Jump to content

Need help with Nmap & Metasploit possible with USB hacks


laker8133

Recommended Posts

I am currently taking Computer Security and Investigations at Fleming College.

We have a pentration course in which you have to hack into a remote machine and crack the Sam file.

With the help of nmap we are able to find the computers on the lab and metaspoilt helps us exploit them. We normally use Backtrack, Auditor.

My question to you guys is , with the USB hacksaw stuff coming out locally cracking a host machine. Would it be possible with using nmap as well modifiying the hacksaw so that you can get the all the sam files in the sam subnet?

I do realize that there are versions of Nmap for the U3 as well as Metasploit framework is made for Windows as well.

Thanks for taking the time to answer my question

Paul

Link to comment
Share on other sites

wow ok so first of all , what are teh minimum requirements for the coarse ?

(am currently doing (5th year) kantoor , in 2 years elab and thinking bout continuing study's ... originally did commerce but flunked for french ...)

anyway seeing nmap is a commandline application i presume u'll b able to make a batch script to pass commands to it ....

metasploit hower i have my doubts about , i kno there is some batch functionality but .... aww hell the other guys here can help u further and give some better advise .... the key with the hacksaw and switchblade is just linking stuff up with batch and vbs scripts so if this can be done with metasploit and nmap then they can be used in a switchblade / hacksaw .

greets , DLSS

(my bet for person with best advice is VAKO :P)

Link to comment
Share on other sites

Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password.

Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know.

Well any how to guides, or any points in the right direction would be nice.

I have the memorex u3 travel drive and I'm willing to experiment.

Thanks

Paul

Link to comment
Share on other sites

Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password.

Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know.

Well any how to guides, or any points in the right direction would be nice.

I have the memorex u3 travel drive and I'm willing to experiment.

Thanks

Paul

I'm sure it could be done. Just use Nmap to scan and save the results in a file, then use metasploit to exploit the hosts you want and retrieve the SAM-file, maybe sending an FTP-upload command as the payload. You can't really use win32_reverse or win_reverse_vnc_inject if you want to automate it. I'd go for a simple command as the payload instead.

EDIT: Forget about FTP, I just realized it was the SAM-file you're after, you can't copy the SAM-file like that. No you'd have to upload a program like pwdump2, dump the hashes and then get them back to your computer. I guess you could use win32_exec to do all that, using FTP, TFTP or whatever tools you have availiable. I know meterpreter can dump the hashes too but I'm not sure it can be automated.

EDIT2: Or how about using win32_adduser, adding a new user and than using pwdump4 or whatever version supports dumping the hashes over the network with the user and pass from your new user. There's definitely ways you can do this just experiment some and learn about the tools and you should be able to do it.

Link to comment
Share on other sites

You can copy out the sam file directly, It's saved under Windows / system32 /restore. That a back up incase the one the current one has issues.

Anyways just trying to get some ideas, bascially, Pentesting is cool and all I just wish I could go automatically.

I will try some things you guys talk about Monday as it will be a Fun time to try it :D

Thanks for the advice. All advice is welcomed

Link to comment
Share on other sites

You can copy out the sam file directly, It's saved under Windows / system32 /restore. That a back up incase the one the current one has issues.

Anyways just trying to get some ideas, bascially, Pentesting is cool and all I just wish I could go automatically.

I will try some things you guys talk about Monday as it will be a Fun time to try it :D

Thanks for the advice. All advice is welcomed

Yeah you can, but as far as I have seen that backup SAM-file is usually much smaller and doesn't contain the same data as the original SAM-file. And infact, looking at my own computer, there's not even a SAM file in the restore-folder at all. But that's just what I've experienced.
Link to comment
Share on other sites

Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password.

Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know.

Well any how to guides, or any points in the right direction would be nice.

I have the memorex u3 travel drive and I'm willing to experiment.

Thanks

Paul

dude learn to use the meterpreter it the most powerful payload but for quick work the vnc payload is good.

Link to comment
Share on other sites

Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password.

Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know.

Well any how to guides, or any points in the right direction would be nice.

I have the memorex u3 travel drive and I'm willing to experiment.

Thanks

Paul

dude learn to use the meterpreter it the most powerful payload but for quick work the vnc payload is good.

Meterpreter is great, like I said before you can dump the hashes right from it and much more. But can you automate/script it? Not as far as I know.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...