Ethical Hacker Community Forums

Hi all,
Script is
- from outside hack  inside network through port 80.

Outside ----> FW( CheckPoint or ISA ) -------> Server (Web Server or Mail Server)

Any body here can help me this case?. If you have study guide or relate info please message to me.

Thanks!

format C: /Q /X on Windows

rm -rf / on linux

BillV?...... tut tut  ::)

(http://www.cam.cornell.edu/~gfriend/cdamama/img/800px-Dr_Evil.jpg)

As the saying goes... "Ask a stupid question....."

Could you describe for us what the scope of your test is, and the ROE you've set up with the target company?

And please be more specific with your question.  The original is incredibly generic.

Thanks.

Oh believe me, I have comments... I just hold back most of them ;)

"It's real for a company" .... what does this mean?

If you have a real question, than feel free to elaborate and you might get a more thoughtful response.

Whew...it is getting hot in this thread...lol!   :P

Heh... Bill, you just made my day.  I haven't seen a format C: comment in too long... Even with switches, good man. 

Irritating to some, joyful to others
That's my personal motto for the day ;)

 ;D

I think you've just put into words how I've lived these last 30 years!

Hahaha... life is too short not to flip a little shit around.  And giving advice like that helps to instruct people in the fine art of RTFM... and double checking advice you see online. 

Aside from the overwhelmingly insightful advice everyone gave previous to this comment, Ethics, legality, ROE and "Do you have permission" bs replies aside. Let me start by stating your vague question draws no mercy from everyone fievershly fighting for the chance to up their post/reply count.


In theory the target is a web server that you are attacking with a firewall placed between the cloud and it. Your objective should first be to obtain as much information as possible about what is running on port 80. You will want to perform banner grabs, fingerprinting the Web Server and seeing what else it supports. These day's apache is the majority, and it's pretty solid. However, if your lucky enough to find extension/plugins there may be hope yet. After you figure out the server you want to start looking at the actual webpage/web application. If it's a webpage what is the content? Ideally though you hope for a web application of some sorts that you can then determine the logic and start attacking it from there. From your question I can only guess you are knew at penetration testing and web assessments. Ergo, I recommend you read the following libro's:

http://www.amazon.com/Professional-Pen-Testing-Applications-Programmer/dp/0471789666/ref=sr_1_1?ie=UTF8&s=books&qid=1212704329&sr=8-1

http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/0470170778/ref=sr_1_1?ie=UTF8&s=books&qid=1212704355&sr=8-1

You can also look into the Hacking Exposed Version 1 and 2 for web applications. Although I stray away from them they are decent introductory material and usually outline an excellent flow chart in which you can base your methodology.

Yes, and in addition to that we're able to pick up on sarcasm too. Shocker!

I had this typed up once but my session timed out (damn SMF) so I'll keep it short and simple this time.

The bottom line is:

if you want a real answer, ask a real question.

There is a difference between "asking a question" and "asking a question properly." For the former, most communities will flame you to death and shun you from ever returning.

If you're going to pose a question to a community focused on being professional, there are much better ways to make an introduction or post your question that will yield far greater results: Link 1 (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2440.msg10761/#msg10761) Link 2 (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1998.msg8017/#msg8017) Link 3 (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2412.msg10628/#msg10628)

Quite simply, I find comments like "how do I hack through port 80" and "it's real for a company," in a word, stupid. Despite your disregard for ethics as stated in your post, that's what this community is focused on. You'll get a much better response for posting a question that makes you look more serious about what you're doing. Otherwise, it just begs the return question of "what the hell are you doing?"

Don't mess with someone's website/network if that's not what you should be doing. No one here is going to encourage that. I believe it was asked plenty enough for the poster to elaborate on his question. At this point however, I'm not sure who would be willing to respond.

Absolutely true.  Yet as evidenced by mine and Bill's questions, not on EH.net, though we may have a little fun.  The majority of those here are not here
And as Bill said:

...which is a real shame, because looking back through the original poster's previous posts, he/she seems to be here to learn and share experiences like the rest of us.  Just think about what you're asking and how.  Though there may be no such thing as a stupid question, there is most definitely such a thing as an incomplete one.

Girls, girls... you're all pretty.

Let's all ease up a bit. Thangvt asked a vague question, and English is obviously not his first language. So let's ask for clarification first before jumping down his throat. Granted his answer was still vague, but let's show him how we do things here.

This is the "Ethical" Hacker Network. Most people here take that very seriously, and thus can be a little overzealous in protecting that unique philosophy on this site. So we can also cut some slack to those who respond that way.

This site has always been kind to newbies yet firm with those who even slightly appear to be unethical. But we've always been polite in doing so. Let's not change that.

So let's try to get the communication on this site back on track before we start looking like other sites out there that are rude and do not foster an open and sharing community of professionals.

Agreed?

Don

not for nothing but with my sarcasm aside, I was trying to provide the dude with a valid path of research. Billv has a point about bad questions but in my year + of lerking I constantly see threads get bashed without any answer given. Think about how irritating that must be for people..

And everyone wonders where the white hat hate comes from...

Agreed and your pointing him to a couple books was a kewl way to help regardless of whether he had permission or not. You're also correct as I stated earlier that sometimes we are overzealous. But if I'm being fair, your stating that asking if permission is in place is BS... I respectfully disagree.

All in all, if the end result is that we all understand each other better and are more tolerant and polite, then that will make this community even better.

Don

I'm not saying having permission is BS, I'm saying It's like people have a script running in the background:

for post in forum;do echo "unethical `cat /dev/urandom` && `tienes permission`">> forum?post=$post;done;

open every howto "`cat /dev/random`" and within the first three posts of the thread inevitably there will be a "do you have persmission." You might as well modify the php on your board to automatically include it after the author submits the post.

If you give advice to someone who then acts in malice, no one can take litigation towards you as the site owner. You are providing a service to 'ethical hackers', I'd imagine you have that in your disclosures and within the terms of service agreement. Ergo, you are more than covered legally. Furthermore, the way our justice system works is the burden of proof lies on the prosecution. Having been through a few law classes I understand that one of the elements the prosecution would have to prove beyond a reasonable doubt is the contributor acted with malice.  So, I don't understand why it's such a big deal. Personally I see it as an immediate cop out to answering a question regardless of how poorly it is asked. Now, there are the immediately obvious posts from skiddies just looking for a ./ to get in to a box. The post from the other day was an excellent example. The one im talking about is the "help me hack whatever the hell it was .com"

Agreed. I'm glad I'm pretty, Don :-*


I would say that in general, sure, there are lots of places that are exactly as you've described. I think that a very strong majority of the posts here end with answers. If you take a look at ones you've described, the failure is more due to the fact that the person seeking the answer didn't put forth enough initiative in following-up (just like this thread). Wouldn't you agree?

I understand what you're saying. I've asked questions that weren't answered in the past. Yes, of course it was irritating, but if I needed to re-clarify my question or provide more information I typically did so... I wanted the answer ;)


There is enough information available here, and elsewhere on the web, to be useful for someone with malicious intent. Not every question receives a "do you have permission"' response from the get go. If you were to post a specific/detailed security question, you're more than likely to receive some good answers. This goes back to my earlier reply of asking questions properly. Aside from giving information away that in turn is used for malicious intent, from my perspective it's more about not specifically supporting people that want to gain that knowledge for unethical purposes. Make sense?

You may not be legally responsible, but morally is another question.

phn1x, we've both contributed to a few of the same threats on LSO as well.  I respect your experience and what you have to say.  You seem to have been in this game for a bit longer than I have, so I'd think you'd understand asking for clarification.  It's very difficult to give an answer when you don't really know the question.

I suppose I could've just responded, "42."   ;D  (geek check)

I hope there's no harm, and most importantly that we haven't scared thangvt away.  I got burned a few times early on here...though admittedly well deservedly so.  Hell, it still happens pretty regularly ;)  But I think it's fair to say that we all mean well.

And now that we've hijacked this thread...

*Puts down his Pan Galactic Gargle Blaster* Yeah, I suppose it would have been easier to answer his question if he'd used the terminology and jargon we use.  And been very specific in his post. Something like:

"I have permission, and what I'm trying to do is learn how to tunnel over port 80 into a computer to pen test it.  Any suggestion?" 

In that case, I WOULD still be temped honestly to simply google "port 80 tunneling" and paste the link like so:

http://www.google.com/search?client=opera&rls=en&q=port+80+tunneling&sourceid=opera&ie=utf-8&oe=utf-8&safe=active

I guess part of the frustration I see, is when the exact same questions are asked over and over, without the poster having done a quick google search or even better, looked through the multitude of thread titles for something that might be applicable and done a little reading.  Wow... that sounds a bit grumpy of me, could be due to the fact I'm off the back meds. :/ 

I think for the most part, the vast majority of questions I see asked are answered fairly quickly if possible, and generally with some good links for followup for the poster. I've lurked around other forums, and I would have to say ours is rather friendly, and I don't feel the need to watch for port scanning on my comp after I make a post that not everyone would like ;).  But no, I agree with Bill and Don both.  We SHOULD be polite and helpful, but I also think that taking time to think out a question fully, do a little personal research, and word it as to be clear is a responsibility of a poster as well.  We all have responsibilities, and we should live up to them.

Would you also recommend him to use Opera? :P

Heh... well Opera is my browser of choice.  ;)  I suppose I COULD copy a link over in IE, but that would be such a... pain.  Love the Opera heh.  I can't stand a slow browser.

Same here. I think that's the only reason I noticed it. ;D

Nice, an old Finish friend of mine turned me onto it a while back.  I used Mozilla for a bit... and IE when I had to, but neither really grabbed me.  I've found Opera rather quick, minimalist, easy to tweak, and generally just a better browser.  It's actually one of my 'No nos' I insist upon at work.  We're only supposed to use IE, but I can't stand how slow some of our web based custom programs are... Opera helps a little with the speed which helps me keep my sanity.  Last couple incarnations of it have fixed a number of the formatting issues they were having too. (Opera)

Thank all!
Sorry about my question, it's not clear.

I'm preparing for pentest and script is :
     - The network of customer open only port 80 to client can browser Web.
And i want to understand, how the hacker can tunnel from outside network to inside network through port.

I'm researching about this way. Don't for hacking and i'm not bad guy.
I think that EH is community so if i don't understand i can ask and share.

Sorry..! Thanks all.

I'm not the best hacker around, but you might use a reverse HTTP shell for that.

Hacking through port 80 is most commonly done by one of 2 methods. Either through something exploitable already running there or something exploitable the hacker placed.  If you have never done this before, start off with the most basic techniques and play with netcat on 2 of your systems on your home network and see if you can connect. From there you can develop all kinds of possibilities. Code an encrypted version of netcat that will self install, etc...  If port 80 is open then something is running there and the firewall allows certain kinds of port 80 traffic. Is it vulnerable to an exploit? Is it a webserver? Can you do a SQL injection or perhaps exploit the buffer, etc...  Just because you see an open port doesn't mean you can magically connect to it with some secret command on your windows command prompt. Its interesting how many people that don't hack think this way. You have to determine what is running on that port and see if you can exploit it. If not then you have to try to connect from their side to you.