wpscan Kali Linux Tutorial to Know WordPress Vulnerabilities

wpscan check versioin

Millions of Websites are running on WordPress CMS today, Is your website one of them? If Yes, Do you know about vulnerabilities exist on your website?

Think Again!! Is your WordPress website is hackable?

Check Again! Your WordPress website for vulnerabilities.

Today’s topic is wpscan Kali Linux Tutorial to Scan WordPress Website for Known Vulnerability. Yes, we are going to find out vulnerable WordPress core files, Plugins, and themes.

Wpscan a small tool written in ruby and preinstalled in Kali Linux, if you are using another Linux distribution, then install wpscan first.
I was checking my client’s website without any potential purpose, suddenly one question arises in my mind lets check the security. I had installed Kali Linux on a VirtualBox So I had started wpscan to scan the website for getting details about plugin and themes.

Trust me I found lots off aggressive detection, for example, open files, files access directly in browser, usernames and more.

Wpscan Kali Linux Tutorial

Wpscan is used to scan the wordpress website for known vulnerabilities within WordPress core files, plugin, and themes. you can enumerate users for a weak password, users and security misconfiguration.

I am going to tell you all the steps on how to use wpscan in Kali Linux.

In Kali Linux just open terminal and write following syntax to run wpscan

#wpscan

One of the following options is required: URL, update, help, hh, version, or use –help option.

So I used following command to check for available options in wpscan,

#wpscan –help

For Check the version

#wpscan –version

Next step to update wpscan, The database used by wpscan is wpvulndb.com maintains by the team and ever-growing list of vulnerabilities.

#wpscan –update

Scan complete website by giving url followed by –url option

#wpscan –url https://www.yourwebsite.com

If you want to scan website for checking vulnerable Plugin add the –enumerate vp argument

#wpscan –url https://www.yourwebsite.com –enumerate vp

Check the result carefully and you will find lots of information about plugins, if any vulnerable plugin exists, you will see red exclamation icon and relate information.

Do you find any vulnerable plugin?

If Yes.
Update the plugin as soon as possible, if you cannot update, plugins should be replaced or removed permanently.

Scan vulnerable Themes

Similar as plugin scan you need to add –enumerate vt argument to check your website for vulnerable themes.

#wpscan –url https://www.yourwebsite.com –enumerate vt

If you get results with red exclamation icons, it means your theme is vulnerable. You will find url and more information.

Do you have a vulnerable theme?
YES
Update / Replace /Remove whatever you can.

WordPress User Enumeration by Wpscan

A small question for you:
“What if hackers know your WordPress website’s username?”
Will he hack your website?
What impact on your website?

Reply in the comment box.

By the way, it is easy to getting username list and their permissions by using a simple argument –enumerate u

#wpscan –url https://www.yourwebsite.com –enumerate u

If you are using Website firewall you will get error and wpscan will stop.

Brute Force Attack on WordPress website by using Wpscan

Password guessing in old technique to get the right password, and very hard if you are doing manually.

It is easy!

If you are using tool and a word-list.

At the end of tutorial, I am going to say a single phrase.
Don’t use your knowledge unethically.

If you have any questions tell me in the comment box.

Cheers!

Netdiscover – Network Scanning Tool in Kali Linux

netdiscover main

Netdiscover is an ultimate scanning tools used to get the internal IP address and MAC address of live hosts in the network. Netdiscover is preinstalled tool in Kali Linux, if you are using Kali Linux then you dont need to install netdiscover. No doubt nmap is best tool for scanning network but Netdiscover is also good tool for finding Internal IP address and MAC address. So this tool is continuously exit on Kali Linux repository, before it was in backtrack repository as well.

Start Netdiscover in Kali Linux

Netdiscover is a very attractive tool for discovering hosts on wired or wireless network. It can be used in both active and passive mode.
Inactive Mode it send requests to hosts for getting information but in otherhand it is working in silent mode called passive mode or listening mode. To start and check for available options in netdiscover run following command.

#netdiscover –help

lots of switches can be used with different manners for getting desired result. Nediscover work only in internal network so you must know network you are connecting. use following command to check the IP Address:

#ifconfig

So My network is 192.168.43.0/24 and network device is eth0. -r for range of network. So I used following sytax to get result.

#netdiscover -i eth0 -r 192.168.43.0/24

When you hit enter the result will display on the screen.

So If you have any question please leave the comment. And one more thing happy hunting!

Kali Linux Theharvester an Email harvester [Tutorial 2018]

Theharvester in Kali Linux

Description: theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

It is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.

Passive Information Gathering by theharvester

  • google: google search engine- www.google.com·
  • googleCSE: google custom search engine·
  • google-profiles: google search engine, specific search for Google profiles:
  • bing: microsoft search engine  – www.bing.com·
  • bingapi: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)·
  • pgp: pgp key server – pgp.rediris.es·
  • linkedin: google search engine, specific search for Linkedin users·
  • vhost: Bing virtual hosts search·
  • twitter: twitter accounts related to an specific domain (uses google search)·
  • googleplus: users that works in target company (uses google search)·
  • shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts  (http://www.shodanhq.com/)

Active Information Gathering

  • DNS brute force: this plugin will run a dictionary brute force enumeration
  • DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
  • DNS TDL expansion: TLD dictionary brute force enumeration

Getting Started with Theharvester

In Kali Linux theharvester tool is inbuilt and can be run a simple command in terminal

#theharvester

Theharvester Usage Options

Lot of tools are included in to theharvester package and can be used to by using switch like -d switch is used to define domain names and -l is used to limit number of the result. In the following image you can see all available switch.

Theharvester Usage Example

Search from email addresses from a domain (-d example.com), limiting the results to 500 (-l 500), using Google (-b google):

#theharvester -d example.com -l 500 -b google

MODULE 4:- Information Gathering

  1. How to use dnsenum for dns enumeration – Kali
  1. How to use dig command in Kali Linux
  1. whois Kali Linux commands with example
  1. Enumerating DNS Records through dnsenum tool in Kali Linux
  1. Email Harvesting by theharvester tool in Kali Linux
  1. Google Hacking | Open Web Information Gathering
  1. dnsmap | DNS Domain name system brute force attacks
  1. Zone Transfer using dnswalk tool
  1. Website information Gathering through Nikto tool
  1. Search Senstive Data through Metagoofil Kali Linux 2.0
  1. 8 Steps to run Maltego Kali Linux – beginner guide

Fluxion – WPA WPA2 hacking in minutes [Step By Step Tutorial]

fluxion

Fluxion is a wifi Security analysis tool, than can be used WPA and WPA2 hacking or other wifi attacks using the MITM (Man In the Middle Attack) techniques. It is the future of wifi hacking and a combination of technical and social engineering techniques that force user to send WiFi password to attacker in plan text. In short words, It’s a social engineering framework using following process

Credit: githacktools

How Fluxion Works for WPA / WPA2 Hacking

  • Scan the networks.
  • Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
  • Use WEB Interface *
  • Launch a FakeAP instance to imitate the original access point
  • Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
  • A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
  • A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
  • Each submitted password is verified by the handshake captured earlier
  • The attack will automatically terminate, as soon as a correct password is submitted
credit: gbhackers

Fluxion WPA2 Hacking Tutorial

We are targeting a WPA / WPA2 encrypted Wi-Fi connection. It means an Wi-Fi access point has WPA2 encryption and multiple connected users. This attack including creating fake access point, Jam the target Access Point, Set up a fake login page, and forced user to enter wifi password. One more interested thing in this attack it will have been captured handshake for comparing entered password by user. If user enter wrong password attack will not stop and send again fake page to enter right password. If you want complete tutorial you can go throgh following steps:

  • Installation of Fluxion
  • Scan Access Points (Wi-Fi AP)
  • Choose a Target AP Wi-Fi
  • Retrieve Handshake
  • Create Fake Login Page
  • Capture login credential Password
  • Warning

STEP 1: Installation of Fluxion

Fluxion is not prebuilt tool in Kali Linux, So we have to install it on Kali Linux system by cloning the git repository using following syntax:

#git clone https://github.com/GiorgAtma/fluxion

When the cloning done use following command to start fluxion

#cd fluxion
#./fluxion.sh

When you see the message some dependency packages are missing or not installed. Run following command to install missing packages.

#./installer.sh

A new window will opne and start installation of missing packages. Be patient and wait for finishing installation.

STEP 2: Scan Wi-Fi Access Point [Hotspot] by Fluxion

When fluxion run first time, first option is language selection. So select your language by typing number mention next of language on the screen, Press enter to proceed.
Select Channel: Channel selection is important, if you know the target AP’s channel, you may enter 2 to narrow the scan to desired channel. Otherwise, select option 1 to scan all channels and scann all networks nearby you and take little bit time.

STEP 3: Choose Target WiFi Hotspot

When the scanning will be completed, all available access point will be displayed on the screen. Every AP has number next to it. Selected target must have connected clients. This attack will not work without any client. To select Access point by entering number mentioned next to it.

Credit : Nullbyte

STEP 4: Retrieve Handshakes

Handshakes are used by AP and clients at the time of establish connection. Three methods are available to start getting handshake. Most powerfull method is “aireplay-ng de-authentication (aggressive), use it. If not captured, use another method. In the next screen you can check the status of handshakes by selecting first option check handshake.

STEP 5: Create the Fake Login Page

Select option 1 for “Web Interface,” and social engineering tool will be used. Select language and go ahead.

This is the final step to fire the attack, Press enter to launch the attacck. Multiple windows will be created to cloned the version the thier wireless network alongside jamming the normal access point and user will connect with fake AP (unencrypted)

STEP 6: Capture the Password

The user is directed to a fake login page, which is either convincing or not, depending on which you chose.

STEP 7: Warning by Fluxion Team


Netcat Linux Tutorial with Examples | Netcat Download

netcat
netcat

Many hacker and information security experts are using netcat. Netcat is a old but powerful information security tool is used to read and write from one computer to another computer through the network connection using TCP or UDP protocol.
I have been working in cyber security field more than 7 years, and found netcat working very well still. due to the use and multiple functionalities, got name swiss army knife for ethical hacking. Most big certification course like CEH (Certified Ethical Hacker) and Penetration Testing with Kali Linux are teaching about netcat.
By default netcat is available in Kali Linux but if you want to use netcat in windows, download netcat windows. netcat download
Here are most common uses of netcat:

  • Port scanning.
  • Banner Grabbing
  • Transferring Files.

Port Scanning by Netcat Linux

Port scanning is a methodology to find out open ports on target machine. Nmap is most known and powerful tool used for port scanning but necat also can be used to scan target machine to check open port.
Here is an example of port scanning. syntax:

#nc -v [Target Machine IP address] [Port Number]

#nc -v 192.168.0.1 80

The -v switch is used to get verbose output. 192.168.0.1 is the IP address of Target Machine and port number is 80.
Result: port is open.
If you want to scan port within range, provide range instead of single port. For the example if you want to scan port range 10 to 100 then you will use following syntax:

#nc -v 192.168.0.1 10-100

Banner Grabbing by Netcat

Banner grabbing is a fingerprinting technique, used to extract useful information from the target machine like what service running on open port.
When we send banner grabbing request through the netcat, we will send some output, after analyzing same find out helpful information like Operating system detail, service detail on particular port etc.One important thing is established connection is required by netcat to the victim machine before start banner grabbing.
Here is an example of banner grabbing, victim is google.com server and Syntax:

#nc [domain name / IP Address] [Port Number]

#nc www.google.com 80

Transferring Files by using Netcat

Most common method for transferring files over network is using FTP, netcat is another tool is used to transfer files over networking using TCP or UDP protocol.
Two modes are required, one is listen mode on sending end another is receiver’s end. you must establish connection between target and attacker with specific IP address, then execute file transfer command.

Syntax following:
On Target Computer (Victim / Reciver Computer):

nc -v -w 30 31337 -l
nc -v -w 30 31337 -l file.txt

nc                      —Netcat

-v                      verbose mode; gives feedback on the screen during an operation

-w 30             tells Netcat to wait for 30 seconds before terminating the file transfer process

31337               the port number

-l                    the computer is the listener

<text.txt        —taking the file and sending it

On Attacker Machine:

#nc -v -w 3 [victime IP Address] [port number] > [File name]

#nc -v -w 3 192.168.0.1 4444 > file.txt

-w 3 —wait two seconds before canceling the transfer, in case of loss of connection

192.168.0.1 —IP address of the Victim machine

4444 —listening port of the Victim machine

>text.txt —receiving the output of the Windows machine and putting it in a new text file

If you have any question related this post please comment below.
Happy Hunting

How to Install Flash Player Kali Linux Firefox [Full Guide]

commands to install flash player plugin in mozilla - kali linux

Hello & Welcome on on my Blog, I am happy to see you here. I hope you are doing well.

Today I updated my Kali Linux in latest version 2018.2 and I found the flash player is not working in Mozilla Firefox. Flash Player mostly used to play videos and flash content in a browser. so if you don’t have the latest version of Flash Player many flash content will not visible. I open a website which has some flash content, I got the following error.

plash player error

So I decided to write an article on how to update and install Flash player Kali Linux Mozilla. So this article also will helpful for those, who are facing the same problem. By the way, it’s very easy to update Flash Player. download from the official websites of the flash player and extracted and copy libflashplayer.so into /usr/lib/mozilla/plugins . If you don’t know how you can install the flash player plugin in Mozilla, so you can follow the steps given below

STEP 1: Download Flash player plugin

Go to the official website of Adobe flash player and download appropriate file (.tar.gz) for your Kali Linux version. After some time downloading will be completed then go for the next step.

STEP 2: Extract or unzip the downloaded file

Go to the download folder and you will find .gz file. You need to extract it .just right click on the file and select option extract here

download folder in kali

STEP 3: Install the flash player plugin in Mozilla

After the extracting just run the following commands
commands to install flash player plugin in mozilla - kali linux

STEP 4: restart Firefox browser

If you have any suggestion or question please post into the comment box.

Cheers!

репозитории Kali Linux 2018.2

репозитории Kali Linux

Как добавить репозиторий Kali Linux 2018.2

Kali Linux проверяет только инструменты, хранящиеся в репозитории Kali Linux 2018.2 во время обновления и обновления. Репозиторий kali linux – это место, где хранятся все инструменты. все инструменты, доступные в репозитории, проверены исследователями безопасности. Если вы устанавливаете сторонние инструменты из любых других ресурсов, это может вызвать проблемы. Некоторые обновления обновления могут сделать Kali Linux нефункциональным по этой причине, все программное обеспечение проверено разработчиками Kali, прежде чем добавить репозиторий Kali Linux. В репозитории Kali есть некоторые сторонние приложения, в этом случае для добавления могут потребоваться дополнительные репозитории.

Шаг 1. Используйте листовую панель или другой текстовый редактор, чтобы открыть и отредактировать файл /etc/apt/sources.list.
,
leafpad /etc/apt/sources.list

Шаг 2. Добавьте следующий код в файл и сохраните файл.

deb http://http.kali.org/kali kali-rolling main non-free contrib

Обновление Kali Linux

Как и другие операционные системы, Kali имеет неявную возможность обновлять как операционные системы, так и программное обеспечение или пакеты, установленные. По мере того, как обновления пакета становятся доступными, они будут представлены в магазине Kali. Затем этот магазин можно проверить, чтобы гарантировать, что операционные системы и положения обновлены. Обновления, как правило, являются более уменьшительными исправлениями, которые устраняют ошибки программного обеспечения или ошибки или используются для включения новых компетенций в фитинги.
Используйте следующие команды для обновления системы:

apt-get update

Adding Repository in Kali Linux image 01

Обновление Kali Linux

Как и обновление, обновление Kali также может выполняться в командной строке с помощью утилиты apt-get. Обновления – это регулярно значимые обновления для заявок или самой рабочей структуры. Обновления предлагают новую полезность и намного больше, что обновление обычно облегчает шанс и пространство на диске System.

Синтаксис здесь

apt-get upgrade

Adding Repository in Kali Linux image 02

2 commands How to install libreoffice for Kali Linux

How to install libreoffice in Kali Linux

Hello and welcome on my blog Cyberpratibha.

Most of us are using windows and familiar with Microsoft Office including MS Office here is Libre office for Kali Linux. In this tutorial you will learn Kali Linux commands  “How to install LibreOffice for kali Linux. Libreoffice is office for Kali Linux and other Linux distribution. You are at the right place to learn 2 commands to complete this operation.

How to install LibreOffice for Kali Linux

This is a software office for Linux distros similar as Microsoft Office in window Operating System. It is always free and available for all Linux flavor. Further future process run following commands

apt-get update

apt-get install libreoffice

or

$ sudo apt-get install libreoffice

Video Demonstration:

Kali Linux Online Terminal via Gotty [Video Tutorial]

kali linux online terminal

Kali linux online terminal – MSF Web

Gotty is software used to make Kali linux online terminal accessible via  web browser. cmd could be shared with other users. it is little bit fun. You can download and install gotty in Kali linux 2.0 and older version. It is a terminal emulation freeware and works like a terminal servers and Terminal client.
By default, gotty doesn’t allow clients to send any keystrokes or commands except window re-sizing. When you want to permit clients to write input to the PTY, add the -w option. However, accepting input from remote clients is dangerous for most commands. Make sure that only trusted clients can connect to your gotty server when you activate this option.

After use PC Terminal emulator your PC will start work like a SSH client. As you know ssh secure file transfer is used to transfer files.

 

Here is Video Tutorial of linux online terminal

[sociallocker id=2182]

Access kali linux terminal online

Access kali linux terminal online via gotty.

Posted by Q Hacker on Friday, March 3, 2017

[/sociallocker]

Learn about Kali Linux configure network manually [Tutorial]

How ot do Kali Linux network configuration

Hello and welcome on my blog, there Vijay Kumar, 

This article about ” Kali Linux configure network manually ” it will cover all about Kali Linux network configuration of LAN and Wireless LAN adapter, assign IP manually and by DHCP server as well.

Kali Linux Network Configuration for Ethernet Connection

Network interfaces (LAN adapter, wireless adapter, usb adapter, fast Ethernet) are responsible to connect and make communication between two or more computers in a network. If network card is not configured properly, then you are out of network and configuration is important for network security. Network should have proper IP Address, subnet mask, Default gateway, domain name server etc.

So configure network and get into the network. but most important question:

How do you check Kali Linux network configuration ?

There are different methods for windows and Linux operating systems. Here we are discussing about kali linux, I will explain tasks used in Linux. Following command is used to check the status of the networking cards in Kali Linux:

#ifconfig

#ifconfig –a

Using The Command Line To Configure Network Interface In Kali Linux _image1

ifconfig command sow assigned IP address, MAC, Netmask, for IPv4. you can run this command as normal user and sudo user.

Enable/Disable network interface cards

Ifconfig command using the up option can start network interface and stopped using the down option. Following syntax is used

#ifconfig eth0 down

#ifconfig eth0 up

Using The Command Line To Configure Network Interface In Kali Linux _image2

Using The Command Line To Configure Network Interface In Kali Linux _image3

Assign IP Address for network (eth0 or wlan0)

Eth0 is the number of wired network interface card. if you want to assign ip address for wireless adapter replace eth0 by wlan0. The current configuration of this adapter can be changed by using following command and this command will assign new ip address for your computer interface

#ifconfig eth0 192.168.1.10

Kali Linux network configuration with IP address and Netmask

Netmask is used to indentify the network address. It can be configured by using given command. This will set the ip address 192.168.1.10 and set the subnet mask 255.255.255.0

#ifconfig eth0 192.168.1.10 netmask 255.255.255.0

Using The Command Line To Configure Network Interface In Kali Linux _image4

Add default gateway

Default gateway is added or changed, by using following command. It will set the default gateway 192.168.1.1

#route add default gw 192.168.1.1

Using The Command Line To Configure Network Interface In Kali Linux _image5

Add dns-namesevers

In Linux Domain Name Server or DNS can be set or modifying the resolv.conf  in the /etc directory. It can be changed by editing this file. add the following sytex in terminal

#echo nameserver 8.8.8.8 > /etc/resolv.conf

This command will remove the current nameserver and set 8.8.8.8. It can be added alternate nameserver by using following syntax

#echo nameserver 4.4.4.4 >> /etc/resolv.conf

Kali Linux network configuration from DHCP 

DHCP services is one of the easiest ways to configure a Ethernet. Free DHCP server provides all required configuration setting for network card. Use the following method:

#leafpad /etc/networking/interfaces

make these entries

auto eth0

iface eth0 inet static

address {ip_Address}

netmask {netmask}

gateway {Default_gateway_IP_Address}

Save the file and exit to complete modification. It is required to take down network and again bring up Ethernet interfaces to applying this configuration.

Use following command to configure network adapter
#dhclient eth0

This will configure the network adapter using the settings provided by the DHCP Server.

How to configure network adapter in Kali Linux

How to configure network adapter in Kali Linux by Command line

Posted by Q Hacker on Thursday, March 16, 2017