Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

SSH and Nmap


SSH and Nmap

By ghostghost | 8146 Reads |
0     0


||Basic Nmap Overview||

Ok, well this is { darkside } and THIS is the first section on this article. An article that will be covering the usage of nmap the best port scanner on earth and using SSH.

Different types of scans. Fun shit.

Nmap is one of the best port scanners you could ever have. It literally does any job you throw at it. Besides ordering pizza and such.

It also will not hack things for you.

You are responsible for coding your own exploits.

It is just a guide. To let you know your victims vulnerabilities.

Ok, so first off lets make sure you have nmap already.

You can download Nmap from Insecure.org or get it straight from DA's "Downloads" section.

You go to the DIR where Nmap is located and click on the app. z0mg it does NOT work.

You must run it via shell/terminal/command prompt.

NOTE: The syntax of an nmap scan is

nmap [Scan Type(s)] [Options] {target specification}

So first lets find a victim.

How about SmashTheStacks > Apfel server?

ONTO REQUIREMENTS!!


||Requirements(PuTTY.exe/OpenSSH/*nix)||

Well, first off lets understand what the term "SSH" stands for.

SSH is located on port 22.

SSH means (S)ecure (Sh)ell.

SSH is a network protocol that allows establishing a secure channel between a local and a remote computer.

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections. it can transfer files using the associated SFTP(SSH File Transfer Protocol) or SCP(Secure Copy) protocols.

To be able to connect via SSH the remote computer must have port 22 OPEN.

Let us ping a WarGame server from SmashTheStack called APFEL.

C\:> ping apfel.smashthestack.org

Pinging apfel.smashthestack.org [67.99.17.130] with 32 bytes of data:

Reply from 67.99.17.130: bytes=32 time=44ms TTL=54 Reply from 67.99.17.130: bytes=32 time=60ms TTL=54 Reply from 67.99.17.130: bytes=32 time=78ms TTL=54 Reply from 67.99.17.130: bytes=32 time=44ms TTL=54

Ping statistics for 67.99.17.130: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 44ms, Maximum = 78ms, Average = 56ms

[darkside@darkside ~]$ host apfel.smashthestack.org

apfel.smashthestack.org has address 67.99.17.130

To find this we will use this in a very useful program "nmap" found at >> http://insecure.org!

[darkside@darkside ~]$ nmap -v 67.99.17.130

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) Machine 67.99.17.130 MIGHT actually be listening on DNS resolution of 1 IPs took 0.06s. Initiating Connect() Scan against 67.99.17.130 [1680 Discovered open port 25/tcp on 67.99.17.130 Discovered open port 80/tcp on 67.99.17.130 Discovered open port 22/tcp on 67.99.17.130

Let us be more specific. -p: Port Scan Selection <–very useful -sV: Probe open ports to determine service/version info

[darkside@darkside ~]$ nmap -v -sV -p 21,22,23 67.99.17.130

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-05-21 03:11 CDT Machine 67.99.17.130 MIGHT actually be listening on probe port 80 DNS resolution of 1 IPs took 0.02s. Initiating Connect() Scan against 67.99.17.130 [3 ports] at 03:11 Discovered open port 22/tcp on 67.99.17.130 The Connect() Scan took 0.05s to scan 3 total ports. Initiating service scan against 1 service on 67.99.17.130 at 03:11 The service scan took 0.07s to scan 1 service on 1 host. Host 67.99.17.130 appears to be up … good. Interesting ports on 67.99.17.130: PORT STATE SERVICE VERSION 21/tcp closed ftp 22/tcp open ssh OpenSSH 4.2 (protocol 2.0) 23/tcp closed telnet

Nmap finished: 1 IP address (1 host up) scanned in 0.658 seconds

Look for this.

PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.2 (protocol 2.0)

SSH is open.

Let us login to apfel.smashthestack.org.

To do this you will need to open terminal and type the following.

[darkside@darkside]$ ssh -l troll apfel.smashthestack.org /*You are logging in as a user called "troll" */

It will ask for a password.

Use "troll".

It will seem like nothing is happening but it is.

Your password is hidden to ensure security.

From here you are now..

troll@apfel(~):$

In PuTTY it is a bit more simple.

First open PuTTY.exe.

Then in the "Host name" section type the host you want to connect to. In our case this will be "apfel.smashthestack.org".

Select "SSH" and port "22".

Then select "Open" to open an connection.

A black PuTTY screen should appear with the text.

Login as: troll troll@apfel.smashthestack.org's password: troll

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!Congratulations you are in.!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Once you are in apfel. Snoop around. Its a pretty cool place.

troll@apfel():$ cd public_html troll@apfel(/public_html):$ echo "TotcoS was here…" >> index.html

Well, I hope you have found this article quite helpful on learning about SSH and giving you an example.

A live example that you can learn from.

–=[ darkside totcos ]=–

PLEASE COMMENT AND RATE THIS =D

Comments
lukem_95's avatar
lukem_95 17 years ago

Nice article, much better than the 'the3l3tone' guy's… he posted 3 absoloute crap filled articles :S

ghost's avatar
ghost 17 years ago

well thanks :D

ghost's avatar
ghost 17 years ago

hah dude thats fucking sick:ninja:

ghost's avatar
ghost 17 years ago

Very nice article, 10 out of 10.:D

ghost's avatar
ghost 17 years ago

thanks guys :happy:

ghost's avatar
ghost 17 years ago

nice. Finally hbh is teacing some of these web-hacker's how to root. I should post an article on Buffer Overflow! DDoS attacks. Oh well one improvement though you could have covered a method that instead of using a password you already had you actually tell them how you get it remotely. would make this article worthy of awesome but im gunna have to go with VG SANTA

ghost's avatar
ghost 17 years ago

@SANTA…HBH didn't teach me how to root. google and netfish did. Why don't you go post an article on buffer overflow? And do it with prior knowledge completely without searching for how to do shit. Please. Seriously do not brag. What are you going to do with the DDoS attack article. Teach people about botnets? lmao ..goodluck

ghost's avatar
ghost 17 years ago

@SANTA…HBH didn't teach me how to root. google and netfish did. Why don't you go post an article on buffer overflow? And do it with prior knowledge completely without searching for how to do shit. Please. Seriously do not brag. What are you going to do with the DDoS attack article. Teach people about botnets? lmao ..goodluck

ghost's avatar
ghost 17 years ago

oh and @SANTA again. why don't you write an article covering Distributed Reflected Denial of Service and Amplified Denial of Service? lmao

ghost's avatar
ghost 17 years ago

awesome article!!

n3w7yp3's avatar
n3w7yp3 17 years ago

Wow, what a pathetic article. I swear to god, why are these approved?

ghost's avatar
ghost 16 years ago

That was a great article! Thanks:D

ellipsis's avatar
ellipsis 15 years ago

it's me scotty aka totcos.

i have no idea why the fuck hbh removed my points and practically forced me to make a new account, but, i'm glad y'all liked this article. minus all of the ignorant skiddie remarks.

ellipsis's avatar
ellipsis 15 years ago

it's me scotty aka totcos.

i have no idea why the fuck hbh removed my points and practically forced me to make a new account, but, i'm glad y'all liked this article. minus all of the ignorant skiddie remarks.