Getting into a Gameserver
MashedPotatoes
Member Posts: 2 ■□□□□□□□□□
in Pentesting
Hey guys, I just started out with pentesting etc. just because I'm
interested in it. A good friend of main allowed me to use his minecraft
server for pratice and to see if I could gain any acces at all. I have
scanned a lot of ports, even found his ssh username trough username
enumeration but I'm stuck now. what else can I try because I am very
sure bruteforcing the ssh password won't really work, as I'm sure he
uses a somewhat secure password. I already tried some metasploit exploits and research on the open OpenSSH ports but wasn't able to get in.
Here is everyting I gathered:
MyFriendsServer.com ---> xxx.xxx.xxx.xxx
Open ports:
PORT STATE SERVICE
80/tcp open http-apache-2
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
8162/tcp open VOTIFIER 2 (minecraft plugin allowing for vote
8163/tcp open VOTIFIER 2 rewards)
10011/tcp open TS3
10022/tcp open ssh
10080/tcp open http/amanda backup-tool
24101/tcp open ssh
25565/tcp open minecraft
30033/tcp open unknown/something TS3 related
OpenSSH - [email protected]
Operating system (nmap result):
Linux 3.2 - 4.9 (97%)
Linux 3.13 (95%)
Linux 3.16 - 4.6 (94%)
OpenWrt Chaos Calmer 15.05 (Linux 3.18) or Designated Driver (Linux 4.1 or 4.4) (94%)
Linux 2.6.32 (93%)
Linux 2.6.32 - 3.10 (93%)
Linux 3.10 - 4.11 (92%)
Linux 3.13 - 3.16 (92%)
Linux 4.10 (92%)
No exact OS matches for host (test conditions non-ideal).
-----------------------------------------------------------
Network Distance: 10 hops
Here is everyting I gathered:
MyFriendsServer.com ---> xxx.xxx.xxx.xxx
Open ports:
PORT STATE SERVICE
80/tcp open http-apache-2
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
8162/tcp open VOTIFIER 2 (minecraft plugin allowing for vote
8163/tcp open VOTIFIER 2 rewards)
10011/tcp open TS3
10022/tcp open ssh
10080/tcp open http/amanda backup-tool
24101/tcp open ssh
25565/tcp open minecraft
30033/tcp open unknown/something TS3 related
OpenSSH - [email protected]
Operating system (nmap result):
Linux 3.2 - 4.9 (97%)
Linux 3.13 (95%)
Linux 3.16 - 4.6 (94%)
OpenWrt Chaos Calmer 15.05 (Linux 3.18) or Designated Driver (Linux 4.1 or 4.4) (94%)
Linux 2.6.32 (93%)
Linux 2.6.32 - 3.10 (93%)
Linux 3.10 - 4.11 (92%)
Linux 3.13 - 3.16 (92%)
Linux 4.10 (92%)
No exact OS matches for host (test conditions non-ideal).
-----------------------------------------------------------
Network Distance: 10 hops
Tagged:
Comments
May I suggest you to consider other platforms for learning instead such as TryHackMe, HTB and CTFs? These provide guided learning paths for beginners and there are write-ups you can use.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Now, if all of this is on your home network, internally? Have at it.
Putting that aside: we, as a community, have no way of knowing whether you're being honest with us. Is your friend really that nice, letting you hack their server? Or is your friend a "friend" and you want to troll them, or did they annoy you at some point in time and you now want to get back at them? What easier way than to ask some infosec profs help you "learn hacking", no?
I'm with the others: if you want to learn about this stuff, do it in a safe and controlled environment. Either sign up for a course, use one of the aforementioned (free) learning providers or run your own lab at home.
2020: Renew RHCE (with EX407), CompTIA CTT+, Autopsy forensics, Applied Purple Teaming (BHIS) All done!
2021: Modern Web-app pen-testing (BHIS), PDSO CDP, Docker DCA, PortSwigger Burp Suite class.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray