Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Exploits

  1. Home
  2. Forum
  3. Hacking in general
  4. Exploits

ghost's Avatar

ghost

0 0

Ok… so on a particular LAN that I happen to have access to, there is a particular computer that I am interested in (we'll just say that it's another one of mine). Long story short I want access to it. So after a short nmap scan I found out the following information:

Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-28 16:52 EDT Interesting ports on 192.168.0.109: Not shown: 997 filtered ports PORT STATE SERVICE VERSION 21/tcp filtered ftp 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds Service Info: OS: Windows

Host script results: |_ nbstat: NetBIOS name: , NetBIOS user: <unknown>, NetBIOS MAC: 00:43:20:e9:3e:63 | smb-os-discovery: Windows XP | LAN Manager: Windows 2000 LAN Manager | Name: MSHOME\**** |_ System time: *******************

I tried common username/password combinations on the ftp port with no luck… I could brute force it, but I really don't want to do that as that is pretty noisy…

After googling the other ports and services, I got a rough handle on what they are and what they do. I then looked for expoits and found quite a bit. However, nowhere could I find how to use them, short of metasploit. As great of a tool as metasploit is, I would like to learn how metasploit does it (without attempting to reverse engineer it), and I would like to learn how it was done before metasploit came to be.

Please understand I am not looking for hand holding, I want to learn how to do it, not just a tutorial. I am not asking for one of you to take the next couple hours of your life to explain it to me. But possibly somebody could point me in the right direction for my journey of knowledge.

Thanks All,

Bellepheron


spyware's Avatar

spyware

Banned
0 0

You want to know how to run a script? Look, if you can't figure out how to use it by yourself, no one should/is going to tell you.


starofale's Avatar

starofale

Member
0 0

Look up buffer overflows.

I'm sure there is lots of information out there on writing exploits for simple programs. You'll need to learn C if you don't already know it.


stealth-'s Avatar

stealth-

Ninja Extreme
0 0

Before Metasploit, it was just scripts/compiled source code. All Metasploit does is nicely package the exploit for you and give you more freedom with it (like selecting your own payload), everything else is virtually the same. Basically, you would download a script and then run it via the command line, passing it arguments (like the I.P address you wanted to attack). You generally see "proof of concept" exploits in that form before a Metasploit plugin is made too, so it's not like an old relic of the "good 'ole days" or anything.


ellipsis's Avatar

ellipsis

...
0 -1

Bellepheron wrote: 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Window

SMB sniffer


garabaldi's Avatar

garabaldi

Member
0 0

Take a look at the types of exploits you'd use on those services, and Google them. Find out what they are exactly, and how they work. Then you can get behind the scenes of Metasploit's ease of use and really find out how things work.

Also, that's an XP machine. I can think of an exploit which would work on one of those open ports off the top of my head, if you were wondering if it's exploitable.