Only 2 Open Ports
- Broken Angel
- Fame ! Where are the chicks?!
- Posts: 432
- Joined: 05 Jul 2010, 04:58
- 13
- Contact:
Only 2 Open Ports
I know the questions cannot be too direct but I cannot help it. One of the websites that I want to play with only has 2 ports open.
80 and 443 and this really looks tight... How to go ahead...
?????
80 and 443 and this really looks tight... How to go ahead...
?????
God Blessed Me With Forgiveness And I Forgive You With My Revenge...!
-Broken Angel
-Broken Angel
- Broken Angel
- Fame ! Where are the chicks?!
- Posts: 432
- Joined: 05 Jul 2010, 04:58
- 13
- Contact:
Re: Only 2 Open Ports
BTW KALI ROLLING SUCKS TO THE CORE.
ALL HAIL FOR BACKTRACK
Edit 1: Wow loved using all CAPS after ages to flame an OS rofl...
ALL HAIL FOR BACKTRACK
Edit 1: Wow loved using all CAPS after ages to flame an OS rofl...
God Blessed Me With Forgiveness And I Forgive You With My Revenge...!
-Broken Angel
-Broken Angel
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Only 2 Open Ports
well, that's http and https, that's pretty much the maximum ports you can expect of a web server...^^
in case you meant the server has just those 2 ports open: possible it's a dedicated web server only, but usually you should expect at least ftp being available if end-users have access to it and it's shared hosting.
doing a full range port scan will help, maybe they simply run their other services on unassigned ports.
in case you meant the server has just those 2 ports open: possible it's a dedicated web server only, but usually you should expect at least ftp being available if end-users have access to it and it's shared hosting.
doing a full range port scan will help, maybe they simply run their other services on unassigned ports.
- Broken Angel
- Fame ! Where are the chicks?!
- Posts: 432
- Joined: 05 Jul 2010, 04:58
- 13
- Contact:
Re: Only 2 Open Ports
Found 6 domains hosted on the same web server as
Yeah it sure is a dedicated server. All the domains hosted are of the same company... now going for the full scan...
nmap rules lol...
Yeah it sure is a dedicated server. All the domains hosted are of the same company... now going for the full scan...
nmap rules lol...
God Blessed Me With Forgiveness And I Forgive You With My Revenge...!
-Broken Angel
-Broken Angel
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Only 2 Open Ports
http://www.yougetsignal.com/tools/web-s ... eb-server/" onclick="window.open(this.href);return false;
- Broken Angel
- Fame ! Where are the chicks?!
- Posts: 432
- Joined: 05 Jul 2010, 04:58
- 13
- Contact:
Re: Only 2 Open Ports
Sorry was out of town... want me to post results with the name of the site of just pm you for educational purposes???
God Blessed Me With Forgiveness And I Forgive You With My Revenge...!
-Broken Angel
-Broken Angel
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Only 2 Open Ports
feel free to post it, nothing illegal about that.
- Broken Angel
- Fame ! Where are the chicks?!
- Posts: 432
- Joined: 05 Jul 2010, 04:58
- 13
- Contact:
Re: Only 2 Open Ports
Found 6 domains hosted on the same web server as parallelkingdom.com (199.91.251.30).
parallelkingdom.com
pk3.parallelkingdom.com
pk4.parallelkingdom.com
pkadmin.perblue.com
play.parallelkingdom.com
http://www.parallelkingdom.com" onclick="window.open(this.href);return false;
parallelkingdom.com
pk3.parallelkingdom.com
pk4.parallelkingdom.com
pkadmin.perblue.com
play.parallelkingdom.com
http://www.parallelkingdom.com" onclick="window.open(this.href);return false;
God Blessed Me With Forgiveness And I Forgive You With My Revenge...!
-Broken Angel
-Broken Angel
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Only 2 Open Ports
ewww.....Microsoft server.
- Broken Angel
- Fame ! Where are the chicks?!
- Posts: 432
- Joined: 05 Jul 2010, 04:58
- 13
- Contact:
Re: Only 2 Open Ports
Yeah they do have a Microsoft server but then I was looking for some exploits on Metasploit and couldnt find any there... any help with the same???
Also even if I find something will I need an Open Port or something???
Also even if I find something will I need an Open Port or something???
God Blessed Me With Forgiveness And I Forgive You With My Revenge...!
-Broken Angel
-Broken Angel
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Only 2 Open Ports
of course, an open port means there is a service listening for connections, without an open port there is no service running...and where is nothing there is also nothing to exploit.
best is to run a full range port scan, because many services either use unassigned ports* or can be adjusted to use ports different than the default.
a full range scan is of course far from being stealth....
* unassigned ports are ports 1024 and up.
best is to run a full range port scan, because many services either use unassigned ports* or can be adjusted to use ports different than the default.
a full range scan is of course far from being stealth....
* unassigned ports are ports 1024 and up.
Re: Only 2 Open Ports
I will assume that you have legal rights to "play around", have a written contract with this "customer" and so on.
So ...
You could do a full port scan as b_b suggested, and hope they have some other services running.
You will however most likely have much more success in checking for "stuff" in the web application or the web server.
Example: parallelkingdom.com/ProbablyDoesNotExist
You'll get a 404-message, from which we can see that they are most likely running an IIS 6 server.
IIS 5 and up to 8 (sometimes 8.5 as well in rare cases) are in 9/10 cases vulnerable to the shortname enumeration attack.
https://github.com/irsdl/IIS-ShortName-Scanner" onclick="window.open(this.href);return false;
This tool will most likely be able to give you the short version names of all the files and folders in the web root directory structure.
From that you can guess or brute force other names, bla bla etc.
Your first step is never "attack" or "look for exploits", it's always a full scale reconnaissance.
This way you will be able to choose the best course of action instead of picking the "first best one".
Other "relatively passive" steps would be to run your browser through the Burp proxy (a very good tool) and have it passively scan for vulnerabilities while you casually browse the website.
So ...
You could do a full port scan as b_b suggested, and hope they have some other services running.
You will however most likely have much more success in checking for "stuff" in the web application or the web server.
Example: parallelkingdom.com/ProbablyDoesNotExist
You'll get a 404-message, from which we can see that they are most likely running an IIS 6 server.
IIS 5 and up to 8 (sometimes 8.5 as well in rare cases) are in 9/10 cases vulnerable to the shortname enumeration attack.
https://github.com/irsdl/IIS-ShortName-Scanner" onclick="window.open(this.href);return false;
This tool will most likely be able to give you the short version names of all the files and folders in the web root directory structure.
From that you can guess or brute force other names, bla bla etc.
Your first step is never "attack" or "look for exploits", it's always a full scale reconnaissance.
This way you will be able to choose the best course of action instead of picking the "first best one".
Other "relatively passive" steps would be to run your browser through the Burp proxy (a very good tool) and have it passively scan for vulnerabilities while you casually browse the website.
"The best place to hide a tree, is in a forest"