C.S. Projects

Hello

Posts Tagged ‘Ethical Hacking’

Ethical Hacking — Wpscan Tool

Comments Off on Ethical Hacking — Wpscan Tool

June 19th, 2020 Posted 3:39 am

Wpscan Tool

Wpscan Tool is a tool used to scan WordPress websites. Wpscan is used in Kali Linux andIt scans for possible vulnerabilities such as outdated WordPress versions and vulnerable themes and plugins and etc.

Before using wpscan for scanning WordPress websites in Kali Linux, it is vital to ensure that wpscan is up to date. To ensure this simply type

wpscan update

This will update the wpscan tool to its latest version thus ensuring you can use all its features.

There are different types of enumeration filters for wpscan. These are:

u (for usernames)

p (for plugins)

vp for vulnerable plugins

t (for themes)

vt (for vulnerable themes)

at (for all themes)

tt (for timthumbs) Timthumbs are major security risk so it would be wise to ensure the website does not have to

ap (for all plugins)

To find all the users in a certain website simply type the command wpscan –url yourwebsiteurl -e u.This enumerates all the users. If you wish to discover the password then it is possible through brute force method. The command is wpscan –url yourwebsiteurl -wordlist password.txt.This will find a possible password match for the user if there are any in the wordlist.

Ethical Hacking — Sherlock Tool

Comments Off on Ethical Hacking — Sherlock Tool

June 12th, 2020 Posted 3:24 pm

Sherlock Tool

Sherlock is a useful and powerful tool which identifies usernames across many social networks such as Instagram or DevianArt. There is a possibility of users adding links to their other social media accounts on platforms such as Instagram. This enables hackers to obtain more information regarding the user. Furthermore, images obtained from these social media platforms could be used in reverse image search. This would lead hackers to discovering other profiles that uses the same image.

This can be useful for gathering information, it can be used to perform sophisticated engineering attacks against a target.

Requirements Python 3.6 or higher

Installation

1. Launch terminal in Kali Linux

2. The first step in installing sherlock is to clone the repository. The command is git clone https://github.com/sherlock-project/sherlock.git

3. Type the ls command to view content of the directory , the sherlock tool is now present in the directory.

4. Change the directory to sherlock

5. Install the requirements after ensuring python3 and python3-pip are installed



Usage In order to find out all the possible commands that can be used in sherlock, simply type

python3 sherlock –help

In order to search for one user only type the command:

python3 sherlock.py username

Change the username to the username you wish to search for. It is also possible to search for multiple users at the same time. The tool will first search for the first username and when it is done, it will move on the next.

Now Sherlock can locate all the social media accounts of the username give

Ethical Hacking — Week 11

Comments Off on Ethical Hacking — Week 11

June 5th, 2020 Posted 9:44 pm

Maintain Access

Today’s session was about maintaining access. Maintaining access after pen testing is done as a professional pentester is unethical as when we sign the NDA which stands for Non Disclosure Agreement with the company, that NDA states we are not allowed to maintain access, hence we can not continue to maintain access.

We need to maintain access as this leads to no need to reinvent the wheel, the previous vulnerabilities are already patched, sysadmin harden the system and it saves time. However, when maintaining access, it is important to ensure to read the NDA properly as some NDA states a backdoor can’t be placed.

There are certain methods to maintain access such as creating OS backdoors, Tunnel and web based backdoors. Backdoors is a method which allows attacker to access target without using normal authentication while remaining undetected. Cymothoa is a tool which can be used inject a backdoor. The command is cymothoa -p 4255 -s 1 -y 555It is possible to use DVL which stands for Damn Vulnerable Linux to learn more about other exploits.

Tunneling is encapsulating one network protocol inside another network protocol. Web based backdoors can be used when the target is web based.

Ethical Hacking — Week 10

Comments Off on Ethical Hacking — Week 10

May 15th, 2020 Posted 7:24 am

Privilege Escalation

Today’s session focused on attacking passwords. Passwords is used as one of the authentication factor, this can be based on either something you know or something you have or who you are

There two types of password attacks offline attacks and online attacks In offline attacks, hackers need physical access to the machine to be able to perform this attack, whereas in online attack, the attack can be done from a remote location.

The tools used in offline attack could be Rainbowcrack or Samdump2 or John the Ripper or Ophcrack or Crunch or Wyd

The tools used in online attack could be BruteSSH or Hydra or Dsniff or Hamster or TCPdump or Topic or Wireshark

Ethical Hacking — Week 9

Comments Off on Ethical Hacking — Week 9

May 8th, 2020 Posted 3:44 pm

Target Exploitation

In today’s session, I learned about EternalBlue. EternalBlue is a cyberattack exploit developed by the US National Security Agency otherwise known as the NSA. It was leaked by the Shadow Brokers hacker group on April 14, 2017.

EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block protocol. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.

In May 2019, the city of Baltimore struggled with a cyberattack by digital extortionists using EternalBlue. The attack froze thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.

I also reviewed about the topics I learned previously. I learned about social engineering attacks. Social Engineering attacks are considered deadly as it is very easy to execute. It is a low-risk and high-reward type of attack. It is very easy to fool people in these kinds of attacks as it depends on their trust and exploits it. I also reviewed about SET again which is Social Engineering Toolkit which is used to create famous websites and trick victims into giving out their personal details.

Ethical Hacking — Week 8

Comments Off on Ethical Hacking — Week 8

April 24th, 2020 Posted 5:50 pm

Social Engineering

In today’s session, I learned a bit about SET which stands for Social-Engineer Toolkit.SET is an open source penetration testing framework designed for social engineering. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio.

