Wednesday, June 23, 2010

Basic Networking and Hacking Commands

-->

Here I am going to tell some useful basics Commands for a Networking on a "Command Prompt"(CMD).
In case you don’t know how to get CMD open , then click on Start, then Run, then type “cmd" without quotes.

Lets start with some simple commands

1) ping :  It sends a message to a computer anywhere on the network/internet, and if the computer is connected you will get a response. If the computer is not connected to the network/internet you wont get a response.

Examples
ping  192.168.1.4  (192.168.1.4 is the IP address is you want to check whether it is connected or not )
or
ping  www.myworld.com 
(www.myworld.com is the website you want to ping, if  you don’t know the IP).

There are many ption with this commands 
ping  /? this help command give more option with description
2) nslookup : This command have different functionalities.  The name nslookup means "name server lookup".
This  is used find Domain Name System (DNS) details, including IP addresses of a particular computer, MX records for a domain and the NS servers of a domain.
 Examples
nslookup  www.google.com 

Server:  mumns4.mtnl.net.in  (This is your nearest DNS server of your service provider with IP address)
Address:  59.185.3.12

Non-authoritative answer:
Name:    google.com           (This is a DNS server name of website you want to know)
Address:  209.85.153.104

Another function of nslookup is to find out mail server and its IP address
Now MX records(Mail eXchange record) is an entry in a DNS database that points to the mail server for that domain.In a small company, the MX record typically directs all e-mail to the same domain. However, a company may handle e-mail using a different domain name,in this case the MX record is configured route to the mail server.

nslookup (enter)
set type=mx (enter)
yahoo.com                
(This command will give you the mail servers IP address of yahoo.com.)

3) tracert : The tracert displays each host that a packet travels through as it tries to reach its destination.
each host is considered as hop you can see how many “hops” from the website you are way with this command:
Example
tracert  209.85.153.104
or
tracert  google.com



4)arp : This command display and modifies the IP to Physical Address translation table used by "Address Resolution Protocol".
Address Resolution Protocol protocol used to obtain a node's physical address. Suppose a node (source) wants to communicate with target node. Source sends arp request with target IP address target responds by sending its physical address.
Examples
arp -a    (Displays current ARP entries table.)

There are many option with this commands 
arp /?   this help command give more option with description.


5)netstat (network statistics): is used  displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics.
Examples
 netstat  -a   (Displays all active TCP connections and the TCP and UDP ports on which the computer is    
               listening).

There are many option with this commands 
netstat   /?   this help command give more option with description.

6) ipconfig :(internet protocol configuration) displays all current TCP/IP network configuration values like IP address ,subnet mask,gateway etc.
Examples 
ipconfig  (display only the IP address, subnet mask and default gateway).
ipconfig  /all  (Display full configuration information including DHCP ,DNS address ,physical address etc.
ipconfig /release   (this will release your IP)
ipconfig /renew     (this will renew your iP)


There are many option with this commands
ipconfig  /?  this help command give more option with description.

7) nbtstat : This command will show you the netbios name of the target.
nbtstat is use to troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses. The nbtstat command removes and corrects preloaded entries.
Examples
 nbtstat  -a  computername  (displays local NetBIOS name table for that computer as well as the MAC
                                                address of the adapter card).
nbtstat -A  < IP address (command performs the same function using a target IP address rather than a
                                               name).
 nbtstat - c (option shows the contents of the NetBIOS name cache, which contains NetBIOS name-to-IP
                    address mappings).
nbtstat -n   (displays the names that have been registered locally on the system by NetBIOS applications
                    such as the server and redirector).
There are many option with this commands
nbtstat /?  this help command give more option with description.


8) net use :  This command connects / disconnects the computer from a shared resources such as other computers, printers and drives, or allow to view the information about current computer connections. In addition, it provides other functionalities as well. Net use is used to display a list of network connection information on shared resources.
If you will use net use command without any parameters, you will retrieves a list of network current connections.

  There are many option with net use see the option in image.The with this bracket [ ] is optional.   





Examples 

net use \\ IP address\IPC$ “” /user:administrator  (this command will allow you to connect to the target
                                                                                       as administrator)

Now if you want to connect to the target and browse the entire C drive, then use this command:
net use K: \computername\C$    (this will create a virtual drive on your “my computer” folder)
  
Note : Keep in mind that this will only works if the target  doesn’t have an administrator password set.
or you will have to provide administrator password within a command.

To hack administrator password of any pc on LAN use "Cain and Abeil" tool (see video of my previous post ) 

  This command makes use of the SMB (server message block) and the NetBios protocol on port 139 or 445. By default, in the basic windows XP configuration, it is enabled. Thus, users can connect and disconnect from shared resources such as computers, printers and drives.


It also connects to the IPC$ (interprocess communication share). This is so called the null session connection, which allows unauthenticated users. The basic use for connecting anonymously is: net use \\ IP address\IPC$ “” /u:””. For example, if this is typed in the command prompt: net use \\192.168.1.101\IPC$ "" /u:"", you would be connecting to the share IPC$ of the network 192.168.1.101 as an anonymous user with blank password. If successfully connected to the target machine, a lot of information can be gathered such as shares, users, groups, registry keys and more. This would provide a hacker with a lot of information about a remote user.

Tuesday, June 15, 2010

HACK any PC on a LAN

In this topic i am going to tell you how to hack a PC on a Local Area Network(LAN).
A LAN is a computer network covering a small physical area, like a home, office, or small groups of buildings, such as a school, or an airport. The whole process of inter connecting computers in such a small physical area is called as Local Networking.
In a Local Networks we can share files, folders, local web server or play game.
we can list all online user in LAN with help of command "net view"


"net view >  pclist.txt"  Command  save list of alive computer name  in a file called pclist.txt inside current directory.
But I will not recommend this method because if any user has chosen Private Network instead of Home Network or  have turned off Network Discovery  then his PC name will not show in the Network.
To discover number of online user in network simply use IP Scanner. There are many free  IP scanner available on internet like  Angry IP Scanner,Advance IP Scanner etc.
you can get Advance IP Scanner from this link
http://www.radmin.com/products/utilities/ipscanner.php

Suppose "arif" is computer name we are using have an IP address 192.168.1.5.
suppose we scanned our Local Area Network, and after scanning our Network we found 10 hosts alive, We are not interested in all of the 10 hosts, rather we are interested in Hacking MANU's computer.
With the help of advance IP  Scanner which resolves the PC name display the corresponding IP address, so after resolving host names of all computer we found a computer named "MANU" and has the IP address 192.168.0.20.
Packet Sniffing tools help you to hack MANU's computer.
Sniffing is the method in which you spy all the network packets, and analyze the network traffics
A packet sniffer, referred as a network monitor or network analyzer, can be used legitimately by a network or system administrator to monitor and troubleshoot network traffic.
But a sniffer can also be used  illegitimately to capture data being transmitted on a network.
Hackers use these tools to steal data flown across the network, hackers can capture all the packets transmitted through the network, and analyze the contents. Sniffers can log the Email user-name and passwords, Cpanel Passwords, Bank passwords etc some famous sniffing tools are Cain and Abel, Ettercap, Wireshark, Ethereal etc, these softwares are availabe to download on internet, and all these are freeware. 
just search from Google you will get many sniffing tools.To get "cain and abel" tool click on this link  http://www.oxid.it/cain.html
we not only hack MANU's PC but also monitor internet activity like which site she often visits etc. 
with help of "Cain and Abel" from Oxid.it which has several good features like Sniffing, Arp poisoning, MITM, Hash Cracking(Dictionary + Rainbow Table) Windows NTLM password cracking etc. 

To understand features of "cain and abel" tool look at this video

http://www.youtube.com/watch?v=tMNPjMsjpfQ

we can monitore few sites which MANU's visits, and may be we can get user-name and password of some sites, but we will have a problem in Hacking MANU's Hot mail, Yahoo, Facebook etc, and that is because Cain and Abel does not sniff packets sent over Secure Sockets Layer(SSL).

We can still sniff SSL packets by using some other tools, the best tool i would recommend  you is Ettercap, It is also available for Unix system.To understand features of Ettercap watch this video (size 317mb )
http://infinityexists.com/2008/08/03/episode-20-ettercap/

if this Dose not work find open ports in MANU's PC, then Enumerate the Service, find vulnerable service, Exploiting Vulnerable service, Privilege escalation.see next post.

Monday, May 17, 2010

Port in Computer


-->
      On computer and telecommunication devices, a port is generally a specific  physical connection to some other devices, usually with a socket and plug of some kind. Typically, a personal computer is provided with one or more serial ports and one parallel port. The serial port supports sequential, one bit-at-a-time transmission to peripheral devices such as scanners and the parallel port supports multiple-bit-at-a-time transmission to devices such as printers.
  In programming, a port is a "logical connecting place" and specifically, the protocols of the Transport Layer of the Internet Protocol Suite(like TCP/UDP) uses a numerical identifier of the endpoints for host-to-host communications. Such an endpoint is known as a port and the identifier is the port number.
Higher-level applications that use TCP/IP such as the Web protocol, Hypertext Transfer Protocol, have ports with preassigned numbers. These are known as "well-known ports" that have been assigned by the Internet Assigned Numbers Authority (IANA). Other application processes are given port numbers dynamically for each connection. When a service (server program) initially is started, it is said to bind to its designated port number. As any client program wants to use that server, it also must request to bind to the designated port number. Port numbers are from 0 to 65535.
Ports 0 to 1024 are reserved for use by certain privileged services. For the HTTP service, port 80 is defined as a default and it does not have to be specified in the Uniform Resource Locator (URL).
Ports 1024 to 49151 are registered ports that companies and other users register with the Internet Corporation for Assigned Names and Numbers (ICANN) for use by the applications that communicate using the Internet's Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP).
Ports 49151 to 65535 Besides the well-known port numbers and the registered port numbers, the remaining ports in the port number spectrum are referred to as dynamic ports or private ports.
Before the arrival of ICANN, the port numbers were administered by the Internet Internet Assigned Numbers Authority (IANA).
Official: Port/application combination is registered with IANA .
Unofficial: Port/application combination is not registered with IANA.
Conflict Port: is in use for multiple applications.
If you want to know the port number for a specific web service (program), look here:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Sunday, March 14, 2010

The MAC Addressing And Spoofing

      The MAC address is "Media Access Control " address which is the unique identifier assigned to network interface cards(NICs) by the manufacturer for the purpose of identification. It may also known as an Ethernet Hardware Address, Adapter Address or Hardware Address.
MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following two formats:
MM:MM:MM:SS:SS:SS

MM-MM-MM-SS-SS-SS
The first half of a MAC address contains the ID number of the adapter manufacturer. These IDs are regulated by an Internet standards body. The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer.
In the example,
00:A0:C9:29:B8:36
The prefix 00A0C9 indicates the manufacturer is Intel Corporation.

MAC Spoofing is a technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control list on servers or routers either hiding a computer on a network or allowing it to impersonate another computer.
MAC spoofing is the activity of altering the MAC address of network cards .
In windows change of MAC address can be change by editing the registry or via "My Network Places" . To change the MAC address via Network Places
go to properties of "local Area Connection", press configure.. button then go to advance tag
In advance tag select Local Administrative Address ,
select value radio button and insert any MAC address you want.
To alter the MAC via the registry, open the Windows Registry Editor and change the appropriate values.
The value " NetworkAddress" is located in a subkey under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}.