HACK VAK

HACK NOW

Breaking

Showing posts with label LEARN HEAR. Show all posts
Showing posts with label LEARN HEAR. Show all posts

Wednesday, May 9, 2018

May 09, 2018

Hack anyone's computer by sending Email - hackvak


hackvak.blogspot.in

Hack computer  by sending Email

Hay guys today i am gonna tell you how to hack a computer by sending  email !

Using email is one of my favorite ways of breaking into an organization!
Usually, I will send out 10 emails to different employees. Out of those 10 people, 5 will click the link that I included. Of the 5 people, two or three will tell me their real work username and password. Pretty scary, isn't it?
Why are they so interested? Why would they give me their passwords? The email that I send does not look like a scam from a rich prince in an African nation. Instead, it looks like a professional email from a company conducting a survey on behalf of the employee’s organization.
Who wouldn’t be interested in filling out a survey about Salary Satisfaction?
Once they click on the link, they are taken to a login page. It is then than an average of 25% of the people emailed submit their passwords.
This is where the fun begins!
If the company is using Microsoft Exchange (email server), I can use their credentials to synchronize a copy of their email onto my computer.
Once it is synchronized, I can create a client-side rule that runs a program every time a certain email is received.
hackvak.blogspot.in


This rule will synchronize over Exchange across all the computers that use that persons account.
Once they receive the special email, my program runs on the victim’s computer.
At this point, it is usually trivial to gain access to the rest of the network.
The other option is to send a user a malicious Word document. However, that usually requires building up a context where it would make sense for that attachment to be opened.
Recently, I received a very interesting attachment. It was an obvious attempt to break into my computer using a malicious Word document.
It came at a time where I was needing a more effective payload to send to my potential victims.
I was so greatful to the hacker for introducing me to a new technique that I replied with a thank you note.
The Word document contained an embedded object that appeared to be a another document. But in reality, it was a VB Script that would launch a malicious payload. Fascinating!

If you've any questions  about how to hack computer  , please reply in the comments section , thanks for visiting my blog .

2
By at 2 comments:
Labels: , ,

Sunday, April 29, 2018

April 29, 2018

Hacking tutorial Trojan Attacks || New update may 2018


Trojan Attacks

Trojans are non-replication programs; they don’t reproduce their own codes by attaching themselves to other executable codes. They operate without the permissions or knowledge of the computer users.
Trojans hide themselves in healthy processes. However we should underline that Trojans infect outside machines only with the assistance of a computer user, like clicking a file that comes attached with email from an unknown person, plugging USB without scanning, opening unsafe URLs.
Trojans have several malicious functions −
  • They create backdoors to a system. Hackers can use these backdoors to access a victim system and its files. A hacker can use Trojans to edit and delete the files present on a victim system, or to observe the activities of the victim.
  • Trojans can steal all your financial data like bank accounts, transaction details, PayPal related information, etc. These are called Trojan-Banker.
  • Trojans can use the victim computer to attack other systems using Denial of Services.
  • Trojans can encrypt all your files and the hacker may thereafter demand money to decrypt them. These areRansomware Trojans.
  • They can use your phones to send SMS to third parties. These are called SMS Trojans.

Trojan Information

If you have found a virus and want to investigate further regarding its function, then we will recommend that you have a look at the following virus databases, which are offered generally by antivirus vendors.
  • Kaspersky Virus database − https://www.kaspersky.com
  • F-secure − https://www.f-secure.com
  • Symantec – Virus Encyclopedia− https://www.symantec.com

Quick Tips

  • Install a good antivirus and keep it updated.
  • Don’t open email attachments coming from unknown sources.
  • Don’t accept invitation from unknown people in social media.
  • Don’t open URLs sent by unknown people or URLs that are in weird form.
0
By at No comments:
Labels:
April 29, 2018

Hacking tutorial Metasploit || New update may 2018


Metasploit

Metasploit is one of the most powerful exploit tools. Most of its resources can be found at: https://www.metasploit.com. It comes in two versions − commercial and free edition. There are no major differences in the two versions, so in this tutorial, we will be mostly using the Community version (free) of Metasploit.
As an Ethical Hacker, you will be using “Kali Distribution” which has the Metasploit community version embedded in it along with other ethical hacking tools. But if you want to install Metasploit as a separate tool, you can easily do so on systems that run on Linux, Windows, or Mac OS X.
The hardware requirements to install Metasploit are −
  • 2 GHz+ processor
  • 1 GB RAM available
  • 1 GB+ available disk space
Matasploit can be used either with command prompt or with Web UI.
To open in Kali, go to Applications → Exploitation Tools → metasploit.

After Metasploit starts, you will see the following screen. Highlighted in red underline is the version of Metasploit.

Exploits of Metasploit

From Vulnerability Scanner, we found that the Linux machine that we have for test is vulnerable to FTP service. Now, we will use the exploit that can work for us. The command is −
use “exploit path”
The screen will appear as follows −

Then type mfs> show options in order to see what parameters you have to set in order to make it functional. As shown in the following screenshot, we have to set RHOST as the “target IP”.

We type msf> set RHOST 192.168.1.101 and msf>set RPORT 21

Then, type mfs>run. If the exploit is successful, then it will open one session that you can interact with, as shown in the following screenshot.

Metasploit Payloads

Payload, in simple terms, are simple scripts that the hackers utilize to interact with a hacked system. Using payloads, they can transfer data to a victim system.
Metasploit payloads can be of three types −
  • Singles − Singles are very small and designed to create some kind of communication, then move to the next stage. For example, just creating a user.
  • Staged − It is a payload that an attacker can use to upload a bigger file onto a victim system.
  • Stages − Stages are payload components that are downloaded by Stagers modules. The various payload stages provide advanced features with no size limits such as Meterpreter and VNC Injection.

Payload Usage − Example

We use the command show payloads. With this exploit, we can see the payloads that we can use, and it will also show the payloads that will help us upload /execute files onto a victim system.

To set the payload that we want, we will use the following command −
set PAYLOAD payload/path
Set the listen host and listen port (LHOST, LPORT) which are theattacker IP and port. Then set remote host and port (RPORT, LHOST) which are the victim IP and port.

Type “exploit”. It will create a session as shown below −

Now we can play with the system according to the settings that this payload offers.
0
By at No comments:
Labels:
April 29, 2018

Hacking tutorial Enumeration || New update may 2018


Enumeration

Enumeration belongs to the first phase of Ethical Hacking, i.e., “Information Gathering”. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further.
Enumeration can be used to gain information on −
  • Network shares
  • SNMP data, if they are not secured properly
  • IP tables
  • Usernames of different systems
  • Passwords policies lists
Enumerations depend on the services that the systems offer. They can be −
  • DNS enumeration
  • NTP enumeration
  • SNMP enumeration
  • Linux/Windows enumeration
  • SMB enumeration
Let us now discuss some of the tools that are widely used for Enumeration.

MNNTP Suite

NTP Suite is used for NTP enumeration. This is important because in a network environment, you can find other primary servers that help the hosts to update their times and you can do it without authenticating the system.
Take a look at the following example.
ntpdate 192.168.1.100 01 Sept 12:50:49 ntpdate[627]:adjust time server 192.168.1.100 offset 0.005030 secorntpdc [-ilnps] [-c command] [hostname/IP_address]root@test]# ntpdc -c sysinfo 192.168.1.100***Warning changing to older implementation***Warning changing the request packet size from 160 to 48system peer: 192.168.1.101system peer mode: clientleap indicator: 00stratum: 5precision: -15root distance: 0.00107 sroot dispersion: 0.02306 sreference ID: [192.168.1.101]reference time: f66s4f45.f633e130, Sept 01 2016 22:06:23.458system flags: monitor ntp stats calibratejitter: 0.000000 sstability: 4.256 ppmbroadcastdelay: 0.003875 sauthdelay: 0.000107 s

enum4linux

enum4linux is used to enumerate Linux systems. Take a look at the following screenshot and observe how we have found the usernames present in a target host.

smtp-user-enum

smtp-user-enum tries to guess usernames by using SMTP service. Take a look at the following screenshot to understand how it does so.

Quick Fix

It is recommended to disable all services that you don’t use. It reduces the possibilities of OS enumeration of the services that your systems are running.
0
By at No comments:
Labels:
April 29, 2018

Hacking tutorial Exploitation || new update may 2018


Exploitation

Exploitation is a piece of programmed software or script which can allow hackers to take control over a system, exploiting its vulnerabilities. Hackers normally use vulnerability scanners like Nessus, Nexpose, OpenVAS, etc. to find these vulnerabilities.
Metasploit is a powerful tool to locate vulnerabilities in a system.

Based on the vulnerabilities, we find exploits. Here, we will discuss some of the best vulnerability search engines that you can use.

Exploit Database

www.exploit-db.com is the place where you can find all the exploits related to a vulnerability.

Common Vulnerabilities and Exposures

Common Vulnerabilities and Exposures (CVE) is the standard for information security vulnerability names. CVE is a dictionary of publicly known information security vulnerabilities and exposures. It’s free for public use. https://cve.mitre.org

National Vulnerability Database

National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance. You can locate this database at − https://nvd.nist.gov
NVD includes databases of security checklists, security-related software flaws, misconfigurations, product names, and impact metrics.

In general, you will see that there are two types of exploits −
  • Remote Exploits − These are the type of exploits where you don’t have access to a remote system or network. Hackers use remote exploits to gain access to systems that are located at remote places.
  • Local Exploits − Local exploits are generally used by a system user having access to a local system, but who wants to overpass his rights.

Quick Fix

Vulnerabilities generally arise due to missing updates, so it is recommended that you update your system on a regular basis, for example, once a week.
In Windows environment, you can activate automatic updates by using the options available in the Control Panel → System and Security → Windows Updates.

In Linux Centos, you can use the following command to install automatic update package.
yum -y install yum-cron
0
By at No comments:
Labels:
April 29, 2018

Hacking tutorial - ARP Poisoning


ARP Poisoning

Address Resolution Protocol (ARP) is a stateless protocol used for resolving IP addresses to machine MAC addresses. All network devices that need to communicate on the network broadcast ARP queries in the system to find out other machines’ MAC addresses. ARP Poisoning is also known as ARP Spoofing.
Here is how ARP works −
  • When one machine needs to communicate with another, it looks up its ARP table.
  • If the MAC address is not found in the table, the ARP_request is broadcasted over the network.
  • All machines on the network will compare this IP address to MAC address.
  • If one of the machines in the network identifies this address, then it will respond to theARP_request with its IP and MAC address.
  • The requesting computer will store the address pair in its ARP table and communication will take place.

What is ARP Spoofing?

ARP packets can be forged to send data to the attacker’s machine.
  • ARP spoofing constructs a large number of forged ARP request and reply packets to overload the switch.
  • The switch is set in forwarding mode and after the ARP table is flooded with spoofed ARP responses, the attackers can sniff all network packets.
Attackers flood a target computer ARP cache with forged entries, which is also known as poisoning. ARP poisoning uses Man-in-the-Middle access to poison the network.

What is MITM?

The Man-in-the-Middle attack (abbreviated MITM, MitM, MIM, MiM, MITMA) implies an active attack where the adversary impersonates the user by creating a connection between the victims and sends messages between them. In this case, the victims think that they are communicating with each other, but in reality, the malicious actor controls the communication.

A third person exists to control and monitor the traffic of communication between two parties. Some protocols such as SSL serve to prevent this type of attack.

ARP Poisoning − Exercise

In this exercise, we have usedBetterCAP to perform ARP poisoning in LAN environment using VMware workstation in which we have installed Kali Linux and Ettercap tool to sniff the local traffic in LAN.
For this exercise, you would need the following tools −
  • VMware workstation
  • Kali Linux or Linux Operating system
  • Ettercap Tool
  • LAN connection
Note − This attack is possible in wired and wireless networks. You can perform this attack in local LAN.
Step 1 − Install the VMware workstation and install the Kali Linux operating system.
Step 2 − Login into the Kali Linux using username pass “root, toor”.
Step 3 − Make sure you are connected to local LAN and check the IP address by typing the commandifconfig in the terminal.

Step 4 − Open up the terminal and type “Ettercap –G” to start the graphical version of Ettercap.

Step 5 − Now click the tab “sniff” in the menu bar and select “unified sniffing” and click OK to select the interface. We are going to use “eth0” which means Ethernet connection.

Step 6 − Now click the “hosts” tab in the menu bar and click “scan for hosts”. It will start scanning the whole network for the alive hosts.
Step 7 − Next, click the “hosts” tab and select “hosts list” to see the number of hosts available in the network. This list also includes the default gateway address. We have to be careful when we select the targets.

Step 8 − Now we have to choose the targets. In MITM, our target is the host machine, and the route will be the router address to forward the traffic. In an MITM attack, the attacker intercepts the network and sniffs the packets. So, we will add the victim as “target 1” and the router address as “target 2.”
In VMware environment, the default gateway will always end with “2” because “1” is assigned to the physical machine.
Step 9 − In this scenario, our target is “192.168.121.129” and the router is “192.168.121.2”. So we will add target 1 as victim IP and target 2 asrouter IP.

Step 10 − Now click on “MITM” and click “ARP poisoning”. Thereafter, check the option “Sniff remote connections” and click OK.

Step 11 − Click “start” and select “start sniffing”. This will start ARP poisoning in the network which means we have enabled our network card in “promiscuous mode” and now the local traffic can be sniffed.
Note − We have allowed only HTTP sniffing with Ettercap, so don’t expect HTTPS packets to be sniffed with this process.
Step 12 − Now it’s time to see the results; if our victim logged into some websites. You can see the results in the toolbar of Ettercap.

This is how sniffing works. You must have understood how easy it is to get the HTTP credentials just by enabling ARP poisoning.
ARP Poisoning has the potential to cause huge losses in company environments. This is the place where ethical hackers are appointed to secure the networks.
Like ARP poisoning, there are other attacks such as MAC flooding, MAC spoofing, DNS poisoning, ICMP poisoning, etc. that can cause significant loss to a network.
In the next chapter, we will discuss another type of attack known as DNS poisoning.
0
By at No comments:
Labels:
April 29, 2018

Hacking tutorial - Sniffing Tools


Sniffing Tools

There are so many tools available to perform sniffing over a network, and they all have their own features to help a hacker analyze traffic and dissect the information. Sniffing tools are extremely common applications. We have listed here some of the interesting ones −
  • BetterCAP − BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in real-time, sniff for credentials, and much more.
  • Ettercap − Ettercap is a comprehensive suite for man-in-the-middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
  • Wireshark − It is one of the most widely known and used packet sniffers. It offers a tremendous number of features designed to assist in the dissection and analysis of traffic.
  • Tcpdump − It is a well-known command-line packet analyzer. It provides the ability to intercept and observe TCP/IP and other packets during transmission over the network. Available at www.tcpdump.org.
  • WinDump − A Windows port of the popular Linux packet sniffer tcpdump, which is a command-line tool that is perfect for displaying header information.
  • OmniPeek − Manufactured by WildPackets, OmniPeek is a commercial product that is the evolution of the product EtherPeek.
  • Dsniff − A suite of tools designed to perform sniffing with different protocols with the intent of intercepting and revealing passwords. Dsniff is designed for Unix and Linux platforms and does not have a full equivalent on the Windows platform.
  • EtherApe − It is a Linux/Unix tool designed to display graphically a system's incoming and outgoing connections.
  • MSN Sniffer − It is a sniffing utility specifically designed for sniffing traffic generated by the MSN Messenger application.
  • NetWitness NextGen − It includes a hardware-based sniffer, along with other features, designed to monitor and analyze all traffic on a network. This tool is used by the FBI and other law enforcement agencies.
A potential hacker can use any of these sniffing tools to analyze traffic on a network and dissect information.
0
By at No comments:
Labels:
April 29, 2018

Hacking tutorial - Sniffing



MySniffing

Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of “tapping phone wires” and get to know about the conversation. It is also calledwiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open, then one of their employees can sniff the whole traffic of the network. Anyone in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic.
In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the right conditions and with the right protocols in place, an attacking party may be able to gather information that can be used for further attacks or to cause other issues for the network or system owner.

