need to clone the repository from GitHub by using following command:

sudo git clone https://github.com/Rinkish/Sqli_Edited_Version

In the following screenshot we can see that this repository is successfully cloned to the directory.

Now we can go inside this directory by using following command:

cd Sqli_Edited_Version

Here we use ls command to see all the files, as we can see in the following screenshot:

Here we can see the directory named “sqlilabs“, Now we move it on the previous directory and rename it for easy to open by applying following command:

sudo mv sqlilabs/ ../sqli

Then we back to our previous directory by using following command:

cd ..

We can see the process in the following screenshot:

Now we need to edit database credential file named “db-creds.inc“, which is located under “sqli/sql-connections/db-creds.inc” and put our user name and password for database. To edit it we are going to use infamous Linux text editor nano.

sudo nano sqli/sql-connections/db-creds.inc

In the following screenshot we can see the default configuration of it, where the database user is root and database password is blank.

Now we modify this as per our Kali Linux system user, here we are using user “kali” and we can also choose a password as we want, as shown in the following screenshot:

Now we save and close it by typing CTRL+X, then Y, then Enter ↲.

Now we need to setup our mySQL database for our Kali Linux system. MySQL comes preloaded with Kali Linux. We need to open up our MariaDB as root user by using following command:

sudo mysql -u root

Then we need to create our user with password, in our case our user will be ‘kali‘ and password will be ‘1234‘. So the command for us will be following:

CREATE USER 'kali'@'localhost' IDENTIFIED BY '1234';

Now our user is created as we can see in the following screenshot:

Now we need to grant all permission to user ‘kali‘ by using following command:

GRANT ALL PRIVILEGES ON *.* TO 'kali'@'localhost';

The screenshot of the above command is following:

Database setup is done, now we can exit from MariaDB by using CTRL+C keys and run following command to start our MySQL services:

sudo service mysql start

Our setup is almost complete now we need to run our apache2 server (comes pre-loaded with Kali). We start our Apache2 web server by using following command:

sudo service apache2 start

Now our web server is running, we can see it by navigating to localhost/sqli URL from our browser. Our SQL Injection lab will open in front of us as we can see in the following screenshot:

Here for the very first time we need to ‘Setup/reset database for labs’. After clicking there our database setup will start as we can see in the following screenshot:

Now a page will open up in our browser which is an indication that we can access different kinds of Sqli challenges, as we can see in the following screenshot:

Here we can solve various types of SQL injection challenges, by solving them our SQL Injection skill will be improved. For an example, to start the basic SQL Injection challenge we need to click on Lesson 1.

This is all for this article. We had learnt how we can set up SQL Injection labs on our Kali Linux system and practice our SQL Injection skills from basics to advance.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Hashcat is an advanced free (License: MIT) multi-threaded password recovery tool and it is world’s fastest password cracker and recovery utility, which supports multiple unique attack modes of attacks for more than 200 highly optimized hashing algorithms. Hashcat currently supports CPUs and GPUs and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking.

Hashcat comes pre-installed on our Kali Linux system, So we don’t need to install it, but if installation is required we can use sudo apt install hashcat command.

Features of Hashcat

• World’s fastest password cracker.
• World’s first and only in-kernel rule engine.
• Free and open source.
• Multi-OS (Linux, Windows and macOS).
• Multi-Platform (CPU, GPU, APU, etc., everything that comes with an OpenCL runtime).
• Multi-Hash (Cracking multiple hashes at the same time).
• Multi-Devices (Utilizing multiple devices in same system).
• Multi-Device-Types (Utilizing mixed device types in same system).
• Supports password candidate brain functionality.
• Supports distributed cracking networks (using overlay).
• Supports interactive pause / resume.
• Supports sessions.
• Supports restore.
• Supports reading password candidates from file and stdin.
• Supports hex-salt and hex-charset.
• Supports automatic performance tuning.
• Supports automatic keyspace ordering markov-chains.
• Built-in benchmarking system.
• Integrated thermal watchdog.
• 350+ Hash-types implemented with performance in mind.
• … and much more.

Hashcat offers multiple unique attack modes for cracking passwords. Those are following: 

• Brute-Force attack
• Combinator attack
• Dictionary attack
• Fingerprint attack
• Hybrid attack
• Mask attack
• Permutation attack
• Rule-based attack
• Table-Lookup attack
• Toggle-Case attack
• PRINCE attack

Now without wasting any more time lets dive into Hashcat.

Hashcat on Kali Linux

As we told Hashcat comes pre-installed with a Kali Linux and it is multi-threaded so first let we benchmark our system by using following command:

hashcat -b

In the following screenshot we can see the benchmark of our system and get an idea how it can perform while cracking various types of hashes.

Here we can get an idea about the performance of our system. Let’s run this tool to crack some hashes. Here we have collected some hashed on a text file. For educational purposes we just generated these hashed not collected from any website’s database.

Now we can crack these using Hashcat, and store the output in a craced.txt file by applying following command:

hashcat -m 0 -a 0 -o cracked.txt hashes.txt /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt

Let’s discuss about the above command, in this command we have used -m flag to specify the hash type, -a for attack mode and -o for output file, here we named our output file ‘cracked.txt’, then we give the target hash file to crack named ‘hashes.txt’, at last we specify the wordlist file to be used. In the following screenshot we can see that hashcat finishes the cracking job.

Let’s see our output file (cracked.txt).

In the above screenshot we can see that hashcat cracked the hashes. Here for the new readers, in this attack mode we can crack those password hashes if the plaintext of the hashes is available in the wordlist file. Using bigger wordlist file will increase the chance to crack hashes.

Hashcat & Type of Hashes & Attacks

In the above we saw that we need to specify our attack modes and type of hashes we want to crack. These attack modes and hashes are refereed by numbers. Here we are giving hashcat supported all numbers that referees to the attack modes and the type of hashes (as Sep 2021, update of Hashcat tool may include some new things).

Attack Types of Hashcat

  0 | Straight
  1 | Combination
  3 | Brute-force
  6 | Hybrid Wordlist + Mask
  7 | Hybrid Mask + Wordlist

Hash types in Hashcat

Hashcat supports so much types of hashes if we include all them here then this article will very lengthy. We encourage to use hashcat – h command on our Kali Linux system to get all the numbers corresponding to the hash type (Uff.. It’s really large ?).

Whenever we are trying to crack a hash we have to know the type of the hash. We can use hash-id tool to know the type of hash. Then we need to choose our attack type and wordlist. That’s all it’s not hard.

This is all about Hashcat, and how we can use Hashcat to crack passwords on our Kali Linux. Hashcat (#?) is really a very widely used tool for cracking passwords.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

What is Ngrok ?

Ngrok is a multi-platform application that provides us to forward our local development server to the internet without port forwarding. Ngrok hosts our locally hosted web server in to a subdomain of ngrok.com. That means we can easily show our localhost in the internet without owning domain names/static IP or port forwarding.

Ngrok is a very good tool for the developers to check and show the projects to the clients before launching the project. But as everything it also be misused by the bad guys. They always trying to host their localhost phishing page on Ngrok to capture victims on the internet. So as a cybersecurity expert we need to look up on this Ngrok.

Warning:- Learning is the most beneficial way to protect everyone in the cybersecurity field, so our this article will focus on educational things. Ngrok is like a knife, knife is created for helping people to cut vegetables, but bad guys misuse it. Same for Ngrok also, it is created to help developers but bad guys misuse it. So don’t try to misuse it against anyone. We will not responsible for that.

Download & Configure Ngrok on Kali Linux

To install Ngrok on our Kali Linux system we need to open our browser and navigate to the official Ngrok’s download page. Then we can see the webpage like the following screenshot:

Here we need to click on “Download for Linux”, because we are using Linux. For other OS we can go on the “More Options”. After clicking on download we can see that download is started.

After download the starting it may not take much time with decent internet. The ZIP file will be downloaded on our “Downloads” directory. We need to go to the “Downloads” directory and decompress the compressed file.

We open the terminal and use following command to go to our “Downloads” directory.

cd Downloads

Then we unzip the downloaded ZIP file by using following command:

unzip ngrok-stable*zip

In the following screenshot we can see that our zip compressed file is extracted.

Now our ngrok file is decompressed. Before running it we need to give it executable permission by using following command:

chmod +x ngrok

Now we are all set to run. But wait, we need to setup Ngrok before running. We need to set authentication with Ngrok API token. Where I can get my token? Well for that we need to sign up on Ngrok website. Lets navigate to Ngrok signup page on our browser.

Here we need to fill up our name and email and choose a password. If we want we can use disposable mail address to login and verify our mail address we don’t need to give our own mail address.

After verifying our mail address we can get the API token on the “Your Authentication” area on the sidebar, as we can see in the following screenshot:

In the above screenshot we can see our Ngrok authentication API key and the command to set it up. For security we had hided a part of our API keys. So we run the command with API key to set up the Ngrok.

./ngrok authtoken 1xyqb*****************25PTTHqMpHqB

In the above command again we hided our the same API key with *. In the following screenshot we can see the output of the command:

Now we are all set to run Ngrok. For an example we forward a locally hosted demo website to the internet.

Using Ngrok on Kali Linux

Ngrok’s work is simple it just host our local website to internet. So first we need a local website. Here we have a demo html page on our desktop, and we had opened it on Firefox browser.

But it is just a html page we need to host it locally. For that, we need to run a localhost server on our desktop. We open another terminal and go to the directory where our html page is stored. Then run python localhost server there to host the html page on our localhost by using following command:

sudo python3 -m http.server 80

In the following screenshot we can see that our local web server is started:

Now we can check it by opening our localhost IP on our browser 127.0.0.1. In the following screenshot we can see that page is now accessible by using our local host IP (127.0.0.1).

Now this is accessible from our computer by using localhost IP (127.0.0.1), and from devices on the same network by using our Local IP (IP assigned by router for our Kali Linux system). But it isn’t available for other network, because this web server isn’t hosted on internet.

Now we leave our web host terminal as it is, and back to our previous terminal window (where we setup Ngrok), and run the following command to run Ngrok:

./ngrok http 80

Here we run the Ngrok script on http with port number 80, because our localhost server is running on port 80. (If we can’t use the localhost port 80 then we can use other ports like 8080 or 8888, in that case we need to specify our that port on Ngrok).

After that we can see our Ngrok is started as we can see in the following screenshot:

In the above screenshot we can see our forwarding link. Using that forwarding link (in actual links both http and https) we can see our that page from our browser.

Not only from our browser we can access it from anywhere on the internet by the link provided by Ngrok.

We can see that page on our mobile which is connected to mobile data (not in our WiFi network). This link will be active until we don’t close the Ngrok tunnel, but in real life uses Ngrok can’t run this for a long time in their free plan. It can be a temporary solution.

This is how we can use Ngrok on Kali Linux, this is the solution for hosting our local website or web server on the internet. Here we don’t need a static IP address neither requires port forwarding.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Nmap comes pre-installed with Kali Linux. Not just Kali Linux Nmap comes pre-installed with every security focused operating system. We have already discussed how to use Nmap for active reconnaissance in our previous article “NMAP — The Network Mapper“.

But cybersecurity experts don’t just use Nmap for scanning ports and services running on the target system, Nmap also can be used for vulnerability assessment and much more using NSE (Nmap Scripting Engine).

The Nmap Scripting Engine (NSE) has revolutionized the possibilities of a port scanner by allowing users to write scripts that perform custom tasks using the host information collected by Nmap. As of September 2021, when we are writing this article, Nmap has over 600+ scripts on Nmap version 7.91.

Penetration testers uses Nmap’s most powerful and flexible features, which allows them to to write their own scripts and automate various tasks. NSE (Nmap Scripting Engine) was developed for following reasons:

• Network Discovery:- This is the primary purpose that most of the people utilize Nmap for network port discovery, which we had learned in our “Nmap – The Network Mapper” article.
• Classier version detection of a service:- There are tons of services with multiple version details for the same service, so Nmap makes it more easy to identify the service.
• Backdoor detection:- Some of the Nmap scripts are written to identify the pattern of backdoors. If there are any worms or malicious program infecting the network, it makes the attacker’s job easy to short down and focus on taking over the machine remotely.
• Vulnerability Scanning:- Pen testers also uses Nmap for exploitation in combination with other tools such as Metasploit or write a custom reverse shell code and combine Nmap’s capability with them for exploitation.

Before jumping in to finding vulnerabilities using Nmap we must need to update the database of scripts, so newer scripts will be added on our database. Then we are ready to scan for vulnerabilities with all Nmap scripts. To update the Nmap scripts database we need to apply following command on our terminal window:

sudo nmap --script-updatedb

In the following screenshot we can see that we have an updated Nmap scripts database.

Now we are ready to scan any target for vulnerabilities. Well we can use following command to run all vulnerability scanning scripts against a target.

nmap -sV --script vuln <target>

As we can see in the following screenshot:

When we are talking about Nmap Scripts then we need to know that, not only vulnerability scanning (vuln) there are lots of categories of Nmap scripts those are following:

• auth: This categorized scripts related to user authentication.
• broadcast: This is a very interesting category of scripts that use broadcast petitions to gather information. 
• brute: This category is for scripts that help conduct brute-force password auditing.
• default: This category is for scripts that are executed when a script scan is executed ( -sC ).
• discovery: This category is for scripts related to host and service discovery.
• dos: This category is for scripts related to denial of service attacks.
• exploit: This category is for scripts that exploit security vulnerabilities.
• external: This category is for scripts that depend on a third-party service. 
• fuzzer: This category is for Nmap scripts that are focused on fuzzing.
• intrusive: These scripts might crash system by generate lot of network noise, sysadmins considers it intrusive.
• malware: This category is for scripts related to malware detection.
• safe: This category is for scripts that are considered safe in all situations.
• version: This category is for NSE scripts that are used for advanced versioning.
• vuln: This category is for scripts related to security vulnerabilities.

So we can see that we can do various tasks using Nmap using Nmap Scripting Engine scripts. When we need to run all the scripts against single target we can use following command:

nmap -sV --script all <target>

In the following screenshot we can see that all scripts are using against one target, but here every script will run so it will consume good amount of time.

That is all for this article. We will back again with Nmap. Hope this article helps our fellow Kali Linux users. Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Identifying open ports on a target system is extremely important step to defining the attack surface of a target system. Open ports correspond to the networked services that are running on a system. Programming errors or implementation flaws can make these services susceptible to security and it also may cause compromise entire system. to work out the possible attack vectors, we must first enumerate the open ports on all of the remote systems.

These open ports correspond to services which will be addressed with either UDP or TCP traffic. Both TCP and UDP are transport protocols. Transmission Control Protocol (TCP) is that the more widely used of the 2 and provides connection-oriented communication. User Datagram Protocol (UDP) may be a non connection-oriented protocol that’s sometimes used with services that speed of transmission is more important than data integrity.

The penetration testing method used to determine these services is called port scanning. In our this article we are going to cover some basic theory about the port scanning then we can easily understand the work methodology of any port scanner tools.

UDP Port Scanning

Because TCP may be a more widely used transport layer protocol, services that operate over UDP are frequently forgotten. Despite the natural tendency to overlook UDP services, it’s absolutely critical that these services are enumerated to accumulate an entire understanding of the attack surface of any given target. UDP scanning can often be challenging, tedious, and time consuming. within the next article we’ll cover the way to perform a UDP port scan in Kali Linux. to know how these tools work, it’s important to know the 2 different approaches to UDP scanning which will be used.

In the first method, is to rely exclusively on ICMP port-unreachable responses. this sort of scanning relies on the idea that any UDP ports that aren’t related to a live service will return an ICMP port-unreachable response, and a scarcity of response is interpreted as a sign of a live service. While this approach are often effective in some circumstances, it also can return inaccurate leads to cases where the host isn’t generating port-unreachable responses, or the port-unreachable replies are rate limited or they’re filtered by a firewall.
In the second method, which is addressed within the second and third recipes, is to use service-specific probes to aim to solicit a response, which might indicate that the expected service is running on the targeted port. While this approach are often highly effective, it also can be very time consuming.

TCP Port Scanning

In this article, many different methods to TCP scanning will be covered. These methods include stealth scanning, connect scanning, and zombie scanning. To understand how these scanning techniques work, it is important to understand how TCP connections are established and worded. TCP is a connection-oriented protocol, and data is only transported over TCP after a connection has been established between two systems. The process associated with establishing a TCP connection is often referred to as the three-way handshake. This name alludes to the three steps involved in the connection process. The following diagram shows this process in a graphical form:

From the above picture we can see that a TCP SYN packet is sent from the device that wishes to establish a connection with a port of the device that it desires to connect with. If the service associated with the receiving port grants the connection, it will reply to the requesting system with a TCP packet that has both the SYN and ACK bits activated. The connection is established that time when the requesting system responds with a TCP ACK response. This three-step process (three-way handshake) establishes a TCP session between the two systems. All of the TCP port scanning techniques will perform some varieties of this process to identify live services on remote hosts.

Connect scanning and stealth scanning both are quite easy to know . Connect scanning wont to establish a full TCP connection for each port that’s scanned. that’s to mention , for each port that’s scanned, the complete three-way handshake is completed. If a connection is successfully established, the port is then seems to be open.
In the case of stealth scanning doesn’t establish a full connection. Stealth scanning is additionally referred as SYN scanning or half-open scanning. for every port that’s scanned, one SYN packet is shipped to the destination port, and every one ports that reply with a SYN+ACK packet are assumed to be running live services. Since no final ACK is shipped from the initiating system, the connection is left half-open. this is often mentioned as stealth scanning because logging solutions that only record established connections won’t record any evidence of the scan. the ultimate method of TCP scanning which will be discussed during this chapter may be a technique called zombie scanning. the aim of zombie scanning is to map open ports on a foreign system without producing any evidence that you simply have interacted thereupon system. The principles behind how zombie scanning works are somewhat complex. perform the method of zombie scanning with the subsequent steps:

• Identify a remote system for our zombie host. The system should have the some characteristics, they are following:

1. The system need to be idle and does not communicate actively with other systems over the network.
2. The system need to use an incremental IPID sequence.

• Send a SYN+ACK packet to this zombie host and record the initial IPID value.
• Send a SYN packet with a spoofed source IP address of the zombie system to the scan target system.
• Depending on the status of the port on the scan target, one of the following two things will happen:

1. If the port is open, the scan target will return a SYN+ACK packet to the zombie host, which it believes sent the original SYN request. In this case, the zombie host will respond to this unsolicited SYN+ACK packet with an RST packet and thereby increment its IPID value by one.
2. If the port is closed, the scan target will return an RST response to the zombie host, which it believes sent the original SYN request. This RST packet will solicit no response from the zombie, and the IPID will not be incremented.

• Send another SYN+ACK packet to the zombie host, and evaluate the final IPID value of the returned RST response. If this value has incremented by one, then the port on the scan target is closed, and if the value has incremented by two, then the port on the scan target is open.

The following image shows the interactions that take place when we use a zombie host to scan an open port:

To perform a zombie scan, an initial SYN+ACK request should be sent to the zombie system to work out the present IPID value within the returned RST packet. Then, a spoofed SYN packet is shipped to the scan target with a source IP address of the zombie system. If the port is open, the scan target will send a SYN+ACK response back to the zombie. Since the zombie didn’t actually send the initial SYN request, it’ll interpret the SYN+ACK response as unsolicited and send an RST packet back to the target, thereby incrementing its IPID by one.

Finally, another SYN+ACK packet should be sent to the zombie, which can return an RST packet and increment the IPID another time. An IPID that has incremented by two from the initial response is indicative of the very fact that each one of those events have transpired which the destination port on the scanned system is open. Alternatively, if the port on the scan target is closed, a special series of events will transpire, which can only cause the ultimate RST response IPID value to increment by one.
The following picture is an demo of the sequence of events comes with the zombie scan of a closed port:

If the destination port on the scan target is closed, an RST packet are going to be sent to the zombie system in response to the initially spoofed SYN packet. Since the RST packet solicits no response, the IPID value of the zombie system won’t be incremented. As a result, the ultimate RST packet returned to the scanning system in response to the SYN+ACK packet will have the IPID incremented by just one .

This process are often performed for every port that’s to be scanned, and it are often wont to map open ports on a remote system without leaving any evidence that a scan was performed by the scanning system.

This is how port scanning methods works. In this article we tried to do something different, this is not about any tool but if we are using Kali Linux or we are in cybersecurity field then we should have some technical knowledge. Hope this article also get love. This is all for today.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

The third update of Kali Linux in 2021 is live and ready to ROCK.

Say Welcome to Kali Linux 2021.3! This release welcomes a mixture of new items as well as enhancements of existing features, and is ready to be downloaded (from our updated page) or upgraded if you have an existing Kali Linux installation.

A quick summary of the change log since the 2021.1 release from February 2021 is:

OpenSSL: wide compatibility by default

Going forwards from Kali Linux 2021.3, OpenSSL has now been configured for wider compatibility to allow Kali to talk to as many services as possible. This means that legacy protocols (such as TLS 1.0 and TLS 1.1) and older ciphers are enabled by default. This is done to help increase Kali’s ability to talk to older, obsolete systems and servers that are still using these older protocols. This may potentially increase your options on available attack surfaces (if your target has these End of Life (EoL) services running, having then forgotten about them, what else could this uncover?). While this is not a configuration that would be good for a general purpose operating systems, this setting makes sense for Kali as it enables the user to engage and talk with more potential targets.

This setting is easy to modify via the command-line tool kali-tweaks though. Enter the Hardening section, and from there you can configure OpenSSL for Strong Security mode instead, which uses today’s current modern standard allowing for secure communication.

For more details, refer to the documentation: kali.org/docs/general-use/openssl-configuration

Kali-Tools

In 2019.4 we moved our documentation over to our updated /docs/ page. It’s now finally the turn of our Kali-Tools site!

We have refreshed every aspect of the previous site, giving a new, faster, layout, content, and system! The backend is now in a semi-automated state and more in the open, which like before, allows for anyone to help out and contribute.

Once these sites have settled down from all the changes and matured a bit, we will start to package these both up, allowing for offline reading.

Virtualization: improvements all over the place

The Kali Live image received some love during this release cycle! We worked hard to make the experience smoother for those who run the Live image in virtualized environments. Basic features like copy’n’paste and drag’n’drop between the host and the guest should now work out of the box. And this is really for everyone: VMware, VirtualBox, Hyper-V and QEMU+Spice. Did we forget anyone? Drop us a word on the Kali bug tracker!

On the same line: it’s now very easy to configure Kali for Hyper-V Enhanced Session Mode. Open kali-tweaks in a terminal, select Virtualization, and if Kali is running under Hyper-V, you’ll see a setting to turn on Hyper-V Enhanced Session Mode. It’s now as simple as hitting Enter!

If you use this feature, make sure to visit kali.org/docs/virtualization/install-hyper-v-guest-enhanced-session-mode/, as there are a few additional things to be aware of.

Many thanks to @Shane Bennett, who spent a tremendous amount of time testing this feature, provided extremely detailed feedback all along, and even helped us with the documentation. Kudos Shane!

New Tools in Kali Linux 2021.3

It wouldn’t be a Kali release if there weren’t any new tools added! A quick run down of what’s been added (to the network repositories):

• Berate_ap – Orchestrating MANA rogue Wi-Fi Access Points
• CALDERA – Scalable automated adversary emulation platform
• EAPHammer – Targeted evil twin attacks against WPA2-Enterprise Wi-Fi networks
• HostHunter – Recon tool for discovering hostnames using OSINT techniques
• RouterKeygenPC – Generate default WPA/WEP Wi-Fi keys
• Subjack – Subdomain takeover
• WPA_Sycophant – Evil client portion of EAP relay attack

Kali Nethunter Updates

We proudly introduce the world’s first Kali NetHunter smartwatch, the TicHunter Pro thanks to the outstanding work of our very own NetHunter developer @yesimxev. It is still experimental, hence the features are limited to USB attacks, and some basic functions. The hardware also has limitations, as such a small battery won’t supply enough voltage for any OTG adapters, so huge antennas won’t stick out of your wrist! The future is very promising, bringing support for Nexmon and internal bluetooth usage.

The image is available on our download page.

Please note that those images contain a “nano Kali rootfs” due to technical reasons. The detailed installation guide can be found in our Kali documentation. Feel free to join the adventure!

Kali NetHunter Installation via Magisk

Thanks to the amazing work of @Mominul Islam, we can now bring Kali NetHunter to Android 11 devices without a fully working TWRP!

Each Kali NetHunter image can be flashed as a Magisk module. This work is still in its infancy and more work is needed to bring it up to par with the traditional installer through TWRP.

One of the missing parts is the kernel installation. We haven’t been able to install the kernel through Magisk yet. That has to be done via kernel installers like the “Franco Kernel Manager”. If you are keen to get NetHunter onto your Android 11 device, just give it a crack. If you are interested in helping out with getting the kernel part finished, please get in touch with us through our GitLab issue tracker. Any help is greatly appreciated!

Kali NetHunter installation step-by-step guide for our preferred device, the OnePlus 7

Our preferred device for Kali NetHunter is the OnePlus 7 running Android 10 (stock ROM).

For a step-by-step installation guide and links to all the files required to restore your phone to the latest stock Android 10 ROM, install TWRP, Magisk and Kali NetHunter, head over to our Kali documentation page.

Kali ARM Updates

We have been busy doing various tweaks and tinkering on our Kali ARM images, which covers:

• Our Kali ARM build-scripts have been re-worked.
  • Thanks to @cyrus104, we now have a build-script to support the Gateworks Newport board, and he also added documentation for it.
  • @Re4son contributed a build-script for the Raspberry Pi Zero W based “Pi-Tail” (Find more information here).
  • Additionally, the RaspberryPi Zero W based “P4wnP1” build-script has undergone some major changes.
• All images should finally resize the file-system on the first boot.
• We now re-generate the default snakeoil cert, which fixes a couple of tools that were failing to run previously.
• Images default to iptables-legacy and ip6tables-legacy for iptables support.
• We now set a default locale of en_US.UTF-8 on all images, you can, of course, change this to your preferred locale.
• The Kali user on ARM images is now in all of the same groups as base images by default, and uses zsh for the default shell. You can change your default shell by using the kali-tweaks tool which also comes pre-installed.
• Raspberry Pi images can now use a wpa_supplicant.conf file on the /boot partition.
• Raspberry Pi images now come with kalipi-config, and kalipi-tft-config pre-installed.
• Pinebook Pro’s kernel has been updated to 5.14, and you now get messages on the LCD screen as it’s booting, instead of a blinking cursor until X starts.

