Saturday, 30 August 2014

From XSS to Domain Admin


Recently attended elearning security Webinar, it was quite interesting, where researcher demonstrated way to Domain admin from simple stored XSS attack.

Inspired by that, I thought to create my own scenario and landed up creating this video of around
41 Min 15 Seconds!

My Setup :

Active Directory - Windows 2008 Server
Domain Machine - XP Machine [ With limited User Access ]
Web Server - Apache hosted with vulnerable application [ Ruubikcms ]
Pentester's Machine - Kali Linux

It was fun to create this scenario, setting up Active Directory, Web server and much more!

For reference I have created small PPT which depicts overall scenario.

Download It Here

From XSS to Domain Admin :

1. Stored XSS Malicious script injection.
2. Get access to Victim Computer [ Shell Access ]
3. Privilege Escalation
4. Domain Access

From XSS to Domain Admin - Part 1

From XSS to Domain Admin - Part 2

From XSS to Domain Admin - Part 3

Hope this will be helpful....

I will really appreciate if you can comment on this video and will be helpful for me to work on those areas.


Thursday, 21 August 2014

Android Meterpreter Shell Hack

It is fun to hack android phones, Its not new but still interesting and thought to put it here...
Metasploit framework has different Android Payloads mentioned below :

I have my HTC One V phone and its rooted , first thing we going to do is create Evil.apk file which will be deployed in android phone, once installed and executed by user we get reverse shell !!

Creating "evil.apk" file and uploaded to HTTP root directory :

evil.apk downloaded in my android phone :

evil.apk download location :

Installing Malicious APK containing reverse shell ;)

Its interesting my CM Security real time protection not detecting any malicious activity! 

After executin "MainActivity" application here is our reverse shell :

Interesting commands from Anroid Meterpreter shell :

Capturing screenshot through meterpreter shell :


Sunday, 10 August 2014

Wlan Password through Metasploit post exploitation module

In Scenario based hacking, if we get meterpreter session of Victim, we can quickly Enumerate Wlan profiles and their passwords through Metasploit modules present under  : "post/windows/wlan/"

Wlan modules available inside Metasploit framework :

Sunday, 3 August 2014

Password Hash Dump Tools Comprehensive List

I came across a website:
Which lists windows Password Hash Dump tools Here  this may be handy while doing pen testing, so thought to post it here.

Nice work Guys Keep it up!