Hack Tools | Finding Admin Panels, Sniffing, Backdoors - Katana Framework

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not completely stable, not complete.

Lets start with Hack Tools | Finding Admin Panels, Sniffing, Backdoors

Step 1 :Just Download or clone from github.

git clone https://github.com/PowerScript/KatanaFramework.git

cd KatanaFramework

sudo sh dependencies

Step 2 :Lets Install it.

sudo python install

Step 3 :Lets start with Katana Framework with just type a simple command.

ktf.console

Step 4 :Lets open of modules with command

show modules

Read More :- http://www.techtrick.in/description/3536-hack-tools-finding-admin-panels-sniffing-backdoors-katana-framework

How to Check valid login credentials using Credmap

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these.

Lets start with Check valid login credentials using Credmap

Step 1 : Just download or clone from github.

git clone https://github.com/lightos/credmap.git

Step 2 :Now you have to install it.

cd credmap

ls

chmod +x credmap.py

./credmap.py

Step 3 :Here i am using my email Id you can use any of them.

./credmap.py --email XXXXXXXXXXXX@gmail.com --user XXXXXXXXXXXX@gmail.com

Read More :- http://www.techtrick.in/description/3528-how-to-check-valid-login-credentials-using-credmap

A Linux Bing,Google Dorking and Web Vulnerability Scanner Tools -BinGoo

It is an all-in-one dorking tool written in pure bash. It leverages Google AND Bing main search pages to scrape a large amount of links based on provided search terms. You can choose to search a single dork at a time or you can make lists with one dork per line and perform mass scans. Once your done with that, or maybe you have links gathered from other means, you can move to the Analyzing tools to test for common signs of vulnerabilities.

The results are neatly sorted into their own respective files basedon findings. If you want to take further you can run them through the SQL or LFI tools which are some semi working homebrewed creations It is made in bash or you can use the SQLMAP and FIMAP wrapper tools They wrote which work much better and with greater accuracy and results.

Lets start with Linux Bing,Google Dorking and Web Vulnerability Scanner Tools

Step 1 : firsty,you have to install lynx before installing Bingoo .

apt-get install lynx

Step 2 :Now you have to install curl.

apt-get install curl

Step 3 :Just download or clone from github.

git clone https://github.com/Hood3dRob1n/BinGoo

Read More :-  http://www.techtrick.in/description/3527-a-linux-bing-google-dorking-and-web-vulnerability-scanner-tools-bingoo

Auto Scanning to SSL Vulnerability - A2SV

A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.

Lets start With Auto Scanning to SSL Vulnerability - A2SV

Step 1 : Just download or a clone from github

git clone https://github.com/hahwul/a2sv.git

Step 2 :Lets Install It.

cd a2sv

./install.sh

Step 3 :Now Start a2sv Auto Scanning to SSL Vulnerability

ls

python a2sv.py

a2sv -h

Read More :-  http://www.techtrick.in/description/3521-auto-scanning-to-ssl-vulnerability-a2sv

Hacking A WebServer Using Bruteforce SSH Login Module

The ssh_login module is quite versatile in that it can not only test a set of credentials across a range of IP addresses, but it can also perform brute-force login attempts. This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking A WebServer Using Bruteforce SSH Login Module

Step 1 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :- search ssh_login

Step 3 :- This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space. We will configure the scanner to use a short usernames file and a passwords file and let it run against our subnet.

use auxiliary/scanner/ssh/ssh_login

You may also like :-

• How to Check valid login credentials using Credmap
• Hack Tools | Finding Admin Panels, Sniffing, Backdoors - Katana Framework
• How to Hack Facebook using SEToolKit (Phishing attack)
• Using the Social Engineering Toolkit (SET) to Create a Backdoor Executable

Step 4 :- Create a randomly User.txt file for brute force attack.

Step 5 :- Create a randomly Password.txt file for brute force attack.

Step 6 :-

set STOP_ON_SUCCESS true

set RHOSTS 192.168.69.131

set USER_FILE /root/Desktop/User.txt

set PASS_FILE /root/Desktop/Password.txt

Read More :-  http://www.techtrick.in/description/3519-hacking-a-webserver-using-bruteforce-ssh-login-module

Hacking Brute Force Telnet Login (MetaSploit)

The telnet_login module will take a list of provided credentials and a range of IP addresses and attempt to login to any Telnet servers it encounters.

This module will test a telnet login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking Brute Force Telnet Login (MetaSploit)

Step 1 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :- search telnet_login

Step 3 :- This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space. We will configure the scanner to use a short usernames file and a passwords file and let it run against our subnet.

use auxiliary/scanner/telnet/telnet_login

Step 4 :- Create a randomly User.txt and Password.txt file for brute force attack.

set STOP_ON_SUCCESS true

set RHOSTS 192.168.69.131

set USER_FILE /root/Desktop/User.txt

set PASS_FILE /root/Desktop/Password.txt

Read More : - http://www.techtrick.in/description/3517-hacking-brute-force-telnet-login-metasploit

Hacking FTP Server using Kali Linux (vsftpd Vulnerability)

FTP is a service that is commonly used in Web Servers from Webmasters for accessing the files remotely. So it is almost impossible not to find this service in one of our clients systems during an engagement.

The "vsftpd" auxiliary module will scan a range of IP addresses attempting to log in to FTP servers. This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking FTP Server using Kali Linux (vsftpd Vulnerability)

Step 1 :- PostgreSQL is available integrated with the package management on most Linux platforms. When available, this is the recommended way to install PostgreSQL, since it provides proper integration with the operating system, including automatic patching and other management functionality.

Step 2 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

You may also like :-

• Install Collect Lazy Kali Tool on Kali Linux rolling
• How To Install Java On Kali Linux
• Install MITMf Framework in kali linux for Man In The Middle attacks
• How to Install a Notepad++ Text Editor on Kali Linux

Step 3 :- The current status of the database.

db_status

search vsftpd

Read More :-  http://www.techtrick.in/description/3515-hacking-ftp-server-using-kali-linux-vsftpd-vulnerability