Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Find open ports and then?

  1. #1
    Just burned his ISO
    Join Date
    Oct 2006
    Posts
    7

    Default Find open ports and then?

    Just scanned my network, i see alot of open ports " RPC"
    So how can i test if its vulnerable en what exploit do i need to use for " RPC"

    anyway if you look at this , you think is hackable?

    Thanx



    ot shown: 65506 closed ports
    PORT STATE SERVICE VERSION
    7/tcp open echo
    9/tcp open discard?
    13/tcp open daytime?
    17/tcp open qotd?
    19/tcp open chargen
    21/tcp open ftp Microsoft ftpd
    25/tcp filtered smtp
    80/tcp open http Microsoft IIS webserver 5.1
    119/tcp filtered nntp
    135/tcp filtered msrpc
    136/tcp filtered profile
    137/tcp filtered netbios-ns
    138/tcp filtered netbios-dgm
    139/tcp filtered netbios-ssn
    443/tcp open https?
    445/tcp filtered microsoft-ds
    1026/tcp open msrpc Microsoft Windows RPC
    1035/tcp open msrpc Microsoft Windows RPC
    1080/tcp filtered socks
    1720/tcp filtered H.323/Q.931
    1801/tcp open unknown
    2103/tcp open msrpc Microsoft Windows RPC
    2105/tcp open msrpc Microsoft Windows RPC
    2107/tcp open msrpc Microsoft Windows RPC
    3128/tcp filtered squid-http
    3260/tcp open unknown
    3261/tcp open iscsi StarWind iSCSI 2.6.1
    8080/tcp filtered http-proxy
    49152/tcp open unknown

  2. #2
    Junior Member
    Join Date
    Sep 2006
    Posts
    45

    Default

    and the IP address is......?


    ha ha ha. worth a try.
    have a look with metasploit 3 (msfweb if you must)

  3. #3
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    7

    Default

    this is your box right ??

    have you tried the other glaringly obvious services first ?

  4. #4
    Just burned his ISO
    Join Date
    Oct 2006
    Posts
    7

    Default

    Oke, i wil give a try with Metasploit 3

  5. #5
    Just burned his ISO
    Join Date
    Oct 2006
    Posts
    7

    Default

    Well i tryd a lot of stuff and nothing happend

    Someone can give me some hints?

  6. #6
    Just burned his ISO
    Join Date
    Feb 2007
    Posts
    3

    Default

    If i'm not mistaken your post does not tell much..

    Try: nmap -sU 000.000.000.000 <---ip adress of your client

    Then what ever ports are open use msf > show exploit to do further probing.

  7. #7
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    7

    Default

    Quote Originally Posted by AtheOS
    If i'm not mistaken your post does not tell much..

    Try: nmap -sU 000.000.000.000 <---ip adress of your client

    Then what ever ports are open use msf > show exploit to do further probing.
    thats only gonna do a UDP scan of the host and reveal little more than udp services, this should be done as well as the tcp scanning...

    nmap -sS -sV -vv <ip>
    nmap -sU -vv <ip>

    I would netcat/telnet the 'common' services found in the first scan to probe further...

  8. #8
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Mast3rWurm View Post
    Just scanned my network, i see alot of open ports " RPC"
    So how can i test if its vulnerable en what exploit do i need to use for " RPC"

    anyway if you look at this , you think is hackable?

    Thanx

    Not shown: 65506 closed ports
    PORT STATE SERVICE VERSION
    7/tcp open echo
    9/tcp open discard?
    13/tcp open daytime?
    17/tcp open qotd?
    19/tcp open chargen
    21/tcp open ftp Microsoft ftpd
    25/tcp filtered smtp
    80/tcp open http Microsoft IIS webserver 5.1
    119/tcp filtered nntp
    135/tcp filtered msrpc
    136/tcp filtered profile
    137/tcp filtered netbios-ns
    138/tcp filtered netbios-dgm
    139/tcp filtered netbios-ssn
    443/tcp open https?
    445/tcp filtered microsoft-ds
    1026/tcp open msrpc Microsoft Windows RPC
    1035/tcp open msrpc Microsoft Windows RPC
    1080/tcp filtered socks
    1720/tcp filtered H.323/Q.931
    1801/tcp open unknown
    2103/tcp open msrpc Microsoft Windows RPC
    2105/tcp open msrpc Microsoft Windows RPC
    2107/tcp open msrpc Microsoft Windows RPC
    3128/tcp filtered squid-http
    3260/tcp open unknown
    3261/tcp open iscsi StarWind iSCSI 2.6.1
    8080/tcp filtered http-proxy
    49152/tcp open unknown
    The RPC ports are interesting however you'll need to more specifically identify the services. (Yes you'll actually have to read to figure some of this out).

    Obvious things to poke at are in bold above. IIS 5.1 is an obvious thing to exploit, chances are if you're running IIS 5.1 your MS ftpd service is also old and vulnerable. It's interesting that you're running squid proxy (also likely out of date). And 49125 is an interesting place to run a service since it's in the dynamic/private allocation range (Ports 49152 to 65535).

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by LaVey666uk View Post
    thats only gonna do a UDP scan of the host and reveal little more than udp services, this should be done as well as the tcp scanning...

    nmap -sS -sV -vv <ip>
    nmap -sU -vv <ip>

    I would netcat/telnet the 'common' services found in the first scan to probe further...
    I'd also suggest using -P0 every time you use nmap (pinging the host doesn't really get you anything and assuming that pinging is blocked is a good choice for the majority of hosts/networks). Also -O will give you OS detection.

  10. #10
    Junior Member
    Join Date
    Nov 2006
    Posts
    38

    Default

    Microsoft ftp service, scan with nessus. It could be XMEasy, if it is, XMEasy new exploits are out. Take it down with that.

    Do we have sites on the Server? One of the sites could be vulnerable, check them out. There are many ways to kill a rat. All the best.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •