SAMPLE CONTENT

Using Netcat setup a listening port on your XP VM image. 6. In the XP ... This exercise is going to allow us to exploit a Windows 2000 server, setup an FTP and.
2MB Sizes 0 Downloads 277 Views
7-102

7 Module 7 Lab – Malware – 50 Minutes Lab Scenario You are continuing to do well in your first Pen Test for the company. They are asking you to exploit a machine that you have already performed all the recon against. Once the exploit is completed they would like a back door created along with a new admin account. This way your Pen test lead can access that system at any time. Lab Objectives

SA

Lab Resources

Netcat – XP VM Image\C:\Tools RPC GUI Exploit – C:\Tools\Exploits Telnet tini.exe – C:\Tools\elitewrap graffiti.exe – C:\Tools\elitewrap elitewrap.exe – C:\Tools\elitewrap

O N

Lab Tasks

C

1. 2. 3. 4. 5. 6.

E PL

M

1. Learn the basics of Netcat. 2. Create your first backdoor and see how easy it is to get back to a system once it have been exploited. 3. Learn how to pivot your attack. 4. Create a Trojan and exploit one of your VM Images using that Trojan.

T

N

TE

1. Open a command prompt at c:\tools 2. Using Netcat obtain the banner from www.mile2.com. 3. Now perform that same banner grabbing technique except this time pull that information from a file you have already created and then output the results to an html file. 4. Run nc -help and see the different options available with Netcat. 5. Using Netcat setup a listening port on your XP VM image. 6. In the XP Base system telnet to that listening port and verify you are now on the XP VM image. 7. Create a snapshot of both the 2000 Server and your XP VM Image. 8. In your XP VM Image browse to C:\Tools\Exploits and start the rpc gui v2 – r3l4x.exe and start the RPC GUI tool. 9. Exploit the 2000 server with this tool. 10. Start the FTP Server and copy Netcat across to the 2000 server. 11. Create a listening port on the 2000 server with Netcat. 12. Telnet to that listening port from your XP Base System. 13. Add an administrator’s account via the command prompt you now have in front of you.

7-103

14. Open a command prompt that points to C:\elitewrap 15. Start elitewrap and create a Trojan using the other 3 files. 16. On the VM machine you choose, double click on the happybirthday.exe icon. 17. On the XP base system use telnet to connect to either port 7777 or the port you opened with Netcat. 18. Now exit and return to your snapshots. Lab Details

SA

7.1 Exercise 1 – 10 Minutes – Netcat (Basics of Backdoor Tools) This is to be done on your XP VM Image.

E PL

M

1. Open a command prompt in the XP VM Image. 2. Type: cd c:\tools and hit enter

O

C

3. We are going to use Netcat to perform a simple GET Request against a webserver. a. Type: nc www.mile2.com 80 and hit enter b. Type: GET / HTTP/1.0 c. Hit enter d. Hit enter

T

N

TE

N

4. We are going to perform the same GET request except this time we are going to use a text file and have the results piped into an html file. a. Open Notepad and enter the following commands exactly as you see them below.

7-104

PLEASE MAKE SURE YOU HAVE 3 RETURNS AFTER THE GET / HTTP/1.0 In other words it should look like this: GET / HTTP/1.0¶ ¶ ¶

E PL

M

SA

b. Save the file in the same directory you are currently working under. c. At the command prompt Type: nc www.mile2.com 80 response.html and hit enter.

d. Browse to C:\Tools and open the response.html and see the results.

O

C T

N

TE

N

7-105

E PL

M

SA

5. In order to understand Netcat more fully lets take a look at the many commands available to us with this tool. a. Type: nc –help and hit enter b. There are many options available to us with Netcat – this is why it is known as the Swiss Army Knife of ha