How To Hack - How I See It: My Journal

Started by Phlux, February 23, 2005, 04:38:32 PM

Previous topic - Next topic
I am a newbie so don't give me straight up answers. I want to earn this unlike many people who beg for answers.

Ok the first step is th "banner grab" technique which is basically finding out what operating system they are running on and what version. Then you find out their IP address through a "Whois" search.

Then you find the IP range...confused with that part.

With the IP address you can then go on to search for "active machines"  I'm assuming you ping them and see which ones send back packets? If operation time-out occurs, i'm wondering if that means there is no computer to answer back or if it was taking too much time so it canceled its actions.

Now that you have a list of active machines, you can run a portscan. Basically, seeing which ones are willing to "communicate" the port range is from 1 to 65536. The number at which it "communicates" usually determines what type of software is running.

21    FTP server
23    Telnet server
25    Mail server (smtp)
53    Domain name server
80    Web server
443   Secure Web server

------
If you want to hack into a website and upload/change files that appear on a a website i'm guessing you'd want to check port 80? Want to look more into that.
------

Once you find out the active machine ip address and you find what port it is running on, then you "must" go on to find out what software it is running from its "fingerprints". To do this, you can open up telnet from msdos by typing "telnet (ip address) (portnumber)...now you are connected.

Webservers use the language http to communicate, so to get that information we must use an http request.

HEAD /index.html HTTP/1.0
then press enter twice

------
you can also use www.netcraft.com
------

You can fingerprint an ftp server on port 21

That is all I learned so far today. Now I want to look more into a few topics...please - by all means - tell me how I am doing, clues to what i'm doing wrong...a bad direction i'm goin in anything. This will hopefully be an ongoing journal of my education. Hopefully anyone looking for information can look at my post and go through my hard research in a matter of minutes.

Nice, think this is a cool thing your doing.

To help you out w/ the IP range, this is a good thing to use if you have a Windows boxen and Linux in a VMWare session or something:
http://www.toolsforselling.com/v1/1/iplookup.htm

Its a free tool that does an ARIN lookup and tells you the owner of the address block. You could always do manually as well. If your on Linux entirely, the web way:

http://ws.arin.net/cgi-bin/whois.pl?queryinput=xx.xx.xx.xx
(Where "x" = IP values)

To hack a website, you need to check a little more then 80. 80 will only tell you the server is a webserver, you need to grab the HTTP header info which may or may not tell you what version of a webserver it is. This can do it for you if the admin didnt turn off the versioning in the headers:
http://www.netcraft.com/whats

Also, for breaking in, look for cross site scripting vulns on that web server, either in the scripts that may be hosted on it (Webmail, Form processing, etc) that may provide a means to look at and modify info on the server, or possibly holes inherent to that web servers version.

To correct you here a bit also:
QuoteOnce you find out the active machine ip address and you find what port it is running on,...
Machines and IP's dont run on ports unless you are talking about a switch or router. I think you mean is Check the services running on that IP by the ports that are responding to connections.

Also, you cant always Telnet to a specific port and connect. What Telnet will tell you basically is verify whats running on that port by the response you see on your screen. (sometimes admins like to fool or try to fool with people by modifying services to run on non-standard ports, such as a Web server listening on 7777 (Oracle AS :P) etc.)[/color]. Telnet sometimes can display the raw response data it recieves and give you a clue to whats actually listening to that port number.

You have the right idea, just need to fine tune it a little bit. But again, I think its cool what your doing as far as posting what you learn on your own and all.
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

I think this is a great idea.  I have been learning also and having your info out there is fun to see how we are compared and how your ideas are the same etc.

Thanks for posting

Jemidon

*Dusts off old tools for some good fun*

Whatever happened to phlux?
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.

Dont know. I noticed that he vanished as well.
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

He ran out of plutonium for his capacitor, and the Libyans aren't selling anymore...


Wilnix
alt email address: wilnix@hackphreak.org

1.21 Jiggawatts is a hard amount of power to generate these days. Though he could always pick up some more plutonium from one of the old soviet blocks.
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

I think the Electronics Recycling place deal with plutonium...
I am not suffering with insanity... I am loving every minute of it.

Am new on this hacking stuff, it get's confusing the more i try to catch up.

Just have to keep at it man .. ask questions
I am not suffering with insanity... I am loving every minute of it.

how bout a honeypot or something set up so they can try stuff..of course, youd have to keep everyone else here off it hehe..

thats not a bad idea.. a wargame server would alse be interesting..

I can only think of one set of war game servers... and I personally wouldn't recommend it if it was the last server on earth.. since it's from Ms. Meinel.. haha.. any one remember her ?

I'm sure there are others though... I just don't know (or care) about them really.
"My Terminal is my Soul"

dude...dont ever mention that name again...meinel....*shivers*

SMF spam blocked by CleanTalk