Posts

Windows 10 Privilege Escalation using Fodhelper

Image
Hello aspiring hackers. Today we will see an exploit  which helps us in Windows 10 Privilege escalation. Till now, there was no exploit for privilege escalation in Windows 10. Recently we got one. This module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. Once the UAC flag is turned off, this module will spawn a second shell with system privileges. This module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. Imagine we have a scenario where we got meterpreter access to a Windows 10 system (See how to hack Windows 10 with Herculesand seehow to hack Windows 10 with hta exploit). To use the fodhelper module to escalate privileges, we need to background the current session. Search for fodhelper module using the search comm…

Hacking NAGIOS XI RCE vulnerability with Metasploit

Image
Good morning friends. Today we will see about hacking Nagios with Metasploit. Nagios, also known asNagios Core, is a free and open source computer-software application that is used to  monitor systems, networks and infrastructure. It offers monitoring and alerting services for servers, switches, applications and services. Italso alerts users when things go wrong and alerts them a second time when the problem has been resolved. Versions of Nagios XI 5.2.7 and below suffer from SQL injection, auth bypass, file upload, command injection, and privilege escalation vulnerabilities. This exploit uses all these vulnerabilities to get a root shell on the victim’s machine. Now let’ see how this exploit works. Start Metasploit and load the module as shown below. Let us set a new payload as shown below. Set the target IP address as shown below. Use check command to see whether our target is vulnerable as shown below. If our target is vulnerable, type command “run” to execute our exploit. If ever…

Hacking Vulnerable Vsftpd FTP server

Image
www.hackercomputerschool.com In the previous howto, we saw how information about the services running in the target system can help us in researching about them and finding vulnerabilities in those software. For example, imagine I am a black hat who performed a Nmap scan on the target (in this case, Metasploitable). The target has displayed so many banners of the services running. Let us see if we can try out the FTP service at port 21 to get access to the system. Since I am a black hat, assume I have not performed any automated vulnerability scan. Following the process shown in the last howto, I google about vsftpd 2.3.4. I got a lot of information about the FTP service at port 21. Vsftpd stands for very secure FTP daemon and the present version installed on Metasploitable 2 (1.e 2.3.4) has a backdoor installed inside it. It seems somebody uploaded a backdoor installed Vsftpd daemon to the site. This malicious version of vsftpd was available on the master site between June 30th 2011…

Hacking Windows with PoisonIvy buffer overflow exploit

Image
Good Evening friends. Today we will learn about hacking Windows with PoisonIvy buffer overflow exploit. This exploit hacks a system using a vulnerability in a RAT. RAT stands for Remote Access Trojan and is a type of malware. It works when a hacker sends a malicious file to the victim and he clicks on it. When victim clicks the malicious file, it sends a  connection back to the hacker’s machine. The Hacker can control the victim’s machine using command & control server.  Using RAT’s, the hacker can Block mouses and keyboardsChange the desktop wallpapersDownloads, uploads, deletes, and rename filesDestroys hardware by overclockingDrop viruses and wormsEdit RegistryUse your internet connection to perform denial of service attacks (DoS)Format drivesSteal passwords, credit card numbersAlter your web browser’s homepageHide desktop icons, task bar and file (Data from Wikipedia ) The picture given below should explain the scenario. More about RATs later. You can see the command and contr…

Password Cracking in Penetration Testing : Beginners Guide

Image
Password cracking plays a very important role in hacking. We are not always lucky to get credentials during enumeration. There are two types of password cracking. Online password crackingOffline password cracking In this tutorial we will learn about online password cracking. There are many techniques used in online password cracking. Some of them are, Dictionary Attack:Dictionary password attack is a password cracking attack where each word in a dictionary (or a file having a lot of words) is tried as password until access is gained. This method will be successful when simple passwords are set. By simple, I mean common passwords which can be found in a dictionary like password, iloveyou etc. This type of attack consumes less time but is not bound to be successful always especially if the password is not present in the dictionary. Brute force Attack:Brute Force attack is a password cracking attack similar to dictionary attack. The only differ ence is in this attack, each and every possib…