Archives

All posts for the month February, 2016

Good Evening friends. Today we will see how to hack passwords of remote Dlink routers on the internet and we are not talking about password cracking although we will see that also in the future. Uffff, that was a very long sentence. Ok , now let’s see how to hack passwords of remote Dlink routers, but wait there’s a catch. This howto will only work on Dlink routers having version dir 645. Now if you’re thinking who still uses that version, then you should just shhhhooodaaaan. Start Metasploit and load the “auxiliary/admin/http/dlink_dir_645_password_extractor” exploit as shown below.

dlinkpe1

It’s always good to see the information about our exploit as shown below.

dlinkpe2

Now set the RHOST option( i.e the IP address of our target, you will get this from shodan). Change the port to 8080.

dlinkpe3

Now execute the exploit by typing command “run”. The exploit will run as shown below. Don’t worry about the errors we get as our exploit has already finished its job and saved the passwords of routers into a file.

dlinkpe4

Now let’s open the file. Copy the path of the file from above. Use any text editor to open the file. Below I have used gedit.

dlinkpe5


The file will open as shown below. We can see the credentials underlined ( by me ). So it says the username is admin and password is empty. Now let’s check it out.

dlinkpe6

Open your browser and go the router address as shown below. The router login page should open.

dlinkpe7

Without entering any password, click on Login. You should get access to the router as shown below.

dlinkpe8

That’s all folks for today. Happy Hacking.

NOTE: This howto is a part of a series of Metasploitable Tutorials but can also be read separately.

Good morning friends. In one of our previous howto’s, we saw how to install OpenVAS in Kali Linux. Today we will see how to perform a vulnerability assessment with OpenVAS. The target on which I have performed this vulnerability assessment is Metasploitable. Start Kali Linux ( The system on which we have installed OpenVAS,,, obviously). Open a terminal and type the following commands as underlined below.

openvass1

Then  open a browser and direct the browser to port no 9392 as shown below. You should get the following interface.

openvass2

We will perform a quick scan. In the blank given, enter the IP address of our target as shown below and click on “Start Scan” as shown below.

openvass3

 

The scan will run as shown below. It will take quite a bit of a long time. So I would suggest you go and eat some pani puri and come back.

openvass4

Once you are back, the scan should be finished and will look as shown below. Click on the link shown below.

openvass5

You should get a general summary of the scan.

openvass6

Now let us see the scan report. Go to “Scan Management” tab and click on Reports as shown below. It will show you a list of scans we performed. In our case, there is only one scan.

openvass7

Now click on the scan as shown below.

openvass8

This is our entire scan report with all the vulnerabilities existing in our target classified from high to low.

openvass9

openvass10

openvass11

openvass12

In our next howtos, we will see how to exploit all these ( which means most of them ) vulnerabilities. Until then, Good bye.


Good Evening friends. Hope you’re fine. After focusing on Joomla for some time, with this howto I have decided to focus on another popular CMS, that is WordPress. This howto is a pre-prequel to one of my articles on how to hack wordpress right here. This howto will have two other sequels and watch out for some easter eggs in this howto. ( Mind my talk about sequels,prequels and easter eggs, but did I tell you I am a big Marvel fan). Ok, ok, ok. Now let’s begin. The tool we will use here is called WPscan. WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues and also for enumeration. It is by default installed in Kali Linux Sana. Now open a terminal and update our tool by typing command as shown below.

wpscan1

To scan a wordpress website, you have to give the url as shown below. For this howto, I am using a local installation of wordpress as target.  Assign the target as shown below. The scan will start as shown below.

wpscan2

Here are the screenshots of result of this scan. . As you can see we have  13 vulnerabilities in the present installation and the vulnerabilities are given below.

wpscan3

wpscan4

wpscan5

One of the easiest ways to hack a wordpress site is to exploit the plugins installed in the target as most of the wordpress vulnerabilities nowadays exist in the plugins installed on it. So it is very important to enumerate the plugins installed on our wordpress target. We can enumerate the plugins using the “enumerate” option as shown below.

wpscan6

The scan result will be as shown below.( And there you have the first easter egg). So totally we found four plugins. The first one is Ajax Load More Plugin. As the red exclamation mark shows, it is vulnerable and we have seen how to exploit this vulnerability in the sequel I told you about. If you haven’t gone through it, it’s here.

wpscan7

The second plugin is the vulnerable version of Akismet.

wpscan8

wpscan9

The third vulnerable plugin is the WordPress Slider revolution plugin. We will see more about this in our next howto.

wpscan10a

 

 

Another important aspect to find vulnerabilities in the wordpress is its theme.  Now let’s enumerate the theme as shown below. The vulnerabilities present in the theme are given below.

wpscan12

wpscan13

After that let’s enumerate the users in our remote target as shown below.

wpscan14

We can see that the only username in our target. That’s WPscan for you. Hope it was helpful to you and wait for the sequels.

wpscan15

Good Evening Friends. Today our howto is about how to setup OpenVAS in Kali Linux or Kali Linux Sana for that matter. As you already know, OpenVAS is a vulnerability scanner which replaced Nessus vulnerability scanner in Kali Linux. You should already have observed that Nessus is not installed by default in Kali Linux( see here if you are looking how to install Nessus in Kali Linux). Openvas is installed by default in Kali Linux. We just need to configure it to make it available for vulnerability scanning. Let’s see how. Open terminal and type command “openvas-check-setup“. We will use this command  many times from now. The good thing about installation of Openvas is it is very simple. Simple in the sense that it will automatically give the fix for the errors we face in configuring Openvas. As shown below, we will get a error and the “fix” to fix that error just below it.

openvas1

As shown in the “fix” above, type command “openvas-mkcert” . This will create an openvas ssl certificate as shown in the below two images.

openvas2

 

openvas3

The certificate will end like as shown below.

openvas4

When the certificate is successfully created, once again type command “openvas-check-setup” to check the next step in the process. You can see below underlined what our next command is.

openvas5

Type the command “openvas-nvt-sync” as shown below.

openvas6

The process will run and end as shown below.

openvas7

Once again, type command “openvas-check-setup“. It will prompt you the next command to run.

openvas8

Type the command “openvas-mkcert-client -n -i“. This will create a client certificate for the Openvas manager.

openvas9

Once the client certificate is successfully created as shown above, once again check the setup by typing command “openvas-check-setup“. This time it will ask you to create a user as shown below.

openvas10

Type the below command to create a user. Choose your username and password as per your choice. I have chosen “root” and “toor” consecutively.

openvas11

Next type command “openvas-check-setup”. It will ask you to rebuild as shown below.

openvas12

Before rebuilding, start the openvas scanner as shown below by typing command “/etc/init.d/openvas-scanner start“.

openvas13

Then type command “openvas –rebuild” to update the database.

openvas14

Next type command “openvas-check-setup”. 

openvas15

Type command “openvas-scapdata-sync”. This will take a bit long time.

openvas16

openvas17

Once the above process is finished, type command “openvas-check-setup” once again.

openvas18

Type command “openvas-certdata-sync“.  The process will run as shown below.

openvas19

Next, type command “openvas-check-setup” for one last time, hopefully. You will get a message that your OpenVAS installation is OK as shown below.

openvas20

Restart the system and start openvas by typing command “openvas-start“.

openvas21

Open your browser and point it to port number 9392 as shown below. You should get a warning as shown below. Click on “I understand the risks”.

openvas22

This will prompt you with a login screen. Login with the credentials we created above.( Hope you have not forgotten them).

openvas24

Once you login you should see the screen as shown below. Hurrah, you have successfully configured Openvas in Kali Linux. Happy hacking.

openvas25