border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Wednesday, May 11, 2011

[TUT]Hamachi - Defacing a local webpage

Hi,

so, we all know hamachi, for those who don't:

Quote:Hamachi is a zero-configuration virtual private network (VPN) shareware application that is capable of establishing direct links between computers that are behind NAT firewalls without requiring reconfiguration (in most cases); in other words, it establishes a connection over the Internet that emulates the connection that would exist if the computers were connected over a local area network.
source: http://en.wikipedia.org/wiki/Hamachi_(software)

Okay, so first of all, download hamachi here: https://secure.logmein.com/US/labs/
Now run in terminal:
Code:
dpkg -i logmein-hamachi_2.0.1.13-1_i386.deb
if you get an error, you might want to run in terminal:
Code:
apt-get install -f

so after its all installed, run in terminal:
Code:
hamachi help
this will show you all commands you can use. Note that you have to put "hamachi" in front of every command!

Now go and find some hamachi group and connect.



Okay I have made my own network named: HackCommunityTest with password: HC
you can join if you want, but never ever try to pentest anybody without their permission!!!

[Image: snapshot1p.png]

so now we are connected and we have our target, its name is "TEST"

Lest run nmap to find out the OS and open ports:

Code:
nmap -O [target hamachi IP]

I have my results bellow:

[Image: snapshot2yn.png]

from the scan we can tell it might be Windows XP and it has open port 445, thats awesome for our exploit netapi which you know from enc0des guide: Basics of gaining acces!

So lets make this short, lets expect you have allready picked up your exploit and payload. Now lets set the rhost, lhost. We will be using hamachi ip's.

To find your hamachi IP, just type in terminal:
Code:
hamachi

[Image: snapshot3x.png]

If all goes good, we will get a meterpreter.

Now lets go into the defacing part,

My victim is running XAMPP for hosting the website, xampp is installed in C:\ by default, you might need to search a bit Smile

so I'll use
Code:
cd ..
to get to C:\ and list all files:

few commands you might need:

Code:
ls = lists all files in current dirrectory
pwd = prints working dirrectory

[Image: snapshot4t.png]

now, usually, the website is in htdocs, lets search for it and go inside.

Once you are in, you might find "index.php" or something similar, you can download it by using command:
Code:
download index.php [where it should download]

then edit it on your computer and delete it from the victims computer by using:
Code:
del index.php

and uploading your edited page:

Code:
upload /root/index.php

Enjoy!!!

EDIT: Remember! There are some more secure LogMeIn networks, that allow connection only to one, defined host computer! In nets like this, you can't attack anyone unless you control the HOST! There are more kinds of nets and all behave a bit different, check official LogMeIn page for more info!

No comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More