Ha Ha, whatever you say noob.  Actually I agree with your entire post 100%.  But at least I am not a hypocrite about being “ethical” and at least I don’t get all excited because I cracked my neighbor’s wep and have to hurry and post it on this forum like some giddy teenage cracker because I think it’s the hack of the century. To me you should be more embarrassed by that than any of my so called trolling. But hey, to each his own.


And ismith, god I guess you don’t get it. Well if this forum keeps filling up with noobies like you, which seems to be the direction its been going of late, you don’t have to worry about getting rid of me, I will just go!  Yes Don please ban me from here so I can teach some of the noobs here how hard that can be on a public forum like this.  Hey, I am a nice guy and am willing to do my part to teach people the most basics of the internet if I am called upon to do so. 

Please tell me you’re not that big of a newb and think it’s so easy to ban someone from a public forum. If you do, then I feel sorry for whoever you do security consulting for. I know I don’t really belong on this forum because I am not part of the so called “ethical” hacking community. I belong more to what you might call the “underground”, but I never have done anything malicious. As Don pointed out, it’s better to just ignore comments on a forum that you might not like. I find myself doing just that here myself often, but occasionally I can’t hold back! 

I have found that 1.99 is hackable in certain environments. Its good you disallowed it.

Your question is if this is secure?  Well, first of all your nmap scan was to limited since you were just looking for –p 22, but I assume you did this way knowing that was the only service running on your server and just wanted to display your results. A true scan will include all 65535 tcp and upd ports and it should be done remotely so a rootkit can’t mess with the accuracy of your output.  It seems like you did the right thing by checking available exploits for the service. So you didn’t find any published exploits for that service does that mean you are safe? No, you are not 100% safe.  Just because someone can’t find a published exploit or it’s not in the beloved script kiddie tool metasploit doesn’t mean one doesn’t exist. Remember there are exploits being developed by sophisticated hackers in the underground that the “ethical” community is not aware of.  On the other hand the exploits usually developed by the white hat community are usually revealed quickly because the developer is so eager to get his 10 seconds of glory in the security field. Not always, and sometimes they let the vender know ahead of time so they can make a patch. Those kind of exploits have value for about a month, if even that, then they are only good for low hanging fruit that never gets patched.
 
Now that doesn’t mean you need to stay up late at night worrying because if your server is low profile, more than likely you wont get attacked by such an attack, because unknown exploits are developed and traded by a small group of “leet” hackers and not the huge sea of script kiddies that seem to be getting larger out there even as I type. Hackers of a high caliber usually have bigger fish to fry. That’s not to say one wouldnt want to use your server to launch a more important attack from. Ok so what can you do? Well, you still need to configure firewall well and also make sure your IDS has the latest rules. Harden your OS so that a buffer overflow is difficult to occur even with a vulnerable service. There are some decent apps out there for this.  At this point you will be 99% secure because if you are a low value target, no hacker is going to waste a lot time trying to own you just to make you into a zombie when there are so many easier targets out there. Hey 99% is good odds!

Actually its more like 37 posts g00d_4sh and I am glad you all miss me.  BTW how do these monthly prizes get figured out? I can see that pseud0 deserved it but that other dude? Ha Ha.  Seemed liked g00d-4ash made a hell of a lot of posts last month and should have gotten it.  I love politics. And yeah I troll this site from time to time, that is when I am not busy hacking your mamas box! Hehe.

Yeah right. I didnt know that CEH meant certified ethical hyprocrit! But now I know and thanks.
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1836.msg7329/#msg7329

Yes thanks for the tip about using a search engine. I have heard of such things and I will look into it.  It is always amazing to me how short sited some people can be that claim to be involved in security. The question is not whether a single poster is ethical or not. Just in case some of you haven’t noticed, there are thousands of page views every month on this forum. Most are anonymous. Well, I might be crazy but I would be willing to bet a few might be a little less than “ethical”.  But that doesn’t seem to bother some who in their zeal to show off to the community their vast knowledge can’t resist pontificating.

Even if the knowledge is available out on the net by using search engines, (I heard of one that was good, I think its called doogle or something like that) why make it easier than it needs to be?  Sure you might only slow them down an hour or a day, but at least you know you didn’t contribute to the problem. You would think that would appeal to your ethical sensibilities.  Yeah, you can find all the info you need to build a nuclear bomb on the net but I am not going to post links to anyone that asks me just to show off my superior knowledge. 

The reality is real high level security pros, ( and they are the only ones that should be playing around with botnets and undetectable Trojans)  DON’T need to come to a site like this for instruction on how to build such things anyway!  Its always interesting to us that walk on both sides of the hat, to see how readily the so called white hat community gives up exploits, etc…to anyone. The white hat community is making the back hats just damn lazy!  There are 2 reasons for this. One is for possible profit and the other is for ego and are trying to impress others without regards to repercussions. They can always claim they are white hats doing it for the good of all, when in reality they have more selfish motivations.  Ironically if you go to a black hat site asking similar questions you get flamed or told just “google it”. 

A little?  Your joking right? I am glad you are not in charge of security where I do my banking, ha ha. Sorry, I just could not resist. But hey, thats cool if you are going to help anyone that comes here build botnets and undetectable trojans.

I really had to bite my tongue on this one, but in my not so humble attempt to be  not such a dick, I guess I will let this one slide! At least you are honest about it. Enjoy your free internet CEH.

Yes Archeron  , you are right and welcome to the few that have some balls to post. I see over 1000 page views on this topic and only a few make posts. How gay.  Why is it so scary to the gutless wonders that lurk here?  So damn scary to post something like” good post , bad post” whatever.  I like this forum. I have been watching forums for a long time. If you don’t make even a small post it will die.  Show you have some balls.  Christ, no one knows who you are and why you are stilled scared?  WEAK!   
 
I got a PM from an important person on this site telling me my posts are close to being a dick. Nice political way telling me I am a dick! REALLY? I never resorted to name calling like calling someone an idiot. Hey that’s fine.  I see this thread went to 4 pages.  Whatever. I will make one more post after this and I am done. 

And so spoke the god of hacking! Actually you don’t need to repeat it again and in fact you would do everyone a favor not to because it’s not true.  How much bad information can one person give in a single thread?  Accessing critical data might be the end result of a pentest, but not always. Many times just gaining a foothold on the network and planting a flag is all a company may allow in a blackbox test. That alone should have not happened and its enough to display vulnerability.  If doing a pentest from inside the network, collecting critical data might be part of the information gathering process before the hack like sniffing out a password, that is if you consider a password sensitive or critical data. But neither are the hack itself.  Not even in a BlackHat hack is it always the objective. Sometimes the hack is done just to snoop around out of curiosity. Sometimes the hack is done to do something malicious like wipe out a hard drive. With your narrow definition I could say anytime I turn on my computer and access critical data I just hacked it!  If I go in and put a gun to the head of the Admin and force him to turn on his box and access data , I guess I just hacked it?  Hacking as defined by the majority is gaining unauthorized access to a computer or network via another computer. 

Agreed! I am glad I dont either.

Nice. Just another hijacked thread. If you are so committed to to this topic, perhaps you should start a new one. As I said already, the original poster was answered early on and then what followed was a lot of silly rambling.

That’s really good. You made my point better than I could. What you are describing is the importance of understanding the output of tools, which really has more to do with understanding the particulars of that tool.  While it may be interesting to understand that an nmap –sS doesn’t complete the 3 way handshake in TCP/IP, what really matters is the results it gives me and what do I do to that particular tool if I am not getting any results I seek.  What options would I add?  Yes its true the tools I mentioned anyone can learn just like anyone can learn TCP/IP. Not sure what that has to do with it.  What takes time is learning all the aspects of a tool and how to customize if need be. That translates in to working with each tool as much as possible and in every possible situation.  Understanding TCP/IP is more crucial if you are writing your own tools. About 30% of the tools and exploits I run where written by me, but could easily by used by anyone with a little instruction on the particulars of that tool, which has nothing to do with memorizing the 7 layers of the OSI model.  If learning all the theory of every protocol makes hacking more interesting to you, that’s fine. Just don’t tell people that want to learn hacking it’s the crucial place to start. Its just not true. Get going with the common tools and start getting experience. The more experience you get under your belt, the sooner you will no longer be a noob.
 The original meaning of the term "hacker" has nothing to do with what you posted. It had to do with individuals that would "hack" hardware to change it to do something different from what it was intended. Later the press used it for people that would break into computers.  Do you guys really understand what hacking is all about or are you more just bogged down theoretical security guys wearing your little suit and ties? 
  Oh and Dean, I did go look up the term hacker and guess what? There was a picture of me there, Ha Ha!   

Why is it when someone asks where to get started they are always given the same BS answer of learn your TCP/IP protocols.  Sorry but its just not true and I see it as a smoke screen. It reminds me of the Karate kid that has to do wax on, wax off before really learning Karate. Give me one real example of simply knowing  that or the OSI model teaches you how to hack.  The reality is you can do some very effective hacking without understanding much theory at all and its done every single day on the net.  People can run programs without understanding programing. 

If you want to get a good start, download some of the common tools and start working with them.  Start with nmap and scan your own network or DL some vmware and install a free linux disto and scan it.  Get a sniffer and see if you capture data on your network.  Work with the tools on your own network and thats your first start. Or you can just eat up time reading about what the layer 2 protocol is supposed to do.