HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 42 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow Breaking In
EH-Net
May 23, 2013, 04:56:05 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1] 2   Go Down
« previous next »
  Print  
Author Topic: Breaking In  (Read 10052 times)
0 Members and 1 Guest are viewing this topic.
W3bWarl0cK
Newbie
*
Offline Offline

Posts: 9


View Profile
« on: April 08, 2009, 01:38:54 AM »
I'm just starting out with Hacking for Dummies and it's given me a great idea to set up a virtual pc and attempt to break into it.
Well, I've set up the virtual pc and I've managed to get a telnet connection to it on port 135, but now I'm stuck. What do I do now? I'd like to try and browse the filesystem remotely, but I don't know how.
I'm using Windows Vista (you may all cringe now) as the host OS and XP as the guest OS. I would've used Fedora Core or Ubuntu linux as the guest, but I think my discs are wrecked.

If anyone can post a list of telnet commands for browsing a filesystem or help me in anyway, I'd really appreciate it. After searching on google, all I keep getting is the standard list of telnet commands that appear when I type in ?
Logged
hackly66
Jr. Member
**
Offline Offline

Posts: 62



View Profile
« Reply #1 on: April 08, 2009, 08:54:19 AM »
I have not practice much with telneting, but just to discover what information the webserver would spit out, but check this link --------->http://cracksandhacks.wordpress.com/2007/10/02/telnet-hacking/
Logged
A+,Net+,Sec+
apollo
Full Member
***
Offline Offline

Posts: 146


View Profile WWW
« Reply #2 on: April 08, 2009, 03:21:42 PM »
I would recommend downloading a backtrack vm and starting here:

http://www.ethicalhacker.net/content/view/227/24/

This will walk you through the tools that you will want to start with.  via telnet, it is difficult to interact with port 135.  There are tools that will help you, but you probably want to know more about the status of the host before going further.  Look at ports open, vulnerabilities present, etc before heading in to try and get a shell.
Logged
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
crk
Newbie
*
Offline Offline

Posts: 49


View Profile
« Reply #3 on: April 10, 2009, 10:59:48 PM »
Also as a literary side note, I didn't feel like Hacking for Dummies really did a great job with explaining the basics. If I were you, and if I happened to be in the market for a good pentesting book, I would look into 'Penetration Testing and Network Defense'-Whitaker and Newman. It's basic enough that beginners can understand and technical enough that you can understand what's being said and actually learn something.

Just a helpful suggestion...I've read 'em all:-)
Logged
jason
Hero Member
*****
Offline Offline

Posts: 1012



View Profile WWW
« Reply #4 on: April 10, 2009, 11:24:41 PM »
Counterhack Reloaded by Ed Skoudis is another one that you might want to add to your library.
Logged
crk
Newbie
*
Offline Offline

Posts: 49


View Profile
« Reply #5 on: April 11, 2009, 06:21:50 PM »
Indeed it is. I forgot about that one.

Some others:

Gray Hat Hacking- Harris, Harper, Eagle, Ness
Shellcoder's Handbook- Anley, Heasman, Linder, Richarte
Hacking Exposed series- mostly by McClure, Scambray
Logged
W3bWarl0cK
Newbie
*
Offline Offline

Posts: 9


View Profile
« Reply #6 on: June 08, 2009, 01:27:37 PM »
OK, I should've done more research. I was expecting telnet to give me access to the vpc's filesystem...

I've tried looking for software that I can use to access the vpc's filesystem, but I haven't found anything.

I found some tutorials on doing all sorts of things crackers would do, but nothing on remotely accessing a protected filesystem.
Does anyone know about a tutorial on doing this or is it ridiculous to assume that such a tutorial exists?
Logged
eth3real
Sr. Member
****
Offline Offline

Posts: 309



View Profile WWW
« Reply #7 on: June 09, 2009, 08:22:46 AM »
That depends. What's the OS of your virtual machine?
Logged
Put that in your pipe and grep it!
W3bWarl0cK
Newbie
*
Offline Offline

Posts: 9


View Profile
« Reply #8 on: June 09, 2009, 02:44:22 PM »
I've got the vpc set up to use WinXP - I would prefer to use linux, but it seems my pc doesn't have the ram and stuff to handle Vista and linux running at the same time...

I'm hoping to get something that'll show me how to get into a password protected user profile too
Logged
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #9 on: June 09, 2009, 02:50:22 PM »
Quote from: W3bWarl0cK on June 09, 2009, 02:44:22 PM
...I would prefer to use linux, but it seems my pc doesn't have the ram and stuff to handle Vista and linux running at the same time...

But it'll run Vista and XP? Never come across that problem, now I'm confused.....
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #10 on: June 09, 2009, 05:42:16 PM »
Warlock,

The best advice i can give you is go get the practice pentest disks, called De-ICE, from heorot.net.

Basically you will use your VMware to boot one of those disks that have multiple vulnerabilities. Dont worry about using it... just boot it. Your not supposed to have access until you hack it.

Then boot Backtrack 4 and use it to attack the target.

Ethical hacking is designed in phases, get acquainted with the tools and concepts of each phase. 

Use the Penetration testing framework here to get started:

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

Everything is numbered, obviously since your target is a VM you can skip the Social Engineering et al.

This is a good start, let us know if you need help with a concept or tool, but do your own due diligence, it helps get the mindset of a real hacker ingrained in your head =)

 
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
UNIX
Hero Member
*****
Offline Offline

Posts: 1235


View Profile
« Reply #11 on: June 10, 2009, 12:07:51 AM »
I would also recommend you to search through this and similar websites as there are many newcomers with same or similar questions.

Just start with a few basics like networking, programming etc. and improve yourself continously. The discs mentioned by Jhaddix, the De-ICE ones, are really great for getting some experience with the whole process of penetration testing and tools which can be involved.

Another thing you may try out if interested in Linux may be DVL - Damn Vulnerable Linux. This is a linux distro which was designed to offer vulnerable services to allow different attacks.

VMWare is one of the best programs you can use in my opinion and you should definetily consider to upgrading your RAM in order to get it running smoothly. Later on the chance is high that you will use this software on a regulary basis for various tasks.

In this and other threads already a lot of books where recommended to you, so just pick the ones which looks interesting to you and start.

If you have any specific questions please feel free to ask but you have to do the work by yourself.
Logged
eRiCtHyReD
Newbie
*
Offline Offline

Posts: 18



View Profile
« Reply #12 on: June 10, 2009, 07:30:42 AM »
I also recommend OWASP Live CD:

http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
Logged
CEH MCSE CCNA  Security+ Network+ A+
SynJunkie
Jr. Member
**
Offline Offline

Posts: 71


View Profile WWW
« Reply #13 on: June 11, 2009, 04:18:44 PM »
I sort of went down the same path as you (hacking VM's etc..) when I first got a computer and abut the same time I bought "Pentesters Open Source Toolkit".  It was one of the best books I have read and I still refer back to it all the time.

As for telnet, here's a link to some commands

http://technet.microsoft.com/en-us/library/c.aspx


Cheers

Syn
Logged
----------------------------------
http://synjunkie.blogspot.com
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #14 on: June 11, 2009, 06:45:05 PM »
Quote from: eRiCtHyReD on June 10, 2009, 07:30:42 AM
I also recommend OWASP Live CD:

http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project



The OWASP Live CD focuses more on web application attacks and lacks some better features that the Samurai Web Testing Framework has.

if you want to learn Webapp hacking you'll want to setup the Hacme products by Foundstone, or damn vulnerable web app. Use SamuraiWTF to abuse these distributions (XSS, SQLi, etc)
« Last Edit: June 11, 2009, 06:48:17 PM by Jhaddix » Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
Pages: [1] 2   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.079 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.