Tech Byte™

🌐 Ethical Hacking Tutorial: WordPress Security Testing with WPScan 🚨

Objective: Use WPScan to uncover vulnerabilities in WordPress sites ethically.


🛠 Setup WPScan

Install:

sudo apt install wpscan

API Key: Get one at wpscan.com.


🔍 Key Commands

1. Scan the Website:

wpscan --url http://example.com


2. Find Plugins:

wpscan --url http://example.com --enumerate p


3. List Users:

wpscan --url http://example.com --enumerate u


⚠️ Brute Force (Authorized Only)

Test weak passwords:

wpscan --url http://example.com --passwords passwords.txt


💡 Tips: Use only with permission! Update plugins/themes and enable 2FA to secure WordPress sites. 🔒

🤫 Hide Files Inside an Image: Step-by-Step Guide 🖼️🔒

🖼️ Step 1: Prepare the Files
- Select the image file 📸 (e.g., .jpg, .png) you want to use to hide the file.
- Choose the file(s) 📄 (e.g., documents, executables) you want to hide inside the image.
- Make sure both the image file and the file(s) you want to hide are in the same folder 🗂️.

📦 Step 2: Compress the File(s)
- Right-click the file(s) you want to hide.
- Select Send to > Compressed (zipped) folder 🔒 to create a .zip archive containing the file(s) you want to hide. For example, secretfile.txt will become secretfile.zip 🔑.

🖥️ Step 3: Open Command Prompt
- Press Win + R, type cmd, and press Enter to open the Command Prompt 🖱️.

🏃 Step 4: Navigate to the Folder
- In Command Prompt, navigate to the folder where both the image and the .zip archive are located:

cd C:\Users\YourName\Documents\FolderWithFiles

🔗 Step 5: Combine the Files
- Run the following command to combine the image and .zip file:

copy /b image.jpg + secretfile.zip newimage.jpg

- Replace image.jpg with your image file's name 🖼️.
- Replace secretfile.zip with the .zip file containing the files you want to hide 📦.
- Replace newimage.jpg with the desired name for the new combined file ✨.

🔍 Step 6: Verify the Hidden File
- The new file (newimage.jpg) will look like a regular image 🎨.
- To access the hidden file, rename the new file to .zip 🔄 (e.g., newimage.jpg to newimage.zip).
- Open the .zip file with a file archiver like WinRAR or 7-Zip to extract the hidden contents 📂.

If you can't rename the extension, go to View tab and click the "file name extension" to enable it

Now, you've got your hidden files inside an image file! 🎉 Share it with friends or keep it as your secret! 🕵️‍♂️🔐

📜 Hacking Tutorial 3: Basic SQL Injection Attack

SQL Injection is one of the most common vulnerabilities in web applications. It involves inserting malicious SQL code into a query to manipulate the database. Learn how it works below (for educational purposes only)! 🔐


Step-by-Step Guide

1. 🔍 Find a Vulnerable Website
- Look for websites that use input forms (like login pages or search bars).
- Test if the input is vulnerable by entering a single quote (') and observing the response.
- If you see errors like SQL syntax error, it might be vulnerable.

2. 📋 Test for SQL Injection
- Try injecting basic payloads:
- ' OR '1'='1' -- (bypass login pages)
- UNION SELECT null, table_name FROM information_schema.tables -- (list database tables)

3. 📂 Extract Data
- After identifying the vulnerability, modify the query to retrieve sensitive data:
- Example: UNION SELECT username, password FROM users --

4. ⚙️ Tools to Automate
- Use tools like sqlmap to automate the process.


Pro Tips 🧠
- Learn to use Burp Suite to intercept and manipulate HTTP requests.
- Always test in a legal and ethical environment, such as on your own systems or with permission. ✅

⚙️ Tech Hack 2: Speed Up Your Slow PC

Is your PC feeling sluggish? 🐢 Here’s a quick and effective way to boost its performance without spending a dime! 💻

Step-by-Step Guide

1. 🧹 Clear Temporary Files

Press Win + R, type temp, and hit Enter.

Delete all files in the folder (skip those in use).

Repeat for %temp% and prefetch.



2. 📁 Disable Startup Programs

Open the Task Manager (Ctrl + Shift + Esc) and go to the Startup tab.

Disable unnecessary apps like Skype or OneDrive if you don’t need them at boot.



3. 💾 Optimize Disk Usage

Right-click on your drive (e.g., C:) in This PC > Properties > Tools > Optimize.

Run the defragmentation tool for HDDs (skip for SSDs).



4. 🚀 Adjust Visual Effects

Go to System Properties (Win + Pause/Break) > Advanced system settings > Performance > Settings.

Select Adjust for best performance or customize to keep the essentials.


Pro Tips 🧠

📝 Use CCleaner (free version) to clean up junk files and registries.

📝 Uninstall unused software to free up space. 🗑️

📝 Upgrade to an SSD for a massive speed boost. 🚀

If you’re using a Linux based operating system, it is vital to port forward ports that are deemed useless in the means of communication.

In order to have good privacy, one must sacrifice speed and efficiency. This includes common ports that have common vulnerabilities. Some common ports must be open always such as port 443, port 53, Port 80, and sometimes port 22. The only way to prevent further exploitation of these common ports is encryption.

We cannot block these on a publicly broadcasted IP address as this would only cause problems, so we must encrypt them and implement Iptables or UFW rules to prevent further attacks or vulnerabilities getting in the hands of the adversary. For further details, read into Ubuntu’s official documentation page.

https://wiki.ubuntu.com/UncomplicatedFirewall#

https://medium.com/@amandubey_6607/comprehensive-guide-to-linux-firewalls-iptables-nftables-ufw-and-firewalld-9e86e0a49979

🔍 Hacking Tutorial 2: Introduction to Wireshark for Network Analysis

What is Wireshark?

Wireshark is a powerful 🛠️ network protocol analyzer used to capture and inspect data packets in real time. It’s an essential tool for ethical hackers and cybersecurity professionals to analyze network traffic and detect vulnerabilities. 🚀


Step-by-Step Guide to Using Wireshark

1. 🖥️ Install Wireshark

Download and install Wireshark from the official website.

Ensure you run the installation as an administrator to grant necessary permissions.



2. 📡 Capture Traffic

Open Wireshark and select the network interface you want to analyze (e.g., Wi-Fi or Ethernet).

Click Start ▶️ to begin capturing live traffic.



3. 🔎 Analyze Packets

Use filters to narrow down the data. For example:

http for HTTP traffic

ip.addr == [IP address] to view packets for a specific IP


Click on any packet to view its details, including headers and payload.



4. 💾 Export and Save Data

Stop the capture when done and save the results for detailed offline analysis.


Pro Tips 💡:

Use Wireshark in conjunction with other tools like Nmap for deeper insights.

Familiarize yourself with common protocols to identify anomalies. ⚠️

Ensure you're only capturing traffic on networks you own or have permission to analyze, this keeps your work ethical and legal! ✅

5 Hidden Keyboard Features (on Gboard) to Boost Your Typing Speed and Efficiency! ⌨️🚀

1. Swipe to Type (Gesture Typing) 🖋️:
Instead of tapping each key, try swiping to type! With Gboard or other popular keyboards, simply swipe your finger across the letters of a word to type it quickly. Enable this in Settings > Language & Input > Gboard > Glide Typing.


2. Text Shortcuts (Assigning a Word for Another Word) ✂️:
You can create custom text shortcuts for phrases you use often. For example, type "omw" and it will expand to "On my way!". To set this up, go to Settings > Language & Input > Gboard > Dictionary > Personal Dictionary and add your custom shortcuts.


3. One-Handed Keyboard 🖐️:
If you're using your phone with one hand, enable the one-handed keyboard to shrink the keyboard to one side. For Gboard, swipe the spacebar left or right to activate this feature, making it easier to type with one hand.


4. Clipboard Access 📋:
Store and quickly access text you've copied to the clipboard. With Gboard, press and hold the comma key to view and use your clipboard history. You can copy multiple items and access them anytime.


5. Voice Typing 🎤:
Typing with your voice is super fast. Tap the microphone icon on the keyboard to start voice typing. You can dictate long texts or commands, and Android’s built-in speech-to-text feature

Bitcoin going to $100k non-stop?