Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Help with pentesting.

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    6

    Default Help with pentesting.

    Hi,
    I am new to pentesting and would like to get some help getting started. I have a lab setup with a Windows 7 RC 7100, and my Laptop with Backtrack 4. I have done a Port scan of my Windows desktop and found the following ports open:

    Port State Service Version
    21/tcp open ftp FileZilla ftpd
    23/tcp open telnet Microsoft Windows XP telnetd
    80/tcp open http Apache httpd 2.2.11 ((Win32))
    135/tcp open msrpc Microsoft Windows RPC
    139/tcp open netbios-ssn
    445/tcp open netbios-ssn
    515/tcp open printer
    554/tcp closed rtsp
    912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
    1801/tcp open unknown
    2103/tcp open msrpc Microsoft Windows RPC
    2105/tcp open msrpc Microsoft Windows RPC
    2107/tcp open msrpc Microsoft Windows RPC
    2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
    3389/tcp open ms-term-serv?
    5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
    10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
    49156/tcp open msrpc Microsoft Windows RPC
    49161/tcp open msrpc Microsoft Windows RPC


    I know this is incredibly open but I cannot find a way to gain access. So I was hoping one you of you could possibly point me in the right direction.

  2. #2
    Just burned his ISO
    Join Date
    Sep 2009
    Posts
    1

    Default

    Basically you can use Metasploit to try hack this system, find any exploitable software and install on your remote system and try to hack. You will learn which exploit works on which port.. Start with using Metasploit there are lots of information about MSF like ; offensive-security.com/metasploit-unleashed

  3. #3
    Just burned his ISO
    Join Date
    Sep 2009
    Posts
    3

    Default

    Telnet and FTP are open. Maybe you can try to gain access through those. Telnet would be especially fun if you could.

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by vbnet View Post
    Hi,
    I am new to pentesting and would like to get some help getting started. I have a lab setup with a Windows 7 RC 7100, and my Laptop with Backtrack 4. I have done a Port scan of my Windows desktop and found the following ports open:

    Port State Service Version
    21/tcp open ftp FileZilla ftpd
    23/tcp open telnet Microsoft Windows XP telnetd
    80/tcp open http Apache httpd 2.2.11 ((Win32))
    135/tcp open msrpc Microsoft Windows RPC
    139/tcp open netbios-ssn
    445/tcp open netbios-ssn
    515/tcp open printer
    554/tcp closed rtsp
    912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
    1801/tcp open unknown
    2103/tcp open msrpc Microsoft Windows RPC
    2105/tcp open msrpc Microsoft Windows RPC
    2107/tcp open msrpc Microsoft Windows RPC
    2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
    3389/tcp open ms-term-serv?
    5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
    10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
    49156/tcp open msrpc Microsoft Windows RPC
    49161/tcp open msrpc Microsoft Windows RPC


    I know this is incredibly open but I cannot find a way to gain access. So I was hoping one you of you could possibly point me in the right direction.
    There are at least four ports there, that if you knew their functions, would immediately stand out as possible attack vectors. Several others stand out as possible vectors, depending on how they are implemented. In fact, three don't require anything more than another Windows machine to immediately log into the Win7 machine. One requires nothing more than a browser.

    This post is a prime example of why guys like me start thinking homicidal thoughts about people who claim to be "new to pentesting." It's nothing personal, but the fact of the matter is that you obviously don't have the background in the basics of networking. Before you start pen testing, you need to start learning the basics. You need to learn things like the basics of TCP/IP communications, and the common TCP & UDP ports, how the services behind them run and may be accessed. Learn those basics, and then you might know enough to start thinking about learning to pen test.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    6

    Default

    What would be some good web sites to learn about TCP/IP?

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by vbnet View Post
    What would be some good web sites to learn about TCP/IP?
    This one is excellent.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    6

    Default

    Thank you for the reply, but I have searched extensively and have found nothing free. Lots of online classes but nothing that you can just go there and read about TCP/IP.

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by vbnet View Post
    Thank you for the reply, but I have searched extensively and have found nothing free. Lots of online classes but nothing that you can just go there and read about TCP/IP.
    Your google fu' is weak.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    6

    Default

    Thanks for the site. I will read through it and then post back what I learned. And if I still need help.

  10. #10
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Before you embark into the complicated world of TCP/IP, you may want to give this a read first.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •