.

How to hack through port 80

<<

Thangvt

Newbie
Newbie

Posts: 13

Joined: Wed Feb 28, 2007 12:24 am

Post Thu Jun 05, 2008 9:17 am

How to hack through port 80

Hi all,
Script is
- from outside hack  inside network through port 80.

Outside ----> FW( CheckPoint or ISA ) -------> Server (Web Server or Mail Server)

Any body here can help me this case?. If you have study guide or relate info please message to me.

Thanks!
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jun 05, 2008 9:30 am

Re: How to hack through port 80

format C: /Q /X on Windows

rm -rf / on linux
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Jun 05, 2008 9:46 am

Re: How to hack through port 80

BillV?...... tut tut  ::)
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Jun 05, 2008 9:58 am

Re: How to hack through port 80

Image
Reluctant CISSP, Certified ASS
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jun 05, 2008 10:08 am

Re: How to hack through port 80

RoleReversal wrote:BillV?...... tut tut  ::)


As the saying goes... "Ask a stupid question....."
<<

Thangvt

Newbie
Newbie

Posts: 13

Joined: Wed Feb 28, 2007 12:24 am

Post Thu Jun 05, 2008 10:37 am

Re: How to hack through port 80

BillV wrote:
RoleReversal wrote:BillV?...... tut tut  ::)


As the saying goes... "Ask a stupid question....." ???
What's for stupid? U ar crazy??

It's real for a company. They already have FW and preparing buy IPS appliance. If you don't have comments, don't reply !
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Jun 05, 2008 10:54 am

Re: How to hack through port 80

[quote=Thangvt]It's real for a company. They already have FW and preparing buy IPS appliance. If you don't have comments, don't reply ! [/quote]

Could you describe for us what the scope of your test is, and the ROE you've set up with the target company?

And please be more specific with your question.  The original is incredibly generic.

Thanks.
Reluctant CISSP, Certified ASS
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jun 05, 2008 10:55 am

Re: How to hack through port 80

Thangvt wrote:What's for stupid? U ar crazy??

It's real for a company. They already have FW and preparing buy IPS appliance. If you don't have comments, don't reply !


Oh believe me, I have comments... I just hold back most of them ;)

"It's real for a company" .... what does this mean?

If you have a real question, than feel free to elaborate and you might get a more thoughtful response.
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Jun 05, 2008 11:33 am

Re: How to hack through port 80

Whew...it is getting hot in this thread...lol!  :P
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Thu Jun 05, 2008 1:47 pm

Re: How to hack through port 80

Heh... Bill, you just made my day.  I haven't seen a format C: comment in too long... Even with switches, good man. 
"Bad.. Good?  I'm the guy with the gun"
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jun 05, 2008 3:14 pm

Re: How to hack through port 80

Thangvt wrote:What's for stupid? U ar crazy?? If you don't have comments, don't reply !


g00d_4sh wrote:Heh... Bill, you just made my day.  I haven't seen a format C: comment in too long... Even with switches, good man. 


Irritating to some, joyful to others
That's my personal motto for the day ;)
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Jun 05, 2008 3:21 pm

Re: How to hack through port 80

[quote=BillV]Irritating to some, joyful to others[/quote]

;D

I think you've just put into words how I've lived these last 30 years!
Reluctant CISSP, Certified ASS
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Thu Jun 05, 2008 3:45 pm

Re: How to hack through port 80

Hahaha... life is too short not to flip a little shit around.  And giving advice like that helps to instruct people in the fine art of RTFM... and double checking advice you see online. 
"Bad.. Good?  I'm the guy with the gun"
<<

phn1x

Newbie
Newbie

Posts: 26

Joined: Thu Feb 21, 2008 12:16 pm

Post Thu Jun 05, 2008 5:20 pm

Re: How to hack through port 80

Aside from the overwhelmingly insightful advice everyone gave previous to this comment, Ethics, legality, ROE and "Do you have permission" bs replies aside. Let me start by stating your vague question draws no mercy from everyone fievershly fighting for the chance to up their post/reply count.


In theory the target is a web server that you are attacking with a firewall placed between the cloud and it. Your objective should first be to obtain as much information as possible about what is running on port 80. You will want to perform banner grabs, fingerprinting the Web Server and seeing what else it supports. These day's apache is the majority, and it's pretty solid. However, if your lucky enough to find extension/plugins there may be hope yet. After you figure out the server you want to start looking at the actual webpage/web application. If it's a webpage what is the content? Ideally though you hope for a web application of some sorts that you can then determine the logic and start attacking it from there. From your question I can only guess you are knew at penetration testing and web assessments. Ergo, I recommend you read the following libro's:

http://www.amazon.com/Professional-Pen- ... 329&sr=8-1

http://www.amazon.com/Web-Application-H ... 355&sr=8-1

You can also look into the Hacking Exposed Version 1 and 2 for web applications. Although I stray away from them they are decent introductory material and usually outline an excellent flow chart in which you can base your methodology.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jun 05, 2008 7:23 pm

Re: How to hack through port 80

phn1x wrote:Aside from the overwhelmingly insightful advice everyone gave previous to this comment, Ethics, legality, ROE and "Do you have permission" bs replies aside. Let me start by stating your vague question draws no mercy from everyone fievershly fighting for the chance to up their post/reply count.


Yes, and in addition to that we're able to pick up on sarcasm too. Shocker!

I had this typed up once but my session timed out (damn SMF) so I'll keep it short and simple this time.

The bottom line is:

if you want a real answer, ask a real question.

There is a difference between "asking a question" and "asking a question properly." For the former, most communities will flame you to death and shun you from ever returning.

If you're going to pose a question to a community focused on being professional, there are much better ways to make an introduction or post your question that will yield far greater results: Link 1 Link 2 Link 3

Quite simply, I find comments like "how do I hack through port 80" and "it's real for a company," in a word, stupid. Despite your disregard for ethics as stated in your post, that's what this community is focused on. You'll get a much better response for posting a question that makes you look more serious about what you're doing. Otherwise, it just begs the return question of "what the hell are you doing?"

Don't mess with someone's website/network if that's not what you should be doing. No one here is going to encourage that. I believe it was asked plenty enough for the poster to elaborate on his question. At this point however, I'm not sure who would be willing to respond.
Next

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software