[cartman]

so, i've a shell on the ip xx.xx.xx.xx and i've the user/pass administrator

With the cmd "net view" I've this result

Server Name Remark

------------------------------------
\\PC1
\\PC2
\\PC3
\\PC4
....
The command completed successfully.

how can i obtain access to the other pc on the lan from my shell ?????


Thx for your help and sorry for my bad english ;)

[ArEs]

first u xan try cracking the admin password...maybe all pcs have the same ...second of cause scan vor vulns on network ( enough threads atm discussing that)

[Milka]

or when you have domain pass try psexec :)

You can download it @ http://www.sysintern...iles/psexec.zip

easy using :)

for example:

psexec \\ip -u Administrator -p password cmd

[tibbar]

several methods. 1) use pwdump to get that machines admin pwd hash, then bruteforce it and hope the other pcs use the same admin pwd --> psexec

2) install two shells on this pc, set one shell up to listen remotely on port xxx and then use the other shell to run lsass exploit on the other pc on the net. hopefully you will get a shell on the nc listener.

3) look for netbios shares on the other pcs, and hope for one that does not require authentication and has write access to c. then install a trojan in their startup folder and wait.

4) scan the other pcs, maybe they have a weak ftp pass etc.

5) if 1,2,3,4 fail, install a packet sniffer on this pc. then log all packets during the morning login time, and snatch the hashes that way (assuming its a network login), if not then hope to catch some hashes used to authenticate to the fileserver.

[tibbar]

that depends on the situation. on some firms, only one pc has full internet access, and the others are tunnelled on port 80. in this situation, to gain access to the rest of the lan, you must work from "remote remote" shells.

[globey]

i sugjust u try this:
install radmin on the pc u got access
then install lanscanner (find @ google) and scan the rang like that:
123.12.1.*
just the last numebrs.
then u see the comuter with the shring on the lan.

[Stephen79]

ipconfig /all :D

see the setup of the sytem and from there, you know the gateway (internet server), the IP Class, if they use a DNS server or static IPs, and as most places use a set IP scheme, you can easily find the rage for the servers, client pc's, printers and routers.

From there, just explore.

[DougieShiney]

psexec.. .. normally good one to use or even netbios or radmin

[crackie]

you can use every inet exploit even via lan . most of the boxes in big lans like edu or inet provider havnt secured lan intern :) they only block the hacking ports from out of lan