Monday, November 27, 2017

Installing The Fat RAT & Introduction to Information Gathering tools (ျမန္မာလို)




Kali Linux
1. Installing The Fat RAT

ဒီေန႔ သင္ခန္းစာမွာေတာ့ ပထမဆံုးအေနနဲ႔ ထည့္သြင္းဖို႔ လိုအပ္တာက TheFatRat ပါ။ ေဒါင္းယူရမယ့္ လိပ္စာေလး ေပးလိုက္ပါတယ္။ Day 4 ရဲ႕ ေနာက္ဆံုး သင္ခန္းစာမွာ ေဒါင္းဖို႔ ေျပာထားျပီးသားမို႔ ေဒါင္းျပီးသားသူေတြက ေဒါင္းစရာမလိုအပ္ေတာ့ပါဘူး။ install လုပ္ရမယ့္အဆင့္ကို ဖတ္လိုက္ပါ။ မေဒါင္းရေသးတဲ့သူေတြက
https://github.com/Screetsec/TheFatRat မွာ ေဒါင္းယူရမွာျဖစ္ပါတယ္။ အစိမ္းေရာင္ download ခလုတ္ကို ႏွိပ္ျပီး ေဒါင္းယူရမွာျဖစ္ပါတယ္။  terminal ကေန ေဒါင္းယူခ်င္ရင္ေတာ့ ပထမဆံုးအေနနဲ႔
location  တစ္ခုခုေပၚ (example) Desktop ေပၚကို ေရြးယူထားလိုက္ရပါမယ္။

cd Desktop
git clone https://github.com/Screetsec/TheFatRat.git
အထက္ပါ command ကို အသံုးျပဳျပီး terminal ကေန ေဒါင္းယူႏိုင္မွာျဖစ္ပါတယ္။ ရလာတဲ့ zip ဖိုင္ကို Right Click ႏွိပ္ျပီး extract here လိုက္မယ္ရင္ေတာ့ Desktop ေပၚမွာ TheFatRat  ဆိုတဲ့ နာမည္နဲ႔ folder တစ္ခုကို ေတြ႕ျမင္ရမွာျဖစ္ပါတယ္။
အထက္ပါ folder ကို ဖြင့္လိုက္ပါ။ ျပီးရင္ လြတ္တဲ့ေနရာမွာ R-click ႏွိပ္ျပီး open in terminal ကို ေရြးလိုက္ပါ။ (သို႔မဟုတ္ terminal ကေနပဲ cd ကို အသံုးျပဳျပီး folder ထဲ ေရာက္ေအာင္ဝင္ပါ။) ဒီထိ ထပ္ရွင္းျပစရာမလိုေလာက္ေတာ့ဘူးလို႔ ထင္ပါတယ္။ အထက္ပါအတိုင္း ဝင္ေရာက္ျပီးျပီဆိုရင္ေတာ့ ls နဲ႔ ဖြင့္ၾကည့္ရင္ သူ႔ထဲမွာ ရွိတဲ့ ဖိုင္ေတြ list နဲ႔ တက္လာမွာျဖစ္ပါတယ္။
install လုပ္ရမယ့္အဆင့္ေတြကေတာ့

chmod +x fatrat
chmod +x powerfull.sh
chmod +x setup.sh
ျပီးရင္ေတာ့ setup ဖိုင္ကို run ပါမယ္။ run တာက ./ ေနာ္
./setup.sh
ဒီအထိ ျပီးရင္ေတာ့
_   _____/_____  _/  |_\______   \_____  _/  |_ 
 |    __)  \__  \ \   __\|       _/\__  \ \   __\
 |     \    / __ \_|  |  |    |   \ / __ \_|  | 
 \___  /   (____  /|__|  |____|_  /(____  /|__| 
     \/         \/              \/      \/       
                 ____    ________               
                /_   |  /   __   \               
                 |   |  \____    /               
                 |   |     /    /               
                 |___| /\ /____/                 
                       \/                       

          Setup Script for FATRAT 1.9     
 [ ✔ ] Xterm.............................[ found ]
 [ ✔ ] Dns-Utils ........................[ found ]
 [ ✔ ] Zenity............................[ found ]
 [ ✔ ] Gcc compiler......................[ found ]
 [ X ] Monodevelop  -> not found
 [ ! ]  Installing monodevelop
ဆိုျပီး ေပၚလာမွာျဖစ္ျပီး ေနာက္ထပ္ terminal box တစ္ခုမွာ install progress ကို ေတြ႕ျမင္ရပါမယ္။ ofline မဟုတ္တဲ့အတြက္ အင္တာနက္လိုင္း ရွိေနဖို႔ လိုအပ္ပါတယ္။
install အဆင့္က ေတာ္ေတာ္ၾကာတာမို႔ စိတ္ရွည္ရွည္ ေစာင့္ဖို႔ လိုအပ္ပါတယ္။ 100% ျပည့္မွ finish ျဖစ္ပါမယ္။
FatRat တင္ျပီးတဲ့အခါ ေခၚၾကည့္ရင္ ဒီလို ျမင္ရပါမယ္

        ____
        |    |
        |____|
       _|____|_       _____ _       _____     _   _____     _     
        /  ee\_      |_   _| |_ ___|   __|___| |_| __  |___| |_   
      .<     __O       | | |   | -_|   __| .'|  _|    -| .'|  _|
     /\ \.-.' \        |_| |_|_|___|__|  |___|_| |__|__|___|_| 
    J  \.|'.\/ \                 
    | |_.|. | | |   [--]   Backdoor Creator for Remote Acces [--]
     \__.' .|-' /   [--]  Created by: Edo Maland (Screetsec) [--]
     L   /|o'--'\   [--]            Version: 1.9.2           [--]
     |  /\/\/\   \  [--]          Codename: Whistle          [--]   
     J /      \.__\ [--]   Follow me on Github: @Screetsec   [--]
     J /      \.__\ [--]   Dracos Linux : @dracos-linux.org  [--]
     |/         /   [--]         [--]
       \      .'\.  [--]     SELECT AN OPTION TO BEGIN:      [--] 
    ____)_/\_(___\. [--] .___________________________________[--]
   (___._/  \_.___)'\_.-----------------------------------------/

 
[01]  Create Backdoor with msfvenom
[02]  Create Fud 100% Backdoor [Slow but Powerfull]
[03]  Create Fud Backdoor with Avoid v1.2 
[04]  Create Fud Backdoor with backdoor-factory [embed]
[05]  Backdooring Original apk [Instagram, Line,etc]
[06]  Create Fud Backdoor 1000% with PwnWinds [Excelent]
[07]  Create Backdoor For Office with Microsploit
[08]  Create auto listeners 
[09]  Jump to msfconsole 
[10]  Searchsploit 
[11]  File Pumper [Increase Your Files Size]
[12]  Cleanup 
[13]  Help 
[14]  Credits 
[15]  Exit 

 ┌─[TheFatRat]──[~]─[menu]:
 └─────►


..........................................................................................................................
..........................................................................................................................
ကြ်န္ေတာ္တို႔ေတြမွာလည္း ႀကိဳတင္ျပင္ဆင္တာေတြ မ်ားေနတယ္။ ခုထိကို ဟုတ္တိပတ္တိ ဘာမွ မလုပ္ရေသးဘူးျဖစ္ေနတယ္ေနာ္။ ျပင္ဆင္တဲ့အပိုင္း မျပီးေသးဘူးလား လို႔ ေမးခ်င္တဲ့သူ ရွိေကာင္းရွိပါမယ္။
ဒီေမးခြန္းေလးကို ဒီလိုေျဖၾကည့္ခ်င္ပါတယ္။
Kali Linux ခု ကြ်န္ေတာ္တို႔ သံုးေနတဲ့  26.2 Version မွာ tools ေတြ အမ်ားႀကီး built-in ပါေနတာကို သတိထားမိၾကတယ္ေနာ္။ ကြ်န္ေတာ္တို႔ ကိုယ္တိုင္လည္း ေတြ႕ဖူးေနတယ္။ ေကာင္းျပီ။
ခုပဲ all application menu ကို ဖြင့္ျပီး  Folder 1 (Information Gathering) ကို ၾကည့္လိုက္ရေအာင္။ ယခု သင္ခန္းစာ folder ထဲမွာ ပူးတြဲပါတဲ့  pic1 ကို ၾကည့္ပါ။ မိမိတို႔စက္ထဲမွာလည္း အဲအတိုင္းပဲ ျဖစ္ပါမယ္။ ပံုထဲမွာ arrow နဲ႔ျပ ထားတဲ့ ပထမဆံုး tool ကို ၾကည့္ပါ။ 0trace ျဖစ္ပါတယ္။ ဖြင့္ၾကည့္ပါ။ ဘာေပၚလာတာကို ျမင္ရပါသလဲ။  terminal ပဲ ေပၚလာတာကို ေတြ႕ရပါလိမ့္မယ္။
အဲသည္ terminal မွာပဲ  0trace လို႔ ရိုက္ၾကည့္လိုက္ပါဦး။ ျပီးရင္ enter ေပါ့။ ဘာေတြ႕ရပါသလဲ။
root@kali:~# 0trace
bash: 0trace: command not found
ဆိုျပီး မရွိဘူးဆိုတာ ေတြ႕ရပါလိမ့္မယ္။
Information Gathering (အခ်က္အလက္ စုေဆာင္းျခင္း) အုပ္စုထဲမွာ ပါဝင္တဲ့ tools ေတြ ကို ေအာက္မွာ ေဖာ္ျပေပးထားပါတယ္။

Information Gathering

    acccheck     ace-voip    Amap    Automater     bing-ip2hosts
    braa     CaseFile CDPSnarf cisco-torch     Cookie Cadger
    #copy-router-config DMitry dnmap dnsenum     dnsmap
    DNSRecon dnstracer dnswalk DotDotPwn     enum4linux
    enumIAX Faraday Fierce Firewalk     fragroute
    fragrouter Ghost Phisher   GoLismero goofile     hping3
    #ident-user-enum    InTrace iSMTP lbd     Maltego Teeth
    masscan Metagoofil      Miranda          nbtscan-unixwiz    Nmap
    ntop p0f         Parsero          Recon-ng      SET
    smtp-user-enum      snmp-check      SPARTA           sslcaudit     SSLsplit
    sslstrip         SSLyze         THC-IPV6 theHarvester     TLSSLed
    twofi         URLCrazy Wireshark WOL-E     Xplico
Kali Linux မွာ အသံုးျပဳႏိုင္တဲ့ Information Gathering Tools ေတြပါ။ ၆၀ တိတိ ရွိပါတယ္။ ဒါေပမယ့္ ကြ်န္ေတာ္တို႔ သံုးရမွာ ခုေဖာ္ျပထားတဲ့အတိုင္းေတာ့ မဟုတ္ပါဘူး။ နည္းနည္း ရႈပ္သြားျပီထင္တယ္။
ကဲ ဒါဆိုရင္  AccCheck အေၾကာင္းကို အရင္ဆံုးေျပာရေအာင္။
root@kali:~# acccheck
သူ႔ကို အလြယ္ကူဆံုး ရွင္းျပရမယ္ဆိုရင္ေတာ့ သူက Dictionary ကို အသံုးျပဳျပီး Passwword Guessing Attack လုပ္တာေပါ့။ Admin Acc ရဲ႕ user name ေတြနဲ႔ passwords ေတြကို ယွဥ္တြဲႏိုင္ေအာင္ ၾကိဳးစားေပးတဲ့ tools ျဖစ္ပါတယ္။ The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. လို႔ သူ႔ရဲ႕ မူလWeb မွာ ေဖာ္ျပထားပါတယ္။ SMB protocol ကေန target ရဲ႕ windows authenication ကို ရယူလိုတဲ့အခါ Password dictionary attack လုပ္လို႔ရေအာင္ ေရးဆြဲထားတဲ့ tools ေပါ့။

-t [single host IP address] ဒါကေတာ့ ရွင္းပါတယ္။ IP တစ္ခုတည္းကို မူေသ သတ္မွတ္ႀကိဳးစားျခင္းျဖစ္ျပီး
OR
-T [file containing target ip address(es)] ဒါကေတာ့ IP Address ေတြ ပါဝင္ေနတဲ့ ဖိုင္ကို အသံုးျပဳျပီး ႀကိဳးစားတာ ျဖစ္ပါတယ္

Optionalေတြကေတာ့
-p [single password]
-P [file containing passwords]
-u [single user]
-U [file containing usernames]
-v [verbose mode]

Examples
Attempt the 'Administrator' account with a [BLANK] password.
acccheck -t 10.10.10.1

Attempt all passwords in 'password.txt' against the 'Administrator' account.
acccheck -t 10.10.10.1 -P password.txt

Attempt all password in 'password.txt' against all users in 'users.txt'.
acccehck -t 10.10.10.1 -U users.txt -P password.txt

Attempt a single password against a single user.
acccheck -t 10.10.10.1 -u administrator -p password

...............................................................................................................................
ေနာက္တစ္ခု က ace
ACE VoIP Directory Tool ေပါ့။

ACE (Automated Corporate Enumerator)ဆိုတာက ဖုန္းရဲ႕ Screen interface ေပၚမွာ ေဖာ္ျပႏိုင္တဲ့ entry ေတြ name ေတြကို download ရယူႏိုင္ေစဖုိ႔အတြက္ IP Phone တစ္ခုရဲ႕  Behavior ကို အတုလုပ္ ေဖာ္ျပႏိုင္စြမ္းရွိတဲ့ tool တစ္ခုျဖစ္ပါတယ္။ powerful VoIP Corporate Directory enumeration tool လို႔ ဆိုႏိုင္ပါတယ္။
automate VoIP attacks ေတြကို ျပဳလုပ္ႏိုင္ဖို႔ ဖန္တီးထားတဲ့ tool တစ္ခုျဖစ္ပါတယ္။ ACE ကေန VoIP corporate directory ေတြကို ေဒါင္းယူႏိုင္ဖို႔အတြက္ DHCP, TFTP, and HTTP ေတြကို သံုးျပီး  အလုပ္လုပ္ပါတယ္။ Directory ေတြကိုလည္း text file အေနနဲ႔ ထုတ္ေပးတယ္။ အျခား VoIP Assessment Tools ေတြနဲ႔ အလုပ္လုပ္ႏိုင္တဲ့ text file အျဖစ္ေပါ့။

ACE ကို ပံုစံ ႏွစ္မ်ိဳးနဲ႔ အသံုးျပဳႏိုင္ပါတယ္။ ပထမတစ္မ်ိဳးက DHCP ကေနတစ္ဆင့္ TFTP Server IP Address ကို အလိုအေလ်ာက္ ရွာေဖြေပးတာျဖစ္ျပီး ေနာက္တစ္ခုကေတာ့ command line parameter အျဖစ္ TFTP Server IP address ကို user က သတ္မွတ္ေပးႏိုင္တာျဖစ္တယ္။ အဲဒီအတြက္ေတာ့ Mac Address ကို သိဖို႔ လိုအပ္ျပီး -m option ကို အသံုးျပဳရပါလိမ့္မယ္။
Usage: ace [-i interface] [ -m mac address ] [ -t tftp server ip address | -c cdp mode | -v voice vlan id | -r vlan interface | -d verbose mode ]

-i (Mandatory) Interface for sniffing/sending packets
-m (Mandatory) MAC address of the victim IP phone
-t (Optional) tftp server ip address
-c (Optional) 0 CDP sniff mode, 1 CDP spoof mode
-v (Optional) Enter the voice vlan ID
-r (Optional) Removes the VLAN interface
-d (Optional) Verbose | debug mode

ဒီလို မွတ္ထားႏိုင္ပါတယ္။ နမူနာ အသံုးျပဳကေတာ့ ေအာက္ပါအတိုင္း ျဖစ္ပါတယ္။
Example Usages:
Usage requires MAC Address of IP Phone supplied with -m option
Usage:  ace -t -m

Mode to automatically discover TFTP Server IP via DHCP Option 150 (-m)
Example:  ace -i eth0 -m 00:1E:F7:28:9C:8e

Mode to specify IP Address of TFTP Server
Example:  ace -i eth0 -t 192.168.10.150 -m 00:1E:F7:28:9C:8e

Mode to specify the Voice VLAN ID
Example: ace -i eth0 -v 96 -m 00:1E:F7:28:9C:8E

Verbose mode
Example: ace -i eth0 -v 96 -m 00:1E:F7:28:9C:8E -d

Mode to remove vlan interface
Example: ace -r eth0.96

Mode to auto-discover voice vlan ID in the listening mode for CDP
Example: ace -i eth0 -c 0 -m 00:1E:F7:28:9C:8E

Mode to auto-discover voice vlan ID in the spoofing mode for CDP
Example: ace -i eth0 -c 1 -m 00:1E:F7:28:9C:8E
..........................................................................................
ေနာက္တစ္ခုကေတာ့
root@kmn:~# amap
amap v5.4 (c) 2011 by van Hauser www.thc.org/thc-amap
Syntax: amap [-A|-B|-P|-W] [-1buSRHUdqv] [[-m] -o ] [-D ] [-t/-T sec] [-c cons] [-C retries] [-p proto] [-i ] [target port [port] ...]
Modes:
  -A         Map applications: send triggers and analyse responses (default)
  -B         Just grab banners, do not send triggers
  -P         No banner or application stuff - be a (full connect) port scanner
Options:
  -1         Only send triggers to a port until 1st identification. Speeeeed!
  -6         Use IPv6 instead of IPv4
  -b         Print ascii banner of responses
  -i FILE    Nmap machine readable outputfile to read ports from
  -u         Ports specified on commandline are UDP (default is TCP)
  -R         Do NOT identify RPC service
  -H         Do NOT send application triggers marked as potentially harmful
  -U         Do NOT dump unrecognised responses (better for scripting)
  -d         Dump all responses
  -v         Verbose mode, use twice (or more!) for debug (not recommended :-)
  -q         Do not report closed ports, and do not print them as unidentified
  -o FILE [-m] Write output to file FILE, -m creates machine readable output
  -c CONS    Amount of parallel connections to make (default 32, max 256)
  -C RETRIES Number of reconnects on connect timeouts (see -T) (default 3)
  -T SEC     Connect timeout on connection attempts in seconds (default 5)
  -t SEC     Response wait timeout in seconds (default 5)
  -p PROTO   Only send triggers for this protocol (e.g. ftp)
  TARGET PORT   The target address and port(s) to scan (additional to -i)
amap is a tool to identify application protocols on target ports.
Note: this version was NOT compiled with SSL support!
Usage hint: Options "-bqv" are recommended, add "-1" for fast/rush checks.
ျဖစ္ပါတယ္။
amapcrap လည္း ရွိပါေသးတယ္

root@kmn:~# amapcrap
amapcrap v5.4 (c) 2011 by van Hauser/THC

Syntax: amapcrap [-S] [-u] [-m 0ab] [-M min,max] [-n connects] [-N delay] [-w delay] [-e] [-v] TARGET PORT

Options:
    -S           use SSL after TCP connect (not usuable with -u)
    -u           use UDP protocol (default: TCP) (not usable with -c)
    -n connects  maximum number of connects (default: unlimited)
    -N delay     delay between connects in ms (default: 0)
    -w delay     delay before closing the port (default: 250)
    -e           do NOT stop when a response was made by the server
    -v           verbose mode
    -m 0ab       send as random crap:0-nullbytes, a-letters+spaces, b-binary
    -M min,max   minimum and maximum length of random crap
    TARGET PORT  target (ip or dns) and port to send random crap

This tool sends random data to a silent port to illicit a response, which can
then be used within amap for future detection. It outputs proper amap
appdefs definitions. Note: by default all modes are activated (0:10%, a:40%,
b:50%). Mode 'a' always sends one line with letters and spaces which end with
\r\n. Visit our homepage at http://www.thc.org
.................................................................................................
နမူနာ တစ္ခု သံုးျပပါမယ္
root@kmn:~# amap -bqv 192.168.1.15 80
Using trigger file /etc/amap/appdefs.trig ... loaded 30 triggers
Using response file /etc/amap/appdefs.resp ... loaded 346 responses
Using trigger file /etc/amap/appdefs.rpc ... loaded 450 triggers

amap v5.4 (www.thc.org/thc-amap) started at 2017-03-30 10:13:03 - APPLICATION MAPPING mode

Total amount of tasks to perform in plain connect mode: 23
Waiting for timeout on 23 connections ...
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect
this connect

amap v5.4 finished at 2017-03-30 10:13:14
root@kmn:~#
ပါ။
တစ္ခုစီ ရွင္းျပဖို႔ဆိုရင္ေတာ့ ကြ်န္ေတာ္တို႔အတြက္ အရမ္း အခ်ိန္ေတြေပးရမွာျဖစ္ျပီး မွတ္ထားႏိုင္ဖို႔လည္း အလြန္ခက္ပါလိမ့္မယ္။ စာေတြ အမ်ားၾကီး က်က္ဖို႔လည္း လိုေနမွာပါ။
ကြ်န္ေတာ္ကေတာ့ အဲသည္နည္းကို အားမေပးတဲ့အတြက္ tools တစ္ခုစီမွာ သူ႔ေဖာ္ျပခ်က္နဲ႔သူ ရွိတယ္ဆိုတာေလးကို မွတ္ထားဖို႔ေလာက္ပဲ အားေပးခ်င္ပါတယ္။
...............................................

Thanks


Khit Minnyo

0 comments:

Post a Comment