Blog - Page 34 of 47 - Hackercool Magazine

Posted on November 12, 2017February 27, 2024 by kanishka10

Windows Powershell Enumeration POST Exploit

Hello aspiring hackers. The exploit we will see today is a POST exploitation Metasploit exploit that performs Powershell enumeration in Windows. Windows PowerShell is a task automation and configuration management framework designed by Microsoft which consists of a command line shell and associated scripting language built on the .NET Framework and .NET Core.

PowerShell provides full access to COM and WMI, enabling administrators to perform administrative tasks on both local and remote Windows systems. Its same as a command line shell but powershell is more powerful than CMD. It is a very helpful tool for network asministrators. If used properly, it can also be used by hackers to the full potential.

But we need to know about the Powershell settings installed on the target system for this. This powershell enumeration module exactly does that for us. Let us see how this module works. Just like any Metasploit POST module, we need to have a valid meterpreter session to run this module. Background the current meterpreter session and load the powershell environment enumeration module as shown below. Type command “info” to view the information about this module as shown below.

Type command “show options” to view the options to be configured. Set the session ID of the meterpreter session we just sent to background and execute the module using command “run”.

As you can see in the image above, our module successfully completed powershell enumeration of the target machine. Powershell version 2.0 is installed on our target system an there are no powershell snap-ins are installed. It seems none of the users have powershell profiles.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on November 5, 2017February 27, 2024 by kanishka10 — 1 Comment

Hack Remote PC with Git Submodule

Hello aspiring hackers. In this howto, we will learn how to hack remote PC with Git Submodule. If you are a developer, cyber security enthusiast or at least a computer user, you should have definitely used (or heard about) Github. Git is an open source version control system developed by none other than the awesome Linus Trovalds (yes the same guy who created Linux).

It is a system designed to keep in touch with constant changes made to the code of software by developers. GitHub is a popular hub where developers store their projects and network with like minded people. Github stores information in a data structure called a repository. The particular module exploits a vulnerability in Git submodule.

Git submodules allow users to attach an external repository inside another repository at a specific path. This vulnerability in the Git submodule can be exploited by an attacker who can change the URL of a sub- module in a repository. This URL in the submodule can be changed to point towards a malicious link.

This module is a local exploit and works on Git versions 2.7.5 and lower. Now let us see how this module works. Start Metasploit and load the exploit as shown below. Type command “show options” to see all the options we need for this module to run.

First, we need to configure the malicious Git server. Set the options : LHOST, git_uri and Iport options as shown below. The git_uri option sets the malicious git submodule. Use command “run” to start our Git server. As the user git clones from our URL, we will get a command session on the target.

Now we need to send this malicious Git url to our intended victims. Probably it should be set as a software to convince the users to clone into their machine. Here we are testing this on KaIi Linux 2016 machine which has the vulnerable version of Git installed. We need to instruct the user to update the submodule just cloned. Let us see what happens on the victim machine.

As this happens in our victim system, we will already get a command shell on our attacker system as shown below.

We can see the active sessions using the command “sessions”.

That is how we hack remote pc with Git Submodule.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on October 31, 2017February 27, 2024 by kanishka10

Hacking Vsftpd FTP server

In the previous howto, we saw how information about the services running in the target system can help us in researching about them and finding vulnerabilities in those software. In this article, readers will learn about hacking vsftpd. For example, imagine I am a black hat who performed a Nmap scan on the target (in this case, Metasploitable). The target has displayed so many banners of the services running.

Let us see if we can try out the FTP service at port 21 to get access to the system. Since I am a black hat, assume I have not performed any automated vulnerability scan. Following the process shown in the last howto, I google about vsftpd 2.3.4.

I got a lot of information about the FTP service at port 21. Vsftpd stands for very secure FTP daemon and the present version installed on Metasploitable 2 (1.e 2.3.4) has a backdoor installed inside it. It seems somebody already hacked vsftpd and uploaded a backdoor installed Vsftpd daemon. This malicious version of vsftpd was available on the master site between June 30th 2011 and July 1st 2011. So our target might be using the malicious version. While searching for exploit on exploit database, I found a Metasploit exploit for this vulnerability. So I start Metasploit and search for the exploit. I found it after some time.

I loaded the module and checked its options using “show options” command.

The only option required is the IP address of our target to be specified in the RHOST option. I set the RHOST option and execute the exploit using the “run” command.

I successfully got a shell on the target system as shown in the image above. I try out some basic Linux commands. As this shell has root privileges (shown in the above image), I decided to have a look at the passwd file of the target. Here it is.

Since we have shell access, we can perform all tasks which we perform from the terminal of a Linux system. We can even shutdown the remote system but keep in mind that you will lose your access to the system. That’s all in hacking vsftpd service.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on September 22, 2017February 27, 2024 by kanishka10

Enumerate Installed Programs on Windows

Hello aspiring hackers. In this howto, we will see how to enumerate installed programs a Windows system after compromise. This is a POST exploit in Metasploit which means this exploit is only available when we get a meterpreter session on the target system. Once a Windows system is hacked, privilege escalation is the next step. One of the ways to escalate privileges in a Windows system would be to find vulnerabilities in the programs installed in our target Windows system. We can do this manually but Metasploit has a post module to do exactly this. Let us see how to use it.

Send the current meterpreter session to background and load the enum_applications module as shown below. Just like any other POST module, it needs only one option, the session id of the meterpreter session we just sent to background.

module to enumerate installed programs on a windows target after gaining access

Set the session Id and execute the module as shown below.

As you can see, the module successfully gave us the programs installed on our victim’s system. Now we can search for any vulnerabilities in those programs which we could be used in privilege escalation. That is how we enumerate Installed programs in Windows.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on September 4, 2017February 27, 2024 by kanishka10 — 1 Comment

Vulnerability Assessment by hackers : Part 2

Vulnerability Assessment is the process of evaluating the weakness of a system or network. It identifies the vulnerabilities in a system or network and helps black hats to devise exploits to get access to a target system or network. We developed this Vulnerability assessment by hackers article to give readers an idea as to how hackers perform vulnerability assessment. For example, imagine I am a black hat who performed a Nmap scan on the target (in this case, Metasploitable). The target has displayed so many banners of the services running.