Académique Documents
Professionnel Documents
Culture Documents
HACKENG
Workshop Technical Manual
Liability Disclaimer
The information Provided in this manual is to be used for educational purpose only. The
author is in no way responsible for any misuse of the information provided in this
manual. All of the information in this manual is meant to help the reader develop a
hacker defense attitude in order to prevent the attacks discussed. In no way should you
use the information in this manual to cause any kind of damage directly or indirectly. The
word hack or hacking in this manual should be regarded as Ethical hack or Ethical
hacking respectively.
HACKENG
Workshop Technical Manual
Acknowledgement
To Achan (Dad) and Amma (Mom) who has taught me many things than I ever learned
form a classroom.
To Sector X ( My partner in crime :-) . The one beside me when we were diving into the
unknown worlds of internet.
To My sister who has made cups of tea till I finished this book.
To the open source community, Without the tireless efforts of open source developers,
programs like Nmap, Metasploit, Hydra would not exist.
And last but not least to our Captain Crunch (John Draper) where it all began...
Karthik
HACKENG
Workshop Technical Manual
Anyone who can only think of one way to spell a word obviously lacks imagination.
Mark Twain
HACKENG
Workshop Technical Manual
About Us
HACKENG
#19, Rahman's Grace, 4th Floor, Mosque Road, Frazer Town, Bangalore-560005
Tel : 080 32320105
Mob : +91 767 646 8636, +91 7829 020 105
www.hackeng.in
fb: www.facebook.com/hackengbglr
HACKENG
Workshop Technical Manual
Contents
Information Security
Mirroring a website.
Enumerating Websites
Hacking linux.
HACKENG
Workshop Technical Manual
Information Security
In this era of Information Technology all data are being meticulously converted to
electronic form which is not only efficient but also convenient. Information has become
the backbone of most of the organizations, an essential business asset in todays IT-
enabled world.
Information technology is on the way of expansion in all possible forms from e-mail
to transaction systems, to databases full of data. But as it says every rose has its thorns,
this advancement of technology, the Internet, and information sharing has its own
negative outcomes too. One of the very important of them is the large increase in new
information threats. There are malicious individuals who try to gain access to secure
information through perverted use of the same technology. Organizations that have
data in electronic formats or do tasks electronically are at risk, even smaller
organizations though they do not perceive themselves at risk because they think that
criminal hackers (crackers) and rogue insiders have no interest in them. But as a matter
of fact, everyone is at risk; crackers are proud of their nuisances even if they are small in
magnitude. They do not discriminate, if they can hack into a system they will.
This has been made easier due to the sharp increase in system vulnerabilities.
Unauthorized access to such confidential information is also due to weak or non-existent
information security practices. Not identifying and mitigating risks is a leading cause of
unauthorized access and the exploitation of vulnerabilities.
Protecting confidential information does not only serve business purpose but in
HACKENG
Workshop Technical Manual
many cases also an ethical and legal requirement. In the present scenario a huge scale of
businesses, consumers, and also governments now maintain,share or transmit their
information mostly electronically. Systems that do not share information with other
systems are generally secure. Assuring backups and giving regard as physical assets are
the only treatment they need.
But connection with other systems in any format opens the floodgate of the
actual problem. There remains possibilities of a huge number of threats like
unauthorized access to information, its manipulation or destruction, misuse of
authorised access, introduction of malicious software programs (viruses/worms/trojans),
or falling prey to poorly designed information systems which allows too much access,
social engineering, system or communications disruptions (denial of service, hardware
failure) or improper handling of information. The extensive use of WWW(world wide
web)and its easy availability added with low cost of technology increases the chances of
these vulnerabilities to be exploited to many times.
The necessity of information being secure can be actually perceived when we see
the magnitude of the negative impacts it can cause starting from illegally acquired
business secrets to loss of critical information (like defense information) or even their
unauthorised alteration leading to vicious outcomes.
Conclusion
So as it is said to patch up your holes till some intruder finds it and enters your
HACKENG
Workshop Technical Manual
arena through your self made hole; it's hightime we focus not only on this Information
Tehnology boost but also give equal stress on these loop holes and mend them before
we sit still dumb-struck that our valued possessions (informations) have already been
missiled and attacked from some distant unknown place and person. Let's rather make
the crackers feel utterly helpless when they come across the impenetrable shielded
armour we have already made to keep all our information the most secure and safe
guarded.
HACKENG
Workshop Technical Manual
Mirroring Websites
A mirror is a clone of a set of data. Websites are cloned for many reasons like, to
hav a backup of the website, live mirrors increased the speed with which the file or
websites can be accessed, for offline browsing, to counter censorship and provide
freedom of the information etc.
There are many softwares available to mirror a website here in our tutorial we will
focus on installation and usage of the WebHTTrack website copier on Ubuntu or any
Debian based Linux operating system .The WebHTTrack is one of the popular website
copier which runs on various operating systems like Linux, Windows and Mac.
Installation
$sudoaptgetinstallwebhttrack
Usage
Here we will look at some of the screenshot about The WebHTTrack in action as a
picture worth more than thousand words :-)
HACKENG
Workshop Technical Manual
HACKENG
Workshop Technical Manual
Conclusion
The WebHTTrack is a simple application which allows you to locally store the
entire website on your hard disk. It can perform multiple download at the same time and
can even resume a previously stopped download. Hope you guys enjoyed this tutorial.
Do try this tool .
HACKENG
Workshop Technical Manual
Enumerating Websites
So you guys must be little bit fired up when you mirrored a website, keep it up!
All that keep us going is that little peice of satisfaction when things goes according to
our taughts.
Website enumeration is a technique of finding out the information about the web
servers such as server information, services running, operating system information,
vulnerable services, enumeration of users etc. In this tutorial we will look into two such
tools which will help us to pull such information from a web server.
Nikto
HACKENG
Workshop Technical Manual
Lets see what all options are available in Nikto by simply giving the command
#perlnikto.pl
Why perl in front of nikto? Now we understood that Nikto is a program written in
perl. Intersting!!! we are getting to know more about our Nikto. By giving the above
command we will be shown an error message along with options available in Nikto. Does
that make it user friendly ? :-)
HACKENG
Workshop Technical Manual
So here we got a little bit of help on how to use Nikto. Now its time to perform
our first scan with Nikto by specifying a host ( options can be set according to the scope
of your test). Let us perform a test on our web server located at 20.20.20.132/mutillidae
by giving the command
#perlnikto.plhosthttp://20.20.20.132/mutillidae
In the results we get many informations such as server name, server version,
opetating system in which the server is running, directory location which you would find
intresting etc.
This is a basic scan with Nikto, you can always add more option to make your scans
more specific. Always keep in mind that Nikto is just a program, so there is always a
possiblity of a false positive entries in your results.
Nikto also gives you graphical output other than the results given in the terminal
by specifying the output option in your scan.
HACKENG
Workshop Technical Manual
Conclusion
Uniscan
How was your experience playing around Nikto? We will be looking to one more
such tool. Uniscan is also a web server enumeration tool which will help us to enumerate
a web server.
Uniscan can be found in your backtrack at location
#cd/pentest/web/uniscan
HACKENG
Workshop Technical Manual
Uniscan also have various options to make your scans specific. By giving the help option
in your command you can view various uniscan options.
#perluniscan.plh
Now we will see a scan by giving host url with -u option in uniscan. -qwedsgj
options are also being included to enable server fingerprint, directory, file, robot.txt,
sitemap.xml, dynamic and static checks
#perluniscan.pluhttp://20.20.20.135/mutillidae/qwedsgj
HACKENG
Workshop Technical Manual
Uniscan GUI is also available but i recommend the cli version. Uniscan output will
give you a clear understanding of the target web server and its vulnerablities that you
HACKENG
Workshop Technical Manual
can use in testing your target. Uniscan also includes google hacks which can be used in
your scans by giving -o option along with your google hack syntax.
Conclusion
HACKENG
Workshop Technical Manual
Scanning is very importent phase in a penetration test. For a hacker sucess only
depends upon how vulnerable the target is. We will hav to know what OS is being used,
what services is running, what are versions of thoses services etc. There are many
automated tools available to scan the vunlera blity of a target network.
Here in our exercise we will be looking on nmap which is a very powerfull network
scanner and when used with appropriat options will show us with the some loopholes in
the target.
With this command nmap is launched showing the usage syantax and various
options. First let us see a basic scan without any options. Nmap by default scans only the
first 10000 ports. The scan output shows all the open ports in the target machine.
HACKENG
Workshop Technical Manual
#nmap192.168.1.101
In the output we can see all the open ports in the target machine. Nmap includes
nmap script which is used for advanced sanningwe will discuss two such scans here, to do
an OS fingerprint scan we can use the command.
#nmapAPnsSscript=smbosdiscovery192.168.1.101
HACKENG
Workshop Technical Manual
In the results we can see the OS fingerprint under the host script results. N map
can also be used as a vulnerablity scanner we will try one of such scans here we will try
to find out smb vulnerablities in our target machine by giving the command.
#nmapPnsSscript=smbcheckvulns192.168.1.101script
args=unsafe=1
In the scan optput we can see that nmap has found tat the target is vulnerable to MS08-
067 vulnerablity.
Conclusion
Nmap is one of its kind which can never be replaced by another. Its powerful, neat,
simple and gives a clean output. Explaining about nmap is beyond the scope of this
manual. I recommend you guys to try this tool with various options.
HACKENG
Workshop Technical Manual
How was your experience with nmap. We know that this hellboy won't dissapoint
you. Now we will look into some forensics side. We will see how to recover lost or
deleted data drom a storage device. In this exercise we will be recovering deleated data
from a pendrive. For this we will be using a tool called scalpel.
Scalpel is a tool for recovering deleted data. To install scalpel in ubuntu/backtrack
machine by giving the command
#aptgetinstallscalpel
Scalpel comes with various options we can view the options by simply giving the
command
#scalpel
HACKENG
Workshop Technical Manual
To know the mount location of your desired storage device you can use the
command
#mount
This command will show all the mounted device in your machine
Before starting the recovery process we will hav to uncomment the types of files
that we have to recover in the scalpel.conf file located at
/etc/scalpel/scalpel.conf by giving the command .
$sudonano/etc/scalpel/scalpel.conf
HACKENG
Workshop Technical Manual
Now we will start the basic recovery process by giving the command with -o
option to specify the output directory.
$sudoscalpel/dev/sdb1/o/home/hellsangel/Desktop/recover
Note that scalpel shud always be run as root if you are loged in as a standard user
you will hav to execute the command with sudo privilige. And the output directory will
be created by scalpel.
HACKENG
Workshop Technical Manual
Once the recovery process is complete you can go to the output directory to view
the recovered file. Note that the output directory shud be opend by root privileges.
Conclusion
Scalpel is a good tool to recover your lost data, but a little resourse greedy, will
slow down your system a little bit and expect a 50gb revovery from a 4gb pendrive so
free some space in your drive where you point your output directory :-)
HACKENG
Workshop Technical Manual
#cd/pentest/enumeration/theharvester/
To know the options used in theHarvester simply run the script by giving the
command #./theHarvester
Now we can run this tool with some basic options to gather some email accounts.
Here in our example we are gathering some emails of columbia.edu (no offence, for
educational purpose only).
HACKENG
Workshop Technical Manual
We can do this by running theHarvester by giving a domine name and can also
limit the number of results by giving the dand loptions respectively. We also have
to instruct theharvester , from were to search the data by giving b option.
#./theHarvesterdcolumbia.edul500bgoogle
Conclusion
TheHarvester is a wonderful tool to collect emails of the target. Try its yourself
with various options. Hope you guys enjoyed this session.
HACKENG
Workshop Technical Manual
What are you going to do with those emails fellas, Common! Let's break some
windows. Just kidding :-). Now we will be learning to crack windows login passwords. In
this session we will be looking into a tool called ophcrack. ophcrack is a very powerfull
tool using rainbow tables to crack windows passwords. Now you guys might be thinking
'what the heck is this rainbow tables?
Windows does not store the login passwords in plain text, it convert the plain text
to a hash value and then stores it in the SAM file. A Rainbow table is a lookup table to
find the plain text passwords from one way hash. Its a huge set of precomputed hashes
of every possible combination of letters, symbols and special characters.
Ophcrack is preinstalled in your backtrack. And can be launched by simply giving
the command
#ophcrack
To make use of ophcrack you need to have rainbow tables. Rainbow tables can be
download at http://ophcrack.sourceforge.net/tables.php. The rainbow tables can be
loaded into ophcrack by clicking on the 'Tables' tab and then giving the location to your
desired rainbow tables.
HACKENG
Workshop Technical Manual
Now we need to load the password dump file that we hav extracted form our
compromised windows machine. A password dump file is where the usernames and
passwords of a compromised windows machine is dumped. A password dump file look
like the below image.
To load the password dump file click on the 'Load' tab and select 'PWDUMP file'
and give the location of your password dump file.
HACKENG
Workshop Technical Manual
Once your password dump file is loaded all you hav to do is to click that tiny little
button which says Crack :-)
Conclusion
ophcrack is a real rascal isn't it ? Ophcrack also comes in live cds and is mainly
used to recover the password when you have physical access to the machine. Its
efficiency depends upon the strength of your rainbow table.
HACKENG
Workshop Technical Manual
Cracking here reffers to hacking itself. I hav used the term cracking just because
its little offensive in nature. During a penetration test a hacker will have to check for
weak passwords by brute forcing the login. Hydra or Xhydra (GUI version) is one such
tool which can be used for online as well as offline password cracking. To perform this
attack we require a good password dictionary which is avaialable on the internet for
download.
First let us do an nmap scan to find the open ports and services running on our
host 20.20.20.132 by giving the command
#nmap20.20.20.132
In the output we can see that ftp and ssh ports are open. Now let's try a dictionary
attack on the target. To do so we will launch xhydra (GUI version) by simply giving the
command xhydra. We can launch xhydra from any location, since it is there in the root's
bin directory.
#xhydra
HACKENG
Workshop Technical Manual
In the xhydra window you can see many informations to be filled on diffrent tabs.
Here we will have to provide various details like the target ip or if you hav a target list in
a text format. You can give the location to the target list, port number, protocol options
can be set according to your needs.
HACKENG
Workshop Technical Manual
Conclusion
Xhydra is a very powerfull password cracking tool. It can be used against many
other protocols. Use this tool wisely and use it only to test the security of a system. You
might be able to break passwords but definitly not jails :-)
HACKENG
Workshop Technical Manual
If you are new to this tool then this tutorial is just for you. You must have digged
in internet on tutorials on this tool and must hav faced some difficulty in understanding
this tool. Here i will try to put this before you as simple as possible. If you are already
know how to use metasploit, this document may not be much help to you but still please
feel free to read.
What is this Stuff?
You can say that this is a platform where an attacker (bad guys ofcource) or a
penetration tester (the good guys) can launch an attack to compromise a victim or a test
machine making use of the vulnerabilities which is left unpatched.
If you want to hear it in a professional way well Metasploit is a free open-source
exploitation framework. Metasploit can run a number of exploits to make use of the
vulnerability of an unpatched system. Metasploit is aslo an environment for creating new
exploits.
Hey wait What is this exploit?
Exploit is a piece of code which is specialy written for making use of a particular
vulnerablity to gain access to a vulnerable system.
Where do i run metasploit?
Metasploit runs on Linux, Mac OS X and Windows but Linux is the most
recommended platform. You know why ;-)
Ok i have installed metasploit on my Linux box. So whats next?
Before testing metasploit on a target we will see its components. We will travel
inside metasploit and find out what is there inside it. please note that we will not go
through all the components but we will see the basic ones which we need right now. We
will travel through some of the directories inside the metasploit framwork3 directory
and explore.
Oh oh till now you were telling metasploit what is this new tail 'framework3' ?
Framework3 represents nothing but the version of the metasploit framework. A
good penetration tester use diffrent virsions of framework to conduct his test, because
certain backtrack tutorialin exploits work well with diffrent frameworks and some of the
exploits are only available in certain framework. Metasploit 2.X is mostly written in pearl
whereas framework 3.X is mostly written in ruby.
In this course we have used backtrack 5 security distro which include version 2 and
3 of metasploit framework which is located in /pentest/exploits/ directory and we
will be focusing on framework3.
Before we start let me tell you what is an exploit and a payload and how it is used
to test a target. EXPLOIT is a piece of code which make use of the vulnerability to gain
access and PAYLOAD is the code which do somthing that the attacker or pentester wants
HACKENG
Workshop Technical Manual
in the target system such as opening a command shell or controling the target system,
opening a GUI access etc..
So this is how it is done
EXPLOIT + PAYLOAD -------(injected)------->TARGET
hope now you got an idea how an attack is done.For understanding it more clearly we
will dive inside and see some components inside the framework directory.
So lets start Exploring
Before we start i recommend you to try everything what we go through from this
point onwards as we move forward. take your time to explore other directories too.
So take your terminal and go to location /pentest/exploits/ here you can see
different versions of framework.
Now we move to framework3 directory. Here we can see different user interface
like msfconsole, msfcli, msfgui, msfweb and we can see directories like modules, plugins,
lib, documentation, scripts, data ect.. and exploit creation tools like msfpescan,
msfopcode etc..
Framework gives us many options to interact with it, but in this course we will be
focusing only on msfconsole once you get the idea you can move on and try different
user interface. Documentation directory contain all the documentations of metasploit.
Exploit creation tools like msfpescan, msfopcode are very useful for exploit writers.
Modules directory contain exploits and payload which we are going to look into.
So we will move into modules directory by giving the command #cdmodules/
(# is just the terminal prompt) .
HACKENG
Workshop Technical Manual
Here we can see different components like auxiliary, encoders, exploits, payloads
etc.. auxiliary contains different tools for scanning, Denial of service tools and many
other tools. Encoders contains tools that converts exploits and payload into different
forms to bypass IDS signatures and antivirus or similar tools.
Exploit directory contains the whole set of exploits that the framework has and
the payload directory contain the whole set of payload. Now lets look into the exploit
and payload directories. first we will explore exploit directory. You can navigate by
giving #cdexploits/ command.
Here you can see exploits are sorted by operating systems like bsdi, osx, unix,
linux, windows , multi etc.. multi directory contains exploits that can hit multiple
operating systems. Now we will take a look at windows directory. You can navigate to
windows directory by giving #cd/windows command
Here we can see the exploits for windows is again classified into exploits for
programs and exploits for certain services that is used in windows. Now lets look into
the smb directory which contain exploit which make use of vulnerablity of window's
server message block implementation. Navigate to smb directory by giving the
command #cdsmb/
HACKENG
Workshop Technical Manual
Here you can see the exploit files, all of them written in ruby. All of the exploit are
well documented. It is recommended to open a exploit and go through it and understand
it before running an exploit. It's a good pratice. We will be using one of the exploit later
in our course
Now we will explore the payload directory inside the framwork. you will hav to
navigate backward until you reach payload directory by giving #cd.. command
Here we come across some new terms. We find 3 directories singles, stagers,
stages. we will see what each one of them is.
Before that we will once again see what is a Payload. A payload is the code which
does certain function on the victim/target system like giving a command shell access or
giving a GUI access to the attacker or pentester. Payload has two parts one which does
the function and other which allows the communication with the attacker or pentester.
Singles are those which has both function binded together. Stages is the one
which does the functions that attacker or pentester wants and stagers are the one which
help stages to communicate with the attacker or pentester. Hope you clearly got the
idea.
Now we will look into the singles directory. You can navigate to singles directory
by giving #cdsingles/ command
HACKENG
Workshop Technical Manual
Here you can see that it is again sorted by operating systems like bsdi, osx, linux,
windows etc...
let us look into the windows directory you can navigate by giving # cd windows/
command
Inside you can see the payload codes all written in ruby. It recommended to go
through the code before using it as i said for exploits.
By this we will end our tour exploring the directories inside the framework3
directory. do spare some time exploring more making yourself comfortable with the
terminal and navigate back to framework3 directory. now i hope you konw how to
navigate back ;-)
Is that all, Now whats next?
No, we are not finished now we have a lot to go. By this time i guess you will be in
the framework directory. As i said earlier that we will be focusing on msfconsole user
interface in this course. Lets see how msfconsole looks like. To launch msfconsole give
the command ./msfconsole from your /pentest/exploits/framework3/
directory. You will see a console like this.
Now we will see metasploit from inside msfconsole. What will you do when u find
yourself in an unknown land? 'call for help' . Do the same thing here. The first command
you learn is help. You can get the list of commands used inside the msfconsole by giving
HACKENG
Workshop Technical Manual
HACKENG
Workshop Technical Manual
Here you will find various commands used in metasploit. Right now we will see
some of them which we will be using later.
show: we use this command to display exploit/payloads of a given type.
use : we use this command to select a module/exploit by name.
set : we use this command to set a payload/options.
unset : we use this command to unset a payload/options.
exploit: we use this command to exploit the target/test machine.
exit : we use this command to exit from msfconsole.
Note that we have shown above only few commands. Its recommended that you
go through other commands also.
Now we will see how to get a remote shell access on a windows target system
using metasploit. In our exercice we have used backtrack5 security distro and a windows
xp sp2 system.
We will be using Microsoft Server Service Relative Path Stack Corruption exploit
(ms08_067_netapi). This exploit gives the attacker/pentester remote command shell of
the target system.
Note that we are just testing a target/test system. You can never gurauntee that a
particular exploit will work sucessfully, but if you are sucessful please try not to make
any changes on target system.
To list out the currently available exploits in metasploit framework 3 we give msf
>showexploits command (msf>isthepromptinmsfconsole).
HACKENG
Workshop Technical Manual
Now we need a compatible payload for our exploit. To see the compatible payload
simply give the command msf>showpayload
The next step is to select a compatible payload and set that payload. Here we
have used bind_tcp payload. We set the payload by giving the command
HACKENG
Workshop Technical Manual
msf>setPAYLOADwindows/shell/bind_tcp
Now the payload is also loaded. Now we will have to set some options like remote
host, local host, remote port, local port etc.. we will see what all options we will have to
set by giving the command msf>showoptions
Here we see that we have to set only RHOST in this case. We will have to give the
IP of the target system. Lets let us see what is the IP of the target system.
HACKENG
Workshop Technical Manual
Now we are ready for the attack. To exploit the target system we use the master
command exploit to lunch the attack. We will see what happens.
HACKENG
Workshop Technical Manual
If the target is compromised we will see the command shell of our remote target
in our terminal. Now an attacker can interact with the remote command shell he can give
any command into it here we have used hostname and ipconfig command.
Finally we can exit the remote shell by giving the command exit or Ctrl+C
when we exit the remote shell we come back to the msfconsole and to exit from
the msfconsole we can give exit command and return to our framwork3 directory.
HACKENG
Workshop Technical Manual
Hope you have understood how to use metasploit framework to launch an attack on a
target system.
Are we done?
As far as this article is concerned, Yes we are done, but as far metasploit is
concerned, no we are not. There still many other features you can use in metasploit. I
have just introduced you to this wonderful tool. While exploring you may still find some
diffuculty but then i have read somewhere else that there is nothing more satisfying
than solving the problem yourself ;-)
Hope you enjoyed reading this article as much as i enjoyed writing this.
HACKENG
Workshop Technical Manual
Now tat we have droped a shell of the target machine we will look little more
deep into exploitation using a meterpreter payload.In this excercise we will be creating a
malicious webserver and the target accessing that webserver will be exploited if the its
browser is vulnerable to the exploits injected to it.
cdauxiliary/server/browser_autopwn
msf>auxiliary/server/browser_autopwn
Set the required options as shown is the above image and run exploit. This will
start a server loaded with exploit to inject it into any browser which is trying to connect
to it.
When a browser connects to the server the server will automatically try to inject a
set of exploits and if sucessfull creat a meterpreter sessions with each successful
exploitation.
HACKENG
Workshop Technical Manual
In this particular excercise we hav got 5 meterpreter sessions. To list the no of sessions
we can give the command
>sessionsl
To get into a particular session we can give the command.
>sessionsi<sessionno>
Now we will be placed into a meterpreter shell. We can get the victim info by giving the
command.
>sysinfo
Once we get the meterpreter session we will be able to do various task in the
compromised machine like keystroke logging, tampering with files etc. Here we will see
HACKENG
Workshop Technical Manual
>keyscan_start
Now the victims keystrock will be logged and can be displayed by giving the command
>keyscan_dump
once the keylogging is done you can gracefully stop the sniffer by giving the command
>keyscan_stop
Here tampering reffers to downloading a remote file changing its contents and
uploading it to the target machine. To achieve this we can use download and upload
command in our meterpreter shell.
HACKENG
Workshop Technical Manual
#cd/pentest/exploits/framework3/
Now we can change the content of the file using a text editor and then upload the
courrupted file on to the target machine with upload command
HACKENG
Workshop Technical Manual
HACKENG
Workshop Technical Manual
Conclusion
HACKENG
Workshop Technical Manual
The malicious pdf generated can be send to the victim through emails, removable drives
or any other modes. Hacker will have to start a metasploit listner to listen to any connection to
that particular port. Once the victim opens the pdf the hacker will get a meterpreter session.
Conclusion
Try diffrent payloads for this attack. Hope you guys enjoyed this session.do not use this
technique for any malicious purpose, because remember everything can be tracked back to
you. Unless you are a good player. :-)
HACKENG
Workshop Technical Manual
Hacking Linux
So by this time all of you must be feeling excited. Thats exactly a hacker feels 24x7
the sense of power over other, an addiction of control. Wait dont take all your excitment
out keep somthing for our linux, yes your read it right LINUX. In this session we will be
hacking linux using a backdoor executable.
In this exercice we would be using a linux elf (executable and linkable format)
binary file generator to create our backdoor executable and a listner to listen to the port
it connects back to.
By default a linux executable named 'Executive' we can change the name of the
executable file, and send it to victim or upload it to our server where the victim can
download it. Once the victim download and execute the file a connection is made to the
hackers system.
HACKENG
Workshop Technical Manual
Conclusion
linux also hav got vulnerablities which can be exploited. This exercise can also be
done manually using metasploit, insted of using the script. Try it at home buddies. This
exercise is just to show that even linux can be hacked.
HACKENG
Workshop Technical Manual
How was your game with metasploit framework? Yeah i got the answer in your
smile;-) now we will see another little rascal which helps you to launch your social
engineering attacks. (SET) social engineering toolkit is a framework created by David
Kennedy aka ReL1K. Its gives you a wide verity of attack vectors we will be seeing a few
in our comming exersices. For now we will see how this tool can be used to creat a
phishing page and steal the facebook credentials from a target. SET can be found at
location cd /pentest/exploit/set/
To launch set use the command ./se-toolkit. You will be greeted with a nice SET logos
and author details and the main menu.
HACKENG
Workshop Technical Manual
In the main menu we ca see many options of acttack vectors in which we will be
selecting option 1 which gets us into social engineering attack mode and puts us into
another sub menu.
In our exercise we will be selecting option 2 Website attack vectors which will
direct us into another submenu which gives us list various attack
HACKENG
Workshop Technical Manual
After getting into the crediantial harvester attack mode you get three options
one is that you select among already existing web templates or you can clone a website
index page or you can cerat your own custom webpage. In our exersice we will clone the
facebook page. By selecting option 2 Site Cloner. Now SET will ask us to put in the ip
where the phishing page has to be hosted. When your phishing site is ready you just hav
to wait for the victim to log in to the site and the SET will display the the crediantials as it
arrives.
HACKENG
Workshop Technical Manual
Conclusion
SET is a wonder full tool which makes a hackers job easy with all those nice
menus :-), but keep in mind that you should be able to do these attack even without SET.
This tool saves a lot of time and any script kiddy can use it.:-) But I want you to be a real
hacker. So play around it, i know it takes time even i took my time. But finally when you
do it, that's where you get addicted to hack.
HACKENG