Hi all, I've been messing with various tools in backtrack for the past few months. I've learned all I want with wireless network cracking and now I want to start doing some different stuff and I've been wondering a few things for a while.

1. So I run nmap on one my machines to find open ports, OS info and other info then run amap to figure out what applications are running on those ports. But after that what do I do if I want to exploit the box? I would have to find an exploit to use against those applications/services, correct?

2. Beyond using the exploits that come with metasploit, I haven't been able to get any other exploit to work. So for example, I see that this exploit (http://milw0rm.com/exploits/3793) is written in C++ (I hope! ) but how would I go about running it? Can it be done done by opening the file in a windows command shell with a c++ runtime installed?

3. This question has always confused me. Say I was to scan an IP out on the internet (I know it's against my isp's terms of service, I'm just asking in theory.) and all the ports are closed there is no way to get into that network without someone from the inside of it connecting to me? Or if some ports are filtered does that mean that a service is running on them but the traffic going to that service is being filtered by a firewall?

4. I've been trying to capture domain hashes as they go across my network for a while with no luck. (Ettercap gives me an error when it tries to capture any. http://forums.remote-exploit.org/sho...6816#post66816) But etheral/wireshark can pick them up SMB packets just fine but I don't know how to extract or find the hashes in those.

I know these are extremely nobbish questions but still any type of an answer is greatly appreciated. Thanks.