Just an FYI to the world that I don’t like my cellular device, and I strongly desire a new one.
Anybody wants to trade, let me know.
Author Archive for Vanberge
In the past week I’ve made several small changes to this site once again.
These changes include:
- A tweaked sidebar as mentioned in previous posts
- An improved archive page that formats much nicer
- A re-written about page
- Added a mobile gallery album for cell phone pics (been meaning to do that for awhile)
- Valid xhtml (which took by far the longest to do)
Obviously this website is extremely awesome.
Have you ever thought to yourself “Hmm… I wonder if I could ‘hack’ into another computer” ?
Trust me, you can.
But before telling you how, I want to state that the tactics described in the following text could very easily be used for malicious and/or illegal activities. With that said, this information should only be used for educational and/or testing purposes. Metasploit is a very valuable security research and exploit testing tool. I am not responsible should you decide to use it in negative ways. Never apply this information to access a system you are not authorized to use.
With the politics out of the way, let’s get down to business.
1. Find your “target” - in this case, I have built a toshiba laptop to run a completely vanilla Windows XP installation with no service packs or updates of any kind.
2. Download Metasploit and install it per the installation instructions. There are versions for Linux, Windows, and Mac OS. The remainder of these steps will be shown using the Linux version (Ubuntu 8.04).
3. Launch Metasploit. Version 3 actually has a GUI tool to make things PAINFULLY easy, so we’ll keep with command line to show some respect. Launch the GUI if you wish… many of the options are the same, it’s just offendingly easy to use. You can see below that my linux command prompt at the top of the window, and the metasploit console at the bottom where we can get started.
4. Pick your exploit of choice. This will depend greatly on your target’s OS and patch levels. type “show exploits” at the metasploit command prompt to get a full listing. To use an exploit, just type “use exploit_name”. I picked a Windows SMB exploit as you can see below. Notice how the command prompt changes to reflect the exploit you’ve chosen.
5. Set your options and payload. Type “show options” and look for anything that migh need to be set. Most likely you’ll at least have to set the target (RHOST) to the IP of your hacking target. Set the options by typing “set optionname optionvalue” - or in this case: “set RHOST 192.168.1.144″. Now our exploit attempt will be directed at that IP address.
You’ll also need a payload - a way to use the exploit to get access to the target machine. This is usually a command shell, VNC session, or could even be dll injection or adding an administrative user. To see a list of all payloads, just type “show payloads”. Once you find one you like, just type “set payload payload_name”. For this test, I’ve used the windows tcp shell bind.
6. Double check everything and exploit. Type ’show options’ one last time and make sure there are not any required options left blank. Sometimes a payload will require additional settings. Once you’re sure everything has been set correctly, just type the magic word: exploit. Watch as the exploit code runs; and look for the “Command Shell Session 1 Opened” text as shown below. This means the hack has been successful.
7. Connect to the hacked target. If you are using Metasploit for Windows; you’re automatically taken to the command shell of the hacked target. However, in Linux we have to connect to the session manually. To see your hack session, type “sessions -l” (dash lowercase L). You’ll see your list of sessions shown in the output. Once you see your shell session, just type “sessions -i 1″ to connect to session number one. See below:
Notice how the prompt has changed to a windows command prompt? Yeah, that means you’ve just hacked a computer.
Last week when I had trouble sleeping I spent a fair amount of time surfing the internet for whatever I could find. This eventually lead me to Drist’s myspace page where I fully intended on sending them a ‘myspace message’ telling them they had to put some of their songs on RockBand ASAP.
Back up just a bit - for those of you who do not know me, I despise myspace. I’ve always hated it. HATED it. Almost unexplainably. I can’t even really put my finger on why - but part of it is people that put 8 million pictures/videos/songs on their ’space’ and crash my dual core 2GB RAM computer.
Anyway - In order to send Drist a message, I would have to take the ultimate plunge of debauchery and create my own ’space’. After some reluctance, I did the unthinkable Vanberge, the eternal hater and shunner of myspace fire death created a myspace account. I then added Vanbergs as a friend and sent one of my favorite bands in the world a myspace message pleading them to put songs out for RockBand downloadable content.
That was just the beginning…
In the last 4 days I have signed up for and begun using a plethora of online services. This includes (see sidebar) Digg, Twitter, Last.fm, LinkedIn, and of course… Myspace.
Until now, I’ve really sort of avoided the ‘online community’ side of the internet. I’ve stuck to things I know and really haven’t tried anything new - primarily I’m an emailer and then I maintain this website - and that’s been it. And actually, it’s too bad I’ve waited so long to start exploring the further reaches of the internet. I’ve found myself enjoying embracing these communities and will no doubt continue to do so (well, I may not keep my ’space’). But things like last.fm, twitter, and linkedin will probably stay part of my daily web activity for some time to come.
With the expansion into the online world, I began also looking for ways to consolidate my online activity into a more efficient means. Typing URL after URL into the address bar is a very inefficient means of getting things done online. Google reader has already helped me with this, but I felt there was more room for improvement. In the end, I added and reorganized bookmarks into folders that I can easily ‘open all in tabs’. I then used FoxMarks to continuously sync my bookmarks between all of my firefox browsers (since Google browser sync has been discontinued) - and then finally I downloaded Opera mini, a much improved web browser for my Blackberry 8830 which installs in seconds and absolutely dwarfs the default RIM browser.
Thanks to everyone who no doubt accepted the several invite/friend requests for these various online accounts I’ve finally decided to start using.
