helloo again since no one answered my latest reply in my latest thread ima going to create new one here maybe some one will reply me

i just bruteforced my network FTP server 192.168.16.1 iknow the user and pass now  (Legal pen test)

i connected to this server with CuteFTP pro software to c wats files up there

i didn't find any files just blank if i did it wrong what should the next step after cracking the user and pass to be ?

Maybe you cracked a username and password for a group account that was given access to only a certain folder, and that folder currently has nothing in it. If you didn't get error messages from CuteFTP and it reports that you connected successfully, then UNIX is right. You were successful. If you goal was to gain root access to the box, then your goals should be different.

Then again, if it was a legal pen test, IE it's just not for your company but that you have the permission of the admins of that box (or permission from their bosses), then report your findings. Maybe it fits exactly what the policy of your organization requires. Or try brute forcing an admin account. You could also try using the UN & PW that you brute forced on another box that is not an FTP Server. How about using those credentials on a domain controller?

Hope this helps,
Don

first of all i accesses in Administrator right not reguler user its Admin and when i connected with cuteftp it succeded connected but no folders and about services yes i got some and alot of services runing on the server but i dont know wat and how to access through them all i got now is

FTP access to the server box with Admin as user -->> wat should i do as the next step if u have FTP access ?? 

first i didn't get wat u mean Sir with save file from ur client machine ?

second look all i want to know to do real hack to this machine via FTP

is it possible ?

and dont worry my network owner my friend and he know so its legal but i wanna do real access on the machine

The tips given by Hayabusa0194 and don should be read by you closely.

As you wrote about "real access" maybe the FTP is not the best contact point, but it could give you more information to work on. Often people use their credentials for different services, websites etc. and onced found out, you can often use it for gathering more information.

What other services have you discovered? As of your writing I assume that this is a Blackboxtest (no knowledge about the infratsructure etc.)?

You could look for existing exploits for the ftp server running on the target machine or if you know howto write your own. Often there are exploits easily available for certain programs which will save you time in your task.

If you can't go any further with your bruted ftp account I would recommend to go back and start the process from the beginning (or at least from the information you have gathered so far, e.g. running services, open ports, etc.). Maybe there are some other vulnerable services you could exploit for gaining access.

Is Social Engineering by your 'friend' also allowed? If so, try this out too if you have the ability to talk good to people. Often you get much information just by asking (or pretending). This part of a penetration test is definetily often underestimated.

Do you already know which service packs are included on the target? Maybe it i not up-to-date (check if possible for its uptime and search if there where any critical updates between the time it is running and now).

There are really many ways to penetrate into a machine, but it is important to know the basics (which in my opinion you are somehow lacking; don't take it offensive). If you are really interested in this subject go read some books and make some research. In the forums you will find many recommendations from the pros, so use them.

We do support you, as much as we can, rebrov.  Each of us has been where you are.  None of us just picked up a computer and hacked systems, with no learning curve, behind it.  We also understand the difficulty with English, as many of us deal with customers and co-workers who are in the same situation.  If there's a term you need clarified, by all means, ask, and we'll try to explain it.  But you must also be willing to spend some time, yourself, trying to understand and find meaning, as this IS a website, where 'us members' don't just sit and monitor all day, waiting for the opportunity to clarify things.  :-)

In your case, it's just that we CAN'T easily tell you to 'do this, or do that' simply by knowing you gained a user account with ftp access.  As I'd said, there's very little 'ELSE' we can offer, simply by knowing you successfully found a user account and password for the ftp server.  You'll learn as you progress and study that MUCH more time must be spent in enumeration (where you find open ports / services and research exploits and hacks available for those services.)  We can't simply say, 'Look at 'abc' process and run ' xyz' exploit, because we aren't in the know on what services are running on it, ourselves, and where to send you.

Again, it'd be well for you to spend some time with the de-ice bootable security lessons and others, which will help you to learn, more effectively, how to deal with what you find, and how to use other resources, such as milw0rm, on the web, to help you locate known exploits for various findings.  Also, assuming this MIGHT be a windows server, you might do well to obtain some hackable windows VMWare images (you'd have to search the net, or obtain them from a CEH course or something,) or intentionally dig and install some vulnerable windows executables on a lab machine, so you can spend some time learning where to go with the information you uncover.  Additionally building your OWN lab up, and spending time hacking against it, is well worth effort (assuming you have the resources, but if you don't, and your friend is obviously letting you test on his systems, then maybe HE can help you setup a lab.)  There are good books out there on the subject, such as:

http://www.amazon.com/Build-Your-Own-Security-Lab/dp/0470179864

I think you'll find we all will do our best to help you out, but until you've been able to dig further, and provide more information than simply having gained ftp access, it leaves us in a position where we have no further advice to offer, other than what we have already given you.  With learning comes research, and with research comes time.  And sometimes, with both, comes much frustration, pain, and confusion.  You have to 'roll with the punches,' so to speak, and just 'roll up your sleeves' keep 'plugging away.'   (Sorry, this means, work through frustration, increase your knowledge and skills through study and testing, and keep trying.)

But, if you're just learning, to simply start out with ftp account brute force access, and to hope for a quick root access hack, is NOT a reasonable expectation.  Not if you won't take what we've given you (hints = SQL, Domain Controller, RPC,) and start exploring.  That's how all of us learned the trade, and learning to understand the flow and other possibilities is essential.

Please understand, we're on here to help you learn.  And we're generally happy to do so.  It's just that, as you progress, you also have to learn what to ask us, what information to provide when you ask it, and what to do with the answers you're given.

Good luck, and I wish you well in your learning, rebrov.

thanks Hayabusa for this info and for trying help me and giving me some knowledge , but actually something i want to know m8 is :

when i scan the target and find ports and services wats the diffrent if i find ports opened and services ? isn't it ports = services ports ?

same ?
and even if i found the ports and the services ? i found them with tool scan network called look@lan i dunno its good or bad but i think its good i can find with it the ports and the services how can i exploit them to get root access to the server i dont know alot about exploiting the target like find the ports and then find the exploits for them ,, and about the SQL i dont know about it and how can i use it the course i downloaded didn't learn me alot like i excpected :S i want to learn from u how to start

Ports and Services are not the same, no. Although many services are applied to certain ports (e.g. FTP often uses port 21), it is possible to let a service run on different ports too. So just because port 21 is open on a machine it does not mean for sure that a ftp server is running.
Also often malware etc. uses ports which are used usually by different services.

A good scanning software which you may test too is nmap which can be found at http://nmap.org/

Just because you found an open port it does not mean that you can automatically exploit it. When you know a certain service/ software running on a machine and can't write your exploits by yourself then just search on google or other sites for already existing exploits. There are already thousands available

When you want to learn about SQL more, why not search about it? I searched only one minute and found already plenty of very useful information. Also on this (and other) subjects are many many books available which will teach you.