Thank God! Finally a tutorial without shitty dance music and a douche writing instructions in notepad! Cheers mate!

Legend! Cheers buudy!

i dont get it did you just hack some random guy

this looked like chinese to me

how would i copy a file or a folder when im already in the remote host , into my machine? can smbd show me the commands? thnx...

THIS VIDEO KICKED ASS! THANK YOU SO MUCH MAN!

you're a genious! =) very good

NICE!!! Subscribed!

this is my first victim ^_^ what i can do i have probelm

msf exploit(ms08_067_netapi) > set rhost 109.82.167.221

rhost => 109.82.167.221

msf exploit(ms08_067_netapi) > exploit

[*] Started bind handler

[*] Automatically detecting the target...

[*] Fingerprint: Windows XP Service Pack 2+ - lang:English

[-] Could not determine the exact service pack

[*] Auto-targeting failed, use 'show targets' to manually select one

[*] Exploit completed, but no session was created.

@hakttowr may be there are no vulnerabilities in that port

all thing be good with me but i have problem when i type set rhost and the ip

after i press enter all thing be good but i see that

"Exploit completed, but no session was created"

what is probelm in that?

coool that is good tutorial

good job.

beautiful.. we need more content on youtube like yours

@KevinBurnsDj Thank you very much. I'm trying to find more time to built my own website again with a forum / blog, and post more youtube videos. I have lots of things I would like to share, just not enough time to post them all :P

Great vid! got a question though:

ok so im new to metaspliot and such but I have heard there is a way to actually pull the remote host's screen up on your machine and use it as if you were at that machine. Is this possible or are people just bullshitting me?

@Sc0ttTay yes it can be done for sure. I personally would look into metasploit and the VNCinject payload. I do caution you though because you are more likely to be noticed when their mouse starts moving vs running commands in the background.

@jckss121 ok thanks. does their machine need to be running to do this? like does somebody need to be using the machine?

@Sc0ttTay The computer needs to be on and connected to the internet, the user does not need to be logged in, but I sure hope you have a password to logon...

Ty for sharing

nice and simple , make more !! :-)

thanks again

Fail. i'm on OpenBSD w/ BlackBox, using BASH(Bourne Again Shell).

I agree with you r4tdance. Anyone can become a script kiddie, but you have gotta dig into some code and CLI to take it to the next level.

Skiddies Dream. Go get a clue, skidiots, stop hiding your precious cluebie GUI's and playing with code you have zero idea about. You FAIL by default.

>implying you can do any better

enjoy your cmd

@Hax0rPr0n

His comment was not an example oxymoron at all. An oxymoron is "is a figure of speech that combines normally contradictory terms", for example "Cold Fire" or "Microsoft Works". It is however sligtly hypocritical and possibly an example of juxtaposition. Using big words doesn't make you look smart unless you use them correctly.

jckss121 si la pc remota usa firewall es posible explotar igual el exploit?

@Hax0rPr0n lol knowone gives a shit

I"m using the metasploit gui, how do I use the screenshot command via the gui? it's for my homework :)

use the console inside the gui

Thanks for the tutorial.

i would like to know, if port 445 is closed on the remote host, will the exploit still work? is it possible to use a different port, preferably one thats open?

Nope sorry have to have an open port

you can simply type shell rather than execute -H -f cmd.exe -i to use the command menu :)

Zero Code.

Thanks buddy, I was not aware of that. I'll have to try it out!

im trying to use the psexec exploit against a windows vista computer, but when I exploit, it says that the remote host only gave me guest priveleges. what should I do?

well when you choose the psexec payload did you enter "show options" to see that you need to enter in the SMBuser and SMBPass. This must be an admin account to get admin permissions. Also make sure on your Vista machine that Admin shares are enabled. Hope this helps.

well how do I find the specific SMBuser and SMBPass? If I have to know that already doesnt that defeat the point of hacking the system?

the psexec isn't actually an exploit. It allows for remote access to a machine when you know and admin username and password. Its very handy for dumping the hashes using the meterpreter ;)

well what exploit could I use (in metasploit preferably) that will work on port 445 with Vista?

awesome, you have to watch it about 5 times as there is so much detail but certainly the best video i seen on hacking.

Well done !

yes he gave it all away! Please dont do anything illegal. :(

aahn! now it's fine.. nice video. I luv to see a spawnin' w32 shell :~

Thanks 4 share

thank you, you get right to the point and you have a clear voice!

watched the first video as well, I liked this a lot, very professional :)

good :)

Very well done jckss121, this was a great video. You had a clear voice, explained in depth what you were doing, it was easy to follow along, and decent video quality on top of all that. Although it was a reasonably basic hack, it was a great way to introduce beginners who may be daunted by metasploit and the process of performing host/exploit detection and exploitation. Youtube, and the internet in whole, needs more videos like this. I'll definitely be subscribing. Great job!

o yea..

this was a good video..

now all we need are bow hunting skills.

Oh also is it possible to enable remote desktop over cmi?

you're pretty damn handy with CMI

hey anyone got some help, when i tried this , I get

Exploit completed, but no session was created.

anyone knows why?

absolutely stunning -- hope you patched that OS, or better yet, replaced it with a more secure one.

very nice and pretty sum up.

i really like how wohlesome it is and the scope of option it introduces to.

just a hint.

you cant just set users as admins if you dont already have the admin rights.

its a little misleading.

Just a Hint: If you follow the tutorial, you would realize that the exploit gave us SYSTEM level privileges to add a user as admin very easily!

thats nonsense.

in the case of the shown hack you exploited the system when the admin was logged on, that is why you had admin rights and could set users as admins.

the exploit itself just gives you the rights of the user that is logged on at time of the hack.

try yourself. set the RHOST box on a guest account with no rights and hack it. see if your set localgroup admins works.

OK, so I tried your recommendation, but instead of a "Guest" account, I did something more realistic like a "Domain User" account which was attached to my domain.

I launched the exploit with ONLY a "Domain User" logged in. I was able to successfully create the account and add it to the admins group.

I then went onto the Windows console as the "Domain User" and tested to see if I could add or remove an account. With no success a "Domain User" was unable to edit the accounts.

hm, that is new to me.

i cant test it myself at the moment.

but as you did already test it , i apologize for my false statement.

I even tested it with no user logged in, and works no problem.

I think what you're talking about is if you have a mobile meterpreter in the form of an executable. The person who executes the mobile meterpreter will give the attacker a shell with the same privileges as the person who executed it.

just wondering, (my sound is broken right now so im not sure if you say in the video or not) how do you know what exploit to use? is there a way to automaticly find the correct exploit for ex: an open port? Or does nessus just say very precisely what is the danger and then you can easily look it up in metasploit? Im a bit confused.

This is why you'll want to use nmap and nessus. Nessus is the critical program that told us the system was vulnerable to the ms08-67 exploit. However, with the -A flag in nmap you can find out version info, and find out if their is a known vulnerability for that service version.