Access backtrack from remote computer using ssh & vnc.

If  you want to access your local computer through remote computer ; first you need configure ssh daemon .Because nowadays people are not using telnet due to plain text protocol.How to configure ssh in Backtrack 5 r3?(1)First we have to generate ssh key.So type following in terminal.ssh-keygenIt will generate public/private rsa key pair.By default location of keys is /root/.ssh/id_rsa(2)Now we will move this generated keys in ssh folder.cd /etc/sshmkdir...

Read More

Exploit Oracle Endeca Server with metasploit.

This module exploits a command injection vulnerability on the Oracle  Endeca Server 7.4.0. The vulnerability exists on the createDataStore  method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008...

Read More

How to get plain text source from shc compiled bash script?

Shc is used to protect your shell script from modification or inspection. If you created bash script want to distribute it , but dono`t want them to easily readble by other people , then you can use it.First we see how to compiled bash script to binary?wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgztar -xvzf shc-3.8.7.tgzcd shc-3.8.7make./shcYou can see shc usage message.shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt]...

Read More

Post exploitation & swaparoo backdoor.

Today we are going to create valid RDP user in victim pc using two method.(1)As usual get meterpreter session of victim using metasploit.We need system privilege So use getsystem .(getsystem will work in xp. But if victim has windows 7 than you have to use bypassuac module;it will work if victim has admin provilage.But most of time detecetd by AV. So you have to encode it. )Now we use meterpreter script which create RDP useraccount for logon.run...

Read More

Post exploitation using Nishang.

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests. This framework is written by Nikhil Mittal who is also author of Kautilya framework.For more information you can visit his blog. Today we will see some basic module from nishang framework...

Read More

Bypass AV using powershell method using batch file.

In penetration testing first step is how we can bypass AV & make our payload FUD. Previously we saw that we can bypass AV using Veil.At that time we used python module.In veil there are four types of payload.C,C#,powershell and python. Today we use powershell module.If you don`t aware about powershell ; then you can google it.It`s windows based scripting language like bash in linux.Most of AV cannot detect it.We use SET powershell module to bypass...

Read More

Exploit for Firefox 17 in Windows XP sp3

Recently Mozilla Firefox 0day possibly being used by the FBI in order to identify some users using Tor for crackdown on child pornography.Now exploit is available in metasploit. Use msfupdate to get it.Exploit target:   Id  Name   --  ----   0   Firefox 17 & Firefox 21 / Windows XP SP3msf > use exploit/windows/browser/mozilla_firefox_onreadystatechangemsf exploit(mozilla_firefox_onreadystatechange)...

Read More

Bypass AV using Veil In Backtrack.

Today this blog complete exactly one year.Before one year i started journey in security world & still now it`s going well.Ok get to the point.Most of time it happened that our payload is detected by AV ;we can use encoder to encode our payload ;So it can not be detected by AV. Today we show how we can bypass AV using Veil. Veil is python based tool which create FUD payload.How to Download & use ?wget https://github.com/ChrisTruncer/Veil/archive/master.zipunzip...

Read More

Extract skype & firefox data after exploitation.

Today we will see how can we extract skype username ; contacts details ;conversation;file transfer & also firefox history;cookies;google search from victim computer.First of all it`s post  exploitation, So i don`t go deep in How to hack remote P.C.. if you want to learn than click here & read metasploit section of blog.So you have to hack remote computer using metasploit. I create simple payload ; encoded it so antivirus can not...

Read More

Extract email address from given domain.

Yesterday i created simple script which extract email address from given Domain. We can gather email address from whois info; pgp key search ;domain name. With help of this script we can extract email address which are on the specified web page.In backtrack there is tool available which is uberharvester. It has many features ;  but for small website it takes too much time to extract information.But this script work fast for small website. Speed...

Read More

How to use Browser Exploitation Framework?

The Browser Exploitation Framework (BeEF) is a penetration testing tool written in Ruby and designed to both showcase browser weaknesses as well as perform attacks both on and through the web browser. BeEF consists of a server application that manages the connected clients, known as “zombies”, and JavaScript “hooks” which run in the browser of target hosts.Traditionally, the JavaScript hook is injected by the attacker into HTML code either through...

Read More