Open port (legal, pentesting) exploitation?
Yo.
Normally I just program (code languages from PHP to C to ruby, just all around), but some guy on what I know as a skiddie website (HF, lol..if you go there they don't even know how internet works) asked people to pentest his site - ofc I found no vuln's other than some open ports he can't control (111, 755, 756, and 2049), but I figured this would be a good opportunity to learn for future reference in pentesting (No, I don't plan to break any laws. Let me make that clear.)
So, I understand 111 is SunRPC, and 2049 is obviously NFS. 755 and 756, I don't recognize and neither does nmap or anything else. So, my question is, what are some possible exploitations of unused, open ports? Should he be worried?
Thanks!
Re: Open port (legal, pentesting) exploitation?
I highly doubt you have a written contract with your "skiddie friends". Further we won't be helping you in the process. Your best bet is to leave their network(s) alone before you run afoul of the law, and or the AUP/TOS of the networks between the two of you.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Posting Permissions
