6 replies to this topic

[Grimgraves]

Okay i know you guys have heard this alot but i need a little help, i need to get access to a site database but i dont know how to approach this I've looked everyware for e-books and tutorials but i`m pressed by time here, all i need is some advise.
Thanks

[hiruto]

try to get the ip address of the site first....you can ping it or just use whois website to find another site ip address...just try your best then...

[Grimgraves]

well i have the ip adress and the servers
but i dont know what technique to use

[Grimgraves]

Okay so i've done a little more digging and i've got 4 ports opened
PORT STATE SERVICE VERSION
22/tcp open ssh (protocol 2.0)
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd
443/tcp open ssl/https?

and port 443 still uses SSLv2 and has some weak ciphers, plus the remote proxy server can be used to send CONNECT requests.
as of the OS i'm not sure: Microsoft Windows 7 Enterprise (93%), Microsoft Windows Server 2008 SP1 (91%), BlueArc Titan 2100 NAS device (86%)
Can i do anything with this?
I dont need no tools just info.
By the way i have permission to test.

[Powerslave85]

Use a Tool like Nessus or w3af on linux, this tools are able to scan IPs and they scan for weak spots, software bugs and other backdoors etc. Nessus is Web based, w3af is a Linux thing, try using backtrack linux where these tools are included

[Ehunt]

Ummm...Backtrack is your friend. I would suggest taking some foot printing steps then some enumeration measures. But I would definitely take the foot printing steps more seriously. Finding out what services system is running with ACCURACY. After you successfully found what type of services are running on the system and the OS. Try looking for exploits. Nessus is your friend here also Especially if you have permission to perform these types of attacks.

www.exploit-db.com

[Lameth]

Ehunt, on 07 April 2013 - 10:45, said:

Ummm...Backtrack is your friend.

Correction: KALI Linux