Hacking Articles is an article/guides about basic hacking and any topics related to Hacking/Technology.
This was written by Rovic Balingbing a.k.a. Baby Esue, it consists of 30 parts, this "Hacking Articles" consists of some articles, guides, tutor...
[Disclaimer: The content of this article is for educational purposes only. It was written to help readers test their skills on using computers and/or Kali Linux and share knowledge about Kali Linux to the users. The writer of this article/guide take no responsibility for actions resulting from the inappropriate usage of informations contained of this article/guide.]
Here we go again guys and now let's talk about the exploitation tools that we can use in Kali Linux, I hope you will learn something from my article about the exploitation tools that we can mostly see in Kali Linux.
Metasploit
-This one is a product of Rapid7 and most of the resources can be found on their webpage . Metasplot was available in two versions – commercial and free edition.
As an Ethical Hacker, you will be using 'Kali Distribution" which has the Metasploit community version embedded, along with other ethical hacking tolls which are very comfortable by saving time of installation.
Paano ng aba gamitin ang Metasploit?
Step 1: Buksan ang Metasploit console sa Kali. Then, pumunta sa Applications -> Exploitation Tools -> Metasploit.
Pagkatapos nito magstart, makikita mo kung anong version ng Metasploit ang gagamitin mo.
Sa console naman, kapag ginamit mo ang help o ? na symbol, ipapakita nito ang ilang mga commands ng Metasploit na mayroonng mga deskripsyon.
Another command administration command is "msfupdate" na makakatulong sa iyo para iupdate ang Metasploit mo. Mayroon din siyang command for searching. The command is "msf >search name:Microsoft type:exploit" na kung saan ang "search" ay ang command, "ang "name" ay ang pangalan ng object na hinahanap natin at ang "type" ay ang uri ng script na hinahanap natin. (Medyo mahirap siyang unawain pero kakayanin yan hehe, parang bible lang yan na kapag inulit-ulit ay maaintindihan mo rin.)
Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.
Mayroon ding command na nagpoprovide ng mga impormasyon tungkol sa module o platform kung saan ito ginamit, sino ang author, ang vulnerability reference, at ang payload restriction na meron ito.
Armitage
-Armitage GUI for Metasploit is a complement tool for Metasploit. It visualizes targets, recommend exploits, and exposes the advanced post-exploitation features.
How can we use this one?
Step 1: First, you need to open the Metasploit console, then open Armitage by going to Applications -> Exploit Tools -> Armitage.
Step 2: Click the "connect" button.
When it opens, you will see the following screen.
Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.
Armitage is user friendly. The are "Targets" lists all the machine that you have discovered and you are working with, the hacked targets are red in color with a thunderstorm on it.
Step 3: After you have hacked the target, you can right right-click on it and continue exploring with what you need to do such as exploring (browsing) the folders.
Note: In the following GUI, you will see the view for the folders, which is called console. Just by clicking the folders, you can navigate through the folders without the need of metasploit commands.
On the right side of the GUI, is a section where the modules of vulnerabilities are listed.
BeEF or Browser Exploitation Framework
-It is a penetration testing tool that focuses on the web browser. It allows the professional penetration tester to assess the actual security posture of a target environment using client-side attack vectors.
But you need to update the Kali Package for this to work using some command:
"root@kali:/# apt-get update
root@kali:/# apt-get install beef-xss"
To start using BeEF, use the command:
"root@kali:/# cd /usr/share/beef-xss
root@kali:/# ./beef "
Then you need to open your browser and login with username: beef and password: beef.
The BeEF hook is a JavaScript file hosted on the BeEF server and it need to run on client browsers. It calls back to the BeEF server communicating a lot of information about the target and also allows additional commands and modules to be ran against the target.
To attack a browser, include the JavaScript hook in a page that the client will view. There are many ways to do that, but the easiest one is to insert the following codes into a page and somehow get the client to open it.
(* <script src=""> </script> *)
Once the page loads, we need to go back to the BeEF Conteol Panel and click "Online Browsers" on the top left. After a short period of time, you should see your IP Address pop-up representing a hooked browser. Hovering over the IP will quickly provide information such as the browser version, operating system, and what plugins are installed.
But can we remotely run this one? Yes, we can, by clicking "Owned" host, then, on the command click the module that you want to execute, and click "Execute"
Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.
Linux Exploit Suggester
-This one suggests possible exploits given the release version "uname -r" of the Linux Opearing System.
Note: 3.0.0 is the kernel version of Linux OS that we want to exploit.
That's it for today, again guys, thanks for reading this article even it was hard to understand for a normal people, but I hope you learn something today and don't forget to follow this group and subscribe for more articles that will be posted here. Thanks!!
