Security Demo

[uid=[0]]

The following video, is from me doing a pen-test on my server, and then succesfully getting root access on it. this demo is not for any purpose other than to show those out there who arent very "security minded" just how easy it can be to take controll of a vulnerable computer. this particular exploit used, is an older exploit that has been patched, and with the proper update will not work, but for awareness of how easy it can be i used it. now yes these are under "controlled environments" that i know exactly what the vulnerabilities are, however, a hacker will look for a vulnerability such as the one used in the video, that will be easily exploited. once again this is just to shed some light on the security concerns of today, and show how easy it is to breach a system. no skillsets are shown here such as the exploit itself etc.. nothing that can be used to do future harm, and does not promote hacking of any sort.

in the video, you will see a command prompt on the right with an ip highlighted, that is the "localhost" computer.

Video is HERE

if any of the mods have a problem with this, please just edit out the post. dont ban me, because im just trying to show those who are not aware how quickly their computers could be damaged if not properly maintained.

Also... those who watch this video, do not email/message/pm etc.. me asking how it was done because i will not release any information, other than the vulnerability that was exploited.

localhost computer Windows XP SP2
remote computer Windows Server 2003
vulnerability ms rpc MS-03-026
http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx

* these computers are computers that i OWN and are on MY private network.

 

[localhost]

Haha, that didn't take too long. Although all it really does is allow the person to get the IP?

 

[uid=[0]]

No, the one i used there, spawned a reverse shell back to me, basicly put, gave me a command prompt from a remote location... like me pulling up a command prompt here, and running commands on your computer.

 

[Trivium Nate]

nice

 

[uid=[0]]

LOL thanks

 

[DJ-CHRIS1]

Awsome

This wouldnt work on a patched 2000 server would it?

 

[uid=[0]]

no, that it wouldnt.

 

[borat_sagdiyev]

im on a mac right now, do you mind converting it to a mac friendly file format?

 

[Half Evil]

if any of the mods have a problem with this, please just edit out the post. dont ban me, because im just trying to show those who are not aware how quickly their computers could be damaged if not properly maintained.

Banned!

But, actually dude that was interesting.

Although, I gotta ask. And, I wont do it here so look for a PM. And no, im not asking how to do it.

 

[uid=[0]]

LOL ArrizX check your pm's