Happy Ethical Hacking
Monday, June 17, 2019
Wednesday, February 1, 2017
Resetting a Nessus Home Edition Password in Kali Linux
Open a terminal, and type the command “cd /opt/nessus/sbin” to navigate to the sbin directory.Open a terminal, and type the command “cd /opt/nessus/sbin” to navigate to the sbin directory.
ext type command “./nessuscli lsuser ” to see all the nessus users present. Here, we have only one. Ok, let’s reset the password for user root. Type command ” ./nessuscli chpasswd (username) “. The system will prompt you to enter the new password. Enter the password two times as shown below. You have successfully changed the nessus password. Now logon with the new password.
ext type command “./nessuscli lsuser ” to see all the nessus users present. Here, we have only one. Ok, let’s reset the password for user root. Type command ” ./nessuscli chpasswd (username) “. The system will prompt you to enter the new password. Enter the password two times as shown below. You have successfully changed the nessus password. Now logon with the new password.
Thursday, September 29, 2016
Thursday, September 15, 2016
OSWAP Directory Buster
A good hacker will not directly attack a website without proper information gathering. It is a good practice of understanding the structure of a website by busting the directories and files.
This may give you an opportunity to find some hidden and confidential dictories and files that are considered to be inaccessible by the public. This may lead you to gain important information like password, encryption keys, certificate files etc.
Before getting into it, I ll show you some additional details
This may give you an opportunity to find some hidden and confidential dictories and files that are considered to be inaccessible by the public. This may lead you to gain important information like password, encryption keys, certificate files etc.
Before getting into it, I ll show you some additional details
- Code 100 -> Continue : codes in this range denotes that the user / client request has not been completed for some reasons but the client can continue.
- Code 200 -> Successful : Codes in this range denotes that the request was successful.
- Code 300 -> Multiple Choice : Codes in this range denotes bad request . The most common codes are 404 [not found ] and 403 [forbidden].
Busting Time
Goto Applications -> kali LInux -> Web Application -> Web Crawlers -> dirbuster
Now, open DirBuster and enter the target website. Don't forget to mention http | https and port number 80 | 443 . eg: http://www.examplewebsite.com:80
Wordist:
Next, all you have to do is to choose the wordlist which contains the directories and files names. Here I've chose /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
Finally, when we click the "start" DirBuster will generate GET requests and send them to the target website with a request for watch of the files and directories listed in our wordlist.
Once everything finished all the directories and files will be busted to you.
Wordist:
Next, all you have to do is to choose the wordlist which contains the directories and files names. Here I've chose /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
Finally, when we click the "start" DirBuster will generate GET requests and send them to the target website with a request for watch of the files and directories listed in our wordlist.
Once everything finished all the directories and files will be busted to you.
Saturday, August 20, 2016
Top 10 Activities in Internet that makes you sit in Jail.
1.OPEN WIFI
Are you having a open wifi access at your home? Be ready to answer cops about the purpose.
* It is considered to be an offence to have an open wifi access point because there are chances to sniff the packets of the users who are using your account.
* Also, anyone can use your network with criminal intentions,that you may be answerable.
Better use WPA/2 with strong passwords to avoid getting caught.
2. Deleting your Search History
Although it is usual for us to delete the search history in our browser but there is a problem of doing it. If you happen to get caught for some hacking allegations cops will check your browser history, if it is not there..Then you have to sit behind bars. Even Indian Government insisting people to have their search history for the past three months..
3. Posting Offensive and abusive contents in social Media.
This is simply a wrong doing of posting offensive and abusive contents in social media, may be they wont consider this if you do this against some common people, but if you do against a actor or actress then you have to face many consequences. So dont post gossips online.
4. Online Gambling
This is quite banned in some of the countries but not in many countries because of the implementation in the deep web. So better check for the policies before playing gambling online.
5. Dancing videos in Online
You'll be arrested if the cops find you dancing in a video.. though it is not illegal but it is banned in some mid east countries.
6. Commenting on Facebook and twitter.
Check before posting your comments in your facebook or twitter.. abusive comments are considered to be an offence. Also confirm that no one is using your Facebook or twitter instead of you.. you have to face the consequences.
7. Sharing Files in Internet
Do not share files that consist of malicious contents. If the owner of the website found that you are sharing a malicious file through his website..You have to sit behind bars..you may ask how can they find it, the answer is often website owners has malicious file checking system in their server.
8. Using Sniffers in Public Network.
It often happens for hackers to use public networks for sniffing passwords and raw data. It is an offence if you get caught for using sniffers in public network.
9. Accessing others account.
This is also consider as a part of cracking which is exactly illegal. Don't open others account even if you have their passwords and details.
10. Plagiarism
If want to add someones content in your website, you have to ask them their permission. Most of the content posting websites will have a content tracking system that was monitored by 3rd party website. If you post you'll get caught for plagiarism.
There are many activities which can put you behind bars but this is the top most.
Friday, July 3, 2015
War Driving
Wireless
networking is the most popular and fast growing technology, from home
networking to the enterprise networking, wireless network now become a
way of life and way of networking. As more wireless network are
deployed, the need to secure them increase. But this is totally illegal and its only for educational purposes.
Here we are going to discuss about mapping a wireless network and exploit it.
War Driving
also known as access point mapping, is a act for searching, locating
and possibly exploit the Wireless LAN while driving on a vehicle.
Requirement
The requirement for effective wardriving is based on both hardware and software.
Hardware:
- Portable Computer (Laptop and Netbook etc.) or PDA (Personal digital assistance)
- A Wireless NIC card
- An Antenna
- A handheld GPS unit (Optional)
- GPS data Cable (Optional)
- A pigtail to connect NIC to external antenna software:
- A software program for wardriving is freely available on Internet.
- NetStumbler or inSSIDer for Windows
- Kismet for Linux, FreeBSD, NetBSD, OpenBSD, DragonFly BSD
This
is not enough there is need to discuss on how to choose wireless NIC
and antenna for wardriving. The IEEE 802.11 is a family of standards,
each one defining and specifying parts of the standard.
- 802.11b, using the 2.4 GHz radio spectrum and 11 Mbps max data rate.
- 802.11a, using the 5 GHz radio spectrum and 54 Mbps max data rate.
- 802.11g, using the 2.4 GHz radio spectrum and 54 Mbps max data rate.
802.11b cards are the most easiest to install and it supported by most wardriving tools (software's).
Even we can use some android tools to do this job, Eg. WIFI Collector which can grab the following details:
Even we can use some android tools to do this job, Eg. WIFI Collector which can grab the following details:
- Time
- Latitude
- Longitude
- Vendor's Name
- Wifi Name
- Wifi Security : wep / wpa / wpa2 / open
- WPS True | False
- Signal Strength
Web Application Security Testing
Web Application Security Testing
security is vitally important in software applications. More and more
people are using the Internet and computers to perform everyday tasks.
Software is everywhere, in your cell phone, car, airplanes, televisions,
and don't forget - your home computers. More and more of these
appliances are being connected to the Internet. Everyday services,
including banking, stock trading and taxes are all moving to an online
approach. Today's software is being produced faster than ever. The
majority of people using these software applications are unaware about
security. With shrinking budgets, tight schedules, and without the
knowledge of security testing, software vulnerabilities are everywhere.
Software applications are being used by people all over the world. Hence
application security testing and especially web application security
testing is a must for software products to succeed in today's world.
Security testing, which aims to eliminate the aspects of systems that do not relate to application functionality but to the confidentiality, integrity, and availability of applications, is commonly referred as "nonfunctional requirements (NFR) testing." NFR testing, which is used to determine the quality, security, and resiliency aspects of software, is based on the belief that nonfunctional requirements represent not what software is meant to do, but how the software might do it.
Security testing, when done properly, goes deeper and even beyond the functional testing/black-box probing on the presentation layer. By identifying risks in the system and creating tests driven by those risks, a software security tester can properly focus on areas of code in which an attack is likely to succeed. Software security is about making software behave in the presence of a malicious attack, even though in the real world, software failures usually happen spontaneously — that is, without intentional mischief.
The OWASP (Open Web Application Security Project) Top Ten is a list of the 10 most dangerous current Web application security flaws, which are listed below.
One of the most prevalent security-related issues to deal with is Input Validation. A functional quality assurance engineer can typically devise a variety of methods to verify the functionality of a feature or component. But a security tester needs to go deeper — he has to think like a malicious user, consider the cases that shouldn't be allowed, input things typical users would not attempt, and try to twist and break that application in any way possible. There are also many open source and licensed automation tools (Acuntix, Zed Attack proxy, Websecurify, etc.) available on the market which perform the dynamic analysis and penetration testing of web application to discover vulnerabilities such as:
Security testing, which aims to eliminate the aspects of systems that do not relate to application functionality but to the confidentiality, integrity, and availability of applications, is commonly referred as "nonfunctional requirements (NFR) testing." NFR testing, which is used to determine the quality, security, and resiliency aspects of software, is based on the belief that nonfunctional requirements represent not what software is meant to do, but how the software might do it.
Security testing, when done properly, goes deeper and even beyond the functional testing/black-box probing on the presentation layer. By identifying risks in the system and creating tests driven by those risks, a software security tester can properly focus on areas of code in which an attack is likely to succeed. Software security is about making software behave in the presence of a malicious attack, even though in the real world, software failures usually happen spontaneously — that is, without intentional mischief.
The OWASP (Open Web Application Security Project) Top Ten is a list of the 10 most dangerous current Web application security flaws, which are listed below.
- Injection
- Cross-Site Scripting
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Failure to Restrict URL Access
- Invalidated Redirects and Forwards
- Insecure Cryptographic Storage
- Insufficient Transport Layer Protection
One of the most prevalent security-related issues to deal with is Input Validation. A functional quality assurance engineer can typically devise a variety of methods to verify the functionality of a feature or component. But a security tester needs to go deeper — he has to think like a malicious user, consider the cases that shouldn't be allowed, input things typical users would not attempt, and try to twist and break that application in any way possible. There are also many open source and licensed automation tools (Acuntix, Zed Attack proxy, Websecurify, etc.) available on the market which perform the dynamic analysis and penetration testing of web application to discover vulnerabilities such as:
- Client Certificate
- Proxy-Chaining
- Local and Remote File Include
- Cross-Site Scripting
- SQL injection
- Information Disclosure Problems
- Session Security Problems, etc.
Subscribe to:
Posts (Atom)