Hacking Tools Archives - Page 12 of 13

Posted on February 3, 2016February 26, 2025 by kanishka10 — 2 Comments

Beginners guide to OpenVAS

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about vulnerability scanning. In this blogpost, you will learn about OpenVAS. OpenVAS or Greenbone Open Vulnerability Assessment Scanner is a fully featured vulnerability scanner. Its features include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. This article is a beginners guide to this tool.

It is an open source software and can be installed on Linux systems. Let’s start with installing OPENVAS on Kali Linux. Before you start the installation, update the Kali Linux system using the command shown below.

OpenVAS scanner is a part of Greenbone Vulnerability Manager (GVM) software. So, we have to install this software using command shown below.

sudo apt install gvm -y

After successfully installing it, we need to set gvm. This can be done using a simple command.

sudo gvm-setup

This simple command will take care of everything needed to setup this tool.

At the end of the setup, a password is created for the admin user of OpenVAS. It’s very important to make a note of this password. Otherwise you will not be able to login into the web interface of OpenVAS. The setup of OpenVAS is finished. It’s good to check if everything is installed correctly. Use the command below for that.

sudo gvm-check-setup

If you get a message as highlighted in the above image, it means the installation is successful without any errors. Everything’s done. Now let’s start the OpneVAS service. This can be done using command below.

sudo gvm-start

This will start OpenVAS and present you with URL of the web interface. By default, OpenVAS runs on port 9392. Click on the URL to go to its web interface. When the browser starts, you will most probably be greeted with a potential security risk. Click on “Advanced”.

As an ethical hacker, you will have to take lot of risks. This is one of the HARMLESS risks you will be taking. Click on “Accept the Risk and Continue” button.

You will be taken to the login screen of OpenVAS.

Login with the credentials. The username is “admin” and password is the password I told you to take not at the beginning of this blogpost.

You will be taken to the dashboard of OpenVAS. I don’t know about you but the first thing I want to do is change my password. To do this, go to the Admin menu and click on “My settings”.

This will take you to the “settings” page as shown below. You can see some general settings of OpenVAS.

Click on Edit tab highlighted in the above image. Next, change your password and click on “Save”.

Next to change is how you want to access the web interface of OpenVAS. By default, you can only access it from he local machine. i.e the machine on which its is installed. If you want to access the web interface from any machine on the network, it can be changed too. This configuration is stored in the “gsad.service” text file. Open it with your favorite text editor (In my case it is nano).

The line you want to change is the one that starts with ExecStart as shown below.

On that line, you can see the IP address and port on which the web interface of OpenVAS is running. By default, the IP is 127.0.0.1. Change it to 0.0.0.0. don’t forget to save the changes.

Restart the OpenVAS daemon and the gsad service.

If there ever arise a need to check logs of OpenVAS, this tool’s logs are given below.

You can stop the OpenVAS service using the command shown below.

sudo gvm-stop

Posted on January 28, 2016August 16, 2024 by kanishka10

JoomScan: Joomla vulnerability scanner

Hello, aspiring ethical hackers. In this blogpost, you will learn about JoomScan, a vulnerability scanner designed for Joomla. Joomla is one of the most popular CMS which is widely used for its flexibility, user-friendliness and extensibility. Popularity has its own cost in cyber world. It would be pretty helpful if the pen testers know the vulnerabilities in their Joomla CMS before any hacker takes advantage of them.

JoomScan is one such tool which will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

The features of JoomScan include,

1. Exact version probing
2. Common Joomla! based web application firewall detection
3. Searching known vulnerabilities of Joomla! and its components
4. Reporting to Text & HTML output
5. Immediate update capability via scanner or svn.

JoomScan is open source and is installed by default in almost all pen testing distros. We will be using Kali Linux for this tutorial. Now let’s see how to use this tool. Open a terminal and type command “joomscan update” first. We will update the tool first.

Once the tool is updated as shown above, type command “joomscan” to see the options as shown below.

Next, give the target joomla website as shown below. In this howto, I’m using my own Joomla website.

The result would seem like below. Below we see that our target doesn’t have any firewall, it’s server is apache and it is powered by PHP version 5.3.10. Unfortunately it didn’t detect the version. Hmm, no probs.

Next it will scan for vulnerabilities and check whether if this site is vulnerable for a particular vulnerability as shown below.

At the end, it will show us the number of vulnerabilities present in our target.

We can see that our target has 2 vulnerabilities as shown in the above image. We will see how to exploit those vulnerabilities in our future howtos. But for now we have successfully performed a vulnerability assessment of our target. Learn about WPscan, a tool used for WordPress vulnerability scanning.

Posted on November 22, 2015February 26, 2025 by kanishka10

Beginners guide to Veil framework

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about some Antivirus bypass techniques used by hackers to keep their payloads undetected. In this blogpost, you will learn about Veil Framework, a tool to generate Metasploit payloads that can bypass common anti-virus solutions.

Veil framework is officially supported by Debian 8 and Kali Linux rolling 2018+. It may also be run on Arch Linux, Manjaro Linux, Black Arch Linux, Deepin 15+, Elementary, Fedora 22+, Linux Mint, Parrot Security, Ubuntu 15.10+ and Void Linux.

For this tutorial, we will be using Kali Linux. Veil framework can be installed either directly or can be downloaded from Github. Veil can be installed on Kali using apt as shown below.

This simple command will install all the dependencies and software Veil requires like Wine etc.

After successful installation, Veil can be started using the command shown below.

As you can see, Veil has two tools installed: Evasion and Ordnance. Let’s focus on the evasion part for this article. We can use the command shown below to the evasion tool.

As you can see, Veil is saying that 41 payloads have been loaded and it is displaying the commands available in Veil Evasion menu. To see all the payloads veil can create, use command “list” as shown below.

You can select the payload you want to create as shown below. For example, here I want to create powershell/meterpreter/rev_tcp.py payload. So, I use its number as shown below.

Along with payload information, the options required for this payload are also displayed along with the available commands.

The required options can be set just like Metasploit. For example, set lhost using command

Set lhost

After all the options are set, we can create the payload using “generate” command.

You will be prompted to give a name to your output payload. Click Enter to continue. The payload is successfully created as shown below.

Posted on February 14, 2014June 15, 2024 by kanishka10 — 2 Comments

Complete guide to sqlmap

Hello, aspiring ethical hackers. In our previous blogpost, you learnt what SQL injection is, different types of sql injection attacks etc. In this blogpost, how to perform SQL injection with a tool named sqlmap. Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. For this tutorial I am using Vulnerawa as target.

sqlmap is pre-installed in Kali Linux. Open sqlmap from the path as shown below.

Now copy the vulnerable url and type the following command the terminal. Here -u stands for url.

The result will be as shown below. It will reveal the website technology and the scripting language used.

1. Grab the banner of the target:

Now let’s grab the banner of the website. Type the following command and hit “Enter”.

You can see the banner as shown below.

2. Find the current user of the website:

To see the current user of the website, type the following command.

The current user can be seen as below.

3. List the current database:

Now let us see the current database used by the website. Type the following command.

We can see that the current database is “Vulneraw”.

4. List all the tables in a specific database:

Now let us see all the tables present in the database “Vulneraw” by using following command.

We see that we have only one table in the current database. The table is “users”.

5. List the number of columns in a specific table:

Now lets see the number of columns in the table “users”. Type the following command.

We see there are four columns in table “users”.

6. Dump the values of specific columns in a table:

Now let’s dump the values of two columns username and password by typing the following command.

The result is as below. we got the username and passwords.

7. Dump all values of a table:

If we want to dump all the entries of the table, type the following command.

Here are the entries.

8. Grab a shell on the target:

Now let’s see if we are lucky enough to get the shell of the target. Shell is the target machine’s command line or terminal. Type the following command.

It will prompt us to enter the application language being used by the website. We already know it is PHP. Enter its value. Next it will prompt you to enter the writable directory. You cam choose your option wisely. I chose the default root directory for Wamp server. Hit on “Enter”.

I successfully got the os-shell. Now let’s try some commands. Type “dir” to see the contents of the root directory. It works as shown below.

Let’s see how many users are there on the system. Type the command “net user” . We can see the users listed as below. Happy hacking practice.

To find sites vulnerable to this sql injection use google dork “site:.com inurl:id=1” or similar dorks. That’s all in this tutorial.

Posted on August 23, 2013June 15, 2024 by kanishka10 — 20 Comments

Havij SQL injection tool: Complete guide

Hello, aspiring ethical hackers. In our previous blogpost, you learnt what SQL injection is and different types of SQL injection attacks. In this blogpost, you will learn about Havij, an automated SQL injection tool. Havij is a SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can be used to perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.

Let me give you a complete guide on Havij in this article. First download Havij and install it.

1. Specifying the target:

Then open it and enter the vulnerable URL in the target field (for this tutorial I am using my own vulnerable webpage).

2. List the current database:

Set the database option to ‘auto detect‘ and hit analyze. This should show you the current database name as shown below.

3. Get Host information:

Click on the “info” tab. This will show you information about the victim’s system. We can see information like Host IP address, web server version etc.

4. List all tables of the current database:

Click on the “Tables” tab.

5. List all databases from the target:

Click on “Get DBs” option. This will list all the databases as shown below.

7. List tables in a certain database:

To get tables in a specific database, select the database and click on “Get Tables”. This will list all the tables present in the selected database. I selected database “shunya”here.

8. List all columns from a particular table:

We can see that there is on table ‘users’ in our database ‘shunya’ .To get columns , select the table ‘ users’ and click on “Get Columns”.

This will list all the columns in the table. We can see that we have five columns in the table ‘users’. It’s time to dump the values of columns.

9. Dump data from the columns:

Select the columns whose data we want to dump and click on “Get data”. Here I selected all the columns.

10. Crack password hashes:

We got all the data including usernames and passwords. But passwords seem to be encrypted. No problem. Click on the password hashes and copy them. Then click on “MD5″ tab and paste the password. Click on “Start”. Havij automatically decrypts the password for us. Decrypt all passwords in the similar manner.

11. Find admin page:

Having passwords is not enough. You also need to know where to login with these passwords. Havij can do that too. Click on “Find admin”. This option finds the admin page of the website automatically. When it finds the admin page, you can try the username and passwords to get access to the website. Hope this was helpful.

Category: Hacking Tools