Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Hacking Demo and Test Lab
From: "Cure, Samuel J" <scure () kpmg com>
Date: Fri, 11 Jun 2004 15:21:11 -0500

Or have the remote system running VNC anyway. Then connect to the remote
registry with credentials and decrypt the VNC password using Cain, then

Samuel J. Cure
KPMG LLP, Risk and Advisory Services
303 Peachtree Street, Suite 2000
Atlanta, GA 30308
mobile: 404.861.9436 - office: 404.222.3043

-----Original Message-----
From: Victor Chapela [mailto:victor () sm4rt com]
Sent: Friday, June 11, 2004 2:00 PM
To: 'raza sharif'; pen-test () securityfocus com
Subject: RE: Hacking Demo and Test Lab

I am not sure about VMWare, I also had some problems running demos
consistently and decided to use a separate machine.

I usually do my demos with a similar configuration XP -> 2000. 

A good 5 min sketch is:
- get a remote shell using Jill, iis5hack or dcomexploit
- You end up as NT Authority/SYSTEM in all cases, therefore you can add
yourself as an administrator
- connect to the admin$ share using your new credentials
- dump the SAM file with pwdump3
- crack some hashes using john
- copy winvnc to system32
- add your vnc password to the remote registry
- install and start winvnc remotely
- start a VNC session

Even though you will rarely need to install vnc while pen testing, I have
found that for demos it is a very good way to get the point through.

Good luck


-----Original Message-----
From: raza sharif [mailto:raza () raza demon co uk] 
Sent: Friday, June 11, 2004 6:42 AM
To: pen-test () securityfocus com
Subject: Hacking Demo and Test Lab

Hi Folks , 

Im doing some advanced Hacking Demos for management and also Corporates etc.

I have a installed windows 2000 server and iis 5.0 on VMWARE GSX server.

Im using Webdav and other exploits that all basically should spawn a shell
using netcat.

Im using XP as my attacking machine.

Prob at the moment is Netcat will not spawn a shell regardless of what i

Any ideas ? i checked the install it is windows 2000 500.1295 no reference
to service packs etc. it's a default install.

Also what are good demo's etc to run to show real hacking on windows 2000 ,
iis etc..that i can get to work



Raza () raza demon co uk

The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]