What is the Deep Web

According several researches the principal search engines index only a small portion of the overall web content, the remaining part is unknown to the majority of web users.

What do you think if you were told that under our feet, there is a world larger than ours and much more crowded? We will literally be shocked, and this is the reaction of those individual who can understand the existence of the Deep Web, a network of interconnected systems, are not indexed, having a size hundreds of times higher than the current web, around 500 times.

Very exhaustive is the definition provided by the founder of BrightPlanet, Mike Bergman, that compared searching on the Internet today to dragging a net across the surface of the ocean: a great deal may be caught in the net, but there is a wealth of information that is deep and therefore missed.

Ordinary search engines to find content on the web using software called "crawlers". This Deep Web technique is ineffective for finding the hidden resources of the Web that could be classified into the following categories:
  • Dynamic content: dynamic pages which are returned in response to a submitted query or accessed only through a form, especially if open-domain input elements (such as text fields) are used; such fields are hard to navigate without domain knowledge.
  • Unlinked content: pages which are not linked to by other pages, which may prevent Web crawling programs from accessing the content. This content is referred to as pages without backlinks (or inlinks).
  • Private Web: sites that require registration and login (password-protected resources).
  • Contextual Web: pages with content varying for different access contexts (e.g., ranges of client IP addresses or previous navigation sequence).
  • Limited access content: sites that limit access to their pages in a technical way (e.g., using the Robots Exclusion Standard, CAPTCHAs, or no-cache Pragma HTTP headers which prohibit search engines from browsing them and creating cached copies).
  • Scripted content: pages that are only accessible through links produced by JavaScript as well as content dynamically downloaded from Web servers via Flash or Ajax solutions.
  • Non-HTML/text content: textual content encoded in multimedia (image or video) files or specific file formats not handled by search engines.
  • Text content using the Gopher protocol and files hosted on FTP that are not indexed by most search engines. Engines such as Google do not index pages outside of HTTP or HTTPS.
A parallel web that has a much wider number of information represents an invaluable resource for private companies, governments, and especially cybercrime. In the imagination of many persons, the Deep Web term is associated with the concept of anonymity that goes with criminal intents the cannot be pursued because submerged in an inaccessible world.

As we will see this interpretation of the Deep Web is deeply wrong, we are facing with a network definitely different from the usual web but in many ways repeats the same issues in a different sense.

What is a Tor? How to preserve the anonymity?
Tor is the acronym of "The onion router", a system implemented to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers hiding user's information eluding any activities of monitoring.

As usually happen, the project was born in military sector, sponsored the US Naval Research Laboratory and from 2004 to 2005 it was supported by the Electronic Frontier Foundation.

Actually the software is under development and maintenance of Tor Project. A user that navigate using Tor it's difficult to trace ensuring his privacy because the data are encrypted multiple times passing through nodes, Tor relays, of the network.

Connecting to the Tor network
Imagine a typical scenario where Alice desire to be connected with Bob using the Tor network. Let’s see step by step how it is possible.

She makes an unencrypted connection to a centralized directory server containing the addresses of Tor nodes. After receiving the address list from the directory server the Tor client software will connect to a random node (the entry node), through an encrypted connection. The entry node would make an encrypted connection to a random second node which would in turn do the same to connect to a random third Tor node. The process goes on until it involves a node (exit node) connected to the destination.

Consider that during Tor routing, in each connection, the Tor node are randomly chosen and the same node cannot be used twice in the same path.

To ensure anonymity the connections have a fixed duration. Every ten minutes to avoid statistical analysis that could compromise the user’s privacy, the client software changes the entry node.

Up to now we have considered an ideal situation in which a user accesses the network only to connect to another. To further complicate the discussion, in a real scenario, the node Alice could in turn be used as a node for routing purposes with other established connections between other users.

A malevolent third party would not be able to know which connection is initiated as a user and which as node making impossible the monitoring of the communications.
Tor network
After this necessary parenthesis on Tor network routing we are ready to enter the Deep Web simply using the Tor software from the official web site of the project. Tor is able to work on all the existing platforms and many add-ons make simple they integration in existing applications, including web browsers. Despite the network has been projected to protect user’s privacy, to be really anonymous it's suggested to go though a VPN.

A better mode to navigate inside the deep web is to use the Tails OS distribution which is bootable from any machine don't leaving a trace on the host. Once the Tor Bundle is installed it comes with its own portable Firefox version, ideal for anonymous navigation due an appropriate control of installed plugins, in the commercial version in fact common plugins could expose our identity.

Once inside the network, where it possible to go and what is it possible to find?
Well once inside the deep web we must understand that the navigation is quite different from ordinary web, every research is more complex due the absence of indexing of the content.

A user that start it's navigation in the Deep Web have to know that a common way to list the content is to adopt collection of Wikis and BBS-like sites which have the main purpose to aggregate links categorizing them in more suitable groups of consulting. Another difference that user has to take in mind is that instead of classic extensions (e.g. .com, .gov) the domains in the Deep Web generally end with the .onion suffix.

Following a short list of links that have made famous the Deep Web published on Pastebin.
Tor network
Cleaned Hidden Wiki should be a also a good starting point for the first navigation. Be careful, some content are labeled with common used tag such as CP= child porn, PD is pedophile, stay far from them.

The Deep Web is considered the place where every thing is possible, you can find every kind of material and services for sale, most of them illegal. The hidden web offers to cybercrime great business opportunity, hacking services, malware, stolen credit cards, weapons.

We all know the potentiality of the e-commerce in ordinary web and its impressive growth in last couple of years, well now imagine the Deep Web market that is more that 500 times bigger and where there is no legal limits on the odds to sell. We are facing with amazing business controlled by ciber criminal organizations.

Speaking of dark market we cannot avoid to mention Silk Road web site, an online marketplace located in the Deep Web, the majority of its products are derived from illegal activities. Of course it's not the only one, many other markets are managed to address specify products, believe me, many of them are terrifying.
Silk Road
Most transactions on the Deep Web accept Bitcoin system for payments allowing the purchase of any kind of products preserving the anonymity of the transaction, encouraging the development of trade in respect to any kind of illegal activities. We are facing with a with an autonomous system that advantage the exercise of criminal activities while ensuring the anonymity of transactions and the inability to track down the criminals.

But is it really all anonymous? Is it possible to be traced in the Deep Web? What is the position of the governments towards the Deep Web?

I will provide more information on the topic in next articles ... in meantime let me thank a great expert of the Deep Web, "The gAtOmAlO" with whom I collaborate on a project which we will present you soon.

Recover windows 10 administrator password by Kali Linux

Similar as previous version of Window’s Operating system like Window XP/7/8/8.1 password of Window 10 are saved in SAM (Security Account Manager) file located in C:/Windows/system32/config. These password are encrypted with NTLMv2. In this post I will show you to dump the hashes and crack it using John password cracker tool. User can do that by follow the given steps:
Step 1:Boot Window machine with Kali Linux Live DVD/Flash Drive
Step 2: Mount Windows System Drive
  1. Click on the Places and the menu bar will open click on Computer. The file manager will open.
  2. Click on other location, and again click on the Windows media. New windows will be open and looks like image.windows-hard-disk
    Note: If you will not able to open this drive automatic use following command to fix error. This happen because Windows 10 does not shut down properly. By default it is going to sleep mode, So you will have to run following command.
    #fdisk -l
    this command is used to check the attached hardisk and its partition. its upto you how will you find the windows partition. if you will run following command with wrong partition, then no issue.
    #ntfsfix /dev/sda2 (partition address)fix-ntfs
  3. Try again to open Windows media, Once you will open go to next step.windows-media
Step 3: Open terminal and Go into the SAM file location
#cd /Media/Media No./Windows/System32/config

Old method to get windows 10 password hashes

Step 4: Find the system bootkey using bkhive utility
#bkhive SYSTEM /root/Desktop/system
Step 5: Dump Password hashes using samdump2
#samdump2 SAM /root/Desktop/system > /root/Desktop/hashes.txt

New Method to get windows 10 password hashes – 2017

STEP 4+5: This is very important step, because in this step you are going to retrieve Windows 10 password hashes. So run the following command and dump the hashes.
#pwdump SYSTEM SAM > /root/Desktop/hashes.txt
You can provide any name instead of hashes.txt
dump-hashes-and-check
Step 6: Change working directory as /root/Desktop
#cd /root/Desktop
Step 7: See available hashes in hashes.txt file
#cat hashes.txt
Step 8: Find the password from hashes using John the Ripper
#john –format=nt2 –users=UserName hashes.txt

crack-the-hashes
Find the password Have a fun 🙂

Method 2. How to Recover Windows 10 administrator password If You Forgot.

Another tool that can be used to recover windows 10 administrator password is the iSeePassword Windows Password Recovery Pro, this is a best PC Unlocker software. It is a professional password recovery tool that is meant to reset or unlock computer password. It is available for many other Windows operating systems including Windows Vista, 7, 8 and XP. You only need a USB flash drive. When compared to other methods mentioned above, this is the easiest way to recover a lost password and has no drawbacks. It works by listing all user accounts on your computer, you only need to select a user account on your computer and click the password reset button. You can login to your Windows account after restarting.
Let’s see how iSeePassword Windows Password Recovery Pro Works.
Step 1. Download iSeePassword Windows Password Recovery Pro and install and launch it on another available PC. There are 2 ways to burn a password reset disk, USB or DVD/CD,  just inset a USB flash drive into it. Click “Burn”.
isee-password-recovery-1
Step 2. When successful message pops up, click OK and exit removal device. Password recovery disk have been burned successfully.
windows-password-recovery-pro
Step 3: Insert the newly created USB drive to the locked Windows 10 computer. Set USB drive as the first boot device in BIOS setup. This computer will reboot. Then it will load the program, and detect all system and account on your computer, follow the interface to reset your Windows 10 password.
reset-password-using-windows-password-recovery-pro
After you successfully reset the password, disconnect the boot disk and reboot your PC when password is reset to blank. Then your PC will restart normally and Windows 10 can login without password.
iSeePassword Windows Password Recovery Pro is easy to use and safe. With it,you can fast access to your windows if you forgot login password on Windows 10 without system re-installation.


become-kali-linux-hacker

How to become Kali Linux Hacker


Hello guys,

I hope you are doing well, you are here because you want to be “Kali Linux Hacker”. Most of people heard about Kali Linux they are very excited to know more about Kali Linux. here we will all the things about these terms Kali Linux vs Kali Linux Hacker.

What is not a Kali Linux?

kali-linux-is-not-for
First and important thing you should remember always,

Kali Linux is not tool for hacking:

Yes, This is right Kali Linux is not a tool. Many people asked question to me through social media, emails or forums “Please, teach me Kali Linux tool“. So if you have any such type of thought, remove it fast. because when you know about fact, you will feel shame about your knowledge. If the question is stuck in your mind:
what is Kali Linux? Keep reading I will describe later in this post…

Not a magic Rod:

As per my personal experience, Each and Everyone newbie hacker is looking for a magic rod or magic tool to hack wifi, mobile phone, system and other applications. they are expecting to hack website by using one click, but keep in your mind “Its never possible”
There is no tool in the world, which hack each and everything by click
hacking possible without linux
If he write an article about Reaver tool in Kali Linux, I suggest please read the article first and try to understand about methodology. Don’t expect good and free windows tool for hacking.
Again I am saying:
“It is not a magic rod, which make you Kali Linux Hacker in seconds”

It will not give you password of Social Sites in seconds:

Trust me,  If you do an internet search on Facebook hacks you’ll come up with something like 6,16,00,000 search result. and approximately 100k – 1M searches every month as per data of google keyword planner.
facebook hack results
After looking data, I realized “how many people are hungry for facebook password
Another fact, Most of searches are made by newbie hacker, because “a professional hacker will not search for facebook hacking
At result:
It will not give you password of facebook, gmail, twitter or Instagram in seconds. if you want to hack these sites in seconds, don’t have a single hopes from it.

It is not for website hacking:

google know what do you want
Google know very well “what exactly do you want?”. It has strong suggestion techniques to push user according most searches. and you can see website hacking using Kali Linux is most searched keyword on google.
Trust me all these searches done by newbie. because they don’t know about website’s working methodology, Well known vulnerabilities, and exploitation of those vulnerabilities. so they are looking for tool which give the access of website without doing any extra efforts. but it is impossible.
 In fact: 
Kali Linux will not hack a website for you within seconds, and can’t make a Kali Linux hacker.Hacking is always dependent on vulnerabilities. So if the website vulnerable, you will have a chance to hack it.

It will not make you professional hacker, your own hardwork + knowledge + passion will.


There are lots of bad thoughts people have about it. if you are one of them, who think Kali Linux is for getting password of facebook, gmail, twitter or Instagram accounts. Article is ended for you. If you want to know fact.
Continue …..

What is Kali Linux?

what-is-kali-linux
The best answer, you can read at official website What is Kali Linux? but still I want to give an answer.
Kali Linux is a Debian based Operating system, means its derivative of Debian. If you have heard about Ubuntu both are similar. Offensive Security gathered hacking tools and pick Debian Os and launched Kali Linux 
This creativity is awesome, newbie or script kiddie hacker dont need to gather tools and install on any Linux OS. Some time tools are not working properly on other OS due to dependency, and people become frustrate. In this case Kali Linux is best option who want to learn and sharp new skills.

How to become Kali Linux Hacker?
become-kali-linux-hacker
You are still reading this articles, show up your interest to become a Hacker. I will not say this time “Kali Linux Hacker”  because it is not anytype of hacker category. so if you want to learn Kali Linux show follow the given tips:
  1. Be familiar with any Linux operating system, may be ubuntu, mint, Arch or even Kali Linux. doesn’t matter but you should know as much as you know about Linux.
  2. Know basics about Kali Linux like repository, Services – appache, ssh, etc. and read some documentation.
  3. Know about tools and how they worked, start one by one categories, Read manual page and articles related tools. You will find best tutorial related tools on its documentation. So go ahead =>
  4. Some types of attacks and its strategy and working methodology. Sniffing, DOS, DDOS etc.
  5. Know more about exploits, which are exist on Exploit-db 
  6. Generating and Writing Reports!
I have released a basic guidelines, help to reach you at your goal of hacking.
if you have any question, write in the comment box .