This is the stage where real hackers are differentiated between script kiddies, this is when those people who really know something prevail. Normally say if a exploit is designed to work on Linux, then if you edit its code and change its header files (if necessary), then that particular exploit can be made to run on Windows too. However, there are certain exploits, which simply would not run on a different OS than it is designed too.
Anyway, let us get back to point. You have edited the exploit code and made it compatible with your platform. Now what else? Another thing that you want to keep in mind is the Operating System, which the exploit can exploit. You see, there are certain exploits, which work only if the victim system is running a specific Operating System. For Example,
There was once a Sendmail hole, which worked only if the target System was running Sun OS without which, it simply refused to even work.
So in some cases it becomes necessary, to find out the Operating System running at the target system. Although not all exploits require the target system to be running a specific system, but why take a chance. Right?
So basically you should be aware of the following things while getting a ready to use exploit-:
1. 1.) The Daemon name and version you are trying to exploit For Example, Sendmail 8.9.4
2. 2.) The Operating System at which it is designed to run. (If necessary)
3. 3.) The operating System it requires the target system to be running. (If necessary)
That brings us to as to how to find out the Operating System running at the target system? Well, the HTTP port holds the key. Simply, telnet to Port 80 of the target system.
C:\windows>telnet xxx.bol.net.in 80
Now, once you get the input prompt, then, type an invalid HTTP command. For Example, X or Iamgreat or abc etc. Just type anything as long as it is not a valid HTTP command. Then press enter twice.
***********
Hacking Truth: After each HTTP command one has to press Enter Twice to send the command to the server or to bring about a response from a server. It is just how the HTTP protocol works.
**********
On Port 80 of my example target system, I type simply ‘ankit’ and press enter twice. This is the kind of response I get:
HTTP/1.1 400 Bad Request
Server: Netscape-Enterprise/3.5.1
The server replies with the version of HTTP it is running (not so important), it gives us an error message and the error code associated with it(again not so important), but it also gives us the OS name and OS version, it is running. Wow!!! It gives hackers who want to break into their server the ultimate piece of information, which they require.
Well, these were the common ways of finding out more information about a host in your quest to break into it. I will soon be updating this manual, hope you enjoyed the first edition. Till the next update, goodbye.
Jai Shree Raam
No comments:
Post a Comment