Follow us on Twitter!
Capitalism is an Island of wealth in a sea of poverty
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 29
Guests Online: 26
Members Online: 3

Registered Members: 82905
Newest Member: BLckLIght
Latest Articles

SSH and Nmap

Arrow Image A live example.



--------------------------------------------------------------------
||Basic Nmap Overview||
--------------------------------------------------------------------

Ok, well this is { darkside } and THIS is the first section on this article. An article that will be covering the usage of nmap the best port scanner on earth and using SSH.

Different types of scans. Fun shit.

Nmap is one of the best port scanners you could ever have.
It literally does any job you throw at it. Besides ordering pizza and such.

It also will not hack things for you.

You are responsible for coding your own exploits.

It is just a guide. To let you know your victims vulnerabilities.

Ok, so first off lets make sure you have nmap already.

You can download Nmap from Insecure.org or get it straight from DA's "Downloads" section.

You go to the DIR where Nmap is located and click on the app. z0mg it does NOT work.

You must run it via shell/terminal/command prompt.

NOTE: The syntax of an nmap scan is

nmap [Scan Type(s)] [Options] {target specification}

So first lets find a victim.

How about SmashTheStacks > Apfel server?

ONTO REQUIREMENTS!!


--------------------------------------------------------------------
||Requirements(PuTTY.exe/OpenSSH/*nix)||
--------------------------------------------------------------------

Well, first off lets understand what the term "SSH" stands for.

SSH is located on port 22.

SSH means (S)ecure (Sh)ell.

SSH is a network protocol that allows establishing a secure channel between a local and a remote computer.

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections. it can transfer files using the associated SFTP(SSH File Transfer Protocol) or SCP(Secure Copy) protocols.

To be able to connect via SSH the remote computer must have port 22 OPEN.

Let us ping a WarGame server from SmashTheStack called APFEL.

C\:> ping apfel.smashthestack.org

Pinging apfel.smashthestack.org [67.99.17.130] with 32 bytes of data:

Reply from 67.99.17.130: bytes=32 time=44ms TTL=54
Reply from 67.99.17.130: bytes=32 time=60ms TTL=54
Reply from 67.99.17.130: bytes=32 time=78ms TTL=54
Reply from 67.99.17.130: bytes=32 time=44ms TTL=54

Ping statistics for 67.99.17.130:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 78ms, Average = 56ms

[darkside@darkside ~]$ host apfel.smashthestack.org

apfel.smashthestack.org has address 67.99.17.130

To find this we will use this in a very useful program "nmap" found at >> http://insecure.org!

[darkside@darkside ~]$ nmap -v 67.99.17.130

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ )
Machine 67.99.17.130 MIGHT actually be listening on
DNS resolution of 1 IPs took 0.06s.
Initiating Connect() Scan against 67.99.17.130 [1680
Discovered open port 25/tcp on 67.99.17.130
Discovered open port 80/tcp on 67.99.17.130
Discovered open port 22/tcp on 67.99.17.130

Let us be more specific.
-p: Port Scan Selection <--very useful
-sV: Probe open ports to determine service/version info

[darkside@darkside ~]$ nmap -v -sV -p 21,22,23 67.99.17.130

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-05-21 03:11 CDT
Machine 67.99.17.130 MIGHT actually be listening on probe port 80
DNS resolution of 1 IPs took 0.02s.
Initiating Connect() Scan against 67.99.17.130 [3 ports] at 03:11
Discovered open port 22/tcp on 67.99.17.130
The Connect() Scan took 0.05s to scan 3 total ports.
Initiating service scan against 1 service on 67.99.17.130 at 03:11
The service scan took 0.07s to scan 1 service on 1 host.
Host 67.99.17.130 appears to be up ... good.
Interesting ports on 67.99.17.130:
PORT STATE SERVICE VERSION
21/tcp closed ftp
22/tcp open ssh OpenSSH 4.2 (protocol 2.0)
23/tcp closed telnet

Nmap finished: 1 IP address (1 host up) scanned in 0.658 seconds

Look for this.

PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.2 (protocol 2.0)

SSH is open.

Let us login to apfel.smashthestack.org.

To do this you will need to open terminal and type the following.

[darkside@darkside]$ ssh -l troll apfel.smashthestack.org /*You are logging in as a user called "troll" */

It will ask for a password.

Use "troll".

It will seem like nothing is happening but it is.

Your password is hidden to ensure security.

From here you are now..

troll@apfel(~):$

In PuTTY it is a bit more simple.

First open PuTTY.exe.

Then in the "Host name" section type the host you want to connect to. In our case this will be "apfel.smashthestack.org".

Select "SSH" and port "22".

Then select "Open" to open an connection.

A black PuTTY screen should appear with the text.

Login as: troll
troll@apfel.smashthestack.org's password: troll

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!Congratulations you are in.!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Once you are in apfel. Snoop around. Its a pretty cool place.

troll@apfel(~):$ cd public_html
troll@apfel(~/public_html):$ echo "TotcoS was here..." >> index.html

Well, I hope you have found this article quite helpful on learning about SSH and giving you an example.

A live example that you can learn from.

--=[ darkside totcos ]=--

PLEASE COMMENT AND RATE THIS =D

Comments

lukem_95on June 10 2007 - 13:28:16
Nice article, much better than the 'the3l3tone' guy's... he posted 3 absoloute crap filled articles :S
TotcoSon June 10 2007 - 23:27:40
well thanks Grin
sleazoidon June 10 2007 - 23:30:20
hah dude thats fucking sick:ninja:
Moonbaton June 11 2007 - 02:34:38
Very nice article, 10 out of 10.Grin
TotcoSon June 11 2007 - 03:25:30
thanks guys :happy:
SANTAon June 11 2007 - 05:58:34
nice. Finally hbh is teacing some of these web-hacker's how to root. I should post an article on Buffer Overflow! DDoS attacks. Oh well one improvement though you could have covered a method that instead of using a password you already had you actually tell them how you get it remotely. would make this article worthy of awesome but im gunna have to go with VG SANTA
TotcoSon June 11 2007 - 22:45:25
@SANTA...HBH didn't teach me how to root. google and netfish did. Why don't you go post an article on buffer overflow? And do it with prior knowledge completely without searching for how to do shit. Please. Seriously do not brag. What are you going to do with the DDoS attack article. Teach people about botnets? lmao ..goodluck
TotcoSon June 11 2007 - 22:46:29
@SANTA...HBH didn't teach me how to root. google and netfish did. Why don't you go post an article on buffer overflow? And do it with prior knowledge completely without searching for how to do shit. Please. Seriously do not brag. What are you going to do with the DDoS attack article. Teach people about botnets? lmao ..goodluck
TotcoSon June 11 2007 - 22:49:35
oh and @SANTA again. why don't you write an article covering Distributed Reflected Denial of Service and Amplified Denial of Service? lmao
Folk Theoryon June 13 2007 - 05:18:19
awesome article!!
n3w7yp3on June 14 2007 - 00:21:56
Wow, what a pathetic article. I swear to god, why are these approved?
austinatoron August 01 2008 - 17:06:42
That was a great article! ThanksGrin
ellipsison June 18 2009 - 06:08:19
it's me scotty aka totcos. i have no idea why the fuck hbh removed my points and practically forced me to make a new account, but, i'm glad y'all liked this article. minus all of the ignorant skiddie remarks.
ellipsison June 18 2009 - 06:09:34
it's me scotty aka totcos. i have no idea why the fuck hbh removed my points and practically forced me to make a new account, but, i'm glad y'all liked this article. minus all of the ignorant skiddie remarks.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.