Author Topic: Needing help regards to exploiting a group of machines... (Read 3701 times)

ElectricNoodle · « **on:** July 03, 2011, 02:00:35 am »

I currently aquired the IP Addresses of some self service machines from a certain tesco, due to a certain mishap by the store....

Now I have booted up nmap, and performed scans on all machines, and at first they show up as offline, but when I use certain parameters it returns that they are infact online, and that four ports are valid, but they are all "filtered" :S

My question is, is this the end of the road?? Is there no chance of gaining access? I know that this means that the machine is purposely ignoring my requests due to the use of a firewall of somekind.. and I also know that said machines are running Windows XP, Although Im not sure which version! Is there any scope for anything here? and if so where should I look??

Thanks

ElectricNoodle

Kulverstukas · « **Reply #1 on:** July 03, 2011, 12:28:14 pm »

try: nmap -O IP
to get a version of the machine. If that doesn't work, Metasploit's smb_version() (I think) has a pretty darn good system recognition.
There is always a way in, you just need to find it.

ElectricNoodle · « **Reply #2 on:** July 03, 2011, 01:00:52 pm »

Thanks for the reply!

Yeah I tried -O with nmap, but then the machines shows as offline, I have to use -Pn -O which then tells me that too many fingerprints match this host!! I shall look into using metasploit though!!

Kulverstukas · « **Reply #3 on:** July 03, 2011, 06:17:50 pm »

-PN isn't really good because it assumes the machine is online even though it isn't. Although it works, and if you get some ports then it is online, if not, then it is either not online or all the ports are filtered.

ande · « **Reply #4 on:** July 03, 2011, 07:02:04 pm »

Hmm, I am not quite sure I understand you. Are you on their network, or have you just located the IP of a machine on a network owned by tesco?

noob · « **Reply #5 on:** July 03, 2011, 07:41:37 pm »

That ports are probably opened just on router,not real services runing behind so you cant do nothing

Stackprotector · « **Reply #6 on:** July 03, 2011, 10:47:06 pm »

Quote from: noob on July 03, 2011, 07:41:37 pm

That ports are probably opened just on router,not real services runing behind so you cant do nothing

Typo ??

Anyway, is there a webserver online? any other services you can connect to like ftp?

ElectricNoodle · « **Reply #7 on:** July 03, 2011, 10:59:31 pm »

Well Ive had physical access to the menu of the machines, which had a system info bit, and it listed the ips there,
I know for a fact the machines are left on 24 hours a day... but like i say, when scanned, they return 4 filtered ports.. which from my knowledge means no luck

but figured I would ask here to see if there was anything else i could try?

Also, the machines are definately linked to the internet in some way, as they run automatic updates for the till software..

Stackprotector · « **Reply #8 on:** July 03, 2011, 11:04:18 pm »

Quote from: ElectricNoodle on July 03, 2011, 10:59:31 pm

Well Ive had physical access to the menu of the machines, which had a system info bit, and it listed the ips there,
I know for a fact the machines are left on 24 hours a day... but like i say, when scanned, they return 4 filtered ports.. which from my knowledge means no luck but figured I would ask here to see if there was anything else i could try?

Also, the machines are definately linked to the internet in some way, as they run automatic updates for the till software..

we already asked you, are you hacking from lan or wan?

EDIT:
I mean, is the target servers in your lan or not?

ElectricNoodle · « **Reply #9 on:** July 03, 2011, 11:08:12 pm »

Oh right sorry,

No Im not on the network of the machines!

ande · « **Reply #10 on:** July 03, 2011, 11:26:13 pm »

Quote from: ElectricNoodle on July 03, 2011, 11:08:12 pm

Oh right sorry,

No Im not on the network of the machines!

Then you are slightly fucked

If you can manage get on the LAN; You might get open non filterd ports, and you can do spoofing <3

mendaxhaxx2011 · « **Reply #11 on:** October 06, 2011, 06:26:40 am »

Guys - I have a semi-similar issue. I'm trying to test this site for XSS vulns then I tried doing

ftp://<site's url>

then it prompted me for a username/pwd. Does this mean the remote FTP is open? If so,is there a way to exploit this without pwd cracking? If not what would be the suggested approach?

Note, I'm connecting to this server via the internet.

PS : I apologize if ever this requires me to start a new thread instead of posting to this existing one. Let me know what i have to do in case I overlooked anything.

Thanks in advance

Kulverstukas · « **Reply #12 on:** October 06, 2011, 07:51:49 am »

Quote from: mendaxhaxx2011 on October 06, 2011, 06:26:40 am

Guys - I have a semi-similar issue. I'm trying to test this site for XSS vulns then I tried doing

ftp://<site's url>

then it prompted me for a username/pwd. Does this mean the remote FTP is open?

Yes. The FTP is open for everyone who has a password.

Quote from: mendaxhaxx2011 link=topic=1360.msg10150#msg10150 date=1317875200

If so,is there a way to exploit this without pwd cracking? If not what would be the suggested approach?

At first I'd try nmap and see what version it is running, maybe do some banner grabbing and if the banners aren't spoofed, you are lucky. If the version of FTP on that site is very old, it will most likely have few public exploits around. Check exploit-db or 1337day.com.

EvilZone

News: