Tuesday, 19 March 2013

How to lock and unlock folder in remote victim pc using metasploit

Once you got the meterpreter session use ‘shell‘command to get command prompt of the target.

lock and unlock folder :

Once you got the meterpreter session use ‘shell‘command to get command prompt of  the target.
Type Cacls (Folder Name) /e /p everyone:n and press Enter.

VIDEO




Posted by at No comments:
Labels: , , , , , ,

Monday, 18 March 2013

How To Use Credential Harvester Attack Method Over Internet

The Social-Engineer Toolkit

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.


Tools : SET TOOL KIT


OS : Backtrack 5

The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters in their user credentials, the usernames and passwords will be posted back to your machine and the victim will be redirected back to the legitimate site.

TUTORIAL VIDEO :


Posted by at No comments:
Labels: , ,

Sunday, 17 March 2013

Windows Gather USB Drive History Metasploit Module

msf

This module will enumerate USB Drive history on a target host.


Usage Information


msf > use post/windows/gather/usb_history
msf post(usb_history) > set SESSION [INTEGER]

Module Options



















SESSIONThe session to run this module on.
VERBOSEEnable detailed status messages
WORKSPACESpecify the workspace for this module



Posted by at No comments:
Labels: , , , , , , , ,

The Hacker’s Choice Releases SSL DOS Tool

thc-welcome

German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.


Establishing a secure SSL connection requires 15x more processingpower on the server than on the client.THC-SSL-DOS exploits this asymmetric property by overloading theserver and knocking it off the Internet.This problem affects all SSL implementations today. The vendors are awareof this problem since 2003 and the topic has been widely discussed.This attack further exploits the SSL secure Renegotiation featureto trigger thousands of renegotiations via single TCP connection.Download:

Windows binary:
 thc-ssl-dos-1.4-win-bin.zip
Unix Source : thc-ssl-dos-1.4.tar.gz

Usage:
Use "./configure; make all install" to build and Run : ./thc-ssl-dos 127.3.133.7 443Tips & Tricks for 

whitehats
1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, ... or the secure database port).

Counter measurements:
No real solutions exists. The following steps can mitigate (but not solve) the problem:


1. Disable SSL-Renegotiation
2. Invest into SSL Accelerator
Posted by at No comments:
Labels: , , , ,
Subscribe to: Comments (Atom)