Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 26
Members Online: 0

Registered Members: 82850
Newest Member: hardstylurr
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Page 1 of 2 1 2 >
Author

Network Security Testing

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 27-03-09 16:38
hi guys
This is my first post here so plz be nice Pfft

I just wrote a long forum post but it just disappeared Sad

anyway.. I'm pretty new to the hacking stuff, so I need some help to test the security of a public network provided by a friend of mine.
This project is about providing a guest account through wireless internet to whoever is near the public library. Since I have a lot of free time and I'm a faster learner, he decided to challenge me into hacking into his system in order to try the security out before he go 100% public.

PS. This is NOT any illegal activity, I even have a written permission signed by him to do this, so there is no risk or what so ever...

I've tried to gather info/scans from the outside but I keep hitting the firewall every time. So I asked him to provide me with a guest account which will be available for free (soon enough) for anyone who wants to connect to the network.

so getting the account and starting searching for info gave me the following results:

Port scanning @ DHCP/Gateway IP:
Address : 192.168.200.11
Name : NETLOAN
Ping .... Ok, Time : 7
Port 53 ... Ok !
Port 80 ... Ok !
Port 88 ... Ok !
Port 135 ... Ok !
Port 139 ... Ok !
Port 389 ... Ok !
Port 445 ... Ok !
Port 464 ... Ok !
Port 593 ... Ok !
Port 636 ... Ok !
Port 1067 ... Ok !
Port 3000 ... Ok !
Port 3001 ... Ok !
Port 3268 ... Ok !
14 (of 1491) open port(s) detected


UDP Scan @ DHCP/Gateway ip:
IP: 192.168.200.11 Name: NETLOAN Reply time: 8 ms Ports detected: 2 (*)
Port #53 (DNS) .. Reply: DF 11 80 01 00 00 00 00 00 00 00 00
Port #123 (NTP) .. Reply: 1C 01 00 FA 00 00 00 00 00 0A 90 74 4C 4F 43 4C CD 76 B2 8C


NB scanning @ ip range 192.168.200.1-254:
xxx.xxx.xxx.xxx (many computers who are connected to the network)
and I found this as well:

192.168.200.207 (HP13306227391) Ok (OS: NT WORKSTATION v 5.1) \\192.168.200.207\Delade dokum Disk Microsoft Windows Network 1
\\192.168.200.207\Skrivare 3 Printer Microsoft Windows Network HP LaserJet 1018 1
\\192.168.200.207\Skrivare Printer Microsoft Windows Network PDF Document Creator 1
192.168.200.208 (salvation) Ok (OS: NT WORKSTATION v 6.0)
\\192.168.200.208\Public Disk Microsoft Windows Network 1
\\192.168.200.208\Users Disk Microsoft Windows Network 1


now.. all I know so far is:
- The system runs windows
- There are a lot of open ports but none that I can telnet to and get a login screen
- I've successfully been able to ping my friends iphone who's connected to the network as well.


now the question is: where do I go from here? Pfft I can't telnet to any of the ports, even assuming that I had the password, what can I do with it? where can I enter the system from?

Your opinions are highly appreciated guys, and remembers I'm still a newbie that want's to learn, so go easy on me Grin

Thnx in advance

//D.H.

Edited by Demons Halo on 27-03-09 16:40
base_dropper@hotmail.com www.demonshalo.com
Author

RE: Network Security Testing

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 27-03-09 16:44
Check what services are running. Check what versions the services are (you can use banner grabbing).

Now, you could search for exploits using milw0rm or other security websites, you could also use frameworks like metasploit.

If you want to write your own exploit, go read source.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Network Security Testing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-09 17:51
Yeah i would do the same. Check all the services and search for exploits.
So for example on 139 there is running NetBios.
This service could be used for example to acces the files.
Search at google some string like NetBios Hack

It will give you thousends of tutorials
If it doesnt work try the other services.

Grertz
NoPax
Author

RE: Network Security Testing

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 27-03-09 17:54
thnx a lot for the answer, and great stuff btw Grin

I'll have access to the server tomorrow once again, so I'll try the milw0rm and banner grabbing asap.
I'm almost sure that the sesrver is running apache but I dunno the version of it, so banner grabbing will help me a lot.

although you're talking about writing my own exploits by reading source. What source do you mean? the apache source or... ? Pfft

cheers

//D.H.
base_dropper@hotmail.com www.demonshalo.com
Author

RE: Network Security Testing

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 27-03-09 17:59
although you're talking about writing my own exploits by reading source. What source do you mean? the apache source or... ? Pfft


Generally, people read the source of what they want to hack. If you think you have what it takes to spot flaws in a particular version of Apache, go right ahead.

NoPax, the NetBIOS example is a bit.. awkward.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s

Edited by spyware on 28-03-09 00:18
http://bitsofspy.net
Author

RE: Network Security Testing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 00:06
telnet 2 port 80, use a http get command

if u dont get a responze, ur scan is not rite... false positive

if u get a responze, ur friends n idiot


Author

RE: Network Security Testing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 00:41
@spy

Yeah i know but it schould only be an example what to do if you know the service.
It is better to write he has to se google before asking here.
Moreover I only knew that on port 139 is running NetBios so I took it as an example
Author

RE: Network Security Testing

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 28-03-09 03:18
define wrote:
telnet 2 port 80, use a http get command

if u dont get a responze, ur scan is not rite... false positive

if u get a responze, ur friends n idiot


Care to explain further why did you say that? I don't even understand the part on why is his friend's an idiot.

and Demon, if you're using Nmap for scanning, try using the packet fragmentation option from the console to get more results. To see how you can do that, just type nmap --help to see how. Just a tip, since there's a possibility that the results showed might be faked by the firewall.



img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: Network Security Testing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 14:19
If you want to scan through a firewall there is a scanning programm called Firewalk.
You can download it from packetfactory.net. It is for linux.

For all who want to know how it works.
Firewalk sends packets with special TTL values.
TTL values are calculated so that it gives back a ICMP TTL after send through the firewall.
So it scans every port and normally the result ismt faked.
Meamwhile there are a few firewalls which can block this kind of scanning

But you can try your luck xD
Author

RE: Network Security Testing

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 28-03-09 23:07
fuser wrote:
Care to explain further why did you say that? I don't even understand the part on why is his friend's an idiot.

and Demon, if you're using Nmap for scanning, try using the packet fragmentation option from the console to get more results. To see how you can do that, just type nmap --help to see how. Just a tip, since there's a possibility that the results showed might be faked by the firewall.


Thanks for all the answers so far guys.
I've been reading a lot for the last 24 hours and it seems like there are many more ways to exploit the system than I thought (which is both good and bad Pfft).

I'll for sure try the Nmap scanner, since I suspect that the results are fake.

//D.H.

Edited by Demons Halo on 28-03-09 23:10
base_dropper@hotmail.com www.demonshalo.com
Author

RE: Network Security Testing

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 28-03-09 23:09
NoPax wrote:
If you want to scan through a firewall there is a scanning programm called Firewalk.
You can download it from packetfactory.net. It is for linux.

For all who want to know how it works.
Firewalk sends packets with special TTL values.
TTL values are calculated so that it gives back a ICMP TTL after send through the firewall.
So it scans every port and normally the result ismt faked.
Meamwhile there are a few firewalls which can block this kind of scanning

But you can try your luck xD


wow xD I MUST get linux Pfft

thnx for the tip dude, I really appreciate it!

//D.H.

Edit:
Btw.. Do you have any idea where I can get such a program for windows? since it will be a while until I get my hand on a new laptop with linux OS (and get used to it).

Edited by Demons Halo on 28-03-09 23:12
base_dropper@hotmail.com www.demonshalo.com
Author

RE: Network Security Testing

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 28-03-09 23:12
Demons Halo wrote:
wow xD I MUST get linux Pfft

thnx for the tip dude, I really appreciate it!
//D.H.


You're on a hacking website, you shouldn't be so excited about Linux. Be casual about it, be cool about it.

Go, fucking, learn it.

Also; stop signing your posts with //D.H. manually, just edit your profile and put it in your signature if it means that much to you.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Network Security Testing

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 28-03-09 23:16
spyware wrote:
Demons Halo wrote:
wow xD I MUST get linux Pfft

thnx for the tip dude, I really appreciate it!
//D.H.


You're on a hacking website, you shouldn't be so excited about Linux. Be casual about it, be cool about it.

Go, fucking, learn it.

Also; stop signing your posts with //D.H. manually, just edit your profile and put it in your signature if it means that much to you.


I am fucking learning it xD... I must have windows atm cause my school runs windows and I need to keep studying??!?

also, I like writing //D.H. Signatures mess up layout!

Edit: //D.H. (L)

Edited by Demons Halo on 28-03-09 23:17
base_dropper@hotmail.com www.demonshalo.com
Author

RE: Network Security Testing

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 29-03-09 00:12
Hate to break the news to you there Demons Halo, But installing and learning linux doesn't make you any better of a hacker than someone using windows or mac. It always the person behind the OS. I have firewalk and really not to impressed with it, prefer to use Nmap.



i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Network Security Testing

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 29-03-09 00:23
korg wrote:
Hate to break the news to you there Demons Halo, But installing and learning linux doesn't make you any better of a hacker than someone using windows or mac.


I disagree with this. Just installing Linux doesn't make you a better hacker, no, but if you actually learn to use it (the right way), it will "open" your mind.

It always the person behind the OS.


Agreed, but if that person takes the time to install and learn Linux, he/she is a better hacker than the person that won't do this and sticks with OSx/Windows. Always.

I have firewalk and really not to impressed with it, prefer to use Nmap


You have to use the right tool for the right job. Nmap is a very general, broad scan. Firewalking can be used to, for example, check what device is returning what message (ie. "port 80 is closed"Wink.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Network Security Testing

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 29-03-09 00:39
korg wrote:
installing and learning linux doesn't make you any better of a hacker than someone using windows or mac.

Installing linux makes your penis 15 cm longer and also turns all your water into coca cola. Instantly.


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Network Security Testing

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 29-03-09 00:42
Spy you know exactly what I'm saying about linux, kid's think that they just install and hack. You can open your mind by thinking.
There are plug-ins for Nmap command line that can do alot more than the gui version.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Network Security Testing

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 29-03-09 00:44
Uber0n wrote:
Installing linux makes your penis 15 cm longer


WHAT? Mine never did???


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Network Security Testing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-03-09 03:39
korg wrote:
Uber0n wrote:
Installing linux makes your penis 15 cm longer


WHAT? Mine never did???


HAHAHA! You guys are great.

@op, korg is right that gui is almost always lacking when compared to command line options. If you're going to choose the gui anyway, you might look into nessus...but both nmap and nessus are better from a command line.




Edited by on 29-03-09 03:42
Author

RE: Network Security Testing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-03-09 06:16
MoshBat wrote:
Uber0n wrote:
korg wrote:
installing and learning linux doesn't make you any better of a hacker than someone using windows or mac.

Installing linux makes your penis 15 cm longer


Only because my background is Avril Lavigne.


Michelle Branch, ftw.


Page 1 of 2 1 2 >