Hacking Archives - Page 31 of 33 - Hackercool Magazine

Posted on July 19, 2015February 27, 2024 by kanishka10

Wifi pentesting with Android

Securing your company’s wireless network is different and more challenging than securing the wired network. Many factors come into consideration when setting up and securing a wi fi network. Regular pen testing of your wifi network is also very important. Today we are going to see how to perform a pen test on a wifi network using android phone. WiFi pentesting with android simplifies the process of pen testing. For this we are going to use the tool Wifinspect tool available on google playstore. We need a rooted phone to install this application. Once you install this app on your android phone, connect to your wifi network. I am using a wifi network whose SSID is “shunya” for this howto.

Now click on your app.( I think “click” would be a misnomer here, so from here on I will use the word “touch”). We will get a display as below.

We see six options. Starting with the first option, we will see each and every option.

1. Network Info

Touch on network info. We will get a lot of information about the wifi network like the encryption used, frequency and the channel it is operating on and whether our access point is hidden or not as shown below.

2. UPnP Device Scanner

The second option as its name implies scans for universal plug and play devices in our network.

3. Host Discovery

The third option is for host discovery. This option is used to find out about OS and other information about devices in the wifi network. There are two options for host discovery, complete and partial scan. As shown below, compete scan option will scan the entire address space of your network while the partial scan option scans only your devices IP address/24. I am selecting complete scan option. Touch on “start scan” option.

The result will show all the devices and any information about them in the network as shown below.

If you want to further analyze any host, long click on it to see more sub options. For example, I am gonna further analyze the device with IP address 192.168.1.4 because it is the only one whose vendor has been shown.

First we will see the host information of 192.168.1.4. Touch on that option. The analysis of host information will take some time as shown below, so don’t lose patience.

After some time, the result will be shown

The same result for my gateway( the wifi router) is shown below.

The next option is port scan. Let’s do a port scan on the gateway(192.168.1.1) to see if any ports are open. We can see that some ports are open.

When I do a host vulnerability scan on the gateway i get the below message. It seems my gateway is vulnerable. We will see more about it later.

Below are the results for traceroute and ping respectively

4. Sniffer

The next option is sniffing. Start sniffing by touching on it. It will give you a warning as shown below.

Touch on “Start sniffing”. Sniffing will start. After it collects sufficient packets, touch on “stop sniffing”.

We have many options to analyze the pcap file as shown below.

Packet distribution analysis shows packets sent and received by the devices.

The bandwidth distribution analysis will show the bandwidth consumed by each host.

Communication hosts analysis show the packets and bandwidth exchanged between different hosts.

5. Pcap Analyzer

Our pcap files are stored in wi-fi probe folder on our phone. We can even analyze the pcap files later using the pcap analyzer.

6. PCI DSS Menu

PCI DSS stands for payment card industry data security standard. If you want to know more about PCI DSS go here. This option will check our wifi network’s compliance with PCI DSS.

Touch on the first option. Start the test. A brief description about this test is shown.

Touch on “start test”. This test checks if our wifi router is using default passwords for authentication.

I am not using any default password and i get the below result.

The “Access Point Security Tester” tests if our wifi network is using strong encryption. Touch on “start scan”.

The result will be as below. It says my access point is secure as it is using WPA i guess.

The “Access point Scanner” test tests the wifi network’s compliance with PCI DSS requirement 11.1 as shown below.

The “internal vulnerability scanner” test checks if there are any of the devices in our wifi network have any vulnerabilities. It turns out that my gateway has some vulnerabilities as shown below.

There is also a “external vulnerability scanner” option available to scan for external vulnerabilities.

Hope this was helpful.

Posted on February 14, 2014June 15, 2024 by kanishka10 — 2 Comments

Complete guide to sqlmap

Hello, aspiring ethical hackers. In our previous blogpost, you learnt what SQL injection is, different types of sql injection attacks etc. In this blogpost, how to perform SQL injection with a tool named sqlmap. Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. For this tutorial I am using Vulnerawa as target.

sqlmap is pre-installed in Kali Linux. Open sqlmap from the path as shown below.

Now copy the vulnerable url and type the following command the terminal. Here -u stands for url.

The result will be as shown below. It will reveal the website technology and the scripting language used.

1. Grab the banner of the target:

Now let’s grab the banner of the website. Type the following command and hit “Enter”.

You can see the banner as shown below.

2. Find the current user of the website:

To see the current user of the website, type the following command.

The current user can be seen as below.

3. List the current database:

Now let us see the current database used by the website. Type the following command.

We can see that the current database is “Vulneraw”.

4. List all the tables in a specific database:

Now let us see all the tables present in the database “Vulneraw” by using following command.

We see that we have only one table in the current database. The table is “users”.

5. List the number of columns in a specific table:

Now lets see the number of columns in the table “users”. Type the following command.

We see there are four columns in table “users”.

6. Dump the values of specific columns in a table:

Now let’s dump the values of two columns username and password by typing the following command.

The result is as below. we got the username and passwords.

7. Dump all values of a table:

If we want to dump all the entries of the table, type the following command.

Here are the entries.

8. Grab a shell on the target:

Now let’s see if we are lucky enough to get the shell of the target. Shell is the target machine’s command line or terminal. Type the following command.

It will prompt us to enter the application language being used by the website. We already know it is PHP. Enter its value. Next it will prompt you to enter the writable directory. You cam choose your option wisely. I chose the default root directory for Wamp server. Hit on “Enter”.

I successfully got the os-shell. Now let’s try some commands. Type “dir” to see the contents of the root directory. It works as shown below.

Let’s see how many users are there on the system. Type the command “net user” . We can see the users listed as below. Happy hacking practice.

To find sites vulnerable to this sql injection use google dork “site:.com inurl:id=1” or similar dorks. That’s all in this tutorial.

Posted on September 13, 2013May 3, 2024 by kanishka10

Banner grabbing for beginners

Hello, aspiring ethical hackers. In this blogpost, you will learn about banner grabbing. Banner grabbing plays a very important role in ethical hacking for penetration testers and hackers alike. To understand what is banner grabbing, you need to understand what is a banner first.

What is a Banner?

A banner is the information displayed by software or service running on a specific port. This information involves the type of software running, version of the software running etc. This information is displayed by default by every software running for marketing purposes.

What is Banner grabbing?

Banner grabbing as its name implies, is grabbing this banner. A banner when displayed to a common user may provide information to the user. In the same way, by grabbing this banner, hackers and penetration testers can get information about the software running on it and the version of the software running. This allows them to search or research for any vulnerabilities in the software.

Types of Banner grabbing

Banner grabbing can be performed in two ways: Active & passive.

Active banner grabbing: In active banner grabbing, a hacker or penetration tester interacts with the software & target services to grab the banner.
Passive banner grabbing: In passive banner grabbing, a hacker or penetration tester doesn’t interact with the target service while grabbing the banner. This can be done by packet sniffing on the network traffic of the network.

Although banner grabbing can be performed on almost all services running on all ports, the most common services that are used for banner grabbing are,

FTP-Port 21
SSH-Port 23
SMTP-Port 22
HTTP-Port 80

Tools used for Banner grabbing:

Telnet, wget, curl etc

Apache:

Imagine I have set up a website named www.shunya.com on an Apache server. A hacker can easily find Information about the web server in different ways. For example, a hacker can visit the website and and try to open a webpage which is not existent on my server, like below.

In the above example, hacker tried to open page named “admin.php” which was not available on my server and in turn the server responded with a type of web server, the target OS and the scripting language. This is giving out too much information.

The traditional and popular way of fingerprinting is through telnet. A hacker opens command line or terminal. and types the command “telnetwww.shunya.com 80″. When the screen goes black, type “HEAD / HTTP/1.0″and this will give the server information.

There are also many fingerprinting tools available. I am gonna show you only one, Id serve. Let’s see how to banner grab using Id serve.

Now what are the preventive measures we can take in Apache server to disable or atleast prevent fingerprinting to some extent. Apache web server has a configuration file called “httpd.conf” where we can make changes to fight fingerprinting. Go to httpd.conf and change the value of the option “Server Signaturetooff”.This will not display any information about server when an nonexistent page has been accessed.

In the httpd.conf file, changing the value of “Server Tokens”from “Full” to “Prod” will only show the minimum server information as shown below.

This still discloses that our web server is Apache but it doesn’t show the version. In Kautilya’s words this is delaying the march of enemy. Here are the options we set.

IIS 8:

Now imagine we changed our www.shunya.com website from Apache server to the latest version of Microsoft web server, IIS 8. To prevent error pages form revealing any information in IIS server, we can set custom error pages. Now let’s use IDserve tool to fingerprint the IIS 8 server.

It shows the server version. Now how can we prevent this. Microsoft provides a tool named UrlScan freely available for download which can be used easily to process HTTP requests. Download this tool and install it. ( See how to configure Urlscan for IIS 7.5 and IIS 8 ). Then go to the configuration file of UrlScan, “UrlScan.ini” located at “C:WindowsSystem32inetservUrlscan”by default and change the value of “RemoveServerHeader’ from “0″ to “1″.

This will not reveal the server version information as shown below.

We can further mislead the attacker by setting our server name to some other value different than our original one. This can be done by setting the value of “RemoveServerHeader” to “0 “and changing the value of “AlternateServerName” to the value we want to specify ( in our example Nginx ).

So when the attacker tries to fingerprint our website, he will be misleaded.

Note: Taking this preventive measures will not stop a determined hacker to find out our server information.

That’s all in webserver banner grabbing and countermeasures.

Posted on September 5, 2013June 25, 2024 by kanishka10 — 26 Comments

Virtual hacking lab for beginners

Hello, aspiring ethical hackers. In this blogpost, you will learn how to create a virtual hacking lab for practicing hacking. No matter how many articles or blogposts you read or how many hacking courses you take, you cannot truly understand the concept of hacking until you perform those hacking tutorials practically. To practice hacking effectively, you need a secure environment without the risk of compromising the security of a safe network or systems and attract legal consequences due to your actions.

What is a Hacking lab?

A hacking lab is a lab that provides a safe environment to practice hacking without the above-mentioned risks. The most basic hacking lab consists of two machines: attacker system (the system from which you hack) and target system (the system which you hack).

What is a virtual hacking lab?

Just now, you have learnt that a basic hacking lab needs to have one attacker system and target system. They can be installed on separate hardware but this may prove expensive especially as you upgrade your hacking lab in future. Luckily, hacking labs can be created on a single system itself using virtualization solutions. Virtualization allows you to install multiple operating systems on a single machine. Some of the popular virtualization solution are Oracle VirtualBox, Parallels Desktop, VMware vSphere, Hyper-V, QEMU etc.

The hacking labs created using this method is called virtual hacking lab. They are inexpensive compared to the cybersecurity lab and easily adaptable. Of all the solution mentioned above, I will be using Oracle Virtual Box as it is FREE and also rich in features. Oracle VirtualBox can be downloaded and installed on Windows, Linux, macOS, Solaris etc. Here, I have installed virtual Box on a Windows machine.

How to create a virtual hacking lab?

Let’s create a simple hacking lab with an attacker system and target system on VirtualBox. The operating system on which Oracle VirtualBox (or any another virtualization software) is installed is known as the Host machine. The operating systems that are installed in Oracle VirtualBox as called as GUEST machines. So here, in VirtualBox, we are going to install two guest machines: one is Kali Linux (attacker system) and Metasploitable 2 (target system).

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable 2 in VirtualBox.

Once both the virtual machines are installed, turn on both the machines. Login into the Metasploitable 2 VM. Default username and password are “msfadmin / msfadmin”.

Type the command “ifconfig”to find out the IP address of your target system.

Similarly login into the Kali Linux machine and in the terminal, type command “ip a” to find out its IP address.

Test whether the attacker system can communicate with the target system by pinging the target system from the attacker system as shown below.

The connection is successful. Our virtual hacking lab is ready. Happy practicing hacking.

Various networking modes of VirtualBox

Above, we created a simple virtual hacking lab successfully. Go to “settings” of any of the above GUEST machines and go to “Network settings”, you will see that this Guest machine is attached to a NAT adapter.

When you install a GUEST machine in VirtualBox, the default network mode is NAT. Apart from NAT, there are other network modes on VirtualBox.

Each networking mode plays a different role in hacking. So, it’s good to learn about each of them.

1. NAT:

NAT stands for Network Address Translation (NAT). This is the default networking mode of VirtualBox. This mode allows web access, downloading of files from internet, etc. Our simple lab above is NAT. This is used to create a hacking lab when both attacker system and target system need internet access.

2. NAT network:

This is useful in creating hacking lab on a separate internal network that uses outbound connections.

3. Bridged adapter:

When you use a Bridged adapter, the virtual machine uses the network adapter of the Host machine and acts as a separate machine in the LAN network of the Host machine.

4. Internal network:

This creates a different kind of network separated from the host system. This network doesn’t have access to the outside internet.

5. Host-only network:

This creates a network in which the virtual machines have access to the Host machine.

6. Not attached:

In this type of network, the virtual machine is disconnected from everything. This might be useful in creating a malware analysis lab.

Posted on September 5, 2013June 18, 2024 by kanishka10 — 7 Comments

How to install Metasploitable 2 in VirtualBox

Hello aspiring Ethical Hackers. In this article, you will learn how to install Metasploitable 2 in VirtualBox. What is Metasploitable? Learning penetration testing or ethical hacking requires practical knowledge and good practice needs a vulnerable target. That is where Metasploitable comes into picture. It is an intentionally vulnerable operating system made by the makers of Metasploit themselves so that aspiring ethical hackers can practice and hone their hacking skills. As its name conveys Metasploitable is loaded with vulnerabilities that can be exploited with Metasploit modules.

This virtual machine can be used to conduct security training, test security tools, and practice common penetration testing techniques. For this i am going to use Metasploitable 2 which can be downloaded from here. After downloading the zip archive, extract the files into a folder. The file contents look like below.

Open VirtualBox and click on “New Virtual machine wizard”. Type the name of your choice. I am using ‘Metasploitable-2‘. Choose ‘Type’ as Linux and ‘version’ as Ubuntu. Click on “Next”.

Choose the memory size appropriate to the availability of RAM on your host machine although 512MB is more than enough. Click on “Next”.

In the hard drive creation window, select option “Use an existing virtual hard drive”, browse to the folder where we have extracted our zip files and select the ‘vmdk’ file available. Click on “Create”.

Then you are automatically booted into the metasploitable OS. The default username and password are “msfadmin”.

You learnt how to install Metasploitable 2 in VirtualBox. See how to create a penetration testing lab.

Category: Hacking