The Ethical Hacker Network - How to hack through port 80

Thangvt

Newbie

Offline

Posts: 13

How to hack through port 80

« on: June 05, 2008, 09:17:30 AM »

Hi all,
Script is
- from outside hack inside network through port 80.

Outside ----> FW( CheckPoint or ISA ) -------> Server (Web Server or Mail Server)

Any body here can help me this case?. If you have study guide or relate info please message to me.

Thanks!


	Logged

BillV

Hero Member

Offline

Posts: 1892

Re: How to hack through port 80

« Reply #1 on: June 05, 2008, 09:30:36 AM »

format C: /Q /X on Windows

rm -rf / on linux


	Logged

Andrew Waite

Hero Member

Offline

Posts: 928

Re: How to hack through port 80

« Reply #2 on: June 05, 2008, 09:46:16 AM »

BillV?...... tut tut Roll Eyes


	Logged

-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk

oneeyedcarmen

Full Member

Offline

Posts: 233

Klaatu, Borada,Necktie?

Re: How to hack through port 80

« Reply #3 on: June 05, 2008, 09:58:38 AM »


	Logged

Reluctant CISSP, Certified ASS

BillV

Hero Member

Offline

Posts: 1892

Re: How to hack through port 80

« Reply #4 on: June 05, 2008, 10:08:36 AM »

Quote from: RoleReversal on June 05, 2008, 09:46:16 AM

BillV?...... tut tut Roll Eyes

As the saying goes... "Ask a stupid question....."


	Logged

Thangvt

Newbie

Offline

Posts: 13

Re: How to hack through port 80

« Reply #5 on: June 05, 2008, 10:37:13 AM »

Quote from: BillV on June 05, 2008, 10:08:36 AM

Quote from: RoleReversal on June 05, 2008, 09:46:16 AM

BillV?...... tut tut Roll Eyes

As the saying goes... "Ask a stupid question....." Huh

What's for stupid? U ar crazy??

It's real for a company. They already have FW and preparing buy IPS appliance. If you don't have comments, don't reply !


	Logged

oneeyedcarmen

Full Member

Offline

Posts: 233

Klaatu, Borada,Necktie?

Re: How to hack through port 80

« Reply #6 on: June 05, 2008, 10:54:40 AM »

Quote from: Thangvt

It's real for a company. They already have FW and preparing buy IPS appliance. If you don't have comments, don't reply !

Could you describe for us what the scope of your test is, and the ROE you've set up with the target company?

And please be more specific with your question. The original is incredibly generic.

Thanks.


	Logged

Reluctant CISSP, Certified ASS

BillV

Hero Member

Offline

Posts: 1892

Re: How to hack through port 80

« Reply #7 on: June 05, 2008, 10:55:25 AM »

Quote from: Thangvt on June 05, 2008, 10:37:13 AM

What's for stupid? U ar crazy??

It's real for a company. They already have FW and preparing buy IPS appliance. If you don't have comments, don't reply !

Oh believe me, I have comments... I just hold back most of them Wink

"It's real for a company" .... what does this mean?

If you have a real question, than feel free to elaborate and you might get a more thoughtful response.


	Logged

Dengar13

Sr. Member

Offline

Posts: 380

Re: How to hack through port 80

« Reply #8 on: June 05, 2008, 11:33:03 AM »

Whew...it is getting hot in this thread...lol! Tongue


	Logged

A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

g00d_4sh

Sr. Member

Offline

Posts: 394

Re: How to hack through port 80

« Reply #9 on: June 05, 2008, 01:47:47 PM »

Heh... Bill, you just made my day. I haven't seen a format C: comment in too long... Even with switches, good man.


	Logged

"Bad.. Good? I'm the guy with the gun"

BillV

Hero Member

Offline

Posts: 1892

Re: How to hack through port 80

« Reply #10 on: June 05, 2008, 03:14:28 PM »

Quote from: Thangvt

What's for stupid? U ar crazy?? If you don't have comments, don't reply !

Quote from: g00d_4sh on June 05, 2008, 01:47:47 PM

Heh... Bill, you just made my day. I haven't seen a format C: comment in too long... Even with switches, good man.

Irritating to some, joyful to others
That's my personal motto for the day Wink


	Logged

oneeyedcarmen

Full Member

Offline

Posts: 233

Klaatu, Borada,Necktie?

Re: How to hack through port 80

« Reply #11 on: June 05, 2008, 03:21:54 PM »

Quote from: BillV

Irritating to some, joyful to others

I think you've just put into words how I've lived these last 30 years!


	Logged

Reluctant CISSP, Certified ASS

g00d_4sh

Sr. Member

Offline

Posts: 394

Re: How to hack through port 80

« Reply #12 on: June 05, 2008, 03:45:43 PM »

Hahaha... life is too short not to flip a little shit around. And giving advice like that helps to instruct people in the fine art of RTFM... and double checking advice you see online.


	Logged

"Bad.. Good? I'm the guy with the gun"

phn1x

Newbie

Offline

Posts: 26

Re: How to hack through port 80

« Reply #13 on: June 05, 2008, 05:20:40 PM »

Aside from the overwhelmingly insightful advice everyone gave previous to this comment, Ethics, legality, ROE and "Do you have permission" bs replies aside. Let me start by stating your vague question draws no mercy from everyone fievershly fighting for the chance to up their post/reply count.

In theory the target is a web server that you are attacking with a firewall placed between the cloud and it. Your objective should first be to obtain as much information as possible about what is running on port 80. You will want to perform banner grabs, fingerprinting the Web Server and seeing what else it supports. These day's apache is the majority, and it's pretty solid. However, if your lucky enough to find extension/plugins there may be hope yet. After you figure out the server you want to start looking at the actual webpage/web application. If it's a webpage what is the content? Ideally though you hope for a web application of some sorts that you can then determine the logic and start attacking it from there. From your question I can only guess you are knew at penetration testing and web assessments. Ergo, I recommend you read the following libro's:

http://www.amazon.com/Professional-Pen-Testing-Applications-Programmer/dp/0471789666/ref=sr_1_1?ie=UTF8&s=books&qid=1212704329&sr=8-1

http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/0470170778/ref=sr_1_1?ie=UTF8&s=books&qid=1212704355&sr=8-1

You can also look into the Hacking Exposed Version 1 and 2 for web applications. Although I stray away from them they are decent introductory material and usually outline an excellent flow chart in which you can base your methodology.


	Logged

BillV

Hero Member

Offline

Posts: 1892

Re: How to hack through port 80

« Reply #14 on: June 05, 2008, 07:23:21 PM »

Quote from: phn1x on June 05, 2008, 05:20:40 PM

Yes, and in addition to that we're able to pick up on sarcasm too. Shocker!

I had this typed up once but my session timed out (damn SMF) so I'll keep it short and simple this time.

The bottom line is:

if you want a real answer, ask a real question.

There is a difference between "asking a question" and "asking a question properly." For the former, most communities will flame you to death and shun you from ever returning.

If you're going to pose a question to a community focused on being professional, there are much better ways to make an introduction or post your question that will yield far greater results: Link 1 Link 2 Link 3

Quite simply, I find comments like "how do I hack through port 80" and "it's real for a company," in a word, stupid. Despite your disregard for ethics as stated in your post, that's what this community is focused on. You'll get a much better response for posting a question that makes you look more serious about what you're doing. Otherwise, it just begs the return question of "what the hell are you doing?"

Don't mess with someone's website/network if that's not what you should be doing. No one here is going to encourage that. I believe it was asked plenty enough for the poster to elaborate on his question. At this point however, I'm not sure who would be willing to respond.


	Logged

Pages: [1] 2 Go Up

« previous next »