Printable View
Ok, atm i have a laptop sitting next to me running mulinux, but within a few days itl be slackware. but anyway...
Is it possible to launch an attack on your own system from the system by telnetting localhost? I mean like say exploiting sendmail on the system that you are currently logged into? If so it will help me alot.
off to install slackware, he he.
btw: Please only post if you know what your talking about, not if you think you know. :D
Sure you could do that. I don't see any reason unless you block the telnet port or not run the service. You'd get more effect with a sniffer like tcpdump if you had two machines but you should be able to do a telnet localhost and applying your attack as planned.
Awesome, nah it does sound like a kinda dum question from the outside, but its just that im movin soon so, gotta save cash and space :D
I never thought of that...telnet localhost....I gotta try that! That way I wouldn't have to drag network equipment and my laptop around when I do penetration testing on my friends PCs.
Of course, I'd probably still bring them just to verify (just cause it doesn't work on localhost doesn't mean it won't work against the IP, does it?)
Depends on the machine setup, especially with *nix. Different distros, different configurations will react differently.
You also can see the network traffic and the effect the remote attack would have. That, in itself IMHO, is worth having a play box.
kool thing is now, my mum (systems analyst), gave me her OLD server running netware. Im gonna make it dual booting with linux so i can explore more OS's or systems types.
Is netware still used?
Yup. In fact, worthwhile to play with it. Many schools and other organizations still use it in their backends (usually Novell 4/5/6)
Ive got Novell 3.12 here at home with full documentation, but at my mums work they have other higher versions of novell.
p.s. I havn't won the struggle to convert them to linux yet
You'll have a hard time since Novell is actually pretty secure (3.12 isn't because of it's age). One thing to definately give credit to Novell is the fact that their attitude is "Deny access to everything by default. Have admin open what is needed"
telnetting to localhost might not be great for penetration testing, I believe you have better than remote access to localhost, I remember I used to freak people out by making them ftp to 127.0.0.1 and look at all their data I stole. hehe, aint I a stinka? but if you ftp to any person's IP you can't just access their data. Trying that little ftp localhost trick on more recent OSs has turned up futile, but it does call into question the accuracy of local remote hacking excercises, trust me, this is something I've tried at long length to do, beacause I am without internet access at home and I got a hankering to penetrate (no pun intended) foreign boxes (seriously, I'm being totally professional here) I haven't done it in a long time (still absolutely serious) but I want to so bad I can taste it (ok, now you're just being nasty)