| Author |
RE: how can i add a payload to this? |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
First of all, you're not supposed to post the addresses to sites you've hacked or plan on hacking.
This just looks like you found a site that's vulnerable to that exploit, downloaded the exploit, and used it (which is something that any idiot can do). It also looks like you don't know what you're doing. It tells you that your hacked site/server has a bindshell port open on 8029 now, so open up netcat and connect to it.
Or go read some more about rooting so that when you come across a vulnerability, you know how to exploit said vulnerability without getting busted. 
(Oh, and I'm not exactly a rooting expert, so if you want legitimate help with rooting, you'll have to ask someone else.) 
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
 
|
| Author |
RE: how can i add a payload to this? |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
I'm sorry if I made you upset. Regardless of how you feel about my post, the point is the same: Learn more.
Until you know everything, you should always want to learn more. 
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
|
| Author |
RE: how can i add a payload to this? |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
Maybe read up on netcat. Try to learn how it deals with connections and what causes it to close unexpectedly. Pretty much, if you want an answer, you can find it. All it requires is effort and patience on your part.
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
|
| Author |
RE: how can i add a payload to this? |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
"I have said: 'Blow out the lamp! Day is here!' And you keep saying: 'Give me a lamp so I can find the day.'" -- Frank Herbert
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
|
| Author |
RE: how can i add a payload to this? |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
|
jelmer wrote:
if i now connect to it with netcat it immidiatly disconnects :/
Post what you're actually trying... not just that you're trying it. Also, go ahead and try telnet with the optional port argument to connect to that address. Example:
telnet ip_address port
Post the full results of each command or, if you can't do that, take screenshots of what you see when the command fails.
Oh, and internal IP address ranges are okay, I agree... They wouldn't do any good to anyone outside of the network, anyways. Internal ranges:
10.x.x.x
127.x.x.x (loopback)
172.16.x.x - 172.32.x.x
192.168.x.x
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
| Author |
RE: how can i add a payload to this? |
AldarHawk
The Manager
Posts: 1662
Location: Canada
Joined: 26.01.06
Rank: God |
|
Though I like the bickering back and forth here I will chip in here.
This looks like an internal pen test yes. Your problem lays within your method. You are sitting in a box looking out. Try it from the other perspective. Look at what you want to achieve, think of ways to get there, pick one of the paths you come up with. If that fails try another one. Again as Skunk has stated, patience is needed in testing for security holes.
Also learn what the milw0rm scblockedript is actually doing. This will help you learn what you need to do next. Learn how it is making this exploit happen. Once you know how this is happening you will then be able to draw conclusions into how to make it work to your favour. If you do not have the patience to complete this then you should go to www.skoty.org and nominate yourself for an award.
Also please note that I am not here to tell you how to do shit. That is how people learn in school. This is not school. I will guide you and I will help you along the way with help and tips. I will not give you an answer. Research, learn, prove that you need guidance. If you do you will get some. Otherwise, read read read as it states all over this site. To learn the most of anything you must pick it apart and learn from it. If all you want to do is learn to hack and be able to exploit things then you are not in it for the right reasons.
Please read up on exactly what you are attempting to do an then you will learn (or come up with) ways to finish your thoughts and get things done. Without wisdom you are nothing but a poorly written book.
|
  
|
| Author |
RE: 2 cents |
d0m14n
Member
Posts: 40
Location: Hell
Joined: 28.10.08
Rank: Monster |
|
yes i also agree with skunk if your doing an internal pentest and you have to ask for help you dont belong doing it have someone who knows more do it i mean shit u wanted to add a shellcode to an exploit that quite obviously already spit you a shell
im not saying that your dumb!
im not saying your a n00b
i am saying that you must google everything read learn to program a little
but seriously leave the actually pen tests up to a professional
fuck i didnt even perform our tests at work i let someone way better than me do it even though my ego said i know i can do it
i may have missed something then im responsible
so good luck in rooting its fun 
-- Fixed quadruple post. MoshBat
insecurity at its best
Lead, follow, or get the
* fuck out of the way.
(\_/)
(='.' )
(" )_(" )
^^ Add the bunny to your sig, one day he will rule the world!
Comptia a+/Net+
perl,html,c#,c++,visualbasic.net,
Edited by on 23-01-09 18:42 |
|
|
| Author |
RE: respect |
d0m14n
Member
Posts: 40
Location: Hell
Joined: 28.10.08
Rank: Monster |
|
ok listen i get in trouble alot don't post the targets period
and if you want ldap you can use a nice tool coded in perl its at sourceforge
and if its windows 2000 letting you do a null bind you can use a tool from microsoft to view the different nodes
and actually u can also enumerate users on 2000 and figure out if their passwords are blank or not theres also a nice bruteforce function
much like xss ldap is viewed a non writable which isnt entirely true
so admins usually over look it that and snmp
so this tool basically eats up misconfigured domain contollers and then
u move on to the next step gaining access then elevating your privleges
i'm not gonna go in my repository and get the tool names and commands beacuse i'm not spoon feeding you
pm me with the portscan results and ill tell you what u need to do
insecurity at its best
Lead, follow, or get the
* fuck out of the way.
(\_/)
(='.' )
(" )_(" )
^^ Add the bunny to your sig, one day he will rule the world!
Comptia a+/Net+
perl,html,c#,c++,visualbasic.net,
Edited by d0m14n on 23-01-09 20:11 |
|
|
| Author |
RE: how can i add a payload to this? |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
jelmer wrote:
You have been warned because: posting links to places you want to hack
but it was internal!! 
moshbat wrote:
Well, politely argue your case. Not to me, to Cheese. It was his decision.
And by the way, as the Site Owner, his word is final.
Zephyr_Pure wrote:
Oh, and internal IP address ranges are okay, I agree... They wouldn't do any good to anyone outside of the network, anyways. Internal ranges:
10.x.x.x, 127.x.x.x (loopback), 172.16.x.x - 172.32.x.x, 192.168.x.x
There are times that people should be warned, and there are times that they should not. Judgment must be made on what is and is not proper behavior by staff... however, some sensibility would help in the decision. I already pleaded the case for why it was not a warnable offense earlier in the thread, and that still holds true.
In no way, shape, or form can an internal IP address be a viable target for anyone on this site to pursue other than the person that is actually on the network.
In that respect, the rule is invalid here and he should've never been warned. I'm removing his warn because, ultimately, the Site Owner is not always right. if he wants to reverse it, that is his choice. I do what I know is right.
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
| Author |
RE: hey |
d0m14n
Member
Posts: 40
Location: Hell
Joined: 28.10.08
Rank: Monster |
|
good one zeph i like to see when you are fair i knew you werent just an evil dictator lol!!!
insecurity at its best
Lead, follow, or get the
* fuck out of the way.
(\_/)
(='.' )
(" )_(" )
^^ Add the bunny to your sig, one day he will rule the world!
Comptia a+/Net+
perl,html,c#,c++,visualbasic.net,
|
|
|
| Author |
RE: how can i add a payload to this? |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
Zephyr's always fair. Usually people who get punished a lot tend to think that the punishments aren't fair...
All these guys are absolutely right, and I still stand by my advice: Go learn. When you actually learn about how vulnerabilities work, then it's generally pretty easy for you to exploit that vulnerability in more than one way.
And if you're trying to learn about rooting, hit me up on MSN cause I think I'm about to start learning more about it too.
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
|
| Author |
RE: how can i add a payload to this? |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
What the fuck is this? His Nmap revealed his target. This shit should be locked. If the OP wishes to learn, he needs to come back -WITHOUT- scblockedript kiddie shit. A decent question deserves a decent response. This deserves a lock.
scblockedript kiddie. A kid who uses scblockedript without knowing what it exactly does, how it does it and what happens when it runs. A scblockedript kiddie. This is what it means.
Edit: Oh and THANK YOU, HBH, for introducing a stupid filter. Way to remove the capital letter "S" from scblockedript using that idiotic excuse of a filter. Just saying.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert
Edited by spyware on 24-01-09 00:38 |
|
|
| Author |
RE: how can i add a payload to this? |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
@Spy:
He didn't reveal his target. If you read the whole thread then you'd know that it's an internal ip.
@OP:
Still though, maybe you shouldn't have posted all that nmap bullshit in the thread. The link was a much better idea. Go edit your nmap output post and tell people to view the link instead.
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
|
| Author |
RE: how can i add a payload to this? |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
Skunkfoot wrote:
@Spy:
He didn't reveal his target. If you read the whole thread then you'd know that it's an internal ip.
TRACEROUTE (using port 21/tcp)
HOP RTT ADDRESS
1 0.00 10.150.108.3
2 ... 5 no response
6 0.00 Edited when you mentioned it in your first post in this thread. - Zeph
I read things.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert
Edited by Zephyr_Pure on 24-01-09 00:47 |
|
|
Main:
