HACK SECRET KEYS, EMAILS, SUBDOMAINS, DNS OF ANY COMPANY WEBSITE ~ International Institute Cyber Security

Monday, 14 January 2019

HACK SECRET KEYS, EMAILS, SUBDOMAINS, DNS OF ANY COMPANY WEBSITE

photon

There are many tools which are used in gathering information. These tools gather information but are not able to gather some secret information of target. There are various way to exploit any target. But there are some vital information which comes really helpful while exploiting target. So today we will show you a tool called photon.

According to ethical hacking researcher of international institute of cyber security says that photon is useful in initial phase of pentesting.

Photon is a tool used in information gathering. This tool crawls on the target very fastly. Photon grabs information secret keys, emails, subdomains, DNS and many other information which can be used to exploit. For showing you we have tested this tool on Kali Linux 2018.4

Type git clone https://github.com/s0md3v/Photon.git
Type cd Photon
Type python photon.py

root@kali:/home/iicybersecurity/Downloads/Photon# python photon.py
       _  _          _      / _ \/ /    / /_  
     / // / _ \/ _ \/ /  \/ _ \    / / / / / // / // // / / / /   //   // //_/__/____// // v1.1.5

usage: photon.py [-h] [-u root] [-c cook] [-r regex] [-e export] [-o output]
                  [-l level] [-t threads] [-d delay] [-v]
                  [-s seeds [seeds …]] [--stdout std]
                  [--user-agent user_agent] [--exclude exclude]
                  [--timeout timeout] [--headers] [--dns] [--ninja] [--keys]
                  [--update] [--only-urls] [--wayback] 
 
optional arguments:
   -h, --help            show this help message and exit
   -u root, --url root   root url
   -c cook, --cookie cook
                         cookie
   -r regex, --regex regex
                         regex pattern
   -e export, --export export
                         export format
   -o output, --output output
                         output directory
   -l level, --level level
                         levels to crawl
   -t threads, --threads threads
                         number of threads
   -d delay, --delay delay
                         delay between requests
   -v, --verbose         verbose output
   -s seeds [seeds …], --seeds seeds [seeds …]
                         additional seed urls
   --stdout std          send variables to stdout
   --user-agent user_agent
                         custom user agent(s)
   --exclude exclude     exclude urls matching this regex
   --timeout timeout     http request timeout
   --headers             add headers
   --dns                 enumerate subdomains and dns data
   --ninja               ninja mode
   --keys                find secret keys
   --update              update photon
   --only-urls           only extract urls
   --wayback             fetch urls from archive.org as seeds

The above options are used while gathering information about the target.
Type python photon.py -u hack.me
-u is used to enter url.

root@kali:/home/iicybersecurity/Downloads/Photon# python photon.py -u hack.me
       _  _          _      / _ \/ /    / /_  
     / // / _ \/ _ \/ /  \/ _ \    / / / / / // / // // / / / /   //   // //_/__/____// // v1.1.5
 
[~] Level 1: 1 URLs
 [!] Progress: 1/1
 [~] Level 2: 6 URLs
 [!] Progress: 6/6
 [~] Crawling 20 JavaScript files 
 
[!] Progress: 20/20 
 
[+] Internal: 8
 [+] Scripts: 20 
 
[+] External: 12 
 
[!] Total requests made: 27
 [!] Total time taken: 0 minutes 34 seconds
 [!] Requests per second: 0
 [+] Results saved in hack.me directory

After finishing, scanned results will save in local directory. The result will save as the name of the target.
Type ls
Type cd hack.me
Type ls

root@kali:/home/iicybersecurity/Downloads/Photon# cd hack.me
 root@kali:/home/iicybersecurity/Downloads/Photon/hack.me# ls
 external.txt  internal.txt  scripts.txt

Above are the data which have been extract by photon. The above information can be used in other hacking activities.
For viewing any file type cat scripts.txt

root@kali:/home/iicybersecurity/Downloads/Photon/hack.me# cat scripts.txt
 https://hack.me/assets/plugins/jquery-migrate-1.2.1.min.js
 https://hack.me/assets/plugins/bootstrap-modal/js/bootstrap-modal.js
 https://hack.me/assets/plugins/bootstrap-modal/js/bootstrap-modalmanager.js
 https://hack.me/js/cfg.js
 https://hack.me/assets/plugins/data-tables/DT_bootstrap.js
 https://hack.me/js/core.js
 https://hack.me/assets/plugins/jquery-1.10.2.min.js
 https://hack.me/js/errors.js
 https://hack.me/assets/scripts/signup.js
 https://hack.me/assets/scripts/html5-search.js
 https://hack.me/assets/plugins/back-to-top.js
 https://hack.me/assets/plugins/hover-dropdown.js
 https://hack.me/assets/plugins/jquery-slimscroll/jquery.slimscroll.min.js
 https://hack.me/assets/plugins/select2/select2.min.js
 https://hack.me/assets/plugins/bootstrap/js/bootstrap.min.js
 https://hack.me/assets/scripts/app.js
 https://hack.me/assets/plugins/respond.min.js
 https://hack.me/assets/scripts/trends.js
 https://hack.me/assets/plugins/data-tables/jquery.dataTables.js
 https://hack.me/assets/plugins/messages/messages.js

The above information shows that target is using what kind javascript plugins. These plugins information can be used to create exploits which can attack the target.
Type cat external.txt
Type cat internal.txt

root@kali:/home/iicybersecurity/Downloads/Photon/hack.me# cat external.txt
 https://hack.dev/101163/mutillidae-23101.html
 http://www.elearnsecurity.com
 http://www.eLearnSecurity.com

Tweets by eLearnSecurity


 https://www.facebook.com/hackmeproject
 https://me.hack.me/developer.php
 https://me.hack.me/signup

Tweets by HackMeProject


 https://www.elearnsecurity.com/course/?sp_source=Hackme&sp_term=SidebarBanner
 https://me.hack.me/login
 https://hackmeproject.uservoice.com/

Tweets by Giutro


 root@kali:/home/iicybersecurity/Downloads/Photon/hack.me# cat internal.txt
 https://hack.me
 https://hack.me/trends/
 https://hack.me/
 https://hack.me/explore/
 https://hack.me/s/
 https://hack.me/faq
 https://hack.me/about
 https://hack.me/hackmeterms.txt

The above shows the internal and external links which can be used in other hacking activities.
Type python photon.py -u hack.me -t 5 –keys
-u is used to enter url.
-t is used to enter no. of threads.
–keys will find APIs.

root@kali:/home/iicybersecurity/Downloads/Photon# python photon.py -u hack.me -t 5 --keys
       _  _          _      / _ \/ /    / /_  
     / // / _ \/ _ \/ /  \/ _ \    / / / / / // / // // / / / /   //   // //_/__/____// // v1.1.5
 
[~] Level 1: 1 URLs
 [!] Progress: 1/1
 [~] Level 2: 6 URLs
 [!] Progress: 6/6
 [~] Crawling 20 JavaScript files 
 
[!] Progress: 20/20 
 
[+] Internal: 8
 [+] Scripts: 20
 [+] External: 12 
 
[+] Keys: 7 
 
[!] Total requests made: 27
 [!] Total time taken: 0 minutes 21 seconds
 [!] Requests per second: 1
 [+] Results saved in hack.me directory

After finishing, scanned results will save in local directory.
The result will save as the name of the target.
Type ls
Type cd hack.me
Type ls
Type cat keys.txt

root@kali:/home/iicybersecurity/Downloads/Photon# cd hack.me/
 root@kali:/home/iicybersecurity/Downloads/Photon/hack.me# ls
 external.txt  internal.txt  keys.txt  scripts.txt
 root@kali:/home/iicybersecurity/Downloads/Photon/hack.me# cat keys.txt
 https://hack.me/about: 8fLx6iJ7CUYx5Vn7Ib8mxg
 https://hack.me/: 8fLx6iJ7CUYx5Vn7Ib8mxg
 https://hack.me: 8fLx6iJ7CUYx5Vn7Ib8mxg
 https://hack.me/s/: hackmesSearchPaginationBody
 https://hack.me/faq: 8fLx6iJ7CUYx5Vn7Ib8mxg
 https://hack.me/explore/: 8fLx6iJ7CUYx5Vn7Ib8mxg
 https://hack.me/s/: 8fLx6iJ7CUYx5Vn7Ib8mxg

The above shows the api keys which are used by the target. The above information can be used in other hacking activities.
Type python photon.py -u 192.168.1.10 -t 10 –dns
-u is used to enter url.
-t is used to enter no. of threads.
–dns will find subdomains.

root@kali:/home/iicybersecurity/Downloads/Photon# python photon.py -u 192.168.1.10 -t 10 --dns
       _  _          _      / _ \/ /    / /_  
     / // / _ \/ _ \/ /  \/ _ \    / / / / / // / // // / / / /   //   // //_/__/____// // v1.1.5

 
[~] Level 1: 1 URLs
 [!] Progress: 1/1
 [~] Level 2: 39 URLs 

[!] Progress: 39/39
 [~] Crawling 38 JavaScript files
 [!] Progress: 38/38
 [+] Files: 2
 [+] Intel: 10
 [+] Internal: 251
 [+] Scripts: 38
 [+] External: 111
 [+] Fuzzable: 139
 [!] Total requests made: 78
 [!] Total time taken: 0 minutes 26 seconds
 [!] Requests per second: 2
 [~] Enumerating subdomains
 [!] 0 subdomains found
 [~] Generating DNS map
 [+] Results saved in 192.168.1.10 directory

After finishing, scanned results will save in local directory. The result will save as the name of the target.
Type ls
Type cd 192.168.1.10
Type ls
Type intel.txt

root@kali:/home/iicybersecurity/Downloads/Photon# cd 192.168.1.10/
 root@kali:/home/iicybersecurity/Downloads/Photon/192.168.1.10# ls
 external.txt  files.txt  fuzzable.txt  intel.txt  internal.txt  scripts.txt
root@kali:/home/iicybersecurity/Downloads/Photon/192.168.1.10# cat intel.txt
 admin@metacorp.com
 bob@ateliergraphique.com
 jack@metacorp.com
 test@thebodgeitstore.com
 cycloneuser-3@cyclonetransfers.com
 admin@owaspbwa.org
 psiinon@gmail.com
 vicnum@ciphertechs.com
 contact@wackopicko.com
 michael.coates@owasp.org

The above query shows the extracted emails which can be used in other hacking activities.
Type cat files.txt

root@kali:/home/iicybersecurity/Downloads/Photon/192.168.1.10# cat files.txt
 ./documentation/mutillidae-installation-on-xampp-win7.pdf
 images/lolhax.jpg

The above query shows the files that have been extracted from the target. This information can be used in other hacking activities.
python photon.py -u hack-yourself-first.com -t 10 –ninja
-u is used to enter url.
-t is used to enter no. of threads.
–ninja is used to make depth scan.

root@kali:/home/iicybersecurity/Downloads/Photon# python photon.py -u hack-yourself-first.com -t 10 --ninja
       _  _          _      / _ \/ /    / /_  
     / // / _ \/ _ \/ /  \/ _ \    / / / / / // / // // / / / /   //   // //_/__/____// // v1.1.5
 
[+] URLs retrieved from robots.txt: 4
 [~] Level 1: 5 URLs
 [!] Progress: 5/5
 [~] Level 2: 14 URLs
 [!] Progress: 14/14
 [~] Crawling 5 JavaScript files 
 
[!] Progress: 5/5 
 
[+] Robots: 4
 [+] Internal: 30
 [+] Scripts: 5
 [+] External: 6 
 
[+] Fuzzable: 11 
 
[!] Total requests made: 24
 [!] Total time taken: 0 minutes 30 seconds
 [!] Requests per second: 0
 [~] Enumerating subdomains
 [!] 0 subdomains found
 [~] Generating DNS map
 [+] Results saved in hack-yourself-first.com directory

After finishing, scanned results will save in local directory. The result will save as the name of the target.
Type ls
Type cd 192.168.1.10
Type ls
Type intel.txt

root@kali:/home/iicybersecurity/Downloads/Photon/hack-yourself-first.com# cat intel.txt
 pauldiresta@f1.com
 troyhunt@hotmail.com
 lewishamilton@f1.com
 felipemassa@f1.com
 jean-ericvergne@f1.com
 valtteribottas@f1.com
 charlespic@f1.com
 pastormaldonado@f1.com
 fdasdf@gmail.com
 markwebber@f1.com
 coderNirmal@gmail.com
 exileytacc@gmail.com
 abc@f1.com
 sergioperez@f1.com
 adriansutil@f1.com
 jensonbutton@f1.com
 julesbianchi@f1.com
 estebangutierrez@f1.com
 root@linux.org
 kimiraikkonen@f1.com
 danielricciardo@f1.com
 fernandoalonso@f1.com
 nicorosberg@f1.com
 a@a.com
 romaingrosjean@f1.com
 crazypand03@yourmomgey.com
 abc@gmail.com
 maxchilton@f1.com
 giedovandergarde@f1.com
 nicohulkenberg@f1.com
 sebastianvettel@f1.com

The above query shows the extracted mail ids which can be used in other hacking activities.
This will also help to do social engineering attacks on target.

International Institute Cyber Security | Information Security Classes Mexico

Monday, 14 January 2019