SlideShare a Scribd company logo

Blind date with ur girlfriend

Gajendra Saini
Gajendra Saini

Nipun Jaswal is a security researcher and chief technical officer of Secugenius Security Solutions. The document discusses exploiting vulnerabilities to hack into webcams using the Metasploit framework. It provides two scenarios - one targeting a Windows XP system using the NETAPI vulnerability, and one targeting Windows 7 by exploiting vulnerabilities in Internet Explorer through a malicious link. The document demonstrates how to use Metasploit to execute exploits against the target systems and gain access to the webcam.

Self ImprovementTechnology
1 of 20
Download to read offline
BLIND DATE WITH YOUR GIRLFRIEND (Metasploit Exploitation Framework) Presented By: Nipun Jaswal AFCEH , C.I.S.E , C|EH  Chief Technical Officer , Secugenius Security Solutions LDH.  Ambassador Of EC-COUNCIL @L.P.U  Co – Founder DEFCON-LUDHIANA (DC141001)  Web : www.starthack.com  Email : nipun.jaswal@secugenius.com , admin@starthack.com  SNL : www.facebook.com/nipun.jaswal , www.facebook.com/nipunjs Page 1/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Biography Of The Author : Nipun Jaswal is an IT Security researcher currently working with Secugenius Security Solutions as the chief technical officer . He is a Certified Information Security Expert (CISE),AFCEH Certified , Certified Ethical Hacker By EC- COUNCIL, Founder and Admin of starthack.com as well as worked with Cyber Cure Solutions . as a R&D Security Analyst for Six months. His expertise includes Research and Development in this domain, Computer and Network Security, exploit research, C, PHP, Perl, Penetration testing and website designing , Computer Forensics . He has trained more than 1500+ students and having more than 2 years’ experience of IT Security field. He has conducted lots of workshops around the nation. Also He is the co-founder of defcon Ludhiana .. He had found Almost 30,000 Vulnerable sites approx. including 100+ servers and successfully helped patching those sites .. Helped patching schoolsindia.com’s 900+ hacked websites by Pakistani hackers . He is The Ambassador For EC-COUNCIL Programs Conducted At Lovely Professional University , In 2010 he Was The Winner Of Innobuzz Best Blog Competition And Won Free DLP Package for the same . He is Currently Pursuing B.tech And is Presently in 3rd Year At L.P.U .. He did his Diploma From L.P.U Itself…. Page 2/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Abstact: “Blind date With Ur GirlFriend“ ---------------MetaSpoit------------ You Guys Might Be Thinking Viewing Movies Like “ Die Hard 4” How Hackers Are hacking Into Webcam’s Or u might be thinking to chat with a girl whom never replied to ur pings on yahoo messenger .. having a Hot Pic Might Be Just Too Fantasying. My Topic Is Just Acc. To your needs .. This topic explores the wideness of flaws in today’s window boxes So how u gonna get live cam of the girl you fantasized about ..? Well , I got The Answer … Metasploit , this one powerful tool has got the guts to enter any vulnerable systems in the world.. Page 3/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Prerequisites:  A Modern System With Backtrack 5 R1 O.S  Victim’s IP Address ( Or Not In Some Cases)  A Brain Exploitation Begins Here: So Our Scenario Starts Here When U Are Pinging A Girl And She Never Replied … Now We Will Go Step By Step: 1. Send Her A Mail/PM/ Containing A Fake Link.. 2. She Views The Site.. 3. She Got Owned 4. That’s It .. Let’s Start Exploiting …. A Brief about Metasploit Framework: MSF Framework is a database containing all the exploit codes which when hit on a system with associated vulnerabilities spawns a shell of the target and sends it back to the victim.. We will Cover Two Scenario’s Page 4/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
1. Knowing The IP Address Of The Victim ( Windows XP Box) 2. Only Sending A Message To The Victim Conivincing To Click Now Let’s Take The First Scenario: Suppose We Got a girl operating windows xp system.. Niceeeee !!! Now Lets Get Into the black hat world . And think differently….. Page 5/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Now open your BT5 Box .. Open The World’s Best Exploitation Tool : Metasploit Framework (msfconsole) Now As We Know The Target Sits On windows Xp SP2 System Page 6/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
From a Hackers Point Of View We know That Windows Xp Sp2 Suffers From NETAPI Vulnerabilty About The Vulnerability: Page 7/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Now u r known to the vulnerability now what we need is to get the ip address of the victim : How u Will get It? Phishing ?? Naaaaah !! Send A Abusive Mail … She Will Reply For Sure … get Into The Full View Options And Get The Originating IP. So Lets Get Back To Action… Now … Page 8/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Remember NETAPI service Runs On port 445 Lets Set The Remote Victims Ip using The Set RHOST [i.p] Payload : It’s the Code Which Gets Exectuted After Exploitations Like What We Need To perform After Successful Exploitation .. Reverse TCP: A reverse connection is usually used to bypass firewall restrictions on open ports. A firewall usually blocks open ports, but does not block outgoing traffic. In a normal forward connection, a client connects to a server through the server's open port, but in the case of a reverse connection, the client opens the port that the server connects to. The most common way a reverse connection is used is to bypass firewall and Router security restrictions. Meterpreter: Is An Interactive Shell Console Which offers various functions which can be performed over the victim like Page 9/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
keylogging , capturing remote system snapshots , webcam snaps , record _mic Etc. VOILA !! GOT THE SHELL…. Now type : The Following Command: Meterpreter> run webcam –h Page 10/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Run according to requirements Result :--------| Run according to requirements Easy Isn’t It ? Page 11/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Exploiting Windows 7 Girlfriends Now Next , Suppose We Have An Another Girl Operating windows 7 As The Os Is Most in demand these days … Here We Can’t Hack the victim with any system vulnerabilities .. so we prey Application Based Vulnerabilities … As We Know The Most Used And Unimportant Software in windows 7 is INTERNET EXPLORER Suppose u Send The Victim A Link To Chat With Her Online Or View A Live Webcam …. Which Most the guys fall for ….lolz May be U All Have Experienced Mostly IP Address Written with convincing messages like chat with me , see my webcam etc. In Normal Cases People Quickly Copy the url and type it in their address bar … Exploiting Windows 7 Girlfriends Now Next , Suppose We Have An Another Girl Operating windows 7 As The Os Is Most in demand these days … Here We Can’t Hack the victim with any system vulnerabilities .. so we prey Application Based Vulnerabilities … Know The Most Used And Unimportant Software in windows 7 Suppose u Send The Victim A Link To Chat With Her Online Or View A Live Webcam …. Which Most the guys fall for ….lolz May be U All Have Experienced Mostly IP Address Written with convincing messages like chat with me , see my webcam etc. In Normal Cases People Quickly Copy the url and type it in their Exploiting Windows 7 Girlfriends Now Next , Suppose We Have An Another Girl Operating windows 7 Here We Can’t Hack the victim with any system vulnerabilities .. so we Know The Most Used And Unimportant Software in windows 7 Suppose u Send The Victim A Link To Chat With Her Online Or View A May be U All Have Experienced Mostly IP Address Written with convincing messages like chat with me , see my webcam etc. In Normal Cases People Quickly Copy the url and type it in their Page 12/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
What Happens Is .. This Is The link Which Got 50-60 Exploit Codes Waiting For Your Ping And As soon As U Ping The Target Ur System Gets Ownd Now Lets Perform The Same To get Indepth Knowledge … Now First Of All Open Your Backtrack 5 Console And Open Metasploit Framework As we Did Earlier Terminologies :- Browser Autopwn: This Is The Auxiliary Exploit Which Launches 20-55 exploits at once which waits for the incoming connection , when got ! tries to exploit the target application SRVPORT : Service Port Required To Set to port 80 because If Anyother port is used it might seems suspicious and by default port is 80 only at http URIPATH : It’s the Default Landing Page The Victim Will See After Connecting back to the attacker… Now As We Have Set All the required Settings : Now Lets Exploit Page 13/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
After Some Basic Operations : Finally After Launching All The exploits : Page 14/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Now Our malicious Server Is ready Now Send This To The Victim : These Exploits Will Be Launched Against The Victim .. Ms11_003_ie_css Page 15/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
About The Vulnerability: Page 16/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Affected OS: After Successful Exploitation Page 17/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
It Will Give Us Meterpreter Shell in Reverse Page 18/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
These Above Are Some Basic Commands Which U Can Use Page 19/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
Now Run The Above Command… And Enjoy ….. The Live Action  Preventions : 1. Keep Your Systems Updated . 2. Use Genuine Copy Of Microsoft Windows 3. Keep A Genuine Antivirus 4. Close All Unused Ports 5. Update Java Addons Time To Time Page 20/20 Secugenius Security Solutions Prepared by - Nipun Jaswal

Recommended

Hack the book Mini
Hack the book MiniHack the book Mini
Hack the book Mini
Khairi Aiman
 
Learn awesome hacking tricks
Learn awesome hacking tricksLearn awesome hacking tricks
Learn awesome hacking tricks
Sudhanshu Mishra
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIP
Pich Pra Tna
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Esteban Bedoya
 
Practical Cyber Attacking Tutorial
Practical Cyber Attacking TutorialPractical Cyber Attacking Tutorial
Practical Cyber Attacking Tutorial
Yam Peleg
 
Overview of information security
Overview of information securityOverview of information security
Overview of information security
Askao Ahmed Saad
 
[Computer] hacking for dummies how to learn to hack in easy steps
[Computer] hacking for dummies how to learn to hack in easy steps[Computer] hacking for dummies how to learn to hack in easy steps
[Computer] hacking for dummies how to learn to hack in easy steps
Lee Toulouse
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 

Recommended

Hack the book Mini
Hack the book MiniHack the book Mini
Hack the book Mini
Khairi Aiman
 
Learn awesome hacking tricks
Learn awesome hacking tricksLearn awesome hacking tricks
Learn awesome hacking tricks
Sudhanshu Mishra
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIP
Pich Pra Tna
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Esteban Bedoya
 
Practical Cyber Attacking Tutorial
Practical Cyber Attacking TutorialPractical Cyber Attacking Tutorial
Practical Cyber Attacking Tutorial
Yam Peleg
 
Overview of information security
Overview of information securityOverview of information security
Overview of information security
Askao Ahmed Saad
 
[Computer] hacking for dummies how to learn to hack in easy steps
[Computer] hacking for dummies how to learn to hack in easy steps[Computer] hacking for dummies how to learn to hack in easy steps
[Computer] hacking for dummies how to learn to hack in easy steps
Lee Toulouse
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
Matthew Bricker
 
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass ProtocolPassword Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass Protocol
Prasad Pawar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Karan Bavariya
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Mazin Ahmed
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!
Michele Butcher-Jones
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
David Stockton
 
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineThe Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
Jinger Jarrett
 
Soham web security
Soham web securitySoham web security
Soham web security
Soham Sengupta
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Mazin Ahmed
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
ThreatReel Podcast
 
Cyber security
Cyber securityCyber security
Cyber security
Shikhil Sharma
 
Firewalls
FirewallsFirewalls
Firewalls
Gajendra Saini
 
Online Being Spaces
Online Being SpacesOnline Being Spaces
Online Being Spaces
Gerrit Dreher
 
Advanced xss
Advanced xssAdvanced xss
Advanced xss
Gajendra Saini
 
business
businessbusiness
business
Gajendra Saini
 
credit-suisse Credit Suisse Group Interim Report 1999
credit-suisse Credit Suisse Group Interim Report 1999credit-suisse Credit Suisse Group Interim Report 1999
credit-suisse Credit Suisse Group Interim Report 1999
QuarterlyEarningsReports2
 
Gmail hacking
Gmail hackingGmail hacking
Gmail hacking
Gajendra Saini
 
credit suiss Letter to shareholders
credit suiss Letter to shareholders credit suiss Letter to shareholders
credit suiss Letter to shareholders
QuarterlyEarningsReports2
 
Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
Nutan Kumar Panda
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
Tiago Henriques
 
Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)
Dinis Cruz
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
Nikhil Mittal
 

More Related Content

What's hot

Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
Matthew Bricker
 
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass ProtocolPassword Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass Protocol
Prasad Pawar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Karan Bavariya
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Mazin Ahmed
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!
Michele Butcher-Jones
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
David Stockton
 
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineThe Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
Jinger Jarrett
 
Soham web security
Soham web securitySoham web security
Soham web security
Soham Sengupta
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Mazin Ahmed
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
ThreatReel Podcast
 
Cyber security
Cyber securityCyber security
Cyber security
Shikhil Sharma
 

What's hot (11)

Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
 
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass ProtocolPassword Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass Protocol
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
 
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineThe Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
 
Soham web security
Soham web securitySoham web security
Soham web security
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
 
Cyber security
Cyber securityCyber security
Cyber security
 

Viewers also liked

Firewalls
FirewallsFirewalls
Firewalls
Gajendra Saini
 
Online Being Spaces
Online Being SpacesOnline Being Spaces
Online Being Spaces
Gerrit Dreher
 
Advanced xss
Advanced xssAdvanced xss
Advanced xss
Gajendra Saini
 
business
businessbusiness
business
Gajendra Saini
 
credit-suisse Credit Suisse Group Interim Report 1999
credit-suisse Credit Suisse Group Interim Report 1999credit-suisse Credit Suisse Group Interim Report 1999
credit-suisse Credit Suisse Group Interim Report 1999
QuarterlyEarningsReports2
 
Gmail hacking
Gmail hackingGmail hacking
Gmail hacking
Gajendra Saini
 
credit suiss Letter to shareholders
credit suiss Letter to shareholders credit suiss Letter to shareholders
credit suiss Letter to shareholders
QuarterlyEarningsReports2
 

Viewers also liked (7)

Firewalls
FirewallsFirewalls
Firewalls
 
Online Being Spaces
Online Being SpacesOnline Being Spaces
Online Being Spaces
 
Advanced xss
Advanced xssAdvanced xss
Advanced xss
 
business
businessbusiness
business
 
credit-suisse Credit Suisse Group Interim Report 1999
credit-suisse Credit Suisse Group Interim Report 1999credit-suisse Credit Suisse Group Interim Report 1999
credit-suisse Credit Suisse Group Interim Report 1999
 
Gmail hacking
Gmail hackingGmail hacking
Gmail hacking
 
credit suiss Letter to shareholders
credit suiss Letter to shareholders credit suiss Letter to shareholders
credit suiss Letter to shareholders
 

Similar to Blind date with ur girlfriend

Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
Nutan Kumar Panda
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
Tiago Henriques
 
Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)
Dinis Cruz
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
Nikhil Mittal
 
pentest mobile app issue
pentest mobile app issuepentest mobile app issue
pentest mobile app issue
shekar M
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2
Jesus Rances
 
SELJE - VFP and IT Security.pdf
SELJE - VFP and IT Security.pdfSELJE - VFP and IT Security.pdf
SELJE - VFP and IT Security.pdf
Eric Selje
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
n|u - The Open Security Community
 
Zlob Trojan
Zlob TrojanZlob Trojan
Zlob Trojan
cpavtsjoe
 
Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshop
Abhinav Sejpal
 
Security testing for web developers
Security testing for web developersSecurity testing for web developers
Security testing for web developers
matthewhughes
 
Project: Intrusion Detection
Project: Intrusion DetectionProject: Intrusion Detection
Project: Intrusion Detection
Jay Schulman
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)
ClubHack
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
Jeff Zahn
 
Ransomware for fun and non-profit
Ransomware for fun and non-profitRansomware for fun and non-profit
Ransomware for fun and non-profit
Youness Zougar
 
Thou shalt not
Thou shalt notThou shalt not
Thou shalt not
taftosterone
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
Zoltan Balazs
 
The dark side of cybersecurity: International Awareness Cybersecurity Month
The dark side of cybersecurity: International Awareness Cybersecurity MonthThe dark side of cybersecurity: International Awareness Cybersecurity Month
The dark side of cybersecurity: International Awareness Cybersecurity Month
ITrust - Cybersecurity as a Service
 
How Do Computer Viruses Work
How Do Computer Viruses WorkHow Do Computer Viruses Work
How Do Computer Viruses Work
Noida
 
Spyware
SpywareSpyware
Spyware
norazokkar
 

Similar to Blind date with ur girlfriend (20)

Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
 
Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
pentest mobile app issue
pentest mobile app issuepentest mobile app issue
pentest mobile app issue
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2
 
SELJE - VFP and IT Security.pdf
SELJE - VFP and IT Security.pdfSELJE - VFP and IT Security.pdf
SELJE - VFP and IT Security.pdf
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Zlob Trojan
Zlob TrojanZlob Trojan
Zlob Trojan
 
Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshop
 
Security testing for web developers
Security testing for web developersSecurity testing for web developers
Security testing for web developers
 
Project: Intrusion Detection
Project: Intrusion DetectionProject: Intrusion Detection
Project: Intrusion Detection
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
 
Ransomware for fun and non-profit
Ransomware for fun and non-profitRansomware for fun and non-profit
Ransomware for fun and non-profit
 
Thou shalt not
Thou shalt notThou shalt not
Thou shalt not
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
 
The dark side of cybersecurity: International Awareness Cybersecurity Month
The dark side of cybersecurity: International Awareness Cybersecurity MonthThe dark side of cybersecurity: International Awareness Cybersecurity Month
The dark side of cybersecurity: International Awareness Cybersecurity Month
 
How Do Computer Viruses Work
How Do Computer Viruses WorkHow Do Computer Viruses Work
How Do Computer Viruses Work
 
Spyware
SpywareSpyware
Spyware
 

More from Gajendra Saini

Irctc ticket booking
Irctc ticket bookingIrctc ticket booking
Irctc ticket booking
Gajendra Saini
 
Create Wifi hotspot in Laptop
Create Wifi hotspot in LaptopCreate Wifi hotspot in Laptop
Create Wifi hotspot in Laptop
Gajendra Saini
 
Kothaligadh Trek
Kothaligadh TrekKothaligadh Trek
Kothaligadh Trek
Gajendra Saini
 
Integrated Circuits
Integrated CircuitsIntegrated Circuits
Integrated Circuits
Gajendra Saini
 
Bluetooth
BluetoothBluetooth
Bluetooth
Gajendra Saini
 
Em waves
Em wavesEm waves
Em waves
Gajendra Saini
 

More from Gajendra Saini (7)

Irctc ticket booking
Irctc ticket bookingIrctc ticket booking
Irctc ticket booking
 
Create Wifi hotspot in Laptop
Create Wifi hotspot in LaptopCreate Wifi hotspot in Laptop
Create Wifi hotspot in Laptop
 
Kothaligadh Trek
Kothaligadh TrekKothaligadh Trek
Kothaligadh Trek
 
Integrated Circuits
Integrated CircuitsIntegrated Circuits
Integrated Circuits
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Em waves
Em wavesEm waves
Em waves
 
Ascii
AsciiAscii
Ascii
 

Blind date with ur girlfriend

  • 1. BLIND DATE WITH YOUR GIRLFRIEND (Metasploit Exploitation Framework) Presented By: Nipun Jaswal AFCEH , C.I.S.E , C|EH  Chief Technical Officer , Secugenius Security Solutions LDH.  Ambassador Of EC-COUNCIL @L.P.U  Co – Founder DEFCON-LUDHIANA (DC141001)  Web : www.starthack.com  Email : nipun.jaswal@secugenius.com , admin@starthack.com  SNL : www.facebook.com/nipun.jaswal , www.facebook.com/nipunjs Page 1/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 2. Biography Of The Author : Nipun Jaswal is an IT Security researcher currently working with Secugenius Security Solutions as the chief technical officer . He is a Certified Information Security Expert (CISE),AFCEH Certified , Certified Ethical Hacker By EC- COUNCIL, Founder and Admin of starthack.com as well as worked with Cyber Cure Solutions . as a R&D Security Analyst for Six months. His expertise includes Research and Development in this domain, Computer and Network Security, exploit research, C, PHP, Perl, Penetration testing and website designing , Computer Forensics . He has trained more than 1500+ students and having more than 2 years’ experience of IT Security field. He has conducted lots of workshops around the nation. Also He is the co-founder of defcon Ludhiana .. He had found Almost 30,000 Vulnerable sites approx. including 100+ servers and successfully helped patching those sites .. Helped patching schoolsindia.com’s 900+ hacked websites by Pakistani hackers . He is The Ambassador For EC-COUNCIL Programs Conducted At Lovely Professional University , In 2010 he Was The Winner Of Innobuzz Best Blog Competition And Won Free DLP Package for the same . He is Currently Pursuing B.tech And is Presently in 3rd Year At L.P.U .. He did his Diploma From L.P.U Itself…. Page 2/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 3. Abstact: “Blind date With Ur GirlFriend“ ---------------MetaSpoit------------ You Guys Might Be Thinking Viewing Movies Like “ Die Hard 4” How Hackers Are hacking Into Webcam’s Or u might be thinking to chat with a girl whom never replied to ur pings on yahoo messenger .. having a Hot Pic Might Be Just Too Fantasying. My Topic Is Just Acc. To your needs .. This topic explores the wideness of flaws in today’s window boxes So how u gonna get live cam of the girl you fantasized about ..? Well , I got The Answer … Metasploit , this one powerful tool has got the guts to enter any vulnerable systems in the world.. Page 3/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 4. Prerequisites:  A Modern System With Backtrack 5 R1 O.S  Victim’s IP Address ( Or Not In Some Cases)  A Brain Exploitation Begins Here: So Our Scenario Starts Here When U Are Pinging A Girl And She Never Replied … Now We Will Go Step By Step: 1. Send Her A Mail/PM/ Containing A Fake Link.. 2. She Views The Site.. 3. She Got Owned 4. That’s It .. Let’s Start Exploiting …. A Brief about Metasploit Framework: MSF Framework is a database containing all the exploit codes which when hit on a system with associated vulnerabilities spawns a shell of the target and sends it back to the victim.. We will Cover Two Scenario’s Page 4/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 5. 1. Knowing The IP Address Of The Victim ( Windows XP Box) 2. Only Sending A Message To The Victim Conivincing To Click Now Let’s Take The First Scenario: Suppose We Got a girl operating windows xp system.. Niceeeee !!! Now Lets Get Into the black hat world . And think differently….. Page 5/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 6. Now open your BT5 Box .. Open The World’s Best Exploitation Tool : Metasploit Framework (msfconsole) Now As We Know The Target Sits On windows Xp SP2 System Page 6/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 7. From a Hackers Point Of View We know That Windows Xp Sp2 Suffers From NETAPI Vulnerabilty About The Vulnerability: Page 7/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 8. Now u r known to the vulnerability now what we need is to get the ip address of the victim : How u Will get It? Phishing ?? Naaaaah !! Send A Abusive Mail … She Will Reply For Sure … get Into The Full View Options And Get The Originating IP. So Lets Get Back To Action… Now … Page 8/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 9. Remember NETAPI service Runs On port 445 Lets Set The Remote Victims Ip using The Set RHOST [i.p] Payload : It’s the Code Which Gets Exectuted After Exploitations Like What We Need To perform After Successful Exploitation .. Reverse TCP: A reverse connection is usually used to bypass firewall restrictions on open ports. A firewall usually blocks open ports, but does not block outgoing traffic. In a normal forward connection, a client connects to a server through the server's open port, but in the case of a reverse connection, the client opens the port that the server connects to. The most common way a reverse connection is used is to bypass firewall and Router security restrictions. Meterpreter: Is An Interactive Shell Console Which offers various functions which can be performed over the victim like Page 9/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 10. keylogging , capturing remote system snapshots , webcam snaps , record _mic Etc. VOILA !! GOT THE SHELL…. Now type : The Following Command: Meterpreter> run webcam –h Page 10/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 11. Run according to requirements Result :--------| Run according to requirements Easy Isn’t It ? Page 11/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 12. Exploiting Windows 7 Girlfriends Now Next , Suppose We Have An Another Girl Operating windows 7 As The Os Is Most in demand these days … Here We Can’t Hack the victim with any system vulnerabilities .. so we prey Application Based Vulnerabilities … As We Know The Most Used And Unimportant Software in windows 7 is INTERNET EXPLORER Suppose u Send The Victim A Link To Chat With Her Online Or View A Live Webcam …. Which Most the guys fall for ….lolz May be U All Have Experienced Mostly IP Address Written with convincing messages like chat with me , see my webcam etc. In Normal Cases People Quickly Copy the url and type it in their address bar … Exploiting Windows 7 Girlfriends Now Next , Suppose We Have An Another Girl Operating windows 7 As The Os Is Most in demand these days … Here We Can’t Hack the victim with any system vulnerabilities .. so we prey Application Based Vulnerabilities … Know The Most Used And Unimportant Software in windows 7 Suppose u Send The Victim A Link To Chat With Her Online Or View A Live Webcam …. Which Most the guys fall for ….lolz May be U All Have Experienced Mostly IP Address Written with convincing messages like chat with me , see my webcam etc. In Normal Cases People Quickly Copy the url and type it in their Exploiting Windows 7 Girlfriends Now Next , Suppose We Have An Another Girl Operating windows 7 Here We Can’t Hack the victim with any system vulnerabilities .. so we Know The Most Used And Unimportant Software in windows 7 Suppose u Send The Victim A Link To Chat With Her Online Or View A May be U All Have Experienced Mostly IP Address Written with convincing messages like chat with me , see my webcam etc. In Normal Cases People Quickly Copy the url and type it in their Page 12/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 13. What Happens Is .. This Is The link Which Got 50-60 Exploit Codes Waiting For Your Ping And As soon As U Ping The Target Ur System Gets Ownd Now Lets Perform The Same To get Indepth Knowledge … Now First Of All Open Your Backtrack 5 Console And Open Metasploit Framework As we Did Earlier Terminologies :- Browser Autopwn: This Is The Auxiliary Exploit Which Launches 20-55 exploits at once which waits for the incoming connection , when got ! tries to exploit the target application SRVPORT : Service Port Required To Set to port 80 because If Anyother port is used it might seems suspicious and by default port is 80 only at http URIPATH : It’s the Default Landing Page The Victim Will See After Connecting back to the attacker… Now As We Have Set All the required Settings : Now Lets Exploit Page 13/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 14. After Some Basic Operations : Finally After Launching All The exploits : Page 14/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 15. Now Our malicious Server Is ready Now Send This To The Victim : These Exploits Will Be Launched Against The Victim .. Ms11_003_ie_css Page 15/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 16. About The Vulnerability: Page 16/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 17. Affected OS: After Successful Exploitation Page 17/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 18. It Will Give Us Meterpreter Shell in Reverse Page 18/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 19. These Above Are Some Basic Commands Which U Can Use Page 19/20 Secugenius Security Solutions Prepared by - Nipun Jaswal
  • 20. Now Run The Above Command… And Enjoy ….. The Live Action  Preventions : 1. Keep Your Systems Updated . 2. Use Genuine Copy Of Microsoft Windows 3. Keep A Genuine Antivirus 4. Close All Unused Ports 5. Update Java Addons Time To Time Page 20/20 Secugenius Security Solutions Prepared by - Nipun Jaswal