This will be a brief explanation of types of protocols used. Commonly there are three types of protocols which are TCP, UDP and ICMP. TCP is a "connection-oriented protocol" and guaranteed while on the other hand UDP is "connectionless" and not guaranteed.
ICMP uses two types of message types which are Echo Request and Echo Reply.
Servers that accept incoming traffic must be placed on the DMZ network. DMZ stands for "Demilitarized Zone" and keeps incoming traffic secured.
Most of the ports are confined from the firewall side and safe-guard incoming traffic. Ports like 22, 23, 25 can be blocked but there is also a mean on how to redirect traffic.
For example, if port 25 is internally blocked, a sophisticated user can set up a mail server from the outside and send e-mail messages using another different port. In addition, changing to different ports from using the pre-defined ones can prevent hackers to enter your system and this will make the environement ground more safer and secured.
Until next time,
DarkSolo.
Friday, December 26, 2008
Thursday, December 25, 2008
Firewall Explained
In this article, I will teach you how a firewall acts and what it guards within the network environment. So let's get started...
What is a Firewall?
A firewall governs the traffic between at least two networks. Firewalls are commonly altered using UNIX systems but even on Windows platforms, MAC and OS/2 OS's all function well. A well known firewall known as Checkpoint Firewall-1 is a highly secured commercial product and CISCO pix are currently keeping in touch with it.
A Packet Filtering Firewall asks as a filter and not allowing every packet being passed from it without certain settings being set beforehand. A Packet can get accepted, dropped or rejected. When a packet gets accepted, that's not a problem at all. If a packet gets dropped it will take more time to scan for open ports and rejected means it does not accept the packet but sends an ackowledgement back to the sender. The Packet Filtering Firewall oversees five chracteristics in order to accept a packet frame from thr sender which are:
IP of the Destination
Port of the Destination
IP of the Source
Port of the Source
IP Protocol (TCP/UDP)
We can say that a router can act as a firewall and is found at the third Layer of the OSI model which is the Network Layer. Also, certain rules are applied to the firewall to prevent the network from malicious attacks and Denial of Service attacks (DoS attacks).
As an enhancement over the common firewall a newer firewall came to hand called "stateful inspection engine". Basically, it remembers the connection of a conversation between two hosts and only examines the first packet of it.
What is an Application Proxy Firewall?
A packet is sent to the firewall and stopped to be examined and compared to the rules of the router. If they match, the packet is destroyed and re-created into a new data frame. This will make the TCP/IP Protocol Suite much more secured then the Packet Filtering Firewall. The disadvantage is that a Proxy-Application has to be coded for each program. For instance, a Web Application Proxy needs to have a HTTP Proxy, an FTP Application needs to have an FTP Proxy, a Gopher Proxy needs to have a Gopher Proxy etc. The Application Proxy Firewall operates at the seventh Layer of the OSI Model, which is the Applcation Layer.
What is an Application Gateway Firewall?
An Application Gateway Firewall also operates at the seventh Layer and is used to connect to a server from a server before it. Therefore, to telnet to a server and then telnet again from it to another server that is located outside the network.
What is a SOCKS Firewall?
Socks Firewall makes part of the Application Proxy Firewall mentioned earlier. These types of firewalls differ by modified every system in your internal network to communicate with external networks. On Windows or an OS/2 system this can be easily done by swapping some DDL files.
Until next time,
DarkSolo
What is a Firewall?
A firewall governs the traffic between at least two networks. Firewalls are commonly altered using UNIX systems but even on Windows platforms, MAC and OS/2 OS's all function well. A well known firewall known as Checkpoint Firewall-1 is a highly secured commercial product and CISCO pix are currently keeping in touch with it.
A Packet Filtering Firewall asks as a filter and not allowing every packet being passed from it without certain settings being set beforehand. A Packet can get accepted, dropped or rejected. When a packet gets accepted, that's not a problem at all. If a packet gets dropped it will take more time to scan for open ports and rejected means it does not accept the packet but sends an ackowledgement back to the sender. The Packet Filtering Firewall oversees five chracteristics in order to accept a packet frame from thr sender which are:
IP of the Destination
Port of the Destination
IP of the Source
Port of the Source
IP Protocol (TCP/UDP)
We can say that a router can act as a firewall and is found at the third Layer of the OSI model which is the Network Layer. Also, certain rules are applied to the firewall to prevent the network from malicious attacks and Denial of Service attacks (DoS attacks).
As an enhancement over the common firewall a newer firewall came to hand called "stateful inspection engine". Basically, it remembers the connection of a conversation between two hosts and only examines the first packet of it.
What is an Application Proxy Firewall?
A packet is sent to the firewall and stopped to be examined and compared to the rules of the router. If they match, the packet is destroyed and re-created into a new data frame. This will make the TCP/IP Protocol Suite much more secured then the Packet Filtering Firewall. The disadvantage is that a Proxy-Application has to be coded for each program. For instance, a Web Application Proxy needs to have a HTTP Proxy, an FTP Application needs to have an FTP Proxy, a Gopher Proxy needs to have a Gopher Proxy etc. The Application Proxy Firewall operates at the seventh Layer of the OSI Model, which is the Applcation Layer.
What is an Application Gateway Firewall?
An Application Gateway Firewall also operates at the seventh Layer and is used to connect to a server from a server before it. Therefore, to telnet to a server and then telnet again from it to another server that is located outside the network.
What is a SOCKS Firewall?
Socks Firewall makes part of the Application Proxy Firewall mentioned earlier. These types of firewalls differ by modified every system in your internal network to communicate with external networks. On Windows or an OS/2 system this can be easily done by swapping some DDL files.
Until next time,
DarkSolo
Wednesday, December 24, 2008
Doorway Pages Expained
What are Doorway Pages?
Doorway Pages trick the users and by cheating in Search Engines and showing a false wesbite by redirecting visitors to another wesbite. Keywords are stuffed into META tags to take advantage over the other pages in the Search Engine. Doorway Pages are commonly known as Jump Pages, Zebra Pages, Portal Pages, Bridge Pages, Entry Pages, Gateway Pages and others.
In other words, they spamindex the Search Engines. Doorway Pages can be sometimes slow and irritating, taking much loading time and getting the visitor frastrated enough to lose temper and leaves the site. Doorway Pages use some type of cloaking method.
How do Doorway Pages work?
When a visitor types keywords in a Search Engine, it will automatically come up with results related to the keywords typed in by the visitor him/her self. Therefore, they use high ranking keywords to achieve a high ranking in Search Engines and use the META refresh command to fastly redirect the visitor into another website automatically without the user intention to do so.
This is done by using some type of Scripting language such as Javascript which is Client Sided or any Server Sided script such as PHP or Perl that can generate a dynamic webpage everytime a visitor visits the webpage. Redirection can be set either from the .htaccess file or else from the Server Configuration File.
The scope of using a Doorway Page is for the Search Engines and not for the visitors. Somtimes, a doorway page copies another website that already has a high ranking in the Search Engines and steals its identity to portrait a new website and take over it. This is called cloaking.
What is Cloaking?
Cloaking websites have to be Search Engine Friendly (SEF) as by graphical means and also by navigating means or else it will get banned from the index for an undisclosed amount of time. These types of sites can easily be identified by their IP address and/or User Agent whether it's a visitor or a bot. The show a site to the visitor but a different one to the Web Crawler by using Server Side Scripts.
Since the META refresh command can't be used with certain Search Engines and can often fine you with a penalty, Javascript is used, or else by displaying false hyper links with keywords out of scope on the subject and redirected to the site at ease.
What are Content Rich Doorway pages?
Content Rich Doorway pages are more sophisticated doorway pages and make their way to the top in Search Engines without using any means of redirection. In these types of pages, visitors are placed with links to take them to another page. They need to be human-friendly and having a pleasant appearance.
Most of the pages found online are Content Rich Pages and are redirected either to Maximize SEO campaigns or by increasing Pay-Per-Click compaigns.
Until next time,
DarkSolo
Doorway Pages trick the users and by cheating in Search Engines and showing a false wesbite by redirecting visitors to another wesbite. Keywords are stuffed into META tags to take advantage over the other pages in the Search Engine. Doorway Pages are commonly known as Jump Pages, Zebra Pages, Portal Pages, Bridge Pages, Entry Pages, Gateway Pages and others.
In other words, they spamindex the Search Engines. Doorway Pages can be sometimes slow and irritating, taking much loading time and getting the visitor frastrated enough to lose temper and leaves the site. Doorway Pages use some type of cloaking method.
How do Doorway Pages work?
When a visitor types keywords in a Search Engine, it will automatically come up with results related to the keywords typed in by the visitor him/her self. Therefore, they use high ranking keywords to achieve a high ranking in Search Engines and use the META refresh command to fastly redirect the visitor into another website automatically without the user intention to do so.
This is done by using some type of Scripting language such as Javascript which is Client Sided or any Server Sided script such as PHP or Perl that can generate a dynamic webpage everytime a visitor visits the webpage. Redirection can be set either from the .htaccess file or else from the Server Configuration File.
The scope of using a Doorway Page is for the Search Engines and not for the visitors. Somtimes, a doorway page copies another website that already has a high ranking in the Search Engines and steals its identity to portrait a new website and take over it. This is called cloaking.
What is Cloaking?
Cloaking websites have to be Search Engine Friendly (SEF) as by graphical means and also by navigating means or else it will get banned from the index for an undisclosed amount of time. These types of sites can easily be identified by their IP address and/or User Agent whether it's a visitor or a bot. The show a site to the visitor but a different one to the Web Crawler by using Server Side Scripts.
Since the META refresh command can't be used with certain Search Engines and can often fine you with a penalty, Javascript is used, or else by displaying false hyper links with keywords out of scope on the subject and redirected to the site at ease.
What are Content Rich Doorway pages?
Content Rich Doorway pages are more sophisticated doorway pages and make their way to the top in Search Engines without using any means of redirection. In these types of pages, visitors are placed with links to take them to another page. They need to be human-friendly and having a pleasant appearance.
Most of the pages found online are Content Rich Pages and are redirected either to Maximize SEO campaigns or by increasing Pay-Per-Click compaigns.
Until next time,
DarkSolo
Tuesday, December 23, 2008
Port Scanning Explained
<<-- Port Scanning -->>
What is a Port Scanner?
A Port Scanner is an application that scans specific or a range of ports to determine which are open, closed or filtered. We can compare this anology as having a door to each room. Every serivce (application) running on the system has a predefined port number assigned to it. The door will be the port number and the room will be the application. Someone can "portsweep" for multiple hosts and determine which port is listening on a specific service. For example, one can portsweep Port 80 to discover web browsing flaws. A light port scan will make a scan more quickly than a full scan.
Port Scanning can be an illegal action in certain countries. Most system administrators checks the logs as a daily routine to determine whether there has been an attempt. I would suggest that you sign a contract between you and the person you've going to port scan as you don't want to get into trouble.
Ports come in two different flavours: The TCP (Transmission Control Protocol) and UDP (Userdatagram Protocol). TCP can be described as "connection oriented" whilst UDP is "connectionless". They both rely on the protocol stack where today it is commonly known as "TCP/IP" stack.
There are a total of 65536 ports available and are assosiated by the (Internet Assigned Numbers Authority) IANA.
Since UDP is an unreliable port it will require more time to scan than TCP.
Some Port Scanners will just tell you which ports are open and closed whilst others will give you a brief explanation on that port and what type of exploit can be attempted with it.
Apart from that, Port Scanners can determine what Operating System you're using and information about that particular service (port).
Two commonly known Port Scanners are nmap and Nessus which are both open source. Originally nmap was designed to scan larger networks, although even single hosts can be scaned also. Nmap makes use of raw IP packets in novel to conlude which hosts are on the network, what services are being offered, Operating System version, types of packets filters/firewalls and more. Nmap can be downloaded freely and is open source. Both command line and Graphical User Interface (GUI) exist. The open source falls under the agreement of the GNU GPL.
Nessus is also a reliable port scanner and can provide certain amount of valuable information. These two are both the best Port Scanners there are out there nowadays.
If you don't want to install a Port Scanner on your system, one can easily use a Web based Port Scanner to scan a system and draws a picture on how it looks at the other side of the Internet. These Web based Port Scanners scan quickly and provide you with the essential information only.
Google for "Web Based Port Scanner" or "free online Port Scanner" to use one.
Until next time,
DarkSolo
What is a Port Scanner?
A Port Scanner is an application that scans specific or a range of ports to determine which are open, closed or filtered. We can compare this anology as having a door to each room. Every serivce (application) running on the system has a predefined port number assigned to it. The door will be the port number and the room will be the application. Someone can "portsweep" for multiple hosts and determine which port is listening on a specific service. For example, one can portsweep Port 80 to discover web browsing flaws. A light port scan will make a scan more quickly than a full scan.
Port Scanning can be an illegal action in certain countries. Most system administrators checks the logs as a daily routine to determine whether there has been an attempt. I would suggest that you sign a contract between you and the person you've going to port scan as you don't want to get into trouble.
Ports come in two different flavours: The TCP (Transmission Control Protocol) and UDP (Userdatagram Protocol). TCP can be described as "connection oriented" whilst UDP is "connectionless". They both rely on the protocol stack where today it is commonly known as "TCP/IP" stack.
There are a total of 65536 ports available and are assosiated by the (Internet Assigned Numbers Authority) IANA.
Since UDP is an unreliable port it will require more time to scan than TCP.
Some Port Scanners will just tell you which ports are open and closed whilst others will give you a brief explanation on that port and what type of exploit can be attempted with it.
Apart from that, Port Scanners can determine what Operating System you're using and information about that particular service (port).
Two commonly known Port Scanners are nmap and Nessus which are both open source. Originally nmap was designed to scan larger networks, although even single hosts can be scaned also. Nmap makes use of raw IP packets in novel to conlude which hosts are on the network, what services are being offered, Operating System version, types of packets filters/firewalls and more. Nmap can be downloaded freely and is open source. Both command line and Graphical User Interface (GUI) exist. The open source falls under the agreement of the GNU GPL.
Nessus is also a reliable port scanner and can provide certain amount of valuable information. These two are both the best Port Scanners there are out there nowadays.
If you don't want to install a Port Scanner on your system, one can easily use a Web based Port Scanner to scan a system and draws a picture on how it looks at the other side of the Internet. These Web based Port Scanners scan quickly and provide you with the essential information only.
Google for "Web Based Port Scanner" or "free online Port Scanner" to use one.
Until next time,
DarkSolo
Sunday, December 21, 2008
IP Address Explanation
<<-- IP Address Explained -->>
In this article, I will be demonstrating how an IP address is assembled. Each machine connected to the Internet has an unique number in order to identity the host, hence this is called an "IP Address". An IP address looks like the one shown below:
216.27.61.137
An IP address normally takes the form of decimal format "dotted decimal number" rather than a binary form. Though computers need to make use of binary form since it can only understand that. The binary form shown below is the same as the IP address written above:
11011000.00011011.00111101.10001001
Each eight bits found in the IP address above is called an "octet". If you add all the four digit numbers together you'll end up with 32, therefore IP addresses are considered to be 32-bit. IN this scenario we are talking about IPv4 addresses. You can have two diffrent states (1 or 0) for every eight bits and therefore written as 2^8 or 256 per octet. Therefore, each octet can have a value between 0 and 255 (since 0 is included also). Combining the four octets and you end up with 2^32 or 4,294,967,296 values which are unique!
As one can see, there is a possible combination of nearly 4.3 billion. Most of these IP address are reserved and can't be used such as the IP address 0.0.0.0 is reserved for the default network and 255.255.255.255 is reserved for broadcasts.
IP addresses are grouped into classes and therefore octets help make this simpler. With this being used, you can split IP address with their own department. Octets are split into two sections: the Net and Host.
The Net is always the first octet and it determines the network a host belongs to. On the other hand, the host, also referred to as Node/Machine determines the computer on the network. The host sections always contains the last octet.
IP addresses are grouped into five different IP classes.
Default Network - The IP address of 0.0.0.0 is used for the default network.
Loopback - The IP address 127.0.0.1 is considered to be the "loopback address" and it's use is it configure your own settings by sending a message to yourself. It is nomrally used to troubleshoot and test your own network (NIC Card).
IP Address Classes
Class A Range 1 - 127 (Reserved for loopback and internal testing)
Net Host or Node
115. 24.53.107
Class B Range 128 - 191
Class C Range 192 - 223
Class D Range 224 - 239 (Reserved for multicast)
Class E Range 240 - 255 (Reserved for experimentation, used for research)
Private Address Space
Class A
10.0.0.0 to 10.255.255.255
Class B
172.16.0.0. to 172.32.255.255
Class C
192.168.0.0 to 192.168.255.255
Default Subnet Masks
Class A
255.0.0.0
Class B
255.255.0.0
Class C
255.255.255.0
Until next time,
DarkSolo
In this article, I will be demonstrating how an IP address is assembled. Each machine connected to the Internet has an unique number in order to identity the host, hence this is called an "IP Address". An IP address looks like the one shown below:
216.27.61.137
An IP address normally takes the form of decimal format "dotted decimal number" rather than a binary form. Though computers need to make use of binary form since it can only understand that. The binary form shown below is the same as the IP address written above:
11011000.00011011.00111101.10001001
Each eight bits found in the IP address above is called an "octet". If you add all the four digit numbers together you'll end up with 32, therefore IP addresses are considered to be 32-bit. IN this scenario we are talking about IPv4 addresses. You can have two diffrent states (1 or 0) for every eight bits and therefore written as 2^8 or 256 per octet. Therefore, each octet can have a value between 0 and 255 (since 0 is included also). Combining the four octets and you end up with 2^32 or 4,294,967,296 values which are unique!
As one can see, there is a possible combination of nearly 4.3 billion. Most of these IP address are reserved and can't be used such as the IP address 0.0.0.0 is reserved for the default network and 255.255.255.255 is reserved for broadcasts.
IP addresses are grouped into classes and therefore octets help make this simpler. With this being used, you can split IP address with their own department. Octets are split into two sections: the Net and Host.
The Net is always the first octet and it determines the network a host belongs to. On the other hand, the host, also referred to as Node/Machine determines the computer on the network. The host sections always contains the last octet.
IP addresses are grouped into five different IP classes.
Default Network - The IP address of 0.0.0.0 is used for the default network.
Loopback - The IP address 127.0.0.1 is considered to be the "loopback address" and it's use is it configure your own settings by sending a message to yourself. It is nomrally used to troubleshoot and test your own network (NIC Card).
IP Address Classes
Class A Range 1 - 127 (Reserved for loopback and internal testing)
Net Host or Node
115. 24.53.107
Class B Range 128 - 191
Class C Range 192 - 223
Class D Range 224 - 239 (Reserved for multicast)
Class E Range 240 - 255 (Reserved for experimentation, used for research)
Private Address Space
Class A
10.0.0.0 to 10.255.255.255
Class B
172.16.0.0. to 172.32.255.255
Class C
192.168.0.0 to 192.168.255.255
Default Subnet Masks
Class A
255.0.0.0
Class B
255.255.0.0
Class C
255.255.255.0
Until next time,
DarkSolo
NetBIOS Exploit Explained
<<-- NetBIOS Attack -->>
Part 1
NetBIOS which stands for "Network Basic Input Output System" allows other nodes on a network to send data to each other over a LAN (Local Area Network). It was released by IBM and later on Microsoft starting adapting it for it's own Operating System. Modern OS's are having NetBIOS Extended User Interface (NetBEUI) installed with them but in order to communicate over a WAN (Wide Are Network) you need to user another type of protocol such as TCP (Transmission Control Protocol) rather than NetBIOS.
When you request from NetBIOS it takes the form of a Network Control Block (NCB) that specifies a message location and a name of the destination.
NetBIOS makes use of the session and transport layers that are found in the OSI (Open Systems Interconnection) model. Though it does not provide a standard frame or frame format for data transmission. NetBEUI takes care in order to capsulate a standard frame.
The communication nodes found in NetBIOS are session or datagram. Session mode provides two nodes on the network to talk with each other and therefore creates a "session". It can handle bulky messages and takes care of error detection and recovery. On the other hand, Datagram mode is "connectionless" which means it uses UDP and the data being transmitted is not guaranteed that it will arrive to the destination. Therefore, the messages must be smaller, sent independently and is also responsible for error detection and recovery. Datagram mode can also send a broadcast message to all the machines connected on the LAN.
Part 2
In this tutorial we will be demonstrating one of the easiest ways hackers manage to gain access to your network infrastructure within minutes. I certainly most of all condemn the acts of a hacker but not opposed of an ethical hacker, one that has to works with the network administrators and aware them to path their systems for leaks and holes.
If you skimmed through Part 1, I strongly recommend that you go back and read that one first to get an idea of what NetBIOS really is. I'll continue stretching my explanation in this tutorial and I'll introduce a new exploit found in the Windows Operating System itself called the "NetBIOS Attack".
NetBIOS was developed by IBM and Sytek as an API (Application Programming Interface) for clients to share information over a LAN (Local Area Network). This commonly works on Windows 9x platforms such as Windows98, Windows Me, Windows NT etc.
Having that said, I have no doubt that you've must have clicked on the "Network Neighborhood" in order to access other nodes on the network. Do you know what happens you tend to click on it? Your machine requests the names of the computers connected to the network (LAN) in combination with NetBIOS. So what NetBIOS actually does is, it gives the names and general information of computers attached to the network. Such information includes:
Name of the Machine
User Name
Domain
Host Name
These are the most vital information that we need. Like any other service, each runs a specific port number, in this case NetBIOS runs either on 139 or 445.
Using the NBTSTAT Command
This is the command found in MSDOS in order to communicate with the NetBIOS. Once you have launched command prompt you will end up with this:
c:\ or c:\windows>
If you get something else written after the C:\ don't worry, just keep reading. It will still work. So, we want to get information about victim's machine so therefore we type the command:
c:\windows>nbtstat -a 255.255.255.255
255.255.255.255 will be used as an example. You end up with the following information about the victim's machine.
NetBIOS Remote Machine Name Table
Name Number Type Usage
==========================================================================
workgroup 00 G Domain Name
my_computer 03 U Messenger Service
myusername 03 U Messenger Service
MAC Address = 00-02-44-14-23-E6
We have the MAC address, we might make use of that piece of information later on. It's written as a string of hexadecimal numbers.
Now, we have the name of NetBIOS session and the type of service it is running.
Types of Attacks
There are two types of attacks that can launched using NetBIOS such as:
1. Reading/Writing to a remote machine
2.Denial of Service (DoS) Attack
To search for a victim we need a port scanner which will aware us what type of Operating System and Services the victim is currently running. A port scanner will scan a given range to track down open ports on the system. A commonly notorious port scanner is "Orge" that will give out NetBIOS names of the remote machine.
You can also download an application called "nbtscan" from http://www.unixwiz.net/tools/nbtscan.html and it will provide you with open netBIOS nameservers.
Believe it or not, as stated already NetBIOS is one of the easiest hack there is. Though, it works with luck. The victim needs to hack "File and Sharing" enabled in order to take revenge over his or her machine.
Now let's suppose that we type:
c:\windows>nbtstat -a 255.255.255.255 and the following table turns up:
NetBIOS Remote Machine Name Table
Name Type Status
------------------------------------------------------------------------------------------------- user <00> UNIQUE Registered workgroup <00> GROUP Registered user <03> UNIQUE Registered user <20> UNIQUE Registered
MAC Address = 00-02-44-14-23-E6
Bingo! The number <20> indicates as a number that the victim has enabled the "File and Printer Sharing" feature.
Note: If <20> doesn't show up, we can conclude that "File and Printer Sharing" is not enabled or if you are prompt with an error message saying "Host Not Found" then port 139 is closed, blocked by some type of firwall or the IP address doesn't exists.
We are nearly up the hill. Now, we need to know what type of files and folders/printers are being shared on the LAN network. There we use the following command:
c:\windows>net view \\255.255.255.255
Let suppose we get the following output
Shared resources at \\255.255.255.255 ComputerNameGoesHere
Share name Type Used as Comment
----------------------------------------------------------------------------------------------- CDISK Disk
The command completed successfully.
Here we know that we have a type of mechanism which is a Disk and assigned with a share name CDISK. To get further information we'll type:
Shared resources at \\255.255.255.255
ComputerNameGoesHere
Share name Type Used as Comment
----------------------------------------------------------------------------------------------- HP-15 Print
Here we know that the Victim has a Printer installed with the sharename Hp-15.
Let's say that the victim has a shared Printer. That's already a huge advantage, since we can print paper remotely without him noticing.
Now that we are equipped with the IP address of the victim, File and Printer Sharing is confirmed enabled and the victim's hard disk's name is CDISK the last step is to connect to it and seek more files and folders.
Therefore, we introduce the NET command.
Let's say that we want our new drive letter to be assigned as x: we can connect using this command:
C:\windows\net use x: \\255.255.255.255\CDISK
Note: X may be replaced with another other letter.
If everything goes well you will finally receive the message: "The command was completed successfully" .
Now all you have to do is double click on "My Computer" and VIOLA!!!
All files and Folders are accessible.
You can alter the files only if you have a certain degree of permissions enabled. You have just created a new drive x: on your computer. You can now enter the victim's hard drive anytime you like, as long you're still remotely connected to it.
<<-- Further Explanation -->>
There are cases where you try and connect to the victim's computer and you are requested for password. It's commonly set as "Administrator" though most of the time they change it to something else. There is a program which will do all the dirty work for you called "PQWAK". All it requires is the IP address and the Sharename of the host and it will decrypt the password hash within seconds.
Note: Passwords will only be cracked if the victim is running one of the following OS's;
Windows 95
Windows 98
Windows Me
<<-- The IPC$ Hidden Share Hack found in Windows NT, 2000, XP -->>
This is used in case the password isn't crackable. It will gain access to the victim's machine just by typing a single string command which will log in as a guest and not act as a password cracker itself. So, it's:
c:\windows\net use x: \\255.255.255.255\ipc$ "" /user:""
This will now actually gain access rights as the one explained above but it will prove useful information such as shared drives, names of user names, users that never logged in etc. Two tools that use this type of method are "Internet Periscope" and "enum" which is basically command line.
If you're lucky enough and have write access permissions you can place files on the hard drive such as keyloggers, trojans etc which will later on open further holes in the OS if the victim is lame enough to double click on the executable files and start the service.
<<-- How to Protect yourself from such an attack -->>
Visit the Microsoft Update's page and let the updates install automatically -
http://windowsupdate.microsoft.com
That's all for now, until then,
DarkSolo
Part 1
NetBIOS which stands for "Network Basic Input Output System" allows other nodes on a network to send data to each other over a LAN (Local Area Network). It was released by IBM and later on Microsoft starting adapting it for it's own Operating System. Modern OS's are having NetBIOS Extended User Interface (NetBEUI) installed with them but in order to communicate over a WAN (Wide Are Network) you need to user another type of protocol such as TCP (Transmission Control Protocol) rather than NetBIOS.
When you request from NetBIOS it takes the form of a Network Control Block (NCB) that specifies a message location and a name of the destination.
NetBIOS makes use of the session and transport layers that are found in the OSI (Open Systems Interconnection) model. Though it does not provide a standard frame or frame format for data transmission. NetBEUI takes care in order to capsulate a standard frame.
The communication nodes found in NetBIOS are session or datagram. Session mode provides two nodes on the network to talk with each other and therefore creates a "session". It can handle bulky messages and takes care of error detection and recovery. On the other hand, Datagram mode is "connectionless" which means it uses UDP and the data being transmitted is not guaranteed that it will arrive to the destination. Therefore, the messages must be smaller, sent independently and is also responsible for error detection and recovery. Datagram mode can also send a broadcast message to all the machines connected on the LAN.
Part 2
In this tutorial we will be demonstrating one of the easiest ways hackers manage to gain access to your network infrastructure within minutes. I certainly most of all condemn the acts of a hacker but not opposed of an ethical hacker, one that has to works with the network administrators and aware them to path their systems for leaks and holes.
If you skimmed through Part 1, I strongly recommend that you go back and read that one first to get an idea of what NetBIOS really is. I'll continue stretching my explanation in this tutorial and I'll introduce a new exploit found in the Windows Operating System itself called the "NetBIOS Attack".
NetBIOS was developed by IBM and Sytek as an API (Application Programming Interface) for clients to share information over a LAN (Local Area Network). This commonly works on Windows 9x platforms such as Windows98, Windows Me, Windows NT etc.
Having that said, I have no doubt that you've must have clicked on the "Network Neighborhood" in order to access other nodes on the network. Do you know what happens you tend to click on it? Your machine requests the names of the computers connected to the network (LAN) in combination with NetBIOS. So what NetBIOS actually does is, it gives the names and general information of computers attached to the network. Such information includes:
Name of the Machine
User Name
Domain
Host Name
These are the most vital information that we need. Like any other service, each runs a specific port number, in this case NetBIOS runs either on 139 or 445.
Using the NBTSTAT Command
This is the command found in MSDOS in order to communicate with the NetBIOS. Once you have launched command prompt you will end up with this:
c:\ or c:\windows>
If you get something else written after the C:\ don't worry, just keep reading. It will still work. So, we want to get information about victim's machine so therefore we type the command:
c:\windows>nbtstat -a 255.255.255.255
255.255.255.255 will be used as an example. You end up with the following information about the victim's machine.
NetBIOS Remote Machine Name Table
Name Number Type Usage
==========================================================================
workgroup 00 G Domain Name
my_computer 03 U Messenger Service
myusername 03 U Messenger Service
MAC Address = 00-02-44-14-23-E6
We have the MAC address, we might make use of that piece of information later on. It's written as a string of hexadecimal numbers.
Now, we have the name of NetBIOS session and the type of service it is running.
Types of Attacks
There are two types of attacks that can launched using NetBIOS such as:
1. Reading/Writing to a remote machine
2.Denial of Service (DoS) Attack
To search for a victim we need a port scanner which will aware us what type of Operating System and Services the victim is currently running. A port scanner will scan a given range to track down open ports on the system. A commonly notorious port scanner is "Orge" that will give out NetBIOS names of the remote machine.
You can also download an application called "nbtscan" from http://www.unixwiz.net/tools/nbtscan.html and it will provide you with open netBIOS nameservers.
Believe it or not, as stated already NetBIOS is one of the easiest hack there is. Though, it works with luck. The victim needs to hack "File and Sharing" enabled in order to take revenge over his or her machine.
Now let's suppose that we type:
c:\windows>nbtstat -a 255.255.255.255 and the following table turns up:
NetBIOS Remote Machine Name Table
Name Type Status
------------------------------------------------------------------------------------------------- user <00> UNIQUE Registered workgroup <00> GROUP Registered user <03> UNIQUE Registered user <20> UNIQUE Registered
MAC Address = 00-02-44-14-23-E6
Bingo! The number <20> indicates as a number that the victim has enabled the "File and Printer Sharing" feature.
Note: If <20> doesn't show up, we can conclude that "File and Printer Sharing" is not enabled or if you are prompt with an error message saying "Host Not Found" then port 139 is closed, blocked by some type of firwall or the IP address doesn't exists.
We are nearly up the hill. Now, we need to know what type of files and folders/printers are being shared on the LAN network. There we use the following command:
c:\windows>net view \\255.255.255.255
Let suppose we get the following output
Shared resources at \\255.255.255.255 ComputerNameGoesHere
Share name Type Used as Comment
----------------------------------------------------------------------------------------------- CDISK Disk
The command completed successfully.
Here we know that we have a type of mechanism which is a Disk and assigned with a share name CDISK. To get further information we'll type:
Shared resources at \\255.255.255.255
ComputerNameGoesHere
Share name Type Used as Comment
----------------------------------------------------------------------------------------------- HP-15 Print
Here we know that the Victim has a Printer installed with the sharename Hp-15.
Let's say that the victim has a shared Printer. That's already a huge advantage, since we can print paper remotely without him noticing.
Now that we are equipped with the IP address of the victim, File and Printer Sharing is confirmed enabled and the victim's hard disk's name is CDISK the last step is to connect to it and seek more files and folders.
Therefore, we introduce the NET command.
Let's say that we want our new drive letter to be assigned as x: we can connect using this command:
C:\windows\net use x: \\255.255.255.255\CDISK
Note: X may be replaced with another other letter.
If everything goes well you will finally receive the message: "The command was completed successfully" .
Now all you have to do is double click on "My Computer" and VIOLA!!!
All files and Folders are accessible.
You can alter the files only if you have a certain degree of permissions enabled. You have just created a new drive x: on your computer. You can now enter the victim's hard drive anytime you like, as long you're still remotely connected to it.
<<-- Further Explanation -->>
There are cases where you try and connect to the victim's computer and you are requested for password. It's commonly set as "Administrator" though most of the time they change it to something else. There is a program which will do all the dirty work for you called "PQWAK". All it requires is the IP address and the Sharename of the host and it will decrypt the password hash within seconds.
Note: Passwords will only be cracked if the victim is running one of the following OS's;
Windows 95
Windows 98
Windows Me
<<-- The IPC$ Hidden Share Hack found in Windows NT, 2000, XP -->>
This is used in case the password isn't crackable. It will gain access to the victim's machine just by typing a single string command which will log in as a guest and not act as a password cracker itself. So, it's:
c:\windows\net use x: \\255.255.255.255\ipc$ "" /user:""
This will now actually gain access rights as the one explained above but it will prove useful information such as shared drives, names of user names, users that never logged in etc. Two tools that use this type of method are "Internet Periscope" and "enum" which is basically command line.
If you're lucky enough and have write access permissions you can place files on the hard drive such as keyloggers, trojans etc which will later on open further holes in the OS if the victim is lame enough to double click on the executable files and start the service.
<<-- How to Protect yourself from such an attack -->>
Visit the Microsoft Update's page and let the updates install automatically -
http://windowsupdate.microsoft.com
That's all for now, until then,
DarkSolo
How to get FREE Internet in the UK
Note: Use this information at your own risk. If you have credit in your mobile phone it will start getting dry so I'll suggest that you use a SIM card without any credit in it.
In this tutorial, I will be demonstrating how to get FREE Internet in case you're a civilian living in the United Kingdom. To get started you'll need the following prerequisites:
A Mobile Phone that is unlocked
An O2 sim card
Proxifier (PC software)
This guide! :)
Ok, so let's get started.
Connect your PC or laptop to your Mobile (bluetooth, IR or Cable).
Most of the time, latest mobile trends come with the manufacturer software on disk such as the following (Motorola phone tools/Nokia PC suite etc).
Then go into the Internet settings of your software, the one you are using as mentioned above and make a new connection using the following settings:
Use these settings:
Access Point- payandgo.o2.co.uk
Username- payandgo
Password- password
Open Proxifier Software
Go to Options/Proxy Settings/Add
Server Address 193.113.200.195 Port 8080
Protocol https
No other settings are required, click OK.
That's it! You are now connected and able to the surf the Internet for FREE via GPRS technology.
Until next time,
DarkSolo
In this tutorial, I will be demonstrating how to get FREE Internet in case you're a civilian living in the United Kingdom. To get started you'll need the following prerequisites:
A Mobile Phone that is unlocked
An O2 sim card
Proxifier (PC software)
This guide! :)
Ok, so let's get started.
Connect your PC or laptop to your Mobile (bluetooth, IR or Cable).
Most of the time, latest mobile trends come with the manufacturer software on disk such as the following (Motorola phone tools/Nokia PC suite etc).
Then go into the Internet settings of your software, the one you are using as mentioned above and make a new connection using the following settings:
Use these settings:
Access Point- payandgo.o2.co.uk
Username- payandgo
Password- password
Open Proxifier Software
Go to Options/Proxy Settings/Add
Server Address 193.113.200.195 Port 8080
Protocol https
No other settings are required, click OK.
That's it! You are now connected and able to the surf the Internet for FREE via GPRS technology.
Until next time,
DarkSolo
Subscribe to:
Posts (Atom)
