MAC address spoofing is a technique for temporarily changing your Media Access Control (MAC) address on a network device. A MAC Address is a unique and hardcoded address programmed into network devices which cannot be changed permanently. The MAC address is in the 2nd OSI layer and should be seen as the physical address of your interface. Macchanger is a tool that is included with any version of Kali Linux including the 2016 rolling edition and can change the MAC address to any desired address until the next reboot. In this tutorial we will be spoofing the MAC address of our wireless adapter with a random MAC address generated by Macchanger on Kali Linux. MAC Address Spoofing First we need to take down the network adapter in order to change the MAC address. This can be done using the following command: ifconfig wlan1 down The ifconfig tool will be replaced by iproute2. Use the following command to take down wlan1 with…
Author: Hacking Tutorials
VPN on Kali Linux is strange enough not installed and enabled by default which leaves you with a greyed out VPN option panel and a rather difficult, or at least a not straight forward, set-up process if you don’t know how to install VPN. VPN stands for Virtual Private Network and extends your private network over the internet which will cloak your IP address, bypass censorship and encrypt your network traffic. In this tutorial we will install the necessary packages and setup the popular Golden Frog VyprVPN service in Kali Linux. I’m using VyprVPN from Golden Frog as VPN service for a couple months now on public wireless networks and in foreign countries for example. Their VPN service is fast, reliable and there are many servers/countries to choose from (50+ servers and 200,000 IP addresses). There’s an app for all platforms, including Ios, Android, Windows, Mac and a VyprVPN router app to secure your entire home network. Golden Frog claims…
In the next few tutorials I will explain how to use the different Websploit modules. WebSploit is an open source project for web application assessments. In this tutorial we will be using the websploit directory scanner module and we will add some custom directories. Websploit directory scanner is a script which scans webservers for directories listed in the script and tells you they exist or not. Due to many errors generated by the script, mostly 400 Bad Request errors on existing directories, I have edited the script. the issues causing the 400 Bad Request errors have been fixed now. I’ve also added a verbosity option so you can choose whether you just want to see existing directories or errors too. Code 302 Found is coloured green now instead of yellow. The new script can be downloaded here (save as): Replace the script in the following directory in Kali Linux: /usr/share/websploit/modules/directory_scanner.py Websploit Directory…
This tutorial in the category Wordpress hacking will teach you how to scan WordPress websites for vulnerabilities, enumerate Wordpress user accounts and brute force passwords. Enumerating WordPress users is the first step in a brute force attack in order to gain access to a WordPress account. WPScan has the option to scan a target website to retrieve a list of account names. IN this tutorial we will also look at how to hide usernames from WPScan so you can avoid the enumeration of user accounts and limit the effectiveness of brute force attempts. We will conclude this tutorial with a demonstration on how to brute force root passwords using WPScan on Kali Linux. WPScan is an automated black box Wordpress vulnerability scanner. This tool is a must have for any WordPress developer to scan for vulnerabilities and solve issues before they get exploited by hackers. Together with Nikto, a great webserver assessment tool, this tool should be part of any penetration test targeting…
Tox Ransomware is malware which encrypts your hard drive and demands money in exchange for decryption. After CTB-Locker, Teslacrypt, CryptoWall, Cryptolocker and TorrentLocker, Tox is the new ransomware on the block. Tox is set up as a Ransomware-as-a-service where Tox developers take 20% of the paid ransoms. Tox (or toxicola ransomware) is only accessible over the TOR network and bitcoin is used for pay-outs which keeps users kind of ‘anonymous’. Since it does not require any technical knowledge to set up this ransomware it is expected to be exploited by many users. Tox Ransomeware is a free ransomware-as-a-service kit, easy to set-up because no technical knowledge is required. Access and virus creation through TOR network, no contact details for registration, pay-outs using bitcoin and Tox takes a 20% cut of the ransom. This is a great formula that will lead us to one thing: Trouble! Tox Ransomeware creation Tox ransomware can be easily created on a TOR union website by signing up with…
Nikto is a very popular and easy to use webserver assessment tool to find potential problems and vulnerabilities very quickly. This tutorial shows you how to scan webservers for vulnerabilities using Nikto in Kali Linux. Nikto comes standard as a tool with Kali Linux and should be your first choice when pen testing webservers and web applications. Nikto is scanning for 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers according to the official Nikto website. You should know that Nikto is not designed as a stealthy tool and scans the target in the fastest way possible which makes the scanning process very obvious in the log files of an intrusion detection systems (IDS). Nikto comes with the following features: Features These are some of the major features in the current version: SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s Perl/NetSSL) Full HTTP…
In this tutorial we will be using a Nmap script to scan a target host for SMB vulnerabilities. SMB stands for Server Message Block and does not have a great reputation when it comes the security and vulnerabilities. SMB1 was used in Windows 2000 and Windows XP which allowed null sessions which could be used to retrieve a great deal of information about the target machine. Later versions of SMB were also subject to many vulnerabilities which allowed anything from remote code execution to stealing user credentials. For this reason every penetration test should be checking for SMB vulnerabilities. We will be using NMap scripts to scan a target host for SMB vulnerabilities. The Nmap Scripting Engine (NSE) is on of Nmap’s most powerful and flexible features. With the latest version, nmap 7.0 the scripting engine has been greatly expanded, Nmap 7 contains more than 170 new scripts. Let’s continue this tutorial with scanning for SMB vulnerabilities with Nmap: The frontpage on Samba.org describes Samba as: Since 1992, Samba has…
In this tutorial we will be scanning a target for the well known Heartbleed SSL Bug using the popular Nmap tool on Kali Linux. The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library and was introduced on 31 December on 2011 and released in March 2012. This weakness allows the attacker to steal information protected by the SSL/TLS encryption which is very commonly used to secure internet connections. The official name for Heartbleed is CVE-2014-0160. A fix has been released and deployed by many OS and application vendors but when a vulnerable version of OpenSSL is used or when applications haven’t been patched by the user or vendor, the vulnerability can still be exploited. With Nmap’s SSL-Heartbleed script it takes us just a couple seconds to check for this vulnerability and should be part of any penetration test. Many software applications, web applications and web services have SSL/TLS encryption integrated and have been affected by Heartbleed. These…
In this tutorial we will be using Nmap on Kali Linux to scan and enumerate webserver directories from popular web applications and servers. We will be using the Nmap script http-enum.nse for this purpose. The first step in web application penetration testing is scanning webserver directories for popular web applications so we can see which applications have been installed on the particular webserver and what directories are available. Many applications have known vulnerabilities and attack strategies that can be exploited in order to gain administrator access or to exploit data. Using this Nmap script we can quickly get an overview of those applications with version numbers so we can check vulnerability databases for known vulnerabilities and exploits. The Nmap script parses a fingerprint file and scans the targeted webserver for any matches and also returns the particular version of the web application. In the nselib/data folder there is a file called ‘http-fingerprints.lua’. This file contains all the available fingerprints with a description…
Live hosts detection is a very important tool for every penetration tester and ethical hacking. In this tutorial we are going to use Nmap in Kali Linux to scan the network for live hosts. You can use the command ifconfig to determine which IP range you will be scanning for live hosts. We will be using a ping scan on a range of possible live hosts in our network. Nmap will be pinging each host in this range to determine whether the host is live or not. I this tutorial we will be using nmap for scanning and detecting hosts on the network. Needless to say is that there are many tools available for host detection, also for mobile devices. A very popular mobile app for this purpose is Fing Network Scanner. You can download this app in the Apple app store and in the Google Playstore for Android. Nmap scanning for live hosts…