Just scanned my network, i see alot of open ports " RPC"
So how can i test if its vulnerable en what exploit do i need to use for " RPC"

anyway if you look at this , you think is hackable?

Thanx ;)



ot shown: 65506 closed ports
PORT STATE SERVICE VERSION
7/tcp open echo
9/tcp open discard?
13/tcp open daytime?
17/tcp open qotd?
19/tcp open chargen
21/tcp open ftp Microsoft ftpd
25/tcp filtered smtp
80/tcp open http Microsoft IIS webserver 5.1
119/tcp filtered nntp
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open https?
445/tcp filtered microsoft-ds
1026/tcp open msrpc Microsoft Windows RPC
1035/tcp open msrpc Microsoft Windows RPC
1080/tcp filtered socks
1720/tcp filtered H.323/Q.931
1801/tcp open unknown
2103/tcp open msrpc Microsoft Windows RPC
2105/tcp open msrpc Microsoft Windows RPC
2107/tcp open msrpc Microsoft Windows RPC
3128/tcp filtered squid-http
3260/tcp open unknown
3261/tcp open iscsi StarWind iSCSI 2.6.1
8080/tcp filtered http-proxy
49152/tcp open unknown

and the IP address is......? ;)


ha ha ha. worth a try.
have a look with metasploit 3 (msfweb if you must)

this is your box right ?? :rolleyes:

have you tried the other glaringly obvious services first ?

Oke, i wil give a try with Metasploit 3

Well i tryd a lot of stuff and nothing happend :(

Someone can give me some hints?

If i'm not mistaken your post does not tell much..

Try: nmap -sU 000.000.000.000 <---ip adress of your client

Then what ever ports are open use msf > show exploit to do further probing.

If i'm not mistaken your post does not tell much..

Try: nmap -sU 000.000.000.000 <---ip adress of your client

Then what ever ports are open use msf > show exploit to do further probing.

thats only gonna do a UDP scan of the host and reveal little more than udp services, this should be done as well as the tcp scanning...

nmap -sS -sV -vv <ip>
nmap -sU -vv <ip>

I would netcat/telnet the 'common' services found in the first scan to probe further...

Just scanned my network, i see alot of open ports " RPC"
So how can i test if its vulnerable en what exploit do i need to use for " RPC"

anyway if you look at this , you think is hackable?

Thanx ;)

Not shown: 65506 closed ports
PORT STATE SERVICE VERSION
7/tcp open echo
9/tcp open discard?
13/tcp open daytime?
17/tcp open qotd?
19/tcp open chargen
21/tcp open ftp Microsoft ftpd
25/tcp filtered smtp
80/tcp open http Microsoft IIS webserver 5.1
119/tcp filtered nntp
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open https?
445/tcp filtered microsoft-ds
1026/tcp open msrpc Microsoft Windows RPC
1035/tcp open msrpc Microsoft Windows RPC
1080/tcp filtered socks
1720/tcp filtered H.323/Q.931
1801/tcp open unknown
2103/tcp open msrpc Microsoft Windows RPC
2105/tcp open msrpc Microsoft Windows RPC
2107/tcp open msrpc Microsoft Windows RPC
3128/tcp filtered squid-http
3260/tcp open unknown
3261/tcp open iscsi StarWind iSCSI 2.6.1
8080/tcp filtered http-proxy
49152/tcp open unknown
The RPC ports are interesting however you'll need to more specifically identify the services. (Yes you'll actually have to read to figure some of this out).

Obvious things to poke at are in bold above. IIS 5.1 is an obvious thing to exploit, chances are if you're running IIS 5.1 your MS ftpd service is also old and vulnerable. It's interesting that you're running squid proxy (also likely out of date). And 49125 is an interesting place to run a service since it's in the dynamic/private allocation range (Ports 49152 to 65535).

thats only gonna do a UDP scan of the host and reveal little more than udp services, this should be done as well as the tcp scanning...

nmap -sS -sV -vv <ip>
nmap -sU -vv <ip>

I would netcat/telnet the 'common' services found in the first scan to probe further...

I'd also suggest using -P0 every time you use nmap (pinging the host doesn't really get you anything and assuming that pinging is blocked is a good choice for the majority of hosts/networks). Also -O will give you OS detection.

Microsoft ftp service, scan with nessus. It could be XMEasy, if it is, XMEasy new exploits are out. Take it down with that.

Do we have sites on the Server? One of the sites could be vulnerable, check them out. There are many ways to kill a rat. All the best.

How do you check which exploit works with metaworks 3. I have to manually run all of them?

thanks

1. When you know which ports are open, then you gotta find out which services are running on them.
2. You can also run a scan after that on the open ports with nessus and other similar scanners.
3. You can also try FastTrack if you want to. Keep in mind filtered ports are not allways
available to hack or open as they are filtered. (none the less you can be spoofing a
target and see what ports are filtered)

Now when you have found out the service names.
Find out exploits for them (if it's older versions people might already have made such).
If it's newer versions, you might have to go look for yourself actually.

There's more ways than 1 to hack each different service, port 80 aka http has various
ways of what i know.
The RPC ports can give you detailed informations out of what is running and maybe
also some spoofing might be able to make you able to run/close programs on the
target machine.

There's a few MS-RPC programs out on the net as well..

That's a few ways to do some things, and i didn't want to go in detail
cause i chose not to do so..

The RPC ports are interesting however you'll need to more specifically identify the services. (Yes you'll actually have to read to figure some of this out).

Obvious things to poke at are in bold above. IIS 5.1 is an obvious thing to exploit, chances are if you're running IIS 5.1 your MS ftpd service is also old and vulnerable. It's interesting that you're running squid proxy (also likely out of date). And 49125 is an interesting place to run a service since it's in the dynamic/private allocation range (Ports 49152 to 65535).

Read up on Amap