Tuesday, 7 April 2015

A-PDF WAV to MP3 v1.0.0 Buffer Overflow



This module exploits a buffer overflow in A-PDF WAV to MP3 v1.0.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.

exploit : exploit/windows/fileformat/a_pdf_wav_to_mp3

msf > use exploit/windows/fileformat/a_pdf_wav_to_mp3 msf exploit(a_pdf_wav_to_mp3) > show targets
...targets...
msf exploit(a_pdf_wav_to_mp3) > set TARGET <target-id>
msf exploit(a_pdf_wav_to_mp3) > show options
...show and set options...
msf exploit(a_pdf_wav_to_mp3) > exploit

Posted by at No comments:
Labels: ,

Windows Gather Enum User MUICache metasploit module



This module gathers information about the files and file paths that logged on users have executed on the system. It also will check if the file still exists on the system. This information is gathered by using information stored under the MUICache registry key. If the user is logged in when the module is executed it will collect the MUICache entries by accessing the registry directly. If the user is not logged in the module will download users registry hive NTUSER.DAT/UsrClass.dat from the system and the MUICache contents are parsed from the downloaded hive.

Module : post/windows/gather/enum_muicache

msf > use post/windows/gather/enum_muicache 
msf post(enum_muicache) > sessions
         ...sessions...
msf post(enum_muicache) > set SESSION <session-id>
msf post(enum_muicache) > show options
        ...show and set options...
msf post(enum_muicache) > run

Posted by at No comments:
Labels: , , , ,

Sunday, 5 April 2015

How to install Metasploit in ubuntu




The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Click here to download metasploit for ubuntu


Posted by at No comments:
Labels: ,

How to Install Aircrack ng in Ubuntu




Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

In fact, Aircrack-ng is a set of tools for auditing wireless networks.

install  commands

1 - sudo apt-get install build-essential
2 - sudo apt-get install libssl-dev
3 - wget http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz

4 - In the aircrack-ng-1.1 directory there is a file called common.mak, use your favorite editor to open the file and scroll down till you see the following line:

CFLAGS ?= -g -W -Wall -Werror -O3

Delete the -Werror variable, so that the line now looks like the following. Save and exit.

CFLAGS ?= -g -W -Wall -O3

5 - make
6 - make install

Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)