Wednesday, February 29, 2012

Another Attack Metasploit and Beef

This is other way to exploit victim on Windows XP SP3, first step I set web page with beef hook javascript (that page is previous web I use last article) in my www directory in /var/www and wait until victim come to my web, I open my metasploit console
Use Auxiliary browser_autopwn in console and set LHOST as attacker IP in configuration and set PAYLOAD like here
And check Beef Panel, hope any victim visit bait web page here is Beef-ng Panel
That mean there visitor as victim access bait web here is web manipulation like this
Here I will give pop-up alert as decieve message to victim to visit trap link in metasploit like here


When victim real to access that link that mean system has exploitation via browser with Java payload

Here is browser has been exploitation by Metasploit and Beef combination.

Tuesday, February 28, 2012

Combine Attack Metasploit and Beef with Backtrack

With this article I will try to attackig some target with combination attack Metasploit and Beef, both of application is contain in Backtrack, at this case I want to infected

I use Metasploit to force attack into Target System to get full control of target here I do
Use MS08_067Netapi as Exploit cause my target use WIndows XP and samba service has running and use like this to enterance target's system
Use meterpreter mode I'll upload file html with beef javascript injected inside here is my html
When open with browser this page like here, I copy javascript has opened in Target Browser and copy to source code in normal html look like normal but that has been inject with hook from beef
Here is file I injected to normal HTML
 This file has load my IP as attacker into javascript source so this will call my IP every this script load in HTML

After make page with hook javascript from beef I'll upload that file from attacker side to victim side here I use meterpreter mode upload
And upload all file in directory Web after upload all enterance C: system of target like here
After finish upload all file into C:\ drive target now I try to move file Webload.htm to startup Windows of Target with meterpreter like here
Copy Webload.htm and Webload_files to Startup here is location
This mean file Webload.htm will automatic open when Target Syatem opening
Now open Beef Panel in Attacker standby and restart target system via Metasploit
After reboot target will open Webload.htm with browser, that mean will load my javascript hook file and I'll look in panel mode in Beef

Few second after Webload open in Victim data of target browser will load in Beef Panel, after that I'll try to control via Beef Panel with deface mode
And send message pop-up lihe here
This is proof browser target has explotited by attacker, my ck vector rules is Force enterance Target with Meterpreter Metasploit, upload webpage with hook javascript from Beef and make that file automaticaly open on Startup Windows.

Monday, February 27, 2012

Use Auxiliary Metasploit in MSFConsole - Search Email Collector

I'll try to explain one of hundred Auxiliary Metasploit with MSFConsole, here I'll try to use Auxiliary Search Email Collector, this auxiliaty will gathering and search any meail registered by domain, here is exapmle I use domain is mail.yahoo.com
And set DOMAIN target will gathered information of email will collected from that domain like here
Here I found one email with domain mail.yahoo.com is peter_lee@mail.yahoo.com, this tools can to inform anything domain used

Social Engginering and SET

Social Engginering is act of get information with approach to direct  or passive to target or pother meaning is the art of manipulation people into performing actions or divulging confidential information, social inering is technique to deceive target to get more information vulnerable without target notice it, social ennginering can to be fatal even actor of social engginer is expert to get it, in previous story is Kevin Mitnick act to FBI and get so many loan in Bank of America

In this case I'll show how to use SET (Social Engginering Toolkit, that is tools to act Social Engginering to get some information in 
Network, here I'll try to use is

Open the tools SET in Backtrack
I choose number 1, this is to enterance Social Engginering Attack
Choose 3 this is will Infect USB or CD/DVD Media when inserting USB to target it will running automaticaly after that choose 2 for  standard format metasploit executable and fill path of Metasploit and choose payload will be generate
I choose number 4 windows Bind TCP and next
Choose encoder to use encode payload I choose Shikata Ga Nai as my standard encoder
Wait until encoding finish and that will automaticaly go to Metasploit Console and set IP Target and all variable like here
That will load payload handler and ready to infected target.

MSFPayload and MSFEncode Combination Used

This article is explanation of how to use MSFPAYLOAD and MASENCODE, I'll explain one by one that tools in Metasploit, here I will begin with MSFPayload.

Msfpayload is tools of Metasploit, included in MSF3 to use it go to /opt/metasploit/msf3/ and run ./msfpayload. here is example of it
This tools have ability to load payload for use exploitation based vulnerable on target's system, with -l option is will show payload contain in msf3 payload to ready to use later

Msfencode is tools of Metasploit, same with Msfpayload that tools is resident in MSF3 directory, this tool have function to encode some application or file to be diferent code but have same function on opcode, that meaning is for manipulation security system like firewall or antivirus detection of malware with malfunction, for example if attacker use this tools to encode virus or trojan has infected into pdf or anything file when that file enterance in target firewall and antivirus will confirm that file is normal pdf, but even if that pdf file execute to open that will generate or calling the trojan or virus included in pdf data and that condition the pc has exploitation with that file, for exaple to use the combination with the 2 of tools I'll show here

First step we need to definetly the payload will to use in MSFPAYLOAD, here I use reverse_tcp, after that use and set LHOST, LHOST is fill with Attacker's IP like here
and that function is mean payload will loaded in file and that step will continue to MSFENCODE, in MSFENCODE we need to choose file will encoded and injected with payload from MSFPAYLOAD like here I use notepad.exe as file will injected
Full combination use is like here
That I use encoder SHIKATA GA NAI and 5 times encoded by, after that press enter to generate and inject payload into file notepad.exe after finish inject sent the file to target, and if file execute in target's system.

Saturday, February 25, 2012

Linux Exploitation Backtrack on Backtrack

Step one to exploitation Linux I chose Backtrack as target with Backtrack as attacker or other mean is backtrack vs backtrack, the reason is cause kernel backtrack can to be exploitation with this case, after follow the step one here I must to turn off ASLR Linux with this step
After setting up like that next step is build application here


Running the application with gdb on other terminal like here
Running the fuzzer
And overwrite EIP with give sending data fuzzing like here
Here is info register of EIP

Use GDB list to look enterance stack application
Setting up breakpoint on line 7
Now I look ESP address and to exploit we nees to generate exploit, use payload generator with C language like here


Insert the shellcode into the fuzzer and exploit linux is ready like here
 
IS2C © 2012 Blog's Student | is2c