Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37

Thread: autopwn w/ fast-track.py

  1. #11
    Junior Member dapirates1's Avatar
    Join Date
    Nov 2007
    Posts
    88

    Default

    Updated to latest version , I have posted there thanks for advice sorry for any inconvenience guys.

  2. #12

    Default

    wow that video rocks man! I cant wait to play with that script here, we just set up a windows machine last night too. who made the music track? sounds like Infected Mushroom. awesome ^_^

  3. #13
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    It is infected mushroom.

  4. #14

    Default

    THAT is awesome, all your vids on that site are great man

  5. #15
    Junior Member azagorath's Avatar
    Join Date
    Mar 2008
    Posts
    44

    Default

    nice video , i have a problem with autopwn , it freeze in the middle of the process specially when its try to crack apache server or IIS overflow exploits

  6. #16
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default

    Quote Originally Posted by azagorath View Post
    nice video , i have a problem with autopwn , it freeze in the middle of the process specially when its try to crack apache server or IIS overflow exploits

    It's not crashing, theres just carraige return after that specific exploit, just hit enter and you should see the msf> portion. That means it has completed.

  7. #17
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    14

    Default fast-track working on patched xp?

    Hi,

    I've read a few posts/threads here & proved myself right, this cannot be done on a fully patched xp box right? I've experienced most the 'issues' other members are having, it' will either hang, or just scan my IP address & then give me
    msf>
    I type sessions -l & get nothing, so my question is, will there be a way around this in a later version of BT3?

    My 2nd question is, I've also tried using the meterpreter attack, I watched a few different videos by members, think the 1st one I saw was by pureh@te, good video & looks like a very powerful tool, but again I had no success using this, is it because I am trying to attack my fully patched xp box? Obviously its patched because I want to see how good the tools are in BT, I dont want to have to reinstall xp with no SP just to prove it works, surely there's another way around it?

    I hear you asking, what commands am I typing & where am I going wrong, well I'll show you

    nmap -sV 192.168.1.10

    returns back 139,445 open, new shell I open fasttrack, then option 2, then 3, then type my target IP address, this returns back saying nmap done in 20 seconds, & left with
    msf >

    So I take it my target is safe & cannot be compromised?
    Please say NO & tell me there is away around this

    Many thanks

  8. #18
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    A fully patched XP box is a little harder to compromise however not impossible. To be honest I am one of those people with a pesky set of morals and values that deter me from posting step by step instructions on working exploits. The point of working on older box's is so when you do have a need or a chance to use meterpreter in a pen-test situation you will know WTF you are doing.

    For example: Certain airlines use their own codes and instructions for their computer networks that the handle ticketing and other tasks . Now suppose you want to "hack" them and get a couple of free tickets to Hawaii. So you gain entry to the system, and you get in there and you cant even change directories because you put the cart before the horse and forgot to learn the system commands.

    In any case most of the time systems are compromised by running a vulnerable service that has not been patched. Microsoft has enough money to patch most vulnerabilities before a public exploit is released. (not always though).

    Exploitation is hard work and the wetdream of having a Point-and-Click, No brain needed exploitation platform has only manifested it self in one software so far and that is Core-Impact. For 3,000 dollars a month you can own a licenses to it and it will do all the work for you.

  9. #19
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    1

    Default just wondering

    I had the same problem as acid burn on my fully updated xp box, i wanted to get it exploited without having to have a really out of date msos how ever i would go as far as to oppening some ports on my xp box, so i open up port 135 (cant quite remember), 1025 1026 and 5000 because i saw a few videos and thought maybe fast track had a unique xploit for some of those open ports, i have the fully updated metasploit 3, fasttrack, installed pexpect and sqlite3 and i have not had any luck even after opening some more ports i know for a fact that the ports are open on my xp box (even turned off firewalls like avast and windows firewall) how ever mayb it seems like the ports may not be the only issue, i saw from purehate's post. but if i were to make a service have it operate on an open port and some how make that service spawn a shell that i could use to gain acess to with back track, then i would b able to gain aces to my xp box am i right in thinking so

  10. #20

    Default

    Quote Originally Posted by qu!3t k!d View Post
    I had the same problem as acid burn on my fully updated xp box, i wanted to get it exploited without having to have a really out of date msos how ever i would go as far as to oppening some ports on my xp box, so i open up port 135 (cant quite remember), 1025 1026 and 5000 because i saw a few videos and thought maybe fast track had a unique xploit for some of those open ports, i have the fully updated metasploit 3, fasttrack, installed pexpect and sqlite3 and i have not had any luck even after opening some more ports i know for a fact that the ports are open on my xp box (even turned off firewalls like avast and windows firewall) how ever mayb it seems like the ports may not be the only issue, i saw from purehate's post. but if i were to make a service have it operate on an open port and some how make that service spawn a shell that i could use to gain acess to with back track, then i would b able to gain aces to my xp box am i right in thinking so
    I've not had the chance to try this either as of yet but I will get around to it, however using a different method, I have done & exploited MY fully patched xp system as per video i have shared, However I will agree with pureh@te

    Quote Originally Posted by pureh@te
    A fully patched XP box is a little harder to compromise however not impossible. To be honest I am one of those people with a pesky set of morals and values that deter me from posting step by step instructions on working exploits. The point of working on older box's is so when you do have a need or a chance to use meterpreter in a pen-test situation you will know WTF you are doing.
    I have not used meterpreter before I am currently reading up on some stuff to try get my head around this before I attempt it, maybe somebody else can confirm if they HAVE used it on a fully patched xp system?

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •