Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Success Story/ Success and Metasploit/ Product Floor

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    61

    Default Success Story/ Success and Metasploit/ Product Floor

    Today, i would like to talk a bit about metasploit, and how its based, used, and even its GREAT usefulness. But first, my success story:

    Today, I basically stayed home all day and fooled around with BT on my laptop and desktop pc. After not having too much luck in cracking an ap I have authorization over down the street, I moved on to something else. In fact it started last night. After watching a video or 2 (of the torrented videos), I took a liking into discovering how can his "metasploit" be used. So the tools of my arsenal consisted of:

    1.) Nmap
    2.) Nikto.pl
    3.) Host
    4.) Metasploit

    Here is a brief definition of each program, in a nutshell:

    Nmap
    Nmap is a great great port scaner. It has methods of bypassing firewalls and other defensive tactics to get to its goal. Sometimes it can take a while, depending on what host, and what that system has on defensively. It has many options/


    Nikto.pl
    A littler known tool compared to Nmap, Nikto.pl is another type of scanner. This tool scans an ip, and prints out its vulnerabilities. By vulnerabilities, I mean:
    1.) Outdated software
    2.) The software version, and if it has a security flaw or weakness.
    3.) Links (e.g. if a site like ebay.com had something like "ebay.com/cgi-sys/adminpass.pwd", it would find the "cgi-sys/adminpass.pwd")

    This is just some of what Nikto.pl can do, and of course the great thing is it comes with BT. Just dont try to run it from konsole by just typing Nikto.pl lol.


    Host
    This little tool finds the ip address of domains and all that good stuff.


    Metasploit
    The grand master of them all. This tool is like a huge library of exploits, where you can look up (in the library sense) a particular exploit/genre, and find all the hacks/books for that exploit/genre.

    As you can see, all these tools work in great conjunction with each other.

    I first used host on the site to gets its ip, then ran it through Nmap to find any open ports. The results was that the site I targeted had over a hundred ports, all open (if anyone is good at this I can share the site and you can teach me something xD), from the pop3, https, and more.

    I then ran it through nikto.pl on its https port, and found over 25 weakness and vulnerabilities (along with different urls to attach to its .com/ . Some brought me to mysql query lines, some to admin logins etc. Very useful Nikto.pl is ;p)

    I then passed along all the mysql vulnerabilities and the rest to my friend who has "cracked" and "hacked" this site much (its a game site, and he gets like uber levels, money etc). He is a wiz at mysql, and has done everything he has WITHOUT tools and with windows ( he has NEVER ran linux, but will soon!).

    He has yet to fool with them, but I know he will find more things. Ok, now on to the second day!

    The second day was comrpised of Me staying home, and sharing this info with him. After that (and him going to play Prey Demo and WoW), I began to also remember a vid i saw, where this guy breaks into a bank server, and edits his account with more money (it runs windows 2000). I thought this was cool, but of course i'd never try to do illegal things like that. And even so, a bank is highly illegal, and shouldn't be done by no one but those who know what they are 100% doing.

    After seeing this, I fired up Metasploit and learned about how you can update it, and its nice web-gui version. Like they say its a "Script Kittie/Script Kiddy/Script Kiddies Wet Dream". Why? Well it :

    1..) Has every exploit known to the public
    2.) It's as easy as point and click (still requires knowledge though).

    So, I tried it on my Laptop, under Windows XP. The one I wanted to try in the videos wasn't there. It was about some graphics layer, and it would send a .wmf file and get commad prompt. After trying a few others, I got distressed as how none worked, but then like everything else, it all made sense after a while.

    I learned more, and then learned how this tool work. I found an exploit (name upon request) which listens on a port. You give someone that link that its listening to (this is a local exploit only), and when they goto it (any Firefox and IE should work. Not opera), it'll dload a file, and open it in the picture viewer that's built into XP. It'll say its generating a preview but it isn't.

    The payload i picked was to get shell, and of course I did. I tried executing some commands and of course it worked. Next I tried vnc injection for remote vnc and it worked. The only problem I had was that if it was done for secrecy, it pulls up a command prompt, and that browser and/or file must stay open. I'm sure this is ok for servers though.

    But how would you get someone or a computer to open it by itself?Good question. There are ways but I will not discuss that here.



    From this little experience, I've come to know how such powerful tools and methods can be bad in the wrong hands. I myself just love to read and know how to do things, then test them to see if they do work, instead of going out and cracking everything I can get my hands on.

    I hope you found this informative if you decided to read it lol.

  2. #2
    Junior Member
    Join Date
    Feb 2006
    Posts
    75

    Default

    Very well written thread Yes very informative, but ? the machine you tried it on, was it XP Home or Pro and SP2? I've yet to find any exploit with metasploit to work on SP2 Home or Pro.

  3. #3
    Junior Member
    Join Date
    Jun 2006
    Posts
    61

    Default

    Quote Originally Posted by G-Stress
    Very well written thread Yes very informative, but ? the machine you tried it on, was it XP Home or Pro and SP2? I've yet to find any exploit with metasploit to work on SP2 Home or Pro.
    it was SP1 xD.

    and yeah i know what you mean lol. There was one REALLY good one, and as it says EVERYONE used it. that Microsoft DCOM one. But i guess everyone has it patched. That to me seemed the best because it explited remotely, exploited like every version of wimblows, and it did it auto (As in no need for anyone to click a link). That sounds too powerful because of its easiness really ;-O

  4. #4
    Junior Member
    Join Date
    Feb 2006
    Posts
    75

    Default

    yea that was a really good one. I was also successful wit that on an XP Machine.

  5. #5
    Junior Member
    Join Date
    Apr 2006
    Posts
    39

    Default

    Quote Originally Posted by G-Stress
    Very well written thread Yes very informative, but ? the machine you tried it on, was it XP Home or Pro and SP2? I've yet to find any exploit with metasploit to work on SP2 Home or Pro.
    the wmf sploit works with sp2 but that does require interaction from the victim

    and uptodate AV will pick it up and there is a seperate ms patch for it now

    but you one of the video tutorials out there has it as a 0-day

  6. #6
    Junior Member
    Join Date
    Feb 2006
    Posts
    75

    Default

    Quote Originally Posted by CurioCT
    the wmf sploit works with sp2 but that does require interaction from the victim

    and uptodate AV will pick it up and there is a seperate ms patch for it now

    but you one of the video tutorials out there has it as a 0-day
    They have a video of this exploit entitled 0-day? I'd like to check that out I tested a XP Home SP2 machine with the web gui on just about every exploit and it always came back not vulnerable, but that was a while ago.

  7. #7
    Junior Member
    Join Date
    Jun 2006
    Posts
    61

    Default

    Quote Originally Posted by G-Stress
    They have a video of this exploit entitled 0-day? I'd like to check that out I tested a XP Home SP2 machine with the web gui on just about every exploit and it always came back not vulnerable, but that was a while ago.
    im guessing the wmf is in metasploit? I seen a v ideo with it from iron geek, BUT my metasploit (even ran update) didn't have it..

    I'm sure i could dload it from SecurityFocus but then i can't run it, or I messed it up somehow. But i might try tomorrow. For tonight I want to make my ap wpa, and crack it ;D

  8. #8
    Junior Member
    Join Date
    Feb 2006
    Posts
    75

    Default

    I was actually asking CurioCT if that's what he was saying. That they have a video on that exploit and it's entitled "0-day". The only video I've seen on metasploit was the dcom one that's patched in SP2. I think I'ma do some searching on that now and see what I can find

  9. #9
    Junior Member
    Join Date
    Jun 2006
    Posts
    61

    Default

    Quote Originally Posted by G-Stress
    I was actually asking CurioCT if that's what he was saying. That they have a video on that exploit and it's entitled "0-day". The only video I've seen on metasploit was the dcom one that's patched in SP2. I think I'ma do some searching on that now and see what I can find
    this should be it
    or that's the only one I ever watched

  10. #10
    Junior Member
    Join Date
    Apr 2006
    Posts
    39

    Default

    Quote Originally Posted by baalpeteor
    this should be it
    or that's the only one I ever watched

    it actually a repack of the original but yes basically the same video
    yes is does work from the web gui

    use the drop down and select app:wmf (it will be there)

    howver like I say though sp2 might not pick it up there is a seperate gdi patch and most decent AV will pick it up now

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •