Welcome To ^_^ My [Friends] ^_^

^_^ *Best* "Friends" [Together] ^_^

Hydra
Hydra ini fungsinya mirip dengan program dengan nama brutus di microsoft windows

Ok, kali ini kita tes GUI nya untuk dictionary attack ftp secara lokal,
silahkan diset seperti gambar di bawah ini (jangan lupa aktifkan daemon ftp Anda untuk mendukung uji coba kali ini)

Lalu kita klik tab “Passwords”:

Misal target username adalah: “mywisdom”
Lalu kita centang Password list karena kita akan menggunakan word list yang sudah kita siapkan, misal dalam
eksperimen kali ini kita pakai file password yang sudah kita siapkan di direktori /root

Ok selanjutnya kita klik tab Start dan kita klik tombol Start di kiri bawah dan hasilnya bisa kita lihat:

W3AF
http://sourceforge.net/projects/w3af/

W3af ini merupakan framework untuk audit web aplikasi (pentest) dengan aneka plugin. Berikut ini adalah plugin yang bisa kita pakai untuk penetrasi suatu web
Code:
LDAPi Find LDAP injection bugs.
+ blindSqli Find blind SQL injection vulnerabilities.
buffOverflow Find buffer overflow vulnerabilities.
dav Tries to upload a file using HTTP PUT method.
+ fileUpload Uploads a file and then searches for the file inside all known directories
.
formatString Find format string vulnerabilities.
+ frontpage Tries to upload a file using frontpage extensions (author.dll).
+ generic Find all kind of bugs without using a fixed database of errors.
globalRedirect Find scripts that redirect the browser to any site.
htaccessMethods Find misconfigurations in the “
” configuration of Apache.
localFileInclude Find local file inclusion vulnerabilities.
mxInjection Find MX injection vulnerabilities.
osCommanding Find OS Commanding vulnerabilities.
phishingVector Find phishing vectors.
preg_replace Find unsafe usage of PHPs preg_replace.
+ remoteFileInclude Find remote file inclusion vulnerabilities.
responseSplitting Find response splitting vulnerabilities.
sqli Find SQL injection bugs.
ssi Find server side inclusion vulnerabilities.
sslCertificate Check the SSL certificate validity( if https is being used ).
unSSL Find out if secure content can also be fetched using http.
xpath Find XPATH injection vulnerabilities.
xsrf Find the easiest to exploit xsrf vulnerabilities.
+ xss Find cross site scripting vulnerabilities.
xst Verify Cross Site Tracing vulnerabilities.
Untuk masuk ke konsole w3af silahkan ke direktori tempat anda taruh elf binary w3af Anda. misal di
/pentest/web/w3af

ketikkan :
Code:
./w3af
Contoh:
Code:
bt w3af # pwd
/pentest/web/w3af
bt w3af # w3af
w3af>>> help
The following commands are available:
help You are here. help [command] prints more specific help.
http-settings Configure the URL opener.
misc-settings Configure w3af misc settings.
plugins Enable, disable and configure plugins.
profiles List and start scan profiles.
start Start site analysis.
exploit Exploit a vulnerability.
tools Enter the tools section.
target Set the target URL.
version Show the w3af version.
exit Exit w3af.
w3af>>>
Misal kita mao audit saja dengan menggunakan semua plugin di atas:
Code:
w3af>>> plugins
w3af/plugins>>>audit all
next ketikkan back:
Code:
w3af/plugins>>> back
w3af>>>
Lalu kita set target kita, ketikkan target:
Code:
w3af>>> target
w3af/target>>>
Misal kita set target url http://jasakom.com
Code:
w3af/target>>> set target http://jasakom.com
w3af/target>>> back
Untuk mulai kita ketik start:
Code:
w3af/target>>> set target http://jasakom.com
w3af/target>>> back
w3af>>> start
Auto-enabling plugin: grep.collectCookies
Auto-enabling plugin: grep.httpAuthDetect
Auto-enabling plugin: discovery.allowedMethods
Auto-enabling plugin: discovery.serverHeader
The Server header for this HTTP server is: Apache/2.2.4 (Ubuntu) mod_fastcgi/2.4.2
x-powered-by header for this HTTP server is: PHP/5.2.3-1ubuntu6.4
The methods: COPY, GET, HEAD, LOCK, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, TRACE, UNLOCK
are enabled on the following URLs:
- http://jasakom.com
- http://jasakom.com/
Found 4 URLs and 4 different points of injection.
The list of URLs is:
- http://jasakom.com
- http://jasakom.com/login.php?do=login
- http://jasakom.com/search.php?do=process
- http://jasakom.com/profile.php?do=dismissnotice
The list of fuzzable requests is:
So here we go:

Vanish, wzap,zap, zap2, logzap2,uzapper

Merupakan tool-tool yang berguna untuk covering track. Ok kita tes dulu vanish (http://217.125.24.22/vanish.c)
Misal kita lihat dulu user2 apa saja yang ada di dalam sistem kita dengan mengetik: who
Code:
bt network # who
root tty1 Feb 8 01:15
root pts/0 Feb 8 01:16 (:0.0)
root pts/1 Feb 8 01:19 (:0.0)
root pts/2 Feb 8 01:22 (:0.0)
root pts/3 Feb 8 01:27 (:0.0)
root pts/4 Feb 8 01:28 (:0.0)
root pts/5 Feb 8 02:02 (:0.0)
bt network #
Ok coba kita pakai vanish:
Code:
bt bd # ./vanish root localhost localhost

utmp target processed.
wtmp target processed.
lastlog target processed.
Processing /var/log/messages DONE.
Processing /var/log/secure DONE.
Processing /var/log/xferlog DONE.
Processing /var/log/maillog DONE.
Processing /var/log/warn Couldn’t open /var/log/warn

Processing /var/log/mail Couldn’t open /var/log/mail

Processing /var/log/httpd.access_log Couldn’t open /var/log/httpd.access_log

Processing /var/log/httpd.error_log Couldn’t open /var/log/httpd.error_log

mv: cannot stat `warn.hm’: No such file or directory
mv: cannot stat `mail.hm’: No such file or directory
mv: cannot stat `httpda.hm’: No such file or directory
mv: cannot stat `httpde.hm’: No such file or directory

V_A_N_I_S_H_E_D_!
Your tracks have been removed
Exiting programm !!
Lalu kita tes lagi apakah masih keliatan user root yang ada di sistem:
Code:
bt bd # who
bt bd #
ok bukan sulap bukan sihir, sim salabim abra kadabra, user root hilang dari penampakan di sistem

Dsniff

Dsniff merupakan paket sniffer yang cukup terkenal di linux.Klo gak salah ada juga yang buat di windows.
Ok untuk mulai dsniff coba kita lihat dulu opsinya, ketik ini: dsniff -h
Code:
bt nikto # dsniff -h
Version: 2.4
Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]
[-t trigger[,...]] [-r|-w savefile] [expression]
bt nikto #
Fast Track

Merupakan suatu framework untuk penetrasi website yang dibuat dengan bahasa pemrograman python.
Beberapa fitur di dalam fast track:
- SQL injector
- SQL Bruter (biasa digunakan untuk brute force akun SA di mssql server)
- MS DOS Remote shell payload
- Exploit2:
1.HP Openview Network Node Manager CGI Buffer Overflow
2.IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
3.HP Openview NNM 7.5.1 OVAS.EXE Pre Authentication SEH Overflow
- Metasploit auto pawn

Ok kali ini kita akan gunakan fitur web based dari fast track, ke direktori fast-track.py anda lalu ketikkan:
Code:
./fast-track.py -g
Selanjutnya buka browser Anda dan ketikkan:
Code:
http://127.0.0.1:44444
Tampilan web based fast track

jadilah kakak jalat
sedotlah

jgn lupa posting nya gan

Welcome To ^_^ My [Friends] ^_^

Selasa, 10 Agustus 2010

tools hacking linux[2]

Tidak ada komentar: