Good Evening Friends. Today we will see how to hack a remote Linux PC with phpFileManager 0.9.8 rce exploit. rce stands for remote code execution. Phpfilemanager is a complete filesystem management tool on a single file. Among the features of phpFileManager:
. server info
. directory tree
. copy/move/delete/create/rename/edit/view/chmod files and folders
. multiple uploads
. works on linux/windows
. php4/php5/apache2 compatible
. english/portuguese/spanish/dutch/french/german/italian/korean/russian/catalan translations.
It is used to manage files of webserver and it boasts of around 382 downloads per week. Its browser interface can be seen below.
We will try to hack into a Ubuntu 12.10 PC from Kali Linux using this phpFilemanager 0.9.8 rce exploit. Given below is the Video version of this howto. If you are interested in the textual version scroll down below the video version.
Start Metasploit. Search for the phpfilemanager exploit by typing command “search phpfilemanager” as shown below.
Load the exploit as shown below. Set the required options as shown below. Most of the options are all set except the remote host address, i.e your target’s IP address.
Type command “show payloads” to see the available payloads and set the payload you want. I have selected the payload highlighted below.
Set the payload and check if all required options are set by typing command “show options”.
Type command “exploit” to execute the exploit. If everything went well, you should get the remote pc’s shell as shown below.
It should look like shown below. Type command “ls” to see the contents of the present directory. as shown below. You can see the two files which we saw in our first picture. Now let us navigate to the etc directory as shown below.
And type command “vi passwd” to open the passwd file of the remote PC. Vi is the default text editor in Linux.
Good Evening friends. Today we will see how to hack a remote PC with ManageEngine Desktop Central 9 FileUploadServlet exploit. Desktop Central is an integrated desktop and mobile device management software that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location. This exploit exploits a vulnerability in ManageEngine Desktop Central 9 which when uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. Start Metasploit and load the exploit as shown below. Set the required options. By default, Desktop Central 9 runs on port 8020. Leave the targeturi as default only.
Set the payload as shown below. I am trying to get the shell on remote system. To select a suitable payload, you can type “show payloads” and choose the payload you want. Set the required options as shown below.
When all the options are set, type command “exploit“. You should get shell on the remote windows PC as shown below. Hence we have successfully hacked a remote Windows PC with ManageEngine Desktop Central 9 FileUploadServlet exploit.
Good evening friends. Today we will see how to exploit PHP utility belt remote code execution vulnerability. All the credit for this exploit goes to one “WICS” of exploit-db.com. The exploit is shown below. Here in this howto, I will just show you how to use this exploit. For those guys who don’t know what PHP Utiltiy belt is, it is PHP utility belt is a ” set of tools for PHP developers. We can just install it in a browser-accessible directory and have at it.”
Here is video version of this howto. If you want textual version scroll down.
This is how php utility belt can be set up as shown below.
Before we try our exploit, let’s try to access a file known as “info.php” through the url as shown below. You will get an error as shown below.
Now enter the given PHP code as shown below and hit on “Run”. This is our remote command execution exploit.
Now once again try to access the file you tried to access above. you should get the file listed as shown below. Hence we successfully did a remote command execution.
Good Evening Friends. Today we will see how to use Limesurvey Unauthenticated File Download exploit to download files from the remote web server. To those who don’t know what Limesurvey is, it is is a free and open source on-line survey application written in PHP. It enables users using a web interface to develop and publish on-line surveys, collect responses, create statistics, and export the resulting data to other applications.
This exploit works on Limesurvey versions 2.0+ and 2.06+ Build 151014. For this howto, I have installed Limesurvey on a web server as shown below.
Here’s a video version. The textual version is below the video. Please scroll down.
For this howto, I have installed Limesurvey on a web server as shown below.
Given below are the files located in the Limesurvey directory which should not be accessible to anybody. We will try to download the “README” file using the Limesurvey Unauthenticated File Download exploit in Metasploit.
Start Metasploit and load the exploit as shown below. Set the required options also as shown below. The “filepath” option is to set what file you want to download. I have chosen “readme” file as mentioned above. I have set the “traversal_depth” option to zero as the file I want to download is in the current folder only. You can set appropriately.
Once again check the required options. It should be as below.
Type command “run” and the file will be downloaded as shown below. Happy hacking.
