Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
March 28, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 623
Members: 0
Total: 623
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> Exploiting the Hosts over the network [With Picture]
Post new topic  Reply to topic View previous topic :: View next topic 
Exploiting the Hosts over the network [With Picture]
PostPosted: Wed Feb 27, 2008 8:51 pm Reply with quote
F4r4Zm0In
Active user
Active user
 
Joined: Feb 17, 2008
Posts: 30




May be this tutorial is helpful for N00bs Smile

This article is not meant for advanced users
because you may be already knowing this
but it may be helpful for the beginners

well, its time to exploit the network
yes i am talking about the lan [Local Area Network]
lets start:
1: click start>run>cmd>type ipconfig
then you will be seeing a picture like this one :



now, from the picture we can easily know what our "ip address" is
if in this case our ip address is "117.197.48.112"
then obviously the ip addresses of other peoples on the network must be similar to this one
yeah, the only thing which is different is the last part.

i mean [112]

now, our job now is to find a system that has file and printer sharing enabled
but first we have to find some live hosts
lets try:

now to find live hosts what we did is:
we start pinging systems by changing the last part [112]

and here is what we have got:



yea, we got ping response because our machine is still active LOL :d

Now, we dont want to exploit our own system so its time to ping some one else :

lets start pinging randomly:

117.197.48.112 [Owr own machine, which we already pinged]
117.197.48.111
117.197.48.110
117.197.48.109
................................. and so on.

in the first attempt we tried pinging 117.197.48.111 and our ping failed
in the second attempt we tried pinging 117.197.48.100 and got "Success"



now simply click on start>run>type \\117.197.48.100
Now hit Enter button.

and here is what we have got Smile



Now, we can copy, edit, or even delete the stuff from that machine Smile

In this exploit we got success at the second attempt because the machine is having "file and printer sharing enabled" option checked!
sometimes it happens that we got ping response, but Still can't explore the host over the network [and got some nasty errors while trying to exploit]
because the machine is most probably having "file and printer sharing enabled" option Unchecked!
or it may be behind the firewall!

All it depend on your day!

So its better that you try your luck.
View user's profile Send private message Visit poster's website
PostPosted: Wed Feb 27, 2008 9:29 pm Reply with quote
Tom
Regular user
Regular user
 
Joined: Feb 11, 2008
Posts: 10




Nice tut for Noobs.

Smile
View user's profile Send private message
PostPosted: Thu Feb 28, 2008 2:17 pm Reply with quote
F4r4Zm0In
Active user
Active user
 
Joined: Feb 17, 2008
Posts: 30




Tom wrote:
Nice tut for Noobs.

Smile


Yeah! I wrote this one while keeping the n00bs in Mind Smile
View user's profile Send private message Visit poster's website
PostPosted: Fri Feb 29, 2008 5:50 am Reply with quote
hunter
Regular user
Regular user
 
Joined: Feb 24, 2008
Posts: 7




MORE TUTS PLZ !

hacking servers would be good Smile

no luck yet, i guess not many ppl have pritner file sharing on?

also if i pinged one that worked...i would get "a device on your comptuer is not functioning" or something.

im on vista.
View user's profile Send private message
PostPosted: Fri Feb 29, 2008 7:25 am Reply with quote
F4r4Zm0In
Active user
Active user
 
Joined: Feb 17, 2008
Posts: 30




hunter wrote:
MORE TUTS PLZ !

hacking servers would be good Smile

no luck yet, i guess not many ppl have pritner file sharing on?

also if i pinged one that worked...i would get "a device on your comptuer is not functioning" or something.

im on vista.


I will post more soon,
whenever i found spare time to write Smile
View user's profile Send private message Visit poster's website
F4r4Zm0In
PostPosted: Fri Feb 29, 2008 9:08 am Reply with quote
ToXiC
Moderator
Moderator
 
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus




F4r4Zm0In ,

i dont want to sound crawl or anything but having access into share files is NOT hacking ...

nice effort though ...

i will try to extend it a bit to make it more interesting..

well ..

some basic commands are :

nbtstat
nbtstat display protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).

usage nbtstat -a ip

article on nbtstat
http://articles.techrepublic.com.com/5100-1035-1058328.html


Beyond that you can play with null sessions :

A null session can be created by using the Windows net program to map a connection using a blank username and password. On Windows systems that are vulnerable, you simply have to enter:
net use \\ip_address\ipc$ "" "/user:" at a Windows command prompt.

This was a vulnerability of windows 2000 that could create a connection with no user or pass with enough priviledges to have access to network pcs and with programs such as Winfo, Walksam, certain Windows Resource Kit tools and even the net program that's built into Windows to glean tons of information off a Windows system

In windows xp now they decided to protect that resource but the still left the null sessions . So some not so well configured boxes could allow null sessions as well.


Nice tools to use for USER ENUMERATION and more..

autoscan:
http://autoscan-network.com/

cain and abel
http://www.oxid.it/cain.html
-
-
-
and 100000 more Smile

_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com
View user's profile Send private message Visit poster's website MSN Messenger
Re: F4r4Zm0In
PostPosted: Fri Feb 29, 2008 2:47 pm Reply with quote
F4r4Zm0In
Active user
Active user
 
Joined: Feb 17, 2008
Posts: 30




ToXiC wrote:
F4r4Zm0In ,

i dont want to sound crawl or anything but having access into share files is NOT hacking ...

nice effort though ...

i will try to extend it a bit to make it more interesting..

well ..

some basic commands are :

nbtstat
nbtstat display protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).

usage nbtstat -a ip

article on nbtstat
http://articles.techrepublic.com.com/5100-1035-1058328.html


Beyond that you can play with null sessions :

A null session can be created by using the Windows net program to map a connection using a blank username and password. On Windows systems that are vulnerable, you simply have to enter:
net use \\ip_address\ipc$ "" "/user:" at a Windows command prompt.

This was a vulnerability of windows 2000 that could create a connection with no user or pass with enough priviledges to have access to network pcs and with programs such as Winfo, Walksam, certain Windows Resource Kit tools and even the net program that's built into Windows to glean tons of information off a Windows system

In windows xp now they decided to protect that resource but the still left the null sessions . So some not so well configured boxes could allow null sessions as well.


Nice tools to use for USER ENUMERATION and more..

autoscan:
http://autoscan-network.com/

cain and abel
http://www.oxid.it/cain.html
-
-
-
and 100000 more Smile


Thanks for adding extra $ valuable information Smile
View user's profile Send private message Visit poster's website
PostPosted: Sun May 18, 2008 3:18 pm Reply with quote
Kazuma
Beginner
Beginner
 
Joined: May 17, 2008
Posts: 3
Location: Zwollywood




You could have easy walked over to your roommates computer to avoid all the hassle with typing all those internal IP's Wink

Outside your (V)LAN this would be hard to find since most routers have NAT disabled for these ports (samba sharing?).
Cool
View user's profile Send private message
Exploiting the Hosts over the network [With Picture]
  www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB © 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.168 Seconds