Hacking Articles is an article/guides about basic hacking and any topics related to Hacking/Technology.
This was written by Rovic Balingbing a.k.a. Baby Esue, it consists of 30 parts, this "Hacking Articles" consists of some articles, guides, tutor...
Step 3: Choose one of the Options, in this case i choose "No, I do not want to persist this session at this moment in time" then click "Start".
Following web is a metasploitable with IP: 192.168.1.101
Step 4: Enter URL of the testing web at "URL to attack" -> click "Attack".
In the left panel "Alerts", you will see all the findings along with descriptions.
Step 5: Click "Spider" and you will see all the links scanned.
3. Database Tools Usage
*sqlmap
- It is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via aout-of-band connections.
How to open and use this one?
Step 1:To open sqlmap, go to Applications -> 04-Database Assessment -> sqlmap.
Step 2: To start the sql injection testing, type "sqlmap – u URL of victim"
Step 3: From the results, you will see that some variable are vulnerable.
Oops! Ang larawang ito ay hindi sumusunod sa aming mga alituntunin sa nilalaman. Upang magpatuloy sa pag-publish, subukan itong alisin o mag-upload ng bago.
*sqlninja
-is a SQL injection on Microsoft SQL Server to a full GUI access. It is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Fore more info, go to http://sqlninja.sourceforge.net/
How to open and use it?
Step 1: To open sqlninja go to Applications -> 04-Database Assesment -> sqlninja.
4. CMS Scanning Tools
*WPScan
- It is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.
How to open and use it?
Step 1: To open WPscan go to Applications -> 03-Web Application Analysis -> "wpscan".
Step 2: To scan a website for vulnerabilities, type "wpscan –u URL of webpage".
Note: If the scanner is not updated, it will ask you to update. I will recommend to do it.
Once the scan starts, you will see the findings. In the following screenshot, vulnerabilities
are indicated by a red arrow. (Picture Below.)
Oops! Ang larawang ito ay hindi sumusunod sa aming mga alituntunin sa nilalaman. Upang magpatuloy sa pag-publish, subukan itong alisin o mag-upload ng bago.
*Joomscan
-Joomla is probably the most widely-used CMS out there due to its flexibility. For this CMS, it is a Joomla scanner. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla sites.
How to open and use it?
Step 1: To open it, just click the left panel at the terminal, then "joomscan -> parameter"
Step 2: To get help for the usage type "joomscan /?"
Step 3: To start the scan, type " joomscan –u URL of the victim".
Results will be displayed as shown in the following screenshot. (Picture Below)
Oops! Ang larawang ito ay hindi sumusunod sa aming mga alituntunin sa nilalaman. Upang magpatuloy sa pag-publish, subukan itong alisin o mag-upload ng bago.
5. SSL Scanning Tools
*TLSSLed
- It is a Linux shell script used to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the "openssl s_client" command line tool.
The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities.
To start testing, open a terminal and type "tlssled URL port". It will start to test the certificate to find data. and results will pop up.
6. w3af
-It is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities. This package provides a Graphical User Interface (GUI) for the framework. If you want a command-line application only, install w3af-console.
The framework has been called the "metasploit for the web", but it's actually much more as it also discovers the web application vulnerabilities using black-box scanning techniques. The w3af core and its plugins are fully written in Python. The project has more than 130 plugins, which identify and exploit SQL injection, cross-site scripting (XSS), remote file inclusion and more.
How to open and use it?
Step 1: To open it, go to Applications ->03-Web Application Analysis –> Click w3af.
Step 2: On the "Target" enter the URL of victim which in this case will be metasploitable
web address.
Step 3: Select the profile -> Click "Start".
Step 4: Go to "Results" and you can see the finding with the details.
And now we are done guys, hope you learned something, it was just like the old days but a nevermind it. It was all English guys so i know that you can have an headache hehe but just read it guys and you can actually say that it was so easy to understand. See you again guys! BYE!!
