Open source software security

Opening Ports on Win9x/Me

30 November -0001
The first point I should make in this article is that its for newbies. By newbies I mean people with relatively little experience with computers and using a windows machine. Why in the hell write an article about using windows? Well, I have to use one at work, no choice, and since I work 11 hours a day that leaves me little time to play on my SUSE box at home. That said...

Understanding network protocols is one of the most essential skills a hacker can have. Understanding network ports and communication enhances not just black hat hacking, but any sort of hacking, or computer use for that matter. Yes, THAT is why there are so many articles on understanding TCP/IP, etc, out there.

Ok, so what do I mean by network protocols? Well, you've got a lot of different methods that computers use to communicate. A protocol, is, very simplistically described, a platform independent language that computers use to speak to each other. Basically, if I open up an FTP session to your computer, my computer comes along and says 'hello' in FTP (file transfer protocol). Now, if your computer has that port open (21) it will basically say 'hello' back and the computers will begin talking. If your computer is not running FTP I'll get some sort of error message. Now, the theory of packets and wrapping has all been pretty well explained in previous articles so I'm going to skip that part.

So basically I haven't helped you out at all. Now you understand that a protocol is a sort of language, and that there are many of these languages available on your computer. What you need to do to understand, I mean truly learn, any of this though, is get your computer to start working with these protocols. "But wait, I'm on a lame win x box, I can't do that." Wrong my friends, my win 98 box at work runs with a port open for: telnet, finger, whois, smtp, pop, ftp, http (yes, if you direct your browser to my IP address it'll serve up a neat little web page), and of course a port for napster (I'm a security incident waiting to happen basically :). Ok, so what does that mean? Well, basically if you telnet to my IP on port 25, my mail server will pop up and let you spoof mail off my box. Or, if you direct, say CuteFTP to my IP you can access my mp3 playlist and some of my cold fusion files.

At this point what you need to do is set up your own services using these ports. This will be EXTREMELY useful for learning. In order to open ports on your computer you're going to need to install servers. These are programs that when started will initiate services that will open your ports and handle requests to the open ports. Basically when you install, say, a web server, requests to your port 80 will be recognized and passed to your web server software. This software will then determine communications with the requests (a web server will direct requests to a default page and spew back a string of html to the requesting computer, thus generating a web page). Getting your own services up and running will give you a very good idea of how servers operate and how the various protocols that operate on the internet look from the backr end. All of this is pretty easy to do.

The first thing you need to do is go to http://www.davecentral.com, a great clearinghouse site of free stuff. Make sure to only download the programs labeled 'freeware' as you won't run into any annoying licenses. The two easiest ports to open up for you are going to be FTP(file transfer protocol - 21) and HTTP(hyper text transfer protocol - 80). I would recommend using War FTP daemon for FTP. It is very easy to install and get operating. Also, having an ftp server on your desktop is nice for transferring files. VqServer would be my recommendation for a freeware HTTP server. The only hitch with this one is that you have to install the Java on your computer. I won't get into why you should have it already, just know that its really simple to download from www.microsoft.com, and it installs itself easily. With these two tools running you can get a good sense of what servers do, and the file architecture they use.

Download WarFTP and install it by unzipping it and clicking on the install.exe file. Its pretty self-explanatory from there. After you set up War FTP (make sure you start the service, you have to direct your computer to do this, either manually or on start up) try doing some file transfer. Use whatever FTP program you have or download one from DaveCentral. Alternatively you can use the FTP available at a MS-DOS prompt. Simply open a MS-DOS session and type in ftp 127.0.0.1 and you'll connect to your own machine. You can also ftp to your IP address (find it by typing ipconfig at a DOS prompt, remember, if you're using a dial-up you most likely have a dynamically assigned IP address that will change every time you dial up) if you don't want to use the default local. Move some files around and figure out how its done, then call your friend and tell them they can ftp to you now (good for sending/receiving big files that won't fit as a attachments in e-mail, I'll let you use your imagination on what those could be). Next set up your web server.

Once you've set up VqServer (the installation is self explanatory, just unzip the program and its got an installer) you can host your own website. Vq is really cool because it's Java based. Open up the index.html file in the vqserver folder, view the source code in notepad and change stuff. Once that is done open up a browser and type in http://127.0.0.1 or your IP address and it'll boot you to your homepage (index.html or whatever else you specify as the default). Once this is done, post up a bunch of porn and call your friend and tell 'em to head over to your website. Nobody can edit your site for content but you!

After you've got these two ports open you're on your way to understanding a lot. Not only will you then understand how site hosts like geocities work (you ftp to your root web directory), but you'll also understand some of the inherent vulnerabilities of these services. The next ports I would recommend trying to open are smtp and pop. To do this you'll need to get a mail server running. This, however, can be a headache on Win 98 and I don't have any recommendations of good freeware to use. You will need to set up both smtp (the port/protocol that handles outbound e-mails, port 25) and pop (the service for incoming mail, port 110). If you can get your hands on a windows NT service pack 4 with smtp services in the IIS you can set up your mail service rather easily. By right clicking on the smtp icon in IIS and selecting properties you can even allow anonymous mail relay (keep in mind you will have to select the property to allow anonymous access AND the option to allow mail relay).

Once you've got all of this running on your own computer you can port scan yourself and get a good idea of how its done. Trying to crack your own box is useful for learning and won't get you in trouble. To get a vague idea of how this is done, port scan yourself, note which ports are open, then try connecting to those ports and try getting them to tell you what services they're running. Once you know this, head online and look for exploits/security holes in these services that you can use to crack them. The more ports you can get working on your computer the more exploits you can attempt. Enjoy.