Desktop & Theme Updates

There are also some changes in the desktop space:

• Improved GTK3 theme for Xfce’s notifications and logout-dialog
• Redesigned GTK2 theme for a better fit of older programs
• Improved Kali-Dark and Kali-Light syntax-highlighting themes for GNOME and Xfce

In addition to these changes, one of Kali’s preferred desktops, KDE plasma, has received a version bump, now including version 5.21. This update brings an updated look, with a new application launcher and theme improvements. Here’s a preview of how it looks with Kali’s customization:

echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" | sudo tee /etc/apt/sources.list

sudo apt update && sudo apt -y full-upgrade

[ -f /var/run/reboot-required ] && sudo reboot -f

┌──(kali㉿kali)-[~]
└─$ grep VERSION /etc/os-release
VERSION="2021.3"
VERSION_ID="2021.3"
VERSION_CODENAME="kali-rolling"

┌──(kali㉿kali)-[~]
└─$ uname -v
#1 SMP Debian 5.10.46-4kali1 (2021-08-09)

┌──(kali㉿kali)-[~]
└─$ uname -r
5.10.0-kali9-amd64

Amap is an application mapping tool that we can use to read banners from network services running on remote ports. In our this detailed article we are going to learn hot we can use Amap on Kali Linux to acquire service banners in order to identify the services running with open ports on a target system.

To use Amap to gather service banners, we will need to have a remote system running network services that discloses information when a client device connects to them. In our article we are going to use a Metasploitable2 instance for example. We already have an article about installing Metasploitable2.

Amap is comes preloaded with our Kali Linux system so we don’t need to install it on our system, we can directly run the following command on our terminal to see the help/options of Amap:

amap --h

The output of command shown in the following screenshot:

In the screenshot we can see that -B flag in Amap can be used to run Amap in banner mode. This have it collect banners for the specified IP and service port(s). This application can be used to collect the banner from a single service by specifying the remote IP address and port number.

For an example we run following command on our terminal:

amap -B 172.20.10.10 21

This command will scan our Metaspoitable2 IP to grab the banner of port 21. The result shown in the following screenshot:

On the above screenshot, we can see that Amap has grabbed the service banner from port 21 on the Metasploitable2 system. We can also run this command to perform a scan of all the possible TCP ports, all the possible ports must need to scanned. The portions of the TCP headers that define the source & destination port address are both 16 bits in length, also each bit can retain a value of 1 or 0. So there are 2¹⁶ or 65536 possible TCP port addresses. To scan all the TCP ports all we need to specify the range of 1 to 65535. We can do this by using following command on our terminal:

amap -B 172.20.10.10 1-65535

In the following screenshot we can see the output of the applied command.

In the above screenshot we can see that we got the opened ports and their banners. Sometimes the normal output of the command shows lots of unnecessary & redundant information that can be extracted from the output. Like the IP address & metadata is there without any logic. We can filter the output using following command:

amap -B 172.20.10.10 1-65535 | grep "on" | cut -d ":" -f 2-5

Now in the following screenshot we can see that the output is to the point.

This shows the principal that tells how Amap can accomplish the task of banner grabbing is same as some other tools like Nmap. Amap cycles through the list of destination port address, attempts to establish a connection with each port, and then receives every returned banner that is sent upon connection to the service running on the port.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

In today’s article we are going to discuss about how we can be anonymous on the internet, because we all love privacy. Sometimes we need to do some private jobs on the internet. So anonymity is important. We can say we can use Tor, VPN to be anonymous. But that’s totally not true.

The perfect say is “Privacy is a myth“. We can use the Tor, VPN, Proxychains etc to increase our privacy, but those methods are not totally bulletproof. But in this article we are going to discuss about some techniques that will be really helpful to be more anonymous on the internet. This is going to be another level of anonymity if we didn’t do any mistake from our side.

Before going further we need to have a clear idea about Tor and VPN like stuffs. After that we are good to go. As we know that Tor a very good way to be anonymous on internet, but some services detects that we are using Tor and restricts us to use the services. A good example is Google.

Google catch Tor network

Also the VPN providers may keep our activity logs on their database (Paid VPN providers told that, they don’t keep logs. But can we trust them? let us know in the comment section below). Then what to do?

Be Anonymous Online

So, in this article we are going to talk about a easy, fast and effective way to be anonymous online. By following this real IP address will be very very hard to detect by anyone on the world, we just need to finish the article totally to get the pro idea.

The idea is easy yet powerful. We are going to use Tor and Proxychains together. First we run Tor then we run our proxychains. By doing this services like Google TorCheck etc will get the IP address of our proxy servers and those proxyservers also don’t have our real IP address, they have the IP address of our Tor. Let’s practically do it. For the first time we need to do some proxychains configurations and need to learn basics of it.

Configuring ProxyChains

Proxychains comes pre-installed with Kali Linux, also we can install it using following command:

sudo apt install proxychains

After that we need to configure it as we want to use. Let we open the configuration file by using following command:

sudo nano /etc/proxychains.conf

The above command will open the proxychains configuration file as we can see in the following screenshot:

If we scroll down to the end of the file we can see the list of proxies.

We can add our proxy servers here. First is proxy type then IP address then port number. We also can add username and password of the proxy server (If required). Everything is shown in the following screenshot:

Proxy list explained

Now we can add proxies list here.

Just not only proxies list we can configure many more things here, like if the proxy server is taking to much time then we can set timeout for them.

Proxy timeout settings

We also can configure various type of chains (proxychains) here, like dynamic chain, random chain, strict chain. The works of the chains is well written here.

But in easy language we can explain them as following. Suppose we have a list of proxies in this configuration file.

• Dynamic Chain:- In this chain our proxy server’s list will maintain the order we have set, but if one or more proxy server is not working it will skip it to get the connection.
• Strict Chain:- In this type of chain our proxy server’s order will maintained and also every proxy server must need to work otherwise it will not make the connection.
• Random Chain:- In this type it will use random proxies from our proxy server’s list. It will not maintain any order.

Here we are going to set multiple proxy servers in our proxy list. Where to get free proxies? well there are some websites that provides us free and paid proxies. HidemyName, Genode and Proxy-List etc.We can Google “free proxy server” for more.

We can see the IP address and port of proxy servers, also we can see country/city, speed, type, anonymity etc in the list. We just need the Type, IP and port to add them on our proxychains.conf file. Here we had add two proxies on the configuration file.

Here for example we are going to use dynamic proxy chains. So we remove the ‘#’ before the dynamic chain and put a ‘#’ before the strict chain to disable it. Shown in the following screenshot:

Now we can save and close the proxy chains configuration file by pressing CTRL+X then Y, Then Enter ⤶.

Using Tor with Proxychains

We can install Tor services on our Kali Linux system by using following command:

sudo apt install tor

In the following screenshot we can see that tor is installing on our system:

Installing Tor on Kali Linux

After the installation is complete we can start the Tor services by using following command:

sudo service tor start

Then our Tor services will start, we can check the status of the services by using following command:

sudo service tor status

Yes, our Tor services is running successfully, we can see it in the following screenshot:

Now we can check this on our browser. We open our browser and navigate to torchecker. In the following screenshot we can see that we are using Tor and it detects it. Now all websites or services on the internet can catch us that we are using Tor network. Here we runs our proxychains.

If we want to run proxychains with our browser we need to type following command on our terminal:

proxychains firefox

Now our firefox browser will open in front of us. Lets have a look at TorChecker.

It detects the IP of Proxyservers

As the above screenshot we can see that it can’t detect us that we are using Tor. But Tor services is running. Then why it can’t detect it? Our connection is going through the Tor nodes to the proxy servers by doing proxy servers didn’t getting our real IP. If they keep logs they can, but our real IP will remain hidden for Tor. We can see it on the following screenshot:

Here we can directly use Tor Tor is good for anonymity but as we told some websites and services didn’t allow Tor network IP’s. Now they can’t detect us and we can do all the things online remain anonymous.

By using this method not only web surfing we can do almost every task. Like by using the following command we can use it for nmap scanning:

proxychains nmap -Pn google.com

Now in the above screenshot we can see that we are scanning using Nmap with the help of Tor and Proxychains.

Things We Should Aware

• We need to remember that after sometimes we need to check if our tor services are running properly by using sudo service tor status command.
• Here we had used dynamic chain for an example but in this dynamic chain if we got any issue with one proxy sever it will skip it. So if we want a better result we need to use strict chain.
• Here for an example we have used only two proxy servers but for better anonymity we need to use as much as proxy server we can. But one thing, increasing amount of proxy servers will decrease the internet speed.
• We need to check if the proxy we got for free is working or not. In real life scenario they mostly found dead. We can use some proxy checker tools to check if they are working or not. It the proxy is not working then we might get “socket error or timeout!” error.
• Proxychains configuration file uses Tor because of it’s default Tor proxychains configuration. We shouldn’t remove Tor’s proxy from here. If we removed Tor’s proxy from here then proxychain will not work with Tor.

Default proxy for Tor Should not remove

This is all about smart way to be anonymous in the internet world. Here we had used Tor, but Tor checkers didn’t catch us. Internet will got our Proxy server’s IP and the Proxy server will get our Tor network’s IP. By that way we can browse the Internet anonymously.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.