[SIZE=1]Hey Nikscap,Jay,Fear and others...
I'm new to this forum, but not to this field...This is the first time I'm crackin a server, so i need help with an exploit.
I've gained almost all required information against my host, which is given below.:
Website: www.*****.com
IP: 204.***.141.15 **Edited By GSecur ***
Server: IIS 5.0
Database: MySQL 3.23.38
OS: WINNT
ports open: 10(0 firewalled, 1 filtered)
7 (ECHO)
9 (DISCARD)
13 (TIME)
17 (QUOTD)
21 (FTP)
15 (SMTP)
79 (FILTERED)(FINGER)
80 (HTTP)
135
443 (HTTPS)
1080 (SOCKS)

Now, I want an exploit to get the root(or rather administrator) access to this target on the FTP services(port 21)
So please do help me with the exploit, if any, and please also tell me how to actually execute it.
Thanxalot...
FL@ME

It sounds like this isn't your server your trying to hack Posting the address and saying you want to hack it is going to land you jail In my opion this site promotes Security and how to protect your network from people like you.
Take a step back and realise that no matter how good you think you are you will make a mistake and get caught.
Make a network at home and hack that.

Alright Alright Jay Dude
I got yer point, BUT IF i DO want to hack a web server with IIS 5.0 running on it, THEN HOW THE HELL will i learn to do it?
I respect yer Idea of security promotion, but then i have to learn to hack IIS5.0 and I aint gonna do that by asking people "tell me to hack my own network" am I?
Well if u got any Idea which could help me, let me know..Also, Gsecur, Thanx for the PM and I hope u PM me back soon
L@TER$

am more curious to what your going to do IF you gain access... are you going to let admin know they have a problem ?
or are there more devious thoughts ... behind your conquest ?

i hope you have your IP well masked...coz if not ...well thats down to you.

if you found all them ports open....then look at the services they are running and look for an exploit to match the service...simple as that

you have access

First things first, I want to commend you Jay for not taking a flaming aproach to correcting the_flame.

I want to maintain a polite feeling on this board.

Now onto the rest of the my thoughts. I have no problem with people trying to learn about how certain exploits are performed and how they work. I believe it's an important skill that security auditors should learn. That way they don't just apply patches as they come out, but will actually be able to suggest policies that will prevent future attacks from being possible. "An ounce of prevention is worth a pound of cure"

Now for some important points. Naming specific targets and IP's is a big no no! the_flame has already been corrected privately. Also malicious hacking, meaning you gain access to a system and then destroy data on it is just plain stupid. People spend a lot of time and energy on projects and it's just rude to destroy peoples hard work. (unless they distribute child porn, then destroy all you want )

Yeah all people, ive got u all
So I want to let u all know that my intentions are NOT of harming anyone at all. The only thing is that this is my first step towards hacking and i dont want to return now.. So all i want is a little support from those who know
Yes, If and IF i hack this system, i will let the admin know all about it, and also inform him of the patches. So my intentions are not at all of harming/destruction, but the hack im doing is for knowledge experience and an actual "idea"
So dudes please help me, im really in need of help as this is my first hack and i dont want to make it unsuccessful
Yeah..i want to hack port 21 which has microsoft FTP version 5.0 running

QUOTE (the_flame @ Jun 6 2003, 04:45 PM)

Yeah all people, ive got u all So I want to let u all know that my intentions are NOT of harming anyone at all. The only thing is that this is my first step towards hacking and i dont want to return now.. So all i want is a little support from those who know Yes, If and IF i hack this system, i will let the admin know all about it, and also inform him of the patches. So my intentions are not at all of harming/destruction, but the hack im doing is for knowledge experience and an actual "idea" So dudes please help me, im really in need of help as this is my first hack and i dont want to make it unsuccessful Yeah..i want to hack port 21 which has microsoft FTP version 5.0 running

good to hear you have good intentions ... thanks

here are some links to start you off with regarding M$ ftp issues...

http://www.securitytracker.com/alerts/2001...ar/1001123.html
http://archives.neohapsis.com/archives/vul...02-q2/0455.html
http://online.securityfocus.com/archive/1/...30/2002-12-06/2

ehy boys help me!!!!!!!

the_flame
The key to understanding is getting knowledge u have a target, u did a port scan and got background information now u must exploit ur way in from the services running, google.com will be ur best friend if u cant find something in there it probably dont exist to public u may want to look at the mysql its running i am sure there is heaps of exploits for that program, we run that at skewl and ive watched the darn thing crash enough times lol, have fun remember, good hackers get in and leave not a trace, nor any damage its more the thrill of getting in that we excell on

Try taking a look at the date this topic was started. June 3. 2003 It was that Fa-sum guy who suddently replyed, and why did he do that? Makes no sense. Oh well, the world is full of unpredictable dickheads, guess we'll just have to live with that *sigh*

I find bin exploit MS04-012

knull, I'd be greatly interested by this one, if you could attach it or upload it anywhere, I'd be grateful

well dude if u call yourself a hacker u gotta act like a hacker, that means, try to find solutions by yourself
you got the portscan well now try to find informations about every open ports running on the machine..
u got port 21 open check what ftp server is running, the rights you have on it.
You could try to brute force it, or maybe there's a vulnerabilit in the ftp server.
you got port 135 open so try ipc, wks, rpc...
MySql database there are some security issues in that sql server google it and try..
also look for port 80 maybe you got Apache vulnerability or webdav, iis, etc..
and maybe there are vulnerabilitys in the socks server running on the box...
Regards
F4k0LY

good idea fakoly.

this would work for you....
hxxp://www.k-otik.com/exploits/04212004.THCIISSLame.c.php
just takes a second to find what you need using good old google

Hello.

I have yet a Hardware Firewall. And im running IIS 5.0 on Win2000 Server. Can it be that these exploit is the issues i got multiple scanns on port 443 ?. Schould i block these port on Firewall ?

There is some SSL exploit out for IIS5.0 so I think that's why you were scanned

Here is all the information and the exploit compiled, just need the scanner now
http://www.thc.org/exploits.php

Anyone could help me with program compiling using MS Visual Studio .NET 2003 ?

I was used to gcc for the C programmation I did during my scolarity, but this one is really different.

For thie IIS5 exploit, I open a new project, then ticking "empty project and MFT", then adding a "new source file" .cpp, pasting the code, saving and then I tried to compile the thing.

It gave me 10+ errors. And I wasn't able to correct all of them

Did I do something wrong ? Please explain me what's wrong with me

I hope this will help:
fire up the MS Visual studio, choose File/new/project. There choose a Win32 Console Application, then enter a name for a project and hit ok, choose an empty project.
Then click new text file and paste your code there, cilck File/save, enter a name something like program.c then ok. Click compile, sometimes I get errors at first time, so then click build, and then execute. It should work if you follow these steps.

Roby

Thanks roby, but I still have to correct the 20's errors I'm getting from the IIE5 exploit, right ? I know some C, but sometimes it's quite hard to find what's wrong with the code

Ah well, maybe I don't "deserve" to use the exploit , then *sigh*

This guys a private, and i am a trial? whats wrong there? "How do i Hack?"

Private is linked to the number of post I did.
As you can see I'm "Trial member" which means I have access to the same forum section than you. Stop whining.

-LKM

whing, grew out of that quite a few years ago, got nothing better to say we leave it as it is ;)

LKM, its not even pointed @ u,

try to find information about the next exploit!
.printer
.idq
.ida
.htw
webdav
this exploits are old but i stil know mony site that they have this problems
and search the website for the posible wronge codes on website like a bad php code or asp or something like that,
try to exploit ssl!
or make a dictionary attak on ftp.
there are more things that you can do but firest try to make a exploit.

[SIZE=1]Hey Nikscap,Jay,Fear and others...
I'm new to this forum, but not to this field...This is the first time I'm crackin a server, so i need help with an exploit.
I've gained almost all required information against my host, which is given below.:
Website: www.*****.com
IP: 204.***.141.15 **Edited By GSecur ***
Server: IIS 5.0
Database: MySQL 3.23.38
OS: WINNT
ports open: 10(0 firewalled, 1 filtered)
7 (ECHO)
9 (DISCARD)
13 (TIME)
17 (QUOTD)
21 (FTP)
15 (SMTP)
79 (FILTERED)(FINGER)
80 (HTTP)
135
443 (HTTPS)
1080 (SOCKS)

Now, I want an exploit to get the root(or rather administrator) access to this target on the FTP services(port 21)
So please do help me with the exploit, if any, and please also tell me how to actually execute it.
Thanxalot...
FL@ME


???????????????