Sorry for seeming like a complete newbie. I was looking at a tutorial on how to get access to a school's exams. I figured out with xprobe2 that it is running HP UX 11.0x. I was wondering if anyone could explain how I could find the exploit for this Unix version? I've looked at other tutorials but they involve using Backtrack and I'm using Kali and I couldn't really figure it out.
Forum Thread: Hacking into a Unix School Server
- Hot
- Active
-
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
2 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
2 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
4 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
6 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
7 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
7 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
7 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
9 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
10 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
10 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
11 mo ago
-
Hack Like a Pro: How to Crack Passwords, Part 3 (Using Hashcat)
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
Hack Like a Pro: How to Crack User Passwords in a Linux System
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
-
How To: Use Hash-Identifier to Determine Hash Types for Password Cracking
-
How To: Spy on Your "Buddy's" Network Traffic: An Intro to Wireshark and the OSI Model
-
How To: Use Leaked Password Databases to Create Brute-Force Wordlists
-
How To: Perform Local Privilege Escalation Using a Linux Kernel Exploit
-
Hack Like a Pro: Finding Potential SUID/SGID Vulnerabilities on Linux & Unix Systems
-
Locking Down Linux: Harden Sudo Passwords to Defend Against Hashcat Attacks
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
Hack Like a Pro: How to Find Directories in Websites Using DirBuster
-
How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To: Use Kismet to Watch Wi-Fi User Activity Through Walls
-
How To: Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To: Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How To: Use Metasploit's WMAP Module to Scan Web Applications for Common Vulnerabilities
-
How To: Dox Anyone
22 Responses
Using Backtrack or Kali doesn't change anything. You can use any Linux distro the only thing you have to do is to download the right exploit and exploit it correctly, which means understanding what you do, including breaking laws.
Well have a look at OTW post on this topic. Here
I was referring to that tutorial but it refers to Windows 7 server. I did more recon on the school server and found it runs Solaris 10. I'm just trying to figure out how I can find the exploit for the system like the one used in the tutorial
Jane:
Open the Metasploit console and type;
msf > search type:exploit platform:solaris
That will find all the Solaris exploits in Metasploit.
OTW
Thank you so much! There are a lot of exploits. Would there be a particular one I'm looking for? Actually, the same directory /exploit/windows/smb/ms08067netapi from part 1 of the tutorial is also on the list of exploits. Would that work the same way?
No, that won't work. That is strictly a windows exploit.
Jane:
If I were you and new to hacking, I would be very careful. A lack of experience and skill will likely lead to your being detected and caught.
OTW
Is there a way to find an exploit that would work on this server?
Greetings, IMO with out foot printing this network I would go for a reverse shell if I'm inside the switch perimeter.
Maybe sit on network as rouge AP try to MITM for credentials.
Maybe subterfuge it a little, Or ponit the nuke Msf at it.
Maybe check banners to see if open in another spot. So many different ways really.
Don't know would need to be there to see..
I Agree 100% with OTW you will probably get rammed for doing this without planning and info
You mean I would need to be connected to the network to figure it out?
Oh ok so we are talking Controllers, Switches, APs, IT Dept, Server Farm, Cisco Fire Walls etc... No Problem. You need to drop a pineapple in the switch room.
In all realness you can do what you want you just need to do it in a way wont have Homeland kicking in your dorm room door.
Lol, I commute so I'm pretty far from the actual campus. Sorry for being a noob but what does that mean?
Example of a network topology.
Great place to get names of videos you need to find to train with
sorry forgot to add this one for kali Here
Jane:
We really don't have enough info to tell what exploit will work, but have you checked out my Linux hack? There is a Solaris version of this exploit and depending upon the age and patch history of the server, it may work.
I will once again warn you that without some practice and skill, you are likely to be caught.
OTW
JANE DOE
I would advice you not to try anything if you are not sure what you are doing......you will get caught.
EVIL GENIOUS
I understand. If I am connected to a vpn server instead of a home server when doing this, are the chances of being caught reduced? Or are they still equal?
I was looking at this forum post
https://null-byte.wonderhowto.com/forum/hack-school-server-0149483/
However my school runs Blackboard and its main server on completely different systems. Would it be possible to get into Blackboard to access an account?
Wow I can't believe so many people are answering this post.
Jane, if you have to ask the questions your asking then basically you cant do it. If you knew what you were doing you would be asking questions such as, hey guys how come this is not working its a such and such and this and that and according to my information it should work.
it doesn't matter how you get in the system at the stage you appear to be they can track you.
edited:
Also not to mention its a school system, how many students do you think try to hack them every year. Do you not think this would be a difficult first project for you since they have had years to tighten their security?
Jane Doe:
As Jon Masters said, you clearly don't have the experience or knowledge to be able to do this effectively. Don't attempt it, you will be found out and face expulsion.
However, the choice is purely yours.
ghost_
I have to say something else,
I watch allot of forums and questions like hers are popping up all over the place, from what I understand it common this time of year. And in each forum they ask the same questions as above. They don't know what they are doing and want others to do it for them.
Here is what bothers me, not only do they get grades that have to be hacked because they will not apply themselves to their studies, they ask hackers to do their hacking for them. Again not applying themselves.
I could understand getting bad grades because your learning hacking and using your new skills to get better grades, but i can't understand, not knowing your lessons and not knowing hacking. Means your not applying yourself to anything but having fun.
Jon Masters:
Which is why I don't help them. I feel like it's the general instant gratification mentality people have and that aggravates me.
The other thing is how they think this will help them. I daresay there are physical copies of results floating around, so lecturers will likely see their 'results' and look into it. It's not just a digital format they're trying to fool, they're trying to get it past people who will use good old fashioned detective work to get an answer.
In any case, I don't understand why they think it will get them anywhere. I mean, there's literally nothing in it for me and I don't care if they get bad grades.
But I digress.
ghost_
Jon Masters
true
Evil Genious
Lol i dunno GHOST_ I do like bitcoins
Share Your Thoughts