Port 20
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Port 20

  1. #1
    Junior Member
    Join Date
    Feb 2002
    Posts
    29

    Port 20

    Scenario:
    Someone shares a couple of folders on their network, and they connects their macxhine to the Internet. Now their port 20 will be open, and everyone who feels a need for it (by any reason) can enter their shares as a normal network user.

    Now, if u add a password to your shares, then it might get a bit tricky.

    But Ive got this wannabe |337 friend, who claims that he can acsess my comp (with passworded shares), using the port 20 backdoor. And he says that he's able to mess around on my whole comp, after gaining acsess trough port 20.

    Questions:
    1. How do he bypass the network password?
    2. How do he gain acsess to the whole comp?
    3. How do I prevent him from doing so?
    4. How's the differences between 98/2000/XP?

  2. #2
    Banned
    Join Date
    Oct 2001
    Posts
    1,462
    Hes lying, LOL
    There is no backdoor that I know if that runs on port 20.... There is a service that runs on port 20 though..... That port is the FTP Data port... If you run an ftp server on your computer it could be possible that he has found an exploit.... But very unlikely

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Dude...you do realize that port 20 is the FTP-Data port right?

    File shares do not use port 20. Also, Port 20 is only opened by an FTP control session that uses port 21. Therefore, I think you are full of $hit also...

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Whack a personal Firewall on your machine, and block all unnecessary ports, and log all events.

    You will then be able to see if this guy is actually doing what he is saying. I suspect that it is a load of BS though....
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  5. #5
    Junior Member
    Join Date
    Dec 2001
    Posts
    21
    Here's the deal, Lil homey from accross the sea:
    Your friend is either messing with your mind, Or he has indeed exploited an ftp service on your machine. Which as Acid stated, is unlikey - but possible.
    Soggy's advice is good, but there is an easier way to monitor connections to your machine over the network. - Open a command prompt and type "netstat"
    "netstat -n" gives you the IP's and netstat -n 90 will re-list it every 90 seconds.....
    Word of caution - this will give you a lot of info if you are surfing the net, using ICQ etc.
    It also tells you what port the connection is on - You see where I am going with this?

    Remember - lamers want you to "Ph33r" them - for instance, I recently had someone claim to have "taken an image" of my HD while in #antionline - Sure sounds "733t" don't it? - Well, what this fool didn't realize is that there are probably 30 or so computers connected to a router - All of which would appear to have the same IP to the outside world - Sure hope he imaged the right HD - Don't you? - I have been looking for him to ask him to show me the image - can you guess wether or not he will?
    Technical Note: It is theoretically possible to differentiate my packets from the others by MAC Address, However, until I see some kind of proof with my own eyes, I am calling it a pathetic attempt to gain my respect.

  6. #6
    Banned
    Join Date
    Sep 2001
    Posts
    853
    1 question wtf is that name
    RiOTEr

  7. #7
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    That sound like typical lamer bull **** to me. If you are running a ftp server witch I doubt then a good fire wall will do the trick.

    I had a similar thing happen to me. Last year I was playing a game of golf with one of my friends when he suggested that he could hack into my computer. I said go for it. The next day I get an e-mail with sub7 attached. He didnít even rename the server.
    Its not software piracy. Iím just making multiple off site backups.

  8. #8
    Junior Member
    Join Date
    Mar 2002
    Posts
    8
    Ask your friend weather or not this is where he got the idea for the port 20 exploit

    Gaining Remote axess to a Windoze box
    By Ghostly Mayhem
    e-mail: ghostmachine58@hotmail.com

    =====================================================
    | K so I know thiz aint brain surgery and others |
    | Have said it b4 but I want ever1 to know this |
    | Even if it is the only thing they learn |
    =====================================================

    K so this will work as long as u have an internet connection and a little DOS proggy
    called NBTSTAT.

    So type "NBTSTAT/?" and if any help comes up then you are sweet, it says "bad command
    or file name" then you need to instll NBSTAT just search the net and I guesss you
    will phind it.

    =============================================================================
    K so go online then open a DOS window and then type "NBTSTAT -A (ip address)"
    The possible responses are:

    "Host not found" - if this comes up then the system can't be hacked
    using this method.

    Or you may recieve a table:

    Name Type Status
    ------------------------------------------------------------------------
    Billy Bob <20> UNIQUE Registered
    Jimmy Bob <00> GROUP Registered
    Moss machine <03> UNIQUE Registered



    Okay see the little hex numbers? ie. <03>
    if the number is 20 then it means that the lamer has file sharing on.


    Okay type "edit"
    now put in the ip address of your victem and press TAB
    three times then the name from the left of the <20>

    Save this in your C:\windows directory as LMHOSTS
    =============================================================================
    Okay to gain axess to their machine by fooling it you are on its network you ust first go to the control
    panel and then into Network.
    Now tell your computer you wish to allow file sharing and it will install some required drivers and tell
    you to restart your computer.
    NB. Turn off file sharing again and it won't delete the drivers. If you don't turn off file sharing your own
    computer will be suceptable to this attack.
    =============================================================================
    K from here u can do 1 of two things the most basic being

    Go to start menu\find\computer and tell it to phind the name that the computer was
    labeled.

    =============================================================================
    Or if you can't do it this way

    type in this:
    c:\>net view \\[ipaddress]

    u will see a list Choose 1
    and then type this:
    c:\>net use g: \\[ipaddress]\[sharename]

    If this works, type :

    c:\>cd g:

    =============================================================================
    Okay so if you wanna try testing a whole lot of putrs using a port scanner then you wanna scan
    for an open port 139 cause that is the one used for file sharing this being open means that this
    hack will probably work
    =============================================================================
    Never Criticize a man until you\'ve walked a mile in his shoes, that way when you do criticize him you\'ll be a mile away and you\'ll have his shoes.

  9. #9
    Junior Member
    Join Date
    Mar 2002
    Posts
    8
    I'm pretty new to the security scene myself so anyone by all means correct me if I'm wrong but I've done a little research and i found and old text file that talked about an exploit very similar to the one your friend was talking about I think some of the confusion lies in calling it port 20. I believe the 20 is actually a hex number which in reality would make it port 32 the exploit supposedly works by first doing an nbtstat on the intended target to figure out whether or not they have file sharing enabled, if they do then the 20 will appear in the column next to their netbios name. By then adding the intended targets ip address and netbios name to your lmhosts file in the windows directory you can do a computer search on the targets netbios name and supposedly he will pop up and you can gain access to the computer or if you can't do it this way type in this:
    c:\>net view \\[ipaddress]
    you will see a list Choose one and then type this:
    c:\>net use g: \\[ipaddress]\[sharename]
    If this works, type :
    c:\> g:

    I'm not sure if this actually works as I have never tried it myself, and i'm assuming your friend will try to break your password using one of the millions of brute force password crackers out there. if this is the case and this is what he intended to do then simply turn sharing off or install a decent firewall other than that. that is all i know let me know if this was helpful
    Never Criticize a man until you\'ve walked a mile in his shoes, that way when you do criticize him you\'ll be a mile away and you\'ll have his shoes.

  10. #10
    Junior Member
    Join Date
    Feb 2002
    Posts
    29
    thnx for informing me, the posts did actually explain the hack so that even I understood it...
    Firewall is up...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •