Your probably not going to get a response with that lame question.
135,139,445 ports are open?
I have two computer
two computer connected same network
first computer installed backtrack, second computer installed winxp sp2
I use first computer(backtrack), I want enter second computer(winxp)
winxp open ports 135,138,445..(SMB protocols)
How can I do that? Which programme can I use?
(I am sorry my english is bad)
I found some information
*****First*****
[SOF]
================================================== =============================
When Encryption is unserviceable
by SuRGeoN
================================================== ============================= 28/06/2007
Some times we use encryption just to feel more secure. But many times the real truth is that the
encryption is unserviceable even if we have a very difficult/big password with a strong
encryption algorithm. I'll give two examples to explain this idea.
==========
1) Forums
==========
We suppose that the Administator of a www.oneforum.com forum has a very strong password. We know
that the forum uses MD5 algorithm for password encryption. Then someone steals Administrator's
cookie with some XSS vulnerability in this forum and he know the md5 hash
bbbd53e913a404b04abf373dc1dac49b. It's easy for him to find Administrator's UserID from members.php
for example http://www.oneforum.com/member.php?u=123 when he looks for Admin's profile.
In this scenario crackers try to crack the md5 hash with program like John the Ripper, Cain & Abel
or Passwordpro etc. This method for a strong password will take a year, maybe more.
Is this the best way?
No.Why we have to find the real password and we use it with the standard way in the Login Form when
we can do a http request with the prefered web page in the forum (ex. Admin's Forum ->
forumdisplay.php?f=123) including in the http header the cookie with Administrator's data (we dont
need the real password only the hash).
A http request example in the above scenario...
-------------------------------------------------------------------------------------
GET http://www.oneforum.com/forumdisplay.php?f=123 HTTP/1.1
Host: www.oneforum.com
Cookie: bbuserid=123; bbpassword=bbbd53e913a404b04abf373dc1dac49b;
-------------------------------------------------------------------------------------
==========
2) Shares
==========
Another example that it'll help us to understand why encryption sometimes is unservicable are Shares.
We suppose that we have access to a LAN which uses Sharing. We can find LM/NTLM hashes with many
ways (ex. Sniffing(ettercap), PwDump, Findpass, CacheDump etc). We know that if we crack this hashes
we can map a network drive with the victim's local drives, we can execute commands or we can take a
remote desktop.
All the known tools need the real password to work ... examples ...
A) Map a network drive (net command)
net use z: \\administrator-cn\c$ /USER: DOMAIN\Administrator <password>
B) Remote execute commands (psexec)
psexec \\administrator-cn -u DOMAIN\Administrator -p <password> c:\winnt\notepad.exe
C) Remote desktop (mstsc)
mstsc.exe it asks for Username/Password.
...but the clear text password travels over the network?
No. Just the hash. So if we could send the hash not the password with above tools we dont need to
crack the very strong password and we see why the encryption in this situation is unservicable too.
I found one tool that it seems to work with this method "Passing The Hash".
SMBProxy -> http://www.cqure.net/wp/?page_id=11
Of course the encryption is important for more security but we have to know when it can be unservicable.
The real hackers don't need to crack
================================================== =============================
[EOF]
*****and Second*****
MSVCTL Tool
-----------
http://truesecurity.se/blogs/murray/...-password.aspx
http://www.microsoft.com/emea/itssho...px?videoid=351 -> MSVCTL Tool
SAMBA (winexe)
--------------
http://www.foofus.net/jmk/passhash.html
*****and Third*****
What is Pass-The-Hash Toolkit?
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
http://oss.coresecurity.com/projects/pshtoolkit.htm
all information get below the link
http://www.governmentsecurity.org/fo...howtopic=26260
Your probably not going to get a response with that lame question.
You ask the user for their username/password and log in normally.Originally Posted by feyt333
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Keyword: nbtstat (omg)
[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]
Don't feed the newbs.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
I dunno, what's your IP
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
................................
I'll keep that in mind streaker
After all we don't know what they're going to use
their knowledge on at all of what they gain here.
[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]
If there were only a search engine somewhere on the internet that allowed you to type in intelligent queries and get possible result to said query back in a matter of milliseconds. If someone were to invent such a thing, I'm sure they'd be billionaires.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
I dunno streaks, that sounds kinda "out of left field". Nobody would invent such a thing. Hell! nobody would even use it! Case in point.
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
Posting Permissions