How I Hacked Scammers with whole windows server takeover by RDP

Basavaraj Banakar
4 min readDec 9, 2020

--

Hii InfoSec and non InfoSec Community Welcome To my first article about how i hacked scammers(Who makes fruad things online i.e Ripping of money), scamming online with their fake websites,

Myself an BugBounty Hunter and CTF player and Ethical Hacker(Not certified yet)….

As Usual Morning when i wake up i came across an message by my friend ,he given an website lets call it as ‘scammers.com’(i can’t mention original website because of some issues) He said they ripped one of my Friend money and said to hack it. i said I will give a try 😉.. and fired up my burp with chrome and opened scammers.com

Login Page

Tried default Credentials and checked Js files nothing worked☹️..

I got to Know they are using aspx and Backend server is windows.

Then I fired up and SQLi payload i.e admin’or’1=1 — in both the username and password Field. HopeFully i got an syntax error in Response😎 but didnt accessed panel😟.

Now i tried Blind sqli Payload i.e ‘WAITFOR DELAY ‘0:0:10’ —

Boom(Dont get offended by this word😂) i got delay in the response of 10 Seconds. Now its time for automation with SQLMAP, I have copied whole response in a text file and made an command “sqlmap -r req.txt — level=5 — risk=3 — os-shell” by this request i got an os-shell 😅

Now I felt much happier Now😆

Wait, This is not the end(Picture abhi bahut baaki hai), Now i suddenly checked ip adress by ipconfig (5.9.xx.xx) and suddenly checked for open ports in my local machine with nmap i got 80,443,3389(mainly) and other some non useful ports are open ,

wait 3389 for RDP now i am much interested , next i cross verified with my RDP Application with my windows machine, And it asked for credentials

Now i dont have credentials to Login, what next🤔, Now i again gone to sqlmap shell i entered whoami command And I got Response as nt authority\system i was totally shocked that time..😲

Now i have ip adress, port, High level user… what next??

Next step is resetting password of Administrator🤣🤣, Next used my Windows previlage escalation skills ..

Entered This command i.e “net user Administrator new-password” hitted enter and i got response as

Next i feel much excited and Fired my rdp application and entered ip, And Logged in As administrator user .And i successfully logged in as administrator

Now its time to check files.. on the RDP, they have hosted around 45–50 Fake websites. To Rip Money from people

The END Of The Story

I Hope you guys have enjoyed the article :)…

Stay safe offline and online also.

If there are spelling mistakes please avoid them 😂

Follow me on

Instagram : https://instagram.com/basu_banakar

Twitter : https://twitter.com/basu_banakar

Thank You All …..

Small Tip for scammers: Never Use poor Configurations on Server😂

--

--