About: The way that pretty much all pc’s are hacked is by gathering info, then finding a security bug. By reading this I hope you’ll learn how much info. can be obtained from your server, and hopefully how to stop it.
I’m repeatedly getting blank e-mails to my Outlook (don’t laugh) inbox. I right click, choose properties and look at the message source. The following interesting information is included :
Received: from AspEmail ([18.104.22.168])
I recognize the numbers as an IP, and Asp as the Windows equivalent of Php, which normally runs on NT servers.
This means using a program that tries to access all ports (think of as doors) to see if servers are running. So i port scan (get one here ) and find the following ports are open:
19,21 and 22 are all FTP server. 53 is the domain, 80 is HTTP (web server), and 139 is NetBIOS-ssn
Portscanning is easy to detect and could get you kicked off your isp (unlikely though)
Getting info. on the servers
139 is the most interesting, net bios allows you to use a hard drive and printer remotely. I type “nbtstat -A 22.214.171.124” at the command prompt to find more info on it. By clicking start, find computer then entering the IP I could attempt to access the computer.
Next, I open up telnet and connect to the FTP server, and I get the following response:
220 Serv-U FTP-Server v2.5k for WinSock ready…
Serv-U is a Windows FTP server, plus it’s given away in “WinSock”.
Now, if you actually wanted to hack the server you would simply do a search on google for exploits for the servers that are running. Now you should see the importance of a firewall, which prevents most hackers from even seeing your computer.
Other information gathering techniques:
Using the dos/ Linux commands tracert [ip] and ping [ip]
Or use an online version:
Finding out the server that runs
Unfortunately, most web servers are more than happy to give out detailed information about themselves. By attempting to access a file which you know doesn’t exist on a server, eg. [https://techsoftcenter/nonexistant] a 404 error will be given, along with the server name and version.
This is a default script, installed on most servers. By going to www.servername.com/cgi-bin/test-cgi it can be accessed