.

getting access !! ??

<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Tue May 12, 2009 12:36 am

getting access !! ??

hello every one im Tarek newbie :)

i was wondering about when i make scan with Nmap and find the open ports in the scanning method if i got ports like 139 its for netbios thats right ?

i connected my self to the machine with null session and after that wat should i do to connect and crack the password ? should i get the users info with dumpsec or getacc or something  first ..and after i get the users names how can i get the passwords ?
<<

Otter

Newbie
Newbie

Posts: 41

Joined: Tue Jul 03, 2007 1:03 pm

Post Tue May 12, 2009 2:35 am

Re: getting access !! ??

rebrov wrote:hello every one im Tarek newbie :)

i was wondering about when i make scan with Nmap and find the open ports in the scanning method if i got ports like 139 its for netbios thats right ?

i connected my self to the machine with null session and after that wat should i do to connect and crack the password ? should i get the users info with dumpsec or getacc or something  first ..and after i get the users names how can i get the passwords ?


139 is traditionally netbios, yeah.

Add the -sV option to your scan.  That's the nmap service fingerprinting option.  It'll run actually meaningful packets at the service and attempt to divine what protocol is listening rather than just relying on /etc/services  for guesses.

Next, you are doing this testing on systems you own or have written permission to test against, right?

If so, then  hydra is probably the most powerful brute forcing tool.  It supports lots of services including SMB. 

Careful though:  many windows domains are configured with a lockout policy and you could DoS the hell out of your client if you're not careful.  Please be careful, ethical and legal. 
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Tue May 12, 2009 6:38 am

Re: getting access !! ??

nice info but somethings i didn't figure out :S cuz im still newbie can u add me i wanna chat and know somethings from u online as i posted in the prev thread if its not forbidden again my email is :

incomplete.heart@hotmail.com

i just want to share ur knowledge with me :) like knowledge giving :D
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue May 12, 2009 8:07 am

Re: getting access !! ??

We usually like to keep the discussions open so that everyone can benefit. Just post your questions here.
twitter.com/timmedin | http://blog.securitywhole.com
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Tue May 12, 2009 8:38 am

Re: getting access !! ??

if then i will ask alot of questions  ;D if its alright can i ask any questions here ? or should i post every questions in single post ?

1- when im scanning target with nmap and i found the open ports we know that 139 port for netbios and i make nullsession connect via dos

after that wat should i do to get connect to the remote machine !!!

cuz i tried to get the use with dumpsec but not connected and i didn't get any info about the target user ? and even so i got the users of this target

how can i know the passwords of them ? and after all how can i connect ?

:) :) sorry but CEH didn't teach me wat i want i think i should take the course cuz im studing is over the net
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue May 12, 2009 8:58 am

Re: getting access !! ??

Well, a null session isn't necessarily going to give you much access if the machine is properly configured.  If the machine has restrict anonymous settings configured, a null session should not be enough to enumerate users, shares, etc.    Look into Cain and Abel, it has a very nice feature for working with null session connections.

Once you have done your recon and determined that the machine is a Windows box, and has NetBIOS running, your next step is to enumerate all of the running services and see if there are any vulnerabilities you can exploit.  Look into Nessus.  Their home feed is free.  It will scan the machine and attempt to determine any vulnerabilities you can exploit.

Your next task becomes exploiting those vulnerabilities.  You can looking the metasploit project, check milw0rm for any known exploits, etc.  Your object is to "root" the box. 

This is just one of the ways you can gain access to the box.  Hackers will never take the hard route, they will find the easiest way of accessing the box.  Look for any wireless connections that machine may established.  You can attempt to extract credentials by getting the box to join a rogue wifi network you can create.  You can also simply ask for the password.  You can try a client-side attack vector as well.  Your job here is to get around the security.
~~~~~~~~~~~~~~
Ketchup
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Tue May 12, 2009 3:39 pm

Re: getting access !! ??

im not at WI connection and the box im trying to getting access to is not in Wi Fi connection either so wat im gonna do ??

i want to make easy not hard route like u said !!

and btw

i just cracked my server FTP password as Admin

wat is the next step to get into this server ??

like injecting trojan ,,, i need to know how to connect my self to the server computer as remote control i guess its not hard now after i know the pass right ???

should i inject trojan via ftp ?? and how ??

or use another method to connect to this server box and control it ?

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software