Metasploit

Home » Metasploit

Make hashdump module work with Windows 10 – SAM Mode

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Rogdham

The new patch mechanism dont allow you to get the hashdump on Windows 10. Currently the hashdump module will display all hash output are empty.

Example (all hash empty on Windows 10):
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
IEUser:1000:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

Recently Rogdham came up with new […]

By |June 19th, 2017|Metasploit, Papers|

Grab TOR hidden service configurations in linux – Advance Footprinting

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credit: xcellerator

This is nice and clean post exploitation that steals hostnames and private keys of TOR hidden services originating from the target machine. The technique can be used and implemented in Advance Footprinting as well as Forensics.

Tested […]

By |June 19th, 2017|Metasploit, Papers|

UAC bypass module for Windows 10 – Metasploit

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credit: Christian

This module exploit a recently disclosed bypassuac method on windows 10 that is currently unpatched.
By editing a registry key and launching fodhelper.exe autoelevated process, one can get an elevated meterpreter session without dropping any file.
This technique […]

By |June 19th, 2017|Metasploit, Papers|

Metasploit basic command guide.

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

msf > use auxiliary/server/socks4
msf > run

**msfvenom**
The msfvenom tool can be used to generate Metasploit payloads (such as Meterpreter) as standalone files and optionally encode
them. This tool replaces the former msfpayload and msfencode tools. Run with ‘’-l payloads’ to get a list of payloads.

$ msfvenom –p […]

By |August 9th, 2016|Metasploit|

Password Cracking Session Intro

Extreme Hacking
Advanced Ethical Hacking Institute in Pune

We are going to start a new session on Password cracking, that will include all sorts of tech needed to break the password. It will be a sort of building block if you are planning to be CEH certified. CEH is one of the most powerful course around, but I […]

By |September 21st, 2015|Metasploit|

Metasploit: Simple way to collect email addresses through metasploit

Advanced Ethical Hacking Institute in Pune

As discussed in CEH.

Here is a very easy tutorial on how to collect email addresses with metasploit.

1)First thing to do is open a msfconsole and type

Code:
search gather

2) Type

Code:
use gather/search_email_collector

3) Now you need to set the domain you can use what you want eg gmail.com, yahoo.com for this tutorial we will use gmail.com

Code:
set domain […]

By |July 4th, 2015|Metasploit|

Metasploit: Final Exploit

Advanced Ethical Hacking Institute in Pune

So now we can see again the final exploit. This is all that is necessary to go from PoC to full Metasploit module in a few simple steps. We will be further expanding on this code in later sections going deeper into ways of making a better Metasploit module such as […]

By |June 30th, 2015|Metasploit|

Metasploit: Hosting the Javascript

Advanced Ethical Hacking Institute in Pune

In this section we are going add the listener and the javascript for the exploit. The changes to the exploit are highlighed.

Contents

1 On Request URI
2 Content
3 Send Response HTML

 

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework […]

By |June 30th, 2015|Metasploit|

Metasploit: Making a Log Entry

Advanced Ethical Hacking Institute in Pune

In this section we are going to take a look at sending a GET request to the target. This GET request will contain a User-Agent field with Javascript appended to connect back to Metasploit. The changes to the exploit are highlighed.

Contents

1 Register Options
2 Exploit Get Request
3 Exploit Headers
4 Exploit Data
5 Super

 

##
# […]

By |June 30th, 2015|Metasploit|

Metasploit: Skeleton Creation

Advanced Ethical Hacking Institute in Pune

In this section we are going to take a look at a skeleton exploit to start building our dotDefender PoC from.
We’ll start with some of the specific things in the skeleton that are required for this exploit to work. The descriptions aren’t necessary until the end so we won’t worry about […]

By |June 30th, 2015|Metasploit|