Home
Calendar
Certifications
Columns
Features
Forum
Resources
Vitals
Latest Additions
April 2013 Free Giveaway Sponsor - eLearnSecurity
Human Intelligence to Navigate the Security Data Deluge
February 2013 Free Giveaway Winner of SANS CyberCon Training
Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties
Network Forensics: The Tree in the Forest
March 2013 Free Giveaway Sponsor - Mile2
Book Review: Violent Python
February 2013 Free Giveaway Sponsor - SANS
Holiday 2012 Free Giveaway Winner of Metasploit Pro by Rapid7
Course Review: SANS FOR408 Computer Forensic Investigations – Windows In-Depth
The Security Consulting Sugar High
Tutorial: Fun with SMB on the Command Line
Interview: Ilia Kolochenko, CEO of High-Tech Bridge
October 2012 Free Giveaway Winner of LearningGate Training
The Broken: Assessing Corporate Security in 2012 to Make a Better 2013
EH-Net Login
Welcome Guest.
Username:
Password:
Remember me
Lost Password?
No account yet?
Register
Who's Online
We have 33 guests online
You are here:
Home
Ethical Hacking Discussions and Related Certifications
Network Pen Testing
Cheeeeeeeeeeese
EH-Net
May 21, 2013, 04:51:59 PM
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News
: Go back to The Ethical Hacker Network Online Magazine
Home Page
Home
Help
Calendar
Login
Register
EH-Net
>
Ethical Hacking Discussions and Related Certifications
>
Network Pen Testing
(Moderator:
don
) >
Cheeeeeeeeeeese
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: Cheeeeeeeeeeese (Read 14447 times)
0 Members and 1 Guest are viewing this topic.
some1
Guest
Cheeeeeeeeeeese
«
on:
March 21, 2010, 09:12:47 AM »
cheeeeeeeeeeeeeese
«
Last Edit: March 24, 2010, 10:33:04 AM by some1
»
Logged
Dengar13
Sr. Member
Offline
Posts: 380
Re: [pWnOS]
«
Reply #1 on:
March 21, 2010, 12:27:10 PM »
Sorry to ask this, but did you get permission to do this?
By the way, welcome to this great forum!
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
UNIX
Hero Member
Offline
Posts: 1235
Re: [pWnOS]
«
Reply #2 on:
March 21, 2010, 12:48:52 PM »
Dengar: pWnOS is similar to the
de-ice discs
, so no need to worry.
Logged
Dengar13
Sr. Member
Offline
Posts: 380
Re: [pWnOS]
«
Reply #3 on:
March 21, 2010, 12:51:22 PM »
D'oh! Thanks!
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
Ketchup
Hero Member
Offline
Posts: 1021
Re: pWnOS v1.0 - Help with hacking it. Warning: Spoilers.
«
Reply #4 on:
March 21, 2010, 01:25:46 PM »
I would search for Debian SSH vulnerabilities. My guess is your next attack has something to do with entropy.
Logged
~~~~~~~~~~~~~~
Ketchup
xXxKrisxXx
Hero Member
Offline
Posts: 512
Re: pWnOS v1.0-Help with hacking it. Warning: Spoilers. [havent found a way in yet]
«
Reply #5 on:
March 21, 2010, 02:13:15 PM »
Just hinting here. I think I saw a webmin exploit on milw0rm
may want to attack there first.
Logged
eCPPT, GCIH, OSCP, OSWP
Ketchup
Hero Member
Offline
Posts: 1021
Re: pWnOS v1.0-Help with hacking it. Warning: Spoilers. [havent found a way in yet]
«
Reply #6 on:
March 21, 2010, 02:32:37 PM »
When you ran that sploit, did you also download the RSA keys by HD Moore?
Logged
~~~~~~~~~~~~~~
Ketchup
Ketchup
Hero Member
Offline
Posts: 1021
Re: pWnOS v1.0-Help with hacking it. Warning: Spoilers. [havent found a way in yet]
«
Reply #7 on:
March 21, 2010, 07:25:46 PM »
That's exactly what I was talking about. I would try the 1024 bit keys as well. The exploit is essential a brute force attack on the limited key-verse of a vulnerable Debian OpenSSH system.
Logged
~~~~~~~~~~~~~~
Ketchup
j0rDy
Hero Member
Offline
Posts: 590
Re: pWnOS v1.0-Help with hacking it. Warning: Spoilers. [havent found a way in yet]
«
Reply #8 on:
March 22, 2010, 04:22:12 AM »
as far as i know there are more ways of getting in. another hint: try some default configuration vulnerabilities!
