Metasploit 3.1 & NMap
Hey everybody, I'm new to penetration testing and I intend on going into a career as a network administrator so I thought that I'd better brush up on this stuff if I don't want punk kids messing with my network just a few days into the business.
Also, I would post this in another forum but I just registered so I have no choice but to do it here for now.
So after reading some other threads to try to find answers, I came across several links (probably a dozen) that either didn't work or were of no help. I'm sure that some of you will say that I hardly looked at all, but those dozen were just on this site, there was at least an hour's worth of time spent on google as well.
SO HERE'S MY SITUATION
I DLed Nmap, Nessus, and Metasploit 3.1 last night and tinkered mostly with nmap, just getting used to it, you know. scanned my old windows 2000 computer in the other room and it returned these results:
Not shown: 1710 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc?
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open NFS-or-IIS?
MAC Address: 00:06:5B:50:C5:20 (Dell Computer)
Device type: general purpose
Running: Microsoft Windows 2000|XP|2003
OS details: Microsoft Windows 2000 Server SP3 or SP4, Microsoft Windows XP SP2 or Windows Server 2003 SP0/SP1
Then i had this whole big installation deal with metasploit (hereafter referred to as 'meta' cause i'm tired of typing that whole thing) that i finally resolved today. so i go into the meta GUI, look through the exploits under windows, and try a couple under http just to see how it works (not expecting a penetration, of course) and then after I've had my fun with that i check the nmap return and start looking for an IIS, netbios, or microsoft-ds exploit. i didn't look through the whole tree for windows, but just through a quick glance i didn't see anything that i thought would work.
i also scanned the same box with nessus that brought up a result page that took me about 20 minutes to go over; it was big, but there were plenty of holes in the box, needless to say.
SO
I've tried to give as much detail as possible without putting you to sleep. Is there anyone out there that could tell me how they would go about penetrating this box?
If you want/need more info I'm more than willing to give it (except an IP, of course :P)
Sounds to me like you are using windows. If you are you are in the wrong place. This is a linux backtrack distro support forum. I do however know how it feels to ba a n00b and lost. I don't particularly believe your story because I hear 20 or 30 of them a day so although I won't give you a step by step haxor it now post I will link you to some videos.
This is one of mine
And so is this
Both using metasploit and here are quite a few dealing with windows
Also........
Can you please post the links on here that didn't work?Originally Posted by IS.Josef
And, as PH said, no-one around here will give you a complete step-by-step on breaking into a specific machine, so don't even ask!
(Please read the forum rules......)
And finally, if you intend to follow a career as a net admin you might have to be prepared to put in more effort than "at least an hours worth of time" searching Google
And if you are really going to pursue a career as a NetAdmin and you're just starting out in the field, you should read this thread.
http://forums.remote-exploit.org/sho...light=netadmin
Eventually, I'm going to get around to publishing all that information together plus a bunch of other stuff that I haven't written down yet.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
I usually only have to spend about 5 minutes looking for solutions to a problem that I may be having, but I've gone to lengths of 8 hours at one time, if that doesn't bleed into days afterwards. I don't like leaving things unsettled.And finally, if you intend to follow a career as a net admin you might have to be prepared to put in more effort than "at least an hours worth of time" searching GoogleBut today I had to do some driving around the city, so I didn't have all day for this one.
Also apologies on the topic of pentesting a specific machine, didn't know that. and for the future i'll list all links i find that don't work. : )
thanks streaker, that was a LOT of useful stuff, how long have you been in the field? i'm still completely new to it and trying to find work.... my only skills in networking for now are the workings of RIP, OSPF, EIGRP, IS-IS, configuring routers and switches, and configuring VLSM, subnet masks, and wildcard masks. not much i know, but i intend on expanding that to a ridiculous list such as yours, lol. i bet your resume is a novel!
as per the 'linux support forum for back track' yeah i noticed the back track part (see large logo at the top of page lol), but linux eluded me. been wanting to learn how to deal with the linux os because a friend of mine recently tried it out and had a blast messing with the interface, but he could NOT get the internet working through his wifi. plus every serious tech junkie knows that windows is a joke in many aspects, particularly security. but eh, it's easy, so i'll stick with it for a while longer till i read up enough on linux to migrate.
True!!!
i have a similar problem!!!
i tried almost each and every exploit in metasploit 3 using payloads of windows_reverse / windows_reverse_vncinject!!
but cudnt break into any of the PCs!! scanned the PC and had its http,rpc and netBios ports open! how do i knw which exploit to use and all!!
id b gr8ful to hear a nice lil lecture on this or if u have links to learn more about the exploits!!!
thnx a lot!!!!!!!!!!!!!!!!111
this is my first ever postAND IM EXCITED!!!!!!!
Gr8 Vid Helped heaps
I'm still lost but it's work like that that keeps us noobs (sometimes nobscoming back for more
great work
Posting Permissions
