Before we use these accounts in order to connect and interact directly with the database we can use another two metasploit modules that can help us to enumerate the database accounts and to dump the usernames and password hashes of the MySQL server.Of course this can be done manually but Metasploit helps us to automate this process.So first we will configure the module mysql_enum in order to find information about the database accouts:

[img][/img]

We can see a sample of the output in the following image:
[img][/img]

Next its time to configure and run the mysql_hashdump module in order to dump the passwords hashes from all the database accounts:

[img][/img]

Next its time to configure and run the mysql_hashdump module in order to dump the passwords hashes from all the database accounts:

[img][/img]

Now we can use any mysql client to connect to the database.Backtrack has already a client so we can use the command mysql -h IP -u username -p password.In our case our IP of the target is 172.16.212.133 and we will use as username the root that has been discovered from the mysql_login module before.We will be prompted for a password but we will leave it blank because the password for the account root is blank.

Now that we are connected to the database we can use the command show databases; in order to discover the databases that are stored in the MySQL server.

[img][/img]

As a next step is to choose one database and then to try to see the tables that it contains in order to start extract data.We can do that with the command use <dbname> and the command show tables;
[img][/img]

We can see that there is a table user.We would like to extract the data of that table as it contains the usernames and passwords of the system.We can achieve that with the command select User, Password from user;

[img][/img]

As we can see there are 3 accounts with blank passwords.So now we have all the accounts of the MySQL database.We can now discover additional tables from other databases with the command show tables from <dbname>;

[img][/img]

The interesting table here is the credit_cards so we would like to see the contents of this table.We will change database with the command use <dbname> and we will execute the command show * from credit_cards;

[img][/img]

Now we have all the credit cards details from users and all the accounts and passwords from the database.

What??! So how do you prevent that?

Djtm: What??! So how do you prevent that?

Simple use a very long password. that doesnt say it wont be hackable but it will make it difficult to. and one thing u shuld remenber about security is that nothing is 100% secure

just_thinking: Simple use a very long password. that doesnt say it wont be hackable but it will make it difficult to. and one thing u shuld remenber about security is that nothing is 100% secure

thanks.

Djtm:
thanks.

u are welcome

u on whatsapp justthinking

Nice work @just_thinking. I remember those days when i use to do sql injection, brute force and deface cpanel, penetrating ebay through back door... At times I wish i didn't stop

just thinking...cant havij or acunetix actually do the job of metasploit and although i got way confused by ur advance way of begining the topic am sure i can go around getting a newbie lecture. is metasploit used in windows or linux...nice tutorial by the way

@ just thinking am new to sql u r a bad guy respect

kiddie: u on whatsapp justthinking

nope. i hardly chat but am on 2go.

DonCrust: Nice work @just_thinking. I remember those days when i use to do sql injection, brute force and deface cpanel, penetrating ebay through back door... At times I wish i didn't stop

wow dat gr8 boss. u can still share some hacking tips with us naw

megatran: just thinking...cant havij or acunetix actually do the job of metasploit and although i got way confused by ur advance way of begining the topic am sure i can go around getting a newbie lecture. is metasploit used in windows or linux...nice tutorial by the way

i think dey are two different software. metasploit is an exploitation tool probably the best exploitation tool we have. it is use for breaking systems not website. if u luk at the tutorial above. we are attacking a mysql server not a website that uses a mysql database. we didnt do any mysql injection. all we did was try to hack the mysql username and password and once we have it we can analyze the table in the musql. what am saying is that we use metasploit to hack the mysql server directly while software like havij uses the website to hack the mysql server that what we call mysql injection. with dis u dont need to hack the mysql password. all u just av to do is use some programming error to hack the mysql server. i wich to post a mysql injection tutorial soon. tanks for the question bro.

megatran: just thinking...cant havij or acunetix actually do the job of metasploit and although i got way confused by ur advance way of begining the topic am sure i can go around getting a newbie lecture. is metasploit used in windows or linux...nice tutorial by the way

i think dey are two different software. metasploit is an exploitation tool probably the best exploitation tool we have. it is use for breaking systems not website. if u luk at the tutorial above. we are attacking a mysql server not a website that uses a mysql database. we didnt do any mysql injection. all we did was try to hack the mysql username and password and once we have it we can analyze the table in the musql. what am saying is that we use metasploit to hack the mysql server directly while software like havij uses the website to hack the mysql server that what we call mysql injection. with dis u dont need to hack the mysql password. all u just av to do is use some programming error to hack the mysql server. i wich to post a mysql injection tutorial soon. tanks for the question bro.

megatran: just thinking...cant havij or acunetix actually do the job of metasploit and although i got way confused by ur advance way of begining the topic am sure i can go around getting a newbie lecture. is metasploit used in windows or linux...nice tutorial by the way

i think dey are two different software. metasploit is an exploitation tool probably the best exploitation tool we have. it is use for breaking systems not website. if u luk at the tutorial above. we are attacking a mysql server not a website that uses a mysql database. we didnt do any mysql injection. all we did was try to hack the mysql username and password and once we have it we can analyze the table in the musql. what am saying is that we use metasploit to hack the mysql server directly while software like havij uses the website to hack the mysql server that what we call mysql injection. with dis u dont need to hack the mysql password. all u just av to do is use some programming error to hack the mysql server. i wich to post a mysql injection tutorial soon. tanks for the question bro. and also dare is metasploit for windows but i will strongly advice u to get backtrack OS. it is better than using metasploit on windows because dare are some command u cant use on windows except u av cygwin installed on ur windows os. and also some windows can block sum protocols wen trying to connect and that will hinder the the funtion of metasploit. if u dont mind me asking ware u staying.

nasonaso: @ just thinking am new to sql u r a bad guy respect

tank you boss. u can check a beginner tutorial for sql injection here http://thecybersaviours.com/sql-injection-for-beginners

just_thinking: tank you boss. u can check a beginner tutorial for sql injection here http://thecybersaviours.com/sql-injection-for-beginners

is there a way to use backtrack on vmware to crack wep key wifi passwords..i have bt5r3 installed on my pc but it doesnot find an interface when i scan for wireless networks..i am also thinking if it were possible to have to boot the backtrack from windows and run it like a normal operating system, i dont know if that will be possible..and lastly i would want to know how i can crack wep and wpa-psk wifi using windows operating system..thanks for ur support

megatran:

is there a way to use backtrack on vmware to crack wep key wifi passwords..i have bt5r3 installed on my pc but it doesnot find an interface when i scan for wireless networks..i am also thinking if it were possible to have to boot the backtrack from windows and run it like a normal operating system, i dont know if that will be possible..and lastly i would want to know how i can crack wep and wpa-psk wifi using windows operating system..thanks for ur support

dare is no way of connecting vmware to ur wireless card interface(atleast that i know off). which leaves two options which are u eithwe buy external usb wireless card like d-link or u install bt5 on ur system as a normal os. trying to crack wpa using windows. u shuld try learn about aircrack. but am not sure if it is entirely stable on windows.

Centrex Lab is a cyber security company based in Abuja Nigeria , we deal more on cyber intelligence,Black Ops Project and offensive security / Ethical hacking... we are active players on cyber security seminars also, we have train a whole lot of people including FUTMINA CYBER SECURITY DEPT.... you can visit our website on http://centrexethicalab.com/ or google Centrex Ethical Lab to read more about us.... Every September of a given year, we celebrate our cyber security month, where we give a whole lot of stuff to Nigerian citizen to encourage them on the need to be safe online

centrex: Centrex Lab is a cyber security company based in Abuja Nigeria , we deal more on cyber intelligence,Black Ops Project and offensive security / Ethical hacking... we are active players on cyber security seminars also, we have train a whole lot of people including FUTMINA CYBER SECURITY DEPT.... you can visit our website on http://centrexethicalab.com/ or google Centrex Ethical Lab to read more about us.... Every September of a given year, we celebrate our cyber security month, where we give a whole lot of stuff to Nigerian citizen to encourage them on the need to be safe online

that is cool. keep doing ur good job.

megatran: just thinking...cant havij or acunetix actually do the job of metasploit and although i got way confused by ur advance way of begining the topic am sure i can go around getting a newbie lecture. is metasploit used in windows or linux...nice tutorial by the way

Acunetix is a web vulnerability scanner. .basically, it tells you how vulnerable a web application/ web site is. .

Havij is a MySQL exploitation tool. .All you need do is feed it with a vulnerable url i.e. http://example.com/index.php?id=2 and it will automatically dump the database(s), tables, columns and the fields. Havij is a mini-version of SQLMap (a CLI database exploitation tool). .For full database 0wnage, you should use SQLMap (it supports MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Sybase, etc)

Metasploit is a framework developed for executing exploit codes against a target machine (be it local or remote)

Slyr0x:

Acunetix is a web vulnerability scanner. .basically, it tells you how vulnerable a web application/ web site is. .

Havij is a MySQL exploitation tool. .All you need do is feed it with a vulnerable url i.e. http://example.com/index.php?id=2 and it will automatically dump the database(s), tables, columns and the fields. Havij is a mini-version of SQLMap (a CLI database exploitation tool). .For full database 0wnage, you should use SQLMap (it supports MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Sybase, etc)

Metasploit is a framework developed for executing exploit codes against a target machine (be it local or remote)

thanks for the explanation

VACANCY : HITECH SECURITY COMPANY NEEDS AN HND / BSC IN INFORMATION AND COMMUNICATION TECHNOLOGY WITH CISCO QUALIFICATION CONTACT CENTREX ASAP.. APPLICANT MUST RESIDE IN ABUJA

I would like to share how to hack facebook account on the fly


Some people asks "Are you sure SSL(Secure Socket Layer) port 443 can be hacked and we know the password sent over the network??"…..how to break ssl protection using sslstrip?

What is SSL?

Home > SSL
SSL
E-mail this Term
(pronounced as separate letters) Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http
:.
Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.
when we try to break the encryption it’s a little bit hard to break, but here in this tutorial I will explain how to break the SSL encryption without breaking the SSL encryption using Man in the Middle Attack :-) .

Man in the Middle Attack

The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).[citation needed]
A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other — it is an attack on mutual authentication (or lack thereof). Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted certification authority.



Requirement :
1. Linux OS

2. Arpspoof

3. IPTables

4. SSLStrip

5. NetStat

All of this requirements maybe have other dependencies with other packages, I suggest you to use Backtrack Linux for more easier to do this tutorial, because all of the requirement package already installed inside Backtrack Linux(except SSLStrip).

Perform the Attack – Man in the Middle Attack

1. Set your Linux box to make it can forward every incoming port(enable port forwarding).

echo ’1’ > /proc/sys/net/ipv4/ip_forward

This code will let your Linux Backtrack have ability to forward every packet that was not intended for your machine.

2. Know your network gateway
netstat -nr

[img][/img]

For example i’ve already know that my gateway address is 192.168.8.8

3. Use ARP spoof to perform Man in the Middle Attack

arpspoof -i eth0 192.168.8.8

a. Change "eth0" to your network card that currently connected to the network. Usually it is eth0 or wlan0.

b. Change "192.168.8.8" to your network default gateway.

c. In this tutorial I use arpspoof to entire network. Be careful if your network have a large user connected to it, because it will crash your network and bring your network down.

SSL Strip

Created by Moxie Morlinspike who provides a demonstration of the HTTPS stripping attacks that presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. -Taken from author website-

This all happens on the fly, and is practically will invisible to users. The only way to notice is by checking the URL in the address bar where normally it would display HTTPS, it will now display HTTP instead.

Install SSL Strip (optional)

1. Download SSL Strip

2. tar zxvf sslstrip-0.9.tar.gz

3. cd sslstrip-0.9

4. python setup.py install

Executing SSL Strip Attack

1. We need to set up a firewall rule (using iptables) to redirect requests from port 80 to port 8080 to ensure our outgoing connections (from SSL Strip) get routed to the proper port.

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
2. After finished set up iptables, the next step we need to redirect all network HTTP traffic through our computer using ARPSpoof (don’t forget to enable IP forwarding)

echo ’1’ > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 192.168.8.8

[img][/img]

3. When everything running well, you will see that ARPSpoof capturing network traffic, then the next step you need to start your SSL Strip by opening new terminal(CTRL+ALT+T)

sslstrip -l 8080
"-l" tells the system to listen on specified port.

[img][/img]

Above picture tells that SSL Strip already running and waiting for victim opening SSL URL such as (https://mail.google.com; https://mail.yahoo.com; etc)

As a victim I will try to open https://mail.live.com. When I open the page, what I see is looks like below picture
[img][/img]

The URL changed into HTTP. :-)

4. After SSL Strip capturing enough data, to stop ARPSpoof and SSL Strip just hit CTRL + C. After you stop it, the whole network will be down and cannot be accessed for a while(it shouldn’t take long time), this can happen because ARPSpoof didn’t automatically repopulate the ARP tables with router proper MAC address.

5. Inside the SSL Strip folder there will be a new file created "sslstrip.log" that stores all information that already captured over the HTTP protocol and even the HTTPS. Just take a look to the file using your favorite text editor. Below picture is the content of my sslstrip.log :that already captured victim data when they open https://mail.live.com.

You can see the plain data of username and password there.



Prevention of SSL Strip Attack

1. If you are on public network (internet cafe, unsecured hotspot, etc) minimalize login into your personal account.

2. Use SSH Tunneling (You can see the tutorial here).

3. Keep your eyes open.

This fake URL address[img][/img]

Different with this one
[img][/img]

^^^I believe people would appreciate it more if one of us could setup a virtual lab for practicals as against the theory here

@justthinking i'm feeling you and enjoying the tutorials. Keep it up.

@Slyr0x nice idea... Who's gonna take the lead?

Slyr0x: ^^^I believe people would appreciate it more if one of us could setup a virtual lab for practicals as against the theory here

I have a virtual lab am using. i use sun virtual box. i av windows xp installed on one, BT5r1 installed on another and my window 7 wich is my host. i network the three together and that is what am using for my testing. blieve the hack above is tested and trusted.

My Virtual Lab

[img][/img]

Nice. .You should upgrade your Bt5 to Kali linux

Slyr0x: Nice. .You should upgrade your Bt5 to Kali linux

is it better than BT