Hacking Write-Ups

How about taking a look on Port Knocking? Let’s see how we can knock ports in this CTF !! Lab Environment Attacker’s Machine : Linux kali 4.18.0-kali2-amd64 #1 SMP Debian 4.18.10-2kali1 (2018-10-09) x86_64 GNU/Linux Vulnerable Machine : Lord Of The Root: 1.0.1 Now let’s scan our local network to which attacking machine and the vulnerable machine is connected.  Syntax used: arp-scan --local Victim machine: 192.168.59.135 Performing the enumeration of ports and services using nmap. Syntax Used: nmap -A 192.168.59.135 -Pn   Results: Port 22 is open and ssh service is active. Tried connecting to ssh and got some hint to knock ports 1,2,3 Syntax Used: ssh 192.168.59.135 Now performing port scanning again as given in the hint. Syntax Used: nmap -r -p1,2,3 -A 192.168.59.135 -Pn Now, again performing the nmap scan to see if something happened or if we can get the new results. Syntax Used: nmap -p- -A 192.168.59.135 -Pn  Re

Lab Environment Attacker’s Machine : Linux kali 4.18.0-kali2-amd64 #1 SMP Debian 4.18.10-2kali1 (2018-10-09) x86_64 GNU/Linux Vulnerable Machine : Hackme: 1 Let’s start hacking and breach the security of this machine  Scanning Phase : Now let’s scan our local network to which attacking machine and the vulnerable machine is connected.       Syntax used : arp-scan --local                   Victim machine: 192.168.59.133 Enumeration Phase : I used Nmap for further enumeration of ports and it’s services. Syntax Used: nmap -A 192.168.59.133 -Pn  I found HTTP service on port 80. So, I tried to visit the webpage if I can get something useful. Found LoginPage. Now, It’s time to signup for the account. Logged in using the username and password. Entered the search term paras to capture the request in burp. Saved the above request in text file as sql.txt and saved to Desktop and using sqlmap to extract the

Lab Environment Attacker’s Machine : Linux kali 4.18.0-kali2-amd64 #1 SMP Debian 4.18.10-2kali1 (2018-10-09) x86_64 GNU/Linux Vulnerable Machine : Kioptrix: level 1.1(#2) Let’s start hacking and breach the security of this machine  Scanning Phase : Now let’s scan our local network to which attacking machine and vulnerable machine is connected.       Syntax used : arp-scan -l                   Victim machine: 192.168.113.130 Enumeration Phase : I used Nmap for further enumeration of ports and it’s services. Syntax Used: nmap 192.168.113.130 -Pn  I found HTTP service on port 80. So, I tried to visit the webpage if I can get something useful. Boom !! Found Login Page. Authentication Bypass should be the first approach to bypass login page. Query Used: 1’or’1’=’1 (Query used in Username and Password field) With this got an entry in the panel and prompted with a page asking to ping a machine on the network. To test