[Gloucs] Virtual hacking

matt robbins mrrobbins1 at live.co.uk
Fri Oct 22 09:54:23 UTC 2010


Hi Matt,

Thanks for that, its really useful!

I'm about to download and install nessus and also run that get html command on my http port.

Only thing is I can't download the GnackTrack even though i would love to because I only have a limited download size left this month.

I installed ubuntu using Virtual Box, the iso i actually downloaded for ubuntu was: Ubuntu 10.10-alternate-i386.iso. I actually tried installing it directly from usb stick (after I used PE Builder to "attempt" to build a bootable copy onto the usb stick) but it has a problem with the CD Drivers in part of the installation process. I am using a Samsung Notebook so I do not have a cd player.
Is there an easier way to install it as I have a spare partition of atleast 20gigs ready and waiting for when i manage to install it.

Regards,

Matt R

> Date: Thu, 21 Oct 2010 17:42:58 +0100
> From: phillips321 at gmail.com
> To: gloucs at mailman.lug.org.uk
> Subject: Re: [Gloucs] Virtual hacking
> 
> Hi Matt,
> 
> First of all using a telnet client is a good way to fingerprint a service
> such as the 3 you have found, but an even better way to automate the finger
> printing would be to use the nmap -A flag or simply use amap as thats a
> purpose build fingerprinting tool.
> 
> The main issue is that each service will have different ways of
> communicating.
> 
> For example to communicate with a HTTP service try the following:
> 
> GET / HTTP/1.1[enter]
> [enter]
> [enter]
> 
> (make sure you press enter twice as it looks for a two next line characters)
> 
> Your best bet for now would be to download and install nessus. It's a
> vulnerability exploitation tool. If you download GnackTrack it already comes
> bundled, you'll just have to registyer for a free home feed to get the
> plugins (http://www.nessus.org/plugins/?view=homefeed)
> 
> Then run nessus against your windows XP target.
> A demo of nmap, nessus and then metasploit to control the target is here:
> http://www.youtube.com/watch?v=Bpafg8WQSqk (i recorded this before the last
> LUG talk in case something went wrong on the night. - watch in 720p to see
> the text)
> 
> If you want to target web applications directly it's worth downloading
> wackopicko which is a vulnerable web application(it will be your target), a
> vmware and livecd copy can be found on the gnacktrack website.
> 
> Hope this helps
> 
> Matt
> 
> P.s. All of the apps mentioned above are preinstalled in GnackTrack, sorry
> for the shameful plug ;-)
> 
> On 21 October 2010 17:30, matt robbins <mrrobbins1 at live.co.uk> wrote:
> 
> >
> > Hi Guys,
> >
> > I've been attempting "hacking" into my windows xp os using my "virtual"
> > linux ubuntu package.
> > when I scanned with nmap it gave me 3 open ports, 139, 135 and 2869
> > I then used Telnet to connect to the following ports and got these results;
> >
> > port 135 hangs when i try to connect to it
> > port 139 disconnects me
> > port
> >  2869 is http but i have not a clue what commands to use and how i
> > should use them, I tried regular html etc but that did not work, it just
> >  disconnected me back to the linux ubuntu terminal program.
> >
> > Any
> > help would be appreciated as i am trying to learn more about security. I
> >  thought the best bet would be to go on the "offensive" and learn to
> > hack succesfully against myself for a while using different methods,
> > then eventually I could go on the defensive and learn about preventative
> >  measures and test them against myself etc.
> >
> > Regards,
> >
> > Matt R
> > _______________________________________________
> > gloucs mailing list
> > gloucs at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> >
> _______________________________________________
> gloucs mailing list
> gloucs at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/gloucs
 		 	   		  


More information about the gloucs mailing list