Port 20

[|337]

Scenario:
Someone shares a couple of folders on their network, and they connects their macxhine to the Internet. Now their port 20 will be open, and everyone who feels a need for it (by any reason) can enter their shares as a normal network user.

Now, if u add a password to your shares, then it might get a bit tricky.

But Ive got this wannabe |337 friend, who claims that he can acsess my comp (with passworded shares), using the port 20 backdoor. And he says that he's able to mess around on my whole comp, after gaining acsess trough port 20.

Questions:
1. How do he bypass the network password?
2. How do he gain acsess to the whole comp?
3. How do I prevent him from doing so?
4. How's the differences between 98/2000/XP?

[ac1dsp3ctrum]

Hes lying, LOL
There is no backdoor that I know if that runs on port 20.... There is a service that runs on port 20 though..... That port is the FTP Data port... If you run an ftp server on your computer it could be possible that he has found an exploit.... But very unlikely

[iNViCTuS]

Dude...you do realize that port 20 is the FTP-Data port right?

File shares do not use port 20. Also, Port 20 is only opened by an FTP control session that uses port 21. Therefore, I think you are full of $hit also...

[SoggyBottom]

Whack a personal Firewall on your machine, and block all unnecessary ports, and log all events.

You will then be able to see if this guy is actually doing what he is saying. I suspect that it is a load of BS though....

[FrequentZ]

Here's the deal, Lil homey from accross the sea:
Your friend is either messing with your mind, Or he has indeed exploited an ftp service on your machine. Which as Acid stated, is unlikey - but possible.
Soggy's advice is good, but there is an easier way to monitor connections to your machine over the network. - Open a command prompt and type "netstat"
"netstat -n" gives you the IP's and netstat -n 90 will re-list it every 90 seconds.....
Word of caution - this will give you a lot of info if you are surfing the net, using ICQ etc.
It also tells you what port the connection is on - You see where I am going with this?

Remember - lamers want you to "Ph33r" them - for instance, I recently had someone claim to have "taken an image" of my HD while in #antionline - Sure sounds "733t" don't it? - Well, what this fool didn't realize is that there are probably 30 or so computers connected to a router - All of which would appear to have the same IP to the outside world - Sure hope he imaged the right HD - Don't you? - I have been looking for him to ask him to show me the image - can you guess wether or not he will?
Technical Note: It is theoretically possible to differentiate my packets from the others by MAC Address, However, until I see some kind of proof with my own eyes, I am calling it a pathetic attempt to gain my respect.

[RiOtEr]

1 question wtf is that name
RiOTEr

[cwk9]

That sound like typical lamer bull **** to me. If you are running a ftp server witch I doubt then a good fire wall will do the trick.

I had a similar thing happen to me. Last year I was playing a game of golf with one of my friends when he suggested that he could hack into my computer. I said go for it. The next day I get an e-mail with sub7 attached. He didn’t even rename the server.

[Stocker]

Ask your friend weather or not this is where he got the idea for the port 20 exploit

Gaining Remote axess to a Windoze box
By Ghostly Mayhem
e-mail: ghostmachine58@hotmail.com

=====================================================
| K so I know thiz aint brain surgery and others |
| Have said it b4 but I want ever1 to know this |
| Even if it is the only thing they learn |
=====================================================

K so this will work as long as u have an internet connection and a little DOS proggy
called NBTSTAT.

So type "NBTSTAT/?" and if any help comes up then you are sweet, it says "bad command
or file name" then you need to instll NBSTAT just search the net and I guesss you
will phind it.

=============================================================================
K so go online then open a DOS window and then type "NBTSTAT -A (ip address)"
The possible responses are:

"Host not found" - if this comes up then the system can't be hacked
using this method.

Or you may recieve a table:

Name Type Status
------------------------------------------------------------------------
Billy Bob <20> UNIQUE Registered
Jimmy Bob <00> GROUP Registered
Moss machine <03> UNIQUE Registered



Okay see the little hex numbers? ie. <03>
if the number is 20 then it means that the lamer has file sharing on.


Okay type "edit"
now put in the ip address of your victem and press TAB
three times then the name from the left of the <20>

Save this in your C:\windows directory as LMHOSTS
=============================================================================
Okay to gain axess to their machine by fooling it you are on its network you ust first go to the control
panel and then into Network.
Now tell your computer you wish to allow file sharing and it will install some required drivers and tell
you to restart your computer.
NB. Turn off file sharing again and it won't delete the drivers. If you don't turn off file sharing your own
computer will be suceptable to this attack.
=============================================================================
K from here u can do 1 of two things the most basic being

Go to start menu\find\computer and tell it to phind the name that the computer was
labeled.

=============================================================================
Or if you can't do it this way

type in this:
c:\>net view \\[ipaddress]

u will see a list Choose 1
and then type this:
c:\>net use g: \\[ipaddress]\[sharename]

If this works, type :

c:\>cd g:

=============================================================================
Okay so if you wanna try testing a whole lot of putrs using a port scanner then you wanna scan
for an open port 139 cause that is the one used for file sharing this being open means that this
hack will probably work
=============================================================================

[Stocker]

I'm pretty new to the security scene myself so anyone by all means correct me if I'm wrong but I've done a little research and i found and old text file that talked about an exploit very similar to the one your friend was talking about I think some of the confusion lies in calling it port 20. I believe the 20 is actually a hex number which in reality would make it port 32 the exploit supposedly works by first doing an nbtstat on the intended target to figure out whether or not they have file sharing enabled, if they do then the 20 will appear in the column next to their netbios name. By then adding the intended targets ip address and netbios name to your lmhosts file in the windows directory you can do a computer search on the targets netbios name and supposedly he will pop up and you can gain access to the computer or if you can't do it this way type in this:
c:\>net view \\[ipaddress]
you will see a list Choose one and then type this:
c:\>net use g: \\[ipaddress]\[sharename]
If this works, type :
c:\> g:

I'm not sure if this actually works as I have never tried it myself, and i'm assuming your friend will try to break your password using one of the millions of brute force password crackers out there. if this is the case and this is what he intended to do then simply turn sharing off or install a decent firewall other than that. that is all i know let me know if this was helpful

[|337]

thnx for informing me, the posts did actually explain the hack so that even I understood it...
Firewall is up...