How to Check valid login credentials using Credmap

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these.

Lets start with Check valid login credentials using Credmap

Step 1 : Just download or clone from github.

git clone https://github.com/lightos/credmap.git

Step 2 :Now you have to install it.

cd credmap

ls

chmod +x credmap.py

./credmap.py

Step 3 :Here i am using my email Id you can use any of them.

./credmap.py --email XXXXXXXXXXXX@gmail.com --user XXXXXXXXXXXX@gmail.com

Read More :- http://www.techtrick.in/description/3528-how-to-check-valid-login-credentials-using-credmap

A Linux Bing,Google Dorking and Web Vulnerability Scanner Tools -BinGoo

It is an all-in-one dorking tool written in pure bash. It leverages Google AND Bing main search pages to scrape a large amount of links based on provided search terms. You can choose to search a single dork at a time or you can make lists with one dork per line and perform mass scans. Once your done with that, or maybe you have links gathered from other means, you can move to the Analyzing tools to test for common signs of vulnerabilities.

The results are neatly sorted into their own respective files basedon findings. If you want to take further you can run them through the SQL or LFI tools which are some semi working homebrewed creations It is made in bash or you can use the SQLMAP and FIMAP wrapper tools They wrote which work much better and with greater accuracy and results.

Lets start with Linux Bing,Google Dorking and Web Vulnerability Scanner Tools

Step 1 : firsty,you have to install lynx before installing Bingoo .

apt-get install lynx

Step 2 :Now you have to install curl.

apt-get install curl

Step 3 :Just download or clone from github.

git clone https://github.com/Hood3dRob1n/BinGoo

Read More :-  http://www.techtrick.in/description/3527-a-linux-bing-google-dorking-and-web-vulnerability-scanner-tools-bingoo

Auto Scanning to SSL Vulnerability - A2SV

A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.

Lets start With Auto Scanning to SSL Vulnerability - A2SV

Step 1 : Just download or a clone from github

git clone https://github.com/hahwul/a2sv.git

Step 2 :Lets Install It.

cd a2sv

./install.sh

Step 3 :Now Start a2sv Auto Scanning to SSL Vulnerability

ls

python a2sv.py

a2sv -h

Read More :-  http://www.techtrick.in/description/3521-auto-scanning-to-ssl-vulnerability-a2sv

Hacking A WebServer Using Bruteforce SSH Login Module

The ssh_login module is quite versatile in that it can not only test a set of credentials across a range of IP addresses, but it can also perform brute-force login attempts. This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking A WebServer Using Bruteforce SSH Login Module

Step 1 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :- search ssh_login

Step 3 :- This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space. We will configure the scanner to use a short usernames file and a passwords file and let it run against our subnet.

use auxiliary/scanner/ssh/ssh_login

You may also like :-

• How to Check valid login credentials using Credmap
• Hack Tools | Finding Admin Panels, Sniffing, Backdoors - Katana Framework
• How to Hack Facebook using SEToolKit (Phishing attack)
• Using the Social Engineering Toolkit (SET) to Create a Backdoor Executable

Step 4 :- Create a randomly User.txt file for brute force attack.

Step 5 :- Create a randomly Password.txt file for brute force attack.

Step 6 :-

set STOP_ON_SUCCESS true

set RHOSTS 192.168.69.131

set USER_FILE /root/Desktop/User.txt

set PASS_FILE /root/Desktop/Password.txt

Read More :-  http://www.techtrick.in/description/3519-hacking-a-webserver-using-bruteforce-ssh-login-module

Hacking Brute Force Telnet Login (MetaSploit)

The telnet_login module will take a list of provided credentials and a range of IP addresses and attempt to login to any Telnet servers it encounters.

This module will test a telnet login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking Brute Force Telnet Login (MetaSploit)

Step 1 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :- search telnet_login

Step 3 :- This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space. We will configure the scanner to use a short usernames file and a passwords file and let it run against our subnet.

use auxiliary/scanner/telnet/telnet_login

Step 4 :- Create a randomly User.txt and Password.txt file for brute force attack.

set STOP_ON_SUCCESS true

set RHOSTS 192.168.69.131

set USER_FILE /root/Desktop/User.txt

set PASS_FILE /root/Desktop/Password.txt

Read More : - http://www.techtrick.in/description/3517-hacking-brute-force-telnet-login-metasploit

Hacking FTP Server using Kali Linux (vsftpd Vulnerability)

FTP is a service that is commonly used in Web Servers from Webmasters for accessing the files remotely. So it is almost impossible not to find this service in one of our clients systems during an engagement.

The "vsftpd" auxiliary module will scan a range of IP addresses attempting to log in to FTP servers. This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking FTP Server using Kali Linux (vsftpd Vulnerability)

Step 1 :- PostgreSQL is available integrated with the package management on most Linux platforms. When available, this is the recommended way to install PostgreSQL, since it provides proper integration with the operating system, including automatic patching and other management functionality.

Step 2 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

You may also like :-

• Install Collect Lazy Kali Tool on Kali Linux rolling
• How To Install Java On Kali Linux
• Install MITMf Framework in kali linux for Man In The Middle attacks
• How to Install a Notepad++ Text Editor on Kali Linux

Step 3 :- The current status of the database.

db_status

search vsftpd

Read More :-  http://www.techtrick.in/description/3515-hacking-ftp-server-using-kali-linux-vsftpd-vulnerability

Hacking A WebServer Using Bruteforce FTP Login Module

FTP is a service that is commonly used in Web Servers from Webmasters for accessing the files remotely. So it is almost impossible not to find this service in one of our clients systems during an engagement.

The "ftp_login" auxiliary module will scan a range of IP addresses attempting to log in to FTP servers. This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking A WebServer Using Bruteforce FTP Login Module

Step 1 : This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :Search ftp_login.

You may also like :-

• How To Install Firewall And Manage Open Ports -GUFW
• How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
• How to install Wine on Kali Linux and Debian 64 bit
• A Linux Bing,Google Dorking and Web Vulnerability Scanner Tools -BinGoo

Step 3 :

use auxiliary/scanner/ftp/ftp_login

Step 4 :Create a randomly User.txt file.

Read More : - http://www.techtrick.in/description/3513-hacking-a-webserver-using-bruteforce-ftp-login-module

Setting Up Metasploitable 2 Linux Virtual Machine In VMWare Workstation

Metasploitable 2 is virtual machine supported UNIX operating system that contains many intentional vulnerabilities for you to exploit. Metasploitable is basically a penetration testing workplace in a box, available as a VMware virtual machine.

Metasploitable is a Linux-based OS that is vulnerable to various Metasploit attacks. it had been designed by Rapid7,the owners of the Metasploit framework. Metasploitable is an excellent way to get familiar with using Meterpreter.

It is a key part of our testing environment. it is supported the Ubuntu UNIX operating system OS and is made specifically exploitable for penetration testing purposes. This VM should never be exposed on to the internet and for our purposes, we will use the host-only network to bind to.

Lets start Setting Up Metasploitable 2 Linux Virtual Machine

Step 1 :- Open VMWare and click on create a new virtual machine.

Step 2 :Choose Typical Option.

Step 3 :Choose I Will Install the operating System later.

You may also like :-

• How To Hide Our IP Address Without Any VPN Service
• How To Track Someones Exact Location - TrackUrl
• How To Install And Configure Free VPN On Kali Linux
• Auto Scanning to SSL Vulnerability - A2SV

Step 4 :Choose Linux and select Ubuntu - bit

Step 5 :You can give a name, we give the name Metasploitable just to make sure the name was understandable and easy to recognize.

Read full article : -http://www.techtrick.in/description/3511-setting-up-metasploitable-2-linux-virtual-machine-in-vmware-workstation

Website Dns analysis Information Gathering - UrlCrazy

URLCrazy is a tool written by Andrew Horton. Its purpose is to generate and test domain types, and variations to detect and perform typo squatting, URL Hijacking, phishing , and corporate espionage.

It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Usage

• Detect mistake squatters profiting from typos on your domain name
• Protect your complete by registering popular typos
• Identify typo domain names that may receive traffic meant for another domain
• Conduct phishing attacks throughout a penetration test

Features

• Generates fifteen types of domain variants
• Knows over 8000 common misspellings
• Supports cosmic ray induced bit flipping
• Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)
• Checks if a site variant is valid
• Test if domain variants are in use

Options/Switches

"-k" is used to change the keyboard layout. using totally different layouts might offer you a better view of typos that might occur in different countries, and the way the dangerous guys could also be generating domains there.

"-p" option shows however typically that specific domain spelling might show up in Google results, or however often someone searches for that specific spelling. you may want to verify this manually through Google.

"-r" causes urlcrazy to not resolve any domain names to ip addresses, therefore, only giving you a list of generated domains.

"-i" can show invalid domain names, like invalid TLD’s

"-f" allows you to specify the output type; there square measure 2 options here – human readable, and CSV; default is human readable

"-o" lets you create a file containing the results of your scan.

Lets start with URLCrazy

Step 1 : - This command is used to scan a url after scanning we can see names of the characters on the wrong web, Spelling reversed etc kindly use this command and see yourself I cant show you whole image here.

Then Enter you Target Website that you want to do Dns analysis Information Gathering.

Here I have used "techtrick.in" for demo purpose.

urlcrazy www.techtrick.in

Read full artilce : - http://www.techtrick.in/description/3508-website-dns-analysis-information-gathering-url-crazy

TheHarvester Email and Domain Scanning from Google,Bing,PGP,LinkedIn

TheHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

This is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet.It is also useful for anyone that wants to know what an attacker can see about their organization.

This tool is designed to help the penetration tester on an earlier stage; it is an effective, simple and easy to use. The sources supported are :-

• Google – emails, subdomains
• Google profiles – Employee names
• Bing search – emails, subdomains/hostnames, virtual hosts
• Pgp servers – emails, subdomains/hostnames
• LinkedIn – Employee names
• Exalead – emails, subdomain/hostnames

New features:

• Time delays between requests
• XML results export
• Search a domain in all sources

Lets start with TheHarvester Email and Domain Scanning

Step 1 :- If you are using Kali Linux, open the terminal and type theharvester

Read Full Article  : -  http://www.techtrick.in/description/3505-theharvester-email-and-domain-scanning-from-google-bing-pgp-linkedin

DNS Enumeration Script - DNSRecon

DNSRECON is a best Penetestration tool on Kali Linux for performing DNS Information gathering, we can gather almost each and every DNS information about our target using DNSRECON tool. We can perform different types of DNS enumerations using DNSRECON tool like standard enumeration, brute force enumeration, top level domain enumeration, Cache Snooping, DNS Zone walking etc.

There are a variety of tools available which will gather DNS info effectively however in this article we are going to focus on the DNSRecon that is a tool that was developed by carlos Perez and it is designed to perform DNS reconnaissance. This tool is included on backtrack and it is written in python.

This script provides the ability to perform :-

• Check all NS Records for Zone Transfers.
• Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
• Perform common SRV Record Enumeration.
• Top Level Domain (TLD) growth.
• Check for Wildcard Resolution.
• Brute Force subdomain and host A and AAAA records given a site and a wordlist.
• Perform a PTR Record search for a given IP vary or CIDR.
• Check a DNS Server Cached records for A, AAAA and CNAME Records provided a listing of host.
• Records in a text file to check.
• Enumerate Common DNS records within the local Network.
• Enumerate Hosts and Subdomains using Google.

Types of enumeration that performs include the following:

• Zone Transfer
• Reverse Lookup
• Domain and Host Brute-Force
• Standard Record Enumeration (wildcard,SOA,MX,A,TXT etc.)
• Cache Snooping
• Zone Walking

Zone Transfer

DNS zone transfer may be used to expose topology. Specifically when a user is attempting to perform a zone transfer, he sends a DNS query to list all DNS info like name servers, host names, mx and CNAME records, zone serial number, Time to measure records etc. depending on the size and the type of a network, this may present significant security problem.

The shear amount of information that can be obtained through DNS zone transfer is staggering. DNS zone transfers are now-days usually turned of by default and i would be surprised if you are find one. still, DNSRecon provides the ability to perform Zone Transfers with the commands :-

./dnsrecon.py -d www.example.com -a or

./dnsrecon.py -d www.example.com -t axfr

Reverse Lookup

DNSRecon can perform a reverse lookup for PTR (Pointer) records against IPv4 and IPv6 address ranges. To run reverse lookup enumeration use:

./dnsrecon.py -r 198.168.0.1 - 198.168.0.255(Start i.p - End i.p)

Also reverse lookup can be performed against all ranges in SPF records with the command.

/dnsrecon.py -d www.example.com -s.

Domain Brute-Force

For activity this method all we have to is to convey a name list and it will try to resolve the A,AAA and CNAME records against the domain by making an attempt every entry one by one. so as to run the domain name Brute-Force we need to type :-

./dnsrecon.py -d www.example.com -D namelist -t brt

As we can see we obtained A and CNAME records of the domain cnn.com and their IP addresses.

Standard Record Enumeration

In order to perform standard DNS enumeration with the DNSRecon we have to use the following syntax:

./dnsrecon.py -d www.example.com

Cache Snooping

DNS cache snooping is occurred once the DNS server has a specific DNS record cached. This DNS record can usually reveal many information. However DNS cache snooping is not happening very often. The command that can be used in order to perform cache snooping is that the following:

./dnsrecon.py -t snoop -n Sever -D dict

Zone Walking

This technique may unveils internal records if zone is not configured properly. The information that can be obtained can help us to map network hosts by enumerating the contents of a zone:

./dnsrecon.py -d host -t zonewalk

Lets start DNS Enumeration Script - DNSRecon

Step 1 : just type DnsRecon on the kali linux terminal.

Read Full Article :- http://www.techtrick.in/description/3502-dns-enumeration-script-dnsrecon

Subdomains Enumaration | Information Gathering of Website - Dnsmap

We will learn how to gather DNS information about all the subdomains of a web application or website using DNSMAP network mapper tool. DNSMAP is basically an sub domain mapping tool which gives all the subdomains, their corresponding IPv4 IP address and IPv6 IP address as output.

Unlike other tools, where we use brute force technology to gather all sub domains we dont have a feature to abort the brute forcing if domain uses wildcards technically you can say it producing false positives while enumerating sub domain data. So friends lets first discuss the key features of DNSMAP and what all we can gather using it.

Why to use DNSMAP Tool ?

• Find interesting remote access servers.
• Find badly configured and/or unpatched servers.
• Find new domain names which will allow you to map non-obvious/hard-to-find net blocks.
• Discover embedded devices configured using Dynamic DNS services.

Lets start with Subdomains Enumaration | Information Gathering of Website

Step 1 : just type dnsmap on the kali linux terminal.

Read Full Article :-  http://www.techtrick.in/description/3501-subdomains-enumaration-information-gathering-of-website-dnsmap

How to Information Gathering and Enumunerate by Dnsenum

It is a penetrating tool created to gather information related to DNS entries about the domains. Dnsenum is a tool for DNS enumeration, which is the process of locating all DNS servers and DNS entries for an organization.

DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on.

We can get information by using dnsenum tool –

• Get the hosts addresse
• Get the namservers
• Get the MX record
• Trying Zone Transfers
• BIND Version
• Get extra names and subdomains via google scraping
• Brute force subdomains from file, can also perform recursion on subdomain that have NS records
• Perform reverse lookups on netranges

Lets start with How to Enumunerate by dnsenum

Step 1 : just type dnsenum on the kali linux terminal.

Read Full Article :-  http://www.techtrick.in/description/3500-how-to-information-gathering-and-enumunerate-by-dnsenum

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP

NMAP is a penetration testing and network information gathering tool which was use by most of the IT administrators around the world. NMAP uses are more wide and we can easily gather the devices and the Network peripherals around you.

Like other security tools, Nmap should not be misused. Only scan networks and machines that you own or have permission to investigate. Probing other machines could be seen as an attack and be illegal.

Nmap (Network Mapper) is an open source and free security scanner used for network discovery and security auditing. During a scan, Nmap sends specially crafted packets to the target host and then analyzes the responses. It is capable of

• Host Discovery
• Port Scanning
• Service Name and Version Detection
• OS Detection

The typical uses of Nmap include:

• Security Audits Of A Firewall / Host
• Open Port Identification
• Network Security Audit
• Network Mapping, Network Inventory, Asset Management
• Vulnerability Detection & Exploitation
• Host / Service Uptime Monitoring
• Nmap can work on Linux, Unix, BSDs, MacOS X and Windows.

How to see the NMAP version:

To see which NMAP version you are using, you need to use the following command in the Kali Linux terminal. It is very important because, whenever a new NMAP version was released, you will get some new feature which comes with your NMAP Package. So next time while you are starting to use the NMAP app in Kali Linux, check whether you are using the latest version of NMAP.

#nmap --version or #nmap -v

If you want to update your NMAP package in your Kali Kali Linux then you need to use the below command.

#apt-get update nmap

Note : Make sure you have added the required Kali Linux repositories in /etc/apt/sources.list file. If the repositories were not added, then try to add the following repositories in the sources.list files.

# Regular repositories

deb http://http.kali.org/kali sana main non-free contrib

deb http://security.kali.org/kali-security sana/updates main contrib non-free

# Source repositories

deb-src http://http.kali.org/kali sana main non-free contrib

deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

After adding the repositories, you need to do "apt-get clean" an also you need to do "apt-get update" before updating any package in your Kali Linux.

Open Terminal and Type nmap for help information.

It is the worlds leading port scanner, and a popular part of our hosted security tools. Nmap as an online port scanner is able to scan your perimeter network devices and servers from an external perspective; ie outside your firewall.

It is the worlds leading port scanner, and a popular part of our hosted security tools. Nmap as an online port scanner is able to scan your perimeter network devices and servers from an external perspective; ie outside your firewall.

nmap 192.168.18.129 [Target or any I.P Address]

Here i am using my target window I.P Address.

TCP connect port scan(Default without root privilege)

This command is similar to the TCP SYN scan however rather than sending a SYN packet and reviewing the headers it will ask the OS to establish a TCP connection to the 1000 common ports.

nmap -sT 192.168.18.129

Read Full Article :-  http://www.techtrick.in/description/3495-ping-sweeps-port-scans-ip-spoofing-and-gathering-information-nmap