Find open ports and then?
Just scanned my network, i see alot of open ports " RPC"
So how can i test if its vulnerable en what exploit do i need to use for " RPC"
anyway if you look at this , you think is hackable?
ot shown: 65506 closed ports
PORT STATE SERVICE VERSION
7/tcp open echo
9/tcp open discard?
13/tcp open daytime?
17/tcp open qotd?
19/tcp open chargen
21/tcp open ftp Microsoft ftpd
25/tcp filtered smtp
80/tcp open http Microsoft IIS webserver 5.1
119/tcp filtered nntp
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open https?
445/tcp filtered microsoft-ds
1026/tcp open msrpc Microsoft Windows RPC
1035/tcp open msrpc Microsoft Windows RPC
1080/tcp filtered socks
1720/tcp filtered H.323/Q.931
1801/tcp open unknown
2103/tcp open msrpc Microsoft Windows RPC
2105/tcp open msrpc Microsoft Windows RPC
2107/tcp open msrpc Microsoft Windows RPC
3128/tcp filtered squid-http
3260/tcp open unknown
3261/tcp open iscsi StarWind iSCSI 2.6.1
8080/tcp filtered http-proxy
49152/tcp open unknown
and the IP address is......?
ha ha ha. worth a try.
have a look with metasploit 3 (msfweb if you must)
this is your box right ??
have you tried the other glaringly obvious services first ?
Oke, i wil give a try with Metasploit 3
Well i tryd a lot of stuff and nothing happend
Someone can give me some hints?
If i'm not mistaken your post does not tell much..
Try: nmap -sU 000.000.000.000 <---ip adress of your client
Then what ever ports are open use msf > show exploit to do further probing.
thats only gonna do a UDP scan of the host and reveal little more than udp services, this should be done as well as the tcp scanning...
Originally Posted by AtheOS
nmap -sS -sV -vv <ip>
nmap -sU -vv <ip>
I would netcat/telnet the 'common' services found in the first scan to probe further...
My life is this forum
The RPC ports are interesting however you'll need to more specifically identify the services. (Yes you'll actually have to read to figure some of this out).
Originally Posted by Mast3rWurm
Obvious things to poke at are in bold above. IIS 5.1 is an obvious thing to exploit, chances are if you're running IIS 5.1 your MS ftpd service is also old and vulnerable. It's interesting that you're running squid proxy (also likely out of date). And 49125 is an interesting place to run a service since it's in the dynamic/private allocation range (Ports 49152 to 65535).
My life is this forum
I'd also suggest using -P0 every time you use nmap (pinging the host doesn't really get you anything and assuming that pinging is blocked is a good choice for the majority of hosts/networks). Also -O will give you OS detection.
Originally Posted by LaVey666uk
Microsoft ftp service, scan with nessus. It could be XMEasy, if it is, XMEasy new exploits are out. Take it down with that.
Do we have sites on the Server? One of the sites could be vulnerable, check them out. There are many ways to kill a rat. All the best.