EvilZone

Community => General discussion => : zohraan March 31, 2012, 09:49:26 PM

: Let's talk about OPEN PORTS
: zohraan March 31, 2012, 09:49:26 PM: We often use Nmap to scan for open ports, but would someone like to talk about how to assess open port vulnerabilities and exploit them successfully ? Further, whats the next step after an exploit is completed successfully, how to connect to the target system to upload a PHP shell, either with Netcat or something other ... Help please ! Thanking you already ! :)
: Re: Let's talk about OPEN PORTS
: Kulverstukas March 31, 2012, 10:06:37 PM: Exploiting services that run on the scanned ports are much more than uploading a PHP shell, even for webservers. When you complete an exploit, of course depending on the type of it (assuming it's not a DoS) you usually connect to that IP on the exploited port and get access to the system. From there you can do whatever you want, or you might have to elevate yourself because you might get access to a limited user instead of root.

General answer ^ :P
: Re: Let's talk about OPEN PORTS
: zohraan April 01, 2012, 03:54:55 AM: Seems cool, I have to use Netcat for connecting to system ? :)
: Re: Let's talk about OPEN PORTS
: Kulverstukas April 01, 2012, 08:55:57 AM: : zohraan April 01, 2012, 03:54:55 AM
Seems cool, I have to use Netcat for connecting to system ? :)
You don't HAVE to - there are others tools as well such as Telnet :D, but netcat is the best. It ain't called "The Swiss Army knife" for nothing :D as I recall you can even make a backdoor with netcat - it's legit because most AV's don't pick it up.
: Re: Let's talk about OPEN PORTS
: zohraan April 01, 2012, 12:07:50 PM: Okay fine. Thanks broda !
: Re: Let's talk about OPEN PORTS
: hanorotu April 01, 2012, 09:27:14 PM: Sorry to interrupt, what what the hell is Netcat? I've seen people on here talking about it. But I haven't ever used it. I've always just stuck to my telnet xD
: Re: Let's talk about OPEN PORTS
: dataspy April 02, 2012, 02:20:24 AM: : hanorotu April 01, 2012, 09:27:14 PM
Sorry to interrupt, what what the hell is Netcat? I've seen people on here talking about it. But I haven't ever used it. I've always just stuck to my telnet xD

Taken from http://en.wikipedia.org/wiki/Netcat
Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities.
: Re: Let's talk about OPEN PORTS
: zohraan April 02, 2012, 06:48:10 AM: Explained above, good. :)
: Re: Let's talk about OPEN PORTS
: -Konvict- April 07, 2012, 08:57:25 PM: I would like to add that most ports can be left safely open depending on whats running on the port, so nmap is good at finding the service ie: -sV --version-all (--version-all probes for service info at an "intensity of 9")
hope this was helpful ;)
: Re: Let's talk about OPEN PORTS
: zohraan April 07, 2012, 09:00:53 PM: : -Konvict- April 07, 2012, 08:57:25 PM
I would like to add that most ports can be left safely open depending on whats running on the port, so nmap is good at finding the service ie: -sV --version-all (--version-all probes for service info at an "intensity of 9")
hope this was helpful ;)

Yes exactly. We can also use --script=banner.nse for finding services banners, almost same as -sV , I love Nmap scripts. :)