How to and Uses of Nikto

Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files or common gateway interfaces, outdated server software and other problems. It performs generic and server type specific checks while capturing and printing any cookies received. Nikto also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. The Nikto code itself is open source, but the data files it uses to run the programs are not. The code can also be found on GitHub.

Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS.

Not every check is a security problem, though most are. There are some items that are “info only” type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.


Features
Here are some of the major features of Nikto.

  • SSL Support (Unix with OpenSSL or Windows with ActiveState’s Perl/NetSSL)
  • Full HTTP proxy support
  • Checks for outdated server components
  • Save reports in plain text, XML, HTML, NBE or CSV
  • LibWhisker‘s IDS encoding techniques
  • Host authentication with Basic and NTLM
  • Subdomain guessing
  • Apache and cgiwrap username enumeration
  • Mutation techniques to “fish” for content on web servers
  • Scan tuning to include or exclude entire classes of vulnerability
    checks
  • Guess credentials for authorization realms (including many default id/pw combos)
  • Authorization guessing handles any directory, not just the root
    directory
  • Enhanced false positive reduction via multiple methods: headers,
    page content, and content hashing
  • Reports “unusual” headers seen
  • Save full request/response for positive tests
  • Maximum execution time per target
  • Logging to Metasploit

To use, first boot up the Kali Linux and typing the command below:

nikto -h [address]

Nikto will return a lot of results, some of which are PHP version, XSS vulnerabilities, and server OS. If, at the end of the scan, Nikto finds vulnerabilities, it will return OSDVB codes. To check what the codes mean, you can visit www.osdvb.org.

 

Source: https://cirt.net/Nikto2; https://en.wikipedia.org/wiki/Nikto_Web_Scanner

Hacking with Google

Google Hacking, a.k.a. Google Dorking, is a computer hacking method that uses the Google search engine and other Google applications to find, in general, one or both of the following: software vulnerabilities and   misconfigurations by websites. On top of that, search queries on Google can be used to gather information for arbitrary or individual targets, discover error messages that disclose sensitive information, or seeking files containing credentials and other sensitive data. The search can also be limited to specific pages on a specific site, or it can search for specific information across all websites, giving a list of sites that hold said information.

Google hacking itself can be traced back to 2002. Johnny Long, an American computer security expert, author, and public speaker, began to uncover “unique” Google search queries. He dubbed this list of “unique” queries Google Dorks, and it grew into a large dictionary, before eventually converted into a database. Currently, many hackers also employ other search engines beside Google, such as Bing and Shodan. In fact, the latter is more oriented for searching crucial data, but the comprehensiveness of the results may not be as high as other, more widely-used search engines.

For instance, the following search query will list SQL files (filetype:sql) available that have been indexed by Google on websites where directory listing is enabled (intitle:"index of"). The database can be accessed through https://www.offensive-security.com/community-projects/google-hacking-database/ or https://www.exploit-db.com/google-hacking-database/.

It is possible to hide some of your information from Google, therefore preventing public viewing. One such method is to directly ask Google to uncache your information. To do that, one can visit https://www.google.com/remove.html and follow the steps from there.

Source: https://www.acunetix.com/websitesecurity/google-hacking/; https://searchsecurity.techtarget.com/definition/Google-hacking.

Five Phases of Ethical Hacking

The word hacking itself may be controversial, as it is often associated with the criminals in the computer world. However, an ethical hacker is exactly the opposite of it. Ethical hackers help clients by detecting weaknesses and vulnerabilities. The steps are pretty much the same with regular hacking, but what differentiates it is the purpose and intention. Even though ethical hacking would not be used to compromise any data and would not put you in danger, both physically and legally, it still needs to be done professionally and step by step. So here are the 5 phases of ethical hacking.

  1. Reconnaissance: This is the step where you decide who your target would be. The social engineering would also be done in this stage. We’ve already talked about social engineering in another post, so be sure to check it out!
  2. Scanning. This is the part where you scan the target’s weaknesses and vulnerabilities. One of the methods is by Port Scanning. We’ve also talked about Port Scanning in another post as well! Once you find a vulnerability, we will use said vulnerability to move onto the next step.
  3. Gaining Access. After you have found a vulnerability now it is time to gain access into your targets computer. Kali Linux is an amazing tool to help you with that. It has so many uses, but you still have to learn a few command syntaxes. To see how to download it, again, refer to one of our posts.
  4. Maintaining Access. Simply gaining access is not enough if you are trying to meddle with your target’s computer. Maintaining access is important if you wish to maximize the results of your ethical hacking. This could also mean that you could know exactly and in detail of what the vulnerability is and how to prevent it from being exploited by unethical hackers. And no, unfortunately we haven’t written a post regarding how to do that.
  5. Covering Tracks. Even if you are an ethical hacker it is still wise to cover your tracks. By doing so, you can tell your clients how you covered your tracks. Similarly, you can tell your clients how to spot hackers who have covered their tracks.

 

Written by Adrian Alexander and Charottama Oshmar

Going Back in Time… (With the Internet)

Have you ever wondered what some of your favorite websites might look in the past? Maybe a drastically different interface, or perhaps less quality content than present? Well the Wayback Machine, which can be accessed through web.archive.org,enables you to do just that: peer into the past of websites! Even though it keeps track of some websites better than others over time, it can give you a rough glimpse of how any website might have looked in the past.

By entering the website you want to view, the Wayback Machine will display all dates in which it has kept track of the website. In the picture on the right, we look at www.kompas.com and we can see that the Wayback Machine keeps a very dense record of the history of the website (shown by the green circles on the dates). You can even choose on which year you want to visit, and the graph shows how much activity is tracked by the Wayback Machine in a year. The Wayback Machine will also give suggestions to your search, similar to Google suggestions.

The density of the track record is usually determined by the popularity of the website. Less popular websites may display far fewer green than the example we used above. The machine is very handy in finding out information that is outdated.

This snapshot was taken using the Wayback Machine of www.kompas.com, dated June 18th 2003. The links displayed in the photo are clickable, and they’ll take you to a different page from that time as well!

 

Written by Charottama Oshmar and Adrian Alexander

Let’s Scan Ports!

An endpoint of communication in an operating system, which identifies a specific processor a type of network service is running on that system, is called a port. A port is always associated with an IP address of a host and the protocol type of the communication. For example, to transfer a file to a remote computer, one must specify the computer itself by an IP address, the information type by the correct protocol, and the software or service on that computer by the correct port. In the simplest terms, a port is where information gets into and out of a computer from or to the web.

Port scanning refers to the activity in which a user checks the ports on a computer. Legally, it’s used to scan for weaknesses in any of the TCP or UDP’s 65,535 ports each (this range can be modified), as even a single one can be used by hackers to tap into a computer, which is exactly how a hacker does so. Hackers also engage in port scanning. The difference is, wherein normally weaknesses found are patched and secured, hackers take advantage of them to gain access.

There is a variety of types of port scanning, although the majority performed are the TCP kind. For example, Vanilla Scanning is used to scan all 65,535 ports, either TCP or UDP. Stealth Scanning is more often than not used for hacking, as it is set up to go undetected by network traffic auditing tools. Basic Port Scan works sort of like pinging the port, in which it usually sends a packet to a specific port. There are many others beside the ones mentioned, such as SYNUDPACK, and FIN Port Scanning.

 

Written by Adrian Alexander and Charottama Oshmar

The Importance of Social Engineering in the World of Hacking

Now you might think that the single most important step of hacking is to get into the target’s device, account, or network, and the like. But you would be wrong, because the absolute most important step is to actually get into the target’s mind. The human brain has been called the most advanced computer in existence, and it too, unfortunately, has weaknesses. This is where social engineering is played by hackers. Simply put, social engineering is the attempt to gain information by playing with the target’s psychology. Human psychology, as part of our evolution, is wired to trust. This is the loophole that is hacked by attackers. Social engineering can take on many forms, some of which will be explained below.

In an office environment, an attacker might pose as an insider by wearing uniforms or even badges (those scenes you see in movies, they’re real!) Some might pretend they’re employees, while other may pretend they’re an employee from the electrical, plumbing, or any outside company, among the many other ways.

Two of the most valuable ally of a social engineer are cigarettes and dumpsters. Yup, you read that right. A social engineer can pose as just another smoker from inside the building, when he/she is in fact a trespasser. This engineer can use the conversation being held during cigarette breaks to build trust. The engineer then pretends to having forgotten the access key, and is thereby let in by other employees. This practice is known tailgating.

Dumpsters often provide critical and confidential information about a target, as not many people consider the consequences of carelessly disposing of highly sensitive material. Bank accounts, names/usernames and passwords, address, telephone number, family members’ name are ripe for the taking for the dumpster divers. The act of dumpster diving is completely legal around the world since no rule outlaws it.

 

Written by Charottama Oshmar and Adrian Alexander

XSS (Cross Site Scripting) for Dummies

Cross-site Scripting is a code injection attack done to the client-side in which hackers execute malicious scripts (commonly known as malicious payload). XSS is one of the most common web app vulnerabilities and occurs when an unvalidated user input is used within the output it generates.

An XSS attacker does not target a specific user. Instead, an attacker would exploit a vulnerability within a legitimate website or web app. Said app would then act as a vehicle to deliver malicious payload into users’ browsers.

There are many types of XSS vulnerability, including VBScript and Flash, but the most exploited is JavaScript, simply because JavaScript is a basic element to many website-viewing activities. We also exploited this weakness in the first stage of our Final Project. The process we took was very simple: just write a script tag in the comments section. So that’s what we did and we wrote <script>alert(“do you like what you see”);</script>. If successful, your browser will run the script and display the following output:

The script we used was very benign, as it just prompts the browser to display an alert. But since script usage is very wide, it can be used to deliver even more dangerous attacks.

Source: acunetix.com

Written by Adrian Alexander and Charottama Oshmar

What is Wordlist?

Wordlist is, as the name suggests, is a list of words/phrases containing possible passwords of a user. It is one of the most important tools for use in Ethical Hacking, because passwords can act as the first line of defense against hackers, both ethical and nonethical. Having a strong and unpredictable password is very important to minimize the risk of your password being included in the wordlist, because once hackers find a match between your password and an entry in the wordlist, it means your password has been compromised. Wordlists can be downloaded from many sources, such as github, and can even be combined into a single list. However, that wasn’t the case when we conducted our first stage of Final Project. Instead, we input a command wpscan –url http://wp1.pentest.id –wordlist /root/Desktop/wordlist.txt –username adminwp

Now wpscan is, as we have mentioned, a tool to find a match between the password and an entry in the wordlist. So roughly, the command above can be interpreted as “Find a password match from this website (wp1.pentest.id) under username adminwp”. The above command produces the following output:

Now you’ve got a set of possible passwords, and the password turns out to be “akusayangkamu”.

 

Written by Adrian Alexander and Charottama Oshmar

How to Install DVWA

In this post, we will tell you how to install DVWA on your Kali Linux.

Note : the screenshot of the steps was provided by Mr. Kalpin Erlangga

Before we install DVWA we must know what DVWA is. DVWA abbreviation is Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment.

This is the step to install DVWA :

  1. First Open your Kali Linux and run the terminal.
  2. Then, change your directory to /var/www/html
  3. Download the package file using wget command with this link https://github.com/ethicalhack3r/DVWA/archive/master.zip 
  4. After you have successfully download, unzip the master.zip using unzip master.zip command 
  5. After unzipping the file you will found DVWA-Master directory. Move the content of DVWA-Master Directory to web root directory with this command mv DVWA-Master/* /var/www/html and change the owner of directory /var/www/html using Chown -R www-data:www-data /var/www/html.
  6. When you have done moving the content and changing the owner of directory the next step will be starting the services of apache and mysql. use this command to start the apache and mysql service apache2 star; service mysql start.
  7. After that we should secure the mysql installation using this command mysql_secure_installation. Follow the instruction and dont ever forget to fill the password.
  8. next, we will configure our DVWA settings. first open your kali’s IP using browser in Kali Linux: http://your ip or you can use http://localhost/login.php .If you got an error like this, copy config/config.inc.php.dist to config/config.inc.php using this command cp config/config.inc.php.dist config/config.inc.php
  9. After you have done copying, you should get the recaptcha from this link http://www.google.com/recaptcha/admin
  10. After you have login and create a recaptcha, you will be given 2 important keys which are site key and secret key.
  11. Next, we should set up our database. first, type mysql -u root -p and provide the password which you have made earlier.
  12. Then, create a database.
  13. After that, grant the database privileges
  14. Last is to flush the privileges
  15. Edit the config.inc.php by going to the directory that has the file and type nano config.inc.phpthings that you should change is db_database, db_user, and db_password and don’t forget to fill in the recaptcha public key and private key. use site key for public and secret key for private.
  16. go back to http://your ip or http://localhost/login.php and click the create/reset database button.
  17. Then, a login page will appear, the user is admin and the password is admin too
  18. After you login you can use the DVWA as a tool for hacking test

 

 

 

Written by Adrian Alexander and Charottama Oshmar

How to Install Kali Linux

In this post we will tell you a guide to install Kali Linux step by step. In this case we will use a virtual box to run the Kali Linux.

  1. first, you must download and install a virtual box in order to run the Kali Linux, any virtual box is fine but, in this guide we will use Oracle VM virtual box. The Oracle VM virtual box can be downloaded via this link http://www.oracle.com/technetwork/server-storage/virtualbox/downloads/index.html.
  2. Second, you need to download the Kali Linux in the following link https://www.kali.org/downloads/.
  3. After you have done installing the oracle VM, run the virtual box itself.
  4. Then, go to new to create a new virtual machine.
  5. In here you can put any name that you want. 
  6. After you put the name and press next there will be a slider. That slider will determine on how much memory you want use for the virtual machine. It is entirely up to you for the amount of memory you want to allocate to the virtual machine. 
  7.  After you have decided how much memory you want to allocate, you will choose a virtual hard disk. choose use an existing virtual hard disk and browse the Kali Linux that you have downloaded earlier and the click create.
  8. At last it is done, you just need run Kali Linux from here.
  9. The default user for Kali Linux is root.
  10. The default password is toor.
  11. From here you can use to Kali Linux and try to hack.

That’s all the guide for installing Kali Linux on Oracle virtual machine.

 

Written by Charottama Oshmar and Adrian Alexander