Logged
ISC2 Associate, CEH, ECSA, OSCP, OSWP
earning my stripes appears to be a road i must travel alone...with a little help of EH.net
zeroflaw
Full Member
Offline
Posts: 208
Re: pWnOS v1.0-Help with hacking it. Warning: Spoilers. [havent found a way in yet]
«
Reply #9 on:
March 22, 2010, 05:13:39 PM »
I've been wanting to have a shot at this, but I every time I want to download the links expire or something. Does anyone know where to download pWnOS?
Logged
ZF
xXxKrisxXx
Hero Member
Offline
Posts: 512
Re: pWnOS v1.0-Help with hacking it. Warning: Spoilers. [havent found a way in yet]
«
Reply #10 on:
March 22, 2010, 05:38:15 PM »
Download pWnOS:
Part1:
http://www.mediafire.com/?ec3hmlzuyzy
Part2:
http://www.mediafire.com/?yngwzqkxmin
Part3:
http://www.mediafire.com/?htmqm3dzgya
Source:
http://heorot.net/forums/viewtopic.php?f=21&t=149&sid=54b791d5958c65048ae2e24b082b8b25&start=30p
Logged
eCPPT, GCIH, OSCP, OSWP
digitalcliff
Newbie
Offline
Posts: 4
Re: pWnOS v1.0-Help with hacking it. Warning: Spoilers. [havent found a way in yet]
«
Reply #11 on:
March 22, 2010, 10:44:08 PM »
You are on the right track with the 5720.py exploit. Use it to bruteforce a ssh into one of the accounts you found from webmin. Once you have ssh access, there is a nice local priv exploit to get you root.
Logged
j0rDy
Hero Member
Offline
Posts: 590
Re: pWnOS v1.0-Help with hacking it. Warning: Spoilers. [havent found a way in yet]
«
Reply #12 on:
March 23, 2010, 03:48:19 AM »
Quote from: digitalcliff on March 22, 2010, 10:44:08 PM
You are on the right track with the 5720.py exploit. Use it to bruteforce a ssh into one of the accounts you found from webmin. Once you have ssh access, there is a nice local priv exploit to get you root.
this is more then enough to own the box
Logged
ISC2 Associate, CEH, ECSA, OSCP, OSWP
earning my stripes appears to be a road i must travel alone...with a little help of EH.net
zeroflaw
Full Member
Offline
Posts: 208
Re: pWnOS v1.0-Help with hacking it. Warning: Spoilers. [havent found a way in yet]
«
Reply #13 on:
March 23, 2010, 05:24:46 AM »
Quote from: xXxKrisxXx on March 22, 2010, 05:38:15 PM
Download pWnOS:
Part1:
http://www.mediafire.com/?ec3hmlzuyzy
Part2:
http://www.mediafire.com/?yngwzqkxmin
Part3:
http://www.mediafire.com/?htmqm3dzgya
Source:
http://heorot.net/forums/viewtopic.php?f=21&t=149&sid=54b791d5958c65048ae2e24b082b8b25&start=30p
Doh! I only checked the first 2 pages of that thread. Thanks
Logged
ZF
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
EH-Net
-----------------------------
=> Calendar Of Events
===> ChicagoCon 2007
===> ChicagoCon 2008s
===> ChicagoCon 2008f
===> ChicagoCon 2009s
=> Ethical Hacktivism
=> News Items and General Discussion About EH-Net
===> Greetings
=> Special Events
-----------------------------
Ethical Hacking Discussions and Related Certifications
-----------------------------
=> General Certification
===> Networking
===> OS
===> Security
=> Compliance, Regulations & Standards
=> Control Systems
=> Cyber Warfare
=> Forensics
===> CCE / MCCE - (Master) Certified Computer Examiner
===> CHFI - Computer Hacking Forensic Investigator
===> EnCE - EnCase® Certified Examiner
===> GCFA - GIAC Certified Forensics Analyst
=> Hardware
=> Incident Response
===> CSIH - Computer Security Incident Handler
===> GCIH - GIAC Certified Incident Handler
=> Malware
===> Advisories
=> Mobile
=> Network Pen Testing
===> CEH - Certified Ethical Hacker
===> CPTC - Certified Penetration Testing Consultant
===> CPTE - Certified Penetration Testing Engineer
===> CSTA - Certified Security Testing Associate
===> eCPPT - eLearnSecurity Certified Professional Penetration Tester
===> ECSA - EC-Council Certified Security Analyst
===> GPEN - GIAC Certified Penetration Tester
===> OSCP - Offensive Security Certified Professional
=> Physical Security
=> Programming
=> Social Engineering
=> Web Applications
=> Wireless
===> CWNP Certs
===> GAWN - GIAC Assessing Wireless Networks
===> OSWP - Offensive Security Wireless Professional
=> Other
-----------------------------
Columns
-----------------------------
=> Editor-In-Chief
=> Andress
=> Gates
=> Haddix
=> Hadnagy
=> Heffner
=> Hoffman
=> Linn
=> RichM
=> Murray
=> J. Peltier
=> Weidman
=> Wilson
-----------------------------
Features
-----------------------------
=> /root
=> Book Reviews
=> Opinions
=> Skillz
===> Examples
===> May 06 - Star Hacks, Episode V: The Empire Hacks Back
===> July 06 - Hack Bill!
===> Sept 06 - Netcat in the Hat
===> Nov 06 - Hitch-Hackers Guide to the Galaxy
===> Dec 06 - A Christmas (Hacking) Story
===> Feb 07 - Charlottes Web Site
===> April 07 - Microsoft Office Space
===> June 07 - Serenity Hack
===> Oct 07 - Worst. Ethical. Hacker. Challenge. Ever.
===> Dec 07 - Frosty the Snow Crash
===> March 2008 - It Happened One Friday
===> Oct 2008 - Scooby Doo and the Crypto Caper
===> Dec 08 - Santa Claus Is Hacking to Town
===> Feb 2009 - Brady Bunch Boondoggle
===> July 2009 - Prison Break
===> October 2009 - SSHliders
===> December 2009 - Miracle on Thirty-Hack Street
===> December 2010 - The Nightmare Before Charlie Browns Christmas
-----------------------------
Resources
-----------------------------
=> Career Central
===> Looking For Work
===> Looking To Hire
=> Links to cool sites.
=> Mass Media
=> News from the Outside World
=> Tools
=> Tutorials
===> Tutorial Requests
Loading...
Exclusive Deal
SANSFIRE 2013
June 15 - 22
5% Off
w/ Code
:
EHN_5
SANS Deals 4 EH-Netters
5% OFF
Any
SANS Course
in Any Format!
Coupon Code:
EHN_5
Including
SANS Rocky Mountain 2013
&
SANS Boston 2013
Polls
Compared to this year, 2013 will be:
Great!
Better.
About the same.
Little worse.
FUBAR!
Recent Forum Topics
Programming
: Finished Python Course in Codecademy now what?
(13) by
securitian
Network Pen Testing
: Ruby on Rails Vulnerabilities/Attacks in BackTrack 5 r3
(0) by
SUdoctstudent
Network Pen Testing
: De-ICE 1.140 released!
(2) by
superkojiman
Network Pen Testing
: AIX Vulnerability Assessments
(1) by
3xban
General Certification
: CPT Practical Submission
(1) by
UNIX
OSCP - Offensive Security Certified Professional
: Failed my first attempt at the OSCP exam
(94) by
azmatt
Tools
: Social-Engineer Toolkit (SET) Version 5.0 “The Wild West” Released
(2) by
m0wgli
Malware
: EICAR?
(3) by
UKSecurityGuy
Advisories
: HTB23154: Multiple Vulnerabilities in Exponent CMS
(0) by
AndyP
Advisories
: HTB23153: Multiple Vulnerabilities in Jojo CMS
(0) by
AndyP
Advisories
: HTB23151: Cross-Site Request Forgery (CSRF) in UMI.CMS
(0) by
AndyP
Tutorials
: Need guidance
(8) by
r0ckm4n
OSCP - Offensive Security Certified Professional
: Class Scheduled 6/8 - Linux n00b
(7) by
Taemyks
OSCP - Offensive Security Certified Professional
: OSCP exam scheduled
(6) by
gbhat
Incident Response
: LinkedIn Forensics
(0) by
AFENTIS_Forensics
General Certification
: Red Team/Blue Team
(1) by
ajohnson
Career Central
: Starter cert?
(3) by
Grendel
Network Pen Testing
: Beginner Ethical Hacker
(1) by
m0wgli
Web Applications
: Nessus and Nikto
(4) by
Seen
Network Pen Testing
: Cracking salted MD5 hash
(4) by
n37sh@rk
CEH - Certified Ethical Hacker
: Passed my C|EH
(3) by
n37sh@rk
Mass Media
: EC-council hacked, irony at his best?
(0) by
j0rDy
Web Applications
: SQL Injection into an INSERT statement.
(6) by
eyenit0
Network Pen Testing
: Solution for sipXtapi INVITE Message CSeq Field Header Remote Overflow
(1) by
m0wgli
Web Applications
: dns
(2) by
H1t M0nk3y
Other
: BSides Boston
(0) by
3xban
Career Central
: InfoSec in Central, FL
(2) by
tturner
Web Applications
: Web vulnerability scanner
(4) by
H1t M0nk3y
EH-Net News Feeds
Latest Additions
Privacy Notice
for TDCC & All Properties
© 2013 The Ethical Hacker Network
Joomla!
is Free Software released under the GNU/GPL License.
Programming : Finished Python Course in Codecademy now what?
