Sunday, September 30, 2012

how to backdoor a windows7 using armitage


how to backdoor a windows7 using armitage

I think if a user knows how and by what method his system can be compromised he can protect himself better by preventing others fom exploiting him/her.  



hacking into a windows system physically using backtrack


Hacking into windows system once you have a physical access to the machine.
this will work on any windows system with windows7 ultimate and older.

Note: that where ever I've used '  single quotes the content within it is meant to be typed on the interface

Perquisites : 

  1. A system with a windows OS.
  2. A backtrack 4 or above Live Distribution in a bootable media.
Boot BackTrack live distribution on the system once loaded up enter the following commands

# cat /etc/fstab

if the output is just about two lines it means that your drive isn't loaded up yet
and you'll have to load them up by yourself

#vi /etc/fstab

in the vi editor add the lines to what ever is existing there do not modify the existing lines
if the below line is already present skip this step

' /dev/sda2 /media/hdd ntfs 0 0 '

and save the file (to save it hit escape and type ' wq ' )

the next line to create a directory for the media

' #mkdir media/hdd '

to mount the drive 

' #mount dev/sda2 '

now to enter into the password menu

' #chntpw -i /media/hdd/Windows/System32/config/sam '

From here on its a interactive text menu so guess things from here will be easy

to exit the menu type ' ! '

you 'll get a quote what to do ? [1] -> 

enter ' q '

and confirm your changes by typing ' y '

to exit

type the below to rebot

' #reboot '



Saturday, September 29, 2012

Hide your Foot Prints

Simply running traffic on any network is trouble if your working your scans on a enterprise level i suggest you to change your mac address and ip and even hostname .And to use the internet or browse any site that can trace back to you. You could have just about done nothin but certain actions on the internet are considered more hostile from a  security personnel's view.


  • Change your IP address and Hostname
  • Change your MAC address
  • Anonymize 



1.Changing ip and hostname guess you people know atleast that much :P .

2.Changing the mac address

Go to Control Panel\Network and Internet\Network Connections

  • select adapter settings
  • go to properties of the adapter where the mac is to be altered


  • click on configure button below the connect using textbox.
  • in the new frame being opened go to the advanced tab
  • in the property menu select 'Network Address'
  • in the value text box just type about anything and that will become your current mac address
  • you'll have to restart the system or the just the adapter is enough for the change




Note: you cannot change the mac address of a WiFi adapter but you can bridge it to a Ethernet port and change its mac address.


3.Anonymize 

 It is necessary that no one traces back to us using anonymizers like TOR keep us safe from being detected. They use onion routing Technology so by the time your in and out of a network they would still be trying to find the region where your getting access from. TOR and other such anonymizers make the net slow due to the levels of encryption each packet uses . but for our purpose that speed is all that is required for transmitting plain text over the network.
other anonymizers are ultrasurf. But still they don't work as good as TOR

TOR : https://torproject.org/download/download

UltraSurf: http://ultrasurf.us/download/u.zip

Target Machine

The First Step to do when one has decided to hack a machine is to understand  its structure. I'll explain you the basic things that i look for when taking over a windows network.


  1. IP address
  2. Hostname
  3. Operating System (OS)
  4. Open Ports
  5. Connected Devices
  6. Network Hierarchy
1&2. IP address and Hostname
IP address If the machine is connected with your system then using an IP scanner you must be able to find the IP of the target system. 

angryipscanner

The Hostname comes up along with the IP address.
IF on a shared or if the target machine is a client system under a server this would help you guess the servers name.

3.Operating System
The next would be to use nmap for scanning the target for vulnerabilities 



This shows the result of an nmap scan on the IP address 192.168.40.79 using a OS fingerprint scan using the command " nmap -O targetIP ".
now this helps you to categorize your attack strategy now that we know wt OS is running on the system.

4.Open Ports

Using the nmap predefined scan you can scan the states all the ports i suggest you to scan only the common ports since the other could take a lot of time. Using the intense scan option or the command "nmap -p 1-10000 -T4 -A -v targetIP " to scan the ports from 1- 10000.


This scan gives a complete detail on how can the target can be approached for a take over.

5.Connected Devices

It is good to look for connected devices over the network one can easily escalate those privileges. Consider the user using a shared storage then he has to give his credentials to access the storage this can be exploited by sniffing the data over the network.

6. Network Hierarchy

Its best when we know the structure of the network this could help in escalating privileges. Using commands like tracert to trace-route is used to identify the structure of the current model

This allows you to further work on connected modules you can also choose other targets to enhance your range of attack or to gain access to more information repositories.