Nmap

[eatcheese]

So i just started using Nmap and i can trace ip's and find all the information. But there is a big problem for me...what do i do with the servers that have weaknesses in them. This may sound silly but i have found a server with a open telnet port and i would like to take advantage of that, so if anyone can point me in the direction of any tutorials or anything that i should learn and use to help me i would be so great-full. Thank you.

-- Fri Aug 20, 2010 11:44 am --

and i almost forgot. I am running windows xp. Thanks again.

[Goatboy]

Generally, you would research the specific service (version, release, etc.) and search for vulnerabilities. There are a few ways to do this. You can download the source code yourself (if it is open-source or you have a way of getting it) and review it. You can Google it, or use one of the many vulnerability databases. You can use metasploit to speed up this process, but make sure you're actually learning something instead of just aiming it at a server and hoping for a result.

[eatcheese]

Generally, you would research the specific service (version, release, etc.) and search for vulnerabilities. There are a few ways to do this. You can download the source code yourself (if it is open-source or you have a way of getting it) and review it. You can Google it, or use one of the many vulnerability databases. You can use metasploit to speed up this process, but make sure you're actually learning something instead of just aiming it at a server and hoping for a result.

So i understand what your saying but i just wanna know are there any good books on unix or #c that i should learn before hopping into this because i honestly have no idea what to do when i find a weakness. I an fairly good at reading code and knowing what is going on but if i were to try to get the source code, how would i go about doing that? Thanks again in advance.

[IncandescentLight]

The vulnerability source codes can be found at sites like these: http://www.exploit-db.com or http://www.milw0rm.com. A hint for you is that you may have to download additional libraries into your complier so that these codes can be run, and some editing may have to be done. To find out what a vulnerability, especially stack-based overflows, and how to find them, check this link out: http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

[sanddbox]

Congratulations! You're a skiddie, and on the fast track to becoming an UBAR-skiddie, the highest form of hackers. UBAR skiddies craft a delicious blend of trolling, hacking, and utter stupidity.

Contrary to what other skiddies will tell you, an open port is not the equivalent of an open door. An open port is the difference between a club blocked with a titanium door only openable from the inside and a regular door with a bouncer guarding it.

Even if a port is open, the port has to be running a service that has a known vulnerability. Continuing with my earlier horrible analogy, think of outdated services like a blind bouncer - easily circumvented. Exploiting an exploitable service is as simple as going into UBAR SKIDDIE mode and running vulnerabilities from milw0rm or other SUPAR SKIDDIE sites. (In case you're wondering, UBAR skiddies are more advanced than SUPAR skiddies).