Posted on Leave a comment

Linux Configuration Enumeration POST Exploit

Hello aspiring hackers. Today we will learn about Linux Configuration Enumeration POST Exploit. After getting a successful meterpreter session on the target Linux system (as shown  here), the next logical step is to perform some enumeration on the target Linux machine. Metasploit has many POST exploits corresponding to Linux enumeration.

The first module we will see is Linux configuration enumeration. The enum_configs module is used to collect information from the configuration files found of applications commonly installed in the system. These applications may include Apache, Nginx, Snort, MySQL, Samba, Sendmail, sysctl, cups, lampp and SNMP etc. This POST module searches for a config file in the application’s default path and if the application exists on the target system, the module will download the files and store it.

If the application doesn’t exist or the config file is moved from its default location, this module will display the “file not found” message. (Just like any POST exploit or as shown in the shell_to_meterpreter exploit, we need to background the current session and load the POST module as shown above. Then set the session id and run the exploit). Here is the enum configs module in action as shown below.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on 1 Comment

Hack Remote PC with Git Submodule

Hello aspiring hackers. In this howto, we will learn how to hack remote PC with Git Submodule. If you are a developer, cyber security enthusiast or at least a computer user, you should have definitely used (or heard about) Github. Git is an open source version control system developed by none other than the awesome Linus Trovalds (yes the same guy who created Linux).

It is a system designed to keep in touch with constant changes made to the code of software by developers. GitHub is a popular hub where developers store their projects and network with like minded people. Github stores information in a data structure called a repository. The particular module exploits a vulnerability in Git submodule.

Git submodules allow users to attach an external repository inside another repository at a specific path. This vulnerability in the Git submodule can be exploited by an attacker who can change the URL of a sub- module in a repository. This URL in the submodule can be changed to point towards a malicious link.

This module is a local exploit and works on Git versions 2.7.5 and lower. Now let us see how this module works. Start Metasploit and load the exploit as shown below. Type command “show options” to see all the options we need for this module to run.

First, we need to configure the malicious Git server. Set the options : LHOST, git_uri and Iport options as shown below. The git_uri option sets the malicious git submodule. Use command “run” to start our Git server. As the user git clones from our URL, we will get a command session on the target.

Now we need to send this malicious Git url to our intended victims. Probably it should be set as a software to convince the users to clone into their machine. Here we are testing this on KaIi Linux 2016 machine which has the vulnerable version of Git installed. We need to instruct the user to update the submodule just cloned. Let us see what happens on the victim machine.

As this happens in our victim system, we will already get a command shell on our attacker system as shown below.

We can see the active sessions using the command “sessions”.

That is how we hack remote pc with Git Submodule.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on Leave a comment

Meterpreter architecture migration exploit

Hello aspiring hackers. You all know about the meterpreter payload. It is an advanced dynamically extensible payload of Metasploit. Meterpreter architecture migration exploit is a “post” exploit used to migrate from one architecture to another architecture. What is architecture? As we all know there are two main system architectures 32bit and 64bit.

Sometimes we happen to run our exploit from a 32bit machine to hack a 64bit machine or run our exploit from a 64bit machine to hack a 32bit machine. The meterpreter payload spawns a process according to the architecture of the attacking system. If the attacking system is 32bit, the meterpreter process is 32bit and if the attacking system is 64bit the meterpreter process is 64bit.

Sometimes there may be compatibility issues if we get a 32bit meterpreter session on a 64bit machine and vice versa. This is the exact reason why this module has been introduced. For example, in our previous howto, we hacked a 64bit machine from a 32bit Kali Linux. So we have a 32bit meterpreter session on a 64bit target system. To overcome the problems of incompatibility, we need to start a 64bit meterpreter session.

It is exactly in cases like these, this module comes handy. This module checks if the architecture of meterpreter is as same as the architecture of OS and if it is not, spawns a new process with the correct architecture and migrates into that process. Let’s see how this module works.

To use this module, we need to background the current session using command “background”. Then load the exploit as shown below. Type command “show options” to have a look at the options it requires.

We need to only set the session id of the meterpreter session we just sent to background and the exploit is good to go.

If you see in the above image, our exploit failed to run for the first time. This is because in the previous session we had system privileges and if we run this module we may lose the system privileges. But don’t worry we can change the options to overcome this problem.

Set “ignore_system” option to true and you should be fine to go. This time the exploit ran successfully. As you can see in the above image, our target is a 64bit machine and our meterpreter migrated to a 64bit process successfully. Lets check by typing command “session s -l” to see the available sessions. You can see we have a 64bit meterpreter now. Job performed.

Posted on Leave a comment

Arcanus Framework : Hacking Linux OS Part 1

Hello aspiring hackers, till now we have only seen hacking windows operating systems with customized payload generators. Today we will see hacking Linux OS with Arcanus framework.

Although not as great as Windows, people using Linux OS are growing day by day. In my opinion, Linux OS is a bit easy to hack with payload generators as there is a general myth that Linux is immune to malware. Some of my friends use Linux as dual boot to keep themselves safe from virus.

Ok, now let us see how to hack Linux OS with Arcanus Framework. Start and select the option 3 since we are generating a Linux payload. If you are new to Arcanus Framework, go here.

Hit Enter. Enter your IP address (Kali Linux in this case) and the listening port as shown below.

Hit Enter. It will generate the payload in the same directory start to automatically listen for a reverse shell as shown below.

Send the generated payload to our victim. When he runs it, we should get a shell on his system as shown below.

Posted on 2 Comments

Upgrade command shell to Meterpreter session

Hello friends.. I took a long break from the blog (actually I was channeling my energy on my monthly magazine Hackercool). But I am here now back with a bang or should I say hack. Ok, Most of the times we only get a command shell on our target while hacking, although we wish we got a meterpreter session .Today we will see how to upgrade the command shell to meterpreter.

First thing we need is to background the current command shell session. Hit on CTRL+C. Don’t abort the session altogether. If it happened by mistake ( like it happened to me below), select “no” when it asks whether to abort a session. Then hit CTRL+Z and select Yes. Your session has been sent to background. Remember the session number.

Load the command shell to meterpreter upgrade module. We need only one option, the session id we sent to background.

Specify the session id and run the exploit as shown below. We will get the meterpreter session.

Type command “sessions -l” to see all our sessions as shown below.

We can load the meterpreter session as shown below.

If you found that helpful. Please check out my monthly magazine Hackercool.