Source
I have a portable version of virtual-box and i need to hack the admin account from the OS within the virtual-box
I have a portable version of virtual-box and i need to hack the admin account from the OS within the virtual-box
A. Well, you could boot a minimal linux machine inside virtualbox with nmap... and run a `nmap -sL __`
Where __ is the subnet you wish to scan for active hosts on the network. e.g.:
Where __ is the subnet you wish to scan for active hosts on the network. e.g.:
nmap -sL 192.168.1.0-255
would scan 192.168.1.0 to 192.168.1.255
Save the list of hosts on the network to a file or whatever, then look into what services are running on a particular host.
Obviously the next thing you need to do is to find out what version of software that box is running:
Save the list of hosts on the network to a file or whatever, then look into what services are running on a particular host.
Obviously the next thing you need to do is to find out what version of software that box is running:
nmap -O -sV __
Where __ is the box you wish to scan. You should get something like this:
Where __ is the box you wish to scan. You should get something like this:
Code:
[demo@slackware ~]$ sudo nmap -O -sV 192.168.1.65
Password:
Starting Nmap 5.21 ( http://nmap.org ) at 2010-07-20 17:39 BST
Nmap scan report for slackbox.home (192.168.1.65)
Host is up (0.000034s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.5 (protocol 2.0)
37/tcp open time?
113/tcp open ident
1 service unrecognized despite returning data.
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.19 - 2.6.31
Network Distance: 0 hops
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.79 seconds
Next you just need to find your way in by exploiting a specific service. Obviously out of date or un-patched software is your best bet.
Browse this database
To see if the software versions running on the boxes you scanned have existing public exploits available.
B.You could also get this information by using a portable version of zenmap for windows (if there is one) and doesn't necessarily require a virtual machine to do the job.You probably know, but most corporate/school networks have alarms set in place looking for scans of this kind. So watch your back and don't force scan anything. (i.e: -T flag in an nmap scan to set the priority -T1 being really slow, or T5 for fast)
No comments:
Post a Comment