Monthly Archives: June 2020

Nikto

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

Nikto is a vulnerability scanner that scan websites for outdated server, dangerous files, directories, etc. The vulnerabilities are found by the tool running large number of tests against the target.

To begin, type:

$  nikto -host target

Note: The target can be either a domain name or an IP address.

WPScan: Brute Force

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using the information gathered from enumerating username, and through the generation of a password list using CUPP or CeWL (you are free to use any password list), we are able to attack a certain user by brute forcing their username alongside the password list.

To start the brute force type:

$ wpscan –url https://pentest.id/wp-login.php -P apietz.txt -U @apietz

Note: If an error occurs mentioning that the site does not seem to be running WordPress, add ” –force ” at the end of the command above.

SET: Cloning a Website

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

SET is a Social Engineering Toolkit. This tool allows us to clone a popular website, applying the method of impersonation, which is one of the many methods of Social Engineering. Social Engineering itself is the act of exploiting human vulnerabilities in order to obtain sensitive information. Hence, through the act of impersonating a popular website, it is possible to extract sensitive information from people who are gullible.

To start, type: $ sudo setoolkit

Choose option 1, Social-Engineering Attacks

Choose option 2, Website Attack Vectors

Choose option 3, Credential Harvester Attack Method

Choose option 2, Site Cloner

Enter your IP and then the URL of the website you are cloning. In this example, we are cloning https://www.twitter.com.

If you go to the browser, and then enter the IP that we entered to the SET, the website will be cloned. Any information entered on the cloned website’s field will be displayed on the command line as shown below.

Zoom: Scanning Subdomains

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using zoom. we can scan the WordPress for its subdomains.

Firstly, we need to clone the repository first from github by typing:

$ git clone https://github.com/Mebus/cupp.git

After the repository is cloned, change your current directory into the cloned repository by typing:

$ cd zoom

Then, we can finally run the tool by typing:

$ python zoom.py -u target_url –auto

BurpSuite

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

BurpSuite is a tool that intercepts traffic outgoing from a computer, essentially acting like a proxy. When you open this tool, select “temporary project” and “use burp defaults”. After you’ve entered BurpSuite, go to the proxy tab and you will see that the intercept is on.

Now, head over to the Firefox, open Preferences, and search for the proxy settings, and enter the information as shown below

After clicking Ok, requests are now intercepted by BurpSuite as shown below.

Click “Forward” to load the website.

The Harvester

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

The harvester is a tool that is used for information gathering. By using this tool we are able to find emails, names, subdomains, IPs, and URLs associated with a certain domain using search engines like google or bing.

$ theHarvester -d binus.ac.id -b google -l 500

-d is the domain to search

-b is the data source (e.g. google, bing)

-l is the limit to the number of results to work with

Censys

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

There are various methods to find the real IP of a website behind Cloudflare. By using censys.io we are able to find the IP behind Cloudflare. All we have to do is just enter the domain name in censys.io

Nmap

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using nmap, we are able to scan and discover hosts and services by sending packets to the target and analyzing the responses. Nmap is useful for discovering open port targets.

$ nmap pentest.id

Google Dorks

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using Google Dorks we can utilize Google’s searching tools in order to find information or misconfigured servers. Some keywords that we can use to utilize Google’s searching tools are:

Finding misconfigured Laravel Applications: index of “.env”

Finding misconfigured servers that have “ktp” files: index of of “ktp

Finding misconfigured servers that have “kk” files: index of “kk”

Finding sensitive XML file stored in the admin folder for a website: index of “admin/xml”

More exploits can be found at: https://exploit-db.com


WPScan: Scanning Vulnerabilities

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using WPScan we are able to scan vulnerabilities that the wordpress site has. Even better, if we use the API token by registering on https://wpvulndb.com/users/sign_up we can obtain even more vulnerabilities as shown below where we try to scan the vulnerabilities of https://pentest.id:

$ wpscan –url https://pentest.id –api-token token