Members Online
Total Online: 37 Web Spiders: 17
Guests Online: 33
Members Online: 4
Registered Members: 70180 Newest Member: RAWRFEARME744798
|
View Thread
| Author |
Exploits |
Bellepheron
Member
Posts: 1
Location:
Joined: 25.02.10
Rank: Apprentice |
|
Ok... so on a particular LAN that I happen to have access to, there is a particular computer that I am interested in (we'll just say that it's another one of mine). Long story short I want access to it. So after a short nmap scan I found out the following information:
Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-28 16:52 EDT
Interesting ports on 192.168.0.109:
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
21/tcp filtered ftp
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
Service Info: OS: Windows
Host scblockedript results:
|_ nbstat: NetBIOS name: *******, NetBIOS user: <unknown>, NetBIOS MAC: 00:43:20:e9:3e:63
| smb-os-discovery: Windows XP
| LAN Manager: Windows 2000 LAN Manager
| Name: MSHOME\***********
|_ System time: *******************
I tried common username/password combinations on the ftp port with no luck... I could brute force it, but I really don't want to do that as that is pretty noisy...
After googling the other ports and services, I got a rough handle on what they are and what they do. I then looked for expoits and found quite a bit. However, nowhere could I find how to use them, short of metasploit. As great of a tool as metasploit is, I would like to learn how metasploit does it (without attempting to reverse engineer it), and I would like to learn how it was done before metasploit came to be.
Please understand I am not looking for hand holding, I want to learn how to do it, not just a tutorial. I am not asking for one of you to take the next couple hours of your life to explain it to me. But possibly somebody could point me in the right direction for my journey of knowledge.
Thanks All,
Bellepheron
Edited by Bellepheron on 28-04-11 22:54 |
|
| Author |
RE: Exploits |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
You want to know how to run a scblockedript? Look, if you can't figure out how to use it by yourself, no one should/is going to tell you.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
| Author |
RE: Exploits |
starofale
Member
Posts: 213
Location: England
Joined: 05.12.07
Rank: God |
|
Look up buffer overflows.
I'm sure there is lots of information out there on writing exploits for simple programs. You'll need to learn C if you don't already know it.
Try a new search engine |
|
|
| Author |
RE: Exploits |
stealth-
Member
Posts: 998
Location: Eh?
Joined: 10.04.09
Rank: God |
|
Before Metasploit, it was just scblockedripts/compiled source code. All Metasploit does is nicely package the exploit for you and give you more freedom with it (like selecting your own payload), everything else is virtually the same. Basically, you would download a scblockedript and then run it via the command line, passing it arguments (like the I.P address you wanted to attack). You generally see "proof of concept" exploits in that form before a Metasploit plugin is made too, so it's not like an old relic of the "good 'ole days" or anything.
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com
Edited by stealth- on 29-04-11 02:15 |
|
|
| Author |
RE: Exploits |
ellipsis
Member
Posts: 114
Location:
Joined: 13.06.09
Rank: God |
|
|
Bellepheron wrote:
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Window
SMB sniffer
GNU is NOT UNIX
Edited by ellipsis on 29-04-11 10:21 |
|
|
| Author |
RE: Exploits |
garabaldi
Member
Posts: 8
Location:
Joined: 31.03.11
Rank: Active User |
|
Take a look at the types of exploits you'd use on those services, and Google them. Find out what they are exactly, and how they work. Then you can get behind the scenes of Metasploit's ease of use and really find out how things work.
Also, that's an XP machine. I can think of an exploit which would work on one of those open ports off the top of my head, if you were wondering if it's exploitable. |
|
|
|
|
|
Main:
