Alright im trying to hack my school's website, ( i get points if i do it successfully) i scanned the webserver ip and i found, ports 80 (http), 3389, 25 and 8081 open. i know port 3389 is to remote access it and i have done that already, but when i use the Remote Desktop connection thing, i get into the computer successfully, but it asks me to log into the computer, and i need to somehow brute force the password. how can i do this? Also what can i do with port 25 and 8081?
well, idk if it has any weaknesses, because its simply a login to get into a person's user account, cause everyone in the schools has their own account. what u mean root?
Linux can crack RDP and VNC protocols, aswell as sniffing with Cain & Abel while using APR attack you can get the hash and then crack it, sniff between two or more computers, i.e a server and a few teachers while doing APR, get the hash and crack it. Read this: http://www.go4expert.com/showthread.php?t=14438 it might help, and read Cain's help file so that you know the tool inside and out: http://www.oxid.it
yea.....if ur using a PC to acess the network, just boot it off UBUNTU or some other free OS. u can get the admin and use it 2 log on
wait guys, when i remote access the computer, i just seem a log in page, so im not able to log into anything! i don't have access to a user account. all i have access to is a login screen.
yea but.....maybe a stupid question.....he doesnt have a username to access the account what if the username isnt standard? (ie Administrator) but use that linux hack fo sho
Cain & Able has a Users enumerator to see the names of all the user accounts, thus he knows the user account he only needs the password hash so that he can crack the hash. The hash will be NTLM, to boot up from a cd he will need to be in physical contact with the target computer thus not making it a remote attack. He has to do it remotely as I understood. Enumerate the users using Cain & Abel, then get the hash, crack it using Cain & Abel and there you go. You can even Export the hash and take it home to crack it on your own time. To sniff the hash you will need to read the Help file on Cain & Abel, the manual is in there describing all the program features and uses.
yes, spoonwizard understood my situation exactly, but, im not a pro with cain and abel, but im pretty sure i can figure everything out except for the part after you find the users ( i don't need to find the users because i already know the user name). I not exactly sure how i will tell cain & abel that i want to find the hash of the remote computer? can someone guide me threw the steps?
wait so, this is what i've got, i remote accessed the computer im trying to hack, got on cain & abel, went to sniffing tab, click on APR at the bottom, click the start button at the top. and waited and didn't get anything on my screen? am i doing something wrong?
Yes, you need to click on the sniffing tab while the sniffer is activated, and the APR must be activated, then you click on the blue + sign, it will ask you to scan your network so scan it. Then all the hosts on your network will be added in the list. Now, click on APR at the bottom, click on the top Text box and then click on the blue + sign (You need to click on the top text box to activate the blue + sign) once that is done you can select between which hosts you want to sniff. Select the Target server in the left and then your I.T technician's computer on the right (or who ever logs in regularly on the server). Wait for him/her to log in or go to the person and con him into logging in so that you capture the hash. Once the hash is captured click on the bottom "Passwords" tab then in the left you need to select "smb" then in the right it will show you the hash, right click on the hash and select send to cracker. Now click on the top "Cracker" tab and select "LM & NTLM hashes" on the left, now you will see the hash again, right click on it and select any cracking method you need, It will most likely be NTLM session security, so bruteforce it by doing 250000 - 1.5mil passwords/sec or dictionary attack it. You can even use Cryptanalysis attack. Hope it helps.
okay, so should i be doing this all while i am remote accessing the host computer? i had a slight problem with the part where there are 2 colums. What do you mean by I.T technicians computer, do you mean my teacher's computer? if so, isn't that the same as the target server? and on the left column i tried to look for my ip and it skipped it?
No, all you need is a connection to the network. You need to sniff traffic between the target server and someone elses computer, so sniff between the target server and who ever logs into the server remotely quite often. The person who goes to the target server only needs to browse the shared files and then you have the hash since you have been sniffing between those two computers. A server always ask for a password before you can browse the shared files, you can select to Remember the password but even then, when the person who have authority to browse the server actually browses the server while you are sniffing then you will get the NTLM Session Security hash which you can crack in Cain & Abel, if you have the Administrator password then you can install abel on the target and have full control. You install Abel by clicking on the network tab and then "Microsoft windows network" and then browse to the target computer, right click on it and select "connect as", type in the Administrator username and Password then connect, browse to target computers services in right click on that, select Install Abel and abel will install. You can then do anything with it.
Liking this thread so far. Spoonwizard you've made some great contributions. i have a question tho. Let's say he RDC to the server or to the school. Or lets say he makes it to the login like he said he has. Does he run canin and abel on his local machine? Or does he have to log in thru RDP first with any user and then run cain on the remote computer with a local user?
He runs it on his local machine, he just sniffs the network for the password hashes, Cain is on his computer and with cain you can engage a middleman attack where he then see all the data between one computer and another computer or one computer and a gateway or the gateway and all the computers on the network. But if he does that with all the computers on the network he will crash the network because too much APR traffic will be generated on the network. But he runs Cain on his local machine, he sniffs between the Target server and all the people who logs in on the target server, be it by SMB connection or RDP, he will get the hash. SMB will use NTLM hash and that is the preferable hash we are looking for here, so the password you use to log in the Admin account at RDP will be the same as the Admin account on SMB connection. So you will get the main password by sniffing the hash and cracking it. When you sniff between a gateway and some other computer on the network you will be able to see usernames and passwords of pop3 email in clear text using cain, even certificates can be falsified by sniffing. I once stole one of my friends gmail account password using cain and sniffing at the time he logged in. Cain is a very handy tool.
Alright it makes a little more sense. How do I make cain sniff? I can't really download it now cuz im in school but i have it at home. cain is a great tool like you said but i havent had the pleasure of installing abel on a remote computer and im dying to try it! so yea how do i make cain sniff? do i need the terminal service opened to the login page?
you need to open nothing, just read the help file that comes with cain its worth it and you will know the program then. There is a sniffer button around the top left of Cain that has a NIC image on it next to the Radio Active sign, you will need to activate both of them. Then the rest is explained with images in the help file about 2 pages (Not even).
