Getting into a Gameserver

MashedPotatoesMashedPotatoes Member Posts: 2 ■□□□□□□□□□
Hey guys, I just started out with pentesting etc. just because I'm interested in it. A good friend of main allowed me to use his minecraft server for pratice and to see if I could gain any acces at all. I have scanned a lot of ports, even found his ssh username trough username enumeration but I'm stuck now. what else can I try because I am very sure bruteforcing the ssh password won't really work, as I'm sure he uses a somewhat secure password. I already tried some metasploit exploits and research on the open OpenSSH ports but wasn't able to get in.

Here is everyting I gathered:

MyFriendsServer.com ---> xxx.xxx.xxx.xxx

Open ports:

PORT    STATE    SERVICE
80/tcp  open     http-apache-2
135/tcp     filtered msrpc
139/tcp     filtered netbios-ssn
443/tcp     open     https
445/tcp     filtered microsoft-ds
8162/tcp   open    VOTIFIER 2 (minecraft plugin allowing for vote
8163/tcp   open    VOTIFIER 2  rewards)
10011/tcp open   TS3
10022/tcp open   ssh   
10080/tcp open   http/amanda backup-tool
24101/tcp open   ssh
25565/tcp open   minecraft
30033/tcp open   unknown/something TS3 related

OpenSSH - [email protected]

Operating system (nmap result):

Linux 3.2 - 4.9 (97%)
Linux 3.13 (95%)
Linux 3.16 - 4.6 (94%)
OpenWrt Chaos Calmer 15.05 (Linux 3.18) or Designated Driver (Linux 4.1 or 4.4) (94%)
Linux 2.6.32 (93%)
Linux 2.6.32 - 3.10 (93%)
Linux 3.10 - 4.11 (92%)
Linux 3.13 - 3.16 (92%)
Linux 4.10 (92%)
No exact OS matches for host (test conditions non-ideal).
-----------------------------------------------------------
Network Distance: 10 hops



Tagged:

Comments

  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Member Posts: 428 ■■■■□□□□□□
    It's hard to say for certain how close you are with this good friend, but are you certain that the IP you are attacking is really his? If not, it may get you a one-way ticket to jail.

    May I suggest you to consider other platforms for learning instead such as TryHackMe, HTB and CTFs? These provide guided learning paths for beginners and there are write-ups you can use.
    X year plan: (20XX) OSCP [ ], CCSP [ ]
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,669 Admin
    Yeah, you'll get some good pentesting ideas from learning sites like TryHackMe, Hack The Box, and Hack.me. There is also an upcoming webinar on Preparing for the OSCP Exam that will be of interest to pentesters.

  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupMember Posts: 209 ■■■■■□□□□□
    Good points so far. There's also the part where you need to ask "does this server really belong to my friend?". If they hired the server from a hosting provider, then no. Plus, the hosting provider will also have a thing or two to say about you using their network to attack this server. 

    Now, if all of this is on your home network, internally? Have at it.

    Putting that aside: we, as a community, have no way of knowing whether you're being honest with us. Is your friend really that nice, letting you hack their server? Or is your friend a "friend" and you want to troll them, or did they annoy you at some point in time and you now want to get back at them? What easier way than to ask some infosec profs help you "learn hacking", no? 

    I'm with the others: if you want to learn about this stuff, do it in a safe and controlled environment. Either sign up for a course, use one of the aforementioned (free) learning providers or run your own lab at home. 
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2020: Renew RHCE (with EX407), CompTIA CTT+, Autopsy forensics, Applied Purple Teaming (BHIS) All done!
    2021: Modern Web-app pen-testing (BHIS), PDSO CDP, Docker DCA, PortSwigger Burp Suite class.
  • MashedPotatoesMashedPotatoes Member Posts: 2 ■□□□□□□□□□
    Well I guess I'll start from there but still thank you
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,669 Admin
    You might also have a look in the discussion forums at The Ethical Hacker Network.

Sign In or Register to comment.