war games
-
microwavez
- Newbie
- Posts: 3
- Joined: 07 Apr 2009, 16:00
- 15
war games
I have been a member for quite a while but i dont have any experience hacking websites like the wargames ones can someone help set me up with a list of stuff needed and a step by step process thanx
here are a few tips:
You are expected to identify the server OS, its version, and any applications running on the server. Applications can be ports open.
You then investigate weaknesses related to this specific setup.
The main key here is following the instructions for the wargame "objective" - DoS or crashing the server is not a valid objective.
DNR
You are expected to identify the server OS, its version, and any applications running on the server. Applications can be ports open.
You then investigate weaknesses related to this specific setup.
The main key here is following the instructions for the wargame "objective" - DoS or crashing the server is not a valid objective.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
microwavez
- Newbie
- Posts: 3
- Joined: 07 Apr 2009, 16:00
- 15
hope this helps a bit.well lets put tools aside for a second.
A lot of answers can be obtained through normal 'internet activity' - like simply using a web browser to visit the target website. You can view the source code of the webpage with notepad. You can also find information leakage in the page itself - like copyright logos could hint on what software they are running. On this very page you can look at the bottom right corner and see the "Forums" copyright logo- click on it..
For banner grabbing - you can use a tool you already have in windows - you can telnet to ports that you 'guess' (why scan ports 0-49000) like ports used for email, FTP, and of course port 80 HTTP. Computers are meant to respond to each other - so what you are doing is looking for a valid banner. A banner is given out in the handshake when computers connect, its there for troubleshooting- but other wise it is just a bad leak of nfo.
This is an example of a banner seen on port 25 (SMTP)
nmap can automate the scanning for you and even try to predict the Operating System and version for you (does not always work)
Your best bet is build up knowledge of how things work - a webserver, email host, FTP host and scan the popular vuln sites for the latest 0day (if you see it posted - its not 0day)
DNR
A lot of answers can be obtained through normal 'internet activity' - like simply using a web browser to visit the target website. You can view the source code of the webpage with notepad. You can also find information leakage in the page itself - like copyright logos could hint on what software they are running. On this very page you can look at the bottom right corner and see the "Forums" copyright logo- click on it..
For banner grabbing - you can use a tool you already have in windows - you can telnet to ports that you 'guess' (why scan ports 0-49000) like ports used for email, FTP, and of course port 80 HTTP. Computers are meant to respond to each other - so what you are doing is looking for a valid banner. A banner is given out in the handshake when computers connect, its there for troubleshooting- but other wise it is just a bad leak of nfo.
This is an example of a banner seen on port 25 (SMTP)
The information is damaging because now you can use google to look up exploits for this particular version of Sendmail. Banners can be spoofed by the sysadmin or just not shown.220 gnr.XXXXXX.com ESMTP Sendmail 8.9.3/8.9.3 Fri, 24 Jul 2009 01:45:38 -0500
nmap can automate the scanning for you and even try to predict the Operating System and version for you (does not always work)
Your best bet is build up knowledge of how things work - a webserver, email host, FTP host and scan the popular vuln sites for the latest 0day (if you see it posted - its not 0day)
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.