So now what?
-
- Fame ! Where are the chicks?!
- Posts: 212
- Joined: 26 Mar 2006, 16:00
- 18
- Location: Infinite Loop
- Contact:
So now what?
Using Megaping i've aquired the available (open) ports as well as risk level, no net bios data available tough
so now if i want to break in what do i do/use
so now if i want to break in what do i do/use
Well I suppose
Well I suppose the next step would be to Telnet one of the open ports and find out whats running for example telnet the ip on port 21 find what FTP Server its running...
Then do your research and pray you don't get caught
Then do your research and pray you don't get caught
- bad_brain
- Site Owner
- Posts: 11638
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
hehe...yeah nerdz, that sentence made me laugh too...
sorry eppik, but there are 2 things you misunderstood:
this program only can tell you the services available to the outside, like any other portscanner...it can´t tell you anything about all the services running on the box, and this leads to point 2:
let´s say there is an intrusion detection system like Snort running to the box, this service is running internally then, so "megaping" wouldn´t be able to knowledge it.....and therefore a risk assessment is impossible...
I use Snort, and no matter what port you would try to intrude by exploiting the service running behind it: you would be logged...
so I would really recommend to learn about the networking basics first and experiment on a home network...keeps you away from trouble...
sorry eppik, but there are 2 things you misunderstood:
this program only can tell you the services available to the outside, like any other portscanner...it can´t tell you anything about all the services running on the box, and this leads to point 2:
let´s say there is an intrusion detection system like Snort running to the box, this service is running internally then, so "megaping" wouldn´t be able to knowledge it.....and therefore a risk assessment is impossible...
I use Snort, and no matter what port you would try to intrude by exploiting the service running behind it: you would be logged...
so I would really recommend to learn about the networking basics first and experiment on a home network...keeps you away from trouble...
-
- Fame ! Where are the chicks?!
- Posts: 212
- Joined: 26 Mar 2006, 16:00
- 18
- Location: Infinite Loop
- Contact:
so after i have aquired a service runing on a vuln port what do i do?
like i found a port 21 FTP service open for example, now what?
____________________________________________________________
also i found this prog in download.com: http://www.download.com/HTTPort/3000-21 ... ag=lst-0-8
it says it bypasses firewalls and proxys etc..
like i found a port 21 FTP service open for example, now what?
____________________________________________________________
also i found this prog in download.com: http://www.download.com/HTTPort/3000-21 ... ag=lst-0-8
it says it bypasses firewalls and proxys etc..
port fuxer
eppik,
Just because you have found an open port it doesn't mean you get a free walk. By looking at the open ports on the IP you are scanning you try to determine the OS/NOS (operating system, win2k/nix). After you determine the OS, you determine the version of software, is it a windows 2k advanced server or is it an old unix server. The idea is you need a unpatched server to use a exploit you found on the internet or through your own study.
If you found a IIS 5.0 .2 server, you can use a SEARCH ENGINE to look for nfo on it "IIS 5.0.2" and "Exploits" or "Advisories" "Vulnerability" even go to the company website for its technical reading material like Microsoft Knowledge Base.
Don't get so focused on ports, the ports are only a part of the machine.
You will do the same with the banners you obtain in a port scan like "EMAIL Quaker Version 2.4 running" so SEARCH for nfo on it..
Banners may be turned off btw.
Remember ports and machines are limited in what they can perform for you. Do you know what port 21 is good for? Port 25? Port 80?
Those are the basic questions I ask for you - lookup or explain what those ports are for, and we may continue..
DNR
Just because you have found an open port it doesn't mean you get a free walk. By looking at the open ports on the IP you are scanning you try to determine the OS/NOS (operating system, win2k/nix). After you determine the OS, you determine the version of software, is it a windows 2k advanced server or is it an old unix server. The idea is you need a unpatched server to use a exploit you found on the internet or through your own study.
If you found a IIS 5.0 .2 server, you can use a SEARCH ENGINE to look for nfo on it "IIS 5.0.2" and "Exploits" or "Advisories" "Vulnerability" even go to the company website for its technical reading material like Microsoft Knowledge Base.
Don't get so focused on ports, the ports are only a part of the machine.
You will do the same with the banners you obtain in a port scan like "EMAIL Quaker Version 2.4 running" so SEARCH for nfo on it..
Banners may be turned off btw.
Remember ports and machines are limited in what they can perform for you. Do you know what port 21 is good for? Port 25? Port 80?
Those are the basic questions I ask for you - lookup or explain what those ports are for, and we may continue..
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
You did get them right. But what the guys here are tryin' to say is that there are several different applications that could be running that server behind that port, and each of those applications would have different exploits, so that megaping program you have isn't gonna help you much.
¯\_(ツ)_/¯ It works on my machine...
-
- Fame ! Where are the chicks?!
- Posts: 212
- Joined: 26 Mar 2006, 16:00
- 18
- Location: Infinite Loop
- Contact:
ok so starting that each port has its own exploits (like 21=ftp and the qotd service, smtp, etc...)
and i telnet into those ports and i find a service running how do i know wich exploits to use and how do i use them?
should i use that program...whats its name...atacker or something that checks a host for exploits?
and i telnet into those ports and i find a service running how do i know wich exploits to use and how do i use them?
should i use that program...whats its name...atacker or something that checks a host for exploits?
Well, first i must say that that's not really hacking, but that is one way you could go about it. Using one's program without knowing how it does what it does isn't hacking. However, that's ok, because as long as you're still learning something from this, it's not a waste, as long as you start to learn how to program your own programs, or at least learn what is happening when these programs do what they do. Anyways, another way is to go to a website and search for vulnerabilities for the specified application. Try http://securityfocus.com/
¯\_(ツ)_/¯ It works on my machine...
Hi guys I just recently signed up to the forum. Looks of great interest to me
To answer your question eppik...
If you have found out that the server you want access to has specific ports open (Port: 21, 80, 25), you will then need to do some scanning. You will need to find out what OS (Operating System) the server is using, what services it is running (if it's a Windows server) and what we can do to get out of them! It's basically a process of narrowing down, or stripping. You strip the server to find out every possibility of gaining access to it. The more you find out, the more you can narrow it down to manipulate it!
So lets say we have scanned the server and know that it is running Apache version 1.3.26. If you don't know what Apache is, literally ask google! (Google SHOULD be your best friend).
http://www.google.co.uk/search?hl=en&q= ... ache&meta=
Also, if you DON'T know how to do such scans of finding out versions and so on. There are tools out there! One great tool is GFI LANguard Network Security Scanner. This will list all open ports on the server and versions of applications running on it. It will also tell you what OS the server is running!
Ok so the server is running Apache and we want to find how we can use this to our advantage to actually do something!
Well what we could do is go to http://www.securiteam.com which has an entire database of exploits and search up apache 1.3.26. This will then give us a list of exploits available for us to use on our server. You can google "exploits" without quotation marks to get LOTS more exploits. There are different exploits for different Operating Systems (as they run different applications and services.
"Wait", you say.
What is an exploit?
GOOGLE IT!
http://www.google.co.uk/search?hl=en&q= ... loit&meta=
I'm not going to go into detail on how to use these exploits as I would be here all day, but I hope this helps some or even more people!
Thanks guys, I shall see you around
To answer your question eppik...
If you have found out that the server you want access to has specific ports open (Port: 21, 80, 25), you will then need to do some scanning. You will need to find out what OS (Operating System) the server is using, what services it is running (if it's a Windows server) and what we can do to get out of them! It's basically a process of narrowing down, or stripping. You strip the server to find out every possibility of gaining access to it. The more you find out, the more you can narrow it down to manipulate it!
So lets say we have scanned the server and know that it is running Apache version 1.3.26. If you don't know what Apache is, literally ask google! (Google SHOULD be your best friend).
http://www.google.co.uk/search?hl=en&q= ... ache&meta=
Also, if you DON'T know how to do such scans of finding out versions and so on. There are tools out there! One great tool is GFI LANguard Network Security Scanner. This will list all open ports on the server and versions of applications running on it. It will also tell you what OS the server is running!
Ok so the server is running Apache and we want to find how we can use this to our advantage to actually do something!
Well what we could do is go to http://www.securiteam.com which has an entire database of exploits and search up apache 1.3.26. This will then give us a list of exploits available for us to use on our server. You can google "exploits" without quotation marks to get LOTS more exploits. There are different exploits for different Operating Systems (as they run different applications and services.
"Wait", you say.
What is an exploit?
GOOGLE IT!
http://www.google.co.uk/search?hl=en&q= ... loit&meta=
I'm not going to go into detail on how to use these exploits as I would be here all day, but I hope this helps some or even more people!
Thanks guys, I shall see you around
gogeta70, you took the words right out of my mouth when you posted http://www.securiteam.com
links DB
Few more tips for the n00b,
1. google is ok, but don't rely on one search engine. Build a DB of search engines from all over the world so you can truly search the net for text, sploits, codes, and tools.
http://c0vertl.tripod.com/search.htm
__ links found on that page___
AltaVista
ByteSearch
AOL Netfind
Ask Jeeves
Lycos
Infoseek
ICQiT
DefenseLink
WebTop.com
ProFusion
Northern Light
MSN
Megacrawler
Infind
Go 2 Net
HotBot
Go Network
Electronic Search
iSleuth
Metacrawler
Metafind
Magellan
DisInformation
Canada.com
Excite
Highway 61
800go
OneSeek
Proteus
WebTV
Search.com
Debriefing
37.com
Mamma
LookSmart
infomak
Dogpile
Yahoo
Webcrawler
i-won
Planet Search
Whatuseek
Snap
myGO
Netscape Search
Search Engines located in other countries
Algeria
Argentina
Armenia
Australia
Austria
Bahrain
Bangladesh
Belarus
Belgium
Belize
Bolivia
Bosnia
Brazil
Britain (A-M)
Britain (N-Z)
Bulgaria
Cambodia
Canada (A-K)
Canada (L-Z)
Chile
China
Colombia
Costa Rica
Croatia
___ List EDITED ___
USA (M-R)
USA (S-T)
USA (U-Z)
Uruguay
Venezuela
Vietnam
Yemen
Yugoslavia
Zimbabwe
__ End links found on webpage__
You can see the wealth of nfo that can be searched for, language translation may be a hindrance, but you'll find most file names are in plain english.
Plus I also use Copernic as it crawls multiple search engine DBs. Copernic Agent is free, and older versions can be cracked for full version.
2.For toolz and sploits also have a large directory of sites that lists vulns, sploits, and advisories, including microsoft's own website. I collect every hacking/security site I visit and use them for research when someone mentions a keyword or tool needed..
I would post those links here, but I earned them..
DNR
1. google is ok, but don't rely on one search engine. Build a DB of search engines from all over the world so you can truly search the net for text, sploits, codes, and tools.
http://c0vertl.tripod.com/search.htm
__ links found on that page___
AltaVista
ByteSearch
AOL Netfind
Ask Jeeves
Lycos
Infoseek
ICQiT
DefenseLink
WebTop.com
ProFusion
Northern Light
MSN
Megacrawler
Infind
Go 2 Net
HotBot
Go Network
Electronic Search
iSleuth
Metacrawler
Metafind
Magellan
DisInformation
Canada.com
Excite
Highway 61
800go
OneSeek
Proteus
WebTV
Search.com
Debriefing
37.com
Mamma
LookSmart
infomak
Dogpile
Yahoo
Webcrawler
i-won
Planet Search
Whatuseek
Snap
myGO
Netscape Search
Search Engines located in other countries
Algeria
Argentina
Armenia
Australia
Austria
Bahrain
Bangladesh
Belarus
Belgium
Belize
Bolivia
Bosnia
Brazil
Britain (A-M)
Britain (N-Z)
Bulgaria
Cambodia
Canada (A-K)
Canada (L-Z)
Chile
China
Colombia
Costa Rica
Croatia
___ List EDITED ___
USA (M-R)
USA (S-T)
USA (U-Z)
Uruguay
Venezuela
Vietnam
Yemen
Yugoslavia
Zimbabwe
__ End links found on webpage__
You can see the wealth of nfo that can be searched for, language translation may be a hindrance, but you'll find most file names are in plain english.
Plus I also use Copernic as it crawls multiple search engine DBs. Copernic Agent is free, and older versions can be cracked for full version.
2.For toolz and sploits also have a large directory of sites that lists vulns, sploits, and advisories, including microsoft's own website. I collect every hacking/security site I visit and use them for research when someone mentions a keyword or tool needed..
I would post those links here, but I earned them..
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.