Showing posts with label Hacking Tools. Show all posts
Showing posts with label Hacking Tools. Show all posts

How to Detect Sniffer in Your Network

Xarp is an advanced anti spoofing tool that flags all the spoofing attacks that might be using ARP(address resolution protocol) targeting your system. This includes documents, emails and VoiceIP conversations.  ARP attacks allows hacker to manipulate the data sent over the network. Xarp uses active and passive modules to detect hackers inside the network. Having such tools in the system is very important as the computer firewalls and OS security do not provide protection against ARP attacks.

Download latest Xarp version from http://xarp.software.informer.com/download/


After it gets downloaded, install it in your computer. Now,we will perform an attack on a system with Xarp installed  To show this tool’s effectiveness, we perform the attack with Bettercap


As soon as Xarp detects an ARP attack, it shows an alert on the screen like this.



 It is to be noted that there was no such alert or blocking from both windows firewall and defender, but Xarp detects the intrusion and warns about it.

Author- Shivam Yadav is a certified ethical hacker, an enthusiast and a researcher in this field.

How to Create Botnet for D-Dos Attack with UFONet

Remember: this tool is NOT for educational purpose.

  Usage of UFONet for attacking targets without prior mutual consent is illegal.

  It is the end user's responsibility to obey all applicable local, state and federal laws

UFONet - is a free software tool designed to test DDoS attacks against a target using 'Open Redirect' vectors on third party web applications like botnet

Features
·         Auto-update
·         Clean code (only needs python-pycurl)
·         Documentation with examples
·         Web/GUI Interface
·         Proxy to connect to 'zombies' (ex: tor)
·         Change HTTP Headers (User-Agent, Referer, Host...)
·         Configure requests (Timeout, Retries, Delay...)
·         Search for 'zombies' on google results (using a pattern or a list of dorks)
·         Test 'Open Redirect' vulnerabilities on 'zombies'
·         Download/Upload 'zombies' from Community
·         Inspect a target (HTML objects sizes)
·         Set a place to 'bit' on a target (ex: big file)
·         Control number of rounds to attack
·         Apply cache evasion techniques
·         Supports GET/POST
·         Multithreading
·         Different search engines for dorking
·         Web interface
·         Geomapping / Visual data
·         Order 'zombies' to attack you for benchmarking


First of all download UFONet from sourceforge by  this link:
https://sourceforge.net/projects/ufonet/
and extract it and enter the folder and open up the terminal and now list all the options available with this command :

./ufonet  --help


Now we have to download all the zombies that will be used for attack.Open the terminal and type:
./ufonet  --download-zombies


Now type the following command for using the GUI version:
./ufonet  --gui


The above command will open a browser with GUI options .Click on START MOTHERSHIP.


Now it will open up a GUI with different options.


Now click on Botnet option.


Clicking on Botnet will give many options to configure.


Now clicking on List Zombies will list all the Zombies it will be using for the attack.


Now click on Attack option.


Set the target to your target URL or your target IP and set the number of rounds as per your need and click on start for the attack.


As you can see first round of attack is started from multiple zombies and after a time the host  will be down.

Access Sticky keys Backdoor on Remote PC with Sticky Keys Hunter

This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server; send both the sticky keys and utilman triggers and screenshot the result.

How does it work?

·         Connects to RDP using rdesktop
·         Sends shift 5 times using xdotool to trigger sethc.exe backdoors
·         Sends Windows+u using xdotool to trigger utilman.exe backdoors
·         Takes screenshot
·         Kills RDP connection

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Bypass the UAC Protection of Victim PC (Tutorial How to Bypass UAC Protection)

After getting the session enable the remote desktop option of remote pc using following exploit

msf > use post/windows/manage/enable_rdp
msf post(enable_rdp) > set session 2

msf post(enable_rdp) > exploit


In Next step replace the sticke key with command prompt using following exploit
msf > use post/windows/manage/stickey_keys
msf post(stickey_keys) > set session 2
msf post(stickey_keys) > exploit


Now clone Sticky Keys Hunter repository from github, to do so type:



For scan a single host: ./stickyKeysHunter.sh 192.168.0.120


Now a pop will open like below


Now press shift key 5 times at the login screen now a command prompt will open up


Now you can do anything in victim pc through command prompt. I am using net user command to see the list of active account

Detect Vulnerability Scanner in Network using Kfsensor

In the previous article, we have seen that how KFSensorHoneypot IDS detects any unauthorized person by simulating vulnerable system services. Well, vulnerability to a hacker is like jewels. Every hacker or malicious person  fist face of hacking is Footprinting and second is scanning where they get to know whether a system is vulnerable for performing an attack or not. So in this article, we will detect an unauthorized person or a hacker and stop it.

Install and start KFSensorHoneypot IDS server to do this read my previous article

Here my KFSensorHoneypot is ready.


Scanning phase tells us whether systems is vulnerable or not and sometimes even provide us exploit information which is available for that vulnerability. So every of the hacker performs this step before exploiting your system.
 So here I try to scan my system running KFSensor with Nessus vulnerability scanner from another computer.


As you can see Nessus started scanning my system and finding the vulnerability.


Here you can see that KFSensorHoneypot IDS alerted you that someone is trying to scan your system for vulnerability and some of the packets your system is receiving are malicious and recorded attackers IP address.


Now I’m trying to scan my system with GFI Languard also to see that KFSensorIDS detect or not.


GFI Languard started scanning.


Here KFSensorHoneypot IDS alerted that someone is sending packets to get vulnerability of the system. Here you can monitor attacks on every TCP and UDP ports. Even you can see ICMP or ping messages.


Here you can see that someone is trying attacking on Port and his IP address is 192.168.149.1


You can also view alerts by visitor’s means which IP address is trying to access onwhich ports.



KfsensorHoneypot IDS can also detect whether someone is using a Vulnerability scanner or not to perform an attack on your system. Now we know that particular IP address is sending to many packets which are not good. So to block that IP address we have to create a separate policy for that visitor.
To do that double-click on IP address you want to block accessing your system, a menu will appear.


Now click on details.




Here click on Create Visitor Ruleto create a policy.
After that select port, you want to block for that IP address and select actions Close or Ignore all requests from that particular IP address.

Vulnerability Scanning in Network using Retina

Retina is a network vulnerability scanner, one of the industry’s most powerful and effective vulnerability scanners. This network scanning tool gives pretty good vulnerability assessment experience and generates full brief network vulnerability report.

So let’s see how to do network vulnerability scanning.


Open Retina vulnerability scanning. In audit section click on Targets select target type you can select single IP or you can also give a range of IP’s, in my case I’m scanning single IP, now give file name and job name whatever you want.


Now click on Ports in the left section and select types of port group you want to include in your scan and click on modify.


Now click on Audits from the left section and select the type you want to scan.


Now goto Options section and select type of information you want to gather like NetBios name, DNS address, etc.

 Now goto credential section and select your type and finally click on scan.

Now Retina will start scanning your network according to settings.


After few minutes your vulnerability scanning will complete.


Now go to Remediate section, in this section you can select what you want to include in your vulnerability report.


Now in Report section you can select what type of report you want to generate for your network penetration testing. Select the type of report according to your need from Report type menu and click on Generate button



After that you have two options to view your report, either through Internet explorer or Microsoft word.
Click on the internet explorer icon. Now you can see that Retina Network vulnerability scanner created a wonderful vulnerability report by explaining each and every vulnerability of the network.