Author Topic: Needing help regards to exploiting a group of machines...  (Read 3702 times)

0 Members and 1 Guest are viewing this topic.

Offline ElectricNoodle

  • Serf
  • *
  • Posts: 38
  • Cookies: 6
    • View Profile
Needing help regards to exploiting a group of machines...
« on: July 03, 2011, 02:00:35 am »
I currently aquired the IP Addresses of some self service machines from a certain tesco, due to a certain mishap by the store....

Now I have booted up nmap, and performed scans on all machines, and at first they show up as offline, but when I use certain parameters it returns that they are infact online, and that four ports are valid, but they are all "filtered" :S

My question is, is this the end of the road?? Is there no chance of gaining access? I know that this means that the machine is purposely ignoring my requests due to the use of a firewall of somekind.. and I also know that said machines are running Windows XP, Although Im not sure which version! Is there any scope for anything here? and if so where should I look??

Thanks :)

ElectricNoodle

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Needing help regards to exploiting a group of machines...
« Reply #1 on: July 03, 2011, 12:28:14 pm »
try: nmap -O IP
to get a version of the machine. If that doesn't work, Metasploit's smb_version() (I think) has a pretty darn good system recognition.
There is always a way in, you just need to find it.

Offline ElectricNoodle

  • Serf
  • *
  • Posts: 38
  • Cookies: 6
    • View Profile
Re: Needing help regards to exploiting a group of machines...
« Reply #2 on: July 03, 2011, 01:00:52 pm »
Thanks for the reply!

Yeah I tried -O with nmap, but then the machines shows as offline, I have to use -Pn -O which then tells me that too many fingerprints match this host!! I shall look into using metasploit though!! :P

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Needing help regards to exploiting a group of machines...
« Reply #3 on: July 03, 2011, 06:17:50 pm »
-PN isn't really good because it assumes the machine is online even though it isn't. Although it works, and if you get some ports then it is online, if not, then it is either not online or all the ports are filtered.

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Needing help regards to exploiting a group of machines...
« Reply #4 on: July 03, 2011, 07:02:04 pm »
Hmm, I am not quite sure I understand you. Are you on their network, or have you just located the IP of a machine on a network owned by tesco?
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline noob

  • Knight
  • **
  • Posts: 202
  • Cookies: 29
    • View Profile
Re: Needing help regards to exploiting a group of machines...
« Reply #5 on: July 03, 2011, 07:41:37 pm »
That ports are probably opened just on router,not real services runing behind so you cant do nothing

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Needing help regards to exploiting a group of machines...
« Reply #6 on: July 03, 2011, 10:47:06 pm »
That ports are probably opened just on router,not real services runing behind so you cant do nothing
Typo ??:P
Anyway,   is there a webserver online? any other services you can connect to like ftp?
~Factionwars

Offline ElectricNoodle

  • Serf
  • *
  • Posts: 38
  • Cookies: 6
    • View Profile
Re: Needing help regards to exploiting a group of machines...
« Reply #7 on: July 03, 2011, 10:59:31 pm »
Well Ive had physical access to the menu of the machines, which had a system info bit, and it listed the ips there,
I know for a fact the machines are left on 24 hours a day... but like i say, when scanned, they return 4 filtered ports.. which from my knowledge means no luck :( but figured I would ask here to see if there was anything else i could try?

Also, the machines are definately linked to the internet in some way, as they run automatic updates for the till software..
« Last Edit: July 03, 2011, 11:02:26 pm by ElectricNoodle »

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Needing help regards to exploiting a group of machines...
« Reply #8 on: July 03, 2011, 11:04:18 pm »
Well Ive had physical access to the menu of the machines, which had a system info bit, and it listed the ips there,
I know for a fact the machines are left on 24 hours a day... but like i say, when scanned, they return 4 filtered ports.. which from my knowledge means no luck :( but figured I would ask here to see if there was anything else i could try?

Also, the machines are definately linked to the internet in some way, as they run automatic updates for the till software..
we already asked you, are you hacking from lan or wan?

EDIT:
I mean, is the target servers in your lan or not?
« Last Edit: July 03, 2011, 11:04:46 pm by Factionwars »
~Factionwars

Offline ElectricNoodle

  • Serf
  • *
  • Posts: 38
  • Cookies: 6
    • View Profile
Re: Needing help regards to exploiting a group of machines...
« Reply #9 on: July 03, 2011, 11:08:12 pm »
Oh right sorry,

No Im not on the network of the machines!

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Needing help regards to exploiting a group of machines...
« Reply #10 on: July 03, 2011, 11:26:13 pm »
Oh right sorry,

No Im not on the network of the machines!


Then you are slightly fucked :P If you can manage get on the LAN; You might get open non filterd ports, and you can do spoofing <3
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline mendaxhaxx2011

  • /dev/null
  • *
  • Posts: 17
  • Cookies: 2
  • Let others be free so you can be free yourself
    • View Profile
Re: Needing help regards to exploiting a group of machines...
« Reply #11 on: October 06, 2011, 06:26:40 am »
Guys - I have a semi-similar issue. I'm trying to test this site for XSS vulns then I tried doing

ftp://<site's url>

then it prompted me for a username/pwd. Does this mean the remote FTP is open? If so,is there a way to exploit this without pwd cracking? If not what would be the suggested approach?

Note, I'm connecting to this server via the internet.

PS : I apologize if ever this requires me to start a new thread instead of posting to this existing one. Let me know what i have to do in case I overlooked anything.

Thanks in advance



Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Needing help regards to exploiting a group of machines...
« Reply #12 on: October 06, 2011, 07:51:49 am »
Guys - I have a semi-similar issue. I'm trying to test this site for XSS vulns then I tried doing

ftp://<site's url>

then it prompted me for a username/pwd. Does this mean the remote FTP is open?
Yes. The FTP is open for everyone who has a password.

Quote from: mendaxhaxx2011 link=topic=1360.msg10150#msg10150 date=1317875200
If so,is there a way to exploit this without pwd cracking? If not what would be the suggested approach?
At first I'd try nmap and see what version it is running, maybe do some banner grabbing and if the banners aren't spoofed, you are lucky. If the version of FTP on that site is very old, it will most likely have few public exploits around. Check exploit-db or 1337day.com.