I've made another video you guys may want to see.

It shows a complete hack.

I used nmap to find open ports and do version scans of common services. Then used metasploit to exploit the system with the sql resolution exploit, used the meterpreter as the payload to gain shell access.

then tftp over a hash extraction tool (PWDump4) and netcat. read the hashes for the admin account, break that password with john and set up netcat as a permenant backdoor.

hope you like.

you can download it from rapidshare at

http://rapidshare.de/files/16109953/complete_hack.swf.html

l8r,

Could you please post a link for a d/l on a free viewer for the .swf file?

Thanks and regards,
mad :D

xatar, very impressive there buddy! I have a lot more reading to do. :D

mad223cal - just open the swf in IE or Firefox. Just make sure you have the Flash plug-ins and you should be watching the master at work.

Excellent!

Sounds very interesting, but I can't view it. Could you put the file somewhere more download-friendly?

Interesting, Ill be sure to take a look at it.

great job on tutorial, nicely done. I watched it from the site but how are you able to download it so it can be viewed localley. thanks

can someone send me the flash to my mail?

http://media.putfile.com/complete_hack

Make sure you choose "800" from the View Size: dropdown menu.

Anyone upload again to yousendit.com (http://www.yousendit.com/),
cause i was always having problem with rapidshare.

Thank

what structure7 means, is that when you follow the link through to putfile, the video should start playing (if you have the correct flash plugins for your browser), under the video is a drop down box, choose the 800 option.

It should also work from rapidshare link, you will need to choose the free download option, then wait a few seconds for the link to become available. you can then right click on it and choose to 'save target as' and save it to your own drive.

If you don't know how to open a XXX.swf file in a web browser, then you will need to take your computer back to the shop you got it!!!!! ;)

If anyone has any questions about the attacks and tools, just post them here and someone will answer them.

What I was trying to do is pull together in a sequence some of the tools you 'may' use in exploiting a system. I'll post more in the upcoming months.

l8r,

Hey there,
I enjoyed your video...but must add my 2cents.

(1) why would you start a TFTP server ?? :confused:

Metasploit has SSL suppport (if you installed it) and Meterpreter has a crypto xor cipher. Use -m Fs is perfectly fine to transfer files without all that unencrypted mumbo jumbo extra work.

(2) why would you use netcat instead of cryptcat or something else ?? :rolleyes:

I know you are just showing a lab hack...but in the real world this is very risky since everything you are doing is unencrypted over the network.

On a side note here is an old meterpreter video i just uploaded today for you to see that shows the Fs module.

http://www.dankgreenchile.com/backtrack/dgc_metasploits_meterpreter.zip

what do you think ?

hi,

yeah, point taken on the extra functionality of the meterpreter. It is a fantastic payload and allows lots of different actions.

I recommend everyone read the meterpreter paper available from metasploit.

As you say, all I was trying to do was show a series of steps to exploit a machine. I agree 100% about cryptcat, I use that instead of netcat in my pen tests for the exact reason you say, confidentiality!

I'll do a video on the useage of cryptcat too.

good video though! like it.

l8r,

Great video xatar and darkgreenchile.

I've seen a few hacking videos now, mostly from irongeek and crimemachine...

I can't get enought of these though, if anyone knows of any more please post! It is so easy to learn a wider breadth of tools via these videos :)

Too bad none of the videos actually cover a hack against a secure system. That hack seems almost too easy and too good to be true. Id say the target pc was setup for it. If you really want to post a hacking video, do it against something that takes a real hacker to hack and i think we will have something very interesting to watch. :cool:

I'm not trying to prove myself, I'm trying to educate others.

I don't feel as if I need to prove myself. If you feel that you do, by all means post your own video. Otherwise, shut the f*ck up!

I have actual hack videos that would rock your mind, but do you think i would release anything that would incriminate me? DOUBT IT. who would post a video of themselves committing a crime ?? you first and you can barter for some of mine.

Hahaha, ah yes hobz was right. I was not trying to insult you, but I was actually attempting to get people into the idea of making videos with more of a real world sence as opposed to a simple example. Which is also something I argue in my schooling as well. They teach us with examples that are very far from something that would normally happen in real life. I was just hoping to see more videos or papers with a better example I suppose is the best way to word it. I apologize if I insulted you xatar.

I have actual hack videos that would rock your mind, but do you think i would release anything that would incriminate me? DOUBT IT. who would post a video of themselves committing a crime ?? you first and you can barter for some of mine.


Again It was a mistake on my part I failed to make myself clear. See the post above. Sorry.

While TGV made his point bluntly, it was a good point. This particular video may be a good introduction for beginners, this is hardly a complex hack. If you have hacked something more difficult (preferably legally), why not make a video or write an article covering it?

See, I think that's a neat idea.

Got it from putfile -- thanks!

Xatar,

Thanks for another very well done video. Excellent !

I got to view the vid on putfile when I tried to get ot from rapidshare it didn't seem to want to give it up, lol then told me I had downloaded < I searched just in case > and I would just have to wait 65 mins try again or get a premuim account. Reguardless of all that !

I'd like to have it on hand for reviewing it is packed full of the how to infomation all us have/nots need to learn as to progress along. Could another download site be apropirated

As always much apreciated.

Yep, ditto here - I can't seem to get it from Rapidshare either.

Hey nice video.
By the way, today I did some hacking using Back Track CD in my win 2003 server class. However as mentioned here before, it was an easy hack, but it wasn't a setup one.
So, I would like to make a video to show others how it's done.
My question is, how do you record everything you do (type & click)?

Here is a nice tutorial on that exact subject posted by Irongeek. http://www.irongeek.com/i.php?page=CamStudioOSS/camstudio

I have actual hack videos that would rock your mind, but do you think i would release anything that would incriminate me? DOUBT IT. who would post a video of themselves committing a crime ?? you first and you can barter for some of mine.What was that? Freudian slip? Do you have something to hide? I saw nothing in in TGV's post that mentioned anything about illegal intrusion. The "secure system" he was referring to could have been your own Bastille-hardened box. Let's try not to jump to any rash conclusions, kay? :p

What was that? do I have something to hide? Do you want to start shit with me!?! shut the **** up, where the **** is your video, point me to that and we will have a talk.

The Great Virus is from albuquerque just like I am...We have no problems, maybe ill send him the kind of video your talking about but thats the last time a post a tut in this stupid ass forum full of newbs trying talk shit.

**** bastille hardened boxes...and for that matter if you have a video that hacks a hardened box it defeats the "Secure system" video you want to put out.
Why dont you make a video of you trying to hack and box and fail...and there will be your "secure system" video...im sure you can do that...

If you want a video of programming a buffer overflow or an assembly program on the fly to sploit something you can go **** yourself wanna be. Its because of people like you - that want to be all sarcastic and take things as literal as possible, and want to talk shit...that make me not post my shit.

Nothing wrong with videos. =)

I need to ask guys, I've only been able to view Xatar's video so far. Has anyone been able to actually download the complete_hack.swf file. If so how and where I've tried every way I can think of and yes I have been using right click to save as target, just not getting the desired results. Now if this is on my end please enlighten me to my error's. Thanks. :confused:

If you click on the link, it brings up the rapidshare page. There is a "free" button. Click on that which in turn brings you to a download page. After about 20 seconds, the page changes, and you need to select the download site, and type in the random string, and select OK(?). It will start to show the video. After viewing the video, I'm sure it will be in your temporary internet files directory.

Now if this is on my end please enlighten me to my error's. Thanks. :confused:

Thanks for your response ArmedPilot;

I did as you described, The file plays however it is not in the temporary internet files directory or any other place. I'll just have to do without :(

Thanks for your response ArmedPilot;

I did as you described, The file plays however it is not in the temporary internet files directory or any other place. I'll just have to do without :(

why don't u write it down like I did.Just watch it and write it down.That way u have it anytime anywhere.

Anyway thanks ALL of u for making those vids.I'm n00b and those vids helped me a LOT! I'm trying it on my LAN. Nice job :D

if you can't save the movie
on putfile page when the movie is being played
display source code of the page
search for .swf
copy the link and download the swf

or if you are super lazy
http://anonym.free.free.fr/remote-exploit_xatar_complete_video.swf

can't believe i have to explain that =)
intersting movie

Roger that.

Thanks for the insights and the answer :)

I have actual hack videos that would rock your mind, but do you think i would release anything that would incriminate me? DOUBT IT. who would post a video of themselves committing a crime ?? you first and you can barter for some of mine.

First of all, get real...

Now to the more serious stuff, releasing video of crime. Maybe you've never tried searching for it, and that's where the line breaks, cause MANY people release videos of crime done by themselves.

An example:
Let me introduce a new word for you (This is exaggerated and may appear disgusting and repellent to most people , so please look away from this if you have soft nerves): Snuff; A snuff film is a film that depicts an actual murder, produced explicitly for commercial entertainment purposes. Most of all snuff movies include raping of the victim.

So, my point is, blur out anything that leads to you, target ip and stuff like that, and you should be good to go.

If you do have movies, share them. If you don't, stop making me laugh, 'cause your just killing me :)


EDIT: Forgot to say, great movie xatar :) Though you shouldn't be that offended when a guy asks for more complexity in the hack. Of course this was a basic, and you really meant basic :), hack and it should be received as that, and that's why I say, great movie! :)

BTW chaps theres a great firefox extension called videodownloader that makes grabbing them to your HD very simple


if you can't save the movie
on putfile page when the movie is being played
display source code of the page
search for .swf
copy the link and download the swf

or if you are super lazy
http://anonym.free.free.fr/remote-exploit_xatar_complete_video.swf

can't believe i have to explain that =)
intersting movie

I agree its not a hard hack but shows basic tools and shows the 3 phase's.
Recon
Exploit
Foothold.

In case you havnt figured Im not leet like some guys/girls are. Im 100% whitehat and Trained(uni, trade certs). I was never a crazy leet cracker/hacker. Ive worked with a couple that went corp and sure they have some insane stuff to tell about when they where young.

how about ideas for a harder hack. im thinking someone that links several zoned attacks to gain the foothold.

PS. Post vids of RW hacks is silly. anyone that posts that shit is just asking for trouble.

If some would make a suggestion for a 'demo' hack video, I'll try and set it up and make it.

As you say, the video was a demonstration of a couple of phases of an attack. scanning, exploiting and backdoor foothold.

What do you guys want? Let me know and I'll do something.

Edit: Don't say "hack the US Government!" I won't. Not saying they don't deserve it, but it will be my own network I'll be attacking!

some suggestions not just for you for useful tutorials video or otherwise:-

basic c (using shellcode) (though basically 'smashing the stack' is pretty good here)

basic asm (making shellcode type stuff)

basic perl/py

uncrippling exploit code


Now these subjects sound very simple when put like that but are v. complex so I am not so sure they are do able plus there is a pretty good on on buffer overflow stuff out there and whole books have been written on the subjects. Maybe the uncrippling exploit code. A few same video tutorials isnt really the way to learn this stuff but I would pitch them with maybe further reading added in. In fact at least one of these tutorials is in my long term plans (expect to see it around 2048 ;) )

some suggestions not just for you for useful tutorials video or otherwise:-

basic c (using shellcode) (though basically 'smashing the stack' is pretty good here)

basic asm (making shellcode type stuff)

basic perl/py

uncrippling exploit code


Now these subjects sound very simple when put like that but are v. complex so I am not so sure they are do able plus there is a pretty good on on buffer overflow stuff out there and whole books have been written on the subjects. Maybe the uncrippling exploit code. A few same video tutorials isnt really the way to learn this stuff but I would pitch them with maybe further reading added in. In fact at least one of these tutorials is in my long term plans (expect to see it around 2048 ;) )

If you are interrested in shellcode and writing exploits like buffer overflow, I suggest that you check out the site called www.smashthestack.org

They have a nice wargame also. Best of all, people don't shit eachother in the face in that community :)


Other thing (not to you CurioCT :)) :

I still don't see what you people have against real-life pentests. It's not that hard blur out stuff like IP's. That covers pretty much of the protection. If your pentest is illegal, that wouldn't matter, since you blurred out the IP's.
Of course, don't do anything stupid, i'm talking about picking the lock here, not about burning the house down!

Anyway, I encourage you people who has the moves, to bust a move. Now go hit the dancefloor! :)

How about a perl exploit tutorial for phpBB2 or phpnuke 7.8/7.9 that works? or vBulletin Version 3.5.4 I've read several cookie ones that had no luck. Thanks bud.

Could you please post a link for a d/l on a free viewer for the .swf file?

Thanks and regards,
mad :D


Hi Guys

I see your all after the complete hack video flash file that has been shown here http://rapidshare.de/files/16109953/complete_hack.swf.html and created by xatar

all you need to do is open notepad, paste the following code into it and call it whatever.html onto your desktop.

<html>
<head>
</head>
<body>
<p align="center"><a href="http://f4.putfile.com/videos/d2-8006110957.swf" target="_blank">Link to File </a></p>
<p align="center">Right click on the above link, and select &quot; save link as &quot;</p>
<p align="center">This will allow you to save the file locally </p>
</body>
</html>

right click on the file and open it with firefox you will then see a hyperlink caled " Link to File " RIGHT click on it and select save link as.

Job done.

Sorry to all the very clever people on this site, you dont need to be subjected to such simple stuff, but us newbies need all the help we can get !!
Cheers
Pyros

irongeek.org :D

free flash player
http://www.globfx.com/products/#swfplayers
its called swiff player

i cant download this movie, can some1 post another link ?
thanks !

very nice video, glad i got it before rapidshare took it down. Good job, and thanks for sharing! :)

very nice video, glad i got it before rapidshare took it down. Good job, and thanks for sharing! :)

Took what down....the file is still there....:)

pyros info was good for me tnx...

<html>
<head>
</head>
<body>
<p align="center"><a href="http://f4.putfile.com/videos/d2-8006110957.swf" target="_blank">Link to File </a></p>
<p align="center">Right click on the above link, and select &quot; save link as &quot;</p>
<p align="center">This will allow you to save the file locally </p>
</body>
</html>

excellent..

http://f4.putfile.com/getfile/11796cslash-18ca2-97362-88354video9d8c-sslashd2-8006110957.swf incase anyone still wants the file

here is a mirror

rapidshare.com/files/34542747/file.rar

i cant seem to see the video. all the links seem to not show anything.

i cant seem to see the video. all the links seem to not show anything.

its a shockwave flash .rar file. Try opening it with winrar..then open with firefox or internet exploder

i've seen the video at putlife but i would like to save it to my hard drive can someone upload it again to rapidshare ?

thanx

btw great video

i've seen the video at putlife but i would like to save it to my hard drive can someone upload it again to rapidshare ?

thanx

btw great video
just look 3 posts above yours for the rapidshare link

here is the link just in case its too complicated for you to add the "http://www." part to it ;)

http://www.rapidshare.com/files/34542747/file.rar

just look 3 posts above yours for the rapidshare link

yes i know but the link was dead
thanks a lot for the upload

yes i know but the link was dead
thanks a lot for the upload

The link is not dead it works

I tested it before giving you the link that had already been posted and just tested it again, still works

humm




:confused:

The video is cool but very out dated. That version of metasploit is not even available any more and that vunerability was patched like last year

dead link man !