Metasploit mailing list archives
Defcon 15 Speech - Trying to *borrow* the demo
From: angelisonline at gmail.com (Mr Gabriel)
Date: Sat, 22 Sep 2007 13:04:25 +0100
Hey guys, I've been watching the speech that HDM, and Valsmith gave at defcon, and I want to try and emulate the demo they did at the end. I know HDM, and Val are probably reading this email anyway, so a quick message to them - I'm not trying to steal your demo... okay, well I am, it was just such a powerful demo, you guys made it seem so easy to own an entire network. Okay, what I got so far, is this. Preparation: Running, working socks service Running, working apache service Running, working squid service, with transparent proxying Step One:- Inject DNS name WPAD Step Two:- Redirect them to your own spoofed site, regardless of what website they try go to. Aim is, to get them to create an SMB connection back to you. Step Three:- Get them to provide you with their password for connecting to shares Step Four:- Using that same password, connect back to them, and upload your shellcode Step Five:- When the shell code runs, it should connect back to you, giving you remote access to the entire system. Feel free to correct my mistakes, and stuff like that - add extra techie details, laugh at my stupidness, whatever! So long as we end up with a working writeup, that maybe we could all take to work, and land a few more clients :)
Current thread:
- Defcon 15 Speech - Trying to *borrow* the demo Mr Gabriel (Sep 22)