Hackercool Magazine August 2021

Edition 4 Issue 8 Hello Hackercoolians. Hope you are all fine and healthy. Welcome to our Eighth Issue of this year. We have been hearing a lot about PrintNightmare since two months. So we at Hackercool Magazine thought it good to include a Real World Hacking Scenario about exploiting PrintNightmare in Real World. This sounds all too meaningful since the vulnerability that affects the print spooler service of Microsoft is still refusing to die. Although Microsoft released a patch (KB5005652) to address this vulnerability, another vulnerability in the print spooler service, CVE-2021-36958 came to light. An attacker successfully exploiting this vulnerability could execute malicious code with SYSTEM privileges on the target system. This vulnerability is still unpatched and only protection is disabling of the print spooler service. The earlier patch…

Hi, I am Hackercool. People call me as Black hat but I consider myself as a script kiddie. As I returned to my hacking adventures, PrintNightmare has been reverberating in hacker circles. So I decided to try hacking a system exploiting this vulnerability. After a bit of pondering, I decided to take the exploitation route which is almost very common in Real World Attacks. Get Initial access to a target system using a RAT (Remote Administration Tool) and then use PrintNightmare vulnerability to elevate privileges. It’s only 9 days since the PrintNightmare vulnerability became public. So normally all the Windows systems above Windows 7 are ripe targets. What more can a hacker ask for? APT's, Ransomware gangs and hacking syndicates use many advanced RATs for their hacking operations which are…

History of Wi-Fi Wi-Fi is the name given to a family of wireless network protocols, based on the IEEE 802.11 family of standards. These are commonly used for local area networking of devices and also for Internet access. Simply put, this allows nearby digital devices to exchange data using radio waves. No need to mention what these devices are. The beginning of Wi - Fi happened in the form of ALOHAnet which successfully connected the Great Hawaiian Islands with a UHF wireless packet network in 1971. ALOHA net and the ALOHA protocol in fact were precursors of Ethernet and 802.11 protocols. After another 14 years, in 1985 a ruling by the U.S. Federal Communications Commission released the band for unlicensed use. These frequency bands are the 2.4 gigahertz (120 mm)…

AV | Ator is a backdoor generator utility that uses cryptographic and injection techniques to bypass AV detection. The AV in AV | Ator stands for Anti Virus. Ator is character from the Italian Film Series “Ator” who is a swordsman, alchemist, scientist, magician, scholar and engineer with the ability to sometimes produce objects out of thin air. Ator takes C# shellcode as input, encrypts it with AES encryption and generates an executable file. Ator uses various methods to bypass Anti Virus. Some of them are, Portable executable injection: In portable executable injection, malicious code is written directly into a process (without a file on disk). Then, this code is executed by either invoking additional code or by creating a remote thread. The displacement of the injected code introduces the…

Q: Why is my connection not secure when I connect to a hotspot with no password as opposed to one with a password? A: You know what is the one question that users most ask me. How to hack a system that is on a different LAN network. You know what that means? hacking a system on the same network is easy. All Wi-Fi networks without a password are called OPEN networks. So just like you anybody can connect to this OPEN network without the need of any password. All the systems and devices getting connected to this OPEN network form a WLAN (same network). So a hacker can easily scan for vulnerabilities and exploit your device in an OPEN network. There’s no restriction, right. That is the reason you…

Welcome to Metasploit This Month. Let us learn about the latest exploit modules of Metasploit and how they fare in our tests. WindowsTokenMagic PE Module TARGET: Windows 7 -10 v1803 TYPE: Local MODULE: PE ANTI-MALWARE: OFF How long it has been since we have seen a Windows privilege escalation vulnerability? Ok, we have seen one in just our previous Issue (wink, printnightmare). The Windows TokenMagic PE Module duplicates the token of an elevated process and spawns a new process/conducts a DLL hijacking attack to gain SYSTEM level privileges. Since this is a privilege escalation module, we need to get a meterpreter session with low privileges on the target. Let’s see how this module works. We have tested this module on Windows 7 Service Pack 1 target. Background the initial meterpreter…