A local remote attack
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: A local remote attack

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    100

    A local remote attack

    Ok, atm i have a laptop sitting next to me running mulinux, but within a few days itl be slackware. but anyway...

    Is it possible to launch an attack on your own system from the system by telnetting localhost? I mean like say exploiting sendmail on the system that you are currently logged into? If so it will help me alot.

    off to install slackware, he he.

    btw: Please only post if you know what your talking about, not if you think you know.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Sure you could do that. I don't see any reason unless you block the telnet port or not run the service. You'd get more effect with a sniffer like tcpdump if you had two machines but you should be able to do a telnet localhost and applying your attack as planned.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    100
    Awesome, nah it does sound like a kinda dum question from the outside, but its just that im movin soon so, gotta save cash and space

  4. #4
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    I never thought of that...telnet localhost....I gotta try that! That way I wouldn't have to drag network equipment and my laptop around when I do penetration testing on my friends PCs.

    Of course, I'd probably still bring them just to verify (just cause it doesn't work on localhost doesn't mean it won't work against the IP, does it?)

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Depends on the machine setup, especially with *nix. Different distros, different configurations will react differently.

    You also can see the network traffic and the effect the remote attack would have. That, in itself IMHO, is worth having a play box.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    100
    kool thing is now, my mum (systems analyst), gave me her OLD server running netware. Im gonna make it dual booting with linux so i can explore more OS's or systems types.

    Is netware still used?

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Yup. In fact, worthwhile to play with it. Many schools and other organizations still use it in their backends (usually Novell 4/5/6)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    100
    Ive got Novell 3.12 here at home with full documentation, but at my mums work they have other higher versions of novell.

    p.s. I havn't won the struggle to convert them to linux yet

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    You'll have a hard time since Novell is actually pretty secure (3.12 isn't because of it's age). One thing to definately give credit to Novell is the fact that their attitude is "Deny access to everything by default. Have admin open what is needed"
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Deceased x acidreign x's Avatar
    Join Date
    Jul 2002
    Posts
    455
    telnetting to localhost might not be great for penetration testing, I believe you have better than remote access to localhost, I remember I used to freak people out by making them ftp to 127.0.0.1 and look at all their data I stole. hehe, aint I a stinka? but if you ftp to any person's IP you can't just access their data. Trying that little ftp localhost trick on more recent OSs has turned up futile, but it does call into question the accuracy of local remote hacking excercises, trust me, this is something I've tried at long length to do, beacause I am without internet access at home and I got a hankering to penetrate (no pun intended) foreign boxes (seriously, I'm being totally professional here) I haven't done it in a long time (still absolutely serious) but I want to so bad I can taste it (ok, now you're just being nasty)
    :q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides