DEV Community: powerexploit

Operating system Detection using TTL value Powershell & Ping!

powerexploit — Fri, 17 Jan 2020 09:05:31 +0000

When I was working on networking & data communication using several scripting & tools, Ping was my first tool in networking. I found an article about operating system detection using TTL(TIME TO Live) & Ping, which jerked my brain. Ping is a networking utility in DCN used to check connectivity between two devices in networking which can be used from the command line of window & terminal of Linux operating systems. and Time TO Live simply means, how long a resolver is supposed to cache the DNS query before the query expires and a new one needs to be done.

As You can see in the above ipv4 header there is one field about Time to live which contains 8 bits, it is a mechanism that limits the lifespan or lifetime of data in a computer or network in ipv4.
Note: For more information about ipv4 TTL visit Wikipedia.

What I Did ?

This diagram shows the different TTL values of operating systems according to their window size(discuss later).
It's time to detect an operating system with TTL values & Ping, So first of all because I was working on a window, the time was to open the power shell(the only reason why I used the window). In step one, I ran the tracert(traceroute in Linux) command to trace the route of IP or domain.
Command: tracert dev.to

Note : Number Of Hops : 10 .
Time was to run ping, Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the target host and waiting for an ICMP Echo Reply.
Command: ping dev. to

Now TTL value is 54 & Number Of Hops we get 10 By adding TTL value with Hops in number (54+10 = 64), we can conclude that there is a Linux Machine Running Because The first diagram shows that Linux includes 64 TTL.
In the next para I am explaining the power-shell script to detect OS.

Powershell to detect Operating System:

Power-shell has its function & cmdlets that can work as same as ping to get TTL value, so because I wanted to automate the whole Operating system detection process using TTL in a single power-shell module as ping.
In the coding part, I wrote a power-shell module with the PsPing function for Os in which I implemented the test-connection cmdlet of powershell.

To run above module/script I opened up my power-shell terminal:

1. import-module -name 'path of file/name'
2. get-command -module TTLOs.psm1
3. PsPing google.com

Execution:

exploit > import-module -name TTlOs.psm1
exploit > wc F:\coding_part\powershell_scripting\scripts\TTlOs.psm1
 52 130 803 F:\coding_part\powershell_scripting\scripts\TTlOs.psm1
exploit > PsPing google.com
Target is running on Linux Machine according to TTL value 53

Research Paper is also present on my github related to TTL.
so enjoy & support me follow me on github and twitter

Syn Stealth Scan With Power Of Python & Scapy

powerexploit — Mon, 25 Nov 2019 10:39:34 +0000

This blog post is a memo of python code snippets that I found particularly useful and good in the field of scanning and hacking.From a week I am working on one of the best module 'Scapy'.Then today I finally created a script which can execute syn stealth scan.

Execute the Scapy Code For $Syn Stealth Sc@n:

Powershell For Hackers - Part 1

powerexploit — Mon, 25 Nov 2019 10:22:53 +0000

Welcome back my aspiring hackers this is a series of Powershell Which Will Explain to You the power of command lines! So Let's Get Started!!
As you all know for being a professional hacker(white, black) you need to be proficient in Linux & its flavors. There are some reasons for this.
[!0]Linux is an open-source operating system & most of the hacking tools are built-in Linux.
[!1]The Terminal of Linux has full control over the operating system besides cmd.exe in windows.
For these couple of reasons, we as a hacker/pen-tester believe that Linux provides us a good environment for our penetration testing tasks but In recent years, Microsoft seems to have gained religion in terms of the advantage of the command line and terminal in Linux. Finally, now it seems they understand the strengths and advantages of the command line, and as a response, then it comes windows powershell.

What is Powershell?

PowerShell is a task-based command-line shell and scripting language built on. NET. PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes. PowerShell commands let you manage computers from the command line.
note: For more details about the history of powershell visit Wikipedia

Cmdlet In Powershell?

Cmdlets are specialized commands in the PowerShell environment that implement specific functions. Cmdlets are similar to commands in the Linux terminal.
One of the key differences between Windows PowerShell and the BASH shell in Linux is that Microsoft has developed cmdlets (command lets) for PowerShell. The cmdlets are single commands that accomplish sometimes more complex tasks similar to functions. These cmdlets take the form of verb-noun, such as "get-help".

Powershell Commands vs Linux Terminal Command :

There are some major commands those are the same in Linux & as well as powershell, but they both have their advantages in the field of pen-testing for example cat command is used in Linux for reads data from the file and gives their content as output, this command also works in powershell.

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Loading personal and system profiles took 703ms.
C:\windows\system32> cat

cmdlet Get-Content at command pipeline position 1
Supply values for the following parameters:
Path[0]:

Get-help In Powershell ?

Get help in one of the important & basic commands in power-shell, especially if you want to use powershell as a hacking framework or tool this command will be very helpful for you. Get-help lets you find out whole help info about any particular command with detailed examples.
note: For example, there is a command in PowerShell 'invoke-psnmap' a nmap wrapper as a port scanner & you don't know how to use this particular one so will use 'get-help'.

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Loading personal and system profiles took 908ms.
C:\Users\HP> get-help invoke-psnmap

NAME
    Invoke-PSnmap

This is part one of 'power-shell for pen-tester' series with some basic information about powershell its commands thanks for visiting this blog.
In the next part I will explain some important commands in power-shell which will help you to execute your penetration task in easy with window without using Linux.
Its a series only for learners in hacking so enjoy & support me
follow me on github,twitter & checkout ankitdobhal.github.io.

Did I Execute Mass Mail Attack To The Gmail or not?

powerexploit — Mon, 28 Oct 2019 14:54:58 +0000

"Python is just not a scripting language but it is one of dangerous tool which helps us to execute pen testing tasks."

The Beginning:

There was a time when I didn't know about the thing gmail or how to create a gmail account & how to send mail using such type of mailing services,Yeh! it sound to much awkward but I am talking about a lot of year ago. There was my friend in school who told me about such type of mail services basic understanding about how to create & send mail from gmail,I was happy.

The Research:

Then after lot of year being computer geek I tried to understand the basic concept of mail servcies that how they works on web.So what I learned? Gmail or any other services basically works on smtp service & the protocol used behind these mailing action is smtp or Simple Mail Transfer Protocol with port no : 25 but for gmail is usuaully works on 587 port.And A bit of research and I found out the dangerous fact of SMTP infrastructure.You have to basically setup smtp server to send mails.

note : Yeh! there is another one protocol imap but it can read the mails and does not work as same as smtp because it doesn't provide send method.

Mass Mail To The Gmail Working Or Not:

So after understanding the smtp server concept,I thought let's try to set up the smtp server in programming way.Because I was working one of my favourite scripting language python, So I decided to use python module smtplib.SMTPLIB provides amazing functions to connect smtp server,so firstly created a simple script just to connect & login server only for gmail.

import smtplib
import getpass
smtpobj = smtplib.SMTP('smtp.gmail.com',587)
my_email = input("What is  your gmail?:")
my_passw = getpass.getpass("Enter the password:")
smtpobj.starttls() 
#This step enables encryption(TLS Encryption) for your connection.
smtpobj.login(my_email,my_passw)
#this will help user to logged in gmail account

wow! the above script was working amazingly now it was very simple to connect smtp server for me and login to gmail account.Then after this one geeky thing came into my mind let's try to send multiple mail to a particular gmail address like mass mail.

Let's begin the fun

So I created a fully automated script/tool to send 100 mails to the receiver or recipient.Bravo! It was working very amazing helping me to send 100 mails or mass mail other one gmail.I have also uploaded this script into my gist .

But the problem I was having that it was working only for 100 mails & surely this is not full mass mail attack to gmail,So to get rid I decided to create this as a open source project name as MailBomber,Now I am working with some open source contributor to get rid this problem & trying to build one of the super amazing tool for pentester.
This article is designed to express my experience about how mass mail attack can be done using python & If their is any python lover want to collaborate with me this super amazing project can contribute your codes in below given project.

powerexploit / MailBomber

Osint Mass Mail 😎 Attack tool.

MaiBomber - Mass Mail Attack tool

MailBomber is one of the easiest & simple tool in python which basically works on mass mail attack to send multiple mails to victim.It is inspired by Mass mail attack vector in kali linux Setoolkit(Social engineering tool).It is designed with smtplib library.

Vision

print("Just to contribute & help hacking community")

print("Helps to understand the power of python")

Contribution

If you want to contribute to this super amazing tool , So You can contribute in following ways:

Report bugs
Add some code
Give suggestions to make it better
Fix issues & submit a pull request

View on GitHub

Thanks for visiting my blog please keep follow me on twitter , github, linkedin

Let's! Ping The Network with 15 Line Of Code Using Python & Scapy!

powerexploit — Sat, 12 Oct 2019 10:59:14 +0000

This Blog is basically published first in my blog ankitdobhal.github.io

My funny experience:

Let's try to travel the time 1 year back when I started to learn about little bit about hacking and networking in windows and Linux. Ping was my first tool,it is a basic networking utility which helps to check connectivity and communication b/w two systems.So When first time I used this utility it helped me to understand the basic concept of packets,and I was very much happy. well I know its sound to much awkward now.

Well!! Then after spending my more time in pentesting, I started to automate more stuff using python. yesterday ping came back to me, when I was working and trying to understand how packets works, & found one of the module of the python scapy and tried to break the code & ping the network,lets try to understnd what I did with with scapy.

Scapy and How it works:

So before discussing about scapy you need to be able that how to write code in python ,& if you don't know then this place is not for you!! Now What is Scapy and how it works?
Well scapy is a powerful Python-based interactive packet manipulation program and library.It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.

To install this super amazing python based library & tool you need to write this following commands in your os terminal:



pip install scapy (Windows)

pip3 install scapy (Linux)

My ping script with scapy & python:



#!/usr/bin/python3

  
  
  pingscanner.py


import sys

from scapy.all import *

print("pinging the target....")

ip = sys.argv[1]    # command line argument

icmp = IP(dst=ip)/ICMP()

#IP defines the protocol for IP addresses

  
  
  dst is the destination IP address


  
  
  TCP defines the protocol for the ports


resp = sr1(icmp,timeout=10)

if resp == None:

    print("This host is down")

else:

    print("This host is up")

what is this code doing? Let's break

Python have its power to automate most of the stuffs which lets the pentester to ease their hacking task,In above code the basic first thing I did imported scapy and sys module to use them their functions,ip is the variable which stores the target ip address ,icmp variable which creates packet and resp variable which contain sr1 function that Send packets at layer 3 and return only the first answer.Then finally conditional statement to check host is up or down.

Thankyou for visiting and understanding the power of python,You can also find above code in my gist and can ask me about anything follow me on twitter,github,medium.

Wow! Scraping Wikipedia content With 10 line of code!

powerexploit — Sat, 05 Oct 2019 11:30:06 +0000

"Hackers loves to use scraping to harvest data.~Ankit Dobhal"
original blog is here - >blog

Welcome to My Blog

Hello my Computer Geek Friend!!This is a blog about scraping wikipedia content using python & bs4(python module),So what is exactly web scraping & from where this term comes from?Let's Try To Understand!!
Web Scraping - :
Web scraping is data scraping process used for extracting data from websites.Web scraping can be done manually by a software user, the term typically refers to automated processes implemented using a bot or web crawler.It comes when world wide web born.Most of time search engine like google uses crawling process in their search result.

Scraping With Python - :
Web scraping & crawling can be done with the help of some softwares but in Nowadays Python is gaining its popularty in the field of web scraping & crawling ,& as we all know python is one of the most famous & powerful scripting languages generally for hackers & shell coders.Python have some amazing & powerful modules & libraries which makes this scraping process so easy & useful,Their are two important modules in python one is requests & another is BeautifulSoup.

Let's Write Python Script to scrape wikipedia content or wikpedia searcher:

I have a basic understanding how to do get request to websites using python , so first of all I open up my vscode editor and create file name as wikipy.py.Then import sys library(command line argument), requests library(for downloading & get method to wikipedia), & my favorite library BeautifulSoup as bs4 (To extact content from wikipedia page).

Now its time to use get method to requests data from wikipedia server , but wait I want to create a wikipedia searcher which will scrape the data according to my command line argument.So let's create a variable name as res to store get method to wikipedia search url & add it with my command line argument.

note: I uses raise_for_status() method if their is any error code and status code comes so this method will raise that & whole script will terminate.

res download the whole page but it is complicating to extract data from the page bacuase it shows the html format data , so now this is time to use BeautifulSoup to extract data. So I am creating a variable name as wiki to extract data.

note: As you can in wiki variable I uses Beautiful Soup function with two parameters ,So what they are exactly? let's understand. res.text is a text format of the page which is downloaded with the help of res variable & html.parser is a parser which will help me to structure the data into html format.

I want to scrape the p tag content according to command line argument because the whole text content of Wikipedia page is inside the p tag you can check this with the help of developer tools of chrome & Firefox.

Now I am using .select() function to select p tag & for loop to looping throgh it ,then finally printing the text elements imside p tag with.getText() function.

Yeah we did it in just 10 line of code bravo!!!
Its time to run the script with command line argument >>

Thankyou all for visting my blog you can also check my gist for wikipy script the link is below!!
wiki.py
follow me on github & linkedlin for more exciting blogs and scripts!
This blog is basically quoted from my blog website visit original blog->
https://ankitdobhal.github.io/posts/2019/10/Scraping%20Wikipedia%20With%20Python/

Hack The Box invite code challenge!Its time to begin hack.

powerexploit — Fri, 30 Aug 2019 15:36:07 +0000

Its an open challenge for all dev.to programmers & hackers hack the invite code of Hackthebox ,play with this explain your tools & tricks in comment box ~Thankyou.

Hackthebox* is An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs.If you want learn ore about pentesting,hacking so hackthebox is one of the best online platform for all beginner's.
But wait Let's talk the fun part to start working on the hackthebox first of all you need to hack it,means you need to get the invite code of this super platform.

I have explained my methods for this challenge below!

My Tools and tricks to hack the invite code of hackthebox:

My First Method:

-> Tools:

chrome devtools
Burpsuit
curl
base64

My Second Method:

-> Tools:

chrome devtools
curl

-> Scripting:

Javascript
Python script

My Python Script to hack the hackthebox invite code:

https://gist.github.com/ankitdobhal/c6ef926cd943383a5ada4a0a8e47fd8c

So after using curl I found the encrypted message of code and decode the message using my python script.To decrypt the code I used base64 python library and sys library for passing command line arguments.
-> import sys
-> import base64
The Script is avalibale in my github account.`Thankyou
So its a challenge explain your tools & tricks in comment section Hope we will do something amazing with this challenge.

Top 5 Basic Networking Commands In Windows

powerexploit — Mon, 12 Aug 2019 09:02:52 +0000

"If you want to know about networking and System hacking so first of all understand the command line interface of any operating system(Linux,Window,Ubuntu...) - Ankit Dobhal"

I love to work mostly on Command line interface(terminal) of any operating system either it is window,Linux,Ubuntu etc.

Well Window operating system contain numerous built-in, command line networking utilities or tools.Most important think that as windows administrator you have to know about the basic networking utility or tools in Window machine.Windows operating system contain some build in networking utility or commands.

Networking Commands In Window :

ipconfig :

ipconfig is one of the important & basic command in windows which can be used to display the network information of your machine like ip address,DNS etc..

Example:
-> open your window terminal and run 'ipconfig' command.

ping :

ping is more often used networking utilities in windows which is used for detecting devices on a network and for troubleshooting network problem.

Example:
-> open your window terminal and run 'ping' command.

netstat :

netstat is very useful command. It is used for displaying the udp and tcp connection & ports in your system.It is also used to detect any tipe of virus in your system by showing an unknown port.

Example:
-> open your window terminal and run 'netstat -a' command.

note: -a is used for all ports in system.

tracert :

tracert stands for traceroute like ping it sends out a data packet as a way to troubleshoot any network issues you might have, but instead tracks the route of the packet as it hops from server to server.

Example:
-> open your window terminal and run 'tracert ip_address' command.

nbtstat :

nbstat is a utility that displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
In ethical hacking their is a term called enumeration which is used to extract user names, machine names, network resources, shares and services from a system.
So for enumeration sometime nbtstat command uses to enumerate sharing services.

Example:
-> open your window terminal and run 'nbstat ip_address' command.

So as I explained the basic networking commands in window . For more details about these commands you can ask me.

How Do I Hunt Down Social Media Accounts Using Sherlock?

powerexploit — Thu, 01 Aug 2019 10:40:25 +0000

"Social media is one of the easiest platform for hackers to find out information about any particular person or target. - Ankit Dobhal"

Today! I wake up very late in the morning,& later at 9:30 I had a breakfast.
Then something happened one of my friend sent me a link about a tool Sherlock which could hunt down social media accounts with username.

Well as I usually do !!
I sat down in a cheer in front my computer with a cup of coffee,boot up my operating system.
Then I go through github link of Sherlock & started learning about that tool.

What is Sherlock?

Sherlock is a python based tool which can reveal many user accounts created by the same person in the multiple social media platforms with their screen_name or username.
sherlock script is written on python. You can checkout the whole script from its github link.

How I Hunt Down Social media Accounts With Sherlock?

Step 1 -> Installed Sherlock
In a terminal window I copied the link of sherlock from github and run following commands.

Note : Python3 and python3-pip have to be installed.

To get help about Sherlock I tried python sherlock -h command from inside
the Sherlock folder.

Step 2 -> Identify screen name
Just after reading the help I was ready to start script.But wait how to find out screen name of my target? Then I found screen name of my target by running a Google search and "Twitter."

My target was Sir Robert Baptiste aka elliot_alderson. He is french security researcher & I admire his work on security a lot.

Step 3 -> Scan for accounts
Then finally I ran sherlock.py script with following commands in my terminal screen python target_name -r --print-found to find out all social media account of my target.

Note : '-r' argument in the above command will organize the list of found
accounts by which websites are most popular,& '--print-found' will
show all accounts in terminal screen.

So as you can see above example that how I hunt down account all over internet using sherlock.py script.I also tried to contribute some file in this tool You can go through with this link to find out sherlock tool.
-> https://github.com/sherlock-project

How JavaScript Can Be Used To Accept Friend Request in Facebook & Invitation in LinkedIn?

powerexploit — Thu, 18 Jul 2019 14:36:00 +0000

JavaScript :
JavaScript is one of the famous and most used scripting language in the cross platform or web platform. Its easy to learn and also used html and web.

A few weeks ago I was working on ‘getElementsByName()’ & ‘getElementsByClassName()’ methods of JavaScript and Found something special about these two function after implementing them on ‘Social Media Platforms like : Facebook and LinkedIn. These two methods helped me to accept the friend request in Facebook and accept invitation in LinkedIn.’

getElementByName() Implementation In Facebook:

So firstly I opened up my ‘VSCODE’ editor in my system then wrote a script with my friend that helped me to accept friend request in my Facebook account.

Then fired up my chrome browser login to facebook account and open developer option using ‘ctrl+shift+i’ and pasted my script into a console box of developer option and hit enter . And it was successfully executed.

Console Box in chrome developer option →

The script is available here →
https://github.com/ankitdobhal/javascript-console/blob/master/Javascript-programming/facebook.js

getElementsByClassName() Implementation In LinkedIn:

I fired up my ‘VSCODE’ editor again and wrote a script which helped me to accept invitation in LinkedIn.

Then in my chrome browser I opened ‘developer option’ using ‘ctrl+shift+i’ and pasted this script into the console box and hit enter.

Console Box in chrome developer option →

The script is available here →
https://github.com/ankitdobhal/javascript-console/blob/master/Javascript-programming/linkedin_script.js

This shows that JavaScript is one of the power-full scripting language in cross platform and web.

The World's most dangerous search engine:Shodan

powerexploit — Mon, 15 Jul 2019 05:22:54 +0000

Its about a year ago when I started to learn about cyber security & hacking.

' I was working on a tool which helps me to find out particular router on internet but it was getting difficult me to find it.just after a minute I opened up my browser & searched about how to find webcams and router on internet?

Wow!!
I saw something amazing which let's me amazed a shodan search engine .

SHODAN:

Shodan worlds most dangerous search engine over the internet that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters.

Shodan is also available as Linux tool it means we can use this dangerous search engine using Linux terminal.

For more info visit Shodan official site.

How to crawl website using #bash script?

powerexploit — Thu, 27 Jun 2019 07:46:29 +0000

Bash script is one of the amazing scripting language used to automate tasks in Linux & Unix and it is one of my favourite scripting language for automating the tasks.

A few days ago I was searching about how to crawl website page?
After founding lot of stuff in the internet I learnt about 'Wget' tool into linux system.

Wget is a useful for downloading and crawling a website page.

So after this I started writing a bash script for website page crawling.
-> Firstly open up my favourite vim editor

-> Then started writing script with case statement

->As you can see I uses case statements and automated wget tool into a simple bash script and it its a working code..

For more details about bash and automation
visit my github account