Penetration Testing mailing list archives

RE: Hacking Demo and Test Lab

From: Meidinger Chris <chris.meidinger () badenit de>
Date: Mon, 14 Jun 2004 16:37:01 +0200

I am also quite fond of dameware for this.

If you are using, for example, the metasploit framework, just select the
payload to be useradd, and you get a user named X.

Then have dameware install its remote control using those credentials, and
bingo. goes faster for an audience with little time.

Chris Meidinger

-----Original Message-----
From: Victor Chapela [mailto:victor () sm4rt com] 
Sent: Friday, June 11, 2004 8:00 PM
To: 'raza sharif'; pen-test () securityfocus com
Subject: RE: Hacking Demo and Test Lab

I am not sure about VMWare, I also had some problems running 
demos consistently and decided to use a separate machine.

I usually do my demos with a similar configuration XP -> 2000. 

A good 5 min sketch is:
- get a remote shell using Jill, iis5hack or dcomexploit
- You end up as NT Authority/SYSTEM in all cases, therefore 
you can add yourself as an administrator
- connect to the admin$ share using your new credentials
- dump the SAM file with pwdump3
- crack some hashes using john
- copy winvnc to system32
- add your vnc password to the remote registry
- install and start winvnc remotely
- start a VNC session

Even though you will rarely need to install vnc while pen 
testing, I have found that for demos it is a very good way to 
get the point through.

Good luck

Victor

-----Original Message-----
From: raza sharif [mailto:raza () raza demon co uk]
Sent: Friday, June 11, 2004 6:42 AM
To: pen-test () securityfocus com
Subject: Hacking Demo and Test Lab

Hi Folks , 

Im doing some advanced Hacking Demos for management and also 
Corporates etc.

I have a installed windows 2000 server and iis 5.0 on VMWARE 
GSX server.

Im using Webdav and other exploits that all basically should 
spawn a shell
using netcat.

Im using XP as my attacking machine.

Prob at the moment is Netcat will not spawn a shell 
regardless of what i
try.

Any ideas ? i checked the install it is windows 2000 500.1295 
no reference
to service packs etc. it's a default install.

Also what are good demo's etc to run to show real hacking on 
windows 2000 ,
iis etc..that i can get to work

thanks

Raza

Raza () raza demon co uk

Current thread:

Re: Nmap results in spreadsheet format, (continued)
- - - Re: Nmap results in spreadsheet format Bill Z. (Jun 19)
- Re: Hacking Demo and Test Lab Pablo Sisca (Jun 14)
  - Re: Hacking Demo and Test Lab s b (Jun 15)
- Re: Hacking Demo and Test Lab Alberto Gonzalez (Jun 28)
- RE: Hacking Demo and Test Lab Grissett, Chris CONT Ciber (Jun 11)
- RE: Hacking Demo and Test Lab Grissett, Chris CONT Ciber (Jun 11)
- Re: Hacking Demo and Test Lab Martin Wasson (Jun 11)
  - Re: Hacking Demo and Test Lab Mr Harry! (Jun 14)
- RE: Hacking Demo and Test Lab Cure, Samuel J (Jun 14)
  - RE: Hacking Demo and Test Lab Ben Nagy (Jun 14)
- RE: Hacking Demo and Test Lab Meidinger Chris (Jun 14)
- Re: Hacking Demo and Test Lab Martin Wasson (Jun 16)