Ethical Hacking Episode 1
Target : UTAR Print Server
Time : 21/03/2008
Mission : Print Free
Status : Fail !
Friday, it was a beautiful Friday! I din attend CSA class as I know if go there also wasting time.
It has 1 test and 1 assessment on that day!
Actually that day quite nervous for me...
Where can I go if not attend the class, seriously that is only 1 place can go, it is internet lab. I always spent my free time there. As a result, my internet lab time from 3000 left only 148 mins.(=.=)
In the lab, I did not use my student Id to log in but I prefer to use administrator to log in on the computer instead of log in to the UTAR domain. Why? It is simple , I expect the administrator of UTAR domain wont check out my identity while I am using administrator not student Id. :)
I decide to print out some documents at that time. Well, it is different if you using administrator privilege, you will not get the UTAR printer shortcut on your desktop. So, I need to find the printer myself...
I start to located the printer server, get it \\koa-server
second, ask my partner Calvin to help to get the ip of \\koa-server
Well, it is easy. Just using the ping in the command prompt.
After that, I try to start the Ip
--->In command Prompt
--->Start \\192.168.71.11
It pop up 1 authentication window which ask you to input username and password ?
Opps, What is this all about ?
I was decided to give up that time, but unfortunately I get the username and password on my second guess! Haha.. how lucky was I :P
It is awesome!
--->nbtstat -a 192.168.71.11
Wow, that is great ! The pc had netbios opened!
As a result, I can easily get its C drive.
--->net use z: \\192.168.71.11\c$
Ok. I had get the pc C drive on my computer. I quickly run through all the folder inside the c drive, that is 2 user which is administrator and koaserver. Then got many printer link inside, I test to open the printer task link, it is the printer that I looking for to print my documents.
While open the printer task list, I had found out something interesting, that is with the administrator privileges I can cancel the printer job which assign by other student! Wow, I am now be the GOD, I show to Calvin, but he said he can do too. Well, as a result, he cant managed to do as me.
Next step, I going to inject 2 type of Trojan to the pc. One is winvnc, another is red dragonfly server. Both Trojan provide remote control while the red dragonfly server provide file transfer.
--->at \\192.168.71.11 09:11 \interactive cmd \c "%systemroot%\ko3.exe"
--->Access Denied.
WTF? OMG...cant access ? Well.. finally I know what had happened.
--->sc \\192.168.71.11 config schedule start =auto
I start the Task Scheduler on that computer.
After that, I thought can be AT...
--->at \\192.168.71.11 09:14 \interactive cmd \c "%systemroot%\ko3.exe"
--->Added a new job with job ID = 1
Then wait for 1 minutes. 1 minutes pass, while I try to connect to the computer with the VNC client. WTF? connection lost ? It can be ..
--->at \\192.168.71.11
--->There are no entries in the list.
Haiz.. really cant get why it will fail.
Anyway, I had access the registry key on the computer to start the both Trojan when the computer start.
I still haven't check it out. Hopefully it will be sucess!
I want print free !!!
lol
By Bluefiz
The Going Be Hacker Punya Hacker
No comments:
Post a Comment