Hacking Archives - Page 33 of 34 - Hackercool Magazine

Posted on September 5, 2013June 25, 2024 by kanishka10 — 26 Comments

Virtual hacking lab for beginners

Hello, aspiring ethical hackers. In this blogpost, you will learn how to create a virtual hacking lab for practicing hacking. No matter how many articles or blogposts you read or how many hacking courses you take, you cannot truly understand the concept of hacking until you perform those hacking tutorials practically. To practice hacking effectively, you need a secure environment without the risk of compromising the security of a safe network or systems and attract legal consequences due to your actions.

What is a Hacking lab?

A hacking lab is a lab that provides a safe environment to practice hacking without the above-mentioned risks. The most basic hacking lab consists of two machines: attacker system (the system from which you hack) and target system (the system which you hack).

What is a virtual hacking lab?

Just now, you have learnt that a basic hacking lab needs to have one attacker system and target system. They can be installed on separate hardware but this may prove expensive especially as you upgrade your hacking lab in future. Luckily, hacking labs can be created on a single system itself using virtualization solutions. Virtualization allows you to install multiple operating systems on a single machine. Some of the popular virtualization solution are Oracle VirtualBox, Parallels Desktop, VMware vSphere, Hyper-V, QEMU etc.

The hacking labs created using this method is called virtual hacking lab. They are inexpensive compared to the cybersecurity lab and easily adaptable. Of all the solution mentioned above, I will be using Oracle Virtual Box as it is FREE and also rich in features. Oracle VirtualBox can be downloaded and installed on Windows, Linux, macOS, Solaris etc. Here, I have installed virtual Box on a Windows machine.

How to create a virtual hacking lab?

Let’s create a simple hacking lab with an attacker system and target system on VirtualBox. The operating system on which Oracle VirtualBox (or any another virtualization software) is installed is known as the Host machine. The operating systems that are installed in Oracle VirtualBox as called as GUEST machines. So here, in VirtualBox, we are going to install two guest machines: one is Kali Linux (attacker system) and Metasploitable 2 (target system).

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable 2 in VirtualBox.

Once both the virtual machines are installed, turn on both the machines. Login into the Metasploitable 2 VM. Default username and password are “msfadmin / msfadmin”.

Type the command “ifconfig”to find out the IP address of your target system.

Similarly login into the Kali Linux machine and in the terminal, type command “ip a” to find out its IP address.

Test whether the attacker system can communicate with the target system by pinging the target system from the attacker system as shown below.

The connection is successful. Our virtual hacking lab is ready. Happy practicing hacking.

Various networking modes of VirtualBox

Above, we created a simple virtual hacking lab successfully. Go to “settings” of any of the above GUEST machines and go to “Network settings”, you will see that this Guest machine is attached to a NAT adapter.

When you install a GUEST machine in VirtualBox, the default network mode is NAT. Apart from NAT, there are other network modes on VirtualBox.

Each networking mode plays a different role in hacking. So, it’s good to learn about each of them.

1. NAT:

NAT stands for Network Address Translation (NAT). This is the default networking mode of VirtualBox. This mode allows web access, downloading of files from internet, etc. Our simple lab above is NAT. This is used to create a hacking lab when both attacker system and target system need internet access.

2. NAT network:

This is useful in creating hacking lab on a separate internal network that uses outbound connections.

3. Bridged adapter:

When you use a Bridged adapter, the virtual machine uses the network adapter of the Host machine and acts as a separate machine in the LAN network of the Host machine.

4. Internal network:

This creates a different kind of network separated from the host system. This network doesn’t have access to the outside internet.

5. Host-only network:

This creates a network in which the virtual machines have access to the Host machine.

6. Not attached:

In this type of network, the virtual machine is disconnected from everything. This might be useful in creating a malware analysis lab.

Posted on September 5, 2013June 18, 2024 by kanishka10 — 7 Comments

How to install Metasploitable 2 in VirtualBox

Hello aspiring Ethical Hackers. In this article, you will learn how to install Metasploitable 2 in VirtualBox. What is Metasploitable? Learning penetration testing or ethical hacking requires practical knowledge and good practice needs a vulnerable target. That is where Metasploitable comes into picture. It is an intentionally vulnerable operating system made by the makers of Metasploit themselves so that aspiring ethical hackers can practice and hone their hacking skills. As its name conveys Metasploitable is loaded with vulnerabilities that can be exploited with Metasploit modules.

This virtual machine can be used to conduct security training, test security tools, and practice common penetration testing techniques. For this i am going to use Metasploitable 2 which can be downloaded from here. After downloading the zip archive, extract the files into a folder. The file contents look like below.

Open VirtualBox and click on “New Virtual machine wizard”. Type the name of your choice. I am using ‘Metasploitable-2‘. Choose ‘Type’ as Linux and ‘version’ as Ubuntu. Click on “Next”.

Choose the memory size appropriate to the availability of RAM on your host machine although 512MB is more than enough. Click on “Next”.

In the hard drive creation window, select option “Use an existing virtual hard drive”, browse to the folder where we have extracted our zip files and select the ‘vmdk’ file available. Click on “Create”.

Then you are automatically booted into the metasploitable OS. The default username and password are “msfadmin”.

You learnt how to install Metasploitable 2 in VirtualBox. See how to create a penetration testing lab.

Posted on August 23, 2013June 15, 2024 by kanishka10 — 20 Comments

Havij SQL injection tool: Complete guide

Hello, aspiring ethical hackers. In our previous blogpost, you learnt what SQL injection is and different types of SQL injection attacks. In this blogpost, you will learn about Havij, an automated SQL injection tool. Havij is a SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can be used to perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.

Let me give you a complete guide on Havij in this article. First download Havij and install it.

1. Specifying the target:

Then open it and enter the vulnerable URL in the target field (for this tutorial I am using my own vulnerable webpage).

2. List the current database:

Set the database option to ‘auto detect‘ and hit analyze. This should show you the current database name as shown below.

3. Get Host information:

Click on the “info” tab. This will show you information about the victim’s system. We can see information like Host IP address, web server version etc.

4. List all tables of the current database:

Click on the “Tables” tab.

5. List all databases from the target:

Click on “Get DBs” option. This will list all the databases as shown below.

7. List tables in a certain database:

To get tables in a specific database, select the database and click on “Get Tables”. This will list all the tables present in the selected database. I selected database “shunya”here.

8. List all columns from a particular table:

We can see that there is on table ‘users’ in our database ‘shunya’ .To get columns , select the table ‘ users’ and click on “Get Columns”.

This will list all the columns in the table. We can see that we have five columns in the table ‘users’. It’s time to dump the values of columns.

9. Dump data from the columns:

Select the columns whose data we want to dump and click on “Get data”. Here I selected all the columns.

10. Crack password hashes:

We got all the data including usernames and passwords. But passwords seem to be encrypted. No problem. Click on the password hashes and copy them. Then click on “MD5″ tab and paste the password. Click on “Start”. Havij automatically decrypts the password for us. Decrypt all passwords in the similar manner.

11. Find admin page:

Having passwords is not enough. You also need to know where to login with these passwords. Havij can do that too. Click on “Find admin”. This option finds the admin page of the website automatically. When it finds the admin page, you can try the username and passwords to get access to the website. Hope this was helpful.

Posted on August 10, 2013February 27, 2024 by kanishka10

Beginners guide to armitage

Hello, aspiring ethical hackers. In this blogpost, you will learn about Armitage. Armitage is the GUI (graphical user interface) version of the fantastic pen testing tool Metasploit. We all know Metasploit is an awesome tool for pen testing. However awesome it is, we need to type each and every command to run the exploit. What if we all can do the same pen testing with clicks and right clicks. There you have your answer, Armitage.

Armitage is installed by default in Kali Linux and it can be started using command “Armitage”. If it is not installed, ask itself to install it while the system prompts you to.

Armitage uses PostgreSQL database. So, we need to start the PostgreSQL service as shown below.

We also need to start the msfdb service.

Now, you are all ready to start Armitage, Type the same command you typed at the beginning “armitage” and you should see this. Armitage needs to connect to the Metasploit RPC server to work. Click on “Connect”.

If you get the message shown below. Click on “yes”.

If you get the message shown below, just hang on. Things may change soon.

As shown below.

If everything went right, you should see the window shown below.

Welcome to Armitage, If you can see, Armitage has three sections. Section 1 should be familiar to you. The names should remind you of Metasploit. That’s because, that is exactly that but in graphical format. Section 2 is where you can see the visual display of Armitage, The visual representation of the network you are trying to pen test or hack is shown here. Section 3 named “console” is “metsaploit” itself. Now that you are familiar with all the sections of Armitage, let’s see the menus of Armitage.

To start with Armitage, let’s first add our own attack machine to the display. To do this, we need to go to “Host” menu and click on “Add Host”.

In the small window that is opened, add the IP address of the attacker machine and click on “Add”.

Now, Armitage looks like this with our attacker machine shown on display. Now, let’s add the OS and give a name to our Attacker system so that we can easily detect it.

Right click on the attacker system. Go to Host>Operating system>Linux as shown below.

Similarly, to give name to your attacker systems, go to Host>set label. I named it Kali.

Since the attacker system is ready, we now need target system. For this tutorial, we will be using Windows XP SP2 as target. To get the target on armitage, all we need to do is perform a ping scan to detect the LIVE systems on the target network. To do this, go to Host menu> Nmap scan>Ping scan as shown below.

Enter the IP address range to scan. This information is usually obtained during footprinting. You want to scan for LIVE systems.

As soon as the scan is complete, the LIVE targets are displayed on the display of Armitage and you will be prompted with a message as shown below.

As you can see here, the Ping scan as usual failed to detect the operating system of the target and even open ports too. Next, let’s scan for open ports on the target. To do this, go to Hosts>Nmap> Quick Scan.

All the actions you perform are shown in console section. From the same menu, lets perform a comprehensive scan to detect the operating system of the target.

This time the operating system of target system id detected as Windows Next stage is to find some attacks related to it. To do this, go to Attacks menu>Find attacks.

As the message in the above image says, you will find a new menu named “Attack” on the target system now. If you don’t find the “Attack menu” on the target system, go to Armitage menu >Set Exploit rank. Set it to “poor” as shown below.

Find attacks again. This time you will see an Attack menu on the target system.

Go to Attack menu and you will see all the exploits we can use on the target.

I select the infamous ms08_067 vulnerability.

A new window opens. This is just like the options on Metasploit whenever you load an exploit. The only difference is, here it is in graphical mode and you don’t have to change anything.

Just click on “Launch”. If the target system is compromised, then the look of the target system changes as shown below.

Posted on August 9, 2013June 24, 2024 by kanishka10 — 12 Comments

Beginners guide to login bypass

Hello, aspiring ethical hackers. In this blogpost, you will learn about login bypass.

What is Login bypass?

Many resources like websites Routers, Gateways, file messengers use authentication to ensure security of the resources what if this login in bypass. The process of Login bypass refers to any action on current which allows a user to directly access the resources without the use of credentials. Many techniques can be used to bypass login of a page. Some of the techniques are,

SQL injection
Forced browsing
URL parameters manipulation.

Let’s learn about each of them in detail.

1. SQL Injection:

Acunetix describes this as ” the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.

In this article, I am going to show you how login bypass attack can be done on websites using SQL injection. For this I am going to use Vulnerawa and WAMP server. You can download Vulnerawa from here. To see what is Vulnerawa, go here. To learn how to setup Vulnerawa in Wamp Server, go here. When you finish successfully setting up Vulnerawa, it should be as below. The first page of a website is the “index.php” which is as shown below.

Now click on the “Login” button. You should see a login form as below.

Now insert a single quote character( ‘ ) into the form as shown below.

Click on “Submit”. You should get the error as shown below. This shows that the webpage is vulnerable to SQL injection. Notice that the URL has changed to a page “process.php”. Remember this for now.

Now enter the query

1′ or ‘1’=’1

as shown below in both username and password fields.

Click on “Submit”. If you got the below webpage, then you have successfully bypassed the login screen.

The query we entered above validates the user even without checking the password. There are some other queries which can work similarly. Two of them are here.

‘ or ‘1’=’1;
‘ or ‘1’=’1”

When a hacker enters these two queries, the username field becomes

” or ‘1’=’1;

which transforms to validate the user if username is empty or 1=1. Now whatever may happen, one will always be equal to one. We can find many more using trial and error. This vulnerability exists because we are supplying raw data to our application.

Now let’s go to the page “process.php” to understand how this sql injection worked. Go to the root directory of Vulnerawa. That would be “C://Wamp/www/vulnerawa1.0.2“. You should see the list of below pages. These are all the webpages which make the webapp vulnerawa1.0.2.

But we are interested in the page process.php. Right click on the page and select “edit” option to view the file. To put simply, open the process.php file with notepad. You should see it as below. We are interested in the two lines of code, $myusername=$_POST[‘username’] and $mypassword=$_POST[‘password’].These are the two queries to take username and password from the user. You can observe that they are taking input directly aka without sanitization.

Now just below these two lines, we have two lines commented. These are

$myusername = mysqli_real_escape_string($connect, $myusername);

$mypassword = mysqli_real_escape_string($connect, $mypassword);

Now, uncomment those two lines by removing the two backward slashes as shown below.

Save the file and restart the WAMP server. Now try to bypass the login screen as explained above. You should get something as shown below.

The “mysqli_real_escape_string” escapes any escapes any special characters entered in the input fields thus rendering injection harmless.

2. Forced browsing:

The page that is accessed after your login into any resource is also part of all the web pages that belong to that website. Sometimes, login can be bypassed by directly going to this page on browser. This is known as forced browsing and this page can be searched using web directory busting or fuzzing.

3. URL parameter tampering:

The login screen can also be bypassed by tampering with the URL parameter.

Category: Hacking