Remote Installing VNC
Ok, this is just a mini tutorial on installing VNC on a remote Windows XP Machine. Well, VNC is a free utility to remotely control another computer.
A remote Windows XP Pro / NT4 / 2000 / 2003
RealVNC version 3.3.x. download here.
PSExec to let us execute programs from the remote target machine. It's a freeware from Sysinternals
Administrator rights to the remote PC. Look, I'm assuming you have admin rights to the pc because you own it or the owner gave you his/her administrator account. Or you sniffed/cracked it's password, that's bad.
Install VNC on your computer
1. Download and Install RealVNC. Make sure to enable these options during installation
Register VNC Server as a system service
Start the VNC system service
2. Enter your password when asked. This password is the same thing that you'll be using on the remote computer.
1. Unzip in a directory of your choice.
2. Run cmd
3. Go to the directory of the PSExec. Now, then let's start the Installation of VNC on the chosen remote Computer
change "TargetIP" by the remote computer's name or its IP address.
change "username" to administrator's username
change "password" to administrator's password
4. Login to the remote computer. Type
net use \\TargetIP\IPC$ /user:username password
5. Copy the needed files from your computer to the target. Type
xcopy "C:\Program Files\RealVNC\*.*" "\\TargetIP\C$\Program Files\RealVNC\*.*" /r/i/c/h/k/e
6. Export registry settings to the remote computer.
regedit /e "\\TargetIP\C$\vncdmp.txt" "HKEY_LOCAL_MACHINE\Software\ORL"
7. Use PSExec tool to import vncdmp.txt file into the remote computer's registry (Make sure your in the PSExec directory).
psexec \\TargetIP -s -i -d %windir%\regedit /s C:\vncdmp.txt
8. Install the program remotely
psexec \\TargetIP -s -i -d "C:\Program Files\RealVNC\WinVNC\winvnc.exe" -install
9. Remote Start the service
psexec \\TargetIP -s -i -d net start "VNC Server"
10. Test if you can connect using your winvnc "C:\Program Files\RealVNC\VNCViewer.exe"
Hack that Officemate's Yahoo Password and Listen to YM Conversations
Let's admit it, living on that cubicle of yours could be a really boring sometimes, especially if you've got nothing to do. So today i thought of something productive (evil grin) I'll just listen to "my friend's" network activity. So I downloaded and installed Cain.
Well, Cain was primarily used as password recovery tool for windows, "by sniffing the network" (again evil grin). So there you get it, we'll sniff network traffics from his IP to other IPs in the network.
1. After installing and firing up Cain, click configure in the menu at the Sniffer Tab, select your network card (the one with your local IP address e.g. 192.168.x.x) see Fig. 1.
2. At the APR Tab select "Use Spoofed IP and MAC Address", make sure no one is using the the IP that you'll assign. Check on "Pre-Poison ARP caches". Select "Use ARP Reply Packets". See Fig 2.
3. Click OK to close the configuration dialog. Go to "Sniffer Tab" you'll be presented with blank entries, we'll fill this up. Activate the "sniffer" then click on "add to list" you'll be presented with the mac address scanner dialog. Choose "select all tests" then OK. Hopefully the list will be filled up with the list of computers in the network. (Fig 3)
4. Under the Sniffer Tab, there are 5 Tabs at the bottom left of the screen Go to APR tab, Click on "add to list". On the left Side Select "your friend's IP address" and on the right side select "all". Click OK. The purpose of this is to hijack IP traffic between your friend's IP address and all the Workstation in the network using APR (ARP Poison Routing). 5. Now well start the APR and we'll wait for about an hour on the passwords tab (still under the sniffer tab). You'll be surprised at how much information you sniffed in a day. At the passwords Tree:
SMB is where windows authentication takes place, copy the LM Hash and crack it using rainbow tables or you can go to http://plain-text.info/ and submit the LM Hash in this format: User:1005:8196125517b9a963c4c969dcfe9557d0:78d01226ac09447a11e53215ae363c2e:::
where 819...c2e is the LM Hash that you've got. They can quickly crack the password for you in less than an hour.
Telnet is where all the IM conversations go. well if you're lucky and your friend is running messenger you'll get some of the conversations while other parts of the message is encrypted.
HTTP is where all well, http authentication go, Username/Password/the URL etc.
6. Well, that's it for now, and just use caution in using this tool.
I can't help but notice people on news-sites (Slashdot, LiveJournal) scramble for First Post! Annoying really. Anyway I finally had the chance to have the first post, well off course its my blogsite so...
First Post! (Boobies!)