What can be sniffed?

One can sniff the following sensitive information from a network −
  • Email traffic
  • FTP passwords
  • Web traffics
  • Telnet passwords
  • Router configuration
  • Chat sessions
  • DNS traffic

How it works

A sniffer normally turns the NIC of the system to the promiscuous modeso that it listens to all the data transmitted on its segment.
Promiscuous mode refers to the unique way of Ethernet hardware, in particular, network interface cards (NICs), that allows an NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (a.k.a. MAC) of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting.
A sniffer can continuously monitor all the traffic to a computer through the NIC by decoding the information encapsulated in the data packets.

Types of Sniffing

Sniffing can be either Active or Passive in nature.

Passive Sniffing

In passive sniffing, the traffic is locked but it is not altered in any way. Passive sniffing allows listening only. It works with Hub devices. On a hub device, the traffic is sent to all the ports. In a network that uses hubs to connect systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic going through.
The good news is that hubs are almost obsolete nowadays. Most modern networks use switches. Hence, passive sniffing is no more effective.

Active Sniffing

In active sniffing, the traffic is not only locked and monitored, but it may also be altered in some way as determined by the attack. Active sniffing is used to sniff a switch-based network. It involves injecting address resolution packets (ARP) into a target network to flood on the switch content addressable memory (CAM) table. CAM keeps track of which host is connected to which port.
Following are the Active Sniffing Techniques −
  • MAC Flooding
  • DHCP Attacks
  • DNS Poisoning
  • Spoofing Attacks
  • ARP Poisoning

Protocols which are affected

Protocols such as the tried and true TCP/IP were never designed with security in mind and therefore do not offer much resistance to potential intruders. Several rules lend themselves to easy sniffing −
  • HTTP − It is used to send information in the clear text without any encryption and thus a real target.
  • SMTP (Simple Mail Transfer Protocol) − SMTP is basically utilized in the transfer of emails. This protocol is efficient, but it does not include any protection against sniffing.
  • NNTP (Network News Transfer Protocol)− It is used for all types of communications, but its main drawback is that data and even passwords are sent over the network as clear text.
  • POP (Post Office Protocol) − POP is strictly used to receive emails from the servers. This protocol does not include protection against sniffing because it can be trapped.
  • FTP (File Transfer Protocol) − FTP is used to send and receive files, but it does not offer any security features. All the data is sent as clear text that can be easily sniffed.
  • IMAP (Internet Message Access Protocol) − IMAP is same as SMTP in its functions, but it is highly vulnerable to sniffing.
  • Telnet − Telnet sends everything (usernames, passwords, keystrokes) over the network as clear text and hence, it can be easily sniffed.
Sniffers are not the dumb utilities that allow you to view only live traffic. If you really want to analyze each packet, save the capture and review it whenever time allows.

Hardware Protocol Analyzers

Before we go into further details of sniffers, it is important that we discuss about hardware protocol analyzers. These devices plug into the network at the hardware level and can monitor traffic without manipulating it.
  • Hardware protocol analyzers are used to monitor and identify malicious network traffic generated by hacking software installed in the system.
  • They capture a data packet, decode it, and analyze its content according to certain rules.
  • Hardware protocol analyzers allow attackers to see individual data bytes of each packet passing through the cable.
These hardware devices are not readily available to most ethical hackers due to their enormous cost in many cases.

Lawful Interception

Lawful Interception (LI) is defined as legally sanctioned access to communications network data such as telephone calls or email messages. LI must always be in pursuance of a lawful authority for the purpose of analysis or evidence. Therefore, LI is a security process in which a network operator or service provider gives law enforcement officials permission to access private communications of individuals or organizations.
Almost all countries have drafted and enacted legislation to regulate lawful interception procedures; standardization groups are creating LI technology specifications. Usually, LI activities are taken for the purpose of infrastructure protection and cyber security. However, operators of private network infrastructures can maintain LI capabilities within their own networks as an inherent right, unless otherwise prohibited.
LI was formerly known aswiretapping and has existed since the inception of electronic communications.
0
By at No comments:
Labels:
April 29, 2018

Hacking tutorial - Fingerprinting




Fingerprinting

The term OS fingerprinting in Ethical Hacking refers to any method used to determine what operating system is running on a remote computer. This could be −
  • Active Fingerprinting − Active fingerprinting is accomplished by sending specially crafted packets to a target machine and then noting down its response and analyzing the gathered information to determine the target OS. In the following section, we have given an example to explain how you can use NMAP tool to detect the OS of a target domain.
  • Passive Fingerprinting − Passive fingerprinting is based on sniffer traces from the remote system. Based on the sniffer traces (such as Wireshark) of the packets, you can determine the operating system of the remote host.
We have the following four important elements that we will look at to determine the operating system −
  • TTL − What the operating system sets the Time-To-Liveon the outbound packet.
  • Window Size − What the operating system sets the Window Size at.
  • DF − Does the operating system set the Don't Fragment bit.
  • TOS − Does the operating system set the Type of Service, and if so, at what.
By analyzing these factors of a packet, you may be able to determine the remote operating system. This system is not 100% accurate, and works better for some operating systems than others.

Basic Steps

Before attacking a system, it is required that you know what operating system is hosting a website. Once a target OS is known, then it becomes easy to determine which vulnerabilities might be present to exploit the target system.
Below is a simple nmap command which can be used to identify the operating system serving a website and all the opened ports associated with the domain name, i.e., the IP address.
$nmap -O -v tutorialspoint.com
It will show you the following sensitive information about the given domain name or IP address −
Starting Nmap 5.51 ( http://nmap.org ) at 2015-10-04 09:57 CDTInitiating Parallel DNS resolution of 1 host. at 09:57Completed Parallel DNS resolution of 1 host. at 09:57, 0.00s elapsedInitiating SYN Stealth Scan at 09:57Scanning tutorialspoint.com (66.135.33.172) [1000 ports]Discovered open port 22/tcp on 66.135.33.172Discovered open port 3306/tcp on 66.135.33.172Discovered open port 80/tcp on 66.135.33.172Discovered open port 443/tcp on 66.135.33.172Completed SYN Stealth Scan at 09:57, 0.04s elapsed (1000 total ports)Initiating OS detection (try #1) against tutorialspoint.com (66.135.33.172)Retrying OS detection (try #2) against tutorialspoint.com (66.135.33.172)Retrying OS detection (try #3) against tutorialspoint.com (66.135.33.172)Retrying OS detection (try #4) against tutorialspoint.com (66.135.33.172)Retrying OS detection (try #5) against tutorialspoint.com (66.135.33.172)Nmap scan report for tutorialspoint.com (66.135.33.172)Host is up (0.000038s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http443/tcp open https3306/tcp open mysqlTCP/IP fingerprint:OS:SCAN(V=5.51%D=10/4%OT=22%CT=1%CU=40379%PV=N%DS=0%DC=L%G=Y%TM=56113E6D%P=OS:x86_64-redhat-linux-gnu)SEQ(SP=106%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)OPSOS:(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFOS:D7ST11NW7%O6=MFFD7ST11)WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFOS:CB)ECN(R=Y%DF=Y%T=40%W=FFD7%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%AOS:=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%OS:Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=OS:A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=OS:Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%OS:T=40%CD=S)
If you do not have nmap command installed on your Linux system, then you can install it using the followingyum command −
$yum install nmap
You can go through nmap command in detail to check and understand the different features associated with a system and secure it against malicious attacks.

Quick Fix

You can hide your main system behind a secure proxy server or a VPN so that your complete identity is safe and ultimately your main system remains safe.

Port Scanning

We have just seen information given by nmap command. This command lists down all the open ports on a given server.
PORT STATE SERVICE22/tcp open ssh80/tcp open http443/tcp open https3306/tcp open mysql
You can also check if a particular port is opened or not using the following command −
$nmap -sT -p 443 tutorialspoint.com
It will produce the following result −
Starting Nmap 5.51 ( http://nmap.org ) at 2015-10-04 10:19 CDTNmap scan report for tutorialspoint.com (66.135.33.172)Host is up (0.000067s latency).PORT STATE SERVICE443/tcp open httpsNmap done: 1 IP address (1 host up) scanned in 0.04 seconds
Once a hacker knows about open ports, then he can plan different attack techniques through the open ports.

Quick Fix

It is always recommended to check and close all the unwanted ports to safeguard the system from malicious attacks.

Ping Sweep

A ping sweep is a network scanning technique that you can use to determine which IP address from a range of IP addresses map to live hosts. Ping Sweep is also known asICMP sweep.
You can use fping command for ping sweep. This command is a ping-like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up.
fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. If a host does not respond within a certain time limit and/or retry limit, it will be considered unreachable.

Quick Fix

To disable ping sweeps on a network, you can block ICMP ECHO requests from outside sources. This can be done using the following command which will create a firewall rule iniptable.
$iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

DNS Enumeration

Domain Name Server (DNS) is like a map or an address book. In fact, it is like a distributed database which is used to translate an IP address 192.111.1.120 to a name www.example.com and vice versa.
DNS enumeration is the process of locating all the DNS servers and their corresponding records for an organization. The idea is to gather as much interesting details as possible about your target before initiating an attack.
You can use nslookup command available on Linux to get DNS and host-related information. In addition, you can use the following DNSenumscript to get detailed information about a domain −
DNSenum.pl
DNSenum script can perform the following important operations −
  • Get the host's addresses
  • Get the nameservers
  • Get the MX record
  • Perform axfr queries on nameservers
  • Get extra names and subdomains via Google scraping
  • Brute force subdomains from file can also perform recursion on subdomain that has NS records
  • Calculate C class domain network ranges and performwhois queries on them
  • Perform reverse lookups onnetranges

Quick Fix

DNS Enumeration does not have a quick fix and it is really beyond the scope of this tutorial. Preventing DNS Enumeration is a big challenge.
If your DNS is not configured in a secure way, it is possible that lots of sensitive information about the network and organization can go outside and an untrusted Internet user can perform a DNS zone transfer.
0
By at No comments:
Labels:
April 29, 2018

Hacking tutorial - Footprinting




Footprinting

Footprinting is a part of reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be bothpassive and active. Reviewing a company’s website is an example of passive footprinting, whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
During this phase, a hacker can collect the following information −
  • Domain name
  • IP Addresses
  • Namespaces
  • Employee information
  • Phone numbers
  • E-mails
  • Job Information
In the following section, we will discuss how to extract the basic and easily accessible information about any computer system or network that is linked to the Internet.

Domain Name Information

You can use http://www.whois.com/whois website to get detailed information about a domain name information including its owner, its registrar, date of registration, expiry, name server, owner's contact information, etc.
Here is a sample record of www.tutorialspoint.com extracted from WHOIS Lookup −

Quick Fix

It's always recommended to keep your domain name profile a private one which should hide the above-mentioned information from potential hackers.

Finding IP Address

You can use ping command at your prompt. This command is available on Windows as well as on Linux OS. Following is the example to find out the IP address of tutorialspoint.com
$ping tutorialspoint.com
It will produce the following result −
PING tutorialspoint.com (66.135.33.172) 56(84) bytes of data.64 bytes from 66.135.33.172: icmp_seq = 1 ttl = 64 time = 0.028 ms64 bytes from 66.135.33.172: icmp_seq = 2 ttl = 64 time = 0.021 ms64 bytes from 66.135.33.172: icmp_seq = 3 ttl = 64 time = 0.021 ms64 bytes from 66.135.33.172: icmp_seq = 4 ttl = 64 time = 0.021 ms

Finding Hosting Company

Once you have the website address, you can get further detail by using ip2location.com website. Following is the example to find out the details of an IP address −
Here the ISP row gives you the detail about the hosting company because IP addresses are usually provided by hosting companies only.

Quick Fix

If a computer system or network is linked with the Internet directly, then you cannot hide the IP address and the related information such as the hosting company, its location, ISP, etc. If you have a server containing very sensitive data, then it is recommended to keep it behind a secure proxy so that hackers cannot get the exact details of your actual server. This way, it will be difficult for any potential hacker to reach your server directly.
Another effective way of hiding your system IP and ultimately all the associated information is to go through a Virtual Private Network (VPN). If you configure a VPN, then the whole traffic routes through the VPN network, so your true IP address assigned by your ISP is always hidden.

IP Address Ranges

Small sites may have a single IP address associated with them, but larger websites usually have multiple IP addresses serving different domains and sub-domains.
You can obtain a range of IP addresses assigned to a particular company using American Registry for Internet Numbers (ARIN).
You can enter company name in the highlighted search box to find out a list of all the assigned IP addresses to that company.

History of the Website

It is very easy to get a complete history of any website using www.archive.org.
You can enter a domain name in the search box to find out how the website was looking at a given point of time and what were the pages available on the website on different dates.

Quick Fix

Though there are some advantages of keeping your website in an archive database, but if you do not like anybody to see how your website progressed through different stages, then you can request archive.org to delete the history of your website.
0
By at No comments:
Labels:
April 29, 2018

Hacking tutorial - Reconnaissance



.Reconnaissance

Information Gathering and getting to know the target systems is the first process in ethical hacking. Reconnaissance is a set of processes and techniques (Footprinting, Scanning & Enumeration) used to covertly discover and collect information about a target system.
During reconnaissance, an ethical hacker attempts to gather as much information about a target system as possible, following the seven steps listed below −
  • Gather initial information
  • Determine the network range
  • Identify active machines
  • Discover open ports and access points
  • Fingerprint the operating system
  • Uncover services on ports
  • Map the network
We will discuss in detail all these steps in the subsequent chapters of this tutorial. Reconnaissance takes place in two parts − Active Reconnaissance and Passive Reconnaissance.


Active Reconnaissance

In this process, you will directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are detected, then system admin can take severe action against you and trail your subsequent activities.

Passive Reconnaissance

In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.
0
By at No comments:
Labels:

Saturday, April 28, 2018

April 28, 2018

Hacking tutorial - Process


Like all good projects, ethical hacking too has a set of distinct phases. It helps hackers to make a structured ethical hacking attack.
Different security training manuals explain the process of ethical hacking in different ways, but for me as a Certified Ethical Hacker, the entire process can be categorized into the following six phases.

Reconnaissance

Reconnaissance is the phase where the attacker gathers information about a target using active or passive means. The tools that are widely used in this process are NMAP, Hping, Maltego, and Google Dorks.

Scanning

In this process, the attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. The tools used in this process are Nessus, Nexpose, and NMAP.

Gaining Access

In this process, the vulnerability is located and you attempt to exploit it in order to enter into the system. The primary tool that is used in this process is Metasploit.

Maintaining Access

It is the process where the hacker has already gained access into a system. After gaining access, the hacker installs some backdoors in order to enter into the system when he needs access in this owned system in future. Metasploit is the preferred tool in this process.

Clearing Tracks

This process is actually an unethical activity. It has to do with the deletion of logs of all the activities that take place during the hacking process.

Reporting

Reporting is the last step of finishing the ethical hacking process. Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and the exploit processes.

Quick Tip

The processes are not standard. You can adopt a set of different processes and tools according to your techniques that you are comfortable with. The process is of least significance as long as you are able to get the desired results.
0
By at No comments:
Labels: