Category: Hacking

Posted on by 1 Comment

Desktop phishing tutorial: Step by step guide

Hello aspiring ethical hackers. In our previous blogpost, you learnt about phishing. In this blogpost, you will learn about Desktop phishing.

What is Desktop phishing?

Desktop phishing is the same as phishing, the only difference being in the method hosting the files required for phishing. Whereas in phishing we upload our files to an external server, in desktop phishing we upload our files to the web server installed on our own desktop. Desktop phishing overcomes three disadvantages present in the traditional method of phishing.

One, however hard we may try, the URL will always looks suspicious in traditional method of phishing.

Two, modern day browsers are capable of detecting phishing sites.

Three, as soon as the webhosting provider detects that you are hosting a phishing webpage, he will suspend your account. This will most likely happen within 24 hours. Desktop phishing overcomes all these defects. So now, let’s see how to desktop phish. As already told, desktop phishing is same as traditional phishing, until the creation of phishing files which you can find here.Now Install Wamp Server on your Windows machine. Next, install a VPN on your system to keep your IP static. See here. We are going to host our phishing files on our desktop and redirect the victim to our site.

Copy our phishing files to the folder C:/wamp/www. This is the root directory of the Wamp server.

Here is the script of the “phish.php” we used.

Go to folder “C:/wamp/bin/apache/Apache 2.4.4/conf” and make changes to the ‘httpd.conf’ file as below. These changes give permission to external users to access your fake website.

Start your wamp server, open your browser and type localhost” in the url to see if your phishing site is working. Then open Notepad and create a batch file as shown below. We need to send this file to the victim machine and make him execute it. See how? Make sure you replace the IP address below with one assigned by VPN.

What the above script does is it changes the hosts file in the victim’s system to redirect to your fake website when user tries to access Facebook. Now, what is hosts file?

Hosts file is a text file located in the folder “C:/windows/system32/drivers/etc” which resolves IP addresses associated with domain names.

Usually when we try to visit any website say www.google.com our system sends a query for it’s IP address to the DNS server. When we make an entry in the hosts file of our computer, the query is not sent to the DNS server. When the victim clicks on the executable sent by us, it changes the hosts file like below.

Now when victim types “www.facebook.com” in his browser, he is redirected to our wamp server. Notice that the URL looks completely genuine and the browser didn’t detect it as a phishing site.

desktop phishing tutorial

When the unsuspecting victim enters his credentials,

a text file called pass .txt is created in the www directory.

Open the file and we can see the credentials.

That’s all in desktop phishing tutorial for beginners. See how to phish with Weeman Http server.

Posted on by 2 Comments

Virtual pentesting lab : Step by Step guide

Virtual pentesting lab is a lab created on a single system using any virtualization software. It can be very helpful for people practicing for CEH or similar certification. Any penetration testing lab has two machines, attacker and victim. In this lab we will set up Kali Linux as the attacker and Windows XP( most favorite victim machine ) as the victim. I am going to set up this lab in Vmware Workstation 9. Hope this will be helpful.

First of all install Kali Linux and Windows XP in Vmware Workstation.

Shut them down. In the Vmware Workstation menu, Select Edit”and click on Virtual Network editor.

The window below will open showing the virtual network adapters. Click on “Add network”.

Vmware provides nine virtual networks from 0 to 9. Vmnet0, Vmnet1 and Vmnet8 are automatically assigned for bridged, Host-only and NAT types of network respectively. Select the network “Vmnet3″.

We can see that our network is added as Host-Type with a automatically assigned subnet IP.

virtual pentesting lab

Click on our network. We can see its settings below.

Deselect the option ‘Connect a host virtual adapter to thenetwork’. This’. This‘.This will make our network a custom type. Change the subnet IP to 10.10.10.0( choice is yours). Select the ‘Use local DHCP service to distribute IP address to VMs‘ option. This will automatically assign IP addresses to our machines. Click on ‘DHCP settings‘.

You will see the below window. Make changes if you like. I am going to leave it default. Click OK twice to exit.

We have successfully created our custom network. Now let’s add our machines to the network. Open the tab of Kali Linux and click on ‘network adapter‘ setting.

In the settings, select the ‘custom radio button and select the network Vmnet3 from the dropdown menu. Click on OK.

Do the same for Windows XP. Then let’s boot up our victim machine and check it’s IP address by typing ‘ipconfig‘ in the command line. The DHCP server has automatically assigned it the IP address 10.10.10.129.

Boot the attacker machine and check it’s IP address by typing ‘ifconfig’in the terminal. It has been assigned the address 10.10.10.128.

Ping the victim IP machine (10.10.10.129) to see whether the two machines can communicate.

We have successfully created a virtual pentesting lab. Happy testing.

Posted on by 2 Comments

Complete guide to Nmap port scanner

Hello, aspiring ethical hackers. This blogpost is a complete guide for using Nmap (Network Mapper). It is a popular and open source utility used for port scanning and network discovery by network administrators and pen testers. It uses real IP packets in novel ways to determine the LIVE hosts on the networks, open ports, the services they are running, type of firewalls in use etc. It is available for all major operating systems like Linux, Windows and Mac OSX.

We are using it on Kali Linux where it is installed by default. Let’s begin with how to specify targets while scanning.

Target specification

1. Provide input through a list:

nmap -iL <input filename>

This option reads targets from a specific file. Let’s create a file named alpha with a few newline separated or tab-limited or space separated IP addresses using vi on Desktop.

Then, move to Desktop directory and type the command as shown below. It scans the four IP addresses listed in our file.

2. Specify random hosts to scan:

nmap -iR <number of hosts>

This option is used to specify random hosts to scan. Nmap generates its own targets to scan. The <number of hosts>argument tells nmap the number of IP’s to generate. Let’s type command as shown below.We can see that it generated five random targets to scan. The scan failed to determine route to the generated IP addresses because my system is not connected to Internet. Why didn’t it generate any internal IP addresses? Because in this scan private, multicast and unallocated address ranges are automatically skipped.

3. Scan the entire subnet:

nmap <IP address/dir>

This option is used to scan the entire subnet. Assuming you know CIDR let’s type the command as shown below to scan eight IP addresses from 10.10.10.1 to 10.10.10.8 and see the result below.

4. Exclude some hosts and networks:

nmap [targets] -exclude [targets]

This option specifies a comma separated list of targets to be excluded from the scan even if they are part of overall network range we specify. For example, in our previous scan we saw that one host 10.10.10.2( which is the system I am working on) is alive. Now I decided to exclude that host and another host from the scan. So I type the command as shown in the image given below and press “Enter”. We can see that nmap has only scanned six IP addresses.

5. Take the exclusion list from a file:

nmap [targets] -excludefile [file name]

Now what if the subnet was very big and there are more number of hosts to be excluded from the scan. The above option helps us to achieve this. Remember the file “alpha”( with four IP addresses) we created. Now let’s specify nmap to quit scanning the hosts listed in the file. Type the command as shown below. We can see that it scanned only four hosts in the subnet.

6. Scan specific targets:

nmap [target1 target2 target3]

This option specifies nmap to scan multiple targets separated by space. Type the command shown below . We can see the result below.

Scan types

Nmap is equipped with a variety of scans to detect open ports and services on the target system. Learn about Nmap’s various port scan techniques here.

Scan results

Nmap classifies the ports it scans into six categories. They are open, closed, filtered, unfiltered, open/filtered and closed/unfiltered. In which cases does Nmap classify a port as one of the above. Learn in port scan results of Nmap.

Posted on by 30 Comments

Beginners guide to phishing

Phishing is one of the unique method of hacking that involves social engineering. What exactly is phishing? Phishing is an act of presenting a fake page resembling the original webpage you intend to visit with the sole intention of stealing your credentials. This post demonstrates phishing tutorial for beginners. Although we make a phishing page of Facebook in this tutorial, it can be used to make a phishing page of any website. So now let’s phish.

Open your browser, go to the Facebook website, Right click on the webpage and click on “view page source”.

The source of the web page is displayed in the browser. Right click on the page and click on “Save As”. Save the page as “index.html”on your computer.

Now open index.html using notepad and hit CTRL+F”.In the Find box opened, type “action” and click on “Find Next”. Look at the value of action. This “action” specifies the website what to do after users enter credentials and submit those.

Now change the value of action to “phish.php”. We are doing this so when the user enters his credentials the page that loads will be “phish.php” and not the usual page Facebook loads.

Now let’s create the page phish.php. Open Notepad and type the following script into it and save it as “phish.php”. What this script does is it logs the user credentials and saves it to a file named “pass.txt”.

Now our files are ready. Next step is to upload these files to any free web hosting site available on the internet. Google for free web hosting sites, select any one of them(I selected bytehost7), create an account with username as close to Facebook as possible and delete the index.html file available in the htdocs folder. Then using Online File Management upload your own index.html and phish.php files to the htdocs folder. Your htdocs folder will look like below.

Let’s check if our phishing page is ready by typing the address of our site. If the page is like below, then our phishing page is working.

The next thing we have to do is to send address of our fake website to the victim. We will do this through sending him an email but in order for the victim not to smell something fishy, we will obfuscate the URL of the fake page we are about to send him. The sending email address should be as convincingly close to Facebook as possible.

When the victim clicks on the obfuscated URL, it will bring him to our fake site.

If the victim is not cautious enough as to observing the URL and enters his username and password, our attempt is a success. To show this, I will enter random values in both username field and password field and hit Enter.

phishing tutorial

Now a txt file with name pass.txt will be created in the htdocs folder containing both the username and the password.

Click on the file. We can see both the email and the password i have entered. The email is “don’t get hacked” and the password is “like me”.

Find it difficult? See how to do phishing with Weeman HTTP server

Counter Point:

If you don’t want to fall victim to phishing, you can take a few precautions . If you want to open a site type the address directly in the URL and don’t open any redirected links. Don’t click on any mails which look malicious like asking for your login credentials.

Posted on by

Understanding port scanning results of Nmap

Hello aspiring Ethical Hackers. In this blogpost you will learn how to analyze port scanning results of Nmap. Scanning plays a very important role in hacking a system. Scanning is a phase in which we find out the ports which are open and the services listening on those ports. NMap is the most popular port scanner being used security guys nowadays. Read complete guide to Nmap. It is very important to understand results of Nmap port scan. Nmap classifies ports into six states. They are, open, closed, filtered, unfiltered, open | filtered and closed | filtered.

Let us find out when Nmap classifies ports into specific states. To demonstrate the results of port scanning performed my Nmap, I use two virtual machines,

1. Kali Linux as attacker system.

2. Windows 10 as target system.

On the target system, I enable or install a SSH server. You can learn how to install a SSH server here. For this tutorial, I will be scanning this SSH port with Nmap.

1. Closed:

Nmap classifies a port as closed when the port is accessible but there is no application listening on it. When I perform a default Nmap scan from the Kali system of port 22 of the target machine, I get a “closed” result as shown below.

nmap -sT –p22 <target ip>

Note that on our target machine, we have installed the SSH server but not yet started it.

2. Filtered:

Nmap classifies a port as filtered when it can’t determine whether the port is open or closed because packet filtering prevents its probes from reaching the port. Let’s now start the SSH server and scan again. This time when we scan the same port again, we get a “filtered” result as shown below.

nmap -sT -Pn –p22 <target ip>

This is because although we have started the SSH service on the target system, Windows Defender Firewall, which is turned ON by default, is blocking our connection to the target port. When Nmap classifies a port as filtered, it is most likely that a firewall is blocking our probes.

3. Open:

Nmap classifies a port as open when the port is accessible and if an application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. On our target system, let’s change the Windows Defender Firewall settings to allow the SSH service through the Firewall as shown below and scan the service again.

The result I get is “open”. This is because the SSH server is actively accepting connections.

4. Unfiltered:

Nmap classifies a port as unfiltered when a port is accessible but it can’t determine whether it is open or closed. A port is classified as unfiltered only with the ACK scan. Learn about different scans that can be performed with Nmap.

nmap -sA –p22 <target ip>

This scan cannot determine if the port is open or closed and is generally used to find out rules of the firewall.

5. Closed | filtered:

Nmap gives this result when it can’t find out whether a port is closed or filtered. A port is classified this way by Nmap only when we perform IDLE scan. Now what is IDLE scan? Idle scan is a scan in which we use a zombie host to scan the victim. In our example, we use another host with IP 192.168.40.1 as a zombie to perform IDLE scan on our victim.

nmap -sI <zombie_host> -p22 <target ip>

6. Open | filtered:

A port is classified as open | filtered when Nmap is unable to determine whether a port is open or filtered. This happens for scan types in which open ports give no response. The UDP, IP protocol, FIN, NULL and XMAS scans classify ports this way.

XMAS scan
FIN scan
NULL scan

The port is classified as “open | filtered” in above cases because Nmap can’t determine whether the port is open or filtered.