RE: Hacking Demo and Test Lab

From: Cure, Samuel J (scure@kpmg.com)
Date: Fri Jun 11 2004 - 16:21:11 EDT

• Next message: Jerry Shenk: "Nmap results in spreadsheet format"
• Previous message: Chuck Herrin: "RE: Wireless pentesting requirements"
• Maybe in reply to: raza sharif: "Hacking Demo and Test Lab"
• Next in thread: Ben Nagy: "RE: Hacking Demo and Test Lab"
• Reply: Ben Nagy: "RE: Hacking Demo and Test Lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Or have the remote system running VNC anyway. Then connect to the remote
registry with credentials and decrypt the VNC password using Cain, then
connect.

Samuel J. Cure
KPMG LLP, Risk and Advisory Services
303 Peachtree Street, Suite 2000
Atlanta, GA 30308
mobile: 404.861.9436 - office: 404.222.3043

-----Original Message-----
From: Victor Chapela [mailto:victor@sm4rt.com]
Sent: Friday, June 11, 2004 2:00 PM
To: 'raza sharif'; pen-test@securityfocus.com
Subject: RE: Hacking Demo and Test Lab

I am not sure about VMWare, I also had some problems running demos
consistently and decided to use a separate machine.

I usually do my demos with a similar configuration XP -> 2000.

A good 5 min sketch is:
- get a remote shell using Jill, iis5hack or dcomexploit
- You end up as NT Authority/SYSTEM in all cases, therefore you can add
yourself as an administrator
- connect to the admin$ share using your new credentials
- dump the SAM file with pwdump3
- crack some hashes using john
- copy winvnc to system32
- add your vnc password to the remote registry
- install and start winvnc remotely
- start a VNC session

Even though you will rarely need to install vnc while pen testing, I have
found that for demos it is a very good way to get the point through.

Good luck

Victor

-----Original Message-----
From: raza sharif [mailto:raza@raza.demon.co.uk]
Sent: Friday, June 11, 2004 6:42 AM
To: pen-test@securityfocus.com
Subject: Hacking Demo and Test Lab

Hi Folks ,

Im doing some advanced Hacking Demos for management and also Corporates etc.

I have a installed windows 2000 server and iis 5.0 on VMWARE GSX server.

Im using Webdav and other exploits that all basically should spawn a shell
using netcat.

Im using XP as my attacking machine.

Prob at the moment is Netcat will not spawn a shell regardless of what i
try.

Any ideas ? i checked the install it is windows 2000 500.1295 no reference
to service packs etc. it's a default install.

Also what are good demo's etc to run to show real hacking on windows 2000 ,
iis etc..that i can get to work

thanks

Raza

Raza@raza.demon.co.uk

*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************

• Next message: Jerry Shenk: "Nmap results in spreadsheet format"
• Previous message: Chuck Herrin: "RE: Wireless pentesting requirements"
• Maybe in reply to: raza sharif: "Hacking Demo and Test Lab"
• Next in thread: Ben Nagy: "RE: Hacking Demo and Test Lab"
• Reply: Ben Nagy: "RE: Hacking Demo and Test Lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:56 EDT