Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: hack windows server?

  1. #1
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default hack windows server?

    hi guys,

    what is the best way to hack a windows server?

    its on my network i can also remote desktop to it but cant login as do not know the password

    how can i gain access to this server?

    is there someway to get the password to login through remote desktop

    i am using backtrack bt4 beta

    hope you can help

  2. #2
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by roonie View Post

    its on my network i can also remote desktop to it but cant login as do not know the password
    Did you forget the password?

  3. #3
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default

    no it is in a lab enviroment and has been set as a challenge

    but i have no idea where to start

  4. #4
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Can you elaborate a little more?

    What is the challenge? Where did you get it from? Who gave it to you? What are the instructions/rules/requirements?

    Everyone is going to be skeptical when a question like this is asked, as usually these type of questions have some illegal or malicious purpose. You mention that this is in a virtual lab on your network, so you ought to be able to give me a little more info.

  5. #5
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default

    i work in a computer shop repairing computers, i have recently been getting interested in backtrack

    so in work we have set up 3 pcs 2 running xp pro and 1 running windows server 2000 so we can pratice and i wouldn't matter if we messed the machine up

    so as a challenge my boss said to me and my co worker the first one to gain access to the server will get a bounus at the end of the month

  6. #6
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    You could start off with some enumeration. Use programs like nmap to find out what available ports are open. You can use netcat to banner grab information from specific ports as well. Match the programs you enumerate to exploits in metasploit as well as milw0rm. A neat feature with metasploit is the meterpreter shell which will allow you to hash dump the passwords (this is just one of many ways).

    That should give you some ideas to start off. There are tons and tons of other ways to do this, some more efficient. Rather give you some ideas than spoil it for you.

    edit: If there aren't available applications to exploit on the server, look into exploiting the operating system... Check Google.

  7. #7
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default

    hi thanks for the advice,

    i did try and do the vnc with metasploit but all i got was..

    complete but no session was created. so dont know why

    i will do some reseach and try what you said thanks again

  8. #8
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Well it is not all about just using metasploit.

    There is way more to pentesting besides just using metasploit to pop some boxes. If you don't know what to do, we can't just give you an easy answer as in a walkthrough.

    Best bet for you might be either social engineering your boss or a password profiling attack.
    You might want to ask him to sponsor you the PWB course from Offsec.
    Tiocfaidh ár lá

  9. #9
    Good friend of the forums
    Join Date
    Feb 2009
    Posts
    356

    Default

    Use Core Impact to pop the boxes And get your bonus.
    Oh wait... it costs 20K for a year... then use fast-track.py - as it's just a question who does it first, shouldn't be that hard to pop with fast track.

  10. #10
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by roonie View Post
    hi guys,

    what is the best way to hack a windows server?
    Answering this would require a definition for "best" and for "hack". Do you consider best to be fastest? Easiest? Most stealthy? Do you consider a "hack" to be information disclosure? Remote access? Privilege escalation? Code execution?

    its on my network i can also remote desktop to it but cant login as do not know the password
    If you have physical access you can set the administrator password.

    how can i gain access to this server?
    It's on your network, there are multiple means by which you could access it. Not the least of which is to walk over and login like a normal user.

    is there someway to get the password to login through remote desktop
    You could likely bruteforce it, though being able to do so would point to an obvious flaw in your password policy. Again you have physical access so why bother with remote desktop?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •