Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, July 28, 2010

Hacking password of a Virtual Machine

I have a portable version of virtual-box and i need to hack the admin account from the OS within the virtual-box
A. Well, you could boot a minimal linux machine inside virtualbox with nmap... and run a `nmap -sL __`
Where __ is the subnet you wish to scan for active hosts on the network. e.g.:
nmap -sL
would scan to
Save the list of hosts on the network to a file or whatever, then look into what services are running on a particular host.
Obviously the next thing you need to do is to find out what version of software that box is running:
nmap -O -sV __
Where __ is the box you wish to scan. You should get something like this:
[demo@slackware ~]$ sudo nmap -O -sV
Starting Nmap 5.21 ( ) at 2010-07-20 17:39 BST
Nmap scan report for slackbox.home (
Host is up (0.000034s latency).
Not shown: 997 closed ports
22/tcp  open  ssh  OpenSSH 5.5 (protocol 2.0)
37/tcp  open  time?    
113/tcp open  ident    
1 service unrecognized despite returning data.  
Device type: general purpose    
Running: Linux 2.6.X    
OS details: Linux 2.6.19 - 2.6.31
Network Distance: 0 hops  
OS and Service detection performed. Please report any incorrect results at .    
Nmap done: 1 IP address (1 host up) scanned in 7.79 seconds
Next you just need to find your way in by exploiting a specific service. Obviously out of date or un-patched software is your best bet. 
To see if the software versions running on the boxes you scanned have existing public exploits available.
B.You could also get this information by using a portable version of zenmap for windows (if there is one) and doesn't necessarily require a virtual machine to do the job.
You probably know, but most corporate/school networks have alarms set in place looking for scans of this kind. So watch your back and don't force scan anything. (i.e: -T flag in an nmap scan to set the priority -T1 being really slow, or T5 for fast)

No comments: