help, i think this is good!?

Starting Nmap 4.11 ( http://www.insecure.org/nmap ) at 2007-10-24 18:11 Pacific Daylight Time Insufficient responses for TCP sequencing (0), OS detection may be less accurate Interesting ports on xxxxxxxxxx.com (xx.xx.xx.xx): Not shown: 1667 closed ports PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 110/tcp open pop3 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1026/tcp open LSA-or-nterm 1080/tcp open socks 1248/tcp open hermes 1433/tcp open ms-sql-s 1723/tcp open pptp 3389/tcp open ms-term-serv 8081/tcp open blackice-icecap Device type: general purpose|firewall Running: Microsoft Windows 2003/.NET|NT/2K/XP, Symantec Solaris 8 OS details: Microsoft Windows 2003 Server or XP SP2, Symantec Enterprise Firewall v7.0.4 (on Solaris 8) Nmap finished: 1 IP address (1 host up) scanned in 13.579 seconds

Well it depends what you want to do ? Nmap only give information about the application running on this server.

anything i can, but wouldnt all those open ports be vuln to somethin

hackncrack wrote: anything i can, but wouldnt all those open ports be vuln to somethin

Only if a service was actually running on them. Do some more recon, then get excited.

ya i know haha, i sorta jumped when i saw an open ftp, i tried a dictionary attack on it but it kept crashing, probly cause my dictionary file is 2gb

hackncrack wrote: ya i know haha, i sorta jumped when i saw an open ftp, i tried a dictionary attack on it but it kept crashing, probly cause my dictionary file is 2gb

What kept crashing? The FTP server, or the program you were running a dictionary attack with?

haha, i wish i crashed the ftp server, no the program that was doing the attack.

hackncrack wrote: haha, i wish i crashed the ftp server, no the program that was doing the attack.

Seriously… you crashed the program that was doing the dictionary attack. God, what program were you using?

Anyways, as many people will flame for you to remember, you can't just nmap something and run in with guns blazing. That is the stupid way to hack. As I said previously… do additional recon, THEN figure out a plan of attack. External logins to services !automatically == brute force.

i was using brutus, and yes i know about the recon thing, it was sorta a first reaction to post haha, and if people flame me then people flame me, thats how ya learn, ive done some other crap, whois, nmap, intellitamper, other port scans, so ive done what i know so far.

so brute forcing is much better than dictionary attacks

oh and based on experience, do most people only use mixed alpha numeric or symbols as well

hackncrack wrote: i was using brutus, and yes i know about the recon thing, it was sorta a first reaction to post haha, and if people flame me then people flame me, thats how ya learn, ive done some other crap, whois, nmap, intellitamper, other port scans, so ive done what i know so far.

Great, you've used programs to do your work for you. Now, use the best tool you have access to for hacking: your brain. Tools can't do it all.

so brute forcing is much better than dictionary attacks

It's not a question of which one is "always better"; each has its purpose, depending on the situation. Either way, you're sending hundreds of failed logins against a server that must SURELY have logging. It's like trying to break into someone's house while they're wide awake, kicking the door down with a boombox on your shoulder and escorting elephants onto their driveway. Dude, you need to consider something a bit more covert. :angry:

oh and based on experience, do most people only use mixed alpha numeric or symbols as well

Based on experience… most people seem to be comfortable with mixed alpha-numeric; that is a major sign of laziness among administration. Me… I use multiple passwords, and all of them have at least one symbol in them. So, again… recon your target, then evaluate the possible combinations ONLY AFTER you've expended your vulnerability and exploit options.

In other words, wait about 3 weeks before you attempt a dictionary / brute-force; that should give you some time to search for "real" attempts at exploitation.

Oh, and Brutus sucks donkey balls. :happy:

hackncrack wrote: ya i know haha, i sorta jumped when i saw an open ftp, i tried a dictionary attack on it but it kept crashing, probly cause my dictionary file is 2gb

so, wait.

you're not even going to try to figure out what services are running on the box and what versions they are?

you're not going to read up for hours into the night on what purpose those services serve?

you're not going to spend days and days poring over source code to figure out how to exploit what your target has left exposed?

you're not going to spew random data into the open services and see what happens?

you're not going to try to circumvent the firewall?

but, you're going to sit there with your fucking bruteforcer and noisily pound at the gate of the only service you recognize until the admin finally notices (you're filling his logs to BURSTING right now, mind you)?

fuck you. just, fuck you.

LMAO, LOL—omg,lol. ok, now that im done with that, yes i agree with zephyr and slightly with lesser. You can't just go bruteforce the ftp service, dig further and find a more as zephyr put it nicely "covert" plan. Also taking out that firewall first would be nice too ;), Look to find a way to take out the firewall, then that will open up alot more ways to acess alot more services for alot more interesting and sly plans of attacks and info evaluation. As they said right now your basically alarming the admin to lock down the doors. So now by time you do come up with a fair plan of attack on the open leaks he'll have it all on lock down. good luck in watever u plan to do from here.lol

S1L3NTKn1GhT wrote: Also taking out that firewall first would be nice too ;), Look to find a way to take out the firewall, then that will open up alot more ways to acess alot more services for alot more interesting and sly plans of attacks and info evaluation.

Circumvent is what he said, not "take out". Might I add that taking down the primary defense would trigger the logs even more? Only do this when you are sure you have write-access to those logs later.

And speaking of evaluation, I took the time to evaluate your post and I noticed an inefficient opening ritual.

LMAO, LOL—omg,lol

This doesn't have any value but a negative one, content-wise it plainly sucks. So drop the roflcopterization of your posts, thanks.

EDIT:

yes i agree with zephyr and slightly with lesser

If you understood everything you just read, you should see that lesser said the same as Zehpyr. Lesser has his way to deploy information, just like Zephyr has his.

To the OT:

I suggest you google every service (ftp is a service, for example) you found and study them. You'll probably end up reading some wikipages but try to find several sources of information.

When you know a bit more about them, install activeperl on your windows box and go code some stuff in Perl (open a new thread if you need help on this). When you think you are ready to "explo1tz teh sh1tz" out of that box, go over to milworm and read some articles about rooting. Study various types of attacks. Read, mess around with and create scripts using Perl.

By the time you can do this all, you know what to do next.

A final warning note: Feel free to fail, fail and fail again to do these tasks. It will take some time and resourcefulness to accomplish all these things so don't expect you can wear sunglasses at night next week just yet.

Good post Spyware. One thing I would like to add is that you should really think about using a proxy. Especially since you just used a machine gun outside the bedroom window.

S1L3NTKn1GhT wrote: Also taking out that firewall first would be nice too ;), Look to find a way to take out the firewall, then that will open up alot more ways to acess alot more services for alot more interesting and sly plans of attacks and info evaluation.

Your lol's annoy me but, more importantly, what exactly made you assume this was a firewall? This?

Device type: general purpose|firewall

If you weren't skimming through the nmap results and actually paid attention to them, you would see that it is VERY unlikely that this target is a firewall. This is why:

hackncrack wrote:

PORT STATE SERVICE** 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-term-serv**

Running: Microsoft Windows 2003/.NET|NT/2K/XP OS details: Microsoft Windows 2003 Server or XP SP2

Of course, your post seems to be about the same caliber as the initial poster's; everyone knows that nmap is a port scanner, but no one knows how to use it to properly scope a target. Finding a port that hosts a service that uses authentication doesn't mean "break out the prog and hammer away". In fact, dictionary / brute-force attacks should be your LAST resort, if they are even a resort AT ALL.

I'd advise you and the OP to both take an exercise in furthering education. Based upon the results of your port scan, set up a virtual machine that matches the details of that target. To the OP, continue reconnaisance on the target and modify your virtual machine to match the characteristics. Then, try different exploits, techniques, and such.

It's not just "0mgZ a t@Rg3t!!!", or at least it shouldn't be. It's a chance to learn something and become something better than a tool.

other than the fact of being flamed, which i dont really care if i do, there was a butt load of info that i can use now, and learn from, so to those of you who offered help, thanks much, and thanks to those who flamed, because there was a ton of info there too. obviously this was my first attempt at actually trying to "hack" or "root" or whatever category it may fall under. now i have a bit more knowledge.

the whole reason i posted the thread is pretty much so it will get flamed, because the only people who flame are those who know what they are talking about, and will throw a bunch of info in my face.

hackncrack wrote: other than the fact of being flamed, which i dont really care if i do, there was a butt load of info that i can use now, and learn from, so to those of you who offered help, thanks much, and thanks to those who flamed, because there was a ton of info there too. obviously this was my first attempt at actually trying to "hack" or "root" or whatever category it may fall under. now i have a bit more knowledge.

the whole reason i posted the thread is pretty much so it will get flamed, because the only people who flame are those who know what they are talking about, and will throw a bunch of info in my face.

Everyone listen to this man. <3

:) thats a nice change from fuck you haha

hackncrack wrote: other than the fact of being flamed, which i dont really care if i do, there was a butt load of info that i can use now, and learn from, so to those of you who offered help, thanks much, and thanks to those who flamed, because there was a ton of info there too. obviously this was my first attempt at actually trying to "hack" or "root" or whatever category it may fall under. now i have a bit more knowledge.

the whole reason i posted the thread is pretty much so it will get flamed, because the only people who flame are those who know what they are talking about, and will throw a bunch of info in my face.

Well, isn't that a welcome change from the thousands of useless wastes of database space that decide to ignore such knowledge. Good luck to you in your endeavors.

most people, when flamed, get offended and pissed off, when they should just be mad at themselves for posting a stupid thread, but they ignore what people say when they get flamed, because they take it as negative. but who cares, negative or not, info == info

hackncrack wrote: most people, when flamed, get offended and pissed off, when they should just be mad at themselves for posting a stupid thread, but they ignore what people say when they get flamed, because they take it as negative. but who cares, negative or not, info == info

Someone please sticky this. This, my friends, is THE TRUTH.

Ah the old tools do it all attitude, it's like building a house you need tools, but in the end YOU have to do the real work.

I agree Fritzo.