Monthly Archives: July 2008

Hacking with Metasploit

Have you ever thought to yourself “Hmm… I wonder if I could ‘hack’ into another computer” ?

Trust me, you can.

But before telling you how, I want to state that the tactics described in the following text could very easily be used for malicious and/or illegal activities.  With that said, this information should only be used for educational and/or testing purposes.  Metasploit is a very valuable security research and exploit testing tool.  I am not responsible should you decide to use it in negative ways.  Never apply this information to access a system you are not authorized to use.

With the politics out of the way, let’s get down to business.

1.  Find your “target” – in this case, I have built a toshiba laptop to run a completely vanilla Windows XP installation with no service packs or updates of any kind.

2.  Download Metasploit and install it per the installation instructions.  There are versions for Linux, Windows, and Mac OS.  The remainder of these steps will be shown using the Linux version (Ubuntu 8.04).

3.  Launch Metasploit. Version 3 actually has a GUI tool to make things PAINFULLY easy, so we’ll keep with command line to show some respect.  Launch the GUI if you wish…  many of the options are the same, it’s just offendingly easy to use.  You can see below that my linux command prompt at the top of the window, and the metasploit console at the bottom where we can get started.

4.  Pick your exploit of choice. This will depend greatly on your target’s OS and patch levels.  type “show exploits” at the metasploit command prompt to get a full listing.  To use an exploit, just type “use exploit_name”.  I picked a Windows SMB exploit as you can see below.  Notice how the command prompt changes to reflect the exploit you’ve chosen.

5.  Set your options and payload.  Type “show options” and look for anything that migh need to be set.  Most likely you’ll at least have to set the target (RHOST) to the IP of your hacking target.  Set the options by typing “set optionname optionvalue” – or in this case: “set RHOST 192.168.1.144”.  Now our exploit attempt will be directed at that IP address.

You’ll also need a payload – a way to use the exploit to get access to the target machine.  This is usually a command shell, VNC session, or could even be dll injection or adding an administrative user.  To see a list of all payloads, just type “show  payloads”.  Once you find one you like, just type “set payload payload_name”.  For this test, I’ve used the windows tcp shell bind.

6.  Double check everything and exploit.  Type ‘show options’ one last time and make sure there are not any required options left blank.  Sometimes a payload will require additional settings.  Once you’re sure everything has been set correctly, just type the magic word:  exploit.  Watch as the exploit code runs; and look for the “Command Shell Session 1 Opened” text as shown below.  This means the hack has been successful.

7. Connect to the hacked target.  If you are using Metasploit for Windows; you’re automatically taken to the command shell of the hacked target.  However, in Linux we have to connect to the session manually.  To see your hack session, type “sessions -l”  (dash lowercase L).  You’ll see your list of sessions shown in the output.  Once you see your shell session, just type “sessions -i 1” to connect to session number one.  See below:

Notice how the prompt has changed to a windows command prompt? Yeah, that means you’ve just hacked a computer.

Sidebar Redefined

I don’t know why I even bother using the sidebar on this website. I really should go the route of Vanlandw and just disperse of the sidebar all together.

But, I can’t find it in my heart to do that – so instead I mess around with it and change it pretty much every other week.

In the past, I’ve added the random gallery image, added the Netflix queue, added and removed all kinds of links, added and removed google ads, and played around with ul / li formatting.

THIS week, I’ve decided to add dynamic content to pull in my recent tracks from Last.fm and also my recent ‘tweets’ from Twitter.  I also got rid of some links, added in some new links, and generally wasted a couple hours pointlessly tweaking the sidebar.

I still can’t bring myself to use the built in widgets that K2 and WordPress have to offer; which undoubtedly makes everything in the sidebar harder to do.

Regardless, may I present to you sidebar version four hundred thirty ONE.

Online Overload

Last week when I had trouble sleeping I spent a fair amount of time surfing the internet for whatever I could find. This eventually lead me to Drist’s myspace page where I fully intended on sending them a ‘myspace message’ telling them they had to put some of their songs on RockBand ASAP.

Back up just a bit – for those of you who do not know me, I despise myspace.  I’ve always hated it.  HATED it.  Almost unexplainably.  I can’t even really put my finger on why – but part of it is people that put 8 million pictures/videos/songs on their ‘space’ and crash my dual core 2GB RAM computer.

Anyway – In order to send Drist a message, I would have to take the ultimate plunge of debauchery and create my own ‘space’.  After some reluctance, I did the unthinkable  Vanberge, the eternal hater and shunner of myspace fire death created a myspace account.  I then added Vanbergs as a friend and sent one of my favorite bands in the world a myspace message pleading them to put songs out for RockBand downloadable content.

That was just the beginning…

In the last 4 days I have signed up for and begun using a plethora of online services.  This includes (see sidebar) Digg, Twitter, Last.fm, LinkedIn, and of course… Myspace.

Until now, I’ve really sort of avoided the ‘online community’ side of the internet.  I’ve stuck to things I know and really haven’t tried anything new – primarily I’m an emailer and then I maintain this website – and that’s been it.  And actually, it’s too bad I’ve waited so long to start exploring the further reaches of the internet.  I’ve found myself enjoying embracing these communities and will no doubt continue to do so (well, I may not keep my ‘space’).  But things like last.fm, twitter, and linkedin will probably stay part of my daily web activity for some time to come.

With the expansion into the online world, I began also looking for ways to consolidate my online activity into a more efficient means.  Typing URL after URL into the address bar is a very inefficient means of getting things done online.  Google reader has already helped me with this, but I felt there was more room for improvement.  In the end, I added and reorganized bookmarks into folders that I can easily ‘open all in tabs’.  I then used FoxMarks to continuously sync my bookmarks between all of my firefox browsers (since Google browser sync has been discontinued) – and then finally I downloaded Opera mini, a much improved web browser for my Blackberry 8830 which installs in seconds and absolutely dwarfs the default RIM browser.

Thanks to everyone who no doubt accepted the several invite/friend requests for these various online accounts I’ve finally decided to start using.

Insomnia Upgraded

After a brief ‘meet n greet’ (beer and food) with EMC and VMware folks at Malarkey’s; I went to bed uncharacteristically early and am now enduring a mild case of insomnia.  I’ve been awake since 3 a.m. and have been mindlessly surfing channels, chatting with vanbergs about when we’ll be seeing “The Dark Knight”, laughing at the top 10 worst exam answers, and generally surfing the internet.

I found that WordPress and Gallery each had new versions out; so I decided to take the plunge.  I upgraded to WordPress 2.6 and Gallery 2.2.5.

I used only the-bob.org’s command line, and the process as a whole took 10 minutes and resulted in no issues whatsoever.

Big Sky Country

This week was a long week.  It’s always hard to come back after a vacation; especially when you’ve been off work for 2 solid weeks, taken a road trip to Plentywood Montana, and had an awesome holiday weekend.

It’s been some time since I’ve been on a road trip, so I had been looking forward to our trip to Montana for quite some time.  I couldn’t wait to leave my blackberry at home and get 1,200 miles away.

The drive out there was surprisingly fast.  Carpooling with the inlaws, we took shifts driving and plowed straight through, stopping only for gas and food.  The drive out took approximatly 27 hours and was 1,280 miles.  I passed my free time by reading Angels and demons, watching a few different movies on my laptop (no country for old men is very deserving of the Oscar for Best Picture.), chewing sunflower seeds, and aweing at the open vastness of the North Dakota and Montana countrysides.

I had an initial picture of our trip being very ‘frontier-like’.  I envisioned sitting around campfires, having some beer, and roughing it a bit.  But it was actually the opposite.  Plentywood has about 1800 residents, several restaurants, an ACE hardware, and a fully loaded sporting goods store.  There isn’t any fast food or Walmarts within a 2 hours drive – but Plentywood holds its own in Northeast Montana.

Most of the time was spent with family that we haven’t seen in a long time.  But I did get a chance to learn alot more about my wife’s side of the family, and gain an appreciation for the western atmosphere.  I felt refreshed and really enjoyed our time.

All in all – I took alot of pictures, bought a genuine cowboy hat, shot at gophers, loved Moose Drool, gazed at the clearest night sky I’ve ever seen, visited the Mall of America, gained 11 pounds, and had an amazing time.

Vanbergs and flo, thank you again for watching our home and pets.