Hackercool Magazine July 2021

Edition 4 Issue 7 This Issue is a new milestone for Hackercool Magazine in two ways. First, this Issue brings the first Real World Hacking Scenario of attacking a Windows Domain and second this Issue also brings first Wireless hacking scenario. As I already announced to our readers, we almost covered all the hacking secnarios involving Windows workgroup networks. With most of the companies having Windows Domain networks, it only becomes logical that our Magazine has to include scenarios based on Domain networks. The first and foremost scenario has been intentionally made simple so that our readers can understand how a Windows Domain works and how hacking works in in a Windows domain compared to to a Windows workgroup. It also almost simulates the first internal pen test I performed…

Hi Hackercoolians. In our previous Issues, we have covered almost all the hacking scenarios like target system placed behind a Router, Attacker system placed behind a Router etc. We have also covered a scenario where we hacked into one system behind a router and then using that system as foothold, we gained access to all other systems in the same network. However, all these scenarios involved a workgroup and not a domain network. We have covered the difference between a Windows Work Group network and a Windows Domain network in our March 2021 Issue. In the same issue, our readers have seen how to create a Windows Active Directory Domain hacking lab. This is our first scenario that deals with hacking the Windows domain but this is not the last.…

Haserl File Download Module TARGET: Alpine Linux with Haserl installed TYPE: Remote MODULE: POST ANTI-MALWARE: NA Haserl is a tool that uses LUA script to create CGI for web servers. Normally when SETUID bit is set to root, haserl will drop the UID to the owner of the CGI script. This module exploits the fact that calling haserl on a file will make it not only change the effective UID but also display the content of that file. Although most Linux distributions don't use haserl, Alpine Linux still uses it. This is a POST exploit module and we tested this on the latest release of Alpine linux with the latest release of haserl setup on it. Let's see how this exploit module works. Since this is a POST module we…

Process Ghosting is a technique used by hackers when creating malware for Windows Operating Systems to avoid detection by Antivirus software including the Windows Defender. This technique takes advantage of a gap between process creation and when Antivirus software is notified of the process creation. This gap allows the malware developers a chance to alter the executable before it is scanned by the antivirus software. Process Ghosting is built on three major techniques (used to evade Antivirus software detection) used by malware developers; They are, 1. Process Herpaderping In Process herpaderping, an existing file handle is used in order to overwrite executable with decoy PE. Hence it leaves a camouflaged malware on the disk which is different from the actual process which is running. 2. Process Re-Imaging Process Re-imaging takes…

PrintNightmare is a critical vulnerability affecting the Microsoft Windows operating systems. The recently disclosed vulnerability is present in the print spooler service of Microsoft Windows. The printer spooler service is used for printing services and is turned on by default. The versions of Windows vulnerable to PrintNightmare include Windows 7 to Windows 10 and windows Server 2008 to the latest version of Windows Servers. The PrintNightmare vulnerability has two variants: one is enabling remote code execution (CVE-2021-34527) and the other privilege escalation (CVE-2021-1675). In this article, readers will see a demonstration of exploiting the privilege escalation vulnerability in PrintNightmare. For this demonstration, we will use Windows 10 version 1809. The download information of the powershell script we used in this demo is given in our Downloads section. In this scenario,…

Hello readers. As already announced to you in our newsletter, I bought a new Alfa Wireless Adapter and also informed you that there maybe a first wireless hacking article in our upcoming Issue. As announced, I am bringing you our first Wi-Fi hacking tutorial. I am so excited on buying the Alfa wireless adapter (although on EMI) that in this month's article I decided to skip all the technical mumbo jumbo and right away getting into hacking a Wi-Fi password. After much deliberation, I decided to start with cracking a WEP password. So let's get straight away into cracking a WEP password. As always my attacker machine is Kali Linux installed on VMware. So I first connect the GOD given ALFA Wireless adapter to my laptop, make sure it is…