Results 1 to 2 of 2

Thread: ip question

  1. #1
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    5

    Default ip question

    Hey guys, i have seen lots of documents about how to hack and ive tried many exploits on my test server (hp proliant dl380g3 i got off ebay ). But ive never tryed rooting it before :S i looked around google but only found outdated papers from the 90s lol. i have seen webshells like c99 and r57, with options like "connect back" and "bind shell". Ive looked into it and found that for "connect back" you have to portfoward if it a remote host connecting to you, but not if its a lan. "Bind shell" is me doing "nc <ip> <port>", which is usually blocked by firewalls?

    so people say "connect back" shell are the best but dont they show your ip address? also ive heard of data pipe shells which has something to do with irc?


    Could someone educate me some more please

  2. #2
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    Quote Originally Posted by shanch123 View Post
    Hey guys, i have seen lots of documents about how to hack and ive tried many exploits on my test server (hp proliant dl380g3 i got off ebay ). But ive never tryed rooting it before :S i looked around google but only found outdated papers from the 90s lol. i have seen webshells like c99 and r57, with options like "connect back" and "bind shell". Ive looked into it and found that for "connect back" you have to portfoward if it a remote host connecting to you, but not if its a lan. "Bind shell" is me doing "nc <ip> <port>", which is usually blocked by firewalls?

    so people say "connect back" shell are the best but dont they show your ip address? also ive heard of data pipe shells which has something to do with irc?


    Could someone educate me some more please

    I would start by running a syn scan against ports 80 and 21, hoping to recieve a syn/ack packet, indicating a tcp service is listning on them ports, if indeed one is, your scanner should reply with what type of service is offered, FTP etc. Nmap will have a good go at profiling the system, O.S etc, how ever if it does not, then I would look for tell tale signs within the scan, (thats however another lesson altogether). For arguments sake lets say that port 80 did have a tcp service running and that you now know its a win box.

    Time to enumerate the box (so has you know what exploit to use) use what ever tool you want but netcat should work. Just netcat to the ip address and port using no extra switches, use the GET command followed by some nonsense ie GET pongomongo, the system will reject the command and. send back its information.

    Now we have the info we need, ie the server and its O.s. we choose the appropriate exploit from metasploit (which in your case is a reverse shell) thats pretty much it unless you wanna start coding your own exploits, (a waste of time as metasploit contains an abundance of them, of course if you wanted to attack the server without triggering any alarms you would have to code everything yourself, but hey its YOUR BOX so thats not a problem)
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •