hacking padding oracle

Padding oracle is a vulnerable machine which can be downloaded from "vulnhub.com".The main aim of this machine is to log in as admin.

step 1: Run the "ifconfig" command in terminal in kali linux to know the ip address of the machine from which you will be attcking on the Padding oracle machine.And the "route -n" command will show the default gateway.
   

step 2: Run the "nmap -sV -O -sS -T4 Ip address of gateway/24" command to get the ip address of all the machine that are present on the same network.
   
   

step 3: After identifying the target ip address run the uniscan command to get the details of all the directories and of all the files.
   

step 4: copy and paste all the urls in the browser to gather information about the machine.on copying and the pasting the url "http://target ip/login.php".
   

step 5: On searching the url "http://target ip/index.php"
   
The message directly tells that the login username is "admin".

step 6:After knowing the username bruteforce using hydra to get the password.The hydra will take some time to complete its task.
  
after hydra completes its task we will get the password displayed on the terminal.

step 7: Using the username"admin" and the password that we got from hydra we cann easily login as admin.
   














Comments

Post a Comment

Popular posts from this blog

Is your email account safe?

Image
                                              Electronic mail or email is the is a method of exchanging messages or data between people using electronics devices.Today mostly all email service are free and anyone can can make use of this services just by creating a account with the service provider.Email operates accross computer networks,which is primarily called as Internet,without the Internet no one can make use of this service. How email works?                        User first composes the email by writting all the content and giving any attachments if required by the help of email client on their computer. After the email is ready the composer of the email will have to provide the emai-id(It is like a persons phone number which provides unique identity to the person for his recognition) of the p...
Read more

New attraction for Hackers -GSTN(Goods and Service tax network)

Image
                                    GSTN (Goods and Services Tax Network) is a non-profit entity.The main aim for establishing GSTN is to provide IT(Information technology) infrastructure for the implementation of the GST(Goods and Services Tax) law.when GSTN opened it's portal for taxpayers to register it faced a DDOS(Distributed Denial of Service) Attack. GST GST(Goods and Services Tax) is an indirect tax throughout India amalgamating several Central and State taxes into a single tax.The simplicity of the tax would lead to easier administration and enforcement for the consumer the biggest advantages is reduction in the overall tax burden on goods and the free movement of the goods from one state to the other. The following taxes will be bound together by the GST: Central Exercise Duty Service Tax Corruption Tax Value Added Tax (VAT) Food Tax Central Sales Tax (CST)...
Read more

Big Blow to Android lovers-Judy malware

Image
In India more than 90% of the smartphones run on the open Android operating system.India is big market for Google in terms of downloads from Google play store.Smartphones lover downloads a number of application from the Google play store.India have surpassed the US in 2016,with over 6 billion apps download from the play store in this scenario the"Judy malware" a malware that hit over 36.5 million users in the world was a big blow to all the android lovers in India as well as in the world.                     What is Judy?     Judy is a malware that is embedded in some of the apps available in Google play store almost all malicious app were developed by South Korean company called Kiniwini, but they registered themselves on the Google play store as  ENISTUDIO corp,  But  it is still unclear if the company added the malicious code itself, or its servers were compromised and the code were added by a third...
Read more