__________SWAT MAGAZINE ISSUE TWENTY SEVEN MARCH 2000 ___________ / Site Busting III: Gathering infomation on your targets \ / By -=The Firestarter=- \ ----------------------------------------------------------------------- Ok a "few" people have asked me about this, heh and in my opinion it's just been a cover up for "write a guide on how to hack", well that's not something that i'm going to do, since it's not possible to be taught to hack, ok so NBug showed me to ropes with a lot of it and also pointed me in the right direction, and i now try to learn things for myself. As for what i learned about *nix systems, heh well i had to figure all of that out myself. Now i've got to be honest, i've always favored those who give back and work for themselves rather than wanting everything for nothing and wanting to be spoon fed, so instead of a step by step guide to 0wning an NT system, here's a simple yet effective way of utilising a number of tools to aid you in cracking a system, from there, you can use your knowledge to take it another step further. So without any delay, here's my mini review/personal choice of vulnrability scanners for you all! (1) SAAT - Shadow Scan Ok this is always my first choice when attacking a system, it has a range of nice features, but to be perfectly honest - i never use them. I find that the Site Info scanner is efficent enough for the information on a simple break in. Ok this loverly little feature resolves a domain name and scans that returning the following information: O/S of Server FTP server Daemon HTTP server Daemon SMTP Server POP3 Server NNTP Server DNS Server SOCKS Server Proxy Server Telnet Server Now for me atleast, that's usually enough to show me what i need to find and what exploits i need to either use or locate in order to get into the system. If it finds something that i've never encountered before then it's a simple case of locating any exploits in the huge archive that i have and carrying those out :o) So in a nutshell, SAAT is a very useful program that saves a lot of time when it comes to getting into servers. Oh yeah, and the Domain scanner that it has is also useful in locating servers! (2) ISS (Internet Security Scanner - i think) Heh, i love this tool! it tests for over 100 exploits on a system, any that are found it produces a report telling you where to get information on them, how to patch them as well as a number of other useful things. All you've gotta do is tell it the type of system (desktop computer, Unix server, NT server, Unix web server, NT Webserver etc) and what level to scan (i.e a level 5 scan will test just about everything on it whereas a level 1 scan won't). It can take a while to perform a full scan, but it is most definatly worth it. Once a hole is located, all you've got to do is exploit it. Since this program is so nice, it even tells us where the information to exploit it is found :o) I suppose that it's all worth it for a 30mb program that costs a fortune for the licenses (yeah it is a commercial program). Well those two programs (both are found on the SWAT CD) are pretty much all you need for locating holes, or potential holes, in any server out there.