uring the investigations... hehe...Okay, so the first thing we have to do in order to hack a server through a specific service (or to improve the security of a specific server) is it's (the service's) version. This can be easily done by viewing the daemon banner(4). Suppose we came across a computer that runs Sendmail 8.8.3 (which was quite old when this tutorial was written, meaning there should be a couple of bugs here. Sendmail is upgraded mostly when a new bug is found. In fact, everything except of the daemon's security is rarely changed during upgrades).Next thing we'll try to determine the OS (Operating System) which this daemon runs on. If Sendmail's banner won't tell us, the Telnet(19) daemon will. First telnet to port 23 and cross your fingers. If there's a daemon on that port, it's probably the Telnet daemon, and it'll probably give you the name and version of the OS. If not, you can either:1) Try looking for a guest account (username: guest, password: guest or username: newuser, password: newuser), since some systems give you these details only after you log in.2) Email admin@your-target.com and ask him (I recommend opening a mailbox on one of those free mailbox services such as Hotmail and Emailing him from there, since some admins(22) might get a little suspicious...).3) Try going to your target's website. This kind of information might be there, somewhere.If you still didn't find the OS, fear not! We might still be able to do a cool hack without this information, but still this information might come in handy, so do all you can to get your hands on it.Next thing, you browse some online databases until you find the hole you've been looking for. First of all I'll explain about the largest and most recommended online databases, and then I'll teach you how to search them, plus some valuable concepts and words you need to get familiar with.Packet Storm Security+++++++++++++++++++++URL: http://packetstorm.securify.com.One of th...
