keskiviikko 21. lokakuuta 2015

Hacking with Kali Linux

I was curious about hacking things and the so called "dark side of the internet" so I installed Kali linux to my virtualbox and checked out few things.

Finding website admin panel with dictionary scan

So first thing I wanted to check is how you can find admin panels. In every content management systems (CMS) there must be admin panel to login and maintain it. So I found perl script that scans target site with different admin panel names. Unfortunately this is so called dictionary attack and if the name doesnt happen to be in the list, it wont find anything.

Open up your Kali linux and download this file:

CD to your download folder and just run:


and it will launch. Then the script will ask the target site, type your site and enter.

Then we can see the script checking possible admin panel locations.

You have to wait for the script to finish to see the results unless you can spot status: found from the output stream. This is very simple tool to find admin panel, but it is a weak dictionary tool. This is not even hacking, cracking what so ever. I would say it is a tool.

How to generate a password list

When hacker is bruteforcing in to a system, it basically means to try every possible combination of numbers, letters and special marks that are defined. For that we need to create a list of those words. Linux can generate these files with a tool called crunch. 

type in: crunch 4 4 123456 > passwords.lst

The first number means how long the password should be atleast (minimum). Second number is how long it should (maximum) and then I have defined combinations with numbers 123456 and put them to a file called passwords.lst. Now this command will create every single possible combination of 123456 length of four. 

As you can see we have different combinations in a list. Try next crunch 2 2 abcd > passwords2.lst
to explore how this works.

Then we have all the combinations with abcd length minimum and maximum 2

Crunch is a tool to create password lists for bruteforce attacks which can take very long time. You can also download most used password lists by googling a little bit.

Password attack with Hydra to basic authentication

Now if you have website which has basic authentication you could create a massive list of words and then "bruteforce" yourself in to that site. Other way is to download ready made password list to speed up things a little bit, you can find some here:

Basic authentication box will look like this:

Give command:

hydra -L accounts.txt -P passwords.txt

-L gives account list as parameter and -P option gives the password list. Then hydra will try every combination with the words in the lists. 

And the account + password combination in my list matched. I have successfully logged in.

SQLmap injection tool

if PHP page url looks like this: page.php?id=1 you can try if the page is vulnerable to sql attacks by adding ' to the end of url like'

If the answer you get is: "You have error in your sql syntax" the page is vulnerable to attacks. 

Simple command to find out databases is: sqlmap -u --dbs 
This will try different sql injections and list all the databases available.  

And as you can see, I found vulnerable website. Now I know their technology and what databases they have. This is just short demonstration what you can do with this tool.

To continue checking what is inside this table use command:

sqlmap -u -D information_schema --tables

This will check what is inside information_schema table.

Scanning email addresses with harvester

If you want to do email scan using search engines there is a tool called "theharvester". Fire up your Kali Linux and type theharvester to get information about the app.

You can scan emails with command theharvester -d -l 50 -b all

From the information we can find that -d is the url we are searching. -l is the amount of results we look and -b is the search engine if I understood this correctly. After scannin my own site I have found 3 email addresses, but none of them is real. 

Using Hydra to hack login form

To attack login form you need: passwordlist and usernames list. User command:

hydra -L usernames.txt -P passwords.txt http-get-form "/index.php:admin_username=^USER^&passwordfield=^PASS^:Denied"

-L is the usernamelist, -P is password list. http-get gets the right page, then comes the username field we try to hack, then password field and after : we put a word that hydra will be looking if the login is denid. 

Cracking Wlan passwords with reaver

Will continue this later probably...

airmon-ng start/check/stop
airodump-ng wlan0mon
wash -i wlan0mon -C
reaver -i wlan0mon -b BSSID --fail-wait=360

airodump-ng -bssid -c 6 --write/root/Desktop/crack-wpa wlan0mon

Free VPN with vpnbook and openvpn, how to use with Linux

VPN the tool for everyone who wants to be anonymous on the internet! I am happy that there is a place called which is 100% free.

Start by surfing to and download for example  Euro1 OpenVPN Certificate Bundle to your Linux computer. It will be a zip file, so extract it somewhere in your system.

Next install openvpn client. sudo apt-get update && sudo apt-get install openvpn 

This will update your repositories and install openvpn client. Then CD to the folder where you have extracted the certificate bundle. To start VPN use command:

sudo openvpn --config vpnbook-euro1-tcp443.ovpn for example. It will ask username and password which you can find here:

Then just type in the credentials and wait few seconds. After that try geolocation finder and you can see your IP and country has changed! Notice that the command needs to be run with sudo in order to work.

You need to leave terminal open as long as you want to run the VPN. To close connection hit

I am originally from finland, but after VPN tunnel my location is:

Also notice that the certifications and passwords may change occasionally, so always keep them updated.

Backup your home server to usb hdd

I needed to take backup of my server and wanted to take whole disk. I found this useful tool called dd packed out of the box in linux debian server.

Check which one you want to put in image file: sudo fdisk -l

Here we can see that I have /dev/sda as my main partition. Then to backup it on usb HDD find where your usb device is located. Usually it is under /media

Then just give simple DD command:

sudo dd if=/dev/sda of=/media/usb0/backup.img

This will create .img file as big as your hard drive is, so for example my dev/sda is 120gb so it will create 120gb .img file. So make sure your usb hdd has enough free disk space.

Second thing to note is that the program will run as long as it takes, for example 160gb hdd backup took 80 minutes for me. You need to leave the terminal open for that time. You can monitor the progress by checking the file size with: ls -l /media/usb0/ and spamming that command you can see how big the file is. There is no verbose option as far as I know.