Author Topic: My Library\Police Station (Read 2409 times)

bubzuru · « **on:** October 03, 2012, 10:43:28 pm »

ok so im pritty wasted now so bear with me

it starts like this.
i walk into my local library\police station (2 in 1) with a friend (some shit e had to do)

i look around and i see about 20 windows vista pcs and abot 4 macs also there is 2 pc running windows vista at the reception (most likly controling all the computers)

but here is the funny thing. you need a user\pass to use the computers (its a login screen) so i sat down at a random pc and pressed ctrl-alt-del and killed the login screen process, after that i started tskman and ran explorer ok so we know its week and i have access as guest (with cmd prompt etc, just like a reguler guest)...

what now ?

i use CVE: 2010-4398 to get system access, get control of utilman.exe replace it with cmd.exe now my backdoor is instsalled

i have system access to the network, where wouold you guys go from here
i realy want to access the police computers (same network)

bubzuru · « **Reply #1 on:** October 03, 2012, 10:48:46 pm »

btw i can plug a pen drive in and run apps (just reguler guest account)
or System after exploit

relax · « **Reply #2 on:** October 03, 2012, 10:54:31 pm »

wow this is fun fun fun

i would install a remote shell or what its called
play with metasploit
i mean try to get access to the database registry would be golden

Daemon · « **Reply #3 on:** October 04, 2012, 08:17:46 pm »

Well bubzuru, heres the deal. I really care about you! And messing around in a police station could get you in a lot of trouble, so you should be really really careful!! You should most definitely avoid using anything like http://hak5.org/usb-switchblade . Nope, no way. That could get you in trouble! However, seeing as how it requires a u3 USB drive and they don't seem to make those anymore...that might not be an option anyways which could lead you to thinking about something like http://www.hackfromacave.com/katana.html because it works from any USB and has OPHcrack which cracks windows login passwords, or kon-boot which completely removes them. So I would DEFINITELY tell you to stay away from those, since I don't want you getting in trouble and all...

I mean once you have the admin logins for one computer, then they might even be the same for the police ones! And if not, they could still wreak havoc on their network, allowing you to elevate your priveleges, which is sooo not good since your trying to stay out of trouble of course.
And since your trying to stay out of trouble and will never go back, I know you also won't take the time to write up a plan of attack and have everything ready to go before you head back to the station. See people who are up to no good and want to get away with it, write it all down step by step, they have a plan of attack, and all the tools they need ready so that they can be in and out as fast as possible. But your not going back, so it shouldn't matter to you right?

Final step for someone who was into this sort of thing, which your not, would be installing a remote access back door. Some way to SSH into the network so they have more time to go through and find what they want. Which you won't be doing, right?

Just saying all of this cause I care about you bubzuru, I want to make sure you know what to avoid doing

s3my0n · « **Reply #4 on:** October 04, 2012, 08:47:58 pm »

Install reverse connection backdoor (or listening if they don't have a firewall) that connects back to a box you own (preferably not in your home network, too risky). If you want to change the connect back boxes or they have a dynamic IP address, set up a free DNS server and change the IP address your registered domain points to at your will. Good backdoor if they don't have AV's is metasploit generated exe payload because of the so many inbuilt tools msf has.

Then scan the internal network looking for interesting/vulnerable hosts. From there it's just you and your curiosity.

bubzuru · « **Reply #5 on:** October 05, 2012, 11:31:20 pm »

they have mcaffe installed (will just code the reverse connect), i have system access

going to write a quick reverse shell and get it installed (maybe connect to a tor hidden service, if i can be assed writing it).

so now lets say i have coded my backdoor , installed it. and am sat at home at my shell

ideas ?

s3my0n · « **Reply #6 on:** October 06, 2012, 09:39:39 am »

Since you have hard access with system privileges you can disable live scan of files in McAfee. That way you can run any backdoor you wish without McAfee stopping you. Basically your goal is to be able to upload tools onto the PC so you can further go into the network. If you upload msf backdoor then you won't have to upload any tools, everything you need is already in the exe, and can be routed through the exe's connection. Plus to get to other PC's on the network you can just 'route' to them through your original PC with the backdoor.

Code: [Select]

http://www.offensive-security.com/metasploit-unleashed/Pivoting

Silentz · « **Reply #7 on:** October 06, 2012, 12:23:57 pm »

I would run some kind of network mapping tool to map the network and hopefully give you some good DNS names of roles of different servers. Then try to break into them.

But seeing as it's Windows and not *nix you're breaking into I'd rather gain remote access via GUI so either Remote Desktop or VNC. Would be much easier to delve into the network further that way.

IFailStuff · « **Reply #8 on:** October 06, 2012, 10:20:19 pm »

oh lol, awesome.

Let me know when you're in the network, i'd be interested to see.

VIP

bubzuru · « **Reply #9 on:** October 08, 2012, 02:29:57 pm »

i don't really do alot of 'pen testing'\network work i just like to code and only have 1 shit laptop so vm's are very slow

i had a few computers a few years back (when evilzone first came around) but my drug problems fucked that up. anyways back on topic

@s3my0n whats new in metasploit then ? iv not used it for a good while.
any theory's on how this network wold be setup ?

will give some more info in a few days

bubzuru · « **Reply #10 on:** October 16, 2012, 03:51:18 am »

Ok guys a little update

i haven't been back to the library since the first hack, but i have started coding a back door manager for my reverse shell to connect to. (will upload to hacked server)

i think im just taking my time and putting it off because of what @Daemon said. i realy
dont want to fuck up here. i want access to the police computers

here are a few pics of the manager

the manager is going to be a evilzone project, i have a few ideas.
check out the thread for more info

when i have finished the manager and my back door i am going to the library
and install it

will update soon

s3my0n · « **Reply #11 on:** October 16, 2012, 09:05:56 am »

Ohh, that's pretty nice, so is the actual payload going to be .exe or .php ?

bubzuru · « **Reply #12 on:** October 16, 2012, 03:05:27 pm »

Quote from: s3my0n on October 16, 2012, 09:05:56 am

Ohh, that's pretty nice, so is the actual payload going to be .exe or .php ?

the payload will be a reverse connect exe that connects to the manager (will be on a hacked server)

check out the project. maybe you could help
http://evilzone.org/projects-and-discussion/back-door-manager/

EvilZone

News:

Author Topic: My Library\Police Station (Read 2409 times)

bubzuru

My Library\Police Station

bubzuru

Re: My Library\Police Station

relax

Re: My Library\Police Station

Daemon

Re: My Library\Police Station

s3my0n

Re: My Library\Police Station

bubzuru

Re: My Library\Police Station

s3my0n

Re: My Library\Police Station

Silentz

Re: My Library\Police Station

IFailStuff

Re: My Library\Police Station

bubzuru

Re: My Library\Police Station

bubzuru

Re: My Library\Police Station

s3my0n

Re: My Library\Police Station

bubzuru

Re: My Library\Police Station