Archives

All posts for the month May, 2016

Good afternoon friends. Today we will see hacking Advantech Webaccess Dashboard 8.0 with Metasploit. Advantech WebAccess is a 100% web based SCADA software. It is a cross-platform, cross-browser data access experience and a user interface based on HTML5 technology. With WebAccess, users can build an information management platform and improve the effectiveness of vertical markets development and management.

       SCADA (Supervisory Control And Data Acquisition) is a system for remote monitoring and control that operates with coded signals over communication channels.  Vulnerabilities in  SCADA systems are considered very serious as they are used in monitoring various industrial and infrastructure processes like power generation, water treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms and large communication systems.

The version 8.0 of this Adavantech Webaccess suffers from arbitrary file upload vulnerability. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess and that too without the need of authentication. Start Metasploit and load the exploit as shown below.

advantech1

Set the target IP address and check whether the target is vulnerable.

advantech2

If the target is vulnerable a shown above, set the required payload. We are trying to get a shell in our target.

advantech3

Execute the exploit by typing command “run”. The exploit will run and …………

advantech4

a command shell will be opened on our target as shown below. See it was very easy to get into a SCADA system.

advantech5

Good evening friends. “PCMan’s FTP Server is a free software mainly designed for beginners not familiar with computer, hoping that it can make setting up a basic FTP server very easily. Functionality and security are not the major concern. Usability, however, is the most important concern” according to their makers. However version 0.7 of this software has a Buffer Overflow vulnerability for which exploit has been released by Metasploit. First of all, we need to perform enumeration to find services in our targets. To know more about enumeration, read this.  Now let’s see Hacking PCMAN FTP Server with Metasploit.

pcmanf1

Start Metasploit and load the exploit. as shown below.

pcmanf2

Set the IP address of our target as shown below. Check the payloads by typing command “show payloads”.

pcmanf3

Choose any payload you require. I am choosing the meterpreter payload. Check if our target is vulnerable using the “check” command.

pcmanf4

Next execute our exploit by typing command “run”. You will successfully get the meterpreter session on the target. The only downfall with this exploit is it is only working on Windows XP. Happy hacking.

pcmanf5


Good morning friends. Today we will see how to hack Easy File sharing HTTP Server 7.2 with Metasploit. Easy File Sharing HTTP server is a is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services. It doesn’t require additional HTML page design. It allows you to run a web site on your own PC, share photos, movies, videos and music/MP3 files securely. It also allows visitors to upload/download files easily through web-based interfaces. A recent version of this software i.e 7.2 has a SEH overflow vulnerability which can be exploited by crackers to spawn a shell in the target system. If you have gone through my previous howto’s you should be well aware how to find the vulnerable targets but in some cases we may require enumeration of our target machines. Read this to know more about enumeration.                                                   Now let’s see hacking Easy File Sharing HTTP Server 7.2 with Metasploit. Start Metasploit and load the module as shown below.

efs1

The only option it requires is the RHOST. Needless to say it is the IP address of our target. Set the target and check the payloads this exploit supports.

efs2

Set the payload you want. I have set the below payload.

efs3

Type command “show options” to check whether all options are set.

efs4

It’s time to run the exploit. Type command “run” and if all goes well, you will get a shell in the remote system. Happy hacking.

efs5

Good Evening friends. Today we will see how to exploit a vulnerability in the recent version of a popular program Atutor with Metasploit. This vulnerability exists in the most recent version released, i.e Atutor 2.2.1. For those newbies who don’t know what is atutor, it is an Open Source Web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind.  It boasts of  216 downloads per week from Sourceforge itself. There are two vulnerabilities present in the version mentioned above. We will exploit a SQL injection vulnerability in this howto. So let’s get onto hacking atutor 2.2.1 with Metasploit. Start Metasploit and load the exploit as shown below.

atutorsql1

Set the required options. For present, we will only need the target IP address. Check if your target is vulnerable or not as shown below.

atutorsql2

Type command “show payloads” and choose the required payload. I chose the payload below. Once again, type command “show options” and set the attacker system’s( i.e our system’s ) IP address which I am not gonna show below.

atutorsql3

Run the exploit by typing command “run”. The exploit will run and a command shell will be opened into the target system as shown below. ( Watch out for the easter egg which we will use in our future howto’s).

atutorsql4

To know about the target system, type commands as shown below. Happy hacking.

atutorsql5

Good evening friends, today we will see how to exploit a recent vulnerability found in Dell KACE K1000 systems. To those newbies, who don’t know what they are, the Dell KACE K1000 System Management Appliance offers a comprehensive systems management solution including initial inventory and discovery, software distribution, configuration management, patching, security vulnerability remediation, asset management, helpdesk and reporting.

This module of Metasploit exploits a file upload vulnerability in Kace K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849 and 5.5 prior to 5.5.90547 which allows unauthenticated users to execute arbitrary commands. First of all start Metasploit and search for our exploit as shown below.

kace1

Next, load that exploit. Once the exploit is loaded, see what are the options required for our exploit to work. We will need the IP address of our target and the remote port.

kace2

Well, we already know how to find the targets if you have been following all my previous articles. Set the target IP address as shown below. See what payloads this exploit supports.

kace3

Set the payload you want. I chose the first one. Once again, check whether all options are set by typing command “show options”.

kace4

Once everything is set, use “check” command to see if our target is vulnerable. Not every system you are trying to attack is vulnerable, so keep a list of target IP’s.

kace5

Once you find a vulnerable system as shown above, type “run” command to execute our exploit. We should successfully get the remote system’s shell as shown below. Happy hacking.

kace6

Good Evening friends. This howto is a direct sequel to our previous howto  WordPress vulnerability assessment with WPscan, so I suggest you go through that howto first and look out for the easter eggs. This howto is based on one of the vulnerabilities we found in our previous howto. To those newbies, who don’t know what is revolution slider,  it is a popular plugin used by many wordpress websites. Well, I am sure you have heard about Panama papers leak. Yeah, I’m talking about the leak of 11.5m files from the database of the world’s fourth biggest offshore law firm, Mossack Fonseca. It has been identified that Mossack Fonseca was using a vulnerable version of WordPress revslider plugin which resulted in the hack. All versions of the plugin from 2.1.7 to 3.0.95 are vulnerable to the attack.

This exploit was made public last year but still there are many wordpress websites using the vulnerable plugin( as with the case of Mossack fonseca ). Now let us see how this exploit works in Metasploit. Start Metasploit and search for our exploit as shown below.

revslider1

Load the exploit as shown below.

revslider2

Set the required options as shown below.

revslider3

Set the required payload. Here for illustration I am setting the famous meterpreter payload.

revslider4

You can also check if your target is vulnerable by using “check” command as shown below.( But we already know our target is vulnerable).

revslider5

You can execute the exploit by typing “exploit”. If all went well, you will get the meterpreter shell on victim system.

revslider6

Hope that was helpful.

 

Good morning friends. It’s been a long break for me  from this website and I have decided to make a comeback with an interesting article. Ok guys, it often happens that we delete messages from our android phones whatever may be the reason and it also rarely happens ( especially if our time is bad )  that we need that messages back. So today we are going to see how to recover deleted messages from Android phones. Well, there are a lot of software which help us do it but we will use Wondershare Dr.Fone for its simplicity. Download the software from here and install it on your system. Once installed, open the program. It should look like below.

drfone1

Now using a USB cord, connect your android phone.The USB debugging mode should be enabled on your android phone.  It connects as shown below.

drfone2

Once the phone is connected, it will prompt you to select whatever you want to recover. As you can see we can recover Contacts, messages, call history, Whatsapp messages, photos, songs, videos and documents.

drfone3

In this case we will see how to recover deleted messages so select only that option and click on “Next”.

drfone4

Click on “Start”.

drfone5

The program will initially try to match your phone model as shown below.

drfone6

Once your phone model is found out, it will try to analyze your phone for deleted messages. The device may restart during the process.


drfone7

After restarting, the program may ask you to connect your phone once again. If it does so, disconnect the USB cord and connect again.

drfone8

After we connect the phone, it starts scanning again as shown below.

drfone9

After the scanning is over, it will show us the deleted messages as show below. As you can see, we have 415 deleted messages in the respective device.  Click on the area shown below.

drfone10

Then it will show us all the deleted messages from your phone.  Select the required messages and click on “recover” to recover your messages but you will have to register the program  for that. Hope that was helpful.

drfone11