Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 37
Guests Online: 35
Members Online: 2

Registered Members: 82847
Newest Member: Zanjux
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Page 1 of 2 1 2 >
Author

how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 10:16
Downloaded a milw0rm script, used it but now im wanting to have a shell or something to input code, i can now go to [edit] removed IP, and added 10 warn to your account[/edit]

http://milw0rm.com/exploits/2671


C:\>2671.pl
"Novell eDirectory 8.8 NDS Server" Remote Stack Overflow Exploit

[+] Connected.
[+] Trying to overwrite RETurn address...
[+] Done. Now check for bind shell on [edit]removed[/edit]!

Result:
DHost HTTP Server
--------------------------------------------------------------------------------
DHost Console
NDS
DS Trace
NDS iMonitor






Edited by Mr_Cheese on 23-01-09 18:19
Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 10:41
First of all, you're not supposed to post the addresses to sites you've hacked or plan on hacking.

This just looks like you found a site that's vulnerable to that exploit, downloaded the exploit, and used it (which is something that any idiot can do). It also looks like you don't know what you're doing. It tells you that your hacked site/server has a bindshell port open on 8029 now, so open up netcat and connect to it.

Or go read some more about rooting so that when you come across a vulnerability, you know how to exploit said vulnerability without getting busted. Smile

(Oh, and I'm not exactly a rooting expert, so if you want legitimate help with rooting, you'll have to ask someone else.) Pfft


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 10:49
people like you really make me mad, first, know the ranges its an INTERNAL pen test, besides that youd better just dont say anything if the only thing you want to do is blaming around. Sorry but you made me a little bit upset


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 10:51
I'm sorry if I made you upset. Regardless of how you feel about my post, the point is the same: Learn more.

Until you know everything, you should always want to learn more. Wink


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 11:03
well this is just another step of learning for me and i guess there is not such thing as "knowing everything" but could you maybe still give me advise on how to do it because if i now connect to it with netcat it does like

#nc ip_address port
#

it immidiatly disconnects :/


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 11:05
Maybe read up on netcat. Try to learn how it deals with connections and what causes it to close unexpectedly. Pretty much, if you want an answer, you can find it. All it requires is effort and patience on your part. Smile


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 11:07
ok, cant you just tell me where to look in the man pages Pfft


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 11:09
"I have said: 'Blow out the lamp! Day is here!' And you keep saying: 'Give me a lamp so I can find the day.'" -- Frank Herbert


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 12:57
jelmer wrote:
if i now connect to it with netcat it immidiatly disconnects :/

Post what you're actually trying... not just that you're trying it. Also, go ahead and try telnet with the optional port argument to connect to that address. Example:

telnet ip_address port

Post the full results of each command or, if you can't do that, take screenshots of what you see when the command fails.

Oh, and internal IP address ranges are okay, I agree... They wouldn't do any good to anyone outside of the network, anyways. Internal ranges:

10.x.x.x
127.x.x.x (loopback)
172.16.x.x - 172.32.x.x
192.168.x.x


Author

RE: how can i add a payload to this?

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 23-01-09 13:00
Though I like the bickering back and forth here I will chip in here.

This looks like an internal pen test yes. Your problem lays within your method. You are sitting in a box looking out. Try it from the other perspective. Look at what you want to achieve, think of ways to get there, pick one of the paths you come up with. If that fails try another one. Again as Skunk has stated, patience is needed in testing for security holes.

Also learn what the milw0rm script is actually doing. This will help you learn what you need to do next. Learn how it is making this exploit happen. Once you know how this is happening you will then be able to draw conclusions into how to make it work to your favour. If you do not have the patience to complete this then you should go to www.skoty.org and nominate yourself for an award.

Also please note that I am not here to tell you how to do shit. That is how people learn in school. This is not school. I will guide you and I will help you along the way with help and tips. I will not give you an answer. Research, learn, prove that you need guidance. If you do you will get some. Otherwise, read read read as it states all over this site. To learn the most of anything you must pick it apart and learn from it. If all you want to do is learn to hack and be able to exploit things then you are not in it for the right reasons.

Please read up on exactly what you are attempting to do an then you will learn (or come up with) ways to finish your thoughts and get things done. Without wisdom you are nothing but a poorly written book.


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: 2 cents


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 18:27
yes i also agree with skunk if your doing an internal pentest and you have to ask for help you dont belong doing it have someone who knows more do it i mean shit u wanted to add a shellcode to an exploit that quite obviously already spit you a shell


im not saying that your dumb!
im not saying your a n00b

i am saying that you must google everything read learn to program a little
but seriously leave the actually pen tests up to a professional

fuck i didnt even perform our tests at work i let someone way better than me do it even though my ego said i know i can do it

i may have missed something then im responsible

so good luck in rooting its fun :ninja:

-- Fixed quadruple post. MoshBat




Edited by on 23-01-09 18:42
Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 19:08
Ok, well basicly i did everything you guys did, yea im new to rooting and im learning alot every day again, now from my house i cant connect to the ldap server because its internet i really like it that you guys want to help me. I tried everything over that specific port but nothing turned out to really work, it did something on the server and you said to me that it threw me in a shell but i dont see more than 3 links, im learning more netcat to see if i can connect that way to it, if i connect to it through telnet or netcat it will close immidiatly im also trying to do something over port 389 its ldap and it says (anonymous bind OK) and in the log files i can see how it connects to it. i think im going to write something so it will commit a dictionary attack on it. I am a noob at pen testing i know but all help will be appreciated Grin

I also installed Consoleone on my pc, this way i was able to see all kind of users on the server and i found out that after cracking the password of 1 helpdesk guy that they all use the same password. I earlyer found the admin account with what it was able to become god on the network but i reported it and they changed it. That password was the same.

The network also stores the password locally after getting then from a server. It saves them in 2 parts, nt and lm or something and they are really easy to crack. Unless the passwords are bigger than 14 characters, not sure how this works but it makes it a so called NTLM hash


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 19:15
Read Private Message (inbox)
From: Site Owner
Date: January 23 2009 - 18:19:37
Subject: Warn Level: 10
You have been warned because: posting links to places you want to hack

but it was internal!! Sad




Edited by on 23-01-09 19:31
Author

RE: respect


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 20:07
ok listen i get in trouble alot don't post the targets period

and if you want ldap you can use a nice tool coded in perl its at sourceforge

and if its windows 2000 letting you do a null bind you can use a tool from microsoft to view the different nodes

and actually u can also enumerate users on 2000 and figure out if their passwords are blank or not theres also a nice bruteforce function

much like xss ldap is viewed a non writable which isnt entirely true
so admins usually over look it that and snmp

so this tool basically eats up misconfigured domain contollers and then
u move on to the next step gaining access then elevating your privleges

i'm not gonna go in my repository and get the tool names and commands beacuse i'm not spoon feeding you


pm me with the portscan results and ill tell you what u need to do:ninja:




Edited by on 23-01-09 20:11
Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 21:14
jelmer wrote:
You have been warned because: posting links to places you want to hack

but it was internal!! Sad

moshbat wrote:
Well, politely argue your case. Not to me, to Cheese. It was his decision.
And by the way, as the Site Owner, his word is final.

Zephyr_Pure wrote:
Oh, and internal IP address ranges are okay, I agree... They wouldn't do any good to anyone outside of the network, anyways. Internal ranges:

10.x.x.x, 127.x.x.x (loopback), 172.16.x.x - 172.32.x.x, 192.168.x.x


There are times that people should be warned, and there are times that they should not. Judgment must be made on what is and is not proper behavior by staff... however, some sensibility would help in the decision. I already pleaded the case for why it was not a warnable offense earlier in the thread, and that still holds true.

In no way, shape, or form can an internal IP address be a viable target for anyone on this site to pursue other than the person that is actually on the network.

In that respect, the rule is invalid here and he should've never been warned. I'm removing his warn because, ultimately, the Site Owner is not always right. if he wants to reverse it, that is his choice. I do what I know is right.


Author

RE: hey


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 22:12
good one zeph i like to see when you are fair i knew you werent just an evil dictator lol!!!:ninja::ninja:


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 22:39
Zephyr's always fair. Usually people who get punished a lot tend to think that the punishments aren't fair... Pfft

All these guys are absolutely right, and I still stand by my advice: Go learn. When you actually learn about how vulnerabilities work, then it's generally pretty easy for you to exploit that vulnerability in more than one way.

And if you're trying to learn about rooting, hit me up on MSN cause I think I'm about to start learning more about it too. Smile


Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 23:22
yay, thx for undoing the warning Smile here are the nmap results
you can open it with zenmap with file -> open

thx for your time and i really like the responses

---- ldap1.xml ----

Do not post something that reveals the external domain of your target. That IS against the rules. - Zeph




Edited by on 24-01-09 00:46
Author

RE: how can i add a payload to this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-09 23:28
www.leerling.ijsselschool [d o t ] nl/ldap1.xml

Broken link? - Zeph




Edited by on 24-01-09 00:07
Author

RE: how can i add a payload to this?

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 24-01-09 00:33
What the fuck is this? His Nmap revealed his target. This shit should be locked. If the OP wishes to learn, he needs to come back -WITHOUT- script kiddie shit. A decent question deserves a decent response. This deserves a lock.

Script kiddie. A kid who uses script without knowing what it exactly does, how it does it and what happens when it runs. A script kiddie. This is what it means.


Edit: Oh and THANK YOU, HBH, for introducing a stupid filter. Way to remove the capital letter "S" from script using that idiotic excuse of a filter. Just saying.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s

Edited by spyware on 24-01-09 00:38
http://bitsofspy.net
Page 1 of 2 1 2 >