Basics of penetration and system access

I'm new to this, and I have some questions. Once you've done a port scan and know which ports are vunerable, how do you get access to browse the system. Each of the posts talks freely about using a portscanner and then penetrating the system once a hole is found, but none explain how or what tools to use. Thanks

▶ Reply to This

Replies to This Discussion

Permalink Reply by Scorpio on June 20, 2008 at 5:46am: I tried using pwdump, and kept getting an error. It said it couldn't login, even though I was logged in with Admin priveligous. The other then said the registry hive could not be found. where am I going wrong; ▶ Reply to This

Permalink Reply by Scorpio on June 20, 2008 at 5:47am: I have access to my own test system, and am trying to find where windows keeps its passwords and hash files.
Can they be copied off and brute force attacked offline?
Which files are they?; ▶ Reply to This

Permalink Reply by Terminator on June 21, 2008 at 12:33am: password hashes are embedded inside the windows registry. You have to use a password hash extractor program that is suitable to your windows version (XP or vista) and you have to have an admin account if you're a windows app. However, you can use a boot cd to extract the password hashes without having any accounts with a custom password cracking boot cds. Also rainbow tables are now a very shiny solution for cracking. try ophcrack live cd it's a good 1.; ▶ Reply to This

Permalink Reply by Scorpio on June 22, 2008 at 6:56am: Thanks for reply Terminator. For me this is about learning how thses things get done. I'm trying not to use the easy route. I want to learn 1stly how to extract them using tools like pwdump etc then use a p/w hash extractor to see what I get.; ▶ Reply to This

Permalink Reply by Scorpio on June 22, 2008 at 7:21am: To use the easy route, can I just export the whole registry to a file and then interrogate it? Which branch do I start with?; ▶ Reply to This

Permalink Reply by Scorpio on June 22, 2008 at 8:20am: How can I create/dump a hive file. I keep getting an error when I try; ▶ Reply to This

Permalink Reply by Terminator on June 21, 2008 at 12:30am: After you know what ports are open you start identifying software listening to those ports and then you check those softwares for known vulns in public DBs (starters) or try to find a backdoor in that particular software on your own (Advanced stuff). Is that what you're asking about ?; ▶ Reply to This

Permalink Reply by Scorpio on June 22, 2008 at 7:12am: Yes. I'm trying to lean these basic things first. tx; ▶ Reply to This

Permalink Reply by Linux Sniper on August 13, 2009 at 9:52pm: Once you know that your target exists, you can use nmap to find out (fingerprint) what type and version of the operating system is running on your target system. You can then use a packet sniffer to listen on an ethernet port for things like passwd, login, and su. When these things are detected you can gain passwords that provide access to the network. Packet sniffers are deployed on an already compromised port or can be done on the inside from a laptop or another computer.

Finding open ports does not necessarily mean there is a problem. For example, most system administrators setup their firewalls to allow traffic through port 80. You should keep in mind that ANY open port can be abused.; ▶ Reply to This

RSS

Welcome to
House of Hackers

Sign Up
or Sign In

About

pdp created this Ning Network.

Badges | Report an Issue | Privacy | Terms of Service