Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Service finding

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    3

    Default Service finding

    This is my first post to this forum, so hello.

    I am currently "pentesting" my website, trying to hack into it. Social engineering myself is cheating, as is social engineering my boss, so social engineering is out (except for social engineering the web hosting company, but that is something that I would like to avoid (I could "cheat" and make it very easy due to my knowledge as a web admin for the site. I will do it as a last resort, but I would rather learn something new)). If grabbing a banner using ncat fails to reveal service types, versions, and anything else, and nmap only gives a 90% secure guess on operating system type without reliable version information, and nothing on the version of the ftp, http, smtp, etc. services running on various ports, but is still able to get the type of service running on a given open port, is there any other way for me to find out the versions my website/webhost is running?

    Thanks to any responders in advance.

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by RedScare View Post
    , and nmap only gives a 90% secure guess on operating system type without reliable version information, and nothing on the version of the ftp, http, smtp, etc.
    You really need to re-think re-read how nmap works and it's capabilities.
    nmap will tell you better than 90% in most cases. It will tell you services given that a service is running and it responds to the probes sent out by nmap.
    If the server responds to probes of any sort then one is going to be able to find out what is being offered on a given port.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    What you are doing is a violation of your web hosting companies TOS most likely. Maybe I should report you.

  4. #4

    Default

    Maybee post's like this are useless

    The reasons are always the same.

    " I just want to check the security o my ....network...wlan....homepage....

    very sad...-.-
    www.myownremote.blogspot.com

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Sometimes version information is provided in error messages, such as error messages from the HTTP server (like 404 page missing errors), or error messages from server side scripts that fail.

    You may also want to make sure that you are sending the right requests when you try banner grabbing. You wont get any "banner grabbable" response from a HTTP server with an ncat connection unless you send the server a valid HTTP request that it supports.

    Edit: Oh yeah, and Pureh@te is right, you need permission from your hosting company to pen test a site hosted by them. Stop now if you dont have it!
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    3

    Default

    Alright then, in order:

    @archangel.amael : I'm pretty sure I'm using nmap correctly. Isn't it possible to block or spoof fingerprints than nmap reads?

    @pureh@te : Is it really worth it? Anyway, I'm only looking at service versions, that's still legal in my country (it's all I plan to do).

    @Reeth : I could get the information I'm asking about by social engineering people relatively easily. Why would I bother?

    @lupin : I'm assuming the same applies for ftp and other connections?

    Thanks for the responses.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by RedScare View Post
    @lupin : I'm assuming the same applies for ftp and other connections?
    Each service will respond differently to different probes. FTP for example will give up some information after just a carriage return before requiring you to logon. That information may sometimes contain version info.

    Nmap and amap use a variety of different probes to elicit this version information from services. Have a look at the nmap-service-probes file for more information.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Did you do any pentesting before or is that your first time?

    Sounds like the later one to me.
    Tiocfaidh ár lá

  9. #9
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    3

    Default

    @KMDave : Yep, first time. I've looked into the theory before, and tried social engineering before, but this is the first "in the field" experience for me where I want to use only the computer. Why do you ask?

    @lupin : Thanks, I'll look into that when I got some time.

  10. #10
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by RedScare View Post
    Why do you ask?
    Probably because it was obvious.
    Get yourself a virtual machine program and run up a lot of older OS's, create a lab and learn to crack systems in there - rather than (potentially) breaching all sorts of laws on public hosts, not to mention risking destruction of data or denial of service. Working within the lab environment is safest anyway and you can install sniffing software on every host so you can analyse how an attack works from the attackers point of view and the victims point of view. A greater understanding will improve your skills immensely.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •