by 127.0.0.1 » Thu Apr 28, 2005 1:08 pm
Do you need a firewall? yes, yes, yes.
So your not running a firewall brutus? I assume your running MS windows as well correct? Well let me show you just how easy it would be for someone to break into your system.
I will assume the attacker system is running ms-windows as well.
ok, open a command prompt then type NBTSTAT
the only two options we will need is:
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.
the -a means that you will type in the HOST NAME of the person's computer that you are trying to access.
Now we need to get the IP address of the remote pc we are trying to attack. This can be achieved easily in many different ways. For example if you run your own server like me, anyone who connects to my FTP server:
00011000 00001011 10100111 01010100
I get their IP address in /var/log/ and the time they connected among other things. Now obviously if the person has a spoofed IP this won't apply but that's a different issue.
If you don't have your own server, you could also DC (direct connect) to someone in AIM for instance. Then once the DC is established type netstat -n at a command prompt this will show you active connections, and from here you will see either the target PC's host name or IP.
Or on mIRC, you could get the person's IP by /whois (targets name) theres other ways to get an IP address as well, but this is all I will explain.
So now you have either a IP address or a host name of the target PC. Now open up a command prompt and type NBTSTAT. If you have an IP address use the -A option and if you have the host name use the -a option.
So.... if you have the IP address of the target type:
NBTSTAT -A (INSERT IP OF TARGET PC)
if you have the host name type:
NBTSTAT -a (INSERT HOST NAME)
hit enter. If you got a "Host not found" error then the target cannot be hacked with this method. But if you got something like this your in luck:
GMVPS01 <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
GMVPS01 <03> UNIQUE Registered
GMVPS01 <20> UNIQUE Registered
WORKGROUP <1E> GROUP Registered
If you see this:
<20>
the target is vulnerable with this method. The <20> means that file sharing is enabled.
next on the attackers PC all one would have to do is enter the IP address of the victim PC in LMHOST.sam, open this file with a program like notepad to edit the text file.
Then you would add in the file:
#PRE #DOM:(IP address of target) #INCLUDE
Once you do this if all has went well all you have to do is go to start==>find==>computer
Then just type the IP address or the host name you entered in LMHOST.sam then you have full access to the targets C:/ and you can edit, delete, and rename files as one pleases. You can imagine the damage that could occur.
If you were running a firewall this method would never work because the inbound connection would never have been allowed.
I did not post this to teach people "how to hack" either it's a just example of how you need a firewall. Believe me there is more efficient options than this I could have shared.
Last edited by
127.0.0.1 on Thu Apr 28, 2005 11:47 pm, edited 1 time in total.