Saturday, 29 December 2012

How to make your own virtual lab for pen-testing;

You can make your own 'VIRTUAL LAB' for testing your exploits and hacks.keep reading..
you can download a copy of  virtual box here:VIRTUAL BOX (ORACLE)



After download completes, install virtual box and select 'NEW' then you should see this--



Our virtual target as i have chosen is a windows xp service pack 2 system.Type 'winows xp sp2' in the name field and click next.Follow--


It will now be asking for allotting RAM; i allotted 128MB as I have many more virtual machines running.Anway, windows xp is good at 128MB also so move on--


Our virtual target surely needs a hard drive to install itself on, select the option i have highlighted in the image above and click 'create'.Go on--




It is asking for a format for the virtual hard disk now which is gonna be 'VHD'.I select this because if somehow your virtual box got deleted and you are unable to launch your VBox, you can launch it from other soft wares like windows virtual pc, vmware workstation etc...click next and read on--



Now select the option 'fixed size' as we don't need the 1st one..see the image below--



You have to select the hard drive size which is going to be 4GB as it is more than enough for windows xp.
You are almost done!! Now you should be seeing the virtual box home screen where you click your virtual


machine that is 'windows xp sp2' and click start which is just above it.




After starting, you should see the above screen and you have to browse for the ISO file of windows xp sp2 as i have done and click start....Thats it!!! NOW ALL YOU HAVE TO DO IS INSTALL THE OS IN THE HARD DRIVE WE CREATED!!(Dont ask me how :D)

And for the attacker OS, you can download the latest version of backtrack here:backtrack 5 r3
Just follow follow the same procedure to install backtrack 5.(which is little different though-)You have to select the ISO you downloaded and in the boot menu select 'default text mode' and press enter--




You should be seeing some terminal loading all the system files, then stops at the backtrack 5 screen after which you see this--


Now type 'startx' and you are in the GUI of backtrack 5 R3!! Read below--


I have highlighted the install icon in the above image>> click it and start the installation...( i am not gonna explain the installation as it would cause the post to go 10 miles!! :D) Anyway,after everything is installed, go to network settings and in the drop down menu select HOST-ONLY ADAPTER in both windows xp and backtrack 5 r3.Now they are connected in LAN. ENJOY!!!!!!!!


TAGS:hacking,virtual box,oracle,windows xp ,pentest lab, LAN...




Friday, 28 December 2012

Compromising a Windows 7 system with backtrack 5 R3 and setting telnet as backdoor

hello guys, today iam gonna show you how to 'hack' into a windows 7 pc using 'metasploit' as well as 'SET'(social engineering toolkit).You can follow the images for easy reference...being this my 1st post!!



As u can see above,you can launch SET by going to applications>>backtrack>>exploitation tools>>social engineering toolkit>>SET
Then, select option 1-social engineering attacks.





 We are going to infect our victim with a 'EXECUTABLE PAYLOAD'.It is the best way to attack if you keep your metasploit framework updated.If your framework is not updated, you can run the following command in a terminal-

"msfupdate"

Type this command without quotes.It may take a long time before it gets updated completely, if you are in a hurry then continue without updating.There is a drawback though, if you did not update, the executable file may get detectable by AV's.(my own experience)

Now to be with the topic,
Select the option 4- create a payload and a listener.
If you are with me, you are good to go--


 Now you see, it asks for your IP,open a new terminal and type-

"ifconfig"

Type without quotes.There, depending on your connections there may be some interface names such as=eth0,wlan0 etc..if you are using WiFi connection, (remember to port forward your router for inbound and outbound connections) it is represented as wlan0 and for one who is behind a network,it should be eth0 i guess.Below your respective interfaces you can see "inet-address" followed by a number which is your IP.Just copy paste that number into your SET when it prompts for one.Now get going--



 There you go, i entered mine:192.168.56.101 (behind a network)

Now it asks for your payload. For windows target it is always "windows shell reverse tcp or windows reverse tcp meterpreter" i opt number 2 as it is a great tool and better to use than the 1st one.(trust me, the 1st one works but it is damn complicated!!!!!!)This tool called meterpreter is a really powerful tool which can perform many things like: key logging,screen capturing,uploading-downloading files and almost anything!!



look at the pic above; It is the encoding menu where you can select the encoding for your executable file.I recommend option '16' as it is widely used and it is also ranked BEST.Encoding is nothing but a way of  coding the file which makes it undetectable by AV's but unfortunately updated antiviruses catch hold of such encoded files also.But as far as i know, most people download anti-viruses from torrents or Google and end up getting counterfeit copies which cannot update itself.So its a 70% success rate that we have.Wait untill the process of encoding completes...


Process completed and you can see the directory of our exe file (i have highlighted it in the image>>).The exe file,is at default named 'msf.exe'.You can find the file in the directory--  file system>>pentest>>exploits>>set>>msf.exe.It is this file that you have to send to the victim or target and then start the listener by typing 'yes' when it asks for yes or no.(look at the image above)






Here in the image is the directory and the msf.exe backdoor.Go on reading....



Yes, the listener is online and listening on port 443.look at picture below>>>>






Our poor and unsuspecting target is launching our backdoor...


Hey wait a minute, our listener has caught something interesting.....guess what??? METERPRETER SESSION 1 OPENED!!! that's it we have successfully compromised the targets pc!Type the following command to see active sessions-

"sessions -i"

The active session id for me is 1.To interact with 1, type--

"sessions -i 1"


You are in the meterpreter command line now!!! you can type--

"help"

to get the meterpreter commands.I typed "sysinfo" to show that an actual windows 7 pc has been compromised :D!!
But if the victim pc reboots or shuts down his/her pc, you have to follow the whole process again..you would'nt like that right?Then type--

"run gettelnet -u [any username] -p [any password]

See the image below>> i have set jack as a user in victim pc and the password is also jack.This opens port 23 ready for connection and when you telnet thr victim (open a terminal and type "open [victim ip] 23") it asks for a username and password.Then type jack in both fields and you are in again!!!(with little features)



ENJOY!!! I will soon be posting articles on meterpreter command and other flaws...


COUNTER-MEASURE:

1) Install a third party firewall.
2)Never accept any file simply without scanning.

NOTE:I do not in anyway support cyber crime and be held in anyway responsible for how the readers use the info.As you can see i have worked out in my own lab (LAN).I request the readers to not use this for hacking into confidential computers and causing havoc.CONNECTING TO OTHER COMPUTERS CREATE LOG FILES IN THE REMOTE PC/SERVER DEPENDING ON THE COMMAND YOU EXECUTED.AN EXPERT MAY BE ABLE TO ACCESS THOSE FILES AND REPORT THE IP LOG TO THE RESPECTIVE ISP AND FINALLY PARKING YOU BEHIND THE BARS--

TAGS:hacking,windows .hack,windows,backdoor, windows 7 hack,metasploit, backtrack hacking,
backdoor,telnet,gamez&geeks,10526,hacking,windows hack,windows flaws....