January 27th, 2004, 02:31 PM
A local remote attack
Ok, atm i have a laptop sitting next to me running mulinux, but within a few days itl be slackware. but anyway...
Is it possible to launch an attack on your own system from the system by telnetting localhost? I mean like say exploiting sendmail on the system that you are currently logged into? If so it will help me alot.
off to install slackware, he he.
btw: Please only post if you know what your talking about, not if you think you know.
January 27th, 2004, 02:37 PM
Sure you could do that. I don't see any reason unless you block the telnet port or not run the service. You'd get more effect with a sniffer like tcpdump if you had two machines but you should be able to do a telnet localhost and applying your attack as planned.
January 27th, 2004, 02:44 PM
Awesome, nah it does sound like a kinda dum question from the outside, but its just that im movin soon so, gotta save cash and space
January 27th, 2004, 06:26 PM
I never thought of that...telnet localhost....I gotta try that! That way I wouldn't have to drag network equipment and my laptop around when I do penetration testing on my friends PCs.
Of course, I'd probably still bring them just to verify (just cause it doesn't work on localhost doesn't mean it won't work against the IP, does it?)
January 27th, 2004, 08:32 PM
Depends on the machine setup, especially with *nix. Different distros, different configurations will react differently.
You also can see the network traffic and the effect the remote attack would have. That, in itself IMHO, is worth having a play box.
January 28th, 2004, 03:14 PM
kool thing is now, my mum (systems analyst), gave me her OLD server running netware. Im gonna make it dual booting with linux so i can explore more OS's or systems types.
Is netware still used?
January 28th, 2004, 03:33 PM
Yup. In fact, worthwhile to play with it. Many schools and other organizations still use it in their backends (usually Novell 4/5/6)
January 28th, 2004, 03:44 PM
Ive got Novell 3.12 here at home with full documentation, but at my mums work they have other higher versions of novell.
p.s. I havn't won the struggle to convert them to linux yet
January 28th, 2004, 03:50 PM
You'll have a hard time since Novell is actually pretty secure (3.12 isn't because of it's age). One thing to definately give credit to Novell is the fact that their attitude is "Deny access to everything by default. Have admin open what is needed"
January 28th, 2004, 03:52 PM
telnetting to localhost might not be great for penetration testing, I believe you have better than remote access to localhost, I remember I used to freak people out by making them ftp to 127.0.0.1 and look at all their data I stole. hehe, aint I a stinka? but if you ftp to any person's IP you can't just access their data. Trying that little ftp localhost trick on more recent OSs has turned up futile, but it does call into question the accuracy of local remote hacking excercises, trust me, this is something I've tried at long length to do, beacause I am without internet access at home and I got a hankering to penetrate (no pun intended) foreign boxes (seriously, I'm being totally professional here) I haven't done it in a long time (still absolutely serious) but I want to so bad I can taste it (ok, now you're just being nasty)
:q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)