There are several steps needed to install it. The first step is to go to your kali linux and in your terminal, type git clone https://github.com/trustedsec/social-engineer-toolkit/ setoolkit/.The second step is to type cd setoolkit, then the third step is to type pip3 install -r requirements.txt then the last step is to type python setup.py.

One of the things I learned about is CUPP which stands for Common User Passwords Profiler. This is a tool that is used to find valid passwords based on the target’s personal, psychological, and social characteristics.

The method I learned today was credential harvester attack. This is a method used when we do not want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website is cloned and when the victims enters their user credentials, their usernames and passwords will be posted back to our machine.Afterwards, the victim is redirected back to the actual legitimate website.

Ethical Hacking — Week 7

Comments Off on Ethical Hacking — Week 7

April 3rd, 2020 Posted 7:55 pm

DVWA

In today’s session, I learned about DVWA which stands for Damn Vulnerable Web App and how to install it. It has three levels of security, low, medium and high.

The first step to install DVWA is to go to kali linux and prepare the terminal and type sudo su. Then move the directory to /var/www/html by typing cd /var/www/html/then download the DVWA package by typing wget https://github.com/ethicalhack3r/DVWA/archive/master.zip. Afterwards, extract the file by typing unzip master.zip.

The next step is to move the master content to the current directory, type mv DVWA-Master/*./var/www/html. Afterwards, type chown -R www-data:www-data/var/www/html

Once installation is done, start the web server and database by typing service apache2 start; service mysql start. Afterwards, check mySQL server by typing mysql_secure_installation and press Y for every Y/N question asked.Type the IP address of your kali linux into the search engine of any browser. Then, you will be directed to DVWA setup.

The presence of any red coloured text indicated missing configuration, hence that must be fixed. Type mysql -u root -p in order set up the database for DVWA. You will asked to enter the password.

Afterwards, type create database [database name]; grant all privileges on [database name].* to dvwa_user@localhost identified by ‘[password]’; flush privileges;Then type quit to exit mySQL.

Edit the configuration in the config.inc.php and enter the details of the database created in the previous step. Refresh your browser, if there are no red coloured text then you have properly configured everything, or else check the previous steps again to ensure you did not make any mistake.

Press on Create/Reset Database You will see a login page, type admin for the username and password for the password. Afterwards, you will be able to see and use the tools available such as Brute Force, SQL injection etc.

Ethical Hacking — Week 6

Comments Off on Ethical Hacking — Week 6

March 27th, 2020 Posted 5:47 pm

Vulnerability Mapping

In today’s session I learned about types of vulnerabilities and the tools for vulnerability mapping .

The types of vulnerabilities are Design vulnerabilities, Implementation Vulnerabilities, Operational Vulnerabilities, Local Vulnerability and Remote Vulnerability.

In design vulnerability, the vulnerability is found in the software or protocol specifications. In implementation vulnerabilities, the vulnerability is found in the code.In operational vulnerability, the vulnerability is found due to improper configuration and deployment target in an environment. In local vulnerability, the attacker needs local access to trigger vulnerability in the target.In remote vulnerability, the attacker does not need local access to trigger and exploit the vulnerability in the target.

The tools that can be used for vulnerability mapping are OpenVAS, Nessus, W3af, Sqlmap, acunetix, Fortify and Metasploit

Ethical Hacking — Week 5

Comments Off on Ethical Hacking — Week 5

March 20th, 2020 Posted 5:32 pm

Enumeration Target

In today session’s I learned about nbtscan,netbios,nbstat and other enumeration tools.

The command of NBTscan is nbtscan-unixwiz [IP address]. This is used to scan a range of IP addresses

NetBIOS stands for network basic input output system. It is a programming interface that allows computer communication over a LAN and is used to share files and printers.

Nbtstat is a enumeration tool that is included with the Microsoft OS.It displays NetBIOS table.

Other enumeration tools include NetScanTools Pro, DumpSec, Hyena.

NetScanTools Pro produces a graphical view of NetBIOS running on a network.It enumerates any shares running on the computer and verifies whether access is available for shared resource using its Universal Naming Convention(UNC) name.

DumpSec is a enumeration tool for Microsoft system. It is produced by Foundstone,Inc. It allows users to connect to server and dump permissions for shares or permissions for printers or permissions for the Registry or users in column or table format or policies and rights or services

Hyena is a excellent GUI product which shows shares and user login names for windows servers and domain controllers. It displays graphical representation of Microsoft terminal services and Microsoft Windows network and web client network and find user/group

Ethical Hacking — Week 4

Comments Off on Ethical Hacking — Week 4

March 13th, 2020 Posted 4:56 pm

Target Discovery

In today’s session I learned about fingerprinting and nmap.

There are different types of fingerprinting, one of them is Passive fingerprinting. Passive fingerprinting is the practice of determining a remote operating system by measuring the peculiarities of observes traffic without actively sending probes to the host. No single signature can reliably determine the remote operating system.However, by looking at several signatures and combining the information, the accuracy of identifying the remote host increases. P0f and Siphon are examples of passive fingerprinting tools.Though Passive fingerprinting is powerful, it has limitations. The tools must reside in places that can sniff target hosts’ traffic.

nmap is a TCP/IP stack fingerprinting tool which tests the response of the remote system to undefined combinations of TCP flags, TCP ISN sampling, determining the default setting of the DF bit, TCP initial windows size, ToS setting, fragmentation handling and order of TCP options. nmap fingerprints a system in three steps:

  1. 1.Port Scanning
  2. 2.Ad-hoc forged packets sending
  3. 3.Analysis of responses received and comparison against a database of known OS’s behaviour