Search For Tutorial

Tuesday, 20 June 2017

How To Use snmpwalk For SNMP enumeration

Posted by Vijay Jangra
We have learnt many information gathering concepts in our last posts like DNS Enumeration, Netcraft, Recon-ng, Email Harvesting etc. Let’s continue it with SNMP enumeration.

But first, here is a small and quick introduction to SNMP Protocol.

snmpwalk snmp enumeration pentest tool

What is SNMP ?
SNMP stand for Simple Network Management Protocol. As its name suggests it is a network management protocol used by network managers to manage and retrieve information of devices on network. So, you can also call it a Network Management System. Mostly Devices that supports SNMP are cable modems, routers etc.
Three versions of SNMP that has been developed are SNMPv1, SNMPv2c and SNMPv3.

SNMP Working
It retrieves management data in the form of its own managed systems organized in MIB(Management Information Base) variables and its values. Every specific variable describes specific system status and configuration.
Yup, SNMP uses MIB variables to retrieve information. Every status and configuration of system that SNMP manage has its MIB Variable Value.


Moreover, SNMP Network Management System usually consists of three key components.
  • Managed Device
  •  Agent
  •  NMS (Network Management Station) software which resides on managers.
Managed Device: - Managed device is a computer or node on network, having SNMP interface implemented that allows access to its system specific information either in format of read only or in some cases its read and write, so called Bidirectional or Unidirectional respectively. In other words, it is device on network which managers used to manage using SNMP Interface.
Agent: - An agent is management software that resides in a managed device.
NMS :- So called Network Management Station, is a software used by managers to monitor and control Managed Device using SNMP.

SNMP Community
SNMP uses some community strings while management process. Default is public or private. Now in some cases, these default community strings or these SNMP protocol versions are vulnerable.

SNMP uses some community strings while management process. Default is public or private. Now in some cases, these default community strings or these SNMP protocol versions are vulnerable.
Here is the list of some Windows MIB variable values and their corresponding system status or configuration.

1.3.6.1.2.1.25.1.6.0
System Processes
1.3.6.1.2.1.25.4.2.1.2
Running Programs
1.3.6.1.4.1.77.1.2.25
User Accounts
1.3.6.1.2.1.25.2.3.1.4
Storage Units
1.3.6.1.2.1.6.13.1.3
TCP Ports

NMap Port Scanning Tutorial

SNMP Agent service receives requests on UDP port 161. So we will use Nmap to know whether SNMP port 161 is open or not along with its version. Use below command for this task.

nmap –v –sU –sV –p161  192.168.12.50

In above command, I used -sU and –sV for UDP port scan and version detection respectively. It will scan only for port 161. 

snmp port and version scan using nmap

Look, In above image we discovered that port 161 is open and it is using first version of SNMP.
Now let’s move to our enumeration process.

SNMP Walk
SNMPwalk is very cool and handy tool for SNMP enumeration and information gathering. It is free and available in Kali Linux.

Boot in Kali Linux, open terminal and use this command to use snmpwalk.

snmp  –c public  –v1 192.168.12.50

-c is used to specify community. Default is public.
-v1 is used to specify first version.


Now use MIB values to enumerate specific system status and configuration.
I am going to gather user accounts available on my target system.

snmp  –c public  –v1  192.168.12.50 1.3.6.1.4.1.77.1.2.25

In the end of command I used MIB value from above table to get list of available users in target system. Here is the output of command.

snmpwalk user account enumeration

Now to move step further, all you have to do is use below command syntax.

snmp  -c public  -version target_ip mib_value

In above command, replace version with your target’s SNMP version, target_ip with your targeted system’s ip address and replace mib_value with mib value corresponding to specific system status or configuration


If you have any suggestions related to topic then comment and Share this post with your friends.


Read More
How To Become an Ethical Hacker

Learn how to become a hacker. An explained guide to learn how to become an ethical hacker. Teach yourself hacking in one year. Essential skills needed to become a hacker are programming ( Python, PHP, C++ etc.), Networking, Cryptography, Linux etc.

Friday, 16 June 2017

Information Gathering (Overview, Tools and Techniques)

Posted by Vijay Jangra
As we know from my previous post named five phases of ethical hacking, Information Gathering is first and important phase of ethical hacking and penetration testing. The more information you have about your target, the easy it will be to hack to your target.

