HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 50 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Cheeeeeeeeeeese
EH-Net
May 25, 2012, 05:56:25 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Cheeeeeeeeeeese  (Read 11512 times)
0 Members and 1 Guest are viewing this topic.
some1
Guest
« on: March 21, 2010, 09:12:47 AM »
cheeeeeeeeeeeeeese
« Last Edit: March 24, 2010, 10:33:04 AM by some1 » Logged
Dengar13
Sr. Member
****
Offline Offline

Posts: 380



View Profile
« Reply #1 on: March 21, 2010, 12:27:10 PM »
Sorry to ask this, but did you get permission to do this?

By the way, welcome to this great forum!
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
aweSEC
Hero Member
*****
Offline Offline

Posts: 1100


View Profile
« Reply #2 on: March 21, 2010, 12:48:52 PM »
Dengar: pWnOS is similar to the de-ice discs, so no need to worry. Wink
Logged
Dengar13
Sr. Member
****
Offline Offline

Posts: 380



View Profile
« Reply #3 on: March 21, 2010, 12:51:22 PM »
D'oh!  Thanks!   Embarrassed
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
Ketchup
Hero Member
*****
Offline Offline

Posts: 1006



View Profile
« Reply #4 on: March 21, 2010, 01:25:46 PM »
I would search for Debian SSH vulnerabilities.   My guess is your next attack has something to do with entropy.
Logged
~~~~~~~~~~~~~~
Ketchup
xXxKrisxXx
Sr. Member
****
Offline Offline

Posts: 491



View Profile
« Reply #5 on: March 21, 2010, 02:13:15 PM »
Just hinting here. I think I saw a webmin exploit on milw0rm Wink may want to attack there first.
Logged
OSCP, OWSP, eCPPT
Ketchup
Hero Member
*****
Offline Offline

Posts: 1006



View Profile
« Reply #6 on: March 21, 2010, 02:32:37 PM »
When you ran that sploit, did you also download the RSA keys by HD Moore?
Logged
~~~~~~~~~~~~~~
Ketchup
Ketchup
Hero Member
*****
Offline Offline

Posts: 1006



View Profile
« Reply #7 on: March 21, 2010, 07:25:46 PM »
That's exactly what I was talking about.   I would try the 1024 bit keys as well.  The exploit is essential a brute force attack on the limited key-verse of a vulnerable Debian OpenSSH system.
Logged
~~~~~~~~~~~~~~
Ketchup
j0rDy
Hero Member
*****
Offline Offline

Posts: 578


View Profile
« Reply #8 on: March 22, 2010, 04:22:12 AM »
as far as i know there are more ways of getting in. another hint: try some default configuration vulnerabilities!
Logged
ISC2 Associate, CEH, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
zeroflaw
Full Member
***
Offline Offline

Posts: 184



View Profile
« Reply #9 on: March 22, 2010, 05:13:39 PM »
I've been wanting to have a shot at this, but I every time I want to download the links expire or something. Does anyone know where to download pWnOS?
Logged
ZF
xXxKrisxXx
Sr. Member
****
Offline Offline

Posts: 491



View Profile
« Reply #10 on: March 22, 2010, 05:38:15 PM »
Download pWnOS:
Part1: http://www.mediafire.com/?ec3hmlzuyzy
Part2: http://www.mediafire.com/?yngwzqkxmin
Part3: http://www.mediafire.com/?htmqm3dzgya

Source:
http://heorot.net/forums/viewtopic.php?f=21&t=149&sid=54b791d5958c65048ae2e24b082b8b25&start=30p
Logged
OSCP, OWSP, eCPPT
digitalcliff
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #11 on: March 22, 2010, 10:44:08 PM »
You are on the right track with the 5720.py exploit. Use it to bruteforce a ssh into one of the accounts you found from webmin. Once you have ssh access, there is a nice local priv exploit to get you root.
Logged
j0rDy
Hero Member
*****
Offline Offline

Posts: 578


View Profile
« Reply #12 on: March 23, 2010, 03:48:19 AM »
Quote from: digitalcliff on March 22, 2010, 10:44:08 PM
You are on the right track with the 5720.py exploit. Use it to bruteforce a ssh into one of the accounts you found from webmin. Once you have ssh access, there is a nice local priv exploit to get you root.

this is more then enough to own the box Wink
Logged
ISC2 Associate, CEH, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
zeroflaw
Full Member
***
Offline Offline

Posts: 184



View Profile
« Reply #13 on: March 23, 2010, 05:24:46 AM »
Quote from: xXxKrisxXx on March 22, 2010, 05:38:15 PM
Download pWnOS:
Part1: http://www.mediafire.com/?ec3hmlzuyzy
Part2: http://www.mediafire.com/?yngwzqkxmin
Part3: http://www.mediafire.com/?htmqm3dzgya

Source:
http://heorot.net/forums/viewtopic.php?f=21&t=149&sid=54b791d5958c65048ae2e24b082b8b25&start=30p

Doh! I only checked the first 2 pages of that thread. Thanks Cool
Logged
ZF
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.308 seconds with 24 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.