Cyberwarfare Magazine

Warfare in the Information Age

Fun at the Library – Part 2

with 2 comments

I’ve return to the library to go a little bit further. So I opened up a command prompt and started the explorer shell. I plugged it my war key, it didn’t run automatically but it was still accessible.

To my astonishment, the OS as Windows XP SP2…no SP3. That’s nice to know. As expected, the network uses Active Directory and I’m logged as an anonymous user. McAfee is used and detected and erased things it didn’t liked on my key. Thank you McAfee, now I need to write my own stuff.

Version of Internet Explorer is 6.0. So if I was to continue this adventure I’d first start by owning the machine with some exploit by crafting a web page of an exploit for Windows SP2. That would be easily done by looking at Milw0rm. With root access to the machine, I could then install a sniffer and see what goodies I could get. Then I would map the network and see what I could do with the server.

But I like it to be clean, so it would be nice to actually have the password for the local admin…For that I would need to get my hands on the SAM file in C:\windows\system32\config. I don’t want to use NTFSDOS because I would have to reboot the computer and that would totally like suspicious. So I would use pwdump2 to get the hashes from the registry and would crack them at home. Another way I could use would to get the SYSTEM privileges, then I should just be able to copy the SAM file to my war key with ease. This could be done if I use the exploit to gain root, then use the AT command to schedule me a command prompt and restart explorer as SYSTEM.

One thing to remember would be to shut down McAfee before inserting the USB key, because it would delete all of my tools. Hopefully, this could be done my shutting down the McAfee Framework Service…and it would be accessible to my user level.

Advertisements

Written by Jonathan Racicot

December 24, 2008 at 1:27 am

Posted in Uncategorized

2 Responses

Subscribe to comments with RSS.

  1. What tools does your “War Key” contain?

    Nate

    January 5, 2009 at 9:12 am

    • My war key usually contains just small admin and some common tools. Here is a list of what I have on the key:

      Wordlists, brutus, l0pthCrack, John the Ripper, pwdump, samdump, putty, some recent exploits and special HTML/Javascript pages, portable versions of nmap, cain and abel and netstumbler. Also I have angry port scanner, Kadoodle, TMAC (http://tmac.technitium.com/tmac/index.html), a portable text editor, ettercap.

      That’s pretty much it. Should you have any question, please ask me. Sorry for the long delay, I just ended my vacations đŸ˜›

      Jonathan Racicot

      January 10, 2009 at 2:49 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: