All posts for the month February, 2016

Good Evening friends. Today we will see how to hack passwords of Dlink routers on the internet and we are not talking about password cracking although we will see that also in the future. Uffff, that was a very long sentence. Ok , now let’s see how to hack passwords of remote Dlink routers, but wait there’s a catch. This howto will only work on Dlink routers having version dir 645. Now if you’re thinking who still uses that version, then you should just shhhhooodaaaan. Start Metasploit and load the “auxiliary/admin/http/dlink_dir_645_password_extractor” exploit as shown below.


It’s always good to see the information about our exploit as shown below.


Now set the RHOST option( i.e the IP address of our target, you will get this from shodan). Change the port to 8080.


Now execute the exploit by typing command “run”. The exploit will run as shown below. Don’t worry about the errors we get as our exploit has already finished its job and saved the passwords of routers into a file.


Now let’s open the file. Copy the path of the file from above. Use any text editor to open the file. Below I have used gedit.


The file will open as shown below. We can see the credentials underlined ( by me ). So it says the username is admin and password is empty. Now let’s check it out.


Open your browser and go the router address as shown below. The router login page should open.


Without entering any password, click on Login. You should get access to the router as shown below.


That’s all folks for today. Happy Hacking.

NOTE: This howto is a part of a series of Metasploitable Tutorials but can also be read separately.

Good morning friends. In one of our previous howto’s, we saw how to install OpenVAS in Kali Linux. Today we will see how to perform a vulnerability assessment with OpenVAS. The target on which I have performed this vulnerability assessment is Metasploitable. Start Kali Linux ( The system on which we have installed OpenVAS,,, obviously). Open a terminal and type the following commands as underlined below.


Then  open a browser and direct the browser to port no 9392 as shown below. You should get the following interface.


We will perform a quick scan. In the blank given, enter the IP address of our target as shown below and click on “Start Scan” as shown below.



The scan will run as shown below. It will take quite a bit of a long time. So I would suggest you go and eat some pani puri and come back.


Once you are back, the scan should be finished and will look as shown below. Click on the link shown below.


You should get a general summary of the scan.


Now let us see the scan report. Go to “Scan Management” tab and click on Reports as shown below. It will show you a list of scans we performed. In our case, there is only one scan.


Now click on the scan as shown below.


This is our entire scan report with all the vulnerabilities existing in our target classified from high to low.





In our next howtos, we will see how to exploit all these ( which means most of them ) vulnerabilities. Until then, Good bye.

Good Evening friends. Hope you’re fine. After focusing on Joomla for some time, with this howto I have decided to focus on another popular CMS, that is WordPress. This howto is a pre-prequel to one of my articles on how to hack wordpress right here. This howto will have two other sequels and watch out for some easter eggs in this howto. ( Mind my talk about sequels,prequels and easter eggs, but did I tell you I am a big Marvel fan). Ok, ok, ok. Now let’s begin. The tool we will use here is called WPscan. WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues and also for enumeration. It is by default installed in Kali Linux Sana. Now open a terminal and update our tool by typing command as shown below.


To scan a wordpress website, you have to give the url as shown below. For this howto, I am using a local installation of wordpress as target.  Assign the target as shown below. The scan will start as shown below.


Here are the screenshots of result of this scan. . As you can see we have  13 vulnerabilities in the present installation and the vulnerabilities are given below.




One of the easiest ways to hack a wordpress site is to exploit the plugins installed in the target as most of the wordpress vulnerabilities nowadays exist in the plugins installed on it. So it is very important to enumerate the plugins installed on our wordpress target. We can enumerate the plugins using the “enumerate” option as shown below.


The scan result will be as shown below.( And there you have the first easter egg). So totally we found four plugins. The first one is Ajax Load More Plugin. As the red exclamation mark shows, it is vulnerable and we have seen how to exploit this vulnerability in the sequel I told you about. If you haven’t gone through it, it’s here.


The second plugin is the vulnerable version of Akismet.



The third vulnerable plugin is the WordPress Slider revolution plugin. We will see more about this in our next howto.




Another important aspect to find vulnerabilities in the wordpress is its theme.  Now let’s enumerate the theme as shown below. The vulnerabilities present in the theme are given below.



After that let’s enumerate the users in our remote target as shown below.


We can see that the only username in our target. That’s WPscan for you. Hope it was helpful to you and wait for the sequels.


Good Evening Friends. Today our howto is about how to setup OpenVAS in Kali Linux or Kali Linux Sana for that matter. As you already know, OpenVAS is a vulnerability scanner which replaced Nessus vulnerability scanner in Kali Linux. You should already have observed that Nessus is not installed by default in Kali Linux( see here if you are looking how to install Nessus in Kali Linux). Openvas is installed by default in Kali Linux. We just need to configure it to make it available for vulnerability scanning. Let’s see how. Open terminal and type command “openvas-check-setup“. We will use this command  many times from now. The good thing about installation of Openvas is it is very simple. Simple in the sense that it will automatically give the fix for the errors we face in configuring Openvas. As shown below, we will get a error and the “fix” to fix that error just below it.


As shown in the “fix” above, type command “openvas-mkcert” . This will create an openvas ssl certificate as shown in the below two images.




The certificate will end like as shown below.


When the certificate is successfully created, once again type command “openvas-check-setup” to check the next step in the process. You can see below underlined what our next command is.


Type the command “openvas-nvt-sync” as shown below.


The process will run and end as shown below.


Once again, type command “openvas-check-setup“. It will prompt you the next command to run.


Type the command “openvas-mkcert-client -n -i“. This will create a client certificate for the Openvas manager.


Once the client certificate is successfully created as shown above, once again check the setup by typing command “openvas-check-setup“. This time it will ask you to create a user as shown below.


Type the below command to create a user. Choose your username and password as per your choice. I have chosen “root” and “toor” consecutively.


Next type command “openvas-check-setup”. It will ask you to rebuild as shown below.


Before rebuilding, start the openvas scanner as shown below by typing command “/etc/init.d/openvas-scanner start“.


Then type command “openvas –rebuild” to update the database.


Next type command “openvas-check-setup”. 


Type command “openvas-scapdata-sync”. This will take a bit long time.



Once the above process is finished, type command “openvas-check-setup” once again.


Type command “openvas-certdata-sync“.  The process will run as shown below.


Next, type command “openvas-check-setup” for one last time, hopefully. You will get a message that your OpenVAS installation is OK as shown below.


Restart the system and start openvas by typing command “openvas-start“.


Open your browser and point it to port number 9392 as shown below. You should get a warning as shown below. Click on “I understand the risks”.


This will prompt you with a login screen. Login with the credentials we created above.( Hope you have not forgotten them).


Once you login you should see the screen as shown below. Hurrah, you have successfully configured Openvas in Kali Linux. Happy hacking.