Ok so im basically trying to hack into this site. Ive done nmap, nessus, and nikto scans. Ive even tried using metasploits db_autopwn but i havent had any luck... Heres the nmap output I get...

Not shown: 1676 closed ports, 28 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp FileZilla ftpd 0.9.23 beta
25/tcp open smtp SmarterMail smtpd
26/tcp open smtp SmarterMail smtpd
80/tcp open http Microsoft IIS httpd
110/tcp open pop3 SmarterMail pop3d
143/tcp open imap SmarterMail imapd
443/tcp open https?
1029/tcp open ms-lsa?
3306/tcp open mysql MySQL 5.0.19-nt-log
3389/tcp open microsoft-rdp Microsoft Terminal Service
9999/tcp open http SmarterTools httpd 1.0.1297.29787
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows 2003|XP|2000 (97%)
Aggressive OS guesses: Microsoft Windows Server 2003 SP1 or SP2 (97%), Microsoft Windows Server 2003 SP2 (92%), Microsoft Windows Server 2003 SP1 (92%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows XP Professional SP2 (firewall enabled) (90%), Microsoft Windows 2000 Server SP4 (89%), Microsoft Windows XP Professional SP2 (French) (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 7 hops
Service Info: OS: Windows

The version of abyss that their running is 1.1 but i havent really found a way to exploit it. I tried telnetting on port 9999 and got this...

telnet xxx.xxx.xxx.xx 9999
Trying xxx.xxx.xxx.xx...
Connected to xxx.xxx.xxx.xx.
Escape character is '^]'.


And when I tried to type help it immediately displays this message:


HTTP/1.1 400 Bad Request
Server: SmarterTools/1.0.1297.29787
Date: Fri, 28 Nov 2008 00:00:20 GMT
Content-Length: 1212
Connection: Close

<html>
<head>
<title>Bad Request</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: 8pt;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: 8pt}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>
<body bgcolor="white">

<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>

<h2> <i>HTTP Error 400 - Bad Request.</i> </h2></span>

<hr width=100% size=1 color=silver>

<b>Version Information:</b>&nbsp;SmarterTools Web Server 1.0.1297.29787

</font>

</body>
</html>
Connection closed by foreign host.


Im not really sure how to go about exploiting this server. I guess im just going to try bruteforcing the ftp, smtp, or mysql. Oh and im using linux btw.

you look like your missing some script possibly try and see if you can ping it

you look like your missing some script possibly try and see if you can ping it

Yes I can ping it.

ok, so i figured out why i was getting that error in telnet. Its because i shouldnt be using telnet at all. I just typed in the ip adress in the browser and put a :9999 at the end of it and it brought me to a page which asks me for a site id, a user name and a password. It is titled
SmarterStats Professional Edition 3.2.2539. I tried googling exploits for smarterstats but i havent found any.

ok, so i figured out why i was getting that error in telnet. Its because i shouldnt be using telnet at all. I just typed in the ip adress in the browser and put a :9999 at the end of it and it brought me to a page which asks me for a site id, a user name and a password. It is titled
SmarterStats Professional Edition 3.2.2539. I tried googling exploits for smarterstats but i havent found any.


http://help.smartertools.com/SmarterStats/v3/Topics/General/WhatIsSmarterStats.aspx?p=&lic=

Most of the time, the server itself is patched up pretty tight. You might be better off finding a hole on the site itself, or, if it's shared hosting, finding a hole in another site on that same server.

Oh and im using linux btw.


Ohhh! Wow, man I was about to say how FUCKING HARD YOU FAIL. Good thing I held my tongue, I didn't realize you were using linux.

Ohhh! Wow, man I was about to say how FUCKING HARD YOU FAIL. Good thing I held my tongue, I didn't realize you were using linux.

Hahahah yes, I love linux. Im just kind of new to penetration testing.
I think im just going to try some sql injections when i get home.

Hahahah yes, I love linux. Im just kind of new to penetration testing.


Heh, yeah. I was just givin you a hard time :p. If you want to hack a 'web server', it's always best to try the front door first as Expl0itz said. You go from easiest to most difficult, not backwards.

this is your/ a friends website...*shifty eyes right?

First of, while you're at it, try to use some common accounts/passwords on RDP and MySQL.

First of, while you're at it, try to use some common accounts/passwords on RDP and MySQL.

This. You have no idea how often this works, its ridiculous.