# Hacking in telnet ftp

Chia sẻ: Nghia Bui Tuan | Ngày: | Loại File: PDF | Số trang:17

0
98
lượt xem
43

## Hacking in telnet ftp

Mô tả tài liệu

[I Want to Start at the Start] [I Want to Go Straight to Hacking] INTRODUCTION: A little background is needed before we get into hacking techniques. When we talk about ‘Hacking’

Chủ đề:

Bình luận(0)

Lưu

## Nội dung Text: Hacking in telnet ftp

3. choices.gif (538 bytes) [I don't understand about the proxy settings thing, let me read more ] [Ok, I am wired for hyper stealth... Now, I want to HACK!] INFO GATHERING: To start off, you will probably need to gather information about www.froggy.com.au using internet tools. choices.gif (538 bytes) [Ok, how?] [Give me some reading to do about info gathering ] [No, I've already got all the info, just tell me what to do] DIRT DIGGING STAGE: We are now taking the first steps of any hack... Info Gathering. You should be set up for stealth mode. Get a notepad, and open a new browser window (through the IP Jammer). Bring the www.froggy.com.au 's web page up in the IP Jammer's window. You can load the IP Jamming applet on the Cyberarmy.Com . choices.gif (538 bytes) [Ok, What Now?] CASE THE JOINT: 1. First, check out the site. Take down any email addresses, copy down the HTML of important pages. choices.gif (538 bytes) [Done... What Else?] THE OLD BOUNCING MAIL TRICK:
4. 2. Send a mail that will bounce to the site. If the site is www.froggy.com.au , send a mail to blahblahblah@froggy.com.au . It will bounce back to you and give you information in its header. Copy the information from the headers down. (To maintain anonymity, it might be a good idea to send and receive the mail from a free web based provider, such as hotmail.com. Use full stealth features when sending the bouncing mail. This will protect you when they check through the logs after they are hacked.) choices.gif (538 bytes) [Done... What Else?] TRACEROUTE: 3. Still using stealth features, Traceroute froggy.com.au . This Traceroute search is avaliable from the Hacker's Home Page, in the Net Tools section. This will tell you the upstream provider of the victim server. TOOLS choices.gif (538 bytes) [Ok, what next?] WHOIS: 3. Still using stealth features, Whois the site. This Whois search is avaliable from the Hacker's Home Page, in the Net Tools section. This will give you information on the owners and servers that run the site. Write it down. TOOLS choices.gif (538 bytes) [Ok, what next?] GIVE 'EM THE FINGER: 4. Finger the site. Use this finger service at Cyberarmy.Com to check the site. Try fingering just with “finger @froggy.com.au ” first. This sometimes tells you the names of all accounts. If this does not work, try fingering any email addresses you found on the site, and through Whois. This will sometimes give you useful information.
5. FINGER @ choices.gif (538 bytes) [Ok, what next?] THE DEADLY PORT SCAN: 5. Now, we're about to get rough on the site. Port Scan the site. Port scanning checks for all open ports for an IP. It is extremely useful, however, it practially screams to the webmaster's of the victim site that they are in the middle of being hacked. The is basically no legitimate reason to port scan a site unless you are about to hack it. There are no very good ways to hide a port scan, but there are a few semi-stealthy port scanners. Most are only for Linux / Unix systems. However, the Exploit Generator for Windows is one that claims to be stealthy. However, if you are trying to enter a very secure site, perhaps forget about port scanning for now, unless you are running Linux. Though, port scan will tell you all the services a site is running. If port 21 is open, it means they have an FTP server. If port 23 is open, it means they have telnet. choices.gif (538 bytes) [Ok, What next?] TELNETTING: 5. The aim of telnetting to the site is basically to try and find out the server type. While your browser is in stealth mode, use the Anonymous Telnet applet in the Cyberarmy.Com to open a Telnet window. Telnet to the site to Port 23. Usually, if the address is “www.froggy.com.au ”, try telnetting to "froggy.com.au ". If this does not work, try to telnet to telnet.froggy.com.au or try telnetting to any of the sites listed as name servers in your previous Whois search. Once you have got access, note any information it gives you, such as server type. choices.gif (538 bytes) [This worked - I got the server type!] [None of that worked...] TELNETTING: Now change the telnet to port 21. This should send you straight in to the server's FTP
6. port. If this works, try typing SYST to find out what server type it is. choices.gif (538 bytes) [This worked - I got the server type!] [None of that worked...] TELNETTING: Now, if you are lucky, try telnetting to port 80, the HTTP port. Note if this gives you any information. choices.gif (538 bytes) [This worked - I got the server type!] [None of that worked...] RUNNING LAME PROGRAMS: You *need* to know the server type to have any hope of hacking the thing. How do you expect to run exploits against it if you cant even figure out what you're dealing with here? A final resort is to run a program called Whats Running? It doesn't work very well, but will sometimes tell you the server type. It will also probably be logged by the victim server. If that doesn't work, do anything to find the server type. Even write them an e-mail asking what operating system they're running. choices.gif (538 bytes) [Ok, I've got the Info... Now I want access!] HACKING THROUGH THE PASSWORD: We will now try to go through the front door of the server. As to our analogy, we are trying to find the combination of the safe. choices.gif (538 bytes) [Ok, I Want Root!] [Nah, I already know this server will need exploits] EASY THINGS FIRST:
7. You would kick yourselves if ya spent weeks trying advanced hacking with exploits, IP spoofing and social engineering, just to find that we could have got in by using: $Login: root$Password: root So, let’s just try this first and get it out of the way. Unix comes set up with some default passwords, and sometimes these are not changed. So, we telnet to froggy.com.au . Don’t use your usual telnet program. Unless you are using a filched or anonymous account, it will show your IP address to froggy.com.au . With your proxies changed, and everything set for stealth, switch back to the Anonymous Telnet window. Then try the following accounts and passwords: ACCOUNT: PASSWORD (login) root: (password)root sys: sys / system / bin bin: sys / bin mountfsys: mountfsys adm: adm uucp: uucp nuucp: anon anon: anon user: user games: games install: install demo: demo umountfsys: umountfsys sync: sync admin: admin guest: guest daemon: daemon The accounts root, mountfsys, umountfsys, install, and sometimes sync are root level accounts, meaning they have sysop power, or total power. Other logins are just "user level" logins meaning they only have power over what files/processes they own.
8. choices.gif (538 bytes) [Nup... Didn't think it would work] [Incredible... That Lame Trick Actually Worked!] USING THE LOGIN NAMES: Still simple things first. About 1 in 20 people are stupid enough to have the same login name and password. With your list of all the email addresses or finger information you dug from the site, try this. For example, if the web site made a reference to fred@froggy.com.au , try logging in (through telnet or a FTP program to their server) as: $Login: Fred$Password: Fred Do this with all the names you have found - you might get lucky. Did this work? choices.gif (538 bytes) [Nah, they had some baddass security, didn't work] [Oh, Golly Gee... I got access to one of the accounts!] GETTING THE PASSWD FILE: You probably had no luck until now. Actually, most hacking techniques only have a slim chance of success. You just try hundreds of slim chances till you get it. Assuming you were trying to log in on a Unix system, you may have been wondering how Unix checks to see whether the passwords you gave were correct or not. There is a file called ‘passwd’ on each Unix system which has all the passwords for each user. So, if we can’t guess the passwords, we will now try to rip this file and decrypt it. choices.gif (538 bytes) [Make it so, Number 1] ANCIENT CHINESE FTP METHOD: