Posted on 2 Comments

How to phish with Weeman HTTP Server

Good morning friends. Today I will go back to the topic which sparked my interest in the starting days of blogging: phishing. Phishing is one of the most popular hacking attacks even today. Earlier we have seen howto’s on phishing and Desktop phishing. Today we will see how to phish with Weeman Http server.

Weeman Http server is a simple server for phishing written in Python. So let us see how to phish with Weeman HTTP server. We will use Kali Linux as our attacker system. Download Weeman HTTP server from Github in Kali.

Weeman1

Go to the directory where the server is installed and check its contents. There should be a python script named weeman.py.

Weeman2

Now start the server by typing command “./weeman.py“. It should look like below.

Weeman3

Check all the options by typing command “help“.

Weeman4

We will use the default settings for this how to. Type command “show“. You can see all the options required for phishing.

Weeman5

Set the url option as the website you want to phish. For this howto, I am using Facebook (sorry Mark). Set the port appropriately( but use 80 ). The action_url option sets the page you want the victim to redirect after entering his credentials. This sis shown below.

Weeman6

Type command “run” to run our server. The server will start as shown below.

Weeman6 1

Now find out your IP address, obfuscate it, shorten it( this is shown in the video ) and send the link to the victim. When the user clicks on the link, he will get to our phishing page as shown below.

Weeman7

When the user enters his credentials and clicks on Login, he will be redirected to the original website.

Weeman8

While on our attacker system, we can see the credentials of our victim. Happy hacking.

Weeman9
Posted on 2 Comments

Beginners guide to WPScan

Hello aspiring ethical hackers. In this blogpost, you will learn about WPScan, a tool used to perform WordPress vulnerability assessment. WordPress is one of most popular Content Management system (CMS) WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues and also for enumeration. Let’s se how it works. It is installed by default in Kali Linux and we are going to use the same for this tutorial. Now open a terminal and update our tool by typing command as shown below.

wpscan

To scan a WordPress website, all you have to give is the URL as shown below. For this blogpost, I am using a local installation of WordPress as target. Assign the target as shown below. The scan will start as shown below.

Wpscan2

Here are the screenshots of result of this scan. As you can see we have 13 vulnerabilities in the present installation and the vulnerabilities are given below.

Wpscan3
Wpscan4
Wpscan5

One of the easiest ways to hack a WordPress site is to exploit the plugins installed in the target as most of the WordPress vulnerabilities nowadays exist in the plugins installed on it. So it is very important to enumerate the plugins installed on our WordPress target. We can enumerate the plugins using the “enumerate” option as shown below.

Wpscan6

The scan result will be as shown below.( And there you have the first Easter egg). So totally we found four plugins. The first one is Ajax Load More Plugin. As the red exclamation mark shows, it is vulnerable.

wpscan

The second plugin is the vulnerable version of Akismet.

Wpscan8
Wpscan9

The third vulnerable plugin is the WordPress Slider revolution plugin. We will see more about this in our next blogpost.

Wpscan10a

Another important aspect to find vulnerabilities in the WordPress is its theme. Now let’s enumerate the theme as shown below. The vulnerabilities present in the theme are given below.

Wpscan12
Wpscan13

After that let’s enumerate the users in our remote target as shown below.

Wpscan14

We can see that the only username in our target. That’s WPscan for you. Hope it was helpful to you and wait for the sequels.

Wpscan15

Posted on

JoomScan: Joomla vulnerability scanner

Hello, aspiring ethical hackers. In this blogpost, you will learn about JoomScan, a vulnerability scanner designed for Joomla. Joomla is one of the most popular CMS which is widely used for its flexibility, user-friendliness and extensibility. Popularity has its own cost in cyber world. It would be pretty helpful if the pen testers know the vulnerabilities in their Joomla CMS before any hacker takes advantage of them.

JoomScan is one such tool which will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

The features of JoomScan include,

  • 1. Exact version probing
  • 2. Common Joomla! based web application firewall detection
  • 3. Searching known vulnerabilities of Joomla! and its components
  • 4. Reporting to Text & HTML output
  • 5. Immediate update capability via scanner or svn.

    JoomScan is open source and is installed by default in almost all pen testing distros. We will be using Kali Linux for this tutorial. Now let’s see how to use this tool. Open a terminal and type command “joomscan update” first. We will update the tool first.

    joomscan

    Once the tool is updated as shown above, type command “joomscan” to see the options as shown below.

    Joomscan2

    Next, give the target joomla website as shown below. In this howto, I’m using my own Joomla website.

    Joomscan3

    The result would seem like below. Below we see that our target doesn’t have any firewall, it’s server is apache and it is powered by PHP version 5.3.10. Unfortunately it didn’t detect the version. Hmm, no probs.

    Joomscan4

    Next it will scan for vulnerabilities and check whether if this site is vulnerable for a particular vulnerability as shown below.

    Joomscan6

    At the end, it will show us the number of vulnerabilities present in our target.

