EvilZone
Hacking and Security => Hacking and Security => : ElectricNoodle July 03, 2011, 02:00:35 AM
-
I currently aquired the IP Addresses of some self service machines from a certain tesco, due to a certain mishap by the store....
Now I have booted up nmap, and performed scans on all machines, and at first they show up as offline, but when I use certain parameters it returns that they are infact online, and that four ports are valid, but they are all "filtered" :S
My question is, is this the end of the road?? Is there no chance of gaining access? I know that this means that the machine is purposely ignoring my requests due to the use of a firewall of somekind.. and I also know that said machines are running Windows XP, Although Im not sure which version! Is there any scope for anything here? and if so where should I look??
Thanks :)
ElectricNoodle
-
try: nmap -O IP
to get a version of the machine. If that doesn't work, Metasploit's smb_version() (I think) has a pretty darn good system recognition.
There is always a way in, you just need to find it.
-
Thanks for the reply!
Yeah I tried -O with nmap, but then the machines shows as offline, I have to use -Pn -O which then tells me that too many fingerprints match this host!! I shall look into using metasploit though!! :P
-
-PN isn't really good because it assumes the machine is online even though it isn't. Although it works, and if you get some ports then it is online, if not, then it is either not online or all the ports are filtered.
-
Hmm, I am not quite sure I understand you. Are you on their network, or have you just located the IP of a machine on a network owned by tesco?
-
That ports are probably opened just on router,not real services runing behind so you cant do nothing
-
That ports are probably opened just on router,not real services runing behind so you cant do nothing
Typo ??:P
Anyway, is there a webserver online? any other services you can connect to like ftp?
-
Well Ive had physical access to the menu of the machines, which had a system info bit, and it listed the ips there,
I know for a fact the machines are left on 24 hours a day... but like i say, when scanned, they return 4 filtered ports.. which from my knowledge means no luck :( but figured I would ask here to see if there was anything else i could try?
Also, the machines are definately linked to the internet in some way, as they run automatic updates for the till software..
-
Well Ive had physical access to the menu of the machines, which had a system info bit, and it listed the ips there,
I know for a fact the machines are left on 24 hours a day... but like i say, when scanned, they return 4 filtered ports.. which from my knowledge means no luck :( but figured I would ask here to see if there was anything else i could try?
Also, the machines are definately linked to the internet in some way, as they run automatic updates for the till software..
we already asked you, are you hacking from lan or wan?
EDIT:
I mean, is the target servers in your lan or not?
-
Oh right sorry,
No Im not on the network of the machines!
-
Oh right sorry,
No Im not on the network of the machines!
Then you are slightly fucked :P If you can manage get on the LAN; You might get open non filterd ports, and you can do spoofing <3
-
Guys - I have a semi-similar issue. I'm trying to test this site for XSS vulns then I tried doing
ftp://<site's url>
then it prompted me for a username/pwd. Does this mean the remote FTP is open? If so,is there a way to exploit this without pwd cracking? If not what would be the suggested approach?
Note, I'm connecting to this server via the internet.
PS : I apologize if ever this requires me to start a new thread instead of posting to this existing one. Let me know what i have to do in case I overlooked anything.
Thanks in advance
-
Guys - I have a semi-similar issue. I'm trying to test this site for XSS vulns then I tried doing
ftp://<site's url>
then it prompted me for a username/pwd. Does this mean the remote FTP is open?
Yes. The FTP is open for everyone who has a password.
If so,is there a way to exploit this without pwd cracking? If not what would be the suggested approach?
At first I'd try nmap and see what version it is running, maybe do some banner grabbing and if the banners aren't spoofed, you are lucky. If the version of FTP on that site is very old, it will most likely have few public exploits around. Check exploit-db or 1337day.com.