Network Hacking ?

[rocker]

Hey guys,

Its first time am posting here. I just joined yesturday.

Ok i have few questions. I have like 6 computers attached to my home network most of them with cable and not with Wlan and only my laptop ist connected to Wlan.

anyway my question is if there is a way i can hack files and docments from computer which is connected to same network as my computer? I would really like to try this with my own network (offcourse just for security purposes)

now i know the old school way with netbios and stuff but it only works IF firewalls arent active i have already done that and it worked for but then once firewall is active netbios hack dont really work.

So i was wondering is there any other way to by pass those firewall? any kind of software ??

R.

[Mr-Protocol]

I'd suggest looking into Metasploit.

I prefer to use Metasploit on Linux, but it has a windows version.

[rocker]

I'd suggest looking into Metasploit.

I prefer to use Metasploit on Linux, but it has a windows version.

hmm i will def try it

can it by pass firewalls as well ?

any kind of windows can be hacked through it? xp , vista or 7 it doesnt matter right?

[digip]

I've never been any good with Metasploit, haven't put the effort into learning it really, but this is probably the best starter kit for someone learning it and wanting to test their own lan: http://www.offensive-security.com/metasploit-unleashed/

Its a free training course on Metasploit.

[Mr-Protocol]

It should work with firewalls or not. I installed an XP machine in VirtualBox as was able to access it without turning off firewalls and such using metasploit. I've given a few presentations on Metasploit for my networking forensics classes.

[rocker]

thanks def worth checking

i once hurd about this tool but i never really used it before !!

1 more question what about the language barrier i mean some of the tools i know have problems with language barrier i mean some english ones cant really hack host if it has other language like german or spanish !!

Edited August 27, 2010 by rocker

[rocker]

oh you seem to know alot bout the software then..

ok i have tried using this software it looks quite simple to me

i tried 1 exploit called ms08_67_ntapi

i tried it on a host computer with win 7 prof and it says

exploit completed but no session was created !!

maybe win7 is 2 secure for the software? ;)

but somthing similar came on windows xp

any idea why would it do that? i put the firewalls and every security feature on high alert on every system of mine and i tried with 2 of them so far and it didnt work it says the same thing

[Mr-Protocol]

Most of the built in exploits in metasploit have been patched. They are known vulnerabilities. But if you know Ruby you can code your own exploits, or see if someone has made a module.

To begin learning to play with it, I'd suggest using a Windows XP SP0 or as low as you can get on updates as the test system.

[rocker]

Most of the built in exploits in metasploit have been patched. They are known vulnerabilities. But if you know Ruby you can code your own exploits, or see if someone has made a module.

To begin learning to play with it, I'd suggest using a Windows XP SP0 or as low as you can get on updates as the test system.

roger that i will try it on my old laptop it has old xp installed...

i am using this software with vista right now and its connected to network through Wlan !

i have updated metaexploit as well but still problem is there.

the weird thing is on xp it does everything fine

right in the end it says no session was created

but on win7 it says unknow language pack

oh well am kind of very new with this software gotta have to play with it for few weeks to learn it in detail...

[BattZ]

The ms08_067_netapi exploit doesn't work with vista or win 7, and I recently found out it doesn't work with a fully patched XP SP3 install either(works on an unpatched sp3 install though). It might be more beneficial, if your serious about getting into this type of thing, to learn more about the exploits rather then just run them blindly and hoping it will work. Within the metasploit exploit, you can type 'show targets' and it will show you what is susceptible to that exploit.

And a side note, with ms08_067_netapi you need to disable the computer firewall, one way or another.

[rocker]

The ms08_067_netapi exploit doesn't work with vista or win 7, and I recently found out it doesn't work with a fully patched XP SP3 install either(works on an unpatched sp3 install though). It might be more beneficial, if your serious about getting into this type of thing, to learn more about the exploits rather then just run them blindly and hoping it will work. Within the metasploit exploit, you can type 'show targets' and it will show you what is susceptible to that exploit.

And a side note, with ms08_067_netapi you need to disable the computer firewall, one way or another.

oh see maybe thats why !! all of the computers in my network are fully updated !!

is there any good exploit which can penetrate the latest setting on all 3 windows? ( xp, vista, win7).

i only know a tiny bit about the power of exploits but really only a tiny bit not in too much detail because its very hardcore hacking stuff but i def am gnna try to learn more about them

[Infiltrator]

1. Metasploit its one way to not only test your computers for security weaknesses but a great way to achieve what you want to do.

2. Null session Shares, http://support.bigfix.com/bes/misc/null_session_share.html (Since you own the computers, I am assuming you must know the administrator password for the computers, so executing a null session attack should be easy).

[digip]

Combine http://www.exploit-db.com/ with Metasploit

[rocker]

oh see maybe thats why !! all of the computers in my network are fully updated !!

is there any good exploit which can penetrate the latest setting on all 3 windows? ( xp, vista, win7).

i only know a tiny bit about the power of exploits but really only a tiny bit not in too much detail because its very hardcore hacking stuff but i def am gnna try to learn more about them

thanks for the link

will check that out !!

yes i know the password and that is what makes it easy for me to penetrate my own pcs but the thing is if total stranger from outside can do it thats the real test !!

e.g where i live in this area you can connect to networks pretty easily and i have 6 computers running on my network so my network will be like a honey pot for any hacker even though my wlan is protected thru wpa-psk but we all know how easy it is to hack the password from it and once it is exposed the whole network is out there for hackers mess around with and thats where the big question comes a tool or tool which can penetrate it all !! like firwalls, passwords all windows etc

now i know exploits are one of the best options and as far as i learned you can do pretty nasty stuff with it specially metasploit but i am not able to penetrate my win7 prof and win xp sp3 patched with it which i believe is a good thing ;) but i know there are hackers out there with much more knowledge specially people like you guys.

nowi will try with the links you guys provided me i know the passwords i will try with them and see what happens ;)

1. Metasploit its one way to not only test your computers for security weaknesses but a great way to achieve what you want to do.

2. Null session Shares, http://support.bigfix.com/bes/misc/null_session_share.html (Since you own the computers, I am assuming you must know the administrator password for the computers, so executing a null session attack should be easy).

aite thanks buddy

[Gianluca]

metasploit is a good choice

also, check out the pineapple (here). It can trick other computer wifi card to associate to your pineapple instead of the legitimate AP, then you can do whatever you want, some MITM attacks and so on...

[rocker]

metasploit is a good choice

also, check out the pineapple (here). It can trick other computer wifi card to associate to your pineapple instead of the legitimate AP, then you can do whatever you want, some MITM attacks and so on...

but its only for snffing right ?

its not for hacking into other computers in same network

[Infiltrator]

but its only for snffing right ?

its not for hacking into other computers in same network

You can do a lot more than just sniffing.

1. You can perform ARP poisoning (Redirect a user to another website, eg malicious one)

2. You can hijack web browser sessions.

3. You can sniff sensitive information, like passwords if you use SSLStrip,

In a sense you are right, its more used for sniffing.

But you can collect a lot information about a particular device or user on a network.

And once you have this information, you can plan ahead and decide what kind of attach to unleash.

Edited August 29, 2010 by Infiltrator

[Gianluca]

1. You can perform ARP poisoning (Redirect a user to another website, eg malicious one)

ARP poisoning redirects hosts in the same network (used most of the time to perform man in the middle attacks), what u mean is dns poisoning

[Infiltrator]

ARP poisoning redirects hosts in the same network (used most of the time to perform man in the middle attacks), what u mean is dns poisoning

i knew was called something else, but couldn't remember at the time of the post.

Thanks for correcting that up.