Forum Thread: What Are Some of Your Most Favorite, Most Reliable Exploits You Use Often? And Following, Which Payload?

The reason why I ask this question is for another source for understanding. I've read through OTW's articles and threads many, many times. However, I'm finding it challenging to successfully engage a node here at the home network. All computers are running windows 7 or windows 8.1 with ALL updates from the OS, and software as well. So I'm finding it very challenging to hack one of my nodes. Any help or suggestions for other ways to go about it? Maybe, manually install meterpreter on their system via USB flash drive and see if my launch from my BTr3 laptop will work?

I think, for now even though I haven't gotten it to work yet, I think my most favorite exploit is this one found on . Here, it states that the exploit will work on any OS as long as it has Internet explorer 8.1 or earlier installed, and it'll host the payload of reverse TCP. This one is already one of my most favorites. I fully understand the requirements, too.

So, my main and only question to the community is -- what is your most commonly used exploit and payload? Please share. There are SOOO many to choose from, it's hard to navigate to get one that'll do the job. IF anyone has any input, it'd be great. Thanks!!! Tell me about your method of practice. Thanks!!

HyphaeKnot

8 Responses

good question bro, pray to see good and reliable response soon

John:

Hackers generally are going after servers, that is where the info they want is such as credit card numbers, etc. not clients. Most of the hacks I have demonstrated are for servers.

As systems have become more and more secure, it doesn't make much sense to attack the servers and operating systems. Instead, the best approach is to attack the software on the clients such as the browser, Abobe products, MS Office, etc. If you want to attack Win 7 or 8, you are best to attack the software on the system. Attack the browser, Abobe, etc.

I understand that you are practicing on Win 7 and 8, so you should try the client side attacks. In reality, businesses are running old OS's that are much more vulnerable. probably, 40% of corporate servers are running Windows server 2003. The systems hacked in the Target attack were likely 2003.

Hope this helps.

OTW

master otw:

if i hv acess to a big network.....than how can i know that which one is the server(IP of server) among the hundreds of computers...????

Secret:

Do a nmap scan or xprobe2 scan. xprobe2 will tell you the exact OS. If you use nmap, look for ports that indicate a server such as ports 1433 (SQL Server) or 389 (LDAP).

OTW

thnx master u are mine of knowledge.......god bless u..:).....

but i don't know the ip of server...can i scan whole network through NMAP like netdiscover... could u plz tell me command for that...

Yes you can scan the whole network, and the way you would do this is through CIDR notation. 192.168.1.0/24 should scan all IP addresses from 192.168.1.0 to 192.168.1.255.

Just use 192.168.1.0/24 where you would normally put an IP address, i.e. "nmap 192.168.1.0/24" or "xprobe2 192.168.1.0/24"

Thank you guys for your responses. I appreciate them much, as they are helpful. OTW, thank you for your response about what is the likely best solution of attack. That's what I was assuming, but because of my experience, I just didn't know. Thanks for clarifying it up for me. I'll be sure to post some more on my experiences.

Are there any other takers of which exploits are most successful in your current experience?

Hyphae

Share Your Thoughts

  • Hot
  • Active