Hacking ports

kunals's Avatar
Contributor
Alright im trying to hack my school's website, ( i get points if i do it successfully)
i scanned the webserver ip and i found, ports 80 (http), 3389, 25 and 8081 open.

i know port 3389 is to remote access it and i have done that already, but
when i use the Remote Desktop connection thing, i get into the computer successfully, but it asks me to log into the computer, and i need to somehow brute force the password.
how can i do this?

Also what can i do with port 25 and 8081?
0
neo_vi's Avatar, Join Date: Feb 2008
Invasive contributor
bruteforcing is tough. use any other security weakness to login as a super user or root.
0
kunals's Avatar
Contributor
well, idk if it has any weaknesses, because its simply a login
to get into a person's user account, cause everyone in the schools has their own
account. what u mean root?
0
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
Linux can crack RDP and VNC protocols, aswell as sniffing with Cain & Abel while using APR attack you can get the hash and then crack it, sniff between two or more computers, i.e a server and a few teachers while doing APR, get the hash and crack it. Read this: http://www.go4expert.com/showthread.php?t=14438 it might help, and read Cain's help file so that you know the tool inside and out: http://www.oxid.it
0
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
with cain you can get the NTLM hash, that is the password you want...
0
germanboy104's Avatar
Go4Expert Member
yea.....if ur using a PC to acess the network, just boot it off UBUNTU or some other free OS.
u can get the admin and use it 2 log on
0
kunals's Avatar
Contributor
wait guys, when i remote access the computer, i just seem a log in page, so im not able to
log into anything! i don't have access to a user account. all i have access to is a login screen.
0
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
Read my previous post... Do that
0
germanboy104's Avatar
Go4Expert Member
yea but.....maybe a stupid question.....he doesnt have a username to access the account
what if the username isnt standard? (ie Administrator)
but use that linux hack fo sho
0
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
Cain & Able has a Users enumerator to see the names of all the user accounts, thus he knows the user account he only needs the password hash so that he can crack the hash. The hash will be NTLM, to boot up from a cd he will need to be in physical contact with the target computer thus not making it a remote attack. He has to do it remotely as I understood. Enumerate the users using Cain & Abel, then get the hash, crack it using Cain & Abel and there you go. You can even Export the hash and take it home to crack it on your own time. To sniff the hash you will need to read the Help file on Cain & Abel, the manual is in there describing all the program features and uses.