What is Information Gathering ???

Information Gathering (also known as reconnaissance and footprinting) is first phase of penetration testing and ethical hacking. It is process of collecting relevant information(like ip address, hosts, nameservers, contact info, employees, servers, antiviruses and intrusion detection systems etc.) about target that helps in other phases of ethical hacking using various tools and techniques like whois, netcraft, recon-ng etc.

information gathering overviews tools techniques


Types of Information Gathering???

There are two main types of information gathering. Here is short and sweet definition of both.

Active Gathering :- Active refers to process of gathering information about target by directly interacting with it.

Passive Information:- In passive reconnaissance, we collect info about target without directly interacting with it.

This post covers passive as well as active information gathering concepts. Following is the list of some reconnaissance methods.

Google Hacking:- It refers to collecting information from google using some commands called google dorks. I have already written a post about using google commands. Have a look at these posts.



Email Harvesting :- It is technique of collecting all emails related to your targeted organisation or website. There are various tools for gathering emails. But we will use theharvester tool in kali linux. Follow these simple steps to gather email address:-
Step 1- Fire up Kali Linux and open terminal.
Step 2- Use below command to use theharvester.


theharvester –d cybrarytech.com –b google > mails.txt

-d  - Used to specify target site. Here in this example, I used it on my own site.
-b   - Used to specify service which you want use to collect emails. You can use google, bing, yahoo etc. I used google in this example.
 > mails.txt   - This is used to store all the output in a file. In this example, I stored all the emails in a file named mails.txt

Introduction to DOS and DDOS

Recon-ng
Recon-ng is very powerful framework for collecting target information like hosts, contacts, profiles.  You can think of it is a metasploit for gathering information. But it is used for reconnaissance purpose only, not for exploitation like metasploit. It is available in Kali Linux.
First of all, lets have a look at layout of its modules.
recon/domains-hosts/netcraft
recon – First part is name of module.
Domains-hosts – Second part is conversion action. This tells that you have to give input as domain name of site and It will convert it to hosts list relevant to that targeted site.
Netcraft    - It is third part, it refers to the source of gathering info.

Step 1 – To start recon-ng in Kali Linux, open terminal and type recon-ng.
Step 2 – Now use below commands to use recong-ng
 help -  To get list of commands.
show modules -  To get list of available modules.
use -   To use a module. For example.
use recon/domains-hosts/google_site_web
show options -  Used to get options or particular module.
set -   Used to set option for module.
 run ­ -  To run module.
Finding available hosts of target site
For the sake of tutorial, I will show you an example of how I got list of all sub domains or hosts using recon. Have a look at below image in which I used recon/domains-hosts/netcraft

recon-ng usage for footprinting


Using Additional Active Information Resources
Besides these, we have some other resources to collect information about our target.  Here is a small list of tools and techniques.

Netcraft.com
Using this website you can get huge amount of information about your target like its ip address, registrar, owner info, technologies or languages used in site. So visit below link and enter ip address of your target site.

Whois
We can think of it as a database which can be used to retrieve information like registrar, nameserver, registered date, expiry date etc. Sometimes it reveals very confidential information about target. It is managed by INTERNIC.
Whois tool is already installed in Kali Linux. Open terminal and use below command.
whois google.com
You can use some websites for whois query too.  List of some whois query site is below.

Using DNSEnum and DNSRecon to gather DNS Information
Both DNSRecon and DNSEnum can be used to gather DNS related information like nameservers, mail servers, dns records(A,SOA,CNAME etc.). These tools are free and available in Kali Linux.

Using DNSRecon:- DNS Recon can be used for standard record enumeration, reverse ip lookup, server information etc.  For standard record enumeration, open terminal in Kali and use this command.
dnsrecon –d google.com
Press enter and you will get many information nameserver, mail server, A and TXT record etc.

using dnsrecon for foorprinting


Reverse IP Lookup is used to gather domain names associated with any ip. Lets perform a reverse ip lookup using dnsrecon.
dnsrecon –d google.com –s



Using DNSEnum:- DNSEnum is similar tool as dnsrecon. One thing I like about dnsenum is that, its output is very understandable and formatted. Besides this, it is also very easy to use this tool. Have a look.
Open Terminal and type this command.
dnsenum google.com

Geographical Location

Yup, it is also important to get geographical location of target. Once, we have ip of the target, it is very easy to get its location. You can ipaddressguide.com for this. Open this site and enter ip address. Simple !!!

ip2location to get geographical location


Hope you got enough knowledge about Information Gathering, its types and Passive Information Gathering techniques and tools.
Read More

Saturday, 13 May 2017

7 Amazing YouTube Tips Tricks and Pranks

Posted by Vijay Jangra
I’ll be stupid if I ask what is your favorite site to watch to videos online. Isn't it?
Of Course ! YouTube
.
You can also think of you tube as a social site. Where you can share videos with your friends and see ideas of other peoples too.

Well if you are a you tube addict and used to spend too much time on it like me for entertaining and learning stuff, this is for you my friend. Here we have some best, less used, mostly secret youtube tricks and tips that you probably don’t know about.

youtube tips tricks pranks

1. Create link that start video from any specific time

This trick is very handy in a situation where you want to share any youtube with your friend but you want them to start video at any specific time. In other words, you want your shared video to start at any certain time.
Step 1:- Open video.
Step 2:- Pause the video at time where you want it to start after sharing.(Imagine you want it to start after 15 seconds.)
Step 3:- Click the share button.
Step 4 :- Now the most important, check the box “Start at” and then share the Video.

youtube video share



2.   Watch-Later


One of my favorite, if you found a great video on you-tube and you don’t have time to see the video but the video is worth watching. In that case, just open the video, Click Add To  and finally click the Watch Later playlist.
It’ll be added to watch later playlist and you can watch it anytime you want by going to Playlists > Watch Later.

youtube watch later


3.  Keyboard Shortcuts

Make it easy to use youtube by using these shortcut keys.
Space or k – To Pause and Play
J – Rewind 10 Seconds
F – Fast Forward to 10 Seconds
M – To Mute Video
Number 0 – To start the video again from starting
Number  1 to 9 – To start the video from its 10% to 90%

4. Speed Control

Lets say you want to see something in video in slow motion or in fast . That’s where this tricks comes in handy. Using this trick, you can control video play speed or you can play it in slow motion.
To adjust the speed,  Click the gear icon, Click Speed and Adjust it according to you.

★ Learn SQL Injection

5.  Download Video

There are various methods of downloading  videos from youtube. Some of them are working. But here is the best and working of method of downloading the video if you don’t want any hassle.
Open the video you want to download and put ss just after www. and before youtube and press enter.
You will be redirected to SaveFrom website, where you can download it in various formats.

youtube video download trick


6. Keyboard Operated Version of Youtube

Not feeling comfortable while using mouse or touchpad? Suppose your toucpad is not working properly and you want to use with keyboard. Whatever the reason is. Just open below URL address in your PC.


Now you gonna see completely different and keyboard driven version like online tv.

★ Metasploit Basics

7. Prank

Well its not a trick. But you can call it if you want. Its just a prank. Open youtube and type doge meme hit search and watch magic. You will see a colorful version.




Hope you enjoyed it. These tricks can help you in certain ways. Share these awesome youtube tips tricks with your  friends.
Read More

Thursday, 23 March 2017

An Ultimate Guide to NMap and Port Scanning

Posted by Vijay Jangra 3 Comments
Second phase of ethical hacking is scanning and it is as important as information gathering. That’s where we use NMap and its handy features. Nmap (so called Network Mapper) is very useful and quite famous utility now days which you can for network scan. This post will walk you though nmap ports scan strategies.

It is available in both command line and graphical user interface. Other interesting things about nmap is that you can use it for other multi-purposes things  like host scanning, port scanning, vulnerability scanning, getting operating system and version.

★ Learn About DOS / DDOS Attack

It can be used to perform network scans to identify which services a target host is running, operating system, software, firewalls and much more.

nmap port scan tutorial guide


Downloading and Installing:-
Nmap is already installed in Kali Linux or other major penetration testing distros like backtrack. If you are using other platform like Windows, Linux you can download and install it from below link.


But before I show you port scanning using nmap, I recommend you to read one of my previous posts about TCP/UDP.

Nmap Scanning Types:-

TCP SYN Scan:-
Hope you have learnt about TCP/UDP and three way handshake from previous posts.
In SYN scan, we use TCP to connect with target but do not make full connections with target host system.
In other words, it send SYN packet, target host reply with SYN/ACK packet in response, now according to TCP our system should reply to SYN/ACK packet with ACK or Acknowledgement packet. But it’ll never do that. SYN scan will not reply to SYN/ACK. It does not make full connection with target.

Therefore, it is undetectable because windows record logs of complete connect but this TCP SYN does not make full connection with target host.
And that’s why we also call it stealth scan.


Now let’s perform a simple TCP SYN scan using nmap. Open terminal, type below command and hit enter.
nmap –vv –sS 192.168.12.51

nmap -> Name of tool to start
-v or -vv -> Verbose or very verbose used to make our scan result to appear in more understandable way.
-sS -> -s is used to define scan type and -sS is for SYN scan type.
192.168.12.51 or target host -> it is my target host’s ip address. You need to replace this IP Address with your target system’s IP address.

★ How to Hack an Android phone

TCP Scan:-    
It is same as TCP SYN scan but unlike TCP SYN, it replies to SYN/ACK packet and makes full connections with target system. Thus it makes it detectable. Moreover or important is that, it is used to scan for TCP ports only. Use below command for this scan.
nmap –vv –sT 192.168.12.51
-sT -> it refers to TCP scan type.

UDP Scan:-
This scan is used to scan for open UDP ports in target system. UDP is connectionless protocol. Hence it is not as reliable as TCP is. To perform a UDP Scan, use this syntax.
nmap –vv –sU 192.168.12.51
-sU refers to UDP scan type.
FIN Scan:-
Like SYN packet is used or sent to make connection, FIN is used to drop or to get disconnect from target system. This scan is very helpful in case if your target system have Firewalls or IDS. Simple syntax its command is as follows.
nmap –vv –sF 192.168.12.51
Where –sF is referring to FIN scan.

★ Best Hacking Tools Listed

Other NMap Usage:-

Detect Operating System: - To detect operating system of target system along with the scan use below command syntax.
nmap –vv –sS –O 192.168.12.51
-O option is used to detect operating system.


operating system scan using nmap

Scan Multiple Hosts: - You can perform scan for multiple hosts at one time. For this, you must write ip address of another second host just after the first by giving a space.
nmap –vv –sS 192.168.12.51 192.168.12.52
And so on.

You can scan entire subnet using this syntax.
nmap –vv –sS  192.168.12.1/24


Version Detection: - It is very useful feature in nmap. You can also detect software or service version. However version scan takes little bit more time than others.
nmap –vv –sV –sT 192.168.12.51
-sV option is used for version detection.

version scan in nmap

Scan for Specific Ports: - Consider a scenario where you want to scan only some specific ports on target.  You can do this using nmap using –p option with this syntax.
nmap –vv –sS –p80,443 192.168.12.51
Here in this example, I used –p nmap option to scan for port 80 and 443 only.

Another one, you can scan for open ports within specified. For example:-
nmap –vv –sT –p1-500 192.168.12.51
It’ll scan for open TCP ports within range of 1 to 500.


Now you need to keep practice nmap port scanning within your lab to understand it. Nmap is not just limited to these features only. You can learn more about this tool using google and other ethical hacking blogs. We’ll soon update this post so keep visiting to our blog or subscribe for our newsletter.


Read More

Saturday, 11 March 2017

What is DOS and DDOS Attack | Introduction to Denial of Service and LOIC

Posted by Vijay Jangra 3 Comments
In this tutorial we will talk about what is dos and ddos attack. Using DoS and DDoS , you can take down a web server from serving its services. We already know these DoS and DDoS terms as I introduced you about these in my previous post about website hacking methods.

But, again, first of all we would like to have a look at small introduction of both terms.

What is DoS?
                DoS stand for Denial of Service. As its name suggests, this attack makes victim’s server deny from serving its services to legitimate visitors. In other words, an attacker send too much traffic to a web server in a manner that the server immediately stop serving its services or slow down and its intended users will not be able access the server and its services any more until the attacker stop attacking.
What is DDoS?
                DDoS stands for Distributed Denial of Service. Sometimes, when our target is behind firewall and firewalls may deny the traffic from same IP Address if firewalls came to know that server is getting unexpected amount of traffic from same visitor or ip address.

In that case, we have DDoS. This attack is performed by various computers or by using multiple ip addresses. Then it becomes DDoS attack. Because they are using multiple IP addresses or multiple computer systems say about 1000 or more they will be able to success fully DDoS a server.

what is dos ddos


★  How to use SQLMap for SQLi

A list of some of the best DoS and DDoS website hacking tools is in the end of the post.

OK! Introduction is Enough Now.

Let’s start hacking. (Ohhh! Yeaah)

First of all, we will perform DoS attack using LOIC (Low Orbit Ion Conan) in Windows 8. Download link is in the end of the post. It is very effective and easy to understand tool. So let’s start.

Step 1:- Open LOIC. Locate the box named 1. Select the target. Now you have two choices to enter your target, either by entering URL or IP Address of victim. Choice is yours. After entering the target you need to click on Lock On button next to URL or IP Address based upon the method you used.


loic dos tool select target


Step 2:- In third box named Attack Options leave all options as it is. In the method box choose which type of traffic you want to use for DoS attack. You have TCP, UDP and HTTP. I am choosing UDP.  In TCP/UDP Message enter any text or message. This message will appear in header of packet.  For example, I am writing here, Hacked for the sake of this tutorial.

loic choose method


Step 3:- Finally, Click on big button named IMMA CHARGIN MAH LAZER to start the attack. As you can see in Attack Status, LOIC has already sent many requests till now.

loic launch dos attack


To stop attack, click on Stop Flooding button.
So that’s how to use famous DOS tool LOIC.

Best DOS and DDOS Tool
LOIC (Download)
HOIC (Download)
Hulk (Download)
GoldenEye (Download)
DDosim (Download)
SlowLoris (Download)

Now that you have basic of what is dos and ddos attack, you can perform dos attack using above tools.
Hope you enjoyed hacking. Hulk and Slowloris are Python and Perl scripts respectively.
To protect your server from DOS and DDOS you can use Honeypots and other Intrusion Detection Systems. 



Read More

Monday, 6 February 2017

How to View Saved WiFi Passwords in Windows and Android

Posted by Vijay Jangra 3 Comments
Our phone automatically connects to wifi connections which you used previously. Because your PC store those wifi passwords. Some times we need those passwords. And that's what this trick is all about. Using this trick you can view saved wifi password in your Android phone and Windows PC.

This trick, to get wifi password is very useful in some situation like, sometimes when  your friends asks for password but you forgot that or when you accidentally clicked on forgot connection option of that wifi connection.

In Windows, We have two options to view saved wifi passwords, one for currently connection and one for all connections. 

get view saved wifi password


Android phones store passwords in a configuration file named wifi_supplicant.conf 
You can open this file but only when your phone is rooted

So follow this guide. 

★ How to Hack Android Phones

Get saved Wi-Fi Password in Windows PC

Step 1:- Open Command Prompt. Press Windows + R to open run dialogue box window, cmd and hit enter.

Step 2:- Use below command to see password of any specific connection.

netsh wlan show profile name=connection key=clear

In above command, replace connection with name of wifi connection of which you wants to see password.

If you don't know the name of wifi. Use below command to see list of previously connected wifi list.

netsh wlan show profiles

View Saved Wi-Fi Passwords in Android Phone

For our task to be done. We need to fulfill following requirements.

-> Your phone must be rooted.

Step 1:- Download and install ES File Explorer app from Play Store or using above link.

Step 2: Open app and go to root directory of your phone. Ok Lets get more clear. Go to Phone Memory storage. You will see your current location above as in sdcard which should in 0 named folder. Click on Emulated just before 0 to go back more and than click / (slash) to go back more. And you will be in root directory.
Use below pattern if you find it hard to locate.

SdCard << 0 << Emulated<< /

root directory path



Step 3:- From root directory Go To data >> misc >> wifi 

Step 4:- Finally, you are in Wi-Fi folder. Open the file named wifi_supplicant.conf

wifi-supplicant-file


And you will see list of previously connected wifi connections with their passwords.

saved wifi password view


★ Best Hacking Apps for Android 2017

It is not that hard to get and view saved wifi passwords in android and windows. If you stuck at any step, feel free to ask us in comment section.

If you enjoyed this post, then give your one minute to Share this article with your friends and subscribe for our newsletter.

Read More