Hacking Write-Ups

Lab Environment Attacker's Machine - Linux kali 4.18.0-kali1-amd64 #1 SMP Debian 4.18.6-1kali1 (2018-09-10) x86_64 GNU/Linux Vulnerable Machine - Lampião: 1 Proof Of Concept Scanning Phase arp-scan --local (to scan for the machines connected to the network) vulnerable machine IP - 192.168.43.17 Now i will use nmap for further scanning the machine's IP nmap -p -Pn 192.168.43.17 Now i tried to access the IP on port 1898 Further i used nikto for further enumeration Syntax for nikto : nikto -h 192.168.43.17:1898 Useful result : drupal 7 is installed So i tried to search the exploits of drupal 7 on exploit-db , and found the exploit. Exploit : drupalgeddon2 Which is already present in my machine. I fired up msfconsole to use drupalgeddon2 on target machine Syntax to search exploit in msfconsole : search exploit name Now i have to use the exploit Syntax to use the exploit : use exploit/unix/webapp/drupal_drupalg

Reflected or non-persistent XSS: Reflected or non-persistent XSS is when the user input is accepted without any validation. In such cases, the injected code is sent as part of the request and shown in the response. Common locations for reflected XSS are in error messages or search results. Reflected attacks require getting the user to click on the specially crafted URL or injected form. They are usually embedded in phishing emails or hidden through URL shorteners. An example of a reflected XSS attack To successfully carry out a reflected XSS attack, the following conditions should occur: The victim must be willing to initiate some action such as clicking a link, performing a search or some other application-specific function. The victim must be logged into the vulnerable application at the time of clicking the malicious link. Sometimes the attacker is lucky and these conditions do occur. While this is a common vulnerability, it often also requires social enginee

Lab Environment Attacker's Machine - Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2 (2017-11-08) x86_64 GNU/Linux Vulnerable Machine - Mr Robot Proof Of Concept arp-scan --local (to scan for the machines connected to the network) vulnerable machine IP - 172.16.60.162 Scanning Phase   Now i will use nmap for further scanning the machine's IP   nmap -A 172.16.60.162 -Pn   Results : Port 80 is open and HTTP service is active . so i can browse the IP .     Found nothing interesting ,just interface of mr robot . Since http service is active then i decided to find the directories and for that i fired up dirb . Command : dirb http:172.16.60.162 Results : found many directories and     also got directories of wordpress. It was confirmed now that wordpress is used . Important directories from dirb results : http://172.16.60.162/robots.txt                       http://172.16.60.162/wp-l