Author Topic: Portscan/open port(s) - Whats next?  (Read 3550 times)

0 Members and 1 Guest are viewing this topic.

Offline seci

  • Serf
  • *
  • Posts: 22
  • Cookies: 8
  • Seci :D
    • View Profile
    • www.evilzone.org
Portscan/open port(s) - Whats next?
« on: March 29, 2011, 10:19:49 pm »
Hi, I often get questions or see people write things like; "Hey I found some open ports, maybe they are hackable" or "The target got open ports, so hacking it is easy" and more stupid things like that.

First. A open port means nothing. It CAN mean everything, but not necessarily. In order for a open port to be interesting, it needs a service/program or whatever you choose to call it, listening on the port. If there are no programs using the port, its not interesting. It is not the port itself that are being hacked when you hack on a specific port. Its the software using the port. A port is nothing more than a value on a packet.

So how do you go from open port to hacked? Its quite simple, here it is..... CODE FLAWS! ;D Hacking services are the same as exploiting code flaws. If the coder of the service forgot to check/secure his buffers/user input that would be a code flaw most likely leading to a bufferoverflow. With a successful bufferoverflow there are some serious great ods you will pwn the system. If you know what you are doing that is.


My 11 cents.
« Last Edit: March 29, 2011, 10:22:27 pm by seci »
6b619af0d7042db45f3e215b3dd7b977e8d1c82f

Offline I_Learning_I

  • Knight
  • **
  • Posts: 267
  • Cookies: 26
  • Nor black or white, not even grey. What hat am I?
    • View Profile
    • Hacking F0r Fr33
Re: Portscan/open port(s) - Whats next?
« Reply #1 on: March 29, 2011, 10:44:13 pm »
Is this a joke?
Sure, you explained correctly the theory, a vulnerable application running in a port might give access when you overflow it. But come on... explain a little more, how does the overflow occur, writing shellcode, how to find open doors...

But even if you feel it goes offtopic or that is not your purpose you could post an example of a service exploited, showing some disassemble to see what's happening...
Thanks for reading,
I_Learning_I

Offline seci

  • Serf
  • *
  • Posts: 22
  • Cookies: 8
  • Seci :D
    • View Profile
    • www.evilzone.org
Re: Portscan/open port(s) - Whats next?
« Reply #2 on: March 29, 2011, 10:47:02 pm »
You are quite right, this was not the purpose of this topic. I might make a topic/tutorial later on with some examples regarding BoF.
6b619af0d7042db45f3e215b3dd7b977e8d1c82f

Offline Pillus

  • Serf
  • *
  • Posts: 21
  • Cookies: 2
  • RTFM
    • View Profile
    • ChaseNET
Re: Portscan/open port(s) - Whats next?
« Reply #3 on: March 31, 2011, 09:44:27 am »
That's why things like ASLR/DEP and PAX was developed :) Not saying you should not think about code flaws because your protected, i mean there is alot more that can be done as well (like RBAC access control) and soo on.

To bad most people don't even know how to add a second layer of security to their systems.
« Last Edit: March 31, 2011, 09:45:02 am by Pillus »

Offline gh0st

  • Sir
  • ***
  • Posts: 575
  • Cookies: 8
  • #DEDSec
    • View Profile
Re: Portscan/open port(s) - Whats next?
« Reply #4 on: April 03, 2011, 05:36:02 am »
try netcat :
http://en.wikipedia.org/wiki/Netcat
but I recommend you to dont do stupid things however

Offline r00t

  • Serf
  • *
  • Posts: 43
  • Cookies: -4
  • i'm not a hacker
    • View Profile
Re: Portscan/open port(s) - Whats next?
« Reply #5 on: April 04, 2011, 06:54:32 am »
METASPLOIT
' if you want To catch a thief you must think like a thief '

Offline I_Learning_I

  • Knight
  • **
  • Posts: 267
  • Cookies: 26
  • Nor black or white, not even grey. What hat am I?
    • View Profile
    • Hacking F0r Fr33
Re: Portscan/open port(s) - Whats next?
« Reply #6 on: April 04, 2011, 12:50:34 pm »
lol....
I think the idea of the post was to explain the process behind the exploitation method, not what tools to use :P
Also netcat wouldn't exploit it, just be used to backdoor as client and server.
Thanks for reading,
I_Learning_I

Offline ruthless

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
Re: Portscan/open port(s) - Whats next?
« Reply #7 on: April 29, 2011, 11:38:04 pm »
scann a computer with angryip and it had windows sharing port open  used link in program to open port with exporer they had whole desktop shared :P . or tones of machines have rpc port open, ran an rpc exploit from metasploit at it = pwnd . anways always worth doing a OS scan or better p0f / networkminer to help ident the os
hope this helps