Metasploit Sniffing victim’s network

Aloha,

Lets see how we can use the Metasploit framework to sniff the victim’s network and what we can get from that.

Our Lab:
A  MacBook with Vmware Fusion on it.
Target: A Virtual Guest with Windows XP SP3 with two Ip addresses  172.16.225.10 , 192.168.0.10
Attacker: A Virtual Guest with Backtrack 5R1 with the Ip address 172.16.225.251

Continue reading

Attacking SQL Database Server using Metasploit

Aloha,

Lets see how we can use the Metasploit framework to pawn an MS SQL Server

Our Lab:
A  MacBook with Vmware Fusion on it
Target: A Vrtual Guest with Windows 2003 Server with the Ip address  172.16.226.131
Attacker: A Virtual Guest with Backtrack 5R1 with the Ip address 172.16.226.128

So Lets go….

 

Commands:

  • nmap -O target

The SQL Database TCP port 1433.

  • mssql_ping

Setting the RHOSTS option we can get information about the database including version information, server name etc

  • mssql_login

Setting the options RHOSTS, PASS_FILE, VERBOSE  we can brute-force attack the target for valid credentials. If the server is misconfigured or the passwords are weak we can find accounts that we can use in the next command. Here I am attacking to the “sa” account. The “sa” account is the DBO (db_owner) for all databases created on the server. The account has administrative privileges on the database.

[+] 172.16.226.131:1433 – MSSQL – successful login ‘sa’ : ‘password’

  • mssql_payload

Setting the options RHOSTS,PASSWORD which are set from the previous command  we can try to exploit the Server. The exploit uses the “xp_cmdshell” stored procedure to execute commands on the Server.

[*] Meterpreter session 1 opened

  • getsystem

I am working on a new post about metepreter so stay tuned…. 

 

 

Pentesting ToolKits and Targets

Aloha,

Here we go.

We need knowledge, we need tools and targets we need  a lab  environment.

It is illegal to try penetration procedures in live environments without the written permissions of the owner so a test environment is a must have.  In a another post I will  analyze how we can create a lab environment, for now lets see  a list in no particular order of toolkits and targets. Luckily enough there are plenty out there.!

This list will always be updated .

Penetration Toolkits
These  are live CDs or DVDs. I am not going to analyze any of this right now. I am using the Backtrack linux distribution probably because is the first one I started with or…….

Targets
These are live CDs, projects or vmdk files. You can use them  for pen-testing skill development and testing.