Minggu, 19 Juni 2016

Websploit

Websploit is a tool to do many things, from attacking, sniffing, an others even though the module is not really as many as metasploits. This is what websploit looks like.

Websploit

From the display, it is similar like metasploit. Let's take a look for the modules.

Websploit modules

As you can see, websploit divides into 4 modules and it is very few compare to metasploit. For now, i only use network/mitm (Man In The Middle attack). Basically to describe Man-In-The-Middle attack, it is like the source communicate with the target, but the third person comes and eavesdropping the conversation without knowing there is a third person for the source and the target (knowing as "Intercept").

Let's back to the topic, so i choose network/mitm and to know what to do next, enter "show options".

network/mitm

Before i continue, i choose my win 2000 as the target machine and the ip address is 192.168.59.129.

win 2000

Using "show options", you can see the interface, router, target, sniffer and ssl. There are 4 types sniffer but this time i choose urlsnarf.

To start the tools, enter "run".

Back to my win 2000, now i open my Opera and i go to 9gag.com.

9gag.com in Opera using win 2000

Now back to my Kali Linux and see what is change.

We can see now there is some change in here. From that data, we can know that the target is using Opera 9.80 Presto 2.6.30 version 10.63, open 9gag website and using OS windows. Let's try another website and this time i use detik.com.

detik.com

Then go back again and see what happen.


So this time there are so many information and because of that i only capture 2 pictures. Because we are using same OS, most of the previous information is same except the site, which is detik.com.

Now let's do other thing using network/webkiller.









For the target, i use vacationet.com.


vacationet.com

As usual, show options and change the target.

Last, we start to attack.

When i try to visit the web again, nothings happen. I assume because i don't have enough computer to attack the target.


target still alive

So that's some websploit modules and remember to use it wisely.

Reference:
http://tools.kali.org/web-applications/websploit
Diposting oleh di Tidak ada komentar:

Kamis, 16 Juni 2016

HTTRACK

httrack is a tool to copy the website to your computer and from there you can search any information offline, like for example search any critical data that useful for attacking or for social engineering.

Let's go to the kali linux and click application > 03 - Web Application Analysis > httrack.


When you run them, it is looks like this.


To get more information, i use "--help" and i capture the common options to use.


The syntax to use httrack is httrack <URLs> [-option] [URL_FILTER].
For the website, i use http://www.webscantest.com/ for the test and this is the result. Remember if the website is contain lots of data or information, the process will goes longer.

 httrack webscantest.com


Some files and folders from webscantest.com

Because i put the destination file in root, this is the result (not tidy). First, i want to check the log file.



From the result, i get 53 errors and 48 warnings. Then i check the cookies.


Here i get 2 cookies for NB_SRVID and TEST_SESSIONID. Then i check the webscantest.com folder.


Because there are so many of them, i only choose some to be shown. First, i open 2 index.html (from that directory and xmldb directory) and this is the result.

home page

index.html from xmldb folder

Notice that the URL is different from the original one. Last one, i want to check only one of any folder that is written in leafpad, but when i try to open one, there is nothing because of the errors and warnings that i get before.

The conclusion is using httrack, we actually can get any critical information from the target website as long it is not get lost of errors and warnings message for log file.

Reference:
http://null-byte.wonderhowto.com/how-to/hack-like-pro-clone-any-website-using-httrack-0152420/
Diposting oleh di Tidak ada komentar:

Deep Web

You all know what is website and people usually use it anywhere and anytime. It all based from Internet. But did you know that anything that we explore is not 100%? Because there is another web that we not explore everyday and it is located deeper than our usual website. It is called "Deep Web". What we explore is called surface web and it is actually less than 10%!



Deep web or Dark Web is a network that is encrypted and usually use Tor if you want to open it. Generally it is used for any illegal activities, like drugs selling, hire hitman and so on. But before that, remember to open it with your risk and always use Tor to hide your identity or you will be trouble.

Why use Tor? Because Tor allow user to publish website without reveal their location. Also if you notice they website usually use encrypted link.

The Hidden Wiki

From that picture, we cannot know what is the name of the website from the link until we see more detail like above and guess it and Tor can access it with .onion in the end.

It is very important when we explore deep web. Using normal browser will end up to lose some of your account, money, exposed and get virus and so many bad things will happen to you. So if you want to explore deep web, explore it with your own risk and do not do anything that ridiculous.

Reference:

Diposting oleh di Tidak ada komentar:

Ransomware

Ransomware is a type of malware that has unique things. It will encrypt our data and we cannot access it unless the user pay the ransom to get the data into original again. But, by paying the ransom doesn't guarantee that we will get the data back, it's depend from the attacker. If the ransom attack the system's hard drive, it will be very hard or impossible to decrypt it.

This is what the file looks like when the user attacked by ransomware.

.cerber (Ransomware)

.crypt (Ransomware)

There are 2 types of ransomware: encrypting and non-encrypting. 

Encrypting ransomware starts in 1989 and known as "AIDS" Trojan at that time. The attack is similar like nowadays, encrypt the data and need to pay some money in order to receive back the data. But, the first one use a license reason to attack by saying the licence is expired. The malware still going on and evolve until now. One of the well known ransomware attack is CryptoLocker, 

CryptoLocker

The way CryptoLocker attack is from email attachment and usually targeting Windows user. When the user click that malicious attachment, the malware will encrypt the file and show a message that if the user want to decrypt the data, they must do the payment using bitcoin or voucher in limited time. If they cannot do it, the key for decrypt will be deleted by the attacker and the file cannot be recover anymore.

Non-encrypting ransomware starts in 2010 and at that time it known as WinLock. From the type of attack, we know that the attack did not encryp the data, it restrict access to the system and show pornographic stuff. To get the access to the system again, they must send a SMS that cost more than normal price to get the decrypt key.

WinLock

Nowadays, the ransomware evolve into one of the most dangerous malware and luckily, we actually can recover some type of ransomware attack,like HitmanPro.Alert, BitDefender Anti Crypto Vaccine and Anti-Ransomware and so on. 

It is not really hard to prevent it, but sometimes human can make mistake and not suspicious enough for any suspicious things like email attachment that looks promising but actually contain some malware and so on.

To prevent your data from ransomware, always back up your data frequently. So if one day your pc get attacked by ransomware, you already have the back up data and no need to worry about the data that already encrypted. Also use some software to recover any data from ransomware even though it only works for some type of ransomware.

Reference:
http://www.trendmicro.com/vinfo/us/security/definition/Ransomware
https://www.techsupportall.com/best-anti-ransomware-software/


Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)