It's not called H A C K I N G -------------------------------------->>> It's EXTENDED ACCESS: HACKING LESSON 12

A Basic Approach - Attacking a Remote Computer

In this lesson we will try to explain the following topics------

1).Basic commands through which the hackers get into your system.

2).The necessary tools used for this purpose.

3).Some tips and tricks.

4).A little description about Trojans, etc…

We will also try to explain how to catch someone who is trying to get into your system…..

Let us first start with the commands…..

1).NETBIOS - NetBIOS (Network Basic Input/Output System) is a program that allows applications on different computers to communicate within a local area network (LAN).

NetBIOS provides two communication modes: session or datagram. Session mode lets two computers establish a connection for a "conversation," allows larger messages to be handled, and provides error detection and recovery. Datagram mode is "connectionless" (each message is sent independently), messages must be smaller, and the application is responsible for error detection and recovery.

2).NBTSTAT - Nbtstat is designed to help troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.

The nbtstat command removes and corrects preloaded entries using a number of case-sensitive switches. The nbtstat - a <name> command performs a NetBIOS adapter status command on the computer name specified by < name> . The adapter status command returns the local NetBIOS name table for that computer as well as the MAC address of the adapter card. The nbtstat -A < IP address > command performs the same function using a target IP address rather than a name.

3).NET VIEW - The NET VIEW command displays a list of computers in the specified workgroup, or shared resources available on the specified computer.

4).NET USE - Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections.

5).NETSTAT - Netstat provides statistics for the following:

Proto - The name of the protocol ((TCP or UDP).

Local Address - The IP address of the local computer and the port number being used. The name of the local computer that corresponds to the IP address and the name of the port is shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).

Foreign Address - The IP address and port number of the remote computer to which the socket is connected. The names that corresponds to the IP address and the port are shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).

State - Indicates the state of a TCP connection. The possible states are as follows: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, and TIME_WAIT.

For all these commands you need to have the IP address of the target computer. Also, you can try all these commands on your own IP address.

Let’s see how NBTSTAT works---

Open command prompt and type NBTSTAT /?, this will show the help for using this command (Note: /? Applies for all other commands also)

If I have the ip address xxx.xxx.xx.x

nbtstat –A xxx.xxx.xx.x

This will give the NetBIOS Remote Machine Name Table.

In front of every name you will see some numbers written like this <20>, <03>….These numbers tells the status of the remote computer. <20> signifies that the target computer’s file and printer sharing is on.

Once we have this information the next step is to use the command net view……..

Net view \\xxx.xxx.xx.x

This will give the name of shared resources, like My Documents, Temp folder, etc…

The final command required now is Net Use. This command will connect you to the target computers shared resources i.e. my documents, temp folder, etc.

This process is called the NETBIOS attack.

12 comments:

Anonymous said...: When I used netstat -n command, sometimes it was showing many connections to many forein addresses
and the status was FIN_WAIT or TIME_WAIT.
Why is this so?

Also, what does <03>,<1E>,<00> signify? What are these numbers?

- amitshirsath1602@gmail.com; 14 May, 2007
$ said...: If u are only connected to internet and u r not performing any activities then these foreign addressews are of the service provider (ISP).....(Wait for the next part of the chapter these things will be explained in details).....

<03>, <1E>, etc are the Hex numbers which gives us the information about the different services...like-
<03> - Messenger Service
<1E> - Browser Service
<20> - File Server Service, etc....; 14 May, 2007
Rahul said...: plz send me the details to rahuljgd@gmail.com; 16 May, 2007
shyam_rocks said...: When I am using the command

nbtstat-A XX.XX.XX.XX

it is showing my adapter address etc..So what is the problem...; 16 May, 2007
$ said...: Didnt get u dude....jst send us the screen shot of what u r getting then we will be in a better condition to explain u.....; 16 May, 2007
RAHUL said...: WHEN I TYPE NBTSTAT -A XXX.XXX.XX.X
IT SHOWS HOST NOT FOUND
WATS THE PROBLEM OR U SHALL SUGGEST ME PROPER SOFTWARES TO TRACK IP N HELP ME; 19 May, 2007
$ said...: swapnil........

First of all this command is not to trace IP....this command traces the resources for a particular IP.....

Host not found means that either system is not connected to net or the IP is wrong.; 19 May, 2007
RAHUL said...: tell me for softwares to trace ip i m having visual ip trace,x-net proffestional n some other but plz guide me to some particular software; 21 May, 2007
$ said...: Swapnil.....
First of all tell us what exactly do u mean by saying tracing IP----

1). Do u want to trace a particular IP i.e. from where (location) it generated.

2). Or u want to know a particular IP address....

For (1) there are many softwares available on net and most of them are gud.; 22 May, 2007
RAHUL said...: i want to know ip addresses of my friends computers(for trail) but dont how,i m having super scaner-v4.0,hillyheights ip tracker,visual route 2007,x-net proffestional,brutus ate,prtracker,are they useful for tracking ip they also tracks ip but i m not getting it.i want ip address for to try netbios attack n to get into the target computers file n all,that superscanner also asks for ip address in the begening.u plz guide me with this how to get ip address.i want ip addresses of my friends computers or any other computers which r on net suppose i m chating to someone on yahoo messenger so can i get his ip and then i can go for netbios attack,also the first procedure for breaking security that tcp scaning,syn packet data sending n echo request,i hav tried those with super scanner i found yesterday 4 machines but i didnt find their ip.guide me

my email is sifi_smarty4u@yahoo.com; 22 May, 2007
Anonymous said...: NICE STUFF
SEND ME DETAILS TO
dnyaneshgawade@yahoo.co.in; 22 May, 2007
Anonymous said...: after net view comand,i got an error ie "system error 53 has occured" and so the result came as
"the network path was not found"
PL tell me the solution

Nisarg "nisarg900@yahoo.co.in"; 25 May, 2007

It's not called H A C K I N G -------------------------------------->>> It's EXTENDED ACCESS

HACKING LESSON 12

12 comments:

IMPORTANT

Topics