Follow us on Twitter!
Ideas are far more powerful than guns.
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 19
Guests Online: 17
Members Online: 2

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Page 2 of 2 < 1 2
Author

RE: Network Security Testing

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 29-03-09 11:32
penis size does not have a thing to do with the topic guys Pfft

but anyway.. I've installed Linux a couple of times and I know how to use it, but I like windows cause it's easier to navigate through!

Although I'm sure that if you learn Linux the right way, you'll be able to understand how systems work a lot better, since all the creative ppl that are designing programs often use Linux.

I'm not saying installing Linux will make me a better hacker, but it will certainly grant me a larger number of tools I can play with when I'm practicing hacking, comparing to windows that is...

//D.H.
base_dropper@hotmail.com www.demonshalo.com
Author

RE: Network Security Testing

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 31-03-09 15:29
I've been off for a couple of days, but now I'm back Grin

Nmap gave me some interesting results that you guys might help me out with!

Not shown: 64979 closed ports

PORT STATE SERVICE VERSION
53/tcp open domain Microsoft DNS
80/tcp open http Microsoft IIS webserver 6.0
88/tcp open kerberos-sec Microsoft Windows kerberos-sec
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
791/tcp open unknown?
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1041/tcp open msrpc Microsoft Windows RPC
1067/tcp open msrpc Microsoft Windows RPC
1073/tcp open msrpc Microsoft Windows RPC
3000/tcp open kerberos-sec Microsoft Windows kerberos-sec
3001/tcp open nessus?
3268/tcp open ldap
3269/tcp open tcpwrapped
3389/tcp open microsoft-rdp Microsoft Terminal Service

Device type: general purpose|media device

Running (JUST GUESSING) : Microsoft Windows 2003|XP|2000|PocketPC/CE (98%), Microsoft embedded (90%)

Aggressive OS guesses: Microsoft Windows Server 2003 SP1 or SP2 (98%), Microsoft Windows Server 2003 SP1 (94%), Microsoft Windows Server 2003 R2 SP1 (94%), Microsoft Windows XP Professional SP2 (93%), Microsoft Windows Server 2003 (93%), Microsoft Windows Server 2003 SP2 (91%), Microsoft Windows XP Professional SP2 (German) (91%), Microsoft Windows XP Professional SP2 or Windows Server 2003 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows 2000 or Server 2003 SP1 (91%)

No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop


This looks a lot better than the previous one indeed Grin Nmap (L)

aiight, I've tried banner grabbing over TCP port 80 by telnetting but it seems like i get a BAD REQUEST no matter what command I use Pfft which makes the port 80 pretty useless...

now I'm searching through the net for information about the ports and some known exploits, but it seems like all the ports are pretty covered :/
I'm able to connect to all the ports through telnet, but I don't get any answer back no matter what command I enter :/

I'm searching atm through milw0rm for something that might be helpful.

any other ideas that might be helpful ?? Pfft

remember that I'm running windows so the programs mentioned earlier is not going to help me unless there is a windows version Pfft

thnx for all the answers so far!!

//D.H.


Edit: scanning the machines connected to the network (the owners machines) gave me the following result:

PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
4000/tcp open remoteanything

Edit 2: Port 4000 is used by a program called: Remote-Anything. I downloaded the program and tried to connect to the remote PC. The thing is that with a trial version the only password you can use is trial, and the default admin pass is a blank password bar. So I tried to connect to the PC but I think it was my fucking crap shit vista firewall that blocked the connection or it was refused by the pc. I could not figure out the reason for this :/

If I'm going to install linux, what version would you guys recommend for a windows user? the most important thing is that it must have a graphic interface!

Edited by Demons Halo on 31-03-09 18:06
base_dropper@hotmail.com www.demonshalo.com
Author

RE: Network Security Testing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-03-09 20:59
It is running IIS 6 so thats not realy secure.

here you have an exploit
http://seclists.org/fulldisclosure/2005/Apr/0412.html

and one at milw0rm
http://www.milw0rm.com/exploits/3965

Than you shpuld check all the other services if that one doesn't work.

But I think remote anything will be a possibility to hack.
You can try to download a cracked version of it at torrentz.com
or some other sites.

Than write a programm which will bruteforce it. But that could take a while to bruteforce =)

edit/
I would try to search for exploits all the Microsoft Services. They are normally always vulnerably.




Edited by on 31-03-09 21:02
Author

RE: Network Security Testing

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 31-03-09 21:24
NoPax wrote:
It is running IIS 6 so thats not realy secure.

Really?


here you have an exploit
http://seclists.org/fulldisclosure/2005/Apr/0412.html

This is a prank, I think that the shell code was rm -fr /


and one at milw0rm
http://www.milw0rm.com/exploits/3965


And DoS sucks


Than you shpuld check all the other services if that one doesn't work.

But I think remote anything will be a possibility to hack.
You can try to download a cracked version of it at torrentz.com
or some other sites.

Than write a programm which will bruteforce it. But that could take a while to bruteforce =)

edit/
I would try to search for exploits all the Microsoft Services. They are normally always vulnerably.


Have a look into rpc port 135, if it's running SP2 it should be vulnerable.
Also yeah you can btforce rdp, there are some decent bruteforcers out there, but it's rather time lenghy and resource wasteful

You may want to try DNS Dan Kaminsky Exploit, now since it's even included in msf3.

There are few ports I haven't seen, have a look around there might be some exploit for them, and don't forget milw0rm isn't the only security website

So investigate the unknown port/s, and verify manually the port banners with the nmap result to ensure they aren't false positives


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 31-03-09 21:25
clone_4@hotmail.com
Author

RE: Network Security Testing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-03-09 21:32
DoS might suck but it works so why not =)

Yeah in my opinion IIS is not very secure. Until now there have been in all versions of it mayor security holes.

It didn't say that remote anything is the only solution. But it would be my last solution if nothing else would work. Because with bruteforcing there would be a chance to get in the system. So why not try it.

Greetz
Author

RE: Network Security Testing

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 31-03-09 21:35
Bumping this thread so more people will read clone4's response.

DREAMS. CRUSHED.

Good job.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Network Security Testing

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 31-03-09 21:46
spyware wrote:
Bumping this thread so more people will read clone4's response.

DREAMS. CRUSHED.

Good job.


Now I'm confusedSmile :whoa:


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Network Security Testing

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 02-04-09 12:41

and one at milw0rm
http://www.milw0rm.com/exploits/3965



Than you shpuld check all the other services if that one doesn't work.

But I think remote anything will be a possibility to hack.
You can try to download a cracked version of it at torrentz.com
or some other sites.

Than write a programm which will bruteforce it. But that could take a while to bruteforce =)

edit/
I would try to search for exploits all the Microsoft Services. They are normally always vulnerably.


Have a look into rpc port 135, if it's running SP2 it should be vulnerable.
Also yeah you can btforce rdp.
You may want to try DNS Dan Kaminsky Exploit, now since it's even included in msf3.

There are few ports I haven't seen, have a look around there might be some exploit for them, and don't forget milw0rm isn't the only security website


thnx for the posts guys.
This thing is a lot harder than it seems Pfft I've been googling for some time now, trying to find exploits/vulnerbilities for IIS 6 and the open ports, but it seems like I don't have that much luck :/

nmap -sO -v 192.168.200.11
Not shown: 250 closed protocols
PROTOCOL STATE SERVICE
1 open icmp
2 open|filtered igmp
6 open tcp
17 open udp
47 open|filtered gre
255 open|filtered unknown
MAC Address: 00:13:20:41:34:74 (Intel Corporate)

here is some additional info. Since I'm pretty new at this kind a stuff I wanted to ask what all those services are. you don't need to explain what TCP and UDP are Pfft but what about the rest? ICMP is the one blocking my commands right? I have ICMP activated at home, which is (if I remember correctly) the service that blocks commands like ping etc. coming through the internet to my pc... am I right or...? Pfft

what about GRE, IGMP and the unknown one??!? I can google the services up and check them out, but I'd like to know if there is something that I could use against the server using those services ;D

//D.H.

Edit: IGMP seems like a vulnerable service. There are some listed attack types against it like DoS etc. does anyone of you guys have any experience dealing with this serive maybe?

Edit2: What irritates me the mos is that I can telnet to any port I want and get established connection, but whatever command I use does not give any response (except for port 80 listed in below). I keep using help, head, etc. and pressing enter, and well... nothing happens :S
This means that the server does not understand the commands I'm giving right? or am I missing something here?

Edit3: using banner grabbing @ port 80 gives me the same msg whatever command I try to use, maybe I'm doing something wrong here:

Telnet 102.168.200.11 80
connecting to 192.168.200.11 ...
Connection established
>HEAD
HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Thu, 02 Apr 2009 12:23:19 GMT
Connection: close
Content-Length: 35

<h1>Bad Request (Invalid Verb)</h1>
Session closed

the same msg keeps showing using all the commands I know... :/

Edited by Demons Halo on 02-04-09 13:25
base_dropper@hotmail.com www.demonshalo.com
Page 2 of 2 < 1 2