Thursday, September 13, 2012

SSH Tunneling Attack into Local Network

In this case I'll show how to attacking inside local network via Linux server, this is with a picture like this :

This is scenario of attacking in this case, Attacker is from outside network will hijacking server linux machine and force into local network (Windows), I'll try to show with blackbox hacking method, first thing we need is scanning network or Information Gathering

So now we can look service and version of target system, from this data we can search vulnerable service to gate enterance into target machine, I try to attack from samba service so I open metasploit on console and search exploit for samba on unix machine

After choose an exploit for unix machine running samba and show option for this  machine like here

I look option by type "show options" and we can look what the next option we need to fill, like LHOST as own IP, RHOST as IP Target, RPORT as Port we'll use on target machine and PAYLOAD as shellcode to get system on target here I do

And run exploit to try injecting payload and exploit into target system if that is success that will show process like this

After enterance into target machine we can try to type "ls" to look directory like this

I try to check id and who as I now in machine with command id and whoami

Now we had as root that mean we sucess get root or rooting in target system, after all we can get password hash into /etc/shadow

And now its time to crack password from this hash in /etc/shadow, I copy this into text editor and save as txt format and I save into john folder cause I use john the ripper to crack password hash like this

After we know have access to machine, with information from nmap we know this machine running service ssh now try to access from ssh service with password and user have from here

After success enter into system machine from ssh service try to look network interface active on that machine

I found 2 network interface is active that is eth0 and eth1, this can predict he system is server for local network , eth0 is for internet network access and eth1 is for local network service, so try to scanning network on eth1 from this machine like here

There 2 machine active on this server, I decide to try attacking into target IP 10.10.10.2 from my machine with tunneling technique via ssh service I do like this

After get access via tunneling I set to port 9090 and I edit proxychains channel port from 9050 to 9090 to use it for tunneling, I open metasploit with proxychains, that logic is metasploit will running on port 9090 tunnel to machine server linux target and jumping into local network

I will attacking windows system on target with information from previous gathering and I decide to attacking with samba service on windows like here

After set RHOST for IP target I use payload meterpreter bind_tcp like this

Set payload and running that exploit and this exploit

I try to migrate to other service in this machine, I choose explorer.exe
On this step we have access and control machine on local network via tunneling from server machine.
 
IS2C © 2012 Blog's Student | is2c