So now what?

For beginners, flames not allowed...(just by the staff :P)
eppik
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 212
Joined: 26 Mar 2006, 16:00
18
Location: Infinite Loop
Contact:

So now what?

Post by eppik »

Using Megaping i've aquired the available (open) ports as well as risk level, no net bios data available tough

so now if i want to break in what do i do/use

User avatar
maboroshi
Dr. Mab
Dr. Mab
Posts: 1624
Joined: 28 Aug 2005, 16:00
19

Well I suppose

Post by maboroshi »

Well I suppose the next step would be to Telnet one of the open ports and find out whats running for example telnet the ip on port 21 find what FTP Server its running...

Then do your research and pray you don't get caught ;)

eppik
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 212
Joined: 26 Mar 2006, 16:00
18
Location: Infinite Loop
Contact:

Post by eppik »

Dont worry have you ever used megaping?

whel it says what services are runing. also the danger of using these ports

User avatar
Nerdz
The Architect
The Architect
Posts: 1127
Joined: 15 Jun 2005, 16:00
19
Location: #db_error in: select usr.location from sucko_member where usr.id=63;
Contact:

Post by Nerdz »

eppik wrote: whel it says what services are runing. also the danger of using these ports
lol...
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11638
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:

Post by bad_brain »

hehe...yeah nerdz, that sentence made me laugh too... :lol:

sorry eppik, but there are 2 things you misunderstood:
this program only can tell you the services available to the outside, like any other portscanner...it can´t tell you anything about all the services running on the box, and this leads to point 2:
let´s say there is an intrusion detection system like Snort running to the box, this service is running internally then, so "megaping" wouldn´t be able to knowledge it.....and therefore a risk assessment is impossible...
I use Snort, and no matter what port you would try to intrude by exploiting the service running behind it: you would be logged...

so I would really recommend to learn about the networking basics first and experiment on a home network...keeps you away from trouble... :wink:

eppik
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 212
Joined: 26 Mar 2006, 16:00
18
Location: Infinite Loop
Contact:

Post by eppik »

so after i have aquired a service runing on a vuln port what do i do?

like i found a port 21 FTP service open for example, now what?
____________________________________________________________

also i found this prog in download.com: http://www.download.com/HTTPort/3000-21 ... ag=lst-0-8

it says it bypasses firewalls and proxys etc..

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:

port fuxer

Post by DNR »

eppik,

Just because you have found an open port it doesn't mean you get a free walk. By looking at the open ports on the IP you are scanning you try to determine the OS/NOS (operating system, win2k/nix). After you determine the OS, you determine the version of software, is it a windows 2k advanced server or is it an old unix server. The idea is you need a unpatched server to use a exploit you found on the internet or through your own study.
If you found a IIS 5.0 .2 server, you can use a SEARCH ENGINE to look for nfo on it "IIS 5.0.2" and "Exploits" or "Advisories" "Vulnerability" even go to the company website for its technical reading material like Microsoft Knowledge Base.
Don't get so focused on ports, the ports are only a part of the machine.
You will do the same with the banners you obtain in a port scan like "EMAIL Quaker Version 2.4 running" so SEARCH for nfo on it..
Banners may be turned off btw.
Remember ports and machines are limited in what they can perform for you. Do you know what port 21 is good for? Port 25? Port 80?
Those are the basic questions I ask for you - lookup or explain what those ports are for, and we may continue..

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

eppik
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 212
Joined: 26 Mar 2006, 16:00
18
Location: Infinite Loop
Contact:

Post by eppik »

whel port 21 and 80 are basic

21=FileTransferProtocol service

80=html used in webservers also used is 8080

port 25 is....let me check...

ah

25=smtp - simple mail transfer protocol


did i ge'em right?

User avatar
Gogeta70
^_^
^_^
Posts: 3275
Joined: 25 Jun 2005, 16:00
19

Post by Gogeta70 »

You did get them right. But what the guys here are tryin' to say is that there are several different applications that could be running that server behind that port, and each of those applications would have different exploits, so that megaping program you have isn't gonna help you much.
¯\_(ツ)_/¯ It works on my machine...

User avatar
FrankB
Ph. D. in Sucko'logics
Ph. D. in Sucko'logics
Posts: 315
Joined: 06 Mar 2006, 17:00
18
Location: Belgistahn
Contact:

Post by FrankB »

eppik wrote:whel port 21 and 80 are basic
Not basic but assigned
check IANA.org

--

FrankB,$_

eppik
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 212
Joined: 26 Mar 2006, 16:00
18
Location: Infinite Loop
Contact:

Post by eppik »

ok so starting that each port has its own exploits (like 21=ftp and the qotd service, smtp, etc...)

and i telnet into those ports and i find a service running how do i know wich exploits to use and how do i use them?

should i use that program...whats its name...atacker or something that checks a host for exploits?

User avatar
Gogeta70
^_^
^_^
Posts: 3275
Joined: 25 Jun 2005, 16:00
19

Post by Gogeta70 »

Well, first i must say that that's not really hacking, but that is one way you could go about it. Using one's program without knowing how it does what it does isn't hacking. However, that's ok, because as long as you're still learning something from this, it's not a waste, as long as you start to learn how to program your own programs, or at least learn what is happening when these programs do what they do. Anyways, another way is to go to a website and search for vulnerabilities for the specified application. Try http://securityfocus.com/
¯\_(ツ)_/¯ It works on my machine...

Madness
Newbie
Newbie
Posts: 5
Joined: 12 May 2006, 16:00
18

Post by Madness »

Hi guys I just recently signed up to the forum. Looks of great interest to me :)

To answer your question eppik...

If you have found out that the server you want access to has specific ports open (Port: 21, 80, 25), you will then need to do some scanning. You will need to find out what OS (Operating System) the server is using, what services it is running (if it's a Windows server) and what we can do to get out of them! It's basically a process of narrowing down, or stripping. You strip the server to find out every possibility of gaining access to it. The more you find out, the more you can narrow it down to manipulate it!

So lets say we have scanned the server and know that it is running Apache version 1.3.26. If you don't know what Apache is, literally ask google! (Google SHOULD be your best friend).

http://www.google.co.uk/search?hl=en&q= ... ache&meta=

Also, if you DON'T know how to do such scans of finding out versions and so on. There are tools out there! One great tool is GFI LANguard Network Security Scanner. This will list all open ports on the server and versions of applications running on it. It will also tell you what OS the server is running!

Ok so the server is running Apache and we want to find how we can use this to our advantage to actually do something!

Well what we could do is go to http://www.securiteam.com which has an entire database of exploits and search up apache 1.3.26. This will then give us a list of exploits available for us to use on our server. You can google "exploits" without quotation marks to get LOTS more exploits. There are different exploits for different Operating Systems (as they run different applications and services.

"Wait", you say.

What is an exploit?

GOOGLE IT!

http://www.google.co.uk/search?hl=en&q= ... loit&meta=

I'm not going to go into detail on how to use these exploits as I would be here all day, but I hope this helps some or even more people!

Thanks guys, I shall see you around :)

Madness
Newbie
Newbie
Posts: 5
Joined: 12 May 2006, 16:00
18

Post by Madness »

gogeta70, you took the words right out of my mouth when you posted http://www.securiteam.com :lol:

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:

links DB

Post by DNR »

Few more tips for the n00b,

1. google is ok, but don't rely on one search engine. Build a DB of search engines from all over the world so you can truly search the net for text, sploits, codes, and tools.

http://c0vertl.tripod.com/search.htm

__ links found on that page___

AltaVista
ByteSearch

AOL Netfind

Ask Jeeves

Lycos

Infoseek

ICQiT

DefenseLink

WebTop.com

ProFusion

Northern Light

MSN

Megacrawler
Infind
Go 2 Net

HotBot

Go Network

Electronic Search

iSleuth

Metacrawler

Metafind

Magellan

DisInformation

Canada.com

Excite

Highway 61

800go

OneSeek

Proteus

WebTV

Search.com
Debriefing
37.com

Mamma

LookSmart

infomak

Dogpile

Yahoo

Webcrawler

i-won

Planet Search

Whatuseek

Snap

myGO

Netscape Search


Search Engines located in other countries


Algeria

Argentina

Armenia

Australia

Austria

Bahrain

Bangladesh

Belarus

Belgium

Belize

Bolivia

Bosnia

Brazil

Britain (A-M)

Britain (N-Z)

Bulgaria

Cambodia

Canada (A-K)

Canada (L-Z)

Chile

China

Colombia

Costa Rica

Croatia

___ List EDITED ___

USA (M-R)

USA (S-T)

USA (U-Z)

Uruguay

Venezuela

Vietnam

Yemen

Yugoslavia

Zimbabwe
__ End links found on webpage__

You can see the wealth of nfo that can be searched for, language translation may be a hindrance, but you'll find most file names are in plain english.

Plus I also use Copernic as it crawls multiple search engine DBs. Copernic Agent is free, and older versions can be cracked for full version.

2.For toolz and sploits also have a large directory of sites that lists vulns, sploits, and advisories, including microsoft's own website. I collect every hacking/security site I visit and use them for research when someone mentions a keyword or tool needed..

I would post those links here, but I earned them..

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

Post Reply