|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 45
Members: 0
Total: 45
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Exploiting the Hosts over the network [With Picture] |
|
Posted: Wed Feb 27, 2008 8:51 pm |
|
|
F4r4Zm0In |
Active user |
|
|
Joined: Feb 17, 2008 |
Posts: 30 |
|
|
|
|
|
|
|
May be this tutorial is helpful for N00bs
This article is not meant for advanced users
because you may be already knowing this
but it may be helpful for the beginners
well, its time to exploit the network
yes i am talking about the lan [Local Area Network]
lets start:
1: click start>run>cmd>type ipconfig
then you will be seeing a picture like this one :
now, from the picture we can easily know what our "ip address" is
if in this case our ip address is "117.197.48.112"
then obviously the ip addresses of other peoples on the network must be similar to this one
yeah, the only thing which is different is the last part.
i mean [112]
now, our job now is to find a system that has file and printer sharing enabled
but first we have to find some live hosts
lets try:
now to find live hosts what we did is:
we start pinging systems by changing the last part [112]
and here is what we have got:
yea, we got ping response because our machine is still active LOL :d
Now, we dont want to exploit our own system so its time to ping some one else :
lets start pinging randomly:
117.197.48.112 [Owr own machine, which we already pinged]
117.197.48.111
117.197.48.110
117.197.48.109
................................. and so on.
in the first attempt we tried pinging 117.197.48.111 and our ping failed
in the second attempt we tried pinging 117.197.48.100 and got "Success"
now simply click on start>run>type \\117.197.48.100
Now hit Enter button.
and here is what we have got
Now, we can copy, edit, or even delete the stuff from that machine
In this exploit we got success at the second attempt because the machine is having "file and printer sharing enabled" option checked!
sometimes it happens that we got ping response, but Still can't explore the host over the network [and got some nasty errors while trying to exploit]
because the machine is most probably having "file and printer sharing enabled" option Unchecked!
or it may be behind the firewall!
All it depend on your day!
So its better that you try your luck. |
|
|
|
|
|
|
|
|
Posted: Wed Feb 27, 2008 9:29 pm |
|
|
Tom |
Regular user |
|
|
Joined: Feb 11, 2008 |
Posts: 10 |
|
|
|
|
|
|
|
Nice tut for Noobs.
|
|
|
|
|
Posted: Thu Feb 28, 2008 2:17 pm |
|
|
F4r4Zm0In |
Active user |
|
|
Joined: Feb 17, 2008 |
Posts: 30 |
|
|
|
|
|
|
|
Tom wrote: | Nice tut for Noobs.
|
Yeah! I wrote this one while keeping the n00bs in Mind |
|
|
|
|
Posted: Fri Feb 29, 2008 5:50 am |
|
|
hunter |
Regular user |
|
|
Joined: Feb 24, 2008 |
Posts: 7 |
|
|
|
|
|
|
|
MORE TUTS PLZ !
hacking servers would be good
no luck yet, i guess not many ppl have pritner file sharing on?
also if i pinged one that worked...i would get "a device on your comptuer is not functioning" or something.
im on vista. |
|
|
|
|
Posted: Fri Feb 29, 2008 7:25 am |
|
|
F4r4Zm0In |
Active user |
|
|
Joined: Feb 17, 2008 |
Posts: 30 |
|
|
|
|
|
|
|
hunter wrote: | MORE TUTS PLZ !
hacking servers would be good
no luck yet, i guess not many ppl have pritner file sharing on?
also if i pinged one that worked...i would get "a device on your comptuer is not functioning" or something.
im on vista. |
I will post more soon,
whenever i found spare time to write |
|
|
|
|
|
F4r4Zm0In |
|
Posted: Fri Feb 29, 2008 9:08 am |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
F4r4Zm0In ,
i dont want to sound crawl or anything but having access into share files is NOT hacking ...
nice effort though ...
i will try to extend it a bit to make it more interesting..
well ..
some basic commands are :
nbtstat
nbtstat display protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
usage nbtstat -a ip
article on nbtstat
http://articles.techrepublic.com.com/5100-1035-1058328.html
Beyond that you can play with null sessions :
A null session can be created by using the Windows net program to map a connection using a blank username and password. On Windows systems that are vulnerable, you simply have to enter:
net use \\ip_address\ipc$ "" "/user:" at a Windows command prompt.
This was a vulnerability of windows 2000 that could create a connection with no user or pass with enough priviledges to have access to network pcs and with programs such as Winfo, Walksam, certain Windows Resource Kit tools and even the net program that's built into Windows to glean tons of information off a Windows system
In windows xp now they decided to protect that resource but the still left the null sessions . So some not so well configured boxes could allow null sessions as well.
Nice tools to use for USER ENUMERATION and more..
autoscan:
http://autoscan-network.com/
cain and abel
http://www.oxid.it/cain.html
-
-
-
and 100000 more |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
Re: F4r4Zm0In |
|
Posted: Fri Feb 29, 2008 2:47 pm |
|
|
F4r4Zm0In |
Active user |
|
|
Joined: Feb 17, 2008 |
Posts: 30 |
|
|
|
|
|
|
|
ToXiC wrote: | F4r4Zm0In ,
i dont want to sound crawl or anything but having access into share files is NOT hacking ...
nice effort though ...
i will try to extend it a bit to make it more interesting..
well ..
some basic commands are :
nbtstat
nbtstat display protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
usage nbtstat -a ip
article on nbtstat
http://articles.techrepublic.com.com/5100-1035-1058328.html
Beyond that you can play with null sessions :
A null session can be created by using the Windows net program to map a connection using a blank username and password. On Windows systems that are vulnerable, you simply have to enter:
net use \\ip_address\ipc$ "" "/user:" at a Windows command prompt.
This was a vulnerability of windows 2000 that could create a connection with no user or pass with enough priviledges to have access to network pcs and with programs such as Winfo, Walksam, certain Windows Resource Kit tools and even the net program that's built into Windows to glean tons of information off a Windows system
In windows xp now they decided to protect that resource but the still left the null sessions . So some not so well configured boxes could allow null sessions as well.
Nice tools to use for USER ENUMERATION and more..
autoscan:
http://autoscan-network.com/
cain and abel
http://www.oxid.it/cain.html
-
-
-
and 100000 more |
Thanks for adding extra $ valuable information |
|
|
|
|
|
|
|
|
Posted: Sun May 18, 2008 3:18 pm |
|
|
Kazuma |
Beginner |
|
|
Joined: May 17, 2008 |
Posts: 3 |
Location: Zwollywood |
|
|
|
|
|
|
You could have easy walked over to your roommates computer to avoid all the hassle with typing all those internal IP's
Outside your (V)LAN this would be hard to find since most routers have NAT disabled for these ports (samba sharing?).
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|