Which port to hack?
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Which port to hack?
I have been playing around a bit with a port scanner. I understand that one can not hack via #21 or #80 TCP ports. However, I have noticed that usually port #110 and #25 are open if not any other like #35.
So through what port is it possible to hack? WHat program is there for one to use?
So through what port is it possible to hack? WHat program is there for one to use?
port scan and hacks
Remember that 'hack' is a broadly defined term.
Ports are open depending on what the computer is set up for, for example a mail server may not have port 80 open, but it will have port 25 (SMTP) open. A web server will certainly have port 80 (HTTP) open, but a smart sysadmin will turn off the other ports.
Different ports have different hacks:
http://c0vertl.tripod.com/ref/portref.html
You can use telnet to communicate with ports 21 and 25. There are other software that can assist you. Use a port reference or port scan reply to figure out what software is running the port and what its exploits are.
read more here :
http://c0vertl.tripod.com/dntext.htm
DNR
Ports are open depending on what the computer is set up for, for example a mail server may not have port 80 open, but it will have port 25 (SMTP) open. A web server will certainly have port 80 (HTTP) open, but a smart sysadmin will turn off the other ports.
Different ports have different hacks:
http://c0vertl.tripod.com/ref/portref.html
You can use telnet to communicate with ports 21 and 25. There are other software that can assist you. Use a port reference or port scan reply to figure out what software is running the port and what its exploits are.
read more here :
http://c0vertl.tripod.com/dntext.htm
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
fingerprinting
port scanning is only a part of the process called Fingerprinting. What you should be doing is scanning that IP subnet to determine the size of the network you are 'intruding' on. You will also analyze the machines you locate based on ports open, services running, NOS/OS versions. You cannot begin to search for an 'exploit' until you find the machine that holds the prize, like a db server, the webserver or sysadmin console. Trying to hack a webserver maybe useless when the personal nfo you are after is stored on another server. Exploits are specific to types of machines, software, and its version. You can't use a hack on IIs version 2.4 that only works on the unpatched 2.3 version. A cisco hack aint going to work on a brick router.
Harmless hacking is port scanning and scanning subnet IP ranges to identify all the machines in the network. You read the banners and ports to determine the machine's use. When you encounter a password required login, thats usually best to stop there. Trying to crack the system or otherwise DoS it will piss off the sysadmin and perhaps get lawyers sicc'ed on you.
more later?
DNR
Harmless hacking is port scanning and scanning subnet IP ranges to identify all the machines in the network. You read the banners and ports to determine the machine's use. When you encounter a password required login, thats usually best to stop there. Trying to crack the system or otherwise DoS it will piss off the sysadmin and perhaps get lawyers sicc'ed on you.
more later?
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Hey, thanks DNR for that insightfull post. I am very much concerned where does the breach of legality occure. I guess if you are just scaning for ports and/or conecting to the webserver with out any thing else is completlly legal.
That is what I have been doing so far and I doubt really that I would go any further than that. I realize that the biger the company the harder and more dangerous it is to hack into. So I have been scaning small bookstores and the likes.
I do not know how to scan the IP subnet. I am using Nscan from Necrosoft.
I also did not understand what you meant by:
"You can't use a hack on IIs version 2.4 that only works on the unpatched 2.3 version. A cisco hack aint going to work on a brick router."
That is what I have been doing so far and I doubt really that I would go any further than that. I realize that the biger the company the harder and more dangerous it is to hack into. So I have been scaning small bookstores and the likes.
I do not know how to scan the IP subnet. I am using Nscan from Necrosoft.
I also did not understand what you meant by:
"You can't use a hack on IIs version 2.4 that only works on the unpatched 2.3 version. A cisco hack aint going to work on a brick router."
fingerprint 2
get the IP of your target,
do a whois on the IP to find out who owns the network and it will also tell you what IP range is assigned to that company usually like 198.78.38.255
198.78.38 of the IP range is fixed, but they can have 198.78.38.0 to 198.78.38.255. So thats the range you want to scan for their network devices, you'll find routers, servers, printers, and desktop machines.
