When you find a system scan it and the basic stuff to find holes. How do you access it I mean like get the dos console shell or like explore directories?
Printable View
When you find a system scan it and the basic stuff to find holes. How do you access it I mean like get the dos console shell or like explore directories?
Now you wouldn’t happen to be asking how to hack would you? Because that tends to earn a lot of negative anipoints.
no im writeing a report on the process of the hack and how vunerable sytems are
My report is about how systems are compramised and im stuck on the part where the hacker access the system.
Hahahaha, nice report, but you better go and ask somewhere else, we don't like those reports here.
Look you people im not a hacker or anything all im trying to do is learn how hackers hack into systems so I can be a better Internet Security Specialist when I graduate. And I dont appricate being accused of being a hacker!
Ok, because you didn't ask "how can I hack into hotmail" I'm going to be nice ;). Networking security is a very broad and complex area. So this question is a little beyond the scope of a single thread. There have been thousands of books and articles (www.google.com) written on this subject. So I suggest you go do some research first.Quote:
When you find a system scan it and the basic stuff to find holes. How do you access it I mean like get the dos console shell or like explore directories?
If you really are just writing a report, we're not the sort of people to do your homework for you. If I come across as condescending or beligerant, I apologise. It's just that at AO we get these sorts of questions every day from people who obviously have less than honourable intentions.
Some good hard sources that detail practical intrusion techniques and defenses include:
Hacking Exposed 3/e, ISBN: 0072193816 by Stuart McClure, Joel Scambray, George Kurtz
Real World Linux Security, ISBN: 0130281875 by Bob Toxen
We'd love to see the end result of this report when you're done ;).
Im not a Stupid neophyte or anything i know all about how sniffers work and how internet protocols work. I have Hacking Exposed 3/e Hackers Challenge Hack Attacks revealed and like 20 other internet security books ive been looking for this info for ever and i cant find out how to remotely excute a command shell.
So, hmm... smirc... how do I hack hotmail? ;)
Why do you think that these books are reluntant to simple supply the exact methodology needed to get a remote shell? They're not just going to hand it out to kids on a platter. You really want to do some research on buffer overflows.Quote:
I have Hacking Exposed 3/e Hackers Challenge Hack Attacks revealed and like 20 other internet security books ive been looking for this info for ever and i cant find out how to remotely excute a command shell.
Don't make me come over there ;). Hehe.Quote:
So, hmm... smirc... how do I hack hotmail?
ok so what your talking about is like when you telnet into a system and get a banner you use a buffer overflow to access the command shell
Searched the web for "remotely execute a command shell". Results 1 - 10 of about 28,200. Search took 0.22 seconds
"us people" use google...and take the 0.22 seconds it takes to look basic answers up ourselves...
you have a specific question...you may get an answer...but you may want to do a bit of attitudinal adjusting...we don't owe you an answer...
if you spent even a moment looking...you'd find a s*load of lame kiddie sites and tuts that'll tell you what you want to know...hey ...you got 28000 to choose from...go to it
i dont really understand the whole banner and tcp packet flag thing
That's one way you could do it I suppose. You access a service via telnet, say SMTP (sorry for picking on sendmail/qmail guys). When interecting with the service you feed a command a series of values that overflows the buffer (memory allocated to some vulnerable function) and seg faults the process. If you feed in the "right" values when overflowing the buffer, usually Assembly commands, you can overwrite a section of memory with evil code and this evil code is executed spawning a remote shell.Quote:
ok so what your talking about is like when you telnet into a system and get a banner you use a buffer overflow to access the command shell.
And then then the sys admin notices this and kicks your ass ;).
Smirc PM me with the basics of accessing a remote command shell via telnet etc...
No.Quote:
Smirc PM me with the basics of accessing a remote command shell via telnet etc...
come on smirc don't beat round the bush tell the poor guy exactly how u feel ;)Quote:
No.
v_Ln
NetwrkBurn --
I think you may have got of very lightly there! It could have got /really/ warm in this thread.
lolololololol - nice man, very nice. ;)Quote:
No.
OK, Ok, i think that questions like "how to exec a rmt shell" are a bit far off. Witha simple Google search you can get propably 5-6 *good* results that a newB can understand. Which means that
"Searched the web for "remotely execute a command shell". Results 1 - 10 of about 28,200. Search took 0.22 seconds"
is somewhat funny and irritating. Hey, dont go around saying those things about Google.
NetwrkBurn --
A tip for when you sign up under a different username - avoid the over-use of the word 'like'. It makes you sound 15 (even if you're 16 or 17). Oh and btw - I don't think neophyte was the term that anyone had in mind... ;)
lmfao...... I wasn't thinking neophyte at all.... Lmfao ummm.... when your trying to ask basically how to hack by telnet, just go to google.com and type in Telnet Exploits or something......
The problem with your question is that it's wayyy to broad.
First of all, a buffer overflow wouldn't work on a properly written telnet (or any other service) server. Otherwise the internet would be nothing but a bunch of exploited websites etc.
Another thing is that windows doesnt have a default telnet server, and if your talkin about hacking a BSD or Linux box then your practically into a whole different subject.
I'll try to give you the low-down without telling you "How to hack into Hotmail", lol...
What I do:
- Check for the really basic ****: SMB/ Netbios Network shares, Telnet Servers, FTP Servers, etc. If there are any then I write down the name of the server software (usually says during login) and then go on the interweb and check for any known vulnerabilities. Unless of course... They have SMB network shares, in which case they're dead.
Next:
- Full range portscan: I wouldnt suggest this against a non-windows box, cause its the electrical equivalent of smashing down the bank door with a sledge hammer. This sound ridiclious, but over high speed DSL (Mine= 1.5mbs up 6.0mbs down) it actually doesnt take that long. If you dont have a good connection aka <512k then just scan the first 1024 ports, all the most common services are there.
When I get a list of ports I try to directly connect to each one with telnet, because the login messages sometimes let you know what service it is. If I cant find out what they are from that, and i dont already know (aka really common services) then I go back to the interweb and do a search for that port # and see what it is.
[glowpurple]YOU CAN ALWAYS FIND OUT WHAT A PORT DOES[/glowpurple]
If you cant your not trying hard enough.
Then if i dont already know some exploits for that service I go to the interweb and try to find some, or I Download the software and try to find some myself. Oh yeah, and if I want a username to try then I try to grab the remote NAMETABLE - very good method
Stupid windows tells u who is currently logged on, and they sometimes use that username 4 other stuff. Do this at the command prompt by: NBTSTAT -A ipaddresshere
The A has to be capital.
- Last effort: If the first two options dont work, then I usually get desperate and start trying the weird ****. Examples:
SNMP Walking
Try to buffer overflow every service they got... lol... <- this gets u BUSTED
And one more crazy thing that I havent heard of anyone else trying:
I ping them, then i look at the reply in code form.
This can tell u what OS they are using, windows sends the alphabet.
SOME OS's SEND RANDOM DATA FROM RAM! <- This has possibilities
Anyhow, thats roughly what i do, or most of it.
That should be enough 4 a report without teachin u to hack ur friends hotmail acc.
- Trak
Well, he did ask how to executer a remote shell, and the answer to that is VERY simple, if you are running unix.
rsh <machine>
rsh stands for remote shell... Good luck doing anything with it though...
good answer smirc.
If you've read all those books and actually taken the time to understand them, you'd know the process by now.
You asked a question, we are very definitely not going to provide you with the 'how do I hack' style of answer you're looking for. We have no way of knowing whether or not you're being honest when you say you're learning it for security reasons, so we err on the side of caution. Seems a reasonable thing to me.
I do think that if you've really read a lot of books on the subject, you'd have a bloody clue how to do it by now, but hey, maybe I'm just expecting too much from someone who has enough IQ to log onto the Internet and use AO's forum.
nice.
hmm nice.
very interesting.
damn hackers!!
I sort of thought the books would make the particular question un-necessary. If they contained the right information, then it should have been read and understood. If they didn't, then they must contain enough background information for a simple search to turn up particulars.
I think his signature is indicative of something:
Quote:
__________________
CyberArmy 4ever!!!
Ok Screw all of you *******s all im trying to do is learn my future feild and you dickheads are just trampling all over me just for the fun of it, ****ers!!!!!!!!!!!!!!
Whos the idiot that gave NetwrkBurn positive points for him starting this thread.... i dont see how anyone can consider that even something worth reading... just another Cyber Army 1337 wannabe
What I'm really interested in is how to guess the
3 digit password that a corporate vice president
uses for root access, so i can capsize oil tankers
and stuff like that...
:cool:
rcgreen your an idiot if you think that msdos is the ultimate hacker os i even know how to work my way around a unix shell
oh no man you wrong, msdos rules, you just don't know how to use it.
Seems to me that Netwrkburn got off lucky by not being flamed by starting this thread. If there is one thing I've learned at this site, you just don't ask how to hack.
To get a DOS prompt, click on the start button and select "Run." Then, try typing either "command" or "cmd" and hit return. With any luck, you'll have a DOS prompt.Quote:
Originally posted here by NetwrkBurn
When you find a system scan it and the basic stuff to find holes. How do you access it I mean like get the dos console shell or like explore directories?
*smirk*
Wow....ummm.... *hides*
lmao at the Cyberarmy lamer!!! Nobody on Cyberarmy wanted to help you? :D