Basics of gaining access.

[enc0de]

How do we check for live hosts?


First we are going to be scanning to check what ports are open and OS (Operating System) fingerprinting. But before we do that your probably wondering how do we check if people are on the network and if they are what are their IP addresses. Well What I do and believe it is the easiest way by far is running ettercap. So lets run ettercap open up a console and type in.ettercap -G and ettercap will open up.

.........


.........



How do we scan for ports and know what OS he's using?


Okay pick an IP address from the list and remember it. Now open up a new console to scan the victim with namp. Now nmap has a lot of options so it's really easy to get confused.but I don't want to talk too much about it just yet. So now back to our console type in nmap -O [your victims IP] . The -O options is Operating system detection. Then you should get something like this. Now just by looking at this we know its a Windows XP with our favorite port open 445 SMB.


The complete tutorial here


,

[bakru]

many thanks for this tut.
also your blog has given me very good info and pointed me in the right direction.
regards
bakru

[enc0de]

No problem.

[akuj1n]

I set up my metasploit unleashed materials on vm and instead of exploiting mssql, which I think is what the point of that box was, I instead stumbled upon ms08_067 and just owned the crap out of it over and over. If you where following the metasploit unleashed lab could you demo how to retrieve the mssql database info and so forth?

[krmarcus]

Thanks enc0de!!

[Aruman]

Awesome tut, thanks a lot.

Aruman.

[enc0de]

No prob everyone just glad it helped

[azad2013]

if the firewall is turn on then it won't work...there is no session...it jsut say connection timeout

[Sebaslegrand]

Thank you very much, i've been reading many tutorials and this has helped me a little in understanding the concept better!

[DaveH]

nice thanks

check spell in

Now we now the port number we want to attack it was 445 smb