Author Topic: Portscan/open port(s) - Whats next? (Read 3548 times)

seci · « **on:** March 29, 2011, 10:19:49 pm »

Hi, I often get questions or see people write things like; "Hey I found some open ports, maybe they are hackable" or "The target got open ports, so hacking it is easy" and more stupid things like that.

First. A open port means nothing. It CAN mean everything, but not necessarily. In order for a open port to be interesting, it needs a service/program or whatever you choose to call it, listening on the port. If there are no programs using the port, its not interesting. It is not the port itself that are being hacked when you hack on a specific port. Its the software using the port. A port is nothing more than a value on a packet.

So how do you go from open port to hacked? Its quite simple, here it is..... CODE FLAWS!

Hacking services are the same as exploiting code flaws. If the coder of the service forgot to check/secure his buffers/user input that would be a code flaw most likely leading to a bufferoverflow. With a successful bufferoverflow there are some serious great ods you will pwn the system. If you know what you are doing that is.

My 11 cents.

I_Learning_I · « **Reply #1 on:** March 29, 2011, 10:44:13 pm »

Is this a joke?
Sure, you explained correctly the theory, a vulnerable application running in a port might give access when you overflow it. But come on... explain a little more, how does the overflow occur, writing shellcode, how to find open doors...

But even if you feel it goes offtopic or that is not your purpose you could post an example of a service exploited, showing some disassemble to see what's happening...

seci · « **Reply #2 on:** March 29, 2011, 10:47:02 pm »

You are quite right, this was not the purpose of this topic. I might make a topic/tutorial later on with some examples regarding BoF.

Pillus · « **Reply #3 on:** March 31, 2011, 09:44:27 am »

That's why things like ASLR/DEP and PAX was developed

Not saying you should not think about code flaws because your protected, i mean there is alot more that can be done as well (like RBAC access control) and soo on.

To bad most people don't even know how to add a second layer of security to their systems.

gh0st · « **Reply #4 on:** April 03, 2011, 05:36:02 am »

try netcat :
http://en.wikipedia.org/wiki/Netcat
but I recommend you to dont do stupid things however

r00t · « **Reply #5 on:** April 04, 2011, 06:54:32 am »

METASPLOIT

I_Learning_I · « **Reply #6 on:** April 04, 2011, 12:50:34 pm »

lol....
I think the idea of the post was to explain the process behind the exploitation method, not what tools to use

Also netcat wouldn't exploit it, just be used to backdoor as client and server.

ruthless · « **Reply #7 on:** April 29, 2011, 11:38:04 pm »

scann a computer with angryip and it had windows sharing port open used link in program to open port with exporer they had whole desktop shared

. or tones of machines have rpc port open, ran an rpc exploit from metasploit at it = pwnd . anways always worth doing a OS scan or better p0f / networkminer to help ident the os
hope this helps

EvilZone

News:

Author Topic: Portscan/open port(s) - Whats next? (Read 3548 times)

seci

Portscan/open port(s) - Whats next?

I_Learning_I

Re: Portscan/open port(s) - Whats next?

seci

Re: Portscan/open port(s) - Whats next?

Pillus

Re: Portscan/open port(s) - Whats next?

gh0st

Re: Portscan/open port(s) - Whats next?

r00t

Re: Portscan/open port(s) - Whats next?

I_Learning_I

Re: Portscan/open port(s) - Whats next?

ruthless

Re: Portscan/open port(s) - Whats next?