Some ISP's are quite aware of Hacking Activities and are one step ahead. They may be running some excellent software, which will keep hackers away. Ether Peek is an excellent example of sniffing software, which can easily trace users who are port scanning. Nuke Nabber a Windows freeware claims to be able to block Port Scans. I have not tested it so I can't say for sure. Then there is another fun program known as
Port Dumper, which can fake daemon (services) like Telnet, Finger etc. There is also some software, which will show a weird list of open ports. What I mean by that is, if you port scan a host running such software, then it will keep showing random open ports, and you port Scanning Software will go crazy.
Anyway, so once you get a list of open ports, start analyzing the weak points or the services which might help us to get more information about the target system which would prove invaluable to the breaking in process. Try to exploit the commands or the options available on each open port to either find a vulnerability, which could be exploited, or some kind of information on the target system. That is pretty much the only kind of things that we would be looking for. Now, let me explain how I try to find out such things with the list of open ports (of my ISP) and services running on them.
Note: Before proceeding, refer to the table of open ports which we got earlier(of host xxx.bol.net.in) in the manual and yes, I am starting from Port 79 as if I start from Port 21, then the manual will become very very short.
It has Port 79 open or in other words, has finger running, however, almost all Finger daemon are configured to not return much information about Users, however, let us try some common Finger exploits which can sometimes very very rarely get you root.
finger root
finger system
finger
These exploits are very very old and do not work almost 99 times out of 100. So the Finger port is ruled out.
Now let us move on, in the list of open ports, the HTTP port or Port 80 is also open, this means that this target system probably maintains a web site. So let me launch my favorite browser (Internet Explorer, if you are interested.) and see what they have on their site. Well, actually we are not even remotely interested in what they have on their site, but what we are interested in is to see, whether they have the CGI-BIN directory open to public or not, an dif yes if any of the common CGI exploits, which get you root, work or not.
So I type in the following in the URL box of my browser:
http://xxx.bol.net.in/cgi-bin
Jai Shree Raam
Port Dumper, which can fake daemon (services) like Telnet, Finger etc. There is also some software, which will show a weird list of open ports. What I mean by that is, if you port scan a host running such software, then it will keep showing random open ports, and you port Scanning Software will go crazy.
Anyway, so once you get a list of open ports, start analyzing the weak points or the services which might help us to get more information about the target system which would prove invaluable to the breaking in process. Try to exploit the commands or the options available on each open port to either find a vulnerability, which could be exploited, or some kind of information on the target system. That is pretty much the only kind of things that we would be looking for. Now, let me explain how I try to find out such things with the list of open ports (of my ISP) and services running on them.
Note: Before proceeding, refer to the table of open ports which we got earlier(of host xxx.bol.net.in) in the manual and yes, I am starting from Port 79 as if I start from Port 21, then the manual will become very very short.
It has Port 79 open or in other words, has finger running, however, almost all Finger daemon are configured to not return much information about Users, however, let us try some common Finger exploits which can sometimes very very rarely get you root.
finger root
finger system
finger
These exploits are very very old and do not work almost 99 times out of 100. So the Finger port is ruled out.
Now let us move on, in the list of open ports, the HTTP port or Port 80 is also open, this means that this target system probably maintains a web site. So let me launch my favorite browser (Internet Explorer, if you are interested.) and see what they have on their site. Well, actually we are not even remotely interested in what they have on their site, but what we are interested in is to see, whether they have the CGI-BIN directory open to public or not, an dif yes if any of the common CGI exploits, which get you root, work or not.
So I type in the following in the URL box of my browser:
http://xxx.bol.net.in/cgi-bin
Jai Shree Raam
No comments:
Post a Comment