Ayuda con shell para server :(
elmatador2:
hola gente... tengo una pregunta... estoy con lo de inyeccion mysql, y me puse a chusmear un rato...
bueno, voy al grano.
tengo varios user y pass de servidores pero son internos localhost de las db... y soy inicial y todavia no se como obtener una shell, y todavia no pude acceder a ningun servidor por ese tema... lei varios tutos que hay aca sobre eso, pero todavia no encontre como hacerlo...
:(
engel lex:
como tienes configurado el server?
elmatador2:
C:\nmap>nmap -sV -O -A -v -T4 213.149.XXXXXX
Starting Nmap 6.47 ( http://nmap.org ) at 2015-04-02 05:23 Hora estßndar de Arge
ntina
NSE: Loaded 118 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 05:23
Scanning 213.149.XXXXXX [4 ports]
Completed Ping Scan at 05:23, 1.15s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 05:23
Completed Parallel DNS resolution of 1 host. at 05:24, 7.05s elapsed
Initiating SYN Stealth Scan at 05:24
Scanning 213.149.XXXXXX [1000 ports]
Discovered open port 80/tcp on 213.149.XXXXXX
Discovered open port 3389/tcp on 213.149.XXXXXX
Discovered open port 445/tcp on 213.149.XXXXXX
Discovered open port 135/tcp on 213.149.XXXXXX
Discovered open port 21/tcp on 213.149.XXXXXX
Discovered open port 110/tcp on 213.149.XXXXXX
Discovered open port 443/tcp on 213.149.XXXXXX
Discovered open port 8080/tcp on 213.149.XXXXXX
Discovered open port 990/tcp on 213.149.XXXXXX
Discovered open port 7777/tcp on 213.149.XXXXXX
Discovered open port 1234/tcp on 213.149.XXXXXX
Discovered open port 2366/tcp on 213.149.XXXXXX
Discovered open port 1048/tcp on 213.149.XXXXXX
Discovered open port 1079/tcp on 213.149.XXXXXX
Discovered open port 843/tcp on 213.149.XXXXXX
Discovered open port 7201/tcp on 213.149.XXXXXX
Discovered open port 1076/tcp on 213.149.XXXXXX
Discovered open port 1044/tcp on 213.149.XXXXXX
Discovered open port 8654/tcp on 213.149.XXXXXX
Discovered open port 5910/tcp on 213.149.XXXXXX
Discovered open port 32777/tcp on 213.149.XXXXXX
Discovered open port 2323/tcp on 213.149.XXXXXX
Discovered open port 27353/tcp on 213.149.XXXXXX
Discovered open port 16080/tcp on 213.149.XXXXXX
Discovered open port 2144/tcp on 213.149.XXXXXX
Discovered open port 2717/tcp on 213.149.XXXXXX
Discovered open port 5087/tcp on 213.149.XXXXXX
Discovered open port 8649/tcp on 213.149.XXXXXX
Discovered open port 783/tcp on 213.149.XXXXXX
Discovered open port 1023/tcp on 213.149.XXXXXX
Discovered open port 5226/tcp on 213.149.XXXXXX
Discovered open port 1974/tcp on 213.149.XXXXXX
Discovered open port 2401/tcp on 213.149.XXXXXX
Discovered open port 8291/tcp on 213.149.XXXXXX
Discovered open port 2170/tcp on 213.149.XXXXXX
Discovered open port 50636/tcp on 213.149.XXXXXX
Discovered open port 2049/tcp on 213.149.XXXXXX
Discovered open port 2394/tcp on 213.149.XXXXXX
Discovered open port 8180/tcp on 213.149.XXXXXX
Discovered open port 541/tcp on 213.149.XXXXXX
Discovered open port 1521/tcp on 213.149.XXXXXX
Discovered open port 49154/tcp on 213.149.XXXXXX
Discovered open port 2106/tcp on 213.149.XXXXXX
Discovered open port 1043/tcp on 213.149.XXXXXX
Discovered open port 1042/tcp on 213.149.XXXXXX
Discovered open port 6/tcp on 213.149.XXXXXX
Discovered open port 10243/tcp on 213.149.XXXXXX
Discovered open port 60443/tcp on 213.149.XXXXXX
Completed SYN Stealth Scan at 05:24, 23.02s elapsed (1000 total ports)
Initiating Service scan at 05:24
Scanning 48 services on 213.149.XXXXXX
Completed Service scan at 05:26, 102.24s elapsed (48 services on 1 host)
Initiating OS detection (try #1) against 213.149.XXXXXX
Initiating Traceroute at 05:26
Completed Traceroute at 05:26, 3.08s elapsed
Initiating Parallel DNS resolution of 17 hosts. at 05:26
Completed Parallel DNS resolution of 17 hosts. at 05:26, 11.66s elapsed
NSE: Script scanning 213.149.XXXXXX.
Initiating NSE at 05:26
NSE Timing: About 25.44% done; ETC: 05:28 (0:01:31 remaining)
NSE Timing: About 27.19% done; ETC: 05:30 (0:02:43 remaining)
NSE Timing: About 27.19% done; ETC: 05:32 (0:04:04 remaining)
NSE Timing: About 27.19% done; ETC: 05:33 (0:05:24 remaining)
NSE Timing: About 28.07% done; ETC: 05:35 (0:06:27 remaining)
NSE Timing: About 28.95% done; ETC: 05:36 (0:07:24 remaining)
NSE Timing: About 37.72% done; ETC: 05:35 (0:05:48 remaining)
NSE Timing: About 64.91% done; ETC: 05:32 (0:02:10 remaining)
NSE Timing: About 73.68% done; ETC: 05:32 (0:01:37 remaining)
NSE Timing: About 79.82% done; ETC: 05:32 (0:01:16 remaining)
NSE Timing: About 85.09% done; ETC: 05:33 (0:01:06 remaining)
NSE Timing: About 91.23% done; ETC: 05:34 (0:00:41 remaining)
Completed NSE at 05:34, 488.12s elapsed
Nmap scan report for 213.149.XXXXXX
Host is up (0.32s latency).
Not shown: 952 filtered ports
PORT STATE SERVICE VERSION
6/tcp open unknown
21/tcp open ftp FileZilla ftpd
| ssl-cert: Subject: commonName=www.XXXXX.es/organizationName=XXXXX.ES/sta
teOrProvinceName=Madrid/countryName=34
| Issuer: commonName=www.XXXXX.es/organizationName=XXXXX.ES/stateOrProvinc
eName=Madrid/countryName=34
| Public Key type: rsa
| Public Key bits: 4096
| Not valid before: 2015-03-31T22:59:38+00:00
| Not valid after: 2016-03-30T22:59:38+00:00
| MD5: a2f0 a7bb 1267 defe b15c 12fe f4b7 81c0
|_SHA-1: a02d 9411 d751 7a39 ed53 18c2 76b8 bb26 ebdd 03d2
80/tcp open http Apache httpd
|_http-generator: ERROR: Script execution failed (use -d to debug)
|_http-methods: No Allow or Public header in OPTIONS response (status code 301)
|_http-title: Did not follow redirect to http://www.XXXXX.es/index.php
110/tcp open pop3 MailEnable POP3 Server
|_pop3-capabilities: USER TOP UIDL
135/tcp open msrpc Microsoft Windows RPC
443/tcp open ssh OpenSSH 6.6 (protocol 2.0)
| ssh-hostkey:
| 1024 a5:0a:ef:1f:10:d8:f0:a8:9e:ad:99:0e:2d:26:1b:69 (DSA)
| 2048 a5:1b:2a:d2:15:16:fe:be:3a:b1:7c:69:43:3f:b2:42 (RSA)
|_ 256 26:d4:c8:34:1b:bf:52:28:e0:fb:27:e5:b5:7d:b7:53 (ECDSA)
445/tcp open netbios-ssn
541/tcp open uucp-rlogin?
783/tcp open spamassassin?
843/tcp open unknown
990/tcp open ssl/ftp FileZilla ftpd
|_ftp-bounce: no banner
| ssl-cert: Subject: commonName=www.XXXXX.es/organizationName=XXXXX.ES/sta
teOrProvinceName=Madrid/countryName=34
| Issuer: commonName=www.XXXXX.es/organizationName=XXXXX.ES/stateOrProvinc
eName=Madrid/countryName=34
| Public Key type: rsa
| Public Key bits: 4096
| Not valid before: 2015-03-31T22:59:38+00:00
| Not valid after: 2016-03-30T22:59:38+00:00
| MD5: a2f0 a7bb 1267 defe b15c 12fe f4b7 81c0
|_SHA-1: a02d 9411 d751 7a39 ed53 18c2 76b8 bb26 ebdd 03d2
1023/tcp open netvenuechat?
1042/tcp open afrog?
1043/tcp open boinc?
1044/tcp open dcutility?
1048/tcp open neod2?
1076/tcp open sns_credit?
1079/tcp open asprovatalk?
1234/tcp open hotline?
1521/tcp open oracle?
1974/tcp open drp?
2049/tcp open nfs?
2106/tcp open loginserver L2J loginserver
2144/tcp open lv-ffx?
2170/tcp open eyetv?
2323/tcp open 3d-nfsd?
2366/tcp open qip-login?
2394/tcp open ms-olap2?
2401/tcp open cvspserver?
2717/tcp open pn-requester?
3389/tcp open ms-wbt-server Microsoft Terminal Service
5087/tcp open unknown
5226/tcp open hp-status?
5910/tcp open cm?
7201/tcp open dlip?
7777/tcp open cbt?
8080/tcp open http Apache httpd
|_http-generator: ERROR: Script execution failed (use -d to debug)
|_http-methods: No Allow or Public header in OPTIONS response (status code 301)
|_http-open-proxy: Proxy might be redirecting requests
|_http-title: Did not follow redirect to http://www.XXXXX.es/index.php
8180/tcp open unknown
8291/tcp open unknown
8649/tcp open unknown
8654/tcp open unknown
10243/tcp open unknown
16080/tcp open osxwebadmin?
27353/tcp open unknown
32777/tcp open sometimes-rpc17?
49154/tcp open msrpc Microsoft Windows RPC
50636/tcp open unknown
60443/tcp open unknown
Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
Device type: specialized|WAP|phone
Running: iPXE 1.X, Linksys Linux 2.4.X, Linux 2.6.X, Sony Ericsson embedded
OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linksys:linux_kernel:2.4 cpe:/o:linux:l
inux_kernel:2.6 cpe:/h:sonyericsson:u8i_vivaz
OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.
22), Sony Ericsson U8i Vivaz mobile phone
Network Distance: 18 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb-os-discovery:
| OS: Windows Server 2008 R2 Enterprise 7601 Service Pack 1 (Windows Server 20
08 R2 Enterprise 6.1)
| OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
| Computer name: Valakas2
| NetBIOS computer name: VALAKAS2
| Workgroup: LINEAGE2
|_ System time: 2015-04-02T10:26:41+02:00
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server supports SMBv2 protocol
TRACEROUTE (using port 443/tcp)
HOP RTT ADDRESS
1 0.00 ms 192.168.1.1
2 56.00 ms host70.200-3-60.telecom.net.ar (200.3.60.XX)
3 56.00 ms host61.186-153-152.telecom.net.ar (186.153.152.XX)
4 57.00 ms host110.190-224-165.telecom.net.ar (190.224.165.XXX)
5 49.00 ms xe-0-0-2.baires5.bai.seabone.net (195.22.220.XX)
6 169.00 ms xe-1-1-1.miami15.mia.seabone.net (195.22.199.XX)
7 168.00 ms xe-0-0-1.miami15.mia.seabone.net (195.22.199.XXX)
8 169.00 ms telefonica-data.miami15.mia.seabone.net (195.22.199.XX)
9 156.00 ms Et-3-0-0-0-grtmiana2.red.telefonica-wholesale.net (84.16.12.XXX)
10 202.00 ms Xe7-0-0-0-grtwaseq6.red.telefonica-wholesale.net (94.142.121.XXX)
11 298.00 ms Xe6-0-0-0-grtloneq1.red.telefonica-wholesale.net (94.142.119.XX)
12 300.00 ms Xe0-1-1-0-grtmadde2.red.telefonica-wholesale.net (213.140.37.XXX)
13 302.00 ms 216.184.113.119.nuevatel.com (216.184.113.XXX)
14 308.00 ms 216.184.113.111.nuevatel.com (216.184.113.XXX)
15 ...
16 303.00 ms 217-116-31-62.redes.acens.net (217.116.XXXX)
17 293.00 ms virtual5-isg3.acens.net (213.149.XXXXX)
18 316.00 ms 213.149.XXXXXX
scott_:
Quieres hacer una inyección a una pc?
Porque las pc no tienen MySql si no los hostings.
El scan que arroja tu análisis es de una computadora.
Trata de formular mejor tu pregunta.
E identifica los puntos de inyección si quieres hacerlo a una web.
Si es una pc. Hay otros métodos de instrusion. Pero claro si es tu computadora. Por lo que acabas de decir que estabas husmeando no puedo ayudarte mas.
Saludos.
engel lex:
al decir como está configurado no me refiero un nmap, esa noe s la configuración, eso es básicamente especulación... sería preferible un netstat -a -b -n (si es windows, si es linux -p -v) para saber que puertos corren que programas, luedo escoges los que parezcan vulnerables y muestra las versiones, con eso se podría empezar
Navegación
[#] Página Siguiente