Port scanning can be a challenge, you'll find some cute sysadmin that will name their servers, or some that are smart and have ports closed or hide port daemon banners so you'll have to guess what OS and version is running. I have scanned military networks and others, the only problem I had was running HTTP script to check for vulnerabilities open on the Bank of Jamaica network lol. Use Proxies on sensitive networks, or just dont do them from home.
You basically want to be good at mapping out a network (fingerprinting). I save some SMTP servers that allow spoofing email off their port 25 (hard to find these days due to spammers using them)
Go overseas to try cracking servers to stay off the Fed lists. Korea lately has paxcomm routers handling their internet that are still using default admin logins (let me know if ya find one..)
More l8t3r
DNR
do a whois on the IP to find out who owns the network and it will also tell you what IP range is assigned to that company usually like 198.78.38.255
198.78.38 of the IP range is fixed, but they can have 198.78.38.0 to 198.78.38.255. So thats the range you want to scan for their network devices, you'll find routers, servers, printers, and desktop machines.
Port scanning can be a challenge, you'll find some cute sysadmin that will name their servers, or some that are smart and have ports closed or hide port daemon banners so you'll have to guess what OS and version is running. I have scanned military networks and others, the only problem I had was running HTTP script to check for vulnerabilities open on the Bank of Jamaica network lol. Use Proxies on sensitive networks, or just dont do them from home.
You basically want to be good at mapping out a network (fingerprinting). I save some SMTP servers that allow spoofing email off their port 25 (hard to find these days due to spammers using them)
Go overseas to try cracking servers to stay off the Fed lists. Korea lately has paxcomm routers handling their internet that are still using default admin logins (let me know if ya find one..)
More l8t3r
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
fingerprinting, part three
You want to keep a list of websites that keep upto date vulnerabilities and exploits, my favorite is packetstorm. But research other sites like antionline, the antivirus sites, and even good old microsoft tech site.
I am good at microsoft product hacking, but I can work a AS400, Novell, and some nix server OS. You'll have to pick an area to start, you either want to be good at cracking nix or MS.
I use Sam spade, GFI, Nmap, and some times just plain old telnet to grep banners off port 21 and 25. Read about the daemons that control those ports so you know what to do at the prompts.
I like to spoof email off port 25, but many sysadmins restrict it to users that belong to that network.
To use your telnet program:
Click on START, and Select RUN...
Type TELNET in the dialog box and press Enter
The TELNET program starts....
At the top, Select TERMINAL, a menu opens....
Choose PREFERENCES, a dialog box opens, you see Terminal Options, Emulation, etc
Make sure there is a Check Mark in the box for ENABLE LOCAL ECHO, buffer should be 25, and Emulation should be VT-100/ANSI
Click on the OK button, the dialog box closes..
At the top, Select CONNECT, a menu drops down, Select REMOTE SYSTEM, a dialog box opens...
You see a box with HOST NAME, PORT, TERMTYPE...
In the HOST NAME, you can enter any web server that allows Mail Relay,* (www.whateverworks.com) you can use IP number
>>> In the PORT, clear the box, and enter the numbers 25, <<<<<
Default is port 21 FTP.
The TERMTYPE should be VT100...
Click on the button CONNECT
OK! If you Connected to a Server , you should see something like :
220 gnr.u2me3.com ESMTP Sendmail 8.9.3/8.9.3; Mon, 31 Jan 2000 01:45:38 -0500
>>gnr.u2me3.com is the server you connected to, ESMTP Sendmail is the >>daemon Mail program..8.9.3 is the version of the software. Search for >>exploits like "ESMTP Sendmail 8.9.3"
TYPE IN THE LINES AS SHOWN, except use what ever you like as the fake sender, and who you want to send the mail to. I used President/Whitehouse.gov and my E-mail address for this example..
MAIL FROM: President@whitehouse.gov, hit enter
you might see :
250 President@Whitehouse.gov... Sender ok
RCPT TO: C0VERTl@Excite.com, hit enter
you might see:
250 C0VERTl@excite.com... Recipient ok
>>> If you make it this far, this usually means you got in!!!<<<
type DATA, hit enter
you might see:
354 Enter mail, end with "." on a line by itself
>>> Some will not say anything...<<<
TYPE IN YOUR MESSAGE, its ok to hit enter for the next line
I wrote:
I want to appoint you to be the Supreme Being of the Internet, I will Pay you
$2,000,000,000.00 a Year, plus all the free internet time you want
please reply to this offer soon
President GW Pussy
When Finished, put a "." period on a line by itself, hit enter..
you might see:
250 BAA07042 Message accepted for delivery
Exit from the Telnet program, or to send another mail, start at the top again.
>>>Note, avoid errors because you cannot use back space to go back and type over. Also, some servers may not show you the greeting, or the stuff ' you might see ' above.
DNR
I am good at microsoft product hacking, but I can work a AS400, Novell, and some nix server OS. You'll have to pick an area to start, you either want to be good at cracking nix or MS.
I use Sam spade, GFI, Nmap, and some times just plain old telnet to grep banners off port 21 and 25. Read about the daemons that control those ports so you know what to do at the prompts.
I like to spoof email off port 25, but many sysadmins restrict it to users that belong to that network.
To use your telnet program:
Click on START, and Select RUN...
Type TELNET in the dialog box and press Enter
The TELNET program starts....
At the top, Select TERMINAL, a menu opens....
Choose PREFERENCES, a dialog box opens, you see Terminal Options, Emulation, etc
Make sure there is a Check Mark in the box for ENABLE LOCAL ECHO, buffer should be 25, and Emulation should be VT-100/ANSI
Click on the OK button, the dialog box closes..
At the top, Select CONNECT, a menu drops down, Select REMOTE SYSTEM, a dialog box opens...
You see a box with HOST NAME, PORT, TERMTYPE...
In the HOST NAME, you can enter any web server that allows Mail Relay,* (www.whateverworks.com) you can use IP number
>>> In the PORT, clear the box, and enter the numbers 25, <<<<<
Default is port 21 FTP.
The TERMTYPE should be VT100...
Click on the button CONNECT
OK! If you Connected to a Server , you should see something like :
220 gnr.u2me3.com ESMTP Sendmail 8.9.3/8.9.3; Mon, 31 Jan 2000 01:45:38 -0500
>>gnr.u2me3.com is the server you connected to, ESMTP Sendmail is the >>daemon Mail program..8.9.3 is the version of the software. Search for >>exploits like "ESMTP Sendmail 8.9.3"
TYPE IN THE LINES AS SHOWN, except use what ever you like as the fake sender, and who you want to send the mail to. I used President/Whitehouse.gov and my E-mail address for this example..
MAIL FROM: President@whitehouse.gov, hit enter
you might see :
250 President@Whitehouse.gov... Sender ok
RCPT TO: C0VERTl@Excite.com, hit enter
you might see:
250 C0VERTl@excite.com... Recipient ok
>>> If you make it this far, this usually means you got in!!!<<<
type DATA, hit enter
you might see:
354 Enter mail, end with "." on a line by itself
>>> Some will not say anything...<<<
TYPE IN YOUR MESSAGE, its ok to hit enter for the next line
I wrote:
I want to appoint you to be the Supreme Being of the Internet, I will Pay you
$2,000,000,000.00 a Year, plus all the free internet time you want
please reply to this offer soon
President GW Pussy
When Finished, put a "." period on a line by itself, hit enter..
you might see:
250 BAA07042 Message accepted for delivery
Exit from the Telnet program, or to send another mail, start at the top again.
>>>Note, avoid errors because you cannot use back space to go back and type over. Also, some servers may not show you the greeting, or the stuff ' you might see ' above.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Thanks again! One thing that I think that I need to mention is that you probablly think that I am from America and that I am going to target big Government and millitary facilities.
Well first of all I am from a central European country called Slovenia. I hope it is not going to hurt me some time in the future of telling you that. I am not 16 year old looking to hack into Pentagon but a 25 year old trying to learn more about the places that I go to. For instance I have been scaning a local movie theater in order to try and learn more about it's computer networks and stuff. THat is what is exciting to me because in a way you can go where they wont allow a visitor to go to.
I am going to look into this and I am going to tell you what I found out. I have been using putty but I will try telnet now.
Well first of all I am from a central European country called Slovenia. I hope it is not going to hurt me some time in the future of telling you that. I am not 16 year old looking to hack into Pentagon but a 25 year old trying to learn more about the places that I go to. For instance I have been scaning a local movie theater in order to try and learn more about it's computer networks and stuff. THat is what is exciting to me because in a way you can go where they wont allow a visitor to go to.
I am going to look into this and I am going to tell you what I found out. I have been using putty but I will try telnet now.
- bad_brain
- Site Owner
- Posts: 11638
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
very good posts DNR...
just one comment:
the "xxx" displays the host adress-part for the computers in the network:
Class A: -127.xxx.xxx.xxx //24 bit for the network adresses
Class B: 128-191.yyy.xxx.xxx //16 bit for the network adress
Class C: 192-223.yyy.yyy.xxx //8 bit for the network adress
in a personal network the part which displays the network-adresses can be set by using the submask: 255.255.255.0 for example means only 8 bit is the adress range within the network (16bit for 255.255.0.0 and so on).
the submask divides the IP into the network adress-part and the part which identifies the hosts within this network, for example:
192.222.222.101 /255.255.255.0 means 192.222.222 is the network adress and 101 is the ID of the host,
192.222.222.101 /255.255.0.0 means 192.222 is the network adress and 222.101 is the host ID.
in any kind of network the 255 for the last 8 bit (192.224.244.255 for example) is not the adress of a specific host, it´s the so-called broadcast adress, when you send a request to 192.222.222.255 it will not contact a specific host, it will send the request to all hosts in the network.
just one comment:
what part of the adress is the fixed network ID depends on the the IP class.what IP range is assigned to that company usually like 198.78.38.255
198.78.38 of the IP range is fixed, but they can have 198.78.38.0 to 198.78.38.255
the "xxx" displays the host adress-part for the computers in the network:
Class A: -127.xxx.xxx.xxx //24 bit for the network adresses
Class B: 128-191.yyy.xxx.xxx //16 bit for the network adress
Class C: 192-223.yyy.yyy.xxx //8 bit for the network adress
in a personal network the part which displays the network-adresses can be set by using the submask: 255.255.255.0 for example means only 8 bit is the adress range within the network (16bit for 255.255.0.0 and so on).
the submask divides the IP into the network adress-part and the part which identifies the hosts within this network, for example:
192.222.222.101 /255.255.255.0 means 192.222.222 is the network adress and 101 is the ID of the host,
192.222.222.101 /255.255.0.0 means 192.222 is the network adress and 222.101 is the host ID.
in any kind of network the 255 for the last 8 bit (192.224.244.255 for example) is not the adress of a specific host, it´s the so-called broadcast adress, when you send a request to 192.222.222.255 it will not contact a specific host, it will send the request to all hosts in the network.
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Thanks for that in detali post about IP adresses. I had no idea. Is there a site with all of this sort of information because I would love to look at it.
I would probablly want to get good at hacking MS since I use it and do not know much about Linux. However, before I get there does any one know any free resource where I could learn to use Ethereal and Sam Spade?
I would probablly want to get good at hacking MS since I use it and do not know much about Linux. However, before I get there does any one know any free resource where I could learn to use Ethereal and Sam Spade?
- FrankB
- Ph. D. in Sucko'logics
- Posts: 315
- Joined: 06 Mar 2006, 17:00
- 18
- Location: Belgistahn
- Contact:
Hello,
1) IP stuff :
http://en.wikipedia.org/wiki/IPv6
http://en.wikipedia.org/wiki/IPv4
2) www.samspade.org , geektools.com
3) goOgle : "search lores" , that will occupy you a couple of years in reading
HTH!
--
FrankB
the n00b of that other n00b.
1) IP stuff :
http://en.wikipedia.org/wiki/IPv6
http://en.wikipedia.org/wiki/IPv4
2) www.samspade.org , geektools.com
3) goOgle : "search lores" , that will occupy you a couple of years in reading
HTH!
--
FrankB
the n00b of that other n00b.