What a hacker may do after this NMap scan???

Discussion in 'Ethical hacking' started by cyberquest, Aug 3, 2006.

  1. cyberquest

    cyberquest New Member

    Joined:
    Aug 3, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Interesting ports on xxx.xxx.xxx.xxx (This is the IP address of course):
    Not shown: 1654 closed ports
    PORT STATE SERVICE
    25/tcp open smtp
    42/tcp open nameserver
    53/tcp open domain
    80/tcp open http
    88/tcp open kerberos-sec
    110/tcp open pop3
    135/tcp open msrpc
    139/tcp open netbios-ssn
    389/tcp open ldap
    443/tcp open https
    445/tcp open microsoft-ds
    464/tcp open kpasswd5
    593/tcp open http-rpc-epmap
    636/tcp open ldapssl
    691/tcp open resvc
    995/tcp open pop3s
    1026/tcp open LSA-or-nterm
    1029/tcp open ms-lsa
    1720/tcp filtered H.323/Q.931
    2105/tcp open eklogin
    3268/tcp open globalcatLDAP
    3269/tcp open globalcatLDAPssl
    3389/tcp open ms-term-serv
    5631/tcp open pcanywheredata
    6001/tcp open X11:1
    6002/tcp open X11:2
    Nmap finished: 1 IP address (1 host up) scanned in 18.578 seconds
     
  2. cyberquest

    cyberquest New Member

    Joined:
    Aug 3, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    The question I am about to ask is for educational purpose. I would like to know after the attacker scan

    with NMap on a targeted host... what can he do with a Windows XP OS???

    Interesting ports on xxx.xxx.xxx.xxx (This is the IP address of course):
    Not shown: 1654 closed ports
    PORT STATE SERVICE
    25/tcp open smtp
    42/tcp open nameserver
    53/tcp open domain
    80/tcp open http
    88/tcp open kerberos-sec
    110/tcp open pop3
    135/tcp open msrpc
    139/tcp open netbios-ssn
    389/tcp open ldap
    443/tcp open https
    445/tcp open microsoft-ds
    464/tcp open kpasswd5
    593/tcp open http-rpc-epmap
    636/tcp open ldapssl
    691/tcp open resvc
    995/tcp open pop3s
    1026/tcp open LSA-or-nterm
    1029/tcp open ms-lsa
    1720/tcp filtered H.323/Q.931
    2105/tcp open eklogin
    3268/tcp open globalcatLDAP
    3269/tcp open globalcatLDAPssl
    3389/tcp open ms-term-serv
    5631/tcp open pcanywheredata
    6001/tcp open X11:1
    6002/tcp open X11:2
    Nmap finished: 1 IP address (1 host up) scanned in 18.578 seconds

    I hope this can be a long thread bcoz there are so many ports available in this scan. And pls feel free

    to comment. I am a total newbie... Any help will truly be appreciated.
     
  3. Xerei

    Xerei New Member

    Joined:
    Jun 8, 2010
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    0
    first you want an internet browser to connect to the different ports and EVENTUALLY find info:
    xxx.xxx.xxx.xxx: (port) example:
    111.111.111.111:3306
    but since you have this many ports you may want to check if it's an old server:
    111.111.111.111/index/somethingthatdoesnotexist
    some servers gives you info that way
    You can also try using telnet to connect to each port:
    telnet target.com port
    note that there's a space between target and port.
    Sometimes that gives you information.
    once you got some information about it's hosting tools you can go to milw0rm.com or inj3ct0r.com and find an exploit for that hosting program they use (if any).
    You can also try bruteforcing passwords for the system (which is easy to catch, and they may have a time-limit for log-ins.
    You may also want to try different SQL injection attacks and XSS (lots of sites are vulnerable to those)
    try those, should do it...
    oh, and windows is bad, try Linux.. and remember: cracking is bad, hacking is good.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice