.

How to hack through port 80

<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Jun 05, 2008 9:34 pm

Re: How to hack through port 80

[quote=BillV]There is a difference between "asking a question" and "asking a question properly." For the former, most communities will flame you to death and shun you from ever returning.[/quote]

Absolutely true.  Yet as evidenced by mine and Bill's questions, not on EH.net, though we may have a little fun.  The majority of those here are not here
fievershly fighting for the chance to up their post/reply count.


And as Bill said:

At this point however, I'm not sure who would be willing to respond.
...which is a real shame, because looking back through the original poster's previous posts, he/she seems to be here to learn and share experiences like the rest of us.  Just think about what you're asking and how.  Though there may be no such thing as a stupid question, there is most definitely such a thing as an incomplete one.
Reluctant CISSP, Certified ASS
<<

don

User avatar

Administrator
Administrator

Posts: 4248

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Jun 05, 2008 9:44 pm

Re: How to hack through port 80

Girls, girls... you're all pretty.

Let's all ease up a bit. Thangvt asked a vague question, and English is obviously not his first language. So let's ask for clarification first before jumping down his throat. Granted his answer was still vague, but let's show him how we do things here.

This is the "Ethical" Hacker Network. Most people here take that very seriously, and thus can be a little overzealous in protecting that unique philosophy on this site. So we can also cut some slack to those who respond that way.

This site has always been kind to newbies yet firm with those who even slightly appear to be unethical. But we've always been polite in doing so. Let's not change that.

So let's try to get the communication on this site back on track before we start looking like other sites out there that are rude and do not foster an open and sharing community of professionals.

Agreed?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

phn1x

Newbie
Newbie

Posts: 26

Joined: Thu Feb 21, 2008 12:16 pm

Post Thu Jun 05, 2008 9:48 pm

Re: How to hack through port 80

not for nothing but with my sarcasm aside, I was trying to provide the dude with a valid path of research. Billv has a point about bad questions but in my year + of lerking I constantly see threads get bashed without any answer given. Think about how irritating that must be for people..

And everyone wonders where the white hat hate comes from...
<<

don

User avatar

Administrator
Administrator

Posts: 4248

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Jun 05, 2008 9:57 pm

Re: How to hack through port 80

Agreed and your pointing him to a couple books was a kewl way to help regardless of whether he had permission or not. You're also correct as I stated earlier that sometimes we are overzealous. But if I'm being fair, your stating that asking if permission is in place is BS... I respectfully disagree.

All in all, if the end result is that we all understand each other better and are more tolerant and polite, then that will make this community even better.

Don
Last edited by don on Thu Jun 05, 2008 10:04 pm, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME
<<

phn1x

Newbie
Newbie

Posts: 26

Joined: Thu Feb 21, 2008 12:16 pm

Post Thu Jun 05, 2008 10:08 pm

Re: How to hack through port 80

I'm not saying having permission is BS, I'm saying It's like people have a script running in the background:

for post in forum;do echo "unethical `cat /dev/urandom` && `tienes permission`">> forum?post=$post;done;

open every howto "`cat /dev/random`" and within the first three posts of the thread inevitably there will be a "do you have persmission." You might as well modify the php on your board to automatically include it after the author submits the post.

If you give advice to someone who then acts in malice, no one can take litigation towards you as the site owner. You are providing a service to 'ethical hackers', I'd imagine you have that in your disclosures and within the terms of service agreement. Ergo, you are more than covered legally. Furthermore, the way our justice system works is the burden of proof lies on the prosecution. Having been through a few law classes I understand that one of the elements the prosecution would have to prove beyond a reasonable doubt is the contributor acted with malice.  So, I don't understand why it's such a big deal. Personally I see it as an immediate cop out to answering a question regardless of how poorly it is asked. Now, there are the immediately obvious posts from skiddies just looking for a ./ to get in to a box. The post from the other day was an excellent example. The one im talking about is the "help me hack whatever the hell it was .com"
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1911

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jun 05, 2008 10:12 pm

Re: How to hack through port 80

Agreed. I'm glad I'm pretty, Don :-*

phn1x wrote:in my year + of lerking I constantly see threads get bashed without any answer given. Think about how irritating that must be for people..


I would say that in general, sure, there are lots of places that are exactly as you've described. I think that a very strong majority of the posts here end with answers. If you take a look at ones you've described, the failure is more due to the fact that the person seeking the answer didn't put forth enough initiative in following-up (just like this thread). Wouldn't you agree?

I understand what you're saying. I've asked questions that weren't answered in the past. Yes, of course it was irritating, but if I needed to re-clarify my question or provide more information I typically did so... I wanted the answer ;)

phn1x wrote:I'm not saying having permission is BS, I'm saying It's like people have a script running in the background. If you give advice to someone who then acts in malice, no one can take litigation towards you as the site owner. You are providing a service to 'ethical hackers',


There is enough information available here, and elsewhere on the web, to be useful for someone with malicious intent. Not every question receives a "do you have permission"' response from the get go. If you were to post a specific/detailed security question, you're more than likely to receive some good answers. This goes back to my earlier reply of asking questions properly. Aside from giving information away that in turn is used for malicious intent, from my perspective it's more about not specifically supporting people that want to gain that knowledge for unethical purposes. Make sense?
Last edited by venom77 on Thu Jun 05, 2008 10:26 pm, edited 1 time in total.
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Jun 05, 2008 10:19 pm

Re: How to hack through port 80

If you give advice to someone who then acts in malice, no one can take litigation towards you as the site owner.


You may not be legally responsible, but morally is another question.

phn1x, we've both contributed to a few of the same threats on LSO as well.  I respect your experience and what you have to say.  You seem to have been in this game for a bit longer than I have, so I'd think you'd understand asking for clarification.  It's very difficult to give an answer when you don't really know the question.

I suppose I could've just responded, "42."  ;D  (geek check)

I hope there's no harm, and most importantly that we haven't scared thangvt away.  I got burned a few times early on here...though admittedly well deservedly so.  Hell, it still happens pretty regularly ;)  But I think it's fair to say that we all mean well.

And now that we've hijacked this thread...
Reluctant CISSP, Certified ASS
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Fri Jun 06, 2008 1:30 pm

Re: How to hack through port 80

*Puts down his Pan Galactic Gargle Blaster* Yeah, I suppose it would have been easier to answer his question if he'd used the terminology and jargon we use.  And been very specific in his post. Something like:

"I have permission, and what I'm trying to do is learn how to tunnel over port 80 into a computer to pen test it.  Any suggestion?" 

In that case, I WOULD still be temped honestly to simply google "port 80 tunneling" and paste the link like so:

http://www.google.com/search?client=ope ... afe=active

I guess part of the frustration I see, is when the exact same questions are asked over and over, without the poster having done a quick google search or even better, looked through the multitude of thread titles for something that might be applicable and done a little reading.  Wow... that sounds a bit grumpy of me, could be due to the fact I'm off the back meds. :/ 

I think for the most part, the vast majority of questions I see asked are answered fairly quickly if possible, and generally with some good links for followup for the poster. I've lurked around other forums, and I would have to say ours is rather friendly, and I don't feel the need to watch for port scanning on my comp after I make a post that not everyone would like ;).  But no, I agree with Bill and Don both.  We SHOULD be polite and helpful, but I also think that taking time to think out a question fully, do a little personal research, and word it as to be clear is a responsibility of a poster as well.  We all have responsibilities, and we should live up to them.
"Bad.. Good?  I'm the guy with the gun"
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Fri Jun 06, 2008 3:32 pm

Re: How to hack through port 80



Would you also recommend him to use Opera? :P
Put that in your pipe and grep it!
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Fri Jun 06, 2008 3:56 pm

Re: How to hack through port 80

Heh... well Opera is my browser of choice.  ;)  I suppose I COULD copy a link over in IE, but that would be such a... pain.  Love the Opera heh.  I can't stand a slow browser.
"Bad.. Good?  I'm the guy with the gun"
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Fri Jun 06, 2008 7:09 pm

Re: How to hack through port 80

g00d_4sh wrote:Heh... well Opera is my browser of choice.  ;)  I suppose I COULD copy a link over in IE, but that would be such a... pain.  Love the Opera heh.  I can't stand a slow browser.


Same here. I think that's the only reason I noticed it. ;D
Put that in your pipe and grep it!
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Fri Jun 06, 2008 7:25 pm

Re: How to hack through port 80

Nice, an old Finish friend of mine turned me onto it a while back.  I used Mozilla for a bit... and IE when I had to, but neither really grabbed me.  I've found Opera rather quick, minimalist, easy to tweak, and generally just a better browser.  It's actually one of my 'No nos' I insist upon at work.  We're only supposed to use IE, but I can't stand how slow some of our web based custom programs are... Opera helps a little with the speed which helps me keep my sanity.  Last couple incarnations of it have fixed a number of the formatting issues they were having too. (Opera)
"Bad.. Good?  I'm the guy with the gun"
<<

Thangvt

Newbie
Newbie

Posts: 13

Joined: Wed Feb 28, 2007 12:24 am

Post Sat Jun 07, 2008 3:13 am

Re: How to hack through port 80

Thank all!
Sorry about my question, it's not clear.

I'm preparing for pentest and script is :
    - The network of customer open only port 80 to client can browser Web.
And i want to understand, how the hacker can tunnel from outside network to inside network through port.

I'm researching about this way. Don't for hacking and i'm not bad guy.
I think that EH is community so if i don't understand i can ask and share.

Sorry..! Thanks all.
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Sat Jun 07, 2008 8:59 am

Re: How to hack through port 80

I'm not the best hacker around, but you might use a reverse HTTP shell for that.
Put that in your pipe and grep it!
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Sat Jun 07, 2008 2:10 pm

Re: How to hack through port 80

Hacking through port 80 is most commonly done by one of 2 methods. Either through something exploitable already running there or something exploitable the hacker placed.  If you have never done this before, start off with the most basic techniques and play with netcat on 2 of your systems on your home network and see if you can connect. From there you can develop all kinds of possibilities. Code an encrypted version of netcat that will self install, etc...  If port 80 is open then something is running there and the firewall allows certain kinds of port 80 traffic. Is it vulnerable to an exploit? Is it a webserver? Can you do a SQL injection or perhaps exploit the buffer, etc...  Just because you see an open port doesn't mean you can magically connect to it with some secret command on your windows command prompt. Its interesting how many people that don't hack think this way. You have to determine what is running on that port and see if you can exploit it. If not then you have to try to connect from their side to you.
Last edited by Kev on Mon Jun 09, 2008 9:33 pm, edited 1 time in total.
Previous

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software