Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: 135,139,445 ports are open?

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    28

    Default 135,139,445 ports are open?

    I have two computer

    two computer connected same network

    first computer installed backtrack, second computer installed winxp sp2

    I use first computer(backtrack), I want enter second computer(winxp)

    winxp open ports 135,138,445..(SMB protocols)

    How can I do that? Which programme can I use?

    (I am sorry my english is bad)

    I found some information

    *****First*****


    [SOF]
    ================================================== =============================
    When Encryption is unserviceable
    by SuRGeoN
    ================================================== ============================= 28/06/2007

    Some times we use encryption just to feel more secure. But many times the real truth is that the
    encryption is unserviceable even if we have a very difficult/big password with a strong
    encryption algorithm. I'll give two examples to explain this idea.

    ==========
    1) Forums
    ==========

    We suppose that the Administator of a www.oneforum.com forum has a very strong password. We know
    that the forum uses MD5 algorithm for password encryption. Then someone steals Administrator's
    cookie with some XSS vulnerability in this forum and he know the md5 hash
    bbbd53e913a404b04abf373dc1dac49b. It's easy for him to find Administrator's UserID from members.php
    for example http://www.oneforum.com/member.php?u=123 when he looks for Admin's profile.

    In this scenario crackers try to crack the md5 hash with program like John the Ripper, Cain & Abel
    or Passwordpro etc. This method for a strong password will take a year, maybe more.
    Is this the best way?

    No.Why we have to find the real password and we use it with the standard way in the Login Form when
    we can do a http request with the prefered web page in the forum (ex. Admin's Forum ->
    forumdisplay.php?f=123) including in the http header the cookie with Administrator's data (we dont
    need the real password only the hash).

    A http request example in the above scenario...

    -------------------------------------------------------------------------------------
    GET http://www.oneforum.com/forumdisplay.php?f=123 HTTP/1.1
    Host: www.oneforum.com
    Cookie: bbuserid=123; bbpassword=bbbd53e913a404b04abf373dc1dac49b;
    -------------------------------------------------------------------------------------

    ==========
    2) Shares
    ==========

    Another example that it'll help us to understand why encryption sometimes is unservicable are Shares.

    We suppose that we have access to a LAN which uses Sharing. We can find LM/NTLM hashes with many
    ways (ex. Sniffing(ettercap), PwDump, Findpass, CacheDump etc). We know that if we crack this hashes
    we can map a network drive with the victim's local drives, we can execute commands or we can take a
    remote desktop.

    All the known tools need the real password to work ... examples ...

    A) Map a network drive (net command)
    net use z: \\administrator-cn\c$ /USER: DOMAIN\Administrator <password>

    B) Remote execute commands (psexec)
    psexec \\administrator-cn -u DOMAIN\Administrator -p <password> c:\winnt\notepad.exe

    C) Remote desktop (mstsc)
    mstsc.exe it asks for Username/Password.

    ...but the clear text password travels over the network?

    No. Just the hash. So if we could send the hash not the password with above tools we dont need to
    crack the very strong password and we see why the encryption in this situation is unservicable too.

    I found one tool that it seems to work with this method "Passing The Hash".
    SMBProxy -> http://www.cqure.net/wp/?page_id=11

    Of course the encryption is important for more security but we have to know when it can be unservicable.
    The real hackers don't need to crack
    ================================================== =============================
    [EOF]

    *****and Second*****


    MSVCTL Tool
    -----------

    http://truesecurity.se/blogs/murray/...-password.aspx
    http://www.microsoft.com/emea/itssho...px?videoid=351 -> MSVCTL Tool

    SAMBA (winexe)
    --------------

    http://www.foofus.net/jmk/passhash.html

    *****and Third*****


    What is Pass-The-Hash Toolkit?


    The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).


    http://oss.coresecurity.com/projects/pshtoolkit.htm

    all information get below the link

    http://www.governmentsecurity.org/fo...howtopic=26260

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Your probably not going to get a response with that lame question.

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by feyt333 View Post
    135,139,445 ports are open...(smb protocol)

    how can I enter this computer?
    You ask the user for their username/password and log in normally.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Keyword: nbtstat (omg)
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by MaXe Legend View Post
    Keyword: nbtstat (omg)
    Don't feed the newbs.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by feyt333 View Post
    135,139,445 ports are open...(smb protocol)

    how can I enter this computer?
    I dunno, what's your IP
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  7. #7
    Junior Member
    Join Date
    Jun 2006
    Posts
    28

    Default

    ................................

  8. #8
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Quote Originally Posted by streaker69 View Post
    Don't feed the newbs.
    I'll keep that in mind streaker
    After all we don't know what they're going to use
    their knowledge on at all of what they gain here.
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by feyt333 View Post
    I have two computer

    two computer connected same network

    first computer installed backtrack, second computer installed winxp sp2

    I use first computer(backtrack), I want enter second computer(winxp)

    winxp open ports 135,138,445..(SMB protocols)

    How can I do that??? Which programme???
    If there were only a search engine somewhere on the internet that allowed you to type in intelligent queries and get possible result to said query back in a matter of milliseconds. If someone were to invent such a thing, I'm sure they'd be billionaires.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by streaker69 View Post
    If there were only a search engine somewhere on the internet that allowed you to type in intelligent queries and get possible result to said query back in a matter of milliseconds. If someone were to invent such a thing, I'm sure they'd be billionaires.
    I dunno streaks, that sounds kinda "out of left field". Nobody would invent such a thing. Hell! nobody would even use it! Case in point.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •