EvilZone
Hacking and Security => Hacking and Security => : seci March 29, 2011, 10:19:49 PM
-
Hi, I often get questions or see people write things like; "Hey I found some open ports, maybe they are hackable" or "The target got open ports, so hacking it is easy" and more stupid things like that.
First. A open port means nothing. It CAN mean everything, but not necessarily. In order for a open port to be interesting, it needs a service/program or whatever you choose to call it, listening on the port. If there are no programs using the port, its not interesting. It is not the port itself that are being hacked when you hack on a specific port. Its the software using the port. A port is nothing more than a value on a packet.
So how do you go from open port to hacked? Its quite simple, here it is..... CODE FLAWS! ;D Hacking services are the same as exploiting code flaws. If the coder of the service forgot to check/secure his buffers/user input that would be a code flaw most likely leading to a bufferoverflow. With a successful bufferoverflow there are some serious great ods you will pwn the system. If you know what you are doing that is.
My 11 cents.
-
Is this a joke?
Sure, you explained correctly the theory, a vulnerable application running in a port might give access when you overflow it. But come on... explain a little more, how does the overflow occur, writing shellcode, how to find open doors...
But even if you feel it goes offtopic or that is not your purpose you could post an example of a service exploited, showing some disassemble to see what's happening...
-
You are quite right, this was not the purpose of this topic. I might make a topic/tutorial later on with some examples regarding BoF.
-
That's why things like ASLR/DEP and PAX was developed :) Not saying you should not think about code flaws because your protected, i mean there is alot more that can be done as well (like RBAC access control) and soo on.
To bad most people don't even know how to add a second layer of security to their systems.
-
try netcat :
http://en.wikipedia.org/wiki/Netcat (http://en.wikipedia.org/wiki/Netcat)
but I recommend you to dont do stupid things however
-
METASPLOIT
-
lol....
I think the idea of the post was to explain the process behind the exploitation method, not what tools to use :P
Also netcat wouldn't exploit it, just be used to backdoor as client and server.
-
scann a computer with angryip and it had windows sharing port open used link in program to open port with exporer they had whole desktop shared :P . or tones of machines have rpc port open, ran an rpc exploit from metasploit at it = pwnd . anways always worth doing a OS scan or better p0f / networkminer to help ident the os
hope this helps