Auto Scanning to SSL Vulnerability - A2SV

A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.

Lets start With Auto Scanning to SSL Vulnerability - A2SV

Step 1 : Just download or a clone from github

git clone https://github.com/hahwul/a2sv.git

Step 2 :Lets Install It.

cd a2sv

./install.sh

Step 3 :Now Start a2sv Auto Scanning to SSL Vulnerability

ls

python a2sv.py

a2sv -h

Read More :-  http://www.techtrick.in/description/3521-auto-scanning-to-ssl-vulnerability-a2sv

Hacking A WebServer Using Bruteforce SSH Login Module

The ssh_login module is quite versatile in that it can not only test a set of credentials across a range of IP addresses, but it can also perform brute-force login attempts. This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking A WebServer Using Bruteforce SSH Login Module

Step 1 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :- search ssh_login

Step 3 :- This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space. We will configure the scanner to use a short usernames file and a passwords file and let it run against our subnet.

use auxiliary/scanner/ssh/ssh_login

You may also like :-

• How to Check valid login credentials using Credmap
• Hack Tools | Finding Admin Panels, Sniffing, Backdoors - Katana Framework
• How to Hack Facebook using SEToolKit (Phishing attack)
• Using the Social Engineering Toolkit (SET) to Create a Backdoor Executable

Step 4 :- Create a randomly User.txt file for brute force attack.

Step 5 :- Create a randomly Password.txt file for brute force attack.

Step 6 :-

set STOP_ON_SUCCESS true

set RHOSTS 192.168.69.131

set USER_FILE /root/Desktop/User.txt

set PASS_FILE /root/Desktop/Password.txt

Read More :-  http://www.techtrick.in/description/3519-hacking-a-webserver-using-bruteforce-ssh-login-module

Hacking Brute Force Telnet Login (MetaSploit)

The telnet_login module will take a list of provided credentials and a range of IP addresses and attempt to login to any Telnet servers it encounters.

This module will test a telnet login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking Brute Force Telnet Login (MetaSploit)

Step 1 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :- search telnet_login

Step 3 :- This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space. We will configure the scanner to use a short usernames file and a passwords file and let it run against our subnet.

use auxiliary/scanner/telnet/telnet_login

Step 4 :- Create a randomly User.txt and Password.txt file for brute force attack.

set STOP_ON_SUCCESS true

set RHOSTS 192.168.69.131

set USER_FILE /root/Desktop/User.txt

set PASS_FILE /root/Desktop/Password.txt

Read More : - http://www.techtrick.in/description/3517-hacking-brute-force-telnet-login-metasploit

Hacking FTP Server using Kali Linux (vsftpd Vulnerability)

FTP is a service that is commonly used in Web Servers from Webmasters for accessing the files remotely. So it is almost impossible not to find this service in one of our clients systems during an engagement.

The "vsftpd" auxiliary module will scan a range of IP addresses attempting to log in to FTP servers. This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking FTP Server using Kali Linux (vsftpd Vulnerability)

Step 1 :- PostgreSQL is available integrated with the package management on most Linux platforms. When available, this is the recommended way to install PostgreSQL, since it provides proper integration with the operating system, including automatic patching and other management functionality.

Step 2 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

You may also like :-

• Install Collect Lazy Kali Tool on Kali Linux rolling
• How To Install Java On Kali Linux
• Install MITMf Framework in kali linux for Man In The Middle attacks
• How to Install a Notepad++ Text Editor on Kali Linux

Step 3 :- The current status of the database.

db_status

search vsftpd

Read More :-  http://www.techtrick.in/description/3515-hacking-ftp-server-using-kali-linux-vsftpd-vulnerability

Hacking A WebServer Using Bruteforce FTP Login Module

FTP is a service that is commonly used in Web Servers from Webmasters for accessing the files remotely. So it is almost impossible not to find this service in one of our clients systems during an engagement.

The "ftp_login" auxiliary module will scan a range of IP addresses attempting to log in to FTP servers. This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking A WebServer Using Bruteforce FTP Login Module

Step 1 : This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :Search ftp_login.

You may also like :-

• How To Install Firewall And Manage Open Ports -GUFW
• How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
• How to install Wine on Kali Linux and Debian 64 bit
• A Linux Bing,Google Dorking and Web Vulnerability Scanner Tools -BinGoo

Step 3 :

use auxiliary/scanner/ftp/ftp_login

Step 4 :Create a randomly User.txt file.

Read More : - http://www.techtrick.in/description/3513-hacking-a-webserver-using-bruteforce-ftp-login-module

Setting Up Metasploitable 2 Linux Virtual Machine In VMWare Workstation

Metasploitable 2 is virtual machine supported UNIX operating system that contains many intentional vulnerabilities for you to exploit. Metasploitable is basically a penetration testing workplace in a box, available as a VMware virtual machine.

Metasploitable is a Linux-based OS that is vulnerable to various Metasploit attacks. it had been designed by Rapid7,the owners of the Metasploit framework. Metasploitable is an excellent way to get familiar with using Meterpreter.

It is a key part of our testing environment. it is supported the Ubuntu UNIX operating system OS and is made specifically exploitable for penetration testing purposes. This VM should never be exposed on to the internet and for our purposes, we will use the host-only network to bind to.

Lets start Setting Up Metasploitable 2 Linux Virtual Machine

Step 1 :- Open VMWare and click on create a new virtual machine.

Step 2 :Choose Typical Option.

Step 3 :Choose I Will Install the operating System later.

You may also like :-

• How To Hide Our IP Address Without Any VPN Service
• How To Track Someones Exact Location - TrackUrl
• How To Install And Configure Free VPN On Kali Linux
• Auto Scanning to SSL Vulnerability - A2SV

Step 4 :Choose Linux and select Ubuntu - bit

Step 5 :You can give a name, we give the name Metasploitable just to make sure the name was understandable and easy to recognize.

Read full article : -http://www.techtrick.in/description/3511-setting-up-metasploitable-2-linux-virtual-machine-in-vmware-workstation

Website Dns analysis Information Gathering - UrlCrazy

URLCrazy is a tool written by Andrew Horton. Its purpose is to generate and test domain types, and variations to detect and perform typo squatting, URL Hijacking, phishing , and corporate espionage.

It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Usage

• Detect mistake squatters profiting from typos on your domain name
• Protect your complete by registering popular typos
• Identify typo domain names that may receive traffic meant for another domain
• Conduct phishing attacks throughout a penetration test

Features

• Generates fifteen types of domain variants
• Knows over 8000 common misspellings
• Supports cosmic ray induced bit flipping
• Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)
• Checks if a site variant is valid
• Test if domain variants are in use

Options/Switches

"-k" is used to change the keyboard layout. using totally different layouts might offer you a better view of typos that might occur in different countries, and the way the dangerous guys could also be generating domains there.

"-p" option shows however typically that specific domain spelling might show up in Google results, or however often someone searches for that specific spelling. you may want to verify this manually through Google.

"-r" causes urlcrazy to not resolve any domain names to ip addresses, therefore, only giving you a list of generated domains.

"-i" can show invalid domain names, like invalid TLD’s

"-f" allows you to specify the output type; there square measure 2 options here – human readable, and CSV; default is human readable

"-o" lets you create a file containing the results of your scan.

Lets start with URLCrazy

Step 1 : - This command is used to scan a url after scanning we can see names of the characters on the wrong web, Spelling reversed etc kindly use this command and see yourself I cant show you whole image here.

Then Enter you Target Website that you want to do Dns analysis Information Gathering.

Here I have used "techtrick.in" for demo purpose.

urlcrazy www.techtrick.in

Read full artilce : - http://www.techtrick.in/description/3508-website-dns-analysis-information-gathering-url-crazy