ATTACK VECTOR BROWSER EXPLOIT AND FILE EXPLOIT

Posted by Dedi Kurniawan on Monday, February 27, 2012 at 2:19 PM
Ok First step open beef


Open address 127.0.0.1/beef/

and  replace address 127.0.0.1 with 192.168.43.1 (if batrack) as below

Next copy address browser at Beef and paste to Url windows


And replace address use if batrack


And now try sending Alert dialog

And see result to windows



And next we try to exploit


Type command to msfconsole like command above


Next i'm sorry i'm  confused
0 comments

Monday, February 27, 2012

USE AUXILIARY IN METASPOLIT

Posted by Dedi Kurniawan at 12:11 PM
OK here I try to use dos modules / http / apache_mod_isapi.  
This module implements the Internet Server extension API. It allows Internet Server extensions (e.g. ISAPI .dll modules) to be served by Apache for Windows, subject to the noted restrictions.

First open #msfconsole






#show auxiliary

 

Then follow the commands as shown below
0 comments

ABOUT SOCIAL ENGENERING AND SOCIAL ENGENERING TOOLKIT

Posted by Dedi Kurniawan at 11:31 AM
SOCIAL ANGENERING 

Social Engineering is defined as the process of deceiving people into giving away access or confidential information. The act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.

SOCIAL ANGENERING TOOLKIT


What Is Social Engineering Toolkit
I will discuss about the usage of social engineering toolkit on backtrack 5 to hack a windows operating system, but before going to the actual tutorial I want to share the basic introduction of social engineering toolkit that would really help for the beginner.
The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
0 comments

ABOUT MSFPAYLOAD AND MSFENCODE

Posted by Dedi Kurniawan at 11:15 AM
MSFPAYLOAD

Msfpayload is component of Metasploit allows  to generate shellcode, Executables, and much more for use in exploits outside of the Framework. Shellcode can be generated in many formats including C, Ruby, JavaScript, and even Visual Basic for Applications. Each output format will be useful in various situations. For example, if we are working with a Python-based proof of concept, C-style output might be best; or  working on a browser exploit, a JavaScript output format might be best.

MSFencode
The shellcode generated by msfpayload is fully functional, but it contains several null characters that, when interpreted by many programs, signify the end of a string, and this will cause the code to terminate before completion.

OK For example


































Now we’ll run a simple encoding of an MSF payload by importing raw
output from msfpayload into msfencode to see how the result affects our antivirus
detection:










0 comments
Subscribe to: Posts (Atom)