Network တစ္ခုထဲက ကြန္ျပဴတာ ေတြကို ဘယ္လို ေဖာက္ထြင္း၀င္ေရာက္မလည္း

 Armitage မွာ network တစ္ခုထဲမွာ ရွိတဲ့ ကြန္ျပဴတာေတြကို scan ဖတ္ၾကည့္လို႔ရၿပီးေတာ့ ဘယ္ exploits ကအလုပ္ျဖစ္မယ္ဆိုတာကို ျပေပးႏိုင္တဲ့ active check ဆိုတာပါရွိပါတယ္။ တစ္ကယ္လို႔ အဲဒီ option ကအလုပ္မျဖစ္ဘူးဆိုရင္လည္း သူ႔မွာ Hail Mary ဆိုတဲ့ attack တစ္ခုပါၿပီးသားရွိပါတယ္။ အဲဒီေကာင္ေလးက ကိုယ့္ Target ကို အေကာင္းဆံုး exploit လုပ္ေပးပါလိမ့္မယ္။ ၿပီးရင္ေတာ့ အေမႊ ဇယားေပါ့ဗ်ာ။

                     ဒီေနရာမွာေတာ့ Hail Mary Attack ကိုမသံုးပါဘူး Find Attack နည္းကိုသံုးျပပါမယ္။

Armitage ကို run ဖို႔လိုအပ္တာေတြကေတာ့

• Latest Metasploit framework 4.3 or above 
• Oracle Java 1.7

 

အဆင့္ ၁ :  Backtrack  ကိုဖြင့္ပါ ။ ျပထားတဲ့အတိုင္း အဆင့္ဆင့္ ၀င္ပါ။

•   Exploitation Tools > Network Exploitation Tools > Metasploit Framework > armitage

                            

အဆင့္ ၂ : အခုလို Box ေလးတစ္ခု က်လာရင္ Connect ဆိုတာေလးကို ေရြးေပးပါ။

                                       

ဒီေနရာမွာ နည္းနည္းၾကာပါလိမ့္မယ္ စိတ္ရွည္ရွည္ထားၿပီး ေစာင့္ေပးပါ။ ဒါမွမဟုတ္ အိပ္ေနလိုက္ေပါ့ :P

                                          

  အဆင့္ 4 - Armitage ရဲ႔ window တက္လာပါၿပီ . .။

                                            

သူ႔မွာ Panel သံုးခုရွိပါတယ္ TARGET PANEL ရယ္   MODULE PANEL ရယ္   TABS PANEL ရယ္  ျဖစ္ပါတယ္။ TARGET PANELက Ip Address ေတြနဲ႔ အျခားအခ်က္ေတြကို ျပေပးမယ့္ေနရာပါ။MODULE PANEL ကေတာ့ auxiliary ေတြ exploit ေတြ payload ေတြ နဲ႔ post ေတြကို ျပေပးမွာျဖစ္ၿပီးေတာ့ TABS PANELကေတာ့ ဖြင့္သမွ်ကို Tab အသစ္တစ္ခုစီနဲ႔ ဖြင့္ေပးမွာျဖစ္ပါတယ္။ ပိတ္ခ်င္ရင္ေတာ့ x ေလးကို ႏွိပ္လိုက္ယံုပါပဲ။

                             

အခု  alive ျဖစ္ေနတဲ့ host ကိုရွာပါမယ္။ Host ဆိုတဲ့ tab ထဲက Nmap Scan > Quick Scan OS detect                                                              ဆိုတာကိုေရြးေပးပါ။

                                    

ေဘာက္စ္ ေလးတစ္ခုက်လာပါလိမ့္မယ္ . . . . ။    ဒီေနရာမွာ scan range ကိုေရြးေပးရမွာျဖစ္ပါတယ္။           ip  ဘယ္ေလာက္ကေန ip ဘယ္ေလာက္ဆိုတာမ်ိဳးပါ။  Scan Complete ဆိုတာနဲ႔  alive host ေတြရွိေနရင္ေအာက္မွာျပထားတဲ့အတိုင္း target panel မွာ ေပၚလာပါလိမ့္မယ္။

                                     
                                   

                                                 အခု attack ေရြးပါမယ္ ။
 
Attack ဆိုတဲ့ tab ကိုေရြးပါ။ Find Attacks ကို ကလစ္ပါ။  Target Panel ထဲက Host ေတြအတြက္ အသင့္ေတာ္ဆံုး attack ကိုရွာေပးပါလိမ့္မယ္။

                                       

                                     attack ေရြးၿပီးတာနဲ႔  message box ေလးတစ္ခုက်လာပါလိမ့္မယ္။

 

                                        

                                                                   Vulnerebility  Set လုပ္ပါမယ္။
Host ေပၚမွာ Right click ေထာက္ပါ။ smb ကို click ပါ။ ms08_067_netapi  vulnerebility ကိုေရြးေပးပါ။

                                         

                          Checkbox ကို click ပါ။ reverse connectionကိုေရြးပါ။ Launch Button ကိုႏွိပ္ပါ။

                                          

Target Host ကvulnerable ျဖစ္တယ္ဆိုရင္ အနီေရာင္ မိုးႀကိဳးပံုေလးကို ေျပာင္းသြားပါမယ္။ ဒါဆိုရင္ေတာ့ သေဘာရွိလို႔ရပါေတာ့မယ္   :D

                                         

Backtrack 5 R3 Walkthrough part 1

Backtrack is one of the most popular Linux distributions used for Penetration testing and Security Auditing. The Backtrack development team is sponsored by Offensive Security. On 13th August 2012, Backtrack 5 R3 was released. This included the addition of about 60 new tools, most of which were released during the Defcon and Blackhat conference held in Las Vegas in July 2012. In this series of articles, we will look at most of the new tools that were introduced with Backtrack 5 R3 and look at their usage. Some of the notable changes included tools for mobile penetration testing, GUI tools for Wi-fi cracking and a whole new category of tools called Physical Exploitation.
Getting Backtrack 5 R3
There are two ways to get up and running quickly with Backtrack 5 R3. If you are already running Backtrack 5 R2, you can upgrade to Backtrack 5 R3 by following the steps described on this page. Or you can do a fresh install of Backtrack 5 R3 from the downloads section on Backtrack’s official website.
A list of the new tools released with Backtrack 5 R3 according to Backtrack’s official website are libcrafter, blueranger, dbd, inundator, intersect, mercury, cutycapt, trixd00r, artemisa, rifiuti2, netgear-telnetenable, jboss-autopwn, deblaze, sakis3g, voiphoney, apache-users, phrasendrescher, kautilya, manglefizz, rainbowcrack, rainbowcrack-mt, lynis-audit, spooftooph, wifihoney, twofi, truecrack, uberharvest, acccheck, statsprocessor, iphoneanalyzer, jad, javasnoop, mitmproxy, ewizard, multimac, netsniff-ng, smbexec, websploit, dnmap, johnny, unix-privesc-check, sslcaudit, dhcpig, intercepter-ng, u3-pwn, binwalk, laudanum, wifite, tnscmd10g bluepot, dotdotpwn, subterfuge, jigsaw, urlcrazy, creddump, android-sdk, apktool, ded, dex2jar, droidbox, smali, termineter, bbqsql, htexploit, smartphone-pentest-framework, fern-wifi-cracker, powersploit, and webhandler. We will be discussing most of these tools in this series.
Fern-Wifi-Cracker
Fern Wi-fi cracker is a program written in python that provides a GUI for cracking wireless networks. Normally, you need to run aireplay-ng, airodump-ng and aircrack-ng separately in order to crack wireless networks, but Fern-Wifi-cracker makes this job very simple for us by acting as a facade over these tools and hiding all the intricate details from us. It also comes with a bunch of tools that helps you perform attacks like Session Hijacking, locate a particular system’s geolocation based on its Mac address etc.
Fern Wi-fi cracker can be found under the category Wireless Exploitation tools as shown in the figure below.

Before starting with Fern Wi-fi cracker, it is important to note that you have a Wi-fi card that supports packet injection. In my case, i am running Backtrack 5 R3 as a VM and i have connected an external Alfa Wi-fi card to it. You can verify if your card can be put into monitor mode by just typing airmon-ng and it will show you the list of interfaces that can be put in monitor mode. Once this is done, open up Fern Wi-fi cracker.

Select the appropriate interface on which you want to sniff on.

Once you have selected it, it will automatically create a virtual interface (mon0) on top of the selected interface (wlan0) as is clear from the image below.

Now, click on “Scan for access points”. As you can see from the results, it found 4 networks with WEP and 1 network with WPA.

In this case, we will be cracking a WEP network named “Infosec test” which i set up for testing purposes. Click on the network “Infosec test” and it will show you its specific information like the BSSID of the access point, the channel on which the Access point is transmitting on etc. On the bottom right, you can select from a variety of attacks like the Arp request replay attack, caffe latte attack etc. In my case, i will be going for an Arp request replay attack. Once this is done, click on “Wi-fi attack” and this will start the whole process of cracking WEP.
You will now see that some IV’s are being captured as shown in the image below. The tool will also tell you if your card is injecting arp packets properly or not as shown in the bottom right section of the image below.

Once enough IV’s have been collected, it will start cracking the WEP key automatically.