Everything related to hacking, opsec, and programming. Malware, phishing, DDoS, coding, research and news.
Rules:
• Be civil.
• No promotion for paid content or selling of guides.
• No looking for or advertising hacking services. For that please visit /d/Jobs4Crypto.
• Be nice to newbies, you used to be one of them.
All rules as well as the punishments are here.
by /u/httpredator · 0 votes · 3 weeks ago
So i've accumulated over 8000 IP addresses that have open ports 21, 3306, and 5432 on them. (They definitely have more open ports as I just used -p 21,3306,5432)
What's the quickest way for me to do version or vulnerability scans on them?
They range from mail servers to weird things like 2-343-44.5-companydotcom
If someone gives me some worthwhile tips on scanning these effectively I will pm you with a bunch of vulnerable IP addresses that I discover for your troubles.
It will just take forever using nmap scripts or version detection.
Also, for some reason I ran the scans with the -sV flag and I didnt get a single version number out of it, and all of the services had a ? at the end of them. IDK why.
/u/DeepCreep · 2 votes · 3 weeks ago · Link
nmap -sV is the best/quickest way. Any scripts and probes written by anyone else will do the exact same thing. To be more time efficient though you could do a basic nmap scan in the ranges you want, find which ips have open ports, then filter those by the open ports you're interested in, then do version detection on the filtered list.
The other thing is that a lot of web apps have WAFs on them and you won't get any information from them from version detection. Using a WAF is a pretty standard practice. Or those services are simply not advertising version information through banners or in headers, etc.
/u/httpredator
· 1 votes
· 2 weeks ago
· Link
What ports/services are the best route for someone on the newer side? I targeted ftp because it's known to have a lot of vulnerabilities as well as databases because I want to either get personal info out of them or put the whole database up for ransom. Every IP I scanned has ports 21,3306, or 5432 open, so i know I can attack that but after what normally takes 15 mins for a -p- scan on ctfs took like 12 hours in the wild, maybe because im routed through tor or firewalls? Anyways though I found a shitload of open ports, but the -sV flag or the -A flag is just not working for me I'm getting no additional information.
/u/DeepCreep · 1 votes · 2 weeks ago · Link
[removed]
/u/AutoModerator M · 1 votes · 2 weeks ago · Link
All links require moderator approval.
This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.
/u/httpredator
· 1 votes
· 2 weeks ago
· Link
your post was removed
/u/httpredator
· 1 votes
· 2 weeks ago
· Link
Also let me know if you would like me to pm you some of the ip addresses, I'm happy to share.