Mail App of iOS 8.3, is vulnerable to Phishing attack

There is always a debate between Apple Lovers and Android or Windows OS fans. there is an wrong believe that iOS never get hacked, or virus, or this is the best product. several times I have showed in my classes how Apple devices, similarly may get hacked  as  windows or Android devices can be a target for hackers. Hereby, there is a news that shows how a phishing attack my cause Apple user to lose their iCloud credential over Maill app. This vulnerability can be findout on iOS 8.3. Phishing attack is one the most significant and fast track methods allows hackers to obtain credential information or remote attack and many more. The prove of Concept of this attack has been uploaded in youtube and the PoC code of it has been shared with github for learning purpose.

lets say hi to new Gmail #Inbox and #Google #Photo

Seems Google​ has some new updates, Google Daily Photos​ to compete with Instagram, and now they have upgraded their Inbox.
now you may switch into Inbox and install the Inbox app as well. for the beginning it seems a bit creepy, but no choice, we are living in technology edge which everything is changing daily, and we need to adopt to new systems and updates.
Google Inbox:

Google Photo:


Are you sensitive about privacy? make sure you have turned your geo location off on your Android or iOS devices.

Technology, we love it, and it help us in a variety of situation, we can communicate, ease or life and make fun and use it as  entertainment or even more. but here is the issue, many of the time, like to share our location with our friends and via messenger apps, or social media. many people they dont like to share it or publicly it available for strangers. seriously is that necessary to let everyone in the world know where we are exactly every moment? so if you are the person who cares about it, check your apps setting to ensure what information will be accessible for strangers and even friends.

Lee Munson wrote a report about tracking your geo location on facebook using “Marauders Map” chrome add-on. the API might be disabled , but since the source code has been published in Github, curious developers may modify it and develop it with new features and concepts. this report can be read from nakedsecurity blog.

you may also reconfigure your facebook setting with a better privacy. read the following link from same Lee Munson.

writing script to Automate running Metasploit services, and call it from anywhere

Hi guys, that’s been a while I didn’t have time to update my blog. I would like to write a simple post about how to automate some works and run them easily any time. Many of us, during our playing time with the Penguin, run some tasks and commands repeatedly. Writing bash scripts is my hobbies and I like to automate things, even automating Eat-Rave-Linux  process 🙂 . So I am writing a simple script and show you how to call it from anywhere, similar to other Linux tools and commands such as ifconfig or ls …etc.

Today I had a call from a friend of mine, about running Metasploit. His problem was that, sometimes some services such as Apache2 or prostgresql are not running which cause might cause the Metasploit malfunction or slow running. So it’s better to check if these services are running before running the msfconsole. What I do is, I wrote a very simple bash script that restart the services, update the Metasploit, and finally run the Metasploit automatically. I have a “my-scripts” directory that I put my scripts there and hence, you may call them from anywhere. So here is my Metasploit script.

#! /bin/bash

service postgresql stop

service postgresql start

service apache2 stop

service apache2 start

service metasploit stop

service metasploit start



Once you created your script, just save it as a bash file. You may call it to avoid any confliction with msfconsole. Then just make this file as a executable program using: Chmod 755 In the next step, I move this script in “my-scripts” directory which I located it  in the root directory. I have added this directory to my variables $path. So I can call my script anytime from anywhere by just simply call its name. Do to so, you may use the following command.

now edit your .bashrc file and add the following line at the end of .bashrc file to make it as  permanent parameter. you may need  to reboot your system to apply the changes. so now you may call your Metasploit from anywhere.

nano /root/.bashrc

add the following after the last line:

export PATH=$PATH:~/my-scripts   

Good Luck and let me know if you have any alternative way to do so.

Stay Annoumoys while Black-box Penetration Testing (Tor and Proxychain)

During the black-box penetration testing sometimes we need  to hide our identity and stay anonymous, sometimes some firewalls and IDPS detect us while we are testing the machine, and might block our IP address. In this manner we need to keep changing the IP. So if the firewall blocks the companies IP so, then even if you change the local IP you may not have access to the website again. So the best way to hide the identity, is to you Tor and proxychain.

Install tor:

Apt-get install tor

 Then you just need to run tor service.

 Service tor start

So then you need to modify your proxychain configuration and polish it a little bit. So open the proxychain and uncomment the dynamic, comment the static, and at the end of the file you may find the socks4 9050.0.

You need to add the following code as well.

socks5 9050


The file should be look like bellow after editing.

# proxychains.conf  VER 3.1


#        HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.


# The option below identifies how the ProxyList is treated.

# only one option should be uncommented at time,

# otherwise the last appearing option will be accepted




# Dynamic – Each connection will be done via chained proxies

# all proxies chained in the order as they appear in the list

# at least one proxy must be online to play in chain

# (dead proxies are skipped)

# otherwise EINTR is returned to the app




# Strict – Each connection will be done via chained proxies

# all proxies chained in the order as they appear in the list

# all proxies must be online to play in chain

# otherwise EINTR is returned to the app




# Random – Each connection will be done via random proxy

# (or proxy chain, see  chain_len) from the list.

# this option is good to test your IDS 🙂

# Make sense only if random_chain

#chain_len = 2

# Quiet mode (no output from library)


# Proxy DNS requests – no leak for DNS data


# Some timeouts in milliseconds

tcp_read_time_out 15000

tcp_connect_time_out 8000

# ProxyList format

#       type  host  port [user pass]

#       (values separated by ‘tab’ or ‘blank’)



#        Examples:


#                    socks5        1080        lamer        secret

#                http        8080        justu        hidden

#                 socks4        1080

#                http        8080



#       proxy types: http, socks4, socks5

#        ( auth types supported: “basic”-http  “user/pass”-socks )



# add proxy here

# meanwile

# defaults set to “tor”

socks4 9050

socks5 9050

And the restart your tor service:

Service tor restart

Now you can open any application or browser using proxychain with the following command:

proxychains iceweasel


Proxychain nmap yourtargetip

Enjoy the anonymous surfing and penetration testing

Please let me know how do you keep your identity anonymous during penetration testing.

Enjoy the anonymous surfing and penetration testing

How to Add or Custom Linux Terminal banner

Have you ever considered how you can add a banner to your terminal to have a more customized Linux? Many of the time I saw in many people Linux terminal that they have a title or they have their name in their terminal just like the following image:


To do so, you may install figlet, with the following command:

Apt-get install figlet

You may find more info about the figlet from So once you have installed the figlet, you need to go to your root directory you can see the .bashrc file (if your show hidden files option is already checked). Or you can use the terminal directly:

leafpad /root/.bashrc

Then open it with your text editor and bottom of the file in the last line you may add your text as:

Figlet “your name” –c

c switch set it in the center.

Save the file and open your terminal and enjoy your new terminal.

You may use other alternative tools with different options as well. For more info check the

Social Media Forensics- EC-Council Hackway Workshop Presentation

This Presentation involves with Social Media Forensics such as Email Tracing and investigation the Fraud, Scam… etc.. In the next section we covered the Twitter, Facebook, and Linkdin Forensics practically. After the video call and Instant Messaging tools, Skype is chosen because it is one of the top most popular chatting, voice/video calls (free and commercial plans). We demonstrated practically how to extract the chat conversation, contacts, call logs and much more information. Malware distribution is quite common is social media by social engineering techniques. We performed the analysis to how analysis and investigate the malware and social media investigation with malware distribution and social engineering perspective.


Windows warning, Question about “Your computer is correctly configured, but the device or resource (DNS Server) Is not responding”

Updating windows 8 and right after restarting, the DNS Server problem raised up out of no where

Today why the sun was shining ;), and everything was fine, my laptop notified me that, hey, you need you to update your windows. Alright, let’s do it to enjoy new security patches and fixes that Microsoft usually provides for us, 😀 right after updating and restarting, I couldn’t get access to the internet anymore. I could ping, but no application could access to the internet. Hey Mr Trouble (windows) I updated you to fix your problem, not to create new problems. I checked the firewall, Antivirus, and malware scanners. Everything was fine. Here are the steps I have gone through to solve the problem.


Restarting the Router:

Sorry, I am not the network administrator, so I don’t have any physical access to restart the university network. I couldn’t go for it, so let’s try the rest of option that I could try to solve it. Obviously I couldn’t restart the router to the default setting.


Renew IP addresses

I tried the “ipconfig/release” and ipconfig/renew commands, but it didn’t work


Restarting the DNS and DHCP services

Let’s try services.msc  (just type it in your Run), I just checked  if DNS and DHCP services are not stopped  for any unexpected reason. Both of their status were running, although I restart it. (This is windows, always restart is the first option). Nothing happened.


Should I Flush the DNS?

Hey Sina lets flush the DNS maybe it worked. I ran the “ipconfig/flushdns” and then “ipconfig/registerdns”.

Did it work? Hell nooo.


Open DNS or Google DNS

Alright buddy let’s try googleDNS/openDNS

Google DNS

Open DNS


It worked yeaaaaa  \m/.

Hey Mr Microsoft, this is why people prefer to go for Linux/Mac. You wanted to fix some issues; you made some new issues for me today. Although, Dear Linux has her own complicated problems, still I prefer Ms. Linux J


How to increase the VMware VIrtual Machine Hard Disk, and OS Hard Disk within the Virtual Machine

Many of the time we create a VMware virtual machine with a small amount of (e.g. 6 GB) for Virtual Disk. After a while, we face “low disk space” error. I had such problem few days ago.  After a bit digging google, I find out how to expand the Virtual Disk capacity. To do this, first, you need to turn off the virtual machine, and then make sure there is no snapshot, or cloned or linked VM. Then just follow as follow.

chose utilities chose expand
Chose Utilities to expand


Then, as the following image you can increase the Virtual Hard Disk as much as you like.

 Chose the maximum disk size as you need
Chose the maximum disk size as you need

So now you can increase the hard disk of the virtual machine Operating System as well. Let’s assume that, the VM operating system is windows XP. Just download the Gparted.iso. This tool works with any Linux, Mac and Windows machines. After downloading the Gparted.iso, boot the VM with it. Just leave all the questions as default until you get the main page. You can increase the size in the gparted very easily.

Gparted Menu
chose your language or chose Don't touch Keymap
chose your language or chose Don’t touch Keymap

The last picture shows how to increase the OS hard disk size.

Increasing th OS hard disk size
Increasing th OS hard disk size