Posted on 14 Comments

Add new exploits to Metasploit from exploitdb

Good Evening friends. Today we will see how to add new exploits to Metasploit from the exploit database. As we all know, Metasploit is a framework to exploit systems. This howto is being done in Kali Linux which has Metasploit installed by default. You can see below that here Metasploit has total 1467 exploits. Now let us add the recently released Microsoft Windows Media Center MCL vulnerability exploit to Metasploit framework.

Go to the website exploit-db.com and open the search option as shown below. Go to the Advanced Search option and give the below values to search for all the exploits for Metasploit.

As the below image shows, we get all the exploits authored by Metasploit. We are interested in the Ms15-100 Microsoft Windows Media Center MCL vulnerability underlined below.

add new exploits to metasploit

Now click on the download option as shown below. A window will open as shown below. Select the Save option.

Now open a terminal and navigate to the Downloads folder to check your download. In our present case it is “38195.rb”.

Now navigate to the directory where metasploit stores its exploits by typing command “cd/root/.msf4“. Go into modules directory and create a directory named “exploits” inside that directory. Now go into the exploits directory(which you just created) and create another directory named “windows”, inside the windows directory( which once again you just created) create directory “local”. If you are getting confused, all the steps are given in below image, just follow them. We are just creating a valid path for metasploit to find this exploit. Once you are in the local directory, copy the exploit you just downloaded to the local folder as shown below.

Ok, we’re almost done. Now restart the system and fire up your Metasploit. Now you can see that we have 1468 exploits as 1467 previously.

Now let us search for our exploit by typing command “search ms15_100”. Load the exploit as shown below. We have successfully added a new exploit to Metasploit. Hope that was helpful.

Posted on 4 Comments

How to spoof your IP address in Kali Linux

Kali Linux is the most advanced penetration testing distribution with a number of tools. While using these tools a measure of anonymity is required. Today we are going to see how to spoof your IP address in Kali Linux. First, check your IP address by visiting any website which shows your IP address (http://www.whatismyip.com). Then go to the site www.vpnbook.com.

Download the Euro1 Server OpenVPN certificate bundle as shown below. Note down the username and password given. We will need it in later steps.

When you click on the download link, the following window opens. Since it is a zip package, system will prompt whether to open it with unzip ( the default option ). Click on “OK”.

Open the terminal and navigate to the directory where the contents of the zip archive have been unzipped. Type the command “ls” to see the unzipped files. We are going to use the vpnbook-euro1-udp53.ovpn package.

OpenVPN has been installed by default in the Kali Linux distribution. Type the command “openvpn vpnbook-euro1-udp53.ovpn” to start the process.

spoof your ip address in kali linux

The installation starts. Enter the username and password we noted above when prompted.

After a short time, the process is completed. Check your IP address again. If everything goes well, your IP address will be changed.

Posted on 2 Comments

Configure UrlScan on IIS7.5 and IIS8

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsory to install URLscan.

Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).

Click on Install. You are shown a review of components you selected to install. Click on I accept.

The components are installed and will show you a Finish screen. Click on Finish.

We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.

The installation is very quick. Once it finishes,click on “Finish”.

Now open IIS Manager. Click on ISAPI filters.

If everything went well, we should see a filter already set like below.

Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.

urlscan

Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).

We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini) to make some changes to it. It is located by default at “C:WindowsSystem32inetservurlscan”and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.

Now let’s again try to banner grab using Idserve. Restart the web server.

urlscan

We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.

Posted on 1 Comment

How to hide an exe file in a Jpeg

I have been searching for a way to send an executable file to someone and make him to execute it. Sending the exe directly is not feasible. So let’s see how to hide an exe file in a jpeg and test its feasibility. First of all, create a new directory namedtestand download some images and name them similarly. I downloaded images of a popular Tollywood actress. The plan is to lure the victim into falling in the trap. I did this on a Windows 7 machine.

Go to Folder Options”, go to View tab”,deselect ‘ Hide extensions for known file types‘ and select option Show hidden files, folders and drives. This will allow us to see the extensions of the files we are working with.

Open Notepad, type the following text and save it with the extension .bat”. What the following code does is it creates a new user named “hacker” with password “abc123″ in the Windows machine this code gets executed.

Download BAT to EXE converter and convert the batch file we just created to an exe.

Rename the file “samy.exe” to “samy_3.jpg”. Windows will prompt a warning. Ignore it.

Right click on the file “samy_3.jpg”, drag it a little and leave. Select ‘Create Shortcuts here’. We are creating a shortcut for the file samy_3.jpg.

Rename the shortcut to “samy_0.jpg”.Whatever the name you give make sure that the shortcut is clicked first and not the exe file.

Right click on “samy_0.jpg” and select Properties. In the “Start in” column delete the entire text. In the “Target:” column type “C:Windowssystem32cmd.exec samy_3.jpg.” This will run the file samy_3.jpg when clicked on the samy_0.jpg.

Click on “Change Icon” tab. Replace the text inside with “%SystemRoot%system32SHELL32.dll”and click on “OK”.

Compress all files into zip archive with the name “samy unseen.zip”. Remember that name should be attractive enough to lure the victim into clicking the images.

how to hide an exe file in a jpeg

OK, package is ready. Now the bigger challenge is to send the package to the victim’s computer. I tried to mail the package to the victim but it didn’t work out.

So I suggest you to find your own way of sending it to the victim. To test if the package will work on the victim’s system or not openCMD” and type the command “net user” before executing the image. It will show us all the users on the system.

Then click on the image samy_0.jpg. Open “CMD” and type the “net user” command again.

A new user named hacker has been created. So the trick worked.