    Joomscan7

    We can see that our target has 2 vulnerabilities as shown in the above image. We will see how to exploit those vulnerabilities in our future howtos. But for now we have successfully performed a vulnerability assessment of our target. Learn about WPscan, a tool used for WordPress vulnerability scanning.

    Posted on 2 Comments

    Complete guide to sqlmap

    Hello, aspiring ethical hackers. In our previous blogpost, you learnt what SQL injection is, different types of sql injection attacks etc. In this blogpost, how to perform SQL injection with a tool named sqlmap. Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. For this tutorial I am using Vulnerawa as target.

    Sqlmap1

    sqlmap is pre-installed in Kali Linux. Open sqlmap from the path as shown below.

    Sqlmap8

    Now copy the vulnerable url and type the following command the terminal. Here -u stands for url.

    Sqlmap9

    The result will be as shown below. It will reveal the website technology and the scripting language used.

    SQL injection with sqlmap

    1. Grab the banner of the target:

    Now let’s grab the banner of the website. Type the following command and hit “Enter”.

    Sqlmap11

    You can see the banner as shown below.

    Sqlmap12

    2. Find the current user of the website:

    To see the current user of the website, type the following command.

    Sqlmap13

    The current user can be seen as below.

    Sqlmap14

    3. List the current database:

    Now let us see the current database used by the website. Type the following command.

    Sqlmap15

    We can see that the current database is “Vulneraw”.

    Sqlmap16

    4. List all the tables in a specific database:

    Now let us see all the tables present in the database “Vulneraw” by using following command.

    Sqlmap17

    We see that we have only one table in the current database. The table is “users”.

    Sqlmap18

    5. List the number of columns in a specific table:

    Now lets see the number of columns in the table “users”. Type the following command.

    Sqlmap19

    We see there are four columns in table “users”.

    Sqlmap20

    6. Dump the values of specific columns in a table:

    Now let’s dump the values of two columns username and password by typing the following command.

    Sqlmap21

    The result is as below. we got the username and passwords.

    Sqlmap22

    7. Dump all values of a table:

    If we want to dump all the entries of the table, type the following command.

    Sqlmap23

    Here are the entries.

    Sqlmap24

    8. Grab a shell on the target:

    Now let’s see if we are lucky enough to get the shell of the target. Shell is the target machine’s command line or terminal. Type the following command.

    Sqlmap25

    It will prompt us to enter the application language being used by the website. We already know it is PHP. Enter its value. Next it will prompt you to enter the writable directory. You cam choose your option wisely. I chose the default root directory for Wamp server. Hit on “Enter”.

    Sqlmap26

    I successfully got the os-shell. Now let’s try some commands. Type “dir” to see the contents of the root directory. It works as shown below.

    Sqlmap27

    Let’s see how many users are there on the system. Type the command “net user” . We can see the users listed as below. Happy hacking practice.

    Sqlmap28

    To find sites vulnerable to this sql injection use google dork “site:.com inurl:id=1” or similar dorks. That’s all in this tutorial.

    Posted on 20 Comments

    Havij SQL injection tool: Complete guide

    Hello, aspiring ethical hackers. In our previous blogpost, you learnt what SQL injection is and different types of SQL injection attacks. In this blogpost, you will learn about Havij, an automated SQL injection tool. Havij is a SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can be used to perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.

    Let me give you a complete guide on Havij in this article. First download Havij and install it.

    1. Specifying the target:

    Then open it and enter the vulnerable URL in the target field (for this tutorial I am using my own vulnerable webpage).

    Havij1

    2. List the current database:

    Set the database option to ‘auto detect‘ and hit analyze. This should show you the current database name as shown below.

    Havij2

    3. Get Host information:

    Click on the “info” tab. This will show you information about the victim’s system. We can see information like Host IP address, web server version etc.

    Havij3

    4. List all tables of the current database:

    Click on the “Tables” tab.

    Havij4

    5. List all databases from the target:

    Click on “Get DBs” option. This will list all the databases as shown below.

    sql injection with havij

    7. List tables in a certain database:

    To get tables in a specific database, select the database and click on Get Tables”. This will list all the tables present in the selected database. I selected database “shunya”here.

    Havij6

    8. List all columns from a particular table:

    We can see that there is on table ‘users’ in our database ‘shunya’ .To get columns , select the table ‘ users’ and click on “Get Columns”.

    Havij7

    This will list all the columns in the table. We can see that we have five columns in the table ‘users’. It’s time to dump the values of columns.

    9. Dump data from the columns:

    Select the columns whose data we want to dump and click on Get data”. Here I selected all the columns.

    Havij8

    10. Crack password hashes:

    We got all the data including usernames and passwords. But passwords seem to be encrypted. No problem. Click on the password hashes and copy them. Then click on MD5″ tab and paste the password. Click on “Start”. Havij automatically decrypts the password for us. Decrypt all passwords in the similar manner.

    Havij9

    11. Find admin page:

    Having passwords is not enough. You also need to know where to login with these passwords. Havij can do that too. Click on “Find admin”. This option finds the admin page of the website automatically. When it finds the admin page, you can try the username and passwords to get access to the website. Hope this was helpful.

    Havij10