Training: Into the Worm Hole: Metasploit for Web PenTesting

Metasploit is most commonly known for its epic pwnage of network and service level vulnerabilities. What you may not know is that same epic pwnage can be leveraged exploiting web application vulnerabilities. By leveraging the ability to custom build Metasploit modules or tools using the framework the power of Metasploit is only limited by the imagination of the user. “Into The Worm Hole: Metasploit For Web PenTesting” will build on prior knowledge of Metasploit and help elevate the tester’s skills and abilities by working hands-on building a custom scanner, using Metasploit to exploit Web Vulnerabilities, and learn to use Metasploit for phishing, XSS, and other web application vulnerabilities.

See the full outline (PDF) for additional information.

---

About the Instructor

Kizz MyAnthia is an InfoSec specialist whose qualifications include an in-depth understanding of security principles and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.

---

Title: Into the Worm Hole: Metasploit for Web PenTesting
Outline: PDF 

Prerequisites: This is an Intermediate level class and attendees should understand what Metasploit is and how to use it. A knowledge of Ruby is extremely beneficial, but some scripting experience or skill (any language) is recommended.

Class Requirements: This class requires all attendees to bring a computer with a functioning installation of Metasploit; a Kali or BT5 VM is recommended, but not required. All commands and lessons will be executed on Kali Linux. If an attendee chooses to use MS Windows MSF Installation or other OS they must know if there may be syntax differences, etc, NO SUPPORT WILL BE OFFERED.

~PseudoSec~Philopolemus Therapontigonus

Our New Page!!!

Please Like Our Page For More News: 

Our Page

Evading AntiVirus using Veil

This is a tutorial on how to evade AV using a new tool called Veil. It is not just a tool, It is a framework like metasploit dedicated to AV evasion.

Here is the website of Veil Framework - https://www.veil-framework.com/

Installation

The best way to get Veil is by getting a copy of Kali linux. But this tool was added to kali recently, so if your copy of kali linux dont have veil installed, then you can use the following commands to install it in Kali:

apt-get update && apt-get install veil

OR 

You can gitclone it on to your PC, for this type:

git clone https://github.com/Veil-Framework/Veil-Evasion.git

ok now we can have fun with the tool


Using Veil


Type ¨veil¨ into the terminal.



You can use the ¨list¨ command to see the available payloads. The payloads are listed according to its success rate.



Here we are going to use the “powershell/VirtualAlloc”. To use this type ¨use 9¨. 



Here we will just use the default values, so simple type ¨generate" and press enter.

Then you can choose to use Metasploit’s standard msvenom shellcode or choose your own. We will just choose the default, msfvenom.

type 1 and enter



next we have to choose the type of shell. just press enter



next enter the ip address of the host machine (the one you are using)



then you have to enter the local port that you will be using, enter 4000 here



You will then be asked to enter any MSVenom options that you want to use, we won’t be using any, so just press enter to bypass them.

And that is it! Veil will then generate our shellcode with the options that we chose.
Then we need to give our created file a name. here, some social engineering is required. Your file name should attract the victim.



Our file will be stored in the “/usr/share/veil/output/source/” directory.
Just take the created .bat file and send it to our target. When it is run, it will try to connect out to our machine.
We will now need to start a handler listener to accept the connection.

Getting a Remote Shell

To create the remote handler, we will be using Metasploit.

Start the Metasploit Framework from the menu or terminal (mfsconsole).
Now set up the multi/handler using the following screen:



Be sure to put in the IP address for your machine and the port that you entered into Veil. They must match exactly.

Metasploit will then start the handler and wait for a connection:



Now we just need the victim to run the file that we sent them.



On the Windows 7 machine, if the file is executed, we will see this on our Kali system:




A reverse shell session!

Then if we type “shell”, we see that we do in fact have a complete remote shell:

~Phr3ak

Hijacking An Aircraft With An Android App

Well vulnerabilities that never going to end, or should we say vulnerabilities and new inventions walk side by side.
Recently a terrifying prospect, a hack that allows an attacker to take control of plane navigation and cockpit systems has been revealed at a security conference in Europe. An Android application called PlaneSploit that would allow remotely attack and hijack commercial aircraft. This app is developed by Hugo Teso, a researcher at security consultancy N.Runs in Germany who's also a commercial airline pilot.He further added,"He explained that by building an exploit framework called Simon and a complimentary Android app that delivers attack messages, he could manipulate a plane's path as he saw fit."
With these vulnerabilities in mind, he used virtual planes in a lab to demonstrate his ability to hijack a plane rather than attempting to take over a real flight as that was “too dangerous and unethical.” He used ACARS to gain access to the plane’s onboard computer system and uploaded Flight Management System data.

Hacking facebook,twitter with Ettercap and SET in Kali Linux

Every day we hear only one question "how do we hack Facebook". The method i am going to share can be used to hack Facebook and other social media accounts on your local network. The same method can be used online with a bit of intuition.

The basic requirements for this hack will be

    1.      Kali Linux updated and running

    2.      Ettercap (comes with kali linux)

    3.      Social engineering toolkit (comes with Kali Linux)

    4.      Common Sense

So lets begin

 1.      The first step is to boot from kali linux and we are going to host a fake facebook site on our Kali linux machine using social engineering toolkit. So click SET from menu.

2.   SET will load and a welcome screen will be shown. Select social enginnering attacks from the menu.

3.   Now select website attack methods.

4.    Select credentials harvester method.

5. Select site cloner. you will be asked to give an ip address. its the same ip address of the machine you are using Kali linux from not the attack victim. Give the address of website address you want to clone. the SET will do its job and will ask you to start Apache server. Select "Y" and Apache server will start.

6.    Now Social engineering tool kit has been set and we are ready to perform man in the middle attack to do DNS poisoning. First goto etc/ettercap/ettercap.dns file.

7.  Edit the file as shown in the screenshot. Here the IP address will be the same we are hosting our fake website from.

8.   Open a command prompt and open the graphical version of ettercap by typing "ettercap -G". Start unified sniffing. Select your interface. Scan for hosts and add the router Ip to one target and other Ip as second target. Start MITM with remote connections sniffing as well and start sniffing.

9.   Select manage the plugins. Double click "DNS Spoof" a * will appear with it and our plugin will be loaded.

10.  Whenever the victim will open facebook, he will be redirected to our own website without any prompt or indication.

11. To view the logs, go to var/www and the text files there will provide you the required usernames and passwords.

Happy Hacking.

Hack modem ISP and get more internet debit downloading and uploading

Hacking is not illegal, please refer to the terminology page to understand all hacking terms used in this blog, please refer to disclaimer page before practicing any tutorial.

---

  

Most of us will be feeling that the surfing speed which is allocated by our ISP is not enough. People with 64Kbps will think 128Kbps will be cool speed. People with 128Kbps will think 256Kbps will be cool and so on.

This tutorial will teach you how to increase your 64Kbps link to 512Kbps or whatever speed you like.

It is very much possible to do this, but this tutorial will no guarantee you 100% success.

Okay here we go. I'm going to try to explain you as best as I can to accomplish re-configuring my SB5100, SB4100 or SB3100 cable modem.

Theory of cable modem working

All the cable modems when it boots up it will search for an "Image file" where in all configuration like your upload speed limit and download speed limit is defined. This "Image file" is stored in ISP`s TFTP server. Modem will be pre-configured with the ISP`s TFTP server IP address and the Image file name to be downloaded. When the modem boots up it query TFTP server and download Image file from [TFTP] [server] according to this this our speed limits will be set.

Objectif

Get this Image file from ISP`s TFTP server, reconfigure it according to our need and force our modem to download this file from our Computer rather than downloading it from our ISP`s TFTP server.

0) Get approval from the ISP's Technician 

Contact the ISP Technician, tell him that you want to try this theory of cable modem for educational purpose, by getting the permission to get that Image file from the ISP`s TFTP server (Administration procedure), reconfigure it according to your need and force the modem to download this file from your Computer rather than downloading it from our ISP`s TFTP, once the technician approved your request go to the next step. 

1) Get cable [modems] MAC-Address

You can either look at the back of the modem to get this MAC Address or you can logon to your Cable modem with your Web Browser 192.168.100.1/ . This is internal HTML pages stored within your DOCsis cable modem (SB5100, SB4100 and SB3100) that gives you even more vital information on configuration. Unless it is turned off by your ISP. This feature might be totally turned off by your ISP.

2) Get your [ISP] TFTP server IP address

a) There's a program called QUERY.EXE from Weird Solutions which is a BOOTP TURBOpacket request program that will tell you everything you need to know, without all these extra steps. It will display the Image Filename, TFTP server address, which is really all you need to get started. To use this BOOTP QUERY tool, you need the MAC address of your cable modem or Beginners can use DOCSIS Diagnosis utility

Code: 
Code:: 
docsis

Using the above tools you will get the information of your ISP`s TFTP server IP and the name of your "Image file" stored in that TFTP server

All your vital information is stored in this file, One of which is the MaxRateDown 2621440; MaxRateUp 393216;. (This was my ISP settings. Which you can see is similar to what speed I was getting. 40KB/s up and 250 KB/s down)

Among these, the one we need are:

Configuration [TFTP] [Server] = 194.*.*..90 (replace this with yours throughout in the doc)

Configuration filename = isrr.bin (replace this with yours throughout in the doc)

And

IP fragments created = 0

Code:

IP address.10.$$$.$$$.$$$ = 10.$$$.$$$.$$$

IP address.192.168.100.1 = 192.168.100.1 (the IP address of the cable modem, (replace this with yours throughout in the doc)

IP-to-If-index.10.$$$.$$$.$$$ = 2

Suggestion: You can do this step by sniffing the modem i.e. "192.168.100.1" when modem boots up. I never tried this method. Try your luck.

3) Download Image file from ISP`s TFTP server.

For doing this got to your command prompt and use below commands with out quotes and bracket.

"C:\tftp -i GET "

Okay now you got Image file from your ISP`s TFTP server.

4) Decrypt the Image file which you downloaded from ISP`s TFTP server

For all you can use the DOCsis tool

Code::

docsis

to decode

5) Modify the Image file

Change your computer's TCP configuration same as ISP`s TFTP server (i.e. IP address same as ISP`s TFTP server)

Go to my network place and right click ->properties

Select your LAN Card right click ->property->Internet Protocol (TCP-IP) double click on it and change it to as following values

Configure your TPC's TCP settings as below

IP: 194.*.*.90 (replace with the ISP's TFTP server)

Netmask: 255.255.255.0

Gateway: 192.168.100.1 (replace with your cable modem's IP address)

Code:

Note: Gateway should be 192.168.100.1 then only your modem can communicate with computer.

6) Encrypt the modified Image file (Save it using DOCsis)

7) Host TFTP server in your computer

Download TFTP Server software and host TFTP server in your computer

You can download TFTP server from: Code:

Code::

TFTP Server 32 Bit                             TFTP Server 64 Bit

8) Put Image file in the base directory of your TFTP

Start TFTPD32 server. Go to Settings and set the Security to None. Increase the timeout to 20secs and the Max Retransmit to 6. Choose to translate UNIX filenames. Make sure it's base directory point to where the isrr.bin is (i.e. the image file which you modified). If you need to replicate a directory pathname along with the image file, then make a directory from root that corresponds to the image file pathname.

Restart your modem, and AS SOON as the SEND light goes solid, you should see a receive on your TFTP server i.e. your PC

9) [Restart] your [modem]

10) Changer your PC's IP back as given by ISP

11) Done. Start surfing with your new speed.

12) Contact the ISP's technician, thank him for permission and request from him to let your server image file for trial days so you can keep the actual parameters.

Any use of this tutorial without contacting the ISP technician is illegal and can lead you to a prison sentence or a legal proceedings to the justice, please follow the instructions and contact the ISP technician and let him know what your intentions are.

I Hope that this article was helpful, leave a short comment thank you.