iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
New to exploiting,Need Some exploit suggestion!!!
  • mandi
    Posts: 207
    i have been studying a target and i found many open ports on the server
    and they are using windows 2003 server with the following services




    21/tcp open ftp
    22/tcp open ssh
    25/tcp open smtp
    42/tcp filtered nameserver
    53/tcp open domain
    80/tcp open http
    85/tcp open mit-ml-dev
    110/tcp open pop3
    135/tcp filtered msrpc
    139/tcp filtered netbios-ssn
    143/tcp open imap
    161/tcp filtered snmp
    179/tcp filtered bgp
    587/tcp open submission
    646/tcp filtered ldp
    1025/tcp open NFS-or-IIS
    1028/tcp filtered unknown
    1041/tcp open unknown
    1042/tcp open unknown
    1050/tcp open java-or-OTGfileshare
    1080/tcp filtered socks
    1720/tcp filtered H.323/Q.931
    3128/tcp filtered squid-http
    3261/tcp open unknown
    3306/tcp open mysql
    3389/tcp open ms-term-serv
    6666/tcp filtered irc
    6667/tcp filtered irc
    6668/tcp filtered irc
    8086/tcp open unknown
    9998/tcp open unknown



    I am excited because they even have their ftp port open..
    I know it is easy to exploit,But i am confused at choosing the service for exploiting,
    Can any body tell me which of the above service is easy for exploiting?
    And if needed i will make a scan and post the version of the services running..

    Looking for some ideas...
  • Sh3llc0d3
    Posts: 1,910
    I'd be personally tempted to bruteforce/dictionary attack the ssh password using hydra.

    PM'd you something to have a look at as well... i've not read it all but it may give a clue as to where to look. Hacking Exposed Windows Server 2003 the book sounds a good place ;)
  • Xin
    Posts: 3,251
    Your gonna want to get the actualy versions running on the services it will help a lot more
    Xin
  • mandi
    Posts: 207
    soon i will post the exact version of the services being running on the ports...
    But for now looking for some ideas..
    @semtex-primed Offline ---->really thanks for your link..
    i am gonna check it,looks useful...
  • McKittrick
    Posts: 194
    seeing the above, your best bet and easiest interaction would be to go after the terminal services port. they have crackers out there for that already as far as getting in through the front door goes
  • Orgy
    Posts: 40
    I have a feeling that OP has never done anything like this and has just learned about nmap
  • Xin
    Posts: 3,251
    If you still need this, post the actual version eg proftpd 1.3.3c
    To get that do nmap -sV
    Xin
  • McKittrick
    Posts: 194
    what i am more curious about, is that appears to be a windows machine, yet they are filtering BGP. the only thing i can think of is that is being filtered at the upstream provider's end. most, if not all, windows machines have no BGP/edge routing support at all

    just looking at those open services, there are a more than enough that are possibly vulnerable. this almost looks too easy, like a honeypot
Add a Comment