Interesting ports on xxx.xxx.xxx.xxx (This is the IP address of course): Not shown: 1654 closed ports PORT STATE SERVICE 25/tcp open smtp 42/tcp open nameserver 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 110/tcp open pop3 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 443/tcp open https 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 691/tcp open resvc 995/tcp open pop3s 1026/tcp open LSA-or-nterm 1029/tcp open ms-lsa 1720/tcp filtered H.323/Q.931 2105/tcp open eklogin 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3389/tcp open ms-term-serv 5631/tcp open pcanywheredata 6001/tcp open X11:1 6002/tcp open X11:2 Nmap finished: 1 IP address (1 host up) scanned in 18.578 seconds
The question I am about to ask is for educational purpose. I would like to know after the attacker scan with NMap on a targeted host... what can he do with a Windows XP OS??? Interesting ports on xxx.xxx.xxx.xxx (This is the IP address of course): Not shown: 1654 closed ports PORT STATE SERVICE 25/tcp open smtp 42/tcp open nameserver 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 110/tcp open pop3 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 443/tcp open https 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 691/tcp open resvc 995/tcp open pop3s 1026/tcp open LSA-or-nterm 1029/tcp open ms-lsa 1720/tcp filtered H.323/Q.931 2105/tcp open eklogin 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3389/tcp open ms-term-serv 5631/tcp open pcanywheredata 6001/tcp open X11:1 6002/tcp open X11:2 Nmap finished: 1 IP address (1 host up) scanned in 18.578 seconds I hope this can be a long thread bcoz there are so many ports available in this scan. And pls feel free to comment. I am a total newbie... Any help will truly be appreciated.
first you want an internet browser to connect to the different ports and EVENTUALLY find info: xxx.xxx.xxx.xxx: (port) example: 111.111.111.111:3306 but since you have this many ports you may want to check if it's an old server: 111.111.111.111/index/somethingthatdoesnotexist some servers gives you info that way You can also try using telnet to connect to each port: telnet target.com port note that there's a space between target and port. Sometimes that gives you information. once you got some information about it's hosting tools you can go to milw0rm.com or inj3ct0r.com and find an exploit for that hosting program they use (if any). You can also try bruteforcing passwords for the system (which is easy to catch, and they may have a time-limit for log-ins. You may also want to try different SQL injection attacks and XSS (lots of sites are vulnerable to those) try those, should do it... oh, and windows is bad, try Linux.. and remember: cracking is bad, hacking is good.