You might be aware of DOS prompt....its nothing but the cmd command.....
Just click the START button,n then click on the run button.....then in the box type cmd or cmd.exe.
U can observe dat the command prompt by default starts as...
C:\Document and Settings\>
so if u need to change the root directory to another drive of ur system..like
D:\> or
E:\>.....etc.
All u need is to copy the cmd.exe or cmd file which is located at
C:\WINDOWS\system