arikbku Posted May 19, 2013 Share Posted May 19, 2013 Hey I've got a doubt , is there any exploit in metasploit to exploit port 139 ? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted May 20, 2013 Share Posted May 20, 2013 You don't exploit a port, you exploit the service running on that port. Also, ports are arbitrary because you can bind any service to run on any port. Quote Link to comment Share on other sites More sharing options...
digip Posted May 20, 2013 Share Posted May 20, 2013 That being said by Mr Protocol, what he says is true, however, port 139, is usually used to identify Windows systems, so if you're looking to exploit "port 139" as you put it, first thing you will want to do is identify a system with port 139 open, thoroughly determine if its a true open port, the OS, or if its a honeyport/honeypot. With port 139 open, most likely, you should see ports 135-139 open, and be able to fingerprint it as windows of some sort. Higher up ports also open on same box, may help narrow down which windows OS it is, but you can bind a service to port 139 in linux or any OS, or even port forward from a router and servers for different reasons, such as honeypots. You hit the port, they record your ack, and then add you to a hostile IP list, and block you from the rest of the box, so you need to be stealthy in your work. Well known ports, are ports 1-1024, and usually defined by IANA, but that doesn't mean you can't assign any service to any port(depending on the OS and if something is already running on that port) Check this list for more help: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml Might shed some light on what you're after, give you insight into probing ports and fingerprinting known services and operating systems. Quote Link to comment Share on other sites More sharing options...
arikbku Posted May 22, 2013 Author Share Posted May 22, 2013 Thanks a lot , I was just wondering if there was any exploit to get into a windows 7 pc remotely , like a ms08_067_netapi but on Windows 7 , that's why i thought that netbios was an option , but is there any way to exploit win 7 remotely (still in lan) Quote Link to comment Share on other sites More sharing options...
digip Posted May 22, 2013 Share Posted May 22, 2013 ms08_067 is an XP/server 2003 attack, doesn;t work on Vista and Win7, although I think Mubix has a similar hack that works on Win7 much like the old ms08_067 attack. Hit up his blog on http://www.room362.com/ or one of his other blog sites. He'd probably know similar RPC attacks and Server service attacks for Win7. Quote Link to comment Share on other sites More sharing options...
arikbku Posted May 26, 2013 Author Share Posted May 26, 2013 Thanks a lot but I couldn't find any remote exploit , which did you find ? Quote Link to comment Share on other sites More sharing options...
digip Posted May 27, 2013 Share Posted May 27, 2013 (edited) Thanks a lot but I couldn't find any remote exploit , which did you find ?Remote exploits are only going to work if they are not behind NAT(and you aren't as well or port forward to your listening port for Metasploit), so first, you have to get past NAT to get onto the internal LAN of your target as the WAN side will usually be firewalled or behind a router, then work you way through machines on the target network from there ;) Edited May 27, 2013 by digip Quote Link to comment Share on other sites More sharing options...
arikbku Posted May 29, 2013 Author Share Posted May 29, 2013 Ok , thank u very much Quote Link to comment Share on other sites More sharing options...
digip Posted May 29, 2013 Share Posted May 29, 2013 Ok , thank u very much You're welcome. Most people forget about NAT, but if you see port 139 exposed from the internet side, most likely, the box is directly conencted to the modem, or in a DMZ. Be stealthy, use various nmap scans, and be sure its not a honeypot/honeyport. You wouldn't normally see port 139 from the internet over WAN, and normally only see it on the LAN side, if you're already on the same LAN/Subnet/Segment. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.