|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Hacking Demo and Test Lab
From: Cure, Samuel J (scure
kpmg.com)
Date: Fri Jun 11 2004 - 15:21:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Or have the remote system running VNC anyway. Then connect to the remote
registry with credentials and decrypt the VNC password using Cain, then
connect.
Samuel J. Cure
KPMG LLP, Risk and Advisory Services
303 Peachtree Street, Suite 2000
Atlanta, GA 30308
mobile: 404.861.9436 - office: 404.222.3043
-----Original Message-----
From: Victor Chapela [mailto:victorsm4rt.com]
Sent: Friday, June 11, 2004 2:00 PM
To: 'raza sharif'; pen-testsecurityfocus.com
Subject: RE: Hacking Demo and Test Lab
I am not sure about VMWare, I also had some problems running demos
consistently and decided to use a separate machine.
I usually do my demos with a similar configuration XP -> 2000.
A good 5 min sketch is:
- get a remote shell using Jill, iis5hack or dcomexploit
- You end up as NT Authority/SYSTEM in all cases, therefore you can add
yourself as an administrator
- connect to the admin$ share using your new credentials
- dump the SAM file with pwdump3
- crack some hashes using john
- copy winvnc to system32
- add your vnc password to the remote registry
- install and start winvnc remotely
- start a VNC session
Even though you will rarely need to install vnc while pen testing, I have
found that for demos it is a very good way to get the point through.
Good luck
Victor
-----Original Message-----
From: raza sharif [mailto:razaraza.demon.co.uk]
Sent: Friday, June 11, 2004 6:42 AM
To: pen-testsecurityfocus.com
Subject: Hacking Demo and Test Lab
Hi Folks ,
Im doing some advanced Hacking Demos for management and also Corporates etc.
I have a installed windows 2000 server and iis 5.0 on VMWARE GSX server.
Im using Webdav and other exploits that all basically should spawn a shell
using netcat.
Im using XP as my attacking machine.
Prob at the moment is Netcat will not spawn a shell regardless of what i
try.
Any ideas ? i checked the install it is windows 2000 500.1295 no reference
to service packs etc. it's a default install.
Also what are good demo's etc to run to show real hacking on windows 2000 ,
iis etc..that i can get to work
thanks
Raza
Razaraza.demon.co.uk
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]