I have managed to learn how to make port 20 available on win 9.x machines. Now I have this other problem. I cannot connect to a computer that has this vulnerability. I cannot explore the files there.
I have used LEGION but it does not detect that the port is open. It may be my computers fault i don't know why??? I have no firewall and there is no proxy on.
What is Lmhosts.sam got to do with this thing? I heard it makes the other machine available after entering the share's name and the IP. The thing i do not understand is how to "FIND THE COMPUTER" over TCP/IP. Do I need some software or is it already included in the windows 9.x version ???

Port 20 is ftp-data, it shouldn't just be "open", and even if it was i'm not sure how exploitable it would really be. It would totally depend on what ftpd is sitting on that port. How are you "opening:" this port?

sum

Start>Settings>Control Pannel>Network>File and Print Sharring
Check the two boxes there and voila! port 20 gets opened. The best way to open them on a victim computer is to make the user there open them, trough IRC or an e-mail(social engineering if I am not wrong).
People seem to get paranoied when they are told a virus is on their comp. <img border="0" alt="" title="" src="graemlins/laugh.gif" />

That has absolutely nothing to do with port 20. Netbios (file and print sharing) would open port 139. That is prolly why your scans show it as closed, because it is. Turn on file sharing, and scan for port 139, I'll bet ya you'll find that one open. What made you think you were opening port 20?

sum

I have this stupid "Hacking Bible" that said this was the method to acces files trough netbios and probably ftp. As I can see it is something wrongh with it or there is something wrong with me!!! Ok then ...
Let's say port 139 is open. How do I acces files trough it? Do I need some sharing utils??? As Microsucks (sorry Microsoft) Sharing?

Here, this should answer any questions you have about this. It explains how to go about exploiting file sharing, and explains things like lmhosts that you already asked about.

http://blacksun.box.sk/tutorials.php?id=22

Keep in mind here that what you're trying to do is a few years old and doesn't work anywhere near as often as it did 4 years ago. As well it's pretty lame way to go about this; it requires no skill at all.

sum

I'm a whore!

(proudly edited by RAGE)

DaMaRiS please keep your comments for yourself, this is an interesting topic so let them do they're work precise if you have something smart to add or something that could help fixing the problem/finding the best solution even though i think sum did it all. This is not a General Chat. Thanks

bp

Yes, Damaris, please stop going from topic to topic trying to start [censored]...

Another thing that I didn't see in that tutorial (maybe I missed it?) is Null Sessions that can be established with MS File Sharing on NT boxes. Basically Null Sessions are used to gain information about systems. If file sharing is enabled on an NT box, chances are you can use null sessions, this is the general format for using shares:

net use \\<target IP>\[share] * /u:[username]

this is the general format for using Null Sessions on boxes:

net use \\[target IP]\IPC$ "" /u:""

Then you have to use a program called DumpSec to gain information once you have established the Null Session, search for this program on google, it's really easy to find.

To disable Null Sessions on your box you have to change registry settings, on win2k go to the directory

HKLM\SYSTEM\CurrentControlSet\Control\LSA

in your registy and chang the "restrictanonymous" key to 2. On NT 4 you have to create the "restrictanonymous" key in that directory and set it to 1. If I have screwed up any of the information here please let me know (unreal?), but i'm pretty sure this is correct.

Thanks for the link sum. It completed my knoledge about the topic.
I know this is lame and I intend to stop doing it as soon as I find some other stuff to exploit. I already got myself a shell and started to learn the basic Linux commands (actually restarted as I had this really [censored]-up version of linux on my comp 1 year ago and I have learned nothing from it)