Page 2 of 13 FirstFirst 123412 ... LastLast
Results 11 to 20 of 122

Thread: Own Full patched XP box via HTTP

  1. #11
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    Quote Originally Posted by Deathray View Post
    And by the way, I think you should lookup the rules about links in signatures.
    I'm not sure if plain-text links are allowed. Just trying to keep you out of trouble
    it was not plain text .. it was encoded your browser just decoded it for you ;P
    it was removed by mods I guess I replaced it with my other sig

  2. #12
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    So mcurdy.com is your website. I wondered why you recommended them so much.
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  3. #13
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    ;0

    yep I dont care about hits its just a simple fast way for me to put what I want in what ever format I want because its my site.

    in fact I block 90%+ of search bots etc my filters are insane

    some times I just sit and watch the traffic and ban agent tags that I don't like

    dynamic signature


    if anybody wants one let me know

  4. #14
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    12

    Default

    Most of you guys need to understand Access Control in windows, you wonder why you don't get in? smb_relay if you were to look over HD Moore Presentation from Defcon 15 titled "Tactical exploitation" and a few Hacking Exposed books later you would have a clue. But seriously smb_relay works in just about any windows os when it has been weakened (ie: setting for a windows Domain (Active Directory)) if you wanted this to work from default, use a Win2k box. (Pro/ server does not matter) The reason it works on 2K is because of access control, read up about it! If I was to apply the same Domain security settings on a Fully patched XP box you would have your shell, compared to a Fully Patched XP box with no weakened Domain setting applied.

    To test this out: In windows XP Pro:

    1) START > RUN > secpol.msc

    2) Find 'Local Policies' > 'Security Options'

    3) Now lets make some changes:

    Network Access: DO not allow Anonymous enum of SAM accounts: Disable

    Than find: Network Access: Sharing and security model for local accounts.

    In the dialog box, select option to Classic – local users authenticate as themselves.

    Have port 139 and 445 showing as well! THAN reboot!


    Enjoy

  5. #15
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    It works fine on fully patched XP box just not in firefox

  6. #16
    Member
    Join Date
    Jun 2006
    Posts
    107

    Default

    Dears,

    I have a question about this exploit. As I understood, it is working by forcing the victim to access a share in the attackers PC. and since the authentication for the victim will fail, a pop-up windows will ask the victim to enter the credintials. And he will enter his by default.
    My question, will the exploit use the entered credintials to load the payload? Since I have tried it on my lab, and the popup windows was shown at the victim side, however in the Metasploit console always I was getting authentication failed, I simulated it through launching the smb_relay in the attacker machine, and from the vicitim machine, I entered \\attacker_IP\ in the browser.

    Thanks in advance,

  7. #17
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    12

    Default

    Hi, You should not need to enter any Credentials on the victims side, try using a weaker win2k sp4 box as a test and you will see. btw authentication failed is a good thing, this is what the entire attack is based on.

    Quote Originally Posted by l1nuxant_ee View Post
    Dears,

    I have a question about this exploit. As I understood, it is working by forcing the victim to access a share in the attackers PC. and since the authentication for the victim will fail, a pop-up windows will ask the victim to enter the credintials. And he will enter his by default.
    My question, will the exploit use the entered credintials to load the payload? Since I have tried it on my lab, and the popup windows was shown at the victim side, however in the Metasploit console always I was getting authentication failed, I simulated it through launching the smb_relay in the attacker machine, and from the vicitim machine, I entered \\attacker_IP\ in the browser.

    Thanks in advance,

  8. #18
    Member
    Join Date
    Jun 2006
    Posts
    107

    Default

    Hi, You should not need to enter any Credentials on the victims side, try using a weaker win2k sp4 box as a test and you will see. btw authentication failed is a good thing, this is what the entire attack is based on.
    Thx for the info. does this attack work on both workgroup and domian environment, as what I have tested is a workgroup PC.

  9. #19

    Exclamation **Samsungs Video of OWNING A FULLY PATCHED XP**

    Hi All,

    After reading the posts here I thought I'd make a video to try show what's being done, there are a lot of questions on if this can be done or not, so I have spent the last few mins getting a video prepared.

    THIS IS A VIDEO ON A FULLY PATCHED XP SYSTEM WITH FIREWALL ENABLED, NO HIDDEN SERVERS ETC ARE BEING USED, JUST A SIMPLE REVERSE_TCP PAYLOAD

    Credit to operat0r for posting the tutorial & to keep things simple I have used the smb.rc (filtered with etterfilter) & smb.filter as per THIS 1ST POST

    **OBVIOUSLY CHANGING MY IP ADDRESS**

    So without further ado, sit back & watch my video HERE

    Please feel free to give any feedback good or bad, as it only takes a few mins for you to watch it, but a lot of hard work goes into making these videos

  10. #20
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    12

    Default

    Read my post up the page. #14 As you can see, Domain only.

    Quote Originally Posted by l1nuxant_ee View Post
    Thx for the info. does this attack work on both workgroup and domian environment, as what I have tested is a workgroup PC.

Page 2 of 13 FirstFirst 123412 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •