Hi,
Ok I'm just starting off basic as i'm new to this, i've setup a windows xp pro on my vmware, i hav not installed any services packs or updates so it should be vunerable(in an earlier post someone suggested using DVL but im not that used to linux yet). I have jus ran an aggresive scan with NMap and i it has found multiple open ports which are as follows:
135/tcp open msrpc?
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open NFS-or-IIS?
5000/tcp open upnp Microsoft Windows UPnP
Anyway I jus want to know where should I go from here? What other information do I need to aquire ? Should i find exploits for these services and try to implement them?What else should I try? Also any articles or tuts on this would be most appreciated..Thanks in advanced...Rob
Need help hacking my virtual network
Well since it's completely opened you could just enter with
\\IP\C$
just press start -> run
and then type in \\computerIP\C$
=P
Well, checking every port for exact service and version might be useful, but if it isn't patched at all you could try the vulnerability that the blaster worm used.
http://www.milw0rm.com/exploits/69
Dunno if that is the exact one that the worm used, but should work anyway =)
Also, reading up on what all the services mean could be useful as well ^^ like what they do, etc
\\IP\C$
just press start -> run
and then type in \\computerIP\C$
=P
Well, checking every port for exact service and version might be useful, but if it isn't patched at all you could try the vulnerability that the blaster worm used.
http://www.milw0rm.com/exploits/69
Dunno if that is the exact one that the worm used, but should work anyway =)
Also, reading up on what all the services mean could be useful as well ^^ like what they do, etc
"The best place to hide a tree, is in a forest"
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
to stop Microsoft DS/close port 445:
Start->Run->regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
create a new entry there:
"SMBDeviceEnabled"=dword:00000000
(the dword value is usually created as default)
to stop upnp (universal plug & play):
Start->Run->msconfig
pick the "autostart" tab and disable ssdpsrv.exe
to disable netbios:
right-click on "My Network Places"->Properties
right-click on your default connection->Properties
pick "Internet Protocol (TCP/IP)"->Properties->Advanced->WINS
disable "NetBIOS over TCP/IP"
restart your system when done.
I also disable all of the above on my system and experienced no problems yet.
msrpc is necessary for the system, disabling it would leave the system unusable. port 1025 is most likely not IIS or NFS, it is often used as local proxy by antivirus/firewall suites, best get "TCPview" from our downloads, it'll show you what program opened the port.
Start->Run->regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
create a new entry there:
"SMBDeviceEnabled"=dword:00000000
(the dword value is usually created as default)
to stop upnp (universal plug & play):
Start->Run->msconfig
pick the "autostart" tab and disable ssdpsrv.exe
to disable netbios:
right-click on "My Network Places"->Properties
right-click on your default connection->Properties
pick "Internet Protocol (TCP/IP)"->Properties->Advanced->WINS
disable "NetBIOS over TCP/IP"
restart your system when done.
I also disable all of the above on my system and experienced no problems yet.
msrpc is necessary for the system, disabling it would leave the system unusable. port 1025 is most likely not IIS or NFS, it is often used as local proxy by antivirus/firewall suites, best get "TCPview" from our downloads, it'll show you what program opened the port.
Is that a null session or is just a way to enter the system thru netbios?....cheers..robcats wrote:Well since it's completely opened you could just enter with
\\IP\C$
just press start -> run
and then type in \\computerIP\C$
=P
Well, checking every port for exact service and version might be useful, but if it isn't patched at all you could try the vulnerability that the blaster worm used.
http://www.milw0rm.com/exploits/69
Dunno if that is the exact one that the worm used, but should work anyway =)
Also, reading up on what all the services mean could be useful as well ^^ like what they do, etc
Thanks for the info badbrain.However i can't find the "TCPview" app u were referring to in the downloads section...Robbad_brain wrote:to stop Microsoft DS/close port 445:
Start->Run->regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
create a new entry there:
"SMBDeviceEnabled"=dword:00000000
(the dword value is usually created as default)
to stop upnp (universal plug & play):
Start->Run->msconfig
pick the "autostart" tab and disable ssdpsrv.exe
to disable netbios:
right-click on "My Network Places"->Properties
right-click on your default connection->Properties
pick "Internet Protocol (TCP/IP)"->Properties->Advanced->WINS
disable "NetBIOS over TCP/IP"
restart your system when done.
I also disable all of the above on my system and experienced no problems yet.
msrpc is necessary for the system, disabling it would leave the system unusable. port 1025 is most likely not IIS or NFS, it is often used as local proxy by antivirus/firewall suites, best get "TCPview" from our downloads, it'll show you what program opened the port.
-
computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
you can get if from hererobski_g wrote:
Thanks for the info badbrain.However i can't find the "TCPview" app u were referring to in the downloads section...Rob
http://www.suck-oold.com/modules.php?na ... tit&lid=32