Posts

Showing posts with the label kali linux hacking

Real Time Hacking Scenario : Hacking my Friends

Image
Here I bring you a fictional account of a Real Time Hacking Scenario originally published in Hacker Computer School Magazine Jan 2019 Issue. This knowledge is strictly for education purposes and should be used only in pen testing. Hi,everyone. I’m hacker Computer School, allegedly a black hat hacker for some people but I still consider myself a script kiddie. The month of Januery was jampacked with parties for me. Most important of them was a get together with my scho- ol friends (none of my friends know about my hacker identity). With the ubiquitous smart phones nowadays, many photographs were taken. It was a very good opportunity to test my new digital camera. I took numerous photographs of my friends in various poses but I didn’t pose for even a single photograph. None of my friends even took note of my absence but it’s a wonderful feeling to get lost in the crowd. You don’t know it. When I began to forget about the party, some of my friends requested me for the photos I took with…

Polycom command shell authorization bypass

Image
WARNING : This knowledge is only for ethical purposes. Misuse this info at your own risk. Good morning ethical hackers. Polycom HDX devices are popular worldwide for video conferencing. They are fit for meeting rooms and conference halls of various sizes as they support 1 to 3 displays. The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. So when all the conventional methods to get access to a network, this can work as an entry point of course if they are using this product. Let us see how this can be used in our pen test. Start Metasploit and load the exploit as shown below. Set the target and check if it’s vulnerable as shown below using “check” command.
You can use the default payload or choose the required payload.…