When trying to exploit some website using sqlmap, its a good idea to be anonymous. Sqlmap has excellent support for using common proxies or tor. First start tor and ensure that it is running the socks5 daemon on port 9050. Then use the socks5 proxy with sqlmap as follows # ./sqlmap.py –tor –tor-type=SOCKS5 -u "http://www.hackable.org/view_section.php?id=10" The above command uses tor with type SOCKS5. The –tor option by default tries to use the HTTP proxy instead [...]

Backtrack, the most popular linux distro for penetration testing, does not have tor by default. Hmmm, so we have to install it in it. Start a terminal and type the following commands to install tor quickly on backtrack. Check release First check your backtrack release version. Its based on ubuntu. root@bt:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 10.04.3 LTS Release: 10.04 Codename: lucid Check the codename, in this case [...]

Using search engines as a hacking tool Google hacking involves using special search terms in the google search engine to narrow down the search results to something very specific. Hackers use it to find vulnerable or exploitable websites, servers and confidental/sensitive data that got exposed to the internet due to poor security. Google search supports several advanced operators that can be used to search specific parts of a webpage like its title, url, domain name, [...]

Sqlmap is the most popular tool for automated exploitation of sql injection vulnerability and database takeover. Its written in python is cross platform. If you are using Backtrack then sqlmap comes pre packaged in it. In this post I am going to show you the simple process to setup and run sqlmap on windows. Download and install python Since sqlmap is written in python, the first thing you need is the python interpreter. Download the [...]

Out of the many useful auxiliary modules that metasploit has, one is called search_email_collector which searches google, bing and yahoo for email addresses associated to a particular domain. This is useful in automated information gathering during a penetration test program. The location inside msfconsole is auxiliary/gather/search_email_collector So lets try it out. Launch msfconsole. I am using backtrack. In backtrack msfconsole can be directly launched from the console or the menu Backtrack > Exploitation Tools > [...]

In a previous post we saw how to exploit remote windows machines using and doing some social engineering on the user. In this post we shall try a similar hack using the social engineering toolkit. Social engineering toolkit (SET) is an exploitation framework for social engineering attacks like phishing etc. Launch SET. In back track it can be found in BackTrack > Exploitation Tools > Social Engineering Tools > Social Engineering Toolkit > set. Or [...]

Google Hacking Google hacking is about searching the google search engine of things that are not supposed to be publicly seen. These could include files, data, other sensitive information and even access to hardware devices like webcams. In this post we are going to see how easy it is to find online webcams that are accessible over the internet (ofcourse due to wrong network configuration by their IT guys). Most webcams provide a web based [...]

Signed Java Applet exploit In this demonstration of metasploit we shall see how to hack almost any kind of windows machine using the signed java applet technique. This is a social engineering attack that would require the victim to open a url and allow the java applet to run in the browser. This exploit works in any browser but requires the java plugin to be installed. Technically it is not a exploit, just a bad [...]

In this post I am going to show you, how to discover windows machines online. These windows machines are desktop users connected to the internet. Many windows versions are known to have vulnerabilities that can be exploited with metasploit by just using the ip address of the system. So the first step would be to find out such machines if any. SMB version scanner Metasploit has an auxiliary scanner module for scanning the samba service [...]

Ping Sweep Ping sweep is the process of pinging an entire range of network ip addresses to find out which ones are online or alive. Nmap is an excellent tool to do this quickly and effectively. Here is the command $ nmap -sP 192.168.1.1-255 Starting Nmap 6.00 ( http://nmap.org ) at 2013-04-16 18:16 IST Nmap scan report for 192.168.1.1 Host is up (0.0079s latency). Nmap scan report for 192.168.1.92 Host is up (0.010s latency). Nmap [...]