Zer0Byte http://zer0byte.com Geekiest Techno News Mon, 14 Nov 2016 15:49:11 +0000 en-US hourly 1 130760214 Zer0byte’s S.W.O.R.D . A Web Pentesting UI for Openwrt based Dropboxes -V1.0 Released http://zer0byte.com/2015/11/16/zer0bytes-s-w-o-r-d-web-pentesting-ui-openwrt-based-dropboxes-v1-0-release/ Mon, 16 Nov 2015 02:39:09 +0000 http://zer0byte.com/?p=1642   [ Read More ]]]> SWORD V 1.0 Released


Wait is over everyone! I am finally releasing  S.W.O.R.D v 1.0.    🙂

ScreenShot: WEP Cracking in action.

I can assure you that your WIFI Pineapple can’t do this from its GUI : D I know its not 2010 but I am just saying.

WEP Cracking with SWORD

List of all the working modules.
  1. Reverse shell (New)
  2. Reaver
  3. WEP cracker (New)
  4. MDK3
  5. Nmap (New addon)
  6. Nbtscan
  7. Password Sniffer
  8. Network Sniffer
  9. Wifi Nuke

Screenshot: MDK3 in action.

MDK3 custom SSID-SWORD-Network Penetration Testing Software


This project can be downloaded from the link below

Download Link



  1. just extract these files /www directory of your router
  2. Makre sure you have bash installed on your router otherwise the scripts wont work (opkg install bash –force-depends)‏
  3. give 655 to the /cgi-bin directory (chmod -R 655 /www/cgi-bin/*
  4. when done simply navigate to it by typing “yourrouterip/SWORD” in your web browser (

Pre- Reqs

Make sure you have ettercap-ng, reaver, tcpdump, url snarf, nmap , mk3 installed on your router.

Notes / Request 

  1. If you want to give suggestions you can email me at.“thezerobytemail@gmail.com”
  2. Add Basic  authentication to /www folder so that you don’t get pwned yourself.  

Would love to hear about it.




Kali Linux – Net Hunter-Offensive Security’s Next Big thing http://zer0byte.com/2014/09/24/kali-linux-net-hunter-offensive-securitys-big/ Wed, 24 Sep 2014 02:36:46 +0000 http://zer0byte.com/?p=1635   [ Read More ]]]> Kali linux Offensive security Net hunter

Leets at offensive security have yet again showed the world that they are undoubtedly the leader / trend setter in info sec community. They are the Bugatti Veyron of our industry :D. The have released “Net Hunter” a penetration Testing Linux distro designed around the mobile devices running on Android. NetHunter supports Wireless 802.11 frame injection, 1 Click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as BadUSB MITM attacks – and is built upon the Kali Linux distribution and toolsets. Whether you have a Nexus 5, Nexus 7, or Nexus 10, they have  got you covered.

HID Keyboard attack video below is just a glimpse of how powerful this distro is.


This distro can be downloaded from the following link below.

Download Link

Zer0byte’s S.W.O.R.D . A Web Pentesting UI for Openwrt based Dropboxes-(Beta Release) http://zer0byte.com/2014/08/13/zer0bytes-s-w-o-r-d-web-pentesting-ui-openwrt-based-dropboxes-beta-release/ Wed, 13 Aug 2014 07:14:18 +0000 http://zer0byte.com/?p=1623   [ Read More ]]]> SWORD OPENWRT pentesting GUI MR 3040 minipwner


SWORD pentesting GUI for openwrt and minipwner

S.W.O.R.D is a web based UI for openwrt based dropboxes inspired by the minipwner (http://minipwner.com/) project. This UI is based on Reaver, MDK3 Ettercap, NMAP TCP dump , URL SNARF and etc…

I started this project on TP-Links Mr 3040 3G router but it will work on pretty much on any thing which has linux, http server and cgi on it.


Few Screen shots


sword pentesting GUI for openwrt

sword pentesting GUI for openwrt minipwnersword pentesting GUI for openwrt minipwner network based attacks


This project can be downloaded from the link below

Download Link



  1. just extract these files /www directory of your router
  2. Makre sure you have bash installed on your router otherwise the scripts wont work (opkg install bash –force-depends)‏
  3. give 655 to the /cgi-bin directory (chmod -R 655 /www/cgi-bin/*
  4. when done simply navigate to it by typing “yourrouterip/SWORD” in your web browser (

Pre- Reqs

Make sure you have ettercap-ng , reaver tcpdump, url snarf, nmap , mk3 installed on your router. Sorry for not adding an automatic script for downloading missing stuff.

Notes / Request 

This project is still under development and I will be adding more stuff to it later on. My request to you is that this platform is very easy to understand and to add  more development on it, so please feel free to make more modules for this project. Most of the hard work is done in this beta release, so it wont be difficult to understand. If you want to give suggestions you can email me at


Would love to hear about it.



A very n00b friendly guide hack whatsapp chats poc http://zer0byte.com/2014/07/31/n00b-friendly-guide-hack-whatsapp-chats-poc/ Thu, 31 Jul 2014 16:56:38 +0000 http://zer0byte.com/?p=1618   [ Read More ]]]> Whatsapp chat spy stealer Security researcher “Mohit Sahu” has written a very detailed step by step (n00b friendly) guide on how to create a whatsapp chat stealer application for android.  According to him, Whatsapp chats database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card, as we know people use  many apps, games so its very easy steal whatsapp chats database file from SD card using any android malware app/stealer app. whatsapp chat stealer

This tutorial can be obtained from the following links below.

Disclaimer by Author: This guide is for education purpose only. Do not hack others accounts,  This is illegal and may put you behind jail and high penalty can be exposed. Learn  Hacking For Good Purposes.all the tools used in paper is available in their respective owner website and permissible to use it for personal use, for commercial use grant permission from owner .

Aircrack-ng Updated- Version 1.2-beta3- Complete Changelog http://zer0byte.com/2014/04/08/aircrack-ng-updated-version-1-2-beta3-complete-changelog/ Tue, 08 Apr 2014 01:37:50 +0000 http://zer0byte.com/?p=1608   [ Read More ]]]> Aircrack-ng Update Version 1-2beta3

Being a WIFI Pentesting enthusiast,Update on  aircrack-ng suite always excites me. Even though this time there is not much much of an improvement but still we have it thanks to our super Lee7 dev “mister_x” .

Aircrack-ng Changelog Version 1.2 beta 3

  • Finally properly fixed the buffer overflow.
  • Fixed channel parsing (eg 108, 125) and updated radiotap parser.
  • Various other small fixes.

Download Link



Backdoor Found In Linksys & Netgear Home Wi-FI Routers http://zer0byte.com/2014/01/02/backdoor-linksys-netgear-home-wi-fi-routers/ Thu, 02 Jan 2014 15:54:27 +0000 http://zer0byte.com/?p=1595   [ Read More ]]]> Backdoor in LinksysNetgear Routers

Security Researcher “Eloi Vanderbeken” @elvanderb managed to find out a backdoor  listening on TCP port 32764 on the Following Linksys / Netgear Home Wi-Fi access points.

  • Linksys WAG200G
  • Netgear DM111Pv2
  • Linksys WAG320N
  • Linksys WAG54G2
  • DGN1000 Netgear N150
  • Diamond DSL642WLG / SerComm IP806Gx v2 TI

Python based Backdoor can be downloaded from here :https://github.com/elvanderb/TCP-32764.

Presentation:- https://github.com/elvanderb/TCP-32764/blob/master/backdoor_description_for_those_who_don-t_like_pptx.pdf


Twitter:- @elvanderb
Github:- https://github.com/elvanderb
E-mail:- eloi.vanderbeken@gmail com

SnapChat Database Leaked – 4.6 million users affected http://zer0byte.com/2014/01/01/snapchat-database-leaked-4-6-million-users-affected/ Wed, 01 Jan 2014 06:29:12 +0000 http://zer0byte.com/?p=1588   [ Read More ]]]> Snapchat Cover

Website called SnapchatDB! has released SQL/CSV files that claims to contain the username and associated phone number for a “vast majority” of the service’s users, with the last two digits of the numbers obscured. That amounts to 4.6 million pairs, although actually downloading the files to actually use them or verify the claim seems impossible, presumably due to site bandwidth limitations.

According to their website

“You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”

This Stunt is carried out to increase public awareness.. 🙂

“This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. “

No apparent details of the Snapchatdb Owners on WhoIs

SnapChat WhoIs Info


Useful Links

SSlStrip Developer Integrates CyanogenMod Text Message Encryption for Ver 11 http://zer0byte.com/2013/12/11/sslstrip-developers-integrates-cyanogenmod-text-message-encryption-ver-11/ Wed, 11 Dec 2013 11:28:55 +0000 http://zer0byte.com/?p=1585   [ Read More ]]]> cyanogenmod sms encryption 10 2

CyanogenMod would be seeing integrated, system-wide secure messaging integration with compatibility with TextSecure.  TextSecure is an open-source cross-platform (iOS and Android) client that encrypts your SMS messages both locally, and over the air when sending to other TextSecure users. The application is maintained by Open WhisperSystems, and lead engineer Moxie Marlinspike .He is in fact the same Guy who Developed the famous SSL Strip.

Moxie is a veteran of open source software, cryptography and good encryption practices, and a privacy advocate. To learn more about him and his accomplishments check out his personal site and Wikipedia page. He’s also spent time as a speaker at DEFCON on multiple occasions.

Moxie has been the lead engineer on the CyanogenMod implementation of TextSecure, making sure the CM version is both secure and compatible with his existing services. Unique to the CM implementation is our SMS middleware functionality. This is the same code that allows for our Google Voice integration into any messaging application.

By leveraging this for our TextSecure implementation, we can extend the encrypted messaging functionality to nearly any SMS application you decide to use. Your messages to other CM or TextSecure users (regardless of iOS or Android) will automatically be encrypted and secured. In the event your receiving party isn’t on CM or using TextSecure, the implementation will silently fall back to a normal SMS message (unencrypted).

 CM has launched initially CM 10.2 nightly stream to test the server load and make sure things are working at scale. Once things are dialed in, They’ll also enable this for CM 11 builds moving forward.

Anti-Google SWAG Line ‘Scroogled’ by Microsoft http://zer0byte.com/2013/11/21/anti-google-swag-line-scroogled-microsoft/ Thu, 21 Nov 2013 17:05:27 +0000 http://zer0byte.com/?p=1580   [ Read More ]]]> Anti google swag by Microsoft

Microsoft these days has gone Full Anti on Google With its Swag Line of “Scroogle”. Earlier this year, Microsoft “Don’t Get Scroogled” site to highlight how the search engine sells its shopping results, while Microsoft’s Bing search engine embraces a more “honest search.” (HAHA :D) This is Hilarious because we know they both steal our data any ways

Scroogled Keep Calm Mug view 1

“Put 15-ounces of your favorite beverage into this stoneware mug to let the world know that even though Google is trying to make money on almost every aspect of your digital life, you’re still calm. And fully caffeinated.” This is what the description of the above cup says on Microsoft’s website.

Click here.or a full look at Scroogled products

Github Bans Rubbish Passwords. http://zer0byte.com/2013/11/21/github-bans-rubbish-passwords/ Thu, 21 Nov 2013 16:33:17 +0000 http://zer0byte.com/?p=1577   [ Read More ]]]> Github Bans Rubbish Passwords

A recent brute force attack took over a number of user accounts,Github explains all in a blog post,

“Some Github user accounts with weak passwords were recently compromised due to a brute force password-guessing attack,” said Shawn Davenport, director of security at Github.

“I want to take this opportunity to talk about our response to this specific incident and account security in general.”

Davenport said that the organisation responded to the attack by contacting all those affected and advising them of what action they should take.

First on its list was not using a weak password. There is other guidance too.

“We sent an email to users with compromised accounts letting them know what to do. Their passwords have been reset and personal access tokens, OAuth authorizations, and SSH keys have all been revoked.

“Affected users will need to create a new, strong password and review their account for any suspicious activity. This investigation is ongoing and we will notify you if at any point we discover unauthorized activity relating to source code or sensitive account information,” added Davenport.

“Out of an abundance of caution, some user accounts may have been reset even if a strong password was being used. Activity on these accounts showed logins from IP addresses involved in this incident.”

In all, there were 40,000 IP addresses being used to brute force passwords. A solution to this is being worked on, and commonly used or weak passwords are not welcome.