Ok heres what im trying to do. I have a Wired network setup at home with a wifi point that i turn on and off when i need to (ie when its sunny and i wanna work in the garden)

this wired network has 3 clients on it

My Vista laptop ( with norton internet security installed come pre installed on the laptop)
windows firewall disabled as norton takes over, also had file and print shareing enabled.

My Xp sp2 laptop no security software installed
fresh install of xp pro with sp2 and all relivent patches installed.

then theres the 3rd client which i cant use as its my sisters

its running through a belkin router to a cable modem.

if i were to boot backtrack off the vista machine and penatrate into the xp machine where would i start,

as i have seen a few vids but they seem to "setup" if that makes sence i wanna see how a real world hack would be performed.

i forgot to mention all the clients are in a workgroup cleverly named MShome ( yes i used the default settings.

i already know about the IPC shares and admin$ c$ D$ and i know about the IPC$ exploit that seems to have been in windows xp or wont go past the firewall, as highlighted here governmentsecurity.org/articles/HackingaWindows2000systemthroughIPC.php

im looking at getting the CEH qualifacation done in a year or so when i pass my MCSA, MCSE, and MCDBA

1. Gather information.
2. Map the network.
3. Identify vulnerabilities.
4. Penetrate the system by exploiting a vulnerability.
5. Escalate privileges if necessary.
6. Maintain access if necessary.
7. Cover tracks if necessary.

(Or, just look at your BT2 menu).

Thanx i should have expected a response like that.

so just go out and try it is the best response i can get thank you ill come back when i have a proper question,

Thanx i should have expected a response like that.

so just go out and try it is the best response i can get thank you ill come back when i have a proper question,
Think about the question you asked, basically, "How do I own a Windows XP box?" Without knowing anything else other than that, I would follow the steps I posted above. Because we don't know anything else: Is it running SP2? Are automatic updates on? Is everything fully patched? This is called Information Gathering, and this is where you find vulnerabilities. You don't find them by skipping to step 4 and randomly applying exploits and seeing if they work.

my previous responce sounded really sarcastic it wasnt supposed to sound that way.

and yes all the service packs and software is uptodate, but like you said you wouldent know that in a realworld situation, so i will see what i can do.

this is a genuine thankyou

my previous responce sounded really sarcastic it wasnt supposed to sound that way.

and yes all the service packs and software is uptodate, but like you said you wouldent know that in a realworld situation, so i will see what i can do.

this is a genuine thankyou
Run nmap against it, find what services are running. You may find an attack vector that way.

Keep in mind though, that running NMAP in the real world may get you caught be those of us that look for it running against our boxen.

Keep in mind though, that running NMAP in the real world may get you caught be those of us that look for it running against our boxen.
In the "real world" (i.e., black hat type penetration test) of course, might need to be a bit more stealthy. In a closed lab environment though, no issues with it.

In the "real world" (i.e., black hat type penetration test) of course, might need to be a bit more stealthy. In a closed lab environment though, no issues with it.

Of course, but the clumsy attacks that I see everday, they stick out like a virgin sheep at a cajun bar-b-que.

One common misconception is that it is possible to "break" into a computer. This is not really so. you must do as the prez sugested and find out what services are running on the box. when exploiting you are exploiting a service that the victim computer is running in order to gain a entry vector into your target system. I canot stress enough that exploiting your neighbors box is highly illegal and un-ethical so think about what your doing because if your having trouble with the entry you probably have no clue how to cover your tracks so you might as well leave a little note card in the event log that says "517". plus is getting one lousy credit card number from the dumbass next door really worth going to jail? I'm just giving all the new "exploiters" something to think about. Testing on your own network is a lot of fun and somday could land you a security job making $75,000 a year. now isnt that better than one stupid credit card number. you decide.
Ok I wasnt going to help but Im feeling nice. the best way to learn how to run a exploit is to put a exploitable service on your target box. For example winamp version 5.12 is vunerable. it has since been patched in latter versions but it will give you some practice because not all payloads work with all exploits.If you Know the system is running the vunerable service and you still cant exploit you know you must change your payload

Of course, but the clumsy attacks that I see everday, they stick out like a virgin sheep at a cajun bar-b-que.


true its just put loads of entrys in my windows firewall logs,

once i have finished experamenting i will start delving deeper into harder attacks, but at this point in time i will stick to the clumsy noobie attacks ( walk before you canrun kind of thing)

One common misconception is that it is possible to "break" into a computer. This is not really so. you must do as the prez sugested and find out what services are running on the box. when exploiting you are exploiting a service that the victim computer is running in order to gain a entry vector into your target system. I canot stress enough that exploiting your neighbors box is highly illegal and un-ethical so think about what your doing because if your having trouble with the entry you probably have no clue how to cover your tracks so you might as well leave a little note card in the event log that says "517". plus is getting one lousy credit card number from the dumbass next door really worth going to jail? I'm just giving all the new "exploiters" something to think about. Testing on your own network is a lot of fun and somday could land you a security job making $75,000 a year. now isnt that better than one stupid credit card number. you decide

Plus these newbies have to think about those people who have the time to setup honeypots. Cause you never quite know who you're attacking, and what they're doing back to you at the same time.

Plus these newbies have to think about those people who have the time to setup honeypots. Cause you never quite know who you're attacking, and what they're doing back to you at the same time.

LOL i make sure my trace route never ends up here "Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA"

@ purehate

Im confused at where that comment has come from, yes its a nice warning and thanx for the concern and advice.

as i have previously mentioned its on my own wired network, and i am actually wanting to get a couple of qualifacations under my belt and get a proper job and hopefully one day get into proper security, but at the moment im studying for an MCSA, then will setp upto MCSE, MCDBA then follow those up to CEH and Certified penatration tester( possibly) will have to see what courses thaty start running at my student campus once i have finished my studies.

@ purehate

Im confused at where that comment has come from, yes its a nice warning and thanx for the concern and advice.

as i have previously mentioned its on my own wired network, and i am actually wanting to get a couple of qualifacations under my belt and get a proper job and hopefully one day get into proper security, but at the moment im studying for an MCSA, then will setp upto MCSE, MCDBA then follow those up to CEH and Certified penatration tester( possibly) will have to see what courses thaty start running at my student campus once i have finished my studies.

Certifications do not a qualified person make.

More and more companies in the industry are taking certifications less and less serious. While they might get your foot in the door, without credible experience, your chances of landing the job are less than someone with experience.

Don't expect to jump right into the job market as a security expert, you might have to take some less meaningful jobs first.

@ purehate

Im confused at where that comment has come from, yes its a nice warning and thanx for the concern and advice.

as i have previously mentioned its on my own wired network, and i am actually wanting to get a couple of qualifacations under my belt and get a proper job and hopefully one day get into proper security, but at the moment im studying for an MCSA, then will setp upto MCSE, MCDBA then follow those up to CEH and Certified penatration tester( possibly) will have to see what courses thaty start running at my student campus once i have finished my studies.

Im not accusing you of any wrong doing but this is the internet and I have no reason to belive you one way or the other. If Ive offended you by questioning your integrity.....to bad. Any way I'm just giving people something to think about before the go attacking the whole internet with a copy of backtrack and a burning resentment. getting in is easier than getting out. and futher more you must investigate your target to the fullest. For example if I was a Blackhat hacker and I mannaged to break into united airlines sql server system what would I do> Probably nothing because Im a dumb ass and I didnt realize they probably have there own set of codes and commands closely guarded. So how the **** am I gonna get those tickets to paris if I cant even navigate the system.

@purehate
There was no offence taken, i was just curious to how that conclision had come about, i am aware that its a very grey area helping people on the internet exploit systems as you dont knwo if they are for real. ive been browsing the idiots corner for a laugh and seen so many noobs be shot down thinking there all elite or just asking stupid questions. im wayy offtopic now

Im gonna put that version of win amp that you mentioned earlyer on and see if i can get in that way if i cant i have 2 other options ports 135/ rcp and port 139 netbios-ssh ( need to do some research on those)

@streaker

im fully aware of the qualifacation thing but its an aim to get to security professional, im just aiming at the current point in time to get any job in IT even just a 1st line support tech desk thing and try and run up the ladder, ( not to fast incase i fall)

@purehate
There was no offence taken, i was just curious to how that conclision had come about, i am aware that its a very grey area helping people on the internet exploit systems as you dont knwo if they are for real. ive been browsing the idiots corner for a laugh and seen so many noobs be shot down thinking there all elite or just asking stupid questions. im wayy offtopic now

Im gonna put that version of win amp that you mentioned earlyer on and see if i can get in that way if i cant i have 2 other options ports 135/ rcp and port 139 netbios-ssh ( need to do some research on those)

@streaker

im fully aware of the qualifacation thing but its an aim to get to security professional, im just aiming at the current point in time to get any job in IT even just a 1st line support tech desk thing and try and run up the ladder, ( not to fast incase i fall)

A average fully patched windows xp sp2 box that is not running remote software is VERY hard to exploit unless you create a malicious url and get the victim computer to click on it. Your box should also have 445 open as that is pretty standard. Vista is still vunerable to the metafile exploit but I wont help you acomplish this you should have more than enough info to get started.