TechTrick

Monday, April 22, 2019

Hacking A WebServer Using Bruteforce FTP Login Module

FTP is a service that is commonly used in Web Servers from Webmasters for accessing the files remotely. So it is almost impossible not to find this service in one of our clients systems during an engagement.

The "ftp_login" auxiliary module will scan a range of IP addresses attempting to log in to FTP servers. This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking A WebServer Using Bruteforce FTP Login Module

Step 1 : This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :Search ftp_login.

Setting Up Metasploitable 2 Linux Virtual Machine In VMWare Workstation

Metasploitable 2 is virtual machine supported UNIX operating system that contains many intentional vulnerabilities for you to exploit. Metasploitable is basically a penetration testing workplace in a box, available as a VMware virtual machine.

Metasploitable is a Linux-based OS that is vulnerable to various Metasploit attacks. it had been designed by Rapid7,the owners of the Metasploit framework. Metasploitable is an excellent way to get familiar with using Meterpreter.

It is a key part of our testing environment. it is supported the Ubuntu UNIX operating system OS and is made specifically exploitable for penetration testing purposes. This VM should never be exposed on to the internet and for our purposes, we will use the host-only network to bind to.

Lets start Setting Up Metasploitable 2 Linux Virtual Machine

Step 1 :- Open VMWare and click on create a new virtual machine.

Setting Up Metasploitable 2 Linux Virtual Machine In VMWare Workstation

Step 2 :Choose Typical Option.

Step 3 :Choose I Will Install the operating System later.

Website Dns analysis Information Gathering - UrlCrazy

URLCrazy is a tool written by Andrew Horton. Its purpose is to generate and test domain types, and variations to detect and perform typo squatting, URL Hijacking, phishing , and corporate espionage.

It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Usage

Detect mistake squatters profiting from typos on your domain name
Protect your complete by registering popular typos
Identify typo domain names that may receive traffic meant for another domain
Conduct phishing attacks throughout a penetration test

Features

Generates fifteen types of domain variants
Knows over 8000 common misspellings
Supports cosmic ray induced bit flipping
Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)
Checks if a site variant is valid
Test if domain variants are in use

Options/Switches

"-k" is used to change the keyboard layout. using totally different layouts might offer you a better view of typos that might occur in different countries, and the way the dangerous guys could also be generating domains there.

"-p" option shows however typically that specific domain spelling might show up in Google results, or however often someone searches for that specific spelling. you may want to verify this manually through Google.

"-r" causes urlcrazy to not resolve any domain names to ip addresses, therefore, only giving you a list of generated domains.

"-i" can show invalid domain names, like invalid TLD’s

"-f" allows you to specify the output type; there square measure 2 options here – human readable, and CSV; default is human readable

"-o" lets you create a file containing the results of your scan.

Lets start with URLCrazy

Step 1 : - This command is used to scan a url after scanning we can see names of the characters on the wrong web, Spelling reversed etc kindly use this command and see yourself I cant show you whole image here.

Then Enter you Target Website that you want to do Dns analysis Information Gathering.

Here I have used "techtrick.in" for demo purpose.

urlcrazy www.techtrick.in

Read full artilce : - http://www.techtrick.in/description/3508-website-dns-analysis-information-gathering-url-crazy

Sunday, April 21, 2019

TheHarvester Email and Domain Scanning from Google,Bing,PGP,LinkedIn

TheHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

This is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet.It is also useful for anyone that wants to know what an attacker can see about their organization.

This tool is designed to help the penetration tester on an earlier stage; it is an effective, simple and easy to use. The sources supported are :-

Google – emails, subdomains
Google profiles – Employee names
Bing search – emails, subdomains/hostnames, virtual hosts
Pgp servers – emails, subdomains/hostnames
LinkedIn – Employee names
Exalead – emails, subdomain/hostnames

New features:

Time delays between requests
XML results export
Search a domain in all sources

Lets start with TheHarvester Email and Domain Scanning

Step 1 :- If you are using Kali Linux, open the terminal and type theharvester

Read Full Article : - http://www.techtrick.in/description/3505-theharvester-email-and-domain-scanning-from-google-bing-pgp-linkedin

DNS Enumeration Script - DNSRecon

DNSRECON is a best Penetestration tool on Kali Linux for performing DNS Information gathering, we can gather almost each and every DNS information about our target using DNSRECON tool. We can perform different types of DNS enumerations using DNSRECON tool like standard enumeration, brute force enumeration, top level domain enumeration, Cache Snooping, DNS Zone walking etc.

There are a variety of tools available which will gather DNS info effectively however in this article we are going to focus on the DNSRecon that is a tool that was developed by carlos Perez and it is designed to perform DNS reconnaissance. This tool is included on backtrack and it is written in python.

This script provides the ability to perform :-

Check all NS Records for Zone Transfers.
Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
Perform common SRV Record Enumeration.
Top Level Domain (TLD) growth.
Check for Wildcard Resolution.
Brute Force subdomain and host A and AAAA records given a site and a wordlist.
Perform a PTR Record search for a given IP vary or CIDR.
Check a DNS Server Cached records for A, AAAA and CNAME Records provided a listing of host.
Records in a text file to check.
Enumerate Common DNS records within the local Network.
Enumerate Hosts and Subdomains using Google.

Types of enumeration that performs include the following:

Zone Transfer
Reverse Lookup
Domain and Host Brute-Force
Standard Record Enumeration (wildcard,SOA,MX,A,TXT etc.)
Cache Snooping
Zone Walking

Zone Transfer

DNS zone transfer may be used to expose topology. Specifically when a user is attempting to perform a zone transfer, he sends a DNS query to list all DNS info like name servers, host names, mx and CNAME records, zone serial number, Time to measure records etc. depending on the size and the type of a network, this may present significant security problem.

The shear amount of information that can be obtained through DNS zone transfer is staggering. DNS zone transfers are now-days usually turned of by default and i would be surprised if you are find one. still, DNSRecon provides the ability to perform Zone Transfers with the commands :-

./dnsrecon.py -d www.example.com -a or

./dnsrecon.py -d www.example.com -t axfr

Reverse Lookup

DNSRecon can perform a reverse lookup for PTR (Pointer) records against IPv4 and IPv6 address ranges. To run reverse lookup enumeration use:

./dnsrecon.py -r 198.168.0.1 - 198.168.0.255(Start i.p - End i.p)

Also reverse lookup can be performed against all ranges in SPF records with the command.

/dnsrecon.py -d www.example.com -s.

Domain Brute-Force

For activity this method all we have to is to convey a name list and it will try to resolve the A,AAA and CNAME records against the domain by making an attempt every entry one by one. so as to run the domain name Brute-Force we need to type :-

./dnsrecon.py -d www.example.com -D namelist -t brt

As we can see we obtained A and CNAME records of the domain cnn.com and their IP addresses.

Standard Record Enumeration

In order to perform standard DNS enumeration with the DNSRecon we have to use the following syntax:

./dnsrecon.py -d www.example.com

Cache Snooping

DNS cache snooping is occurred once the DNS server has a specific DNS record cached. This DNS record can usually reveal many information. However DNS cache snooping is not happening very often. The command that can be used in order to perform cache snooping is that the following:

./dnsrecon.py -t snoop -n Sever -D dict

Zone Walking

This technique may unveils internal records if zone is not configured properly. The information that can be obtained can help us to map network hosts by enumerating the contents of a zone:

./dnsrecon.py -d host -t zonewalk

Lets start DNS Enumeration Script - DNSRecon

Step 1 : just type DnsRecon on the kali linux terminal.

Read Full Article :- http://www.techtrick.in/description/3502-dns-enumeration-script-dnsrecon

Subdomains Enumaration | Information Gathering of Website - Dnsmap

We will learn how to gather DNS information about all the subdomains of a web application or website using DNSMAP network mapper tool. DNSMAP is basically an sub domain mapping tool which gives all the subdomains, their corresponding IPv4 IP address and IPv6 IP address as output.

Unlike other tools, where we use brute force technology to gather all sub domains we dont have a feature to abort the brute forcing if domain uses wildcards technically you can say it producing false positives while enumerating sub domain data. So friends lets first discuss the key features of DNSMAP and what all we can gather using it.

Why to use DNSMAP Tool ?

Find interesting remote access servers.
Find badly configured and/or unpatched servers.
Find new domain names which will allow you to map non-obvious/hard-to-find net blocks.
Discover embedded devices configured using Dynamic DNS services.

Lets start with Subdomains Enumaration | Information Gathering of Website

Step 1 : just type dnsmap on the kali linux terminal.

Read Full Article :- http://www.techtrick.in/description/3501-subdomains-enumaration-information-gathering-of-website-dnsmap

How to Information Gathering and Enumunerate by Dnsenum

It is a penetrating tool created to gather information related to DNS entries about the domains. Dnsenum is a tool for DNS enumeration, which is the process of locating all DNS servers and DNS entries for an organization.

DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on.

We can get information by using dnsenum tool –

Get the hosts addresse
Get the namservers
Get the MX record
Trying Zone Transfers
BIND Version
Get extra names and subdomains via google scraping
Brute force subdomains from file, can also perform recursion on subdomain that have NS records
Perform reverse lookups on netranges

Lets start with How to Enumunerate by dnsenum

Step 1 : just type dnsenum on the kali linux terminal.

Read Full Article :- http://www.techtrick.in/description/3500-how-to-information-gathering-and-enumunerate-by-dnsenum