NOTE: This is for education purpose only
Good Evening friends, today we will see about arbitrary file access vulnerability in Kodi 15. For those guys who have no idea what Kodi is, it is “an award-winning free and open source cross-platform software media player and entertainment hub for HTPCs. Kodi can be used to play almost all popular audio and video formats around.” We will exploit a LFI vulnerability in its web interface.
Before we start, let me make clear that the credit for finding this vulnerability goes to one “MICHAEL PRONK” of exploit-db. I am just showing how to use that exploit. The exploit is shown below.
Ok, now let’s see it in real time. Open Shodan ( which means you should have an account there ) and search for “title:kodi os:linux” as shown below. We are searching for all Linux machines with Kodi installed on them. The results will be as shown below.
Now open any one interface. It should look like below. Kodi, by default runs on port 8080.
Now we will try to access the passwd file available in this Linux machines. Just after port number, try this query
as shown below. You should get the contents of passwd file as shown below.
Here’s another example.
Good Evening Friends. Today we will drift a little bit from our system hacking and get into mobile hacking. Actually I thought of skipping this howto as it has been a long time since this exploit has been released and I thought developers of Mercury browser may have patched it but recently checked out that the vulnerable version( Mercury v3.2.3) of this Mercury browser is still available for download. So let us see today how to hack Android with Mercury Browser parseuri exploit. Start Metasploit and load the exploit as shown below. Set the required options ( i.e actually we need to set only one option, localhost )
Then type command “exploit” as shown below. A server will start at the localhost as shown below.
Now the only thing we need to do is make the Android users open the above url with Mercury browser. Once the android user opens the link, the exploit will run as shown below.
Now, on your localhost ( attacker machine ), open a browser and type the android user’s IP address as shown below. We got the IP address in the above picture only. As shown below, you can access all the data of our victim.
Given below are the victim’s Whatsapp data.
Good Evening Friends. Today we will see how to hack remote Windows PC with Watermark Buffer Overflow exploit. To those newbies who don’t know what is Watermark master it is ” primarily meant for people who need to protect video or graphics files from illegal copying by putting a watermark (text or graphic information) over an image. Simple text, image file, animated GIF or video file can be used as watermark here. Besides, Watermark Master provides ability to apply a great number of various effects to a watermark, including dynamic effects. A dynamic effect implies variation of the watermark in time, for example, smooth appearance or disappearance of the watermark, movement of the watermark, etc. ” Today we will see how to hack a remote Windows 7 PC with Watermark master buffer overflow exploit. This vulnerability exists in Watermark Master 2.2.23.
You can watch the video version or scroll down if you are of reading type.
Start Metasploit and load the exploit as shown below. Set the meterpreter/reverse_tcp payload.
Set the required options as shown below.
After setting all the required options, type “exploit”.
But before doing that, we have to create a listener. The process is shown below.
Set all the options. The lhost and lport values should be same as above.
Type command “exploit”. The exploit will run and stop exactly as shown below.
Now send this file to the victim.
Now when user opens this file as shown below,
We will get a meterpreter session as shown below.
It is a dream of every hacker to bypass the antivirus solutions of their targets. Recently we have been learning about various payload generators that can bypass antivirus. In this howto, we will see one such payload generator which is designed to bypass antivirus. It’s named Shellter.
To say in the words of its makers, “By using Shellter, you automatically have an infinitely polymorphic executable template, since you can use any 32-bit ‘standalone’ native Windows executable to host your shellcode. By ‘standalone’ means an executable that is not statically linked to any proprietary DLLs, apart from those included by default in Windows. ”
Let us see how to install Shellter in Kali Linux. The version we are using here is the latest version Shellter V7.0 till date which can be downloaded from here. Go to the download page and download the zip file shown below.
Click on the link and save the file as shown below.
Once the download is finished, go to the Downloads folder. You will see the “shellter.zip” file as shown below. I copied the file to the root folder but if you want to keep the file in Downloads folder you can keep it. This step is not mandatory.
Now change the permissions of the zip file as shown below. Until you change the permission- s, you cannot unzip the files. After you change the permissions of the file, unzip the contents of the file using the “unzip” command.
Type “ls“. You will see a new directory with name “shellter”. You have successfully installed Shellter in Kali Linux. Navigate into the directory “Shellter” to see its contents as shown belo- w. We will see how to use Shellter to bypass antivirus in our next issue. Until then, happy hacking practice.
Here’s a video version of this howto