Skip to content

GetCyber

Dan & Tamara

  • ALL
  • KALI
  • DEBIAN
  • WEB
  • MORE
    • MACOS
    • WINDOWS
    • QUICK HACKS
    • BLOGS
  • 📺 YOUTUBE VIDEOS
  • 🤓 ABOUT
    • 🗓️ EVENTS
    • 📩 CONTACT

- Live Fri & Sat on YouTube!

Recent Posts

  • Manipulating and Filtering Content in LinuxMarch 2, 2023
  • Appointment – Starting Point – Hack The Box // Walkthrough & SolutionFebruary 28, 2023
  • Sequel – Starting Point – Hack The Box // Walkthrough & SolutionFebruary 28, 2023
  • Crocodile – Starting Point – Hack The Box // Walkthrough & SolutionFebruary 28, 2023
  • Exposed: The Insidious Linux Backdoors You Never Knew ExistedFebruary 25, 2023
NEWSLETTER SIGN UP!

Recent Comments

  1. Benimaru on PIECE of cake – Install Metasploitable 2 on VirtualBoxJune 3, 2023

    Metasploitable.vmdk file is not listing in the storage tab. There is only one parent tab called "Controller:SATA" inside which two…

  2. Lauren Jones on Installing Kali Linux on Android using NetHunter and TermuxMay 26, 2023

    You're getting a "Permission denied" error because you're trying to execute a file that does not have execution permissions. The…

  3. Shadow on Installing Kali Linux on Android using NetHunter and TermuxMay 21, 2023

    Hello. I found Dan (the man) Duran while having an issue with kali on bare metal having a connectivity issue.…

  4. Shadow on Installing Kali Linux on Android using NetHunter and TermuxMay 21, 2023

    Hello. I found Dan (the man) Duran while having an issue with kali on bare metal having a connectivity issue.…

  5. Muhammad Asif on Why is my Kali Linux not connecting to Wi-Fi? 😱 // 100% Problem FIXED!May 6, 2023

    Hey Mate. I am a bigger in Kali Linix console. I am using MacBook pro. Downloaded and running fine via…

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • August 2022
  • June 2022
  • April 2022
  • March 2022
  • November 2021
  • October 2021

Month: January 2023

Hive Ransomware Taken Down in FBI’s Hacking Operative

Posted on January 30, 2023 - January 30, 2023 by Dan Duran

In July, the FBI confiscated the group’s infrastructure as part of an international law enforcement operation, including their Tor payment and data leak sites.

Six months of covert surveillance of the Hive ransomware gang’s infrastructure were revealed by the US Department of Justice and Europol in January 2023.

This operation enabled them to discover impending assaults, warn targets, and collect and disseminate decryption keys to victims, saving an estimated $130 million in ransom money.

According to the Justice Department bulletin, the FBI has been working since late July 2022 to get into Hive’s computer networks, grab its decryption keys, and give them to victims worldwide, thereby stopping them from paying the ransom of $130 million.

Over 300 Hive victims have been given decryption keys after the FBI infiltrated the Hive network in July 2022. The FBI also sent over a thousand more decryption keys to former Hive inmates.

An application for a warrant states that the FBI accessed three servers at a California hosting provider, two dedicated and one virtual private, by using email addresses believed to belong to members of the Hive.

By working together, the Dutch police could also break into two other Dutch-hosted backup systems.

“This hidden site has been seized. The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware,” reads the seizure notice.

Thanks to this access, law enforcement verified that the servers in question served as the primary data leak site, negotiation site, and web panels for the operation’s administrators and affiliates.

The FBI verified the accuracy of the information it had obtained through the decryption key operation by comparing it to the database discovered on Target Server 2. This database contained records of communications between Hive members, hash values for malware files, details on 250 affiliates, and victim information.

Germany, Canada, France, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, and the United Kingdom are some of the nations included in a seizure notice posted on the ransomware group’s Tor domains.

To alert other ransomware groups, this graphic is an animated GIF alternating between an English and Russian message.

Who is Hive?

A ransomware-as-a-service, Hive was released by cybercriminals in June of 2021. (RaaS). They often get access to networks by phishing, security flaws in internet-connected devices, or by acquiring credentials.

After hackers get into a company’s network, they steal unprotected customer data and use it as leverage in extortion demands.

They compromise a Windows domain controller and exploit it to propagate their ransomware over the network, locking users out of their own devices.

However, unlike other ransomware groups who claim to avoid targeting healthcare institutions, Hive does not pick and choose which targets they attack.

The victims of the ransomware group’s attacks have ranged from the non-profit Memorial Health System to the retail giant MediaMarkt to the telecoms firms Bell Technical Solutions (BTS) and Tata Power to the New York Racing Association.

In November 2022, the FBI said that over 1,500 companies had paid the ransom, bringing the total amount collected from the scheme to almost $100 million since June 2021.

Posted in BlogsLeave a comment

The Proper Way of Installing Kali Linux in Parallels // Beginner Tutorial

Posted on January 30, 2023 - January 30, 2023 by Dan Duran

This tutorial will show you how to set up a Kali Linux virtual machine (VM) in Parallels Desktop.

Using the Parallels Toolbox, not only you can run Kali in a virtual machine (VM) but it also provides isolation from the host, enables you to communicate with other VMs and the host and other computers on the network, and lets you restore from previous versions of the system using Time Machine.

The fact that Parallels for Mac is always being improved by new releases is its finest feature. There are now 18 versions of Parallels for Mac, the most recent being 2021’s Parallels Desktop 18.

The best part is that it’s not necessary to have a Kali Linux disc image or installation image in order to utilize the Parallels Desktop for Mac; you may use an existing virtual machine that is already part of the system.

Kali Linux is a free and open-source Linux distribution based on Debian that was designed for use in a variety of information security-related fields including Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

Posted in VIDEOS1 Comment

Creating an Admin User in Kali Linux and Debian-based Distros

Posted on January 29, 2023 by Dan Duran

To create an admin user in Kali and other Debian-based distros, you can use the command “adduser” followed by the username you want to create.

For example, to create a user named “peter,” you would use the command

Copy Code Copied Use a different Browser 


adduser dan

To give the user admin privileges, you can use the command “usermod” followed by the username and the option “-aG” to add the user to the “sudo” group. For example, to add the user “dan” to the “sudo” group, you would use the command

Copy Code Copied Use a different Browser 


usermod -aG sudo dan

To create the standard directories under /home/user, you can use the command

Copy Code Copied Use a different Browser 


mkdir -p /home/user/Desktop /home/user/Downloads

You can also use the command useradd instead of adduser to create a user and usermod to modify the user and add it to the sudo group.

To set a password for a user that you have created, you can use the command “passwd” followed by the username. For example, to set a password for the user “dan” that you have created, you would use the command

Copy Code Copied Use a different Browser 


passwd dan

This will prompt you to enter and confirm the password for the user.

You can also use the sudo passwd dan if you are logged in as a different user with administrative access.

Please note that it’s generally a best practice to set strong and unique passwords for all your user accounts. Also note that you need to be logged in as root or have administrative access to perform these commands.

Posted in DEBIAN LINUX, KALI LINUX, KNOWLEDGE BASE, WEB DEVLeave a comment

How to Use John the Ripper in Kali Linux

Posted on January 29, 2023 - January 29, 2023 by Dan Duran

John The Ripper has been around for a long and is a tool that all hackers and pen-testers use on a regular basis. However, if you are a rookie in this subject, employing John The Ripper is not always simple. Don’t worry, I’ll go through everything in this post to make sure you get started correctly.

John The Ripper is a well-known command-line password breaker. It is preconfigured with Kali Linux and may be used immediately after installation.

Let’s go through how to get started with it for the first time, as well as some instances of how to utilize it.

Getting Started with John The Ripper (John)

John The Ripper is a free and open-source password recovery programme that works on all operating systems and distributions. You may either download and build the source code or utilize a release package for your system or distribution.

In this article, I’m using Kali Linux, a hacking and pen-testing distribution, but you may use John on any other system if you like; the examples I provide later will function the same way.

Start John

Kali Linux comes with John The Ripper preinstalled. It’s under “05 – Password Attacks” on the main menu. The app’s name is just “John”.

However, since there is no graphical interface for John The Ripper, you may just open a terminal and run the following command to utilise it:

Copy Code Copied Use a different Browser 


john <options>

How to Use John

Using John The Ripper is not simple since there is no visual interface. For many different sorts of assaults and tactics, there are several choices available as optional arguments on the command line.

To give you a sense of the options, let’s try a couple.

Simple illustration

A file on your computer holding one or more encrypted passwords that you intend to break serves as your first step in creating a password file. Anything is possible:

the Linux system’s “/etc/passwd” file (use the unshadowed version for recent distributions).

Windows passwords

Or any password list that has been taken from a database, whether it uses the MD5, SHA1, or another encryption technique.

For this demonstration, I created a text file and filled it with several MD5 passwords. If you want to test John without having a specific example to use just yet, you may use this tool to produce several.

Anyhow, you may use John to attempt to break some of the passwords once this file is on Kali Linux.

The standard syntax is:

Copy Code Copied Use a different Browser 


john --format=<passwords-format> <file>

In my case:

Copy Code Copied Use a different Browser 


john --format=Raw-md5 md5-passwords.txt

John will open your password file and attempt a number of methods to decipher it (there is a minimal word list tested by default, and it will also use some incremental strategies).

In my test, I knowingly put the MD5 hash for a word from the word list, and it quickly identified it (the term “good luck” was one of the MD5-encrypted passwords in my file). You are welcome to include the same one to achieve success.

Wordlists

If you have a large number of encrypted passwords to test, using test word lists is the quickest approach to achieve a few positive results. The majority of users continue to use the same simple passwords across most apps (“password” and “qwerty” remain the most popular passwords globally).

But Kali Linux’s default word list isn’t that extensive. Consider downloading and testing larger lists. There are several places where you may obtain some of them, ranging from a few hundred words to enormous files, some of which are over 100 GB in size.

There are several of them available for download in this GitHub repository. It’s already good enough to run a few more tests, but the largest ones aren’t accessible (and often they’re not free).
To demonstrate how it works, I obtained the file “darweb2017-top10000.txt” and tested it using John The Ripper.

The underlying command remains the same; we just append the name of the wordlist file to it, as in:

Copy Code Copied Use a different Browser 


john --wordlist=<yourfile> --format=<format> <passwords-file>

Given that John is configured to do this task rapidly, even for the longest list, this ought to be rather speedy.

You are welcome to write a shell script that will test each list individually.

Bruteforce

The bruteforce approach, however, is the most often used way for using John The Ripper to break passwords.
The last option, if none of your word lists worked, is to attempt random passwords.

This method is known as “incremental” when used to John The Ripper, and it may be used by adding the “-incremental” option to your command line:

Copy Code Copied Use a different Browser 


john --incremental --format=Raw-md5 md5-passwords.txt

As shown in the picture, it will continue to test random passwords until it finds one that matches every password on your list. To stop John the Ripper and try other things, use “CTRL+C.”

You may provide the password format on the command line if you know it well.
For instance, you may use “digits” to instruct John to just test digits if you know that the passwords are almost certainly solely numbers:

Copy Code Copied Use a different Browser 


john --incremental=digits --format=<format> <password-file>

John is no longer testing letters in this screenshot; instead, he is just trying entire numbers. Testing lengthy passwords will go much quicker this way.

The “mask assault” is the last choice if you have additional information. The passwords you wish to test may have a specific format that you can define. You essentially realised at that point that the majority of passwords follow the same patterns as the earlier testing.

Perhaps a few years ago, the system was changed to require users to add a special character to their passwords, and everyone did so at the end. The passwords might also all begin with an uppercase letter or conclude with the user’s birthday.

The majority of people use similar patterns for their passwords, therefore utilizing mask attacks may drastically speed up the process even if you don’t currently have any knowledge. For instance, these are the most frequent patterns identified in the “Rock You” significant data breach in 2009, along with hashcat.

Using mask assaults with John the Ripper is as follows:

Copy Code Copied Use a different Browser 


john --mask=<mask> --format=<format> <yourfile>

The mask, which uses one or more of these components, serves to broadly characterise the password format:

  • ?l : lower case letters
  • ?u : upper case letters
  • ?d : digits
  • ?s : special characters
  • ?a : any characters
  • etc

As an example, I use “?u?l?l?l?s” in the following screenshot, which stands for a six-character password that begins with an uppercase letter, continues with four lowercase letters, and ends with a special character:

Copy Code Copied Use a different Browser 


john --mask=?u?l?l?l?l?s --format=Raw-md5 my-md5-passwords.txt

John is only trying this format, as you can see in the left red square; all passwords that have been tried have followed the mask that I specified on the command line.

Permutations

If you want John to have permutations of certain phrases from a wordlist (in the file dict.txt) with a 1-printable-ASCII-character suffix, a 1-printable-ASCII-character prefix, 1337speak, the MASK attack, and Hybrid Mask, use instructions like this:

Copy Code Copied Use a different Browser 


john.exe --wordlist=dict.txt --rules=All --mask=?a?w hash.txt

The 3l33t rules are incorporated in the rules of the commands listed above.

John Modules (zip2john, gpg2john, rar2john, etc)

John the ripper comes with a bunch of modules you can use to crack diverse files. These modules are installed on your Kali system by default. However, if they are not installed, you can do so simply with the following command:

Copy Code Copied Use a different Browser 


apt install <module>2john

In my case, I will install zip2john:

Copy Code Copied Use a different Browser 


apt install zip2john

To look for modules simply search with the command:

Copy Code Copied Use a different Browser 


locate 2john

zip/rar/gzip File Cracking

Assume there is a Zip file with a password lock. So, at some time in the past, you built a password-protected zip file. You’ll need to get the hash out of the zip file first by running:

Copy Code Copied Use a different Browser 


zip2john my-zip-file.zip > zip-hash.txt

The same applied for other modules

gpg2john my-gpg-file.gpg > gpg-hash.txt

rar2john rar-gpg-file.rar > rar-hash.txt

gzip2john gzip-gpg-file.gzip > gzip-hash.txt

Now you can proceed by cracking the hashes appropriately

Copy Code Copied Use a different Browser 


john --incremental --format=zip zip-hash.txt

Conclusion

John the Ripper is a lethal weapon. In fact, it is so widely used that it comes preloaded on Kali Linux! Although John the Ripper is usually used for password recovery, one may always test if the passwords one has picked are secure by attempting to crack them. Overall, it’s an excellent tool that takes some time to learn and master, but it’s well worth the effort.

Posted in KALI LINUX, KNOWLEDGE BASELeave a comment

Two VMs with the Same IP Address in VirtalBox, Yikes!

Posted on January 28, 2023 by Dan Duran

I got this question from one of my subscribers: “my VirtualBox has two Linux virtual machines running on a NAT. Both have the same ip address: 10.0.2.15. I tried releasing the IPs for both virtual machines. What can I do to change one of the IP addresses in VirtualBox?”

If both of your Linux virtual machines in VirtualBox have the same IP address of 10.0.2.15, you will need to change one of the IP addresses in order for them to communicate properly on the network.

Here are the steps to change the IP address of one of your Linux virtual machines in VirtualBox:

  1. Shut down the virtual machine that you want to change the IP address.
  2. Open the VirtualBox Manager and select the virtual machine.
  3. Click on the “Settings” button.
  4. Go to the “Network” tab.
  5. In the “Attached to” dropdown, select “NAT”.
  6. Click on the “Advanced” button and select “Port Forwarding”.
  7. In the “Host IP” field, leave it blank, in the “Host Port” enter a number of your choice, in the “Guest IP” enter the IP address you want to assign to the virtual machine, in the “Guest Port” enter “22” (if you’re using SSH) or “80” (if you’re using HTTP).
  8. Click on the “OK” button.
  9. Start the virtual machine and check if the IP address has been changed.
  10. To make sure that the virtual machine is properly configured, you can use the command “ip addr” or “ifconfig” to check the IP address.

Alternatively, you can also change the IP address in the virtual machine’s operating system by editing the network configuration files. The location and name of the network configuration files vary depending on the Linux distribution, but they are usually located in the “/etc/network” or “/etc/sysconfig/network-scripts” directory.

Please note that you may need to have administrator access to change the network configuration files.

Also, when you change the IP address of the virtual machine, you will also need to update any references to the old IP address in your host machine, such as in your hosts file or any scripts that connect to the virtual machine.

Posted in DEBIAN LINUX, KALI LINUX, KNOWLEDGE BASELeave a comment

How to Release Your IP Address Using the Terminal?

Posted on January 28, 2023 by Dan Duran

Here is how to release and acquire a new IP address on Windows, Linux and MacOS.

WINDOWS

To release your IP address on Windows use the Command Prompt:

  1. Open Command Prompt (Start > Run > cmd)
  2. Type ipconfig /release and press enter
  3. Type ipconfig /renew and press enter

This will release the current DHCP lease and acquire a new IP address from the DHCP server.

Alternatively, you can use the Command Prompt to release and renew the DHCP lease for a specific network adapter by using the command ipconfig /release [adapter] and ipconfig /renew [adapter]

Example:

  1. Open Command Prompt (Start > Run > cmd)
  2. Type ipconfig /release Ethernet and press enter
  3. Type ipconfig /renew Ethernet and press enter

This will release and renew the DHCP lease for the Ethernet adapter.

LINUX

To release your IP address on Linux using the terminal:

  1. Open terminal
  2. Type sudo dhclient -r and press enter. This command will release the current DHCP lease.
  3. Type sudo dhclient and press enter. This command will request a new DHCP lease.

Alternatively, you can release and renew DHCP lease for a specific network interface by using the command sudo dhclient -r [interface] and sudo dhclient [interface]

Example:

  1. Open terminal
  2. Type sudo dhclient -r eth0 and press enter. This command will release the DHCP lease for the eth0 interface.
  3. Type sudo dhclient eth0 and press enter. This command will request a new DHCP lease for the eth0 interface.

Please note that you may need to have administrator access to run these commands.

MacOS

To release your IP address on macOS using the terminal:

  1. Open terminal
  2. Type sudo ipconfig set en0 DHCP and press enter. This command will release the current DHCP lease for the en0 interface and request a new DHCP lease.

Alternatively, you can use the command sudo ipconfig set [interface] DHCP to release and renew DHCP lease for a specific network interface.

Example:

  1. Open terminal
  2. Type sudo ipconfig set en1 DHCP and press enter. This command will release the current DHCP lease for the en1 interface and request a new DHCP lease.

OBSERVATIONS

Please note that you may need to have administrator access to run these commands.

The commands “ipconfig /release” and “sudo dhclient -r” on Windows and Linux/macOS respectively, are used to release the current DHCP lease and acquire a new IP address from a DHCP server. If there is no DHCP server present on the network, these commands will not work, because there will be no DHCP server to release the IP address from or to request a new IP address from.

If your network is using static IP addresses, you will need to manually configure the IP address, subnet mask, and other network settings on your computer. You can do this through the network settings of your operating system, or by editing the network configuration files.

In the case of MACOS, the command “sudo ipconfig set en0 DHCP” is used to refresh DHCP lease and request a new IP address from DHCP server. If there’s no DHCP server present on the network, this command will not be able to renew the DHCP lease.

It’s important to check if your network is using DHCP or static IP addresses before attempting to release or renew an IP address.

Posted in DEBIAN LINUX, KALI LINUX, KNOWLEDGE BASE, MACOS, WINDOWSLeave a comment

What does “Scan Aborted: The remote website is up, but does not seem to be running WordPress” mean?

Posted on January 26, 2023 - January 30, 2023 by Dan Duran

When you attempt to scan a website and get the error message “Scan Aborted: The remote website is up, but does not seem to be running WordPress”, it means that WPScan did not believe that the site was genuinely running WordPress.

You may give WPScan the --force option to have it scan the site even if you don’t agree with its findings. In this situation, you may also need to provide additional parameters like --wp-content-dir and --wp-plugins-dir.

Here are some good commands you can run:

Enumerate all plugins with known vulnerabilities

Copy Code Copied Use a different Browser 


wpscan --url example.com -e vp --plugins-detection mixed --api-token YOUR_TOKEN

Enumerate all plugins in our database

Copy Code Copied Use a different Browser 


wpscan --url example.com -e ap --plugins-detection mixed --api-token YOUR_TOKEN

brute-forcing password for the identified user

Copy Code Copied Use a different Browser 


wpscan –url IP_ADDRESS_OF_WEBSITE -U USER_NAME -P PATH_TO_WORDLIST

A little more naughty scan

Copy Code Copied Use a different Browser 


wpscan --url http://example.com --api-token TOKEN --detection-mode aggressive

The full thing!

Copy Code Copied Use a different Browser 


wpscan --url http://example.com --api-token [TOKEN] --wp-content-dir /wp-content/ --wp-plugins-dir /wp-plugins/  --enumerate vp --plugins-detection aggressive

WPScan Help Page

Copy Code Copied Use a different Browser 


root@kali:~# wpscan -h
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.22
                               
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

Usage: wpscan [options]
        --url URL                                 The URL of the blog to scan
                                                  Allowed Protocols: http, https
                                                  Default Protocol if none provided: http
                                                  This option is mandatory unless update or help or hh or version is/are supplied
    -h, --help                                    Display the simple help and exit
        --hh                                      Display the full help and exit
        --version                                 Display the version and exit
    -v, --verbose                                 Verbose mode
        --[no-]banner                             Whether or not to display the banner
                                                  Default: true
    -o, --output FILE                             Output to FILE
    -f, --format FORMAT                           Output results in the format supplied
                                                  Available choices: cli-no-colour, cli, cli-no-color, json
        --detection-mode MODE                     Default: mixed
                                                  Available choices: mixed, passive, aggressive
        --user-agent, --ua VALUE
        --random-user-agent, --rua                Use a random user-agent for each scan
        --http-auth login:password
    -t, --max-threads VALUE                       The max threads to use
                                                  Default: 5
        --throttle MilliSeconds                   Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.
        --request-timeout SECONDS                 The request timeout in seconds
                                                  Default: 60
        --connect-timeout SECONDS                 The connection timeout in seconds
                                                  Default: 30
        --disable-tls-checks                      Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)
        --proxy protocol://IP:port                Supported protocols depend on the cURL installed
        --proxy-auth login:password
        --cookie-string COOKIE                    Cookie string to use in requests, format: cookie1=value1[; cookie2=value2]
        --cookie-jar FILE-PATH                    File to read and write cookies
                                                  Default: /tmp/wpscan/cookie_jar.txt
        --force                                   Do not check if the target is running WordPress or returns a 403
        --[no-]update                             Whether or not to update the Database
        --api-token TOKEN                         The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile
        --wp-content-dir DIR                      The wp-content directory if custom or not detected, such as "wp-content"
        --wp-plugins-dir DIR                      The plugins directory if custom or not detected, such as "wp-content/plugins"
    -e, --enumerate [OPTS]                        Enumeration Process
                                                  Available Choices:
                                                   vp   Vulnerable plugins
                                                   ap   All plugins
                                                   p    Popular plugins
                                                   vt   Vulnerable themes
                                                   at   All themes
                                                   t    Popular themes
                                                   tt   Timthumbs
                                                   cb   Config backups
                                                   dbe  Db exports
                                                   u    User IDs range. e.g: u1-5
                                                        Range separator to use: '-'
                                                        Value if no argument supplied: 1-10
                                                   m    Media IDs range. e.g m1-15
                                                        Note: Permalink setting must be set to "Plain" for those to be detected
                                                        Range separator to use: '-'
                                                        Value if no argument supplied: 1-100
                                                  Separator to use between the values: ','
                                                  Default: All Plugins, Config Backups
                                                  Value if no argument supplied: vp,vt,tt,cb,dbe,u,m
                                                  Incompatible choices (only one of each group/s can be used):
                                                   - vp, ap, p
                                                   - vt, at, t
        --exclude-content-based REGEXP_OR_STRING  Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
                                                  Both the headers and body are checked. Regexp delimiters are not required.
        --plugins-detection MODE                  Use the supplied mode to enumerate Plugins.
                                                  Default: passive
                                                  Available choices: mixed, passive, aggressive
        --plugins-version-detection MODE          Use the supplied mode to check plugins' versions.
                                                  Default: mixed
                                                  Available choices: mixed, passive, aggressive
        --exclude-usernames REGEXP_OR_STRING      Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.
    -P, --passwords FILE-PATH                     List of passwords to use during the password attack.
                                                  If no --username/s option supplied, user enumeration will be run.
    -U, --usernames LIST                          List of usernames to use during the password attack.
                                                  Examples: 'a1', 'a1,a2,a3', '/tmp/a.txt'
        --multicall-max-passwords MAX_PWD         Maximum number of passwords to send by request with XMLRPC multicall
                                                  Default: 500
        --password-attack ATTACK                  Force the supplied attack to be used rather than automatically determining one.
                                                  Available choices: wp-login, xmlrpc, xmlrpc-multicall
        --login-uri URI                           The URI of the login page if different from /wp-login.php
        --stealthy                                Alias for --random-user-agent --detection-mode passive --plugins-version-detection passive

[!] To see full list of options use --hh.

Final Thoughts

This quick tutorial showss how to use WPScan on Kali Linux to scan a WordPress website. We observed a number of parameters to provide with the command, which may assist us in scanning websites whose setup has been obscured. We also showed how to use aggressive detection mode and an API token to retrieve vulnerability information.

WordPress is a content management system (CMS) containing a lot of code, themes, and plugins created by diverse authors. There will inevitably be security flaws given the amount of moving components. Because of this, it’s crucial to utilise WPScan to examine your site for security flaws and to keep the software on your site updated by implementing the most recent security updates.

Posted in KALI LINUX, QUICK HACKSLeave a comment

Create a Simple Token-Based Authentication to Hide a Page

Posted on January 25, 2023 - January 30, 2023 by Dan Duran

Hi Guys! If you are working on a website or page and need to send the link to a few people but don’t want to create authentication for everyone, this method is perfect for you.

You can use a simple URI-based token system, where the token is included as a parameter in the URL. This approach is simple to implement, but it has some security risks, as the token is visible in the URL and can be easily shared or intercepted. So having said that, make sure you use this only for development and as a temporary solution!

You can use a simple PHP script that checks for the presence of a token in the query string of the URL and compares it to a predefined value to allow or deny access to the protected page.

Here’s an example of how you can implement this:

On the protected page, add the following PHP code at the top of the page:

Copy Code Copied Use a different Browser 


<?php
    // Define the token value
    $token = "mysecretkey";

    // Check if the token is present in the query string
    if(!isset($_GET['token']) || $_GET['token'] != $token){
        // If the token is not present or is invalid, redirect the user
        header("Location: denied.php");
        exit;
    }
?>

Create a new page called “denied.php” that will be displayed when the user does not have a valid token.

Copy Code Copied Use a different Browser 


<?php
header("HTTP/1.0 403 Forbidden");
?>
<!DOCTYPE html>
<html>
<head>
    <title>Access Denied</title>
</head>
<body>
    <h1>Access Denied</h1>
    <p>Sorry, you do not have the correct token to access this page. </p>
</body>
</html>

When you want to share the protected page, include the token in the URL as a query parameter, like this:

http://example.com/protected-page.php?token=mysecretkey

With this script, the protected page will only be accessible if the URL contains the correct token as a query parameter. If the token is not present or is invalid, the user will be redirected to the “denied.php” page.

Keep in mind that this is a simple example, and it’s not secure. Anyone can access the protected page by guessing the token or by looking at the source code, or even by using the browser history. Also, keep in mind that URI tokens can be cached by some browsers, so I recommend also putting a noindex, nofollow on your meta tag. Here’s the article for that: https://getcyber.me/do-not-index-development-pages-on-google/

Cheers!

Dan D.

Posted in KNOWLEDGE BASE, WEB DEVLeave a comment

Do Not Index Development Pages on Google!

Posted on January 25, 2023 - January 30, 2023 by Dan Duran

Hi Guys! When doing pen-testing for clients I often do quite a bit of OSINT (Open Source Intelligence), Google Dorking and searches on web archiving.

And let me tell you! I find a lot of development apps and sites indexed and cached by Google. The funny thing is that even if you delete those pages, they will remain present in web archives! So this is a friendly reminder always to create no-index and no-follows for your development pages. AND… Always remember to remove them when you are putting apps into production!

To use the “noindex” and “nofollow” tags for search engines on your web page, you can add them to the <head> section of the HTML code for the page in question.

  • For “noindex,” you can add a “meta” tag with the attribute “name” set to “robots” and the attribute “content” set to “noindex.”
  • For “nofollow,” you can add a “meta” tag with the attribute “name” set to “robots” and the attribute “content” set to “nofollow.”

You can also use “noindex, nofollow” if you want to use both tags together.

Example:

Copy Code Copied Use a different Browser 


<head>
  <meta name="robots" content="noindex, nofollow">
</head>

If you want to apply the “noindex” and “nofollow” tags to all pages on your website, there are a few ways you can do this.

One way is to include the “meta” tags in the common template or header file that is used by all pages on your site. This way, the tags will be included on every page that uses the template or header file.

Another way is to use server-side scripting, such as PHP, to include the “meta” tags on all pages dynamically. You can write a script that checks for the presence of the tags on each page, and if they are not present, the script will add them automatically.

A final way is to use the robots.txt file, which gives instructions to the search engines on what pages or sections of your site should not be crawled, you can simply add the Disallow: / on the robots.txt file to block all pages on your site.

It’s important to keep in mind that using the “noindex” and “nofollow” tags can prevent your pages from being indexed by search engines, which can negatively impact your website’s visibility and search engine rankings. So, make sure you only use them where necessary and appropriate.

Want to use a simple token to restrict access? Check this blog out!

I hope this helps!

Dan D.

Posted in KNOWLEDGE BASE, QUICK HACKS, WEB DEVLeave a comment

Disable JSON-REST API on WordPress

Posted on January 23, 2023 - January 23, 2023 by Dan Duran

Endpoints for WordPress data types are provided via the WordPress REST API. This enables developers to interact remotely with sites by sending and receiving JSON objects.

Most website owners, however, do not need these functionalities. Therefore, it may be better to deactivate the WordPress JSON REST API.

Nobody can dispute the advantages that this API provides to WordPress developers. Simply, it enables developers to get data using GET queries readily. This feature is quite handy for developing applications with WordPress.

That being said, although this is important for developers, most website owners do not need it. In fact, it might make your WordPress website vulnerable to DDoS assaults. It may also be incredibly resource-intensive, slowing down your site.

A sluggish website is not something you want, particularly after you have taken so many steps to improve it.

Here, I’ll teach you how to deactivate it the correct way using functions.php. This is better than installing a plugin which eventually will need to be maintained and can contribute to bloating your site.

Open to your functions.php page inside your child theme with your favourite editor. It should be on the following path:

sudo nano var/www/yoursite/public_html/wp-content/themes/yourtheme-child/functions.php

Paste the following code at the end of the file and save (CTRL+x and y).

Copy Code Copied Use a different Browser 


// Disable JSON-REST API
 add_filter( 'rest_authentication_errors', 'wp_snippet_disable_rest_api' );
   function wp_snippet_disable_rest_api( $access ) {
      return new WP_Error( 'rest_disabled', __('Sorry, the WordPress REST API is disabled.'), array( 'status' => rest_authorization_required_>
   }

To test if this fix worked, navigate to your site yoursite.com/wp-json/wp/v2/users. You should see the following message:

{"code":"rest_disabled","message":"Sorry, the WordPress REST API is disabled.","data":{"status":403}}

 
I hope this helps. Cheers!

Dan D.

Posted in DEBIAN LINUX, QUICK HACKS, WEB DEVLeave a comment

Posts navigation

Older posts

Copyright ©2023 GetCyber

Click to Copy