Undetectable Hacking.

[mcsquiddy]

 I am currently working on a project that involves attempting to exploit a target system running Windows XP SP2, and then  attacking another system through said system, and then removing all trace that the first attack occurred, essentially remaining undetectable. My question is this possible?
 
 

I only have spent about a month learning to hack so I do not know all of the  tricks that can be used. but so far I have concluded that short of physically gaining access to the other system  (via breaking in and using the computer to hack) that it is impossible to be completely undetectable. 
The Vulnerability I am using is the MS08-067 vulnerability, and I will attempt to deliver the payload via a dll injection or a shell (if I can delete logs of the new process being made), and keep the entire attack in RAM, avoiding any disk changes that can be investigated.  I will also be conscious of slack space etc. and considered powering down the victim machine after the attack to avoid the RAM persisting.
 
 

If anyone has any information on whether it is in fact possible to attack a system, delete all logs of the connection occurring etc. I would be grateful.

Thanks.

STAFF NOTE: fixed the font size cause it was hard to read

[flowjob]

probably possible somehow, but not with a month of knowledge...
Until you have the knowledge how to do this hack, windows 15 is published, and no one will still use Windows XP...

[mcsquiddy]

Windows XP is still the 3rd most used OS as of today, furthermore this is more of a plausible deniability project, so the OS in use is not of importance. if i can prove that this sort of attack can be achieved, then the project would be a success. does no one know of any resources or have any info on how such an attack could be pulled off?? 

[proxx]

Windows XP is still the 3rd most used OS as of today, furthermore this is more of a plausible deniability project, so the OS in use is not of importance. if i can prove that this sort of attack can be achieved, then the project would be a success. does no one know of any resources or have any info on how such an attack could be pulled off??

Learn the basics and come back in 6 months only to discover that you could have awnsered this question with some basic knowledge.

[mcsquiddy]

I am on a deadline and only have 2 months to conclude the project, I've done alot of research and all i'm asking is resources to point me in the right direction.

[b0whunter]

Im assuming you're using metasploit. If si you will find this article useful: http://www.offensive-security.com/metasploit-unleashed/Event_Log_Management


Btw, are you trying to frame the first target machine or just hide your traces?


Also, any particular reason for the edit?

[lucid]

Also, any particular reason for the edit?

Take a look at the last edited log at the bottom of his post. It wasn't him.

[b0whunter]

Yes, I was wondering why, no staff notes, or I could have missed it, on mobile atm

[mcsquiddy]

Thanks for the useful replies. Essentially yes I am trying to frame the second computer. The overall goal of the project is to prove that someone could hack me, perform another hack and remove all traces of their attack on me, essentially framing me. This would then provide plausible deniability in that I could claim that I did not perform the attack and that i was in fact attacked by someone else even though no one could prove it, and neither could they.

[Z3R0]

This would then provide plausible deniability in that I could claim that I did not perform the attack and that i was in fact attacked by someone else even though no one could prove it, and neither could they.

Don't you see the magic in this? Don't you see the magic in any of this? Hacking is unique, in that it is the only way of life where you can do one thing, and make it look like it happened from a different source or out of thin air. Literally, hacking is magical.

You'll find a lot of reluctance in people wanting to give you help for a couple of different reasons...Those of us who live hacking for good are not comfortable talking about it out of suspicion that you will use this knowledge on innocent people. Those of us who live hacking for bad won't teach you, because then you became a threat to their current monopoly.

The Metasploit Unleashed page is a mediocre, but simple place to start, and should be sufficient for your project. Another thing you may want to look into is pivoting, and/or ssh tunnelling (these methods allow you to bridge your attack from one system/network to the next).

http://www.offensive-security.com/metasploit-unleashed/Pivoting

As a small joke: hacking is also the only possible way to blow up a nuclear powerplant from the other side of the planet while simultaneously playing call of duty.

[b0whunter]

And some will teach you because they believe in free sharing of software/information, because you should be able to do whatever you want with your OS, prograns, etc ( read this: http://www.gnu.org/gnu/thegnuproject.html)

[mcsquiddy]

Thanks! I agree the metasploit unleashed page is highly mediocre, and does not provide much explanation on what is going on.
One thing i have been struggling with is how the MS08_067 module establishes it's connections to the target machine. From what I could deduce (probably incorrect) is that the module establishes a tcp connection through calling the connect() function in the TCP mixin, and then establishes an SMB connection through smb_login(). I know the SMB connection will use a TCP connection, but is it using the TCP connection established? I have found no documentation on how this is done.

Later this piece of code comes up

Code: [Select]

    handle = dcerpc_handle(      '4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0',      'ncacn_np', ["\\#{datastore['SMBPIPE']}"]    )
I know the exploit works by sending a malformed RPC packet to the server service process that can be identified by the 4b32.. code, and that the protocol used is ncacn_np Which i think is a form of Named Pipes over RPC?  I am completely baffled by how the connections all link in the end as the use of mixins abstracts what is going on. And there isn't much documentation floating around on how connections can be established in metasploit. If you guys have any info or know where i can get some on a deeper level, i'd be very grateful as it's had be stumped for a while.

Thanks.

Edit: Added code for MS08_67 module
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms08_067_netapi.rb

[b0whunter]

If you want a deeper understanding, you'll need to drop metasploit. The best primer on socket programming is beej's guide: http://beej.us/guide/bgnet/output/html/singlepage/bgnet.html


But knowing C will help you understand that guide. So you need to start with the basics.

[bluechill]

Undetectable hacking.  That's great.  That's rich even.  Good luck with that if you're doing it remotely.

[b0whunter]

undetectable. Depends your target. I could walk in front of my grandmother undetected. There's always a pareto optimal level. Resources by both parties must be estimated first. For his "project", well...