He conseguido acceder mediante la IP, y hacer un scan con nmap del tráfico y de los servicios. Ahora creo que deberia buscar una vulnerabilidad y acceder mediante un exploit, pero no sé como hacerlo! Os pego el scan del nmap:
Starting Nmap 5.51 (
http://nmap.org ) at 2011-03-21 17:03 Pacific Daylight Time
NSE: Loaded 57 scripts for scanning.
Initiating ARP Ping Scan at 17:03
Scanning 192.168.2.116 [1 port]
Completed ARP Ping Scan at 17:03, 1.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:03
Completed Parallel DNS resolution of 1 host. at 17:03, 0.57s elapsed
Initiating SYN Stealth Scan at 17:03
Scanning 192.168.2.116 [1000 ports]
Discovered open port 445/tcp on 192.168.2.116
Discovered open port 554/tcp on 192.168.2.116
Discovered open port 139/tcp on 192.168.2.116
Discovered open port 135/tcp on 192.168.2.116
Discovered open port 49156/tcp on 192.168.2.116
Discovered open port 5357/tcp on 192.168.2.116
Discovered open port 49153/tcp on 192.168.2.116
Discovered open port 2869/tcp on 192.168.2.116
Discovered open port 49154/tcp on 192.168.2.116
Discovered open port 49152/tcp on 192.168.2.116
Discovered open port 49157/tcp on 192.168.2.116
Discovered open port 6646/tcp on 192.168.2.116
Discovered open port 10243/tcp on 192.168.2.116
Discovered open port 49155/tcp on 192.168.2.116
Completed SYN Stealth Scan at 17:03, 7.92s elapsed (1000 total ports)
Initiating Service scan at 17:03
Scanning 14 services on 192.168.2.116
Service scan Timing: About 57.14% done; ETC: 17:05 (0:00:33 remaining)
Completed Service scan at 17:05, 81.45s elapsed (14 services on 1 host)
Initiating OS detection (try #1) against 192.168.2.116
NSE: Script scanning 192.168.2.116.
Initiating NSE at 17:05
Completed NSE at 17:06, 40.12s elapsed
Nmap scan report for 192.168.2.116
Host is up (0.015s latency).
Not shown: 986 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open netbios-ssn
554/tcp open rtsp?
2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-methods: No Allow or Public header in OPTIONS response (status code 503)
|_http-title: Service Unavailable
6646/tcp open unknown
10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-methods: No Allow or Public header in OPTIONS response (status code 404)
|_http-title: Not Found
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
MAC Address: 78:DD:08:C5:8C:17 (Hon Hai Precision Ind. Co.)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2008|Vista|7
OS details: Microsoft Windows Server 2008, Microsoft Windows Vista SP0 or SP1, Server 2008 SP1, or Windows 7
Uptime guess: 0.160 days (since Mon Mar 21 13:15:13 2011)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: Busy server or unknown class
Service Info: OS: Windows
Host script results:
| nbstat:
| NetBIOS name: PC-XXXXX, NetBIOS user: <unknown>, NetBIOS MAC: 78:dd:08:c5:8c:17 (Hon Hai Precision Ind. Co.)
| Names
| PC-XXXXX<20> Flags: <unique><active>
| PC-XXXXX<00> Flags: <unique><active>
| WORKGROUP<00> Flags: <group><active>
|_ WORKGROUP<1e> Flags: <group><active>
|_smbv2-enabled: Server supports SMBv2 protocol
| smb-os-discovery:
| OS: Windows 7 Home Premium 7600 (Windows 7 Home Premium 6.1)
| Name: WORKGROUP\PC-XXXXX
|_ System time: 2011-03-21 09:05:16 UTC+1
TRACEROUTE
HOP RTT ADDRESS
1 15.48 ms 192.168.2.116
Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 139.32 seconds
Raw packets sent: 2026 (90.982KB) | Rcvd: 35 (1.862KB)
PD: Hay alguna posibilidad de que la victima se entere de mi intrusión?