Real World Scenario

[@R7un]

So i am testing against my own server:
NMAP(output)

PORT     STATE SERVICE
21/tcp   open  ftp
25/tcp   open  smtp
80/tcp   open  http
443/tcp  open  https
1248/tcp open  hermes
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows Vista|7|2008 (89%)
OS CPE: cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008
Aggressive OS guesses: Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008 (89%), Microsoft Windows Server 2008 R2 (89%)

SMTP grabbing:
SG2NW8SHG132.sin2.gdhosting.gdg Microsoft ESMTP MAIL Service, Version: 7.0.6002.18264



i would like to find the vulnerabilities as well as exploits or any other hack so that i can get a shell...

[ande]

This is absolutely nothing nothing for us to go on. Like someone said in a similar thread, we are not wizards.

A port number dosent mean much, you will need a service signature or at least a confirmation that port x is in fact protocol x and then go from there.

[Architect]

This type of thing really pisses me off. When I see Nmap scans I immediately think this:
"Why the hell doesn't he just use NeXpose to scan, then exploit or report from there?"
Nmap scans tell you very little and I've stopped doing them most of the time for pentests.

[@R7un]

i did some research:
it runs windows NT (after ftp grabbing)
server windows IIS/7.0- no vulnerability found..
runs Microsoft FTP  ver-7.0
 running throgh nessus as well as openvas
what more can i do??

also i want to try default password on ftp, but i'm unable to find default password and username of Microsoft IIS 7.0??

Staff note: I can see you can use the modify button, then why the fuck did you doublepost nigga?

[Kulverstukas]

With what you had given us, all I can say is... metasploit autopwn.

[@R7un]

so from where would you have started lets say the server is [redacted] what scans would you ahve performed and how you would have proceeded?? I'm a noob right now..forgive me for my mistakes...

[proxx]

so from where would you have started lets say the server is [redacted] what scans would you ahve performed and how you would have proceeded?? I'm a noob right now..forgive me for my mistakes...

You proceed by sitting the fuck down and go read some books.
Learn basics of windows/linux/networking/exploitation/coding and come back in 6 months.
The patience these days, jeez. There aint no pwn button, sry bro.

[M1lak0]

Ok I can only help by telling you what can be done here!
See Nmap scan you are using not only give results for port scans. It does hell lots of things!
Ok so now scan for the version of the open port via nmap. Yes it also give results to get the version. So now you got the version. Google the exploit of the version the server is running! You might not get much but dig and see if you get something! There are many ways to hack into a box.
Also see the version server is running. Google for the exploit of the server version, try your luck there too. See if any misconfigured file there on the server! Its a Windows server I guess so msf will help you if you use it correctly!
Best Luck pal (Y) A cookie please,  if you find this informative!

[@R7un]

thanks man you helped me find the path...

[M1lak0]

thanks man you helped me find the path...

I am glad it helped you! Now a cookie!