Piecing it all together

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

Piecing it all together

Post by hippyewan on Sun Jul 12, 2009 8:33 am
([msg=26689]see Piecing it all together[/msg])

Hi everybody :D

I've read a lot of hacking related things. I've experimented with memory searchers, done quite a bit of C++ programming, used wireshark, ettercap, nmap, Cain. done some basic ARP poisoning on my own LAN. Done all the basic missions here and some of the others. I've had fun with it, learnt quite a bit. But I still have no idea what to do if I say, wanted to get access to files on someone elses computer. I know how to scan them for open ports, but I don't know what to do with those open ports once I've found them. I've learnt quite a few titbits of information but I can't put it all together to know how to do stuff!

This is a bit of a jumbled post, sorry about that. My question is, how do you folks suggest I progress from here? Should I learn more about how computers/networks work without a focus on hacking? Where should I go to do that?

I'm really open to any suggestions, because I'm very interested in computers, security and hacking especially!

Thanks :D
hippyewan
New User
New User
 
Posts: 4
Joined: Sun Jul 12, 2009 8:25 am
Blog: View Blog (0)


Re: Piecing it all together

Post by xXxEvoLuTioNxXx on Sun Jul 12, 2009 9:00 am
([msg=26690]see Re: Piecing it all together[/msg])

well n map will find you your open ports
but more importantly you have to find what services are running them
then find exploits in that service
milworm or metasploit 3 will do the trick

EDIT: this was for education purposes only
i do not reccomend hacking into other people files and folders that are private this is against the law
and i think i have to
Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
xXxEvoLuTioNxXx
New User
New User
 
Posts: 10
Joined: Sun Jul 12, 2009 1:40 am
Blog: View Blog (0)


Re: Piecing it all together

Post by hippyewan on Sun Jul 12, 2009 10:02 am
([msg=26691]see Re: Piecing it all together[/msg])

xXxEvoLuTioNxXx wrote:well n map will find you your open ports
but more importantly you have to find what services are running them
then find exploits in that service
milworm or metasploit 3 will do the trick

EDIT: this was for education purposes only
i do not reccomend hacking into other people files and folders that are private this is against the law
and i think i have to
Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.


Yeah I don't do and don't want to do illegal/malicious things don't worry :)

The way I see it, using metasploit wouldn't help me learn. I'm just using someone elses program to hack for me. I know ping, nmap and stuff are other peoples programs too and I have pretty much the same opinion of them. They're certainly useful but what's the point in learning to hack with them if I can't hack without them? I don't think I could call myself a hacker if I did that :P
hippyewan
New User
New User
 
Posts: 4
Joined: Sun Jul 12, 2009 8:25 am
Blog: View Blog (0)


Re: Piecing it all together

Post by xXxEvoLuTioNxXx on Mon Jul 13, 2009 1:27 am
([msg=26718]see Re: Piecing it all together[/msg])

to be honest im pretty new to the game
and metasploit just shows you known exploit for services already out there i suppose if you looked at some of the scripts and stuff on theres you'd be able to reverse engineer other peoples work and understand it i spose but
i suppose if you learned to find peoples ip's
and you wanted to find which ports where open, you could always like ping the usual ports, i dont know them other than 80 which is http lol but bear in mind if there is 65535 open ports thats a lot of pings ;)
xXxEvoLuTioNxXx
New User
New User
 
Posts: 10
Joined: Sun Jul 12, 2009 1:40 am
Blog: View Blog (0)


Re: Piecing it all together

Post by Nines on Mon Jul 13, 2009 9:55 am
([msg=26738]see Re: Piecing it all together[/msg])

Actually rooting a box rather than exploiting a web script requires you to use a remote exploit of some description. More often than not it's going to be a buffer/heap overflow on a vulnerable piece of code on the server. You need to be pretty competent with Assembly if you want to do this properly so I'd suggest you learn that first. Also you'll need to know sockets back to front and I suggest you learn it from a low level, rather than just using some PHP/Python interface. Learn C sockets and how they are handled, etc.

A good resource with several videos on assembly can be found here:
http://securitytube.net/Assembly-Primer ... rs-(Part-1)-System-Organization-video.aspx
(scroll down to the bottom for the rest of the assembly primer videos)

He also has several videos on buffer overflows and format string vulnerabilities which are essential reading if you want to get into writing exploits.

Buffer Overflows: http://securitytube.net/Buffer-Overflow ... -the-Stack)-video.aspx
Format String Vulnerabilities: http://securitytube.net/Format-String-V ... The-Basics)-video.aspx]

I hope you find those links useful. I think he's done a good job with the videos and I'm looking forward to his next installments.
User avatar
Nines
Poster
Poster
 
Posts: 191
Joined: Sun Apr 13, 2008 5:57 pm
Blog: View Blog (0)


Re: Piecing it all together

Post by hippyewan on Mon Jul 13, 2009 11:07 am
([msg=26744]see Re: Piecing it all together[/msg])

Brilliant.. I have done some Assembly before but I was just copy and pasting really. I didn't understand how what I was doing worked. I'll have a look at those videos right now! :D

Edit: Those links don't work but I went to www.securitytube.net and searched for assembly, it's all good :D
hippyewan
New User
New User
 
Posts: 4
Joined: Sun Jul 12, 2009 8:25 am
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests