Selasa, 20 Mei 2014

Phishing Attack Using SETOOLKIT

     Phishing an attack that intended to acquire private information such as user name, password, credit card detail, etc. The most common way of phishing attack is make a "fake" site that require you to login to those "fake" site. After you login, your input such as user name and password will be recorded or key logged by the hacker.

     This time I will explain how to make "fake" website using setoolkit. In Kali Linux, setoolkit is already installed so to run it just open the terminal and type setoolkit. In case you can't run it, use 
su - root first to attain root privilege. 

     This is the main menu of :

Input 1 and hit enter to select Social-Engineering Attack :


Input 2 and hit enter to select Website Attack Vector, after that input 2 and hit enter again to select the harvester attack. After that you will be prompted to enter the host IP address for the "fake" website. In this image below, I inputed my Kali Linux IP 192.168.5.131. Hit enter again and you will be prompted to input the URL of the "real" link to be cloned by setoolkit and the view will be like below image. YOU HAVE TO KEEP THIS TERMINAL RUNNING AND DON'T STOP THE SETOOLKIT  :

Now open the "fake" page in other VM (I used my XP) and it will just like real Facebook login page:

Note the IP is my Kali Linux IP and not the real URL Facebook.com. Next i tried to input random user name and password. I used test@test.com for username and testiest for password :

And when I submitted the user name and password this is what will happen in setoolkit terminal :


Every input is recorded by the terminal. The user name and password is perfectly key logged.

So with this in mind I will advice you to be careful when you get an e-mail that redirect you to such website and prompt you to log in. Please check the URL of the website first and DO NOT OPEN LINK PROVIDED BY UNKNOWN SENDER !
Diposting oleh di Tidak ada komentar:

Selasa, 13 Mei 2014

How to Know Open, Closed, Filtered Port from Wireshark Packet Capture


In port scanning there are 3 port status, open, closed, filtered port.

Open port means the port is open and running a service for the machine.

Closed port means the port is close and not running any services.

Filtered port means that your probe to these specific port is filtered or dropped by the firewall.

For this test, I used mmap -F 172.16.128 command to scan fewer port to only show you guys the result in wireshark.

This is the result of closed port in wireshark :

As you can see, there are many SYN request to the target port and the target port immediately reply with RST,ACK. From this result we know that the port is closed.

This is the result of open port in wireshark :


From this wireshark packet capture, you can see at packet number 63 sent a SYN packet to http port of the target. At Packet number 65, the target http port sent a SYN,ACK reply which means the port is open and running a service.

And this is the result of filtered port in wireshark :


There is no reply at all from the target machine. This means the probe packet we sent is not even reach the target port because the packet is dropped by the firewall.
Diposting oleh di Tidak ada komentar:

Zenmap, GUI version of NMAP

NMAP is a tools used to gathering information on your target. NMAP can give you a lot of your target such as open port, target OS, target database, etc. NMAP is a very powerful tools because it has so many modes that can be used for scan the target which will give you ability too fool firewall, etc.

Zenmap is an NMAP with Graphical User Interface(GUI) support for easier use. To execute Zenmap in Kali Linux it is very simple. It is recommended to run Zenmap by using root privileges or some NMAP scan will not be available.

This will pop-up if you're not running Zenmap using root privileges :


And this is the fully running Zenmap will look like :

Notice in this Picture, I used my windows XP Virtual Machine(172.16.1.128) as the target. And we can select a scan profile. This scan profile will provide us with NMAP scan command. Here are some of the Scan Profile :

Intense Scan


-T4 : Scan Timing Mode 4 (See Description Below)
-A : Enable OS detection, Version Detection, Script Scanning, and traceroute
-v : Verbose mode, it will give detailed info of what the mmap is currently doing

Intense Scan with all TCP port scanned


-p 1-65535 : Scan the port range from port 1 to 65535
-T4 : Scan Timing Mode 4 (See Description Below)
-A : Enable OS detection, Version Detection, Script Scanning, and traceroute
-v : Verbose mode, it will give detailed info of what the mmap is currently doing

Quick scan

-T4 : Scan Timing Mode 4 (See Description Below)
-F : Fast Mode, will scan fewer port than the regular scan


If you notice, all of the scan above use -T4 which is Timing Mode 4. You can use from -T0 to -T5 (but only one at a time), and here are the description:

-T0 : Paranoid Scan
-T1 : Sneaky Scan,
-T2 : Polite Scan
This Scan will slow down the scan to use less bandwidth and target machine resources. This modes is used in IDS evasion.

-T3 : Normal Scan
This is the default scan used by NMAP if the timing mode is not declared in the command.

-T4 : Aggressive Scan
This Scan will speed up the scan with assumption that you are in a reliable network

-T5 : Insane Scan
This mode will scan with assumption that you are on a extremely fast network and willing to sacrifice accuracy for speed


Diposting oleh di 1 komentar:
Langganan: Postingan (Atom)