Home
Cybersecurity
Pentesting
Getting into a Gameserver
MashedPotatoes
Hey guys, I just started out with pentesting etc. just because I'm interested in it. A good friend of main allowed me to use his minecraft server for pratice and to see if I could gain any acces at all. I have scanned a lot of ports, even found his ssh username trough username enumeration but I'm stuck now. what else can I try because I am very sure bruteforcing the ssh password won't really work, as I'm sure he uses a somewhat secure password. I already tried some metasploit exploits and research on the open OpenSSH ports but wasn't able to get in.
Here is everyting I gathered:
MyFriendsServer.com ---> xxx.xxx.xxx.xxx
Open ports:
PORT STATE SERVICE
80/tcp open http-apache-2
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
8162/tcp open VOTIFIER 2 (minecraft plugin allowing for vote
8163/tcp open VOTIFIER 2 rewards)
10011/tcp open TS3
10022/tcp open ssh
10080/tcp open http/amanda backup-tool
24101/tcp open ssh
25565/tcp open minecraft
30033/tcp open unknown/something TS3 related
OpenSSH - webadmin@MyFriendsServer.com
Operating system (nmap result):
Linux 3.2 - 4.9 (97%)
Linux 3.13 (95%)
Linux 3.16 - 4.6 (94%)
OpenWrt Chaos Calmer 15.05 (Linux 3.18) or Designated Driver (Linux 4.1 or 4.4) (94%)
Linux 2.6.32 (93%)
Linux 2.6.32 - 3.10 (93%)
Linux 3.10 - 4.11 (92%)
Linux 3.13 - 3.16 (92%)
Linux 4.10 (92%)
No exact OS matches for host (test conditions non-ideal).
-----------------------------------------------------------
Network Distance: 10 hops
Find more posts tagged with
help
pentesting
ssh
Comments
Info_Sec_Wannabe
It's hard to say for certain how close you are with this good friend, but are you certain that the IP you are attacking is really his? If not, it may get you a one-way ticket to jail.
May I suggest you to consider other platforms for learning instead such as TryHackMe, HTB and CTFs? These provide guided learning paths for beginners and there are write-ups you can use.
JDMurray
Yeah, you'll get some good pentesting ideas from learning sites like
TryHackMe
,
Hack The Box
, and
Hack.me
. There is also an upcoming webinar on
Preparing for the OSCP Exam
that will be of interest to pentesters.
FluffyBunny
Good points so far. There's also the part where you need to ask "
does this server really belong to my friend?
". If they hired the server from a hosting provider, then no. Plus, the hosting provider will also have a thing or two to say about you using their network to attack this server.
Now, if all of this is on your home network, internally? Have at it.
Putting that aside: we, as a community, have no way of knowing whether you're being honest with us. Is your friend really that nice, letting you hack their server? Or is your friend a "friend" and you want to troll them, or did they annoy you at some point in time and you now want to get back at them? What easier way than to ask some infosec profs help you "learn hacking", no?
I'm with the others: if you want to learn about this stuff, do it in a safe and controlled environment. Either sign up for a course, use one of the aforementioned (free) learning providers or run your own lab at home.
MashedPotatoes
Well I guess I'll start from there but still thank you
JDMurray
You might also have a look in the discussion forums at
The Ethical Hacker Network
.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
