I'm posting this hack first because its easy to do, and it will get your feet wet as to what can be done with the right tools and enough patience. the goal for this hack is to show you what kind of damage an attacker who gains access to your LAN environment can do if left to his/her own devices. the major tool i will use is Metasploit, bu ti will simplify this for you because this is your first time hacking into anything, so i'm also using ARMITAGE. Armitage is an GUI Platform for Metaspoilt and in technical terms,it is a script-able red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.It saves time and is very powerful in commencing Metaspoilt attacks.
So Now about our attack:
What we need:
Latest Metasploit framework.
Java
Preferably Internet on LAN
Brains and patience.
Now lets us start our hack:
Step 1: Open armitage on Backtrack 5 by going to : Backtrack > Exploitation Tools > Network Exploitation Tools > Metasploit Framework > armitage.
Step 2: Connect Armitage:
Click on the connect button.
Step 3: Connecting Armitage :
Now use the patience part, and stretch your legs, it takes some time to connect.
Step 4: Armitage Window :
It has 3 Panels:
Target Panel
Module Panel
Tabs Panel
Step 5: Finding the alive host on the network :
Now you will search for Host on you network, by going to hosts -> Nmap Scan -> Quick Scan (OS detect). This will perform a quick scan to detect the host and their operating systems and vulnerabilities.
Step 6: Inputting The Scan Range :
Now You have to insert scan range,that is you LAN ip range, most preferably it would start with 192.168.0.- or 10.0.0.-.
NOTE : the ( - ) resembles the computers on LAN.
Start the scan.
Step 7: Scan complete: After the scan has completed, if their are any other PC's on your network on, then they would be visible in the Target Pane (the big black box on the upper right).
Step 8: Finding Attacks :
Now the fun parts starts. Click on "Attacks" tab in your toolbar and select 'find attacks' (Not hail mary, you might not be ready for that). Start the scan and wait till it completes.
Step 9: Set the vulnerability :
Right click on the 'host' icon (windows pc) -> Select attacks -> smb -> ms08_067_netapi vulnerability.
Now a window should pop, click on the check-box that says "Use a reverse connection", start attack
Step 10: The final result :
So did the host icon turn red? That means YOU PASSED.
So you did the hacking part right, now let us mess with the client.
Hack 1: Opening Command Prompt:
Right click on the host -> Meterpreter1 ->Interact -> Command Shell
Now you are in their command prompt. You can now change, rename, delete, create files on their pc now. Search Google for some powerful windows commands.
Hack 2: Start an KEYLOGGER:
Click on the Meterpreter2 -> Explore -> Log Keystrokes.
Now you will receive what the victim is typing.
Hack 3: Take a Screen Shot:
Click on the Meterpreter2 -> Explore ->Screenshot.
Now you can see what is on their Facebook wall or Google mail accounts.
Hack 4: Browse Files:
Right click -> Meterpreter2 -> Explore > Browse Files .
Now you can interact with all the files on victim PC via a GUI.
Hack 5: Get in His Webcam:
Right click -> Meterpreter2 ->Explore -> Webcam shot
If they have a webcam installed, this will stream to you what the camera sees.
This will get you started. Please try and do your own discovery, and research as much as possible. The habit of self discovery can fetch you far more knowledge than someone holding your hand and showing you the say.
Happy Hacking!
Wednesday, February 27, 2013
Thursday, February 21, 2013
Top 9 penetration testing operating systems
Below is the list of Top 9 Operating Systems focused on Penetration and Hacking,The Operating Systems are judged on these Criteria : Number Of Package's, Availability of tutorials,how often new editions come out, popularity and user experience. I have personally used each of these tools, and i must say they do live up to their name and reputation.
One Operating System of note:
Damn Vulnerable Linux.
Well this is new, Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't; Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. Based on Slackware, DVL isn't built to run on your desktop – it’s a learning tool for security students. So put it on your old PC and start your hacking carrier.
NOTE: This is not a distro full of security tools and how-to-hack apps. This is one of the best tools to use as a target to test your skills against. The people who developed this have sense discontinued the project, but you can still find ISO's and virtual images of this product for your own use.
NOTE: ITT Technical Institute students are given a copy of this on a virtual machine with their server farm structure for ISS classes. It is labeled as one of their Linux VM's
With that, here it is:
Number 9 : Samurai Web Testing Framework (WTF).
The Samurai Web Testing Framework is a live Linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. Developed by Kevin Johnson [security analyst] and Justin Searle [IT Security Architect for JetBlue Airways] specially for hacking web based application and websites. Bad thing it is only available as Live DVD, and its one of more difficult distro's to install. Interested ? then check out their page Here.
Number 8 : Back Box Linux.
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, its own software repositories, are always being updated to the latest stable version of the most used and best known ethical hacking tools. Check it out Here.
Number 7 : Gnacktrack :
Ahh, gnackTrack is no-doubt the best looking Pentesting operating system ever,and this is the best for beginner hackers,it has a good software library,GnackTrack is a Live (and installable) Linux distribution based on Ubuntu.The latest version "GnackTrackR6" is gaining a lot of popularity and you should try it out if you are interested.Official Site Here.
Number 6 : Network Security Toolkit (NST).
The Network Security Toolkit (NST) is Based of Fedora (not debian ) and The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools.This Distro has a whole new level of Graphical Interface and damm it looks good.Get this beautiful yet dangerous OS Here.
Number 5 : Live Hacking Operating System.
Live Hacking DVD is a Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this distribution comes in two forms. A full Linux desktop including a graphical user interface (GNOME) and tools and utilities..Another in live DVD form.Plus Point : This distro has a huge guide on hacking on its official site.Get this Distro Here
Number 4 :DEFT Digital Evidence & Forensic Toolkit.
.jpg)
DEFT 7 is based on the new Kernel 3 (Linux side) and the DART (Digital Advanced Response Toolkit) with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment.It is a very professional and stable system that includes an excellent hardware detection and the best free and open source applications dedicated to Incident Response, Cyber Intelligence and Computer Forensics.Get this Swiss Army Knife of the PC world Here
Number 3 : BlackBuntu Linux.
Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. It's currently being built using the xubuntu 12.04.This edition has a large software library and nearly 100000's tutorials flying on YouTube and other sites. Blackbuntu runs on almost any PC,new or old,because of its less requirements.The Main developer,Krit Kadnok says "It's created in our own time as a hobby."Get Blackbuntu Here.
Number 2 : BugTraq Operating System.
Bugtraq system offers the most comprehensive distribution, optimal, and stable with automated services manager in real time. Bugtraq is available with XFCE, Gnome and KDE based on Ubuntu, Debian and OpenSuse. The systems are available in 11 different languages. Bugtraq has the widest range of tools and a whole lot of tutorials on the net,besides that,This distro has a sick interface.Get this Here.
Number 1 : BackTrack Operating System.
.jpg)
BackTrack is an Operating system which is especially made for Hackers,ethical Hackers,Penetration testers etc.This operating system includes all the security assessments and features till date.This distro got it all,Slick Interface,Powerful yet latest tools,high compatibly large software library,tons of tutorial.you name it.This is used by FBI,NSA and most of the hackers.So why don't you try it ? Get Version 5r3 from Here.
One Operating System of note:
Damn Vulnerable Linux.
Well this is new, Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't; Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. Based on Slackware, DVL isn't built to run on your desktop – it’s a learning tool for security students. So put it on your old PC and start your hacking carrier.
NOTE: This is not a distro full of security tools and how-to-hack apps. This is one of the best tools to use as a target to test your skills against. The people who developed this have sense discontinued the project, but you can still find ISO's and virtual images of this product for your own use.
NOTE: ITT Technical Institute students are given a copy of this on a virtual machine with their server farm structure for ISS classes. It is labeled as one of their Linux VM's
With that, here it is:
Number 9 : Samurai Web Testing Framework (WTF).
The Samurai Web Testing Framework is a live Linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. Developed by Kevin Johnson [security analyst] and Justin Searle [IT Security Architect for JetBlue Airways] specially for hacking web based application and websites. Bad thing it is only available as Live DVD, and its one of more difficult distro's to install. Interested ? then check out their page Here.
Number 8 : Back Box Linux.
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, its own software repositories, are always being updated to the latest stable version of the most used and best known ethical hacking tools. Check it out Here.
Number 7 : Gnacktrack :
Ahh, gnackTrack is no-doubt the best looking Pentesting operating system ever,and this is the best for beginner hackers,it has a good software library,GnackTrack is a Live (and installable) Linux distribution based on Ubuntu.The latest version "GnackTrackR6" is gaining a lot of popularity and you should try it out if you are interested.Official Site Here.
Number 6 : Network Security Toolkit (NST).
The Network Security Toolkit (NST) is Based of Fedora (not debian ) and The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools.This Distro has a whole new level of Graphical Interface and damm it looks good.Get this beautiful yet dangerous OS Here.
Number 5 : Live Hacking Operating System.
Live Hacking DVD is a Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this distribution comes in two forms. A full Linux desktop including a graphical user interface (GNOME) and tools and utilities..Another in live DVD form.Plus Point : This distro has a huge guide on hacking on its official site.Get this Distro Here
Number 4 :DEFT Digital Evidence & Forensic Toolkit.
DEFT 7 is based on the new Kernel 3 (Linux side) and the DART (Digital Advanced Response Toolkit) with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment.It is a very professional and stable system that includes an excellent hardware detection and the best free and open source applications dedicated to Incident Response, Cyber Intelligence and Computer Forensics.Get this Swiss Army Knife of the PC world Here
Number 3 : BlackBuntu Linux.
Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. It's currently being built using the xubuntu 12.04.This edition has a large software library and nearly 100000's tutorials flying on YouTube and other sites. Blackbuntu runs on almost any PC,new or old,because of its less requirements.The Main developer,Krit Kadnok says "It's created in our own time as a hobby."Get Blackbuntu Here.
Number 2 : BugTraq Operating System.
Bugtraq system offers the most comprehensive distribution, optimal, and stable with automated services manager in real time. Bugtraq is available with XFCE, Gnome and KDE based on Ubuntu, Debian and OpenSuse. The systems are available in 11 different languages. Bugtraq has the widest range of tools and a whole lot of tutorials on the net,besides that,This distro has a sick interface.Get this Here.Number 1 : BackTrack Operating System.
BackTrack is an Operating system which is especially made for Hackers,ethical Hackers,Penetration testers etc.This operating system includes all the security assessments and features till date.This distro got it all,Slick Interface,Powerful yet latest tools,high compatibly large software library,tons of tutorial.you name it.This is used by FBI,NSA and most of the hackers.So why don't you try it ? Get Version 5r3 from Here.
Man-in-the-middle attacks using Ettercap
Introduction To Man-In-The-Middle Attacks -
Man in the middle attacks is known as eavesdropping in the computer world. In these attacks, the attackers makes a fake bridge connections with the victims and relays message so they think that the connection is working the way it is supposed to work. With this connection, the attacker can see all the same traffic that the victim sees. Basic man-in-the-middle attacks are easily stopped by employing a VPN; so you can see the importance of using a VPN when using public internet.
Introduction To ETTERCAP -
Ettercap,short for Ethernet Capture,Is an open source app that creates an fake connection to your victim and the router,captures and send's data to its destination.It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
Installing ETTERCAP -
For Debian (Linux) based editions -
Debian based editions (Ubuntu,backtrack,etc) can install Ettercap by using these steps -
1-Open Your Terminal.
2-Type: sudo apt-get install ettercap-gtk ettercap-common
3 -When you have installed it, type on the terminal: sudo gedit /etc/etter.conf
4 - Look for something like "iptables" and delete the #.
5 -It Should look like:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport".
-what this does is route connections from your incoming to the outgoing internet connection on your machine; this will make the victim unaware that someone is spying on their traffic.
For Windows based editions -
1-Get the installer from Here
2 -Install it by using the on-screen steps.
Setting Up ETTERCAP -
1 - Run the application.
2 - Click "Sniff -Unified Sniffing",then choose the network from the drop-down list you want to attack.
3 - Once you have chosen the interface the something like this will open:
4 - Now go to - “Hosts->Scan for Host",now it will scan the network for other computers.
5 - When completed,click on "Hosts-> Host List",it will show up the available computers.
6 - Now select the computer you want to attack (example 192.168.0.5) as TARGET 1,And the ip of router (example 192.168.0.1) as TARGET 2.
7 - Now go to "MITM -> Arp Poisoning,and select the “Sniff Remote Connection” and click “ok”.
8 - Click "Start" and choose "Start Sniffing".
How Could the Attacker use this data -
The captured data can be easily used for sniffing password for Google Facebook,yahoo etc and they can also use it as a monitoring device,and see what kind of porn you like :P
NOTE : ETTERCAP can cause instability of network and the windows version is not too much stable, Restart the router in order to regain stability.
Subscribe to:
Posts (Atom)