Long Live Game

I didn’t notice that I accidentally skip some of the lecture to try and summed up. Specifically Lecture 5 and 6. It’s not like I haven’t done it. In fact, I did your exercise for this lecture. But I haven’t make a summed up version of this lecture yet.

In this Lecture, our goal will be to try to Enumerate our target. For this one, we don’t need to have Kali Linux, we only needed Windows command prompt because it was used for enumerating Windows OS.

Enumeration is used to collect information about shares on the network, User names signed to the network, and last time user is logged on.

Alright, let’s try to enumerate an IP address. We will be using nbtstat command for this. Let’s see what nbtstat has to offer.

We will try the nbtstat -A [IP address] first. Here is the result.

On the Wifi, it shows a NetBIOS Remote Machine Name Table. But what is NetBIOS? NetBIOS is stands for Network Basic Input Output System. It was a programming interface and it allows computer communication over a LAN (Local Area Network).

On the table there is some numbers beside the name. It was called suffixes. It was used to describe what the services is.

<00> is the Workstation service registered the computer name, or in other words NetBIOS name.

<20> is registered by the server register. The computer must has this service so they could share printers or files.

<1E> is signifies that Browser Service Election is running. Browser Service is is a feature of Microsoft Windows to let users easily browse and locate shared resources in neighboring computers.

Conclusion: You can use nbtstat to enumerate Microsoft OS. If you wanted to use it on Kali Linux, you need to download it first. It was used to show connections between computers and more.

Today we are going to learn about Social Engineering. In this topic, we will try to use human trust as our advantage to get information about them.

One of the way to do it is to make a a page that look exactly like a trusted website has. After entering their email and password, their data would be sent to us. In another word, we did an “Impersonation”. We can also get more information by either pretending as influential authority or just simply get to know them better.

First we would need to open the Social Engineering Toolkit (SET) first.

It will appear like this.

Before you can use this program, you will have to get through Terms of Service first.

After that, the main menu will appear and you can start to choose.

We will try to do Common User Passwords Profiler (CUPP). It’s used to find a valid password of target.

I used this link to installed CUPP into Kali Linux.

CUPP – How To Generate a Powerful Wordlist on Kali Linux ?

First, you would need to install the github with this command: git clone https://github.com/Mebus/cupp.git , then use this CUPP using python cupp.py -i. It will then show the Interactive Mode.

Conclusion: You can use SET to do Social Engineering hacking.

In this one, I will attempted to download DVWA. For this post, I will try to download with the help of friend’s walkthrough because the pdf walkthrough is confusing.

DVWA Installation

First, we would need to change the directory first to /var/www/html . Then download the github zip using wget. wget stands for “web get”.

After getting the zip, unzip it using unzip command and the filename.

The ls command is used to list the names of the files and folders within the file system. While mv stands for “move”, which mv command purpose is to move files from one folder to another. Because I already move the files into the folder, it looked like this.

The chown command changes ownership of files and directories in a Linux filesystem. The R stands for “recursive”. It’s purpose is to operate on files and directories recursively. Enter each matching directory, and operate on all its contents.

Service command is used for starting or stopping  services by running a script. We will be running service mysql and apache2. ps aux returns the full command line of each process.

The last step for now is to install it. Write “Y” for all of it.

After this, you would need to put your Linux IP address to test if the installation is successful or not. Use ifconfig to find the ip address.

If it was working, it will be look like this.

We would need to open a certain file to continue our installation. Here is the steps:

gedit used to open this file:

You needed a recaptcha key for this. So let’s enter the link and get our key. I already make the site and get the recaptcha key.

Now put the keys into this file:

Then restart apache2 and service mysql.

Time to check if I have fixed the error. Open localhost/setup.php, and apparently there is two more error.

To change the allow_url_include, you need to get into php.ini first, so let’s do that.

At first I was confused how to open the php.ini file here. But apparently, I only need to used the Path written on Configuration File (php.ini) Path.

After using gedit php.ini, this file will appear.

Use search (Ctrl + F) to found allow_url_fopen and allow_url_include.

Turn it all into On and check if it’s work on setup.php. If it didn’t work, then it would means you have to change the settings in different php.ini.

Do the same process where you change all allow_url_fopen and allow_url_include into On, and it should be work now.

Now the next thing to do is fix the last error. It was kept inside the config.inc.php just like the recaptcha one.

Then change all of the settings for DVWA user.

After that, enter the mysql -u root -p to show the mysql setup. -u stands for username and -p stand for password.

After you filled all of the information, the MySQL data in Setup.php would change but the php gd error is not disappeared yet. Apparently you have to press Create / Reset Database

After click on that button, the login page would appear. This is what it looks like.

Open the README.md file so you would know what is DVWA username and password.

 

Apparently, I was actually configure the Kali Linux the wrong way. Took me way too long to ask my teacher. That is also because I thought I already did it correctly, but apparently I was wrong. I still did it wrong.

I can tell it was wrong because every time I turned off the Kali Linux, all of my progress is disappear. But at that time, I thought it was simply the part of the Kali Linux program so that no hackers could track my Kali Linux data and progress. So I always try to do everything from the lectures in one go.

And before we continue with how I (this time) fixed my Kali Linux, I also figure out that apparently Kali Linux has their own default password : toor. Because of this, I don’t have to turn off my Kali Linux again every time Kali Linux went to Sleep Mode.

1. I deleted my old Kali Linux

2. Open “File” and pick “Import Appliances”.

3. Import the Kali Linux file you download from www.kali.org

4. When click “Next”, it will show this new window. Click Import after you sure with the configuration.

5. Then open “Settings” to change some of the configurations.

6. In “General”, change “Type” to “Linux” and “Version” to “Debian (64-bit)”.

7. Then finally start the Kali Linux!

Conclusion: It has now finally working! None of my process has disappear now.

In this one, we will discuss about “Target Discovery”. It could mean either discover old dns record or discover what is behind the Firewall. The reason why you would to look at the old record is because:

• Find old scripts
• Find Old Admin Page
• Find Old Server to Breach In

Our goal is to test out dnstrail and robtex and see what kind of records they could found.

The first website you can used for this is DNStrails.  I will use wikipedia.net for example as usual.

I opened the one with CNAME first to see what kind of records CNAME has.

You can see the yellow button that said “IP Neighbouring to [208.80.153.224]”

Wikipedia apparently has changed IP addresses numerous time before. Even one of the old IP address still have some site on it.

In this one I tried to open the AAAA Records.

In this one there is no IP Neighbouring to [IP address].

Next is robtex.com. For this one, I’m using jo1.pentest.id.

Conclusion: With these websites, I could found out about all of the old records for the site I targeted.