Hello friends… I am new to hacking and have started taking online courses , watching tutorials , and right now I am trying with some pentest practicals
And for that purpose, started challenges in "Hackthebox.eu " . . I hope all are familiar with that site which seems to be good for beginers…
Right now, I am stuck the very first challenge. All I have is an ip address . I have to penetrate and exploit the system.I have to find the system ID and password.
What I did : With the ip, I tried zenmap and got the open ports,OS details.
But now, confused with the method of exploitation.
Which ports are most vulnerable??
How should one start with port hacking??
Is metasploit the best way to do this ?
Please pardon if I am asking too basic stuff…
I know hacking lessons cannot be spoon fed, but I need strong understanding of theses things to move further. so plz help!!!
HOW CAN ONE HACK A SYSTEM WITH THE ONLY INFORMATION BEIGN THE “IP Address of the machine”
Thanks in advance
Oh!! I am trying to get as many informations as possible regarding network scanning, attacking ports, etc which are useful for this task., but couldn’t find an effective method as of now…
Anyways, If you find anything informative please do share with me as well !!!
@BO41
Thanks for immediate response dude !!
But this is not what I needed xD
I cracked this “code generation” step and got registered to site and here’s where I am stuck!!
There are many machines provided with “ip address” alone and all we need to do is hack them down!!
BUT HOW ??
Thats where I need help
Try searching the services of each port on metasploit… you probably will find a exploit for any of the services running on tcp… i think you need to get a command shell and then dumb the password and then crack it (or maybe it is plain text and you dont need to) … and you can get a lot of information just from the ip if you know how
Windows/meterpreter/reverse_tcp is not an exploit, its a payload. The very basic skill is to find the service version (-sV nmap switch) and just google service name + vulnerability. You can also use searchsploit tool. But overall, go for vulnhub.com at first, download some easy machine for example SickOS and try to hack, if you are stuck read other’s writeups to see how they did it. Good luck.
Or you could watch few walkthroughs of retired machines to get some idea about how you go about enumerating machines.
Walkthroughs by Ippsec is a good source
From my experience, there’s no right exploit or as you ask, which ports are the most vulnerable. If the port is open, it is vulnerable. There’s many exploits for a single service. I use Google along with msf or even 0day which is a great source of known exploits. Sometimes, if FTP, Telnet, and/or SSH is open, than you could use Medusa or Hydra to try to crack the password, but even those services have their own vulnerabilities. It takes a lot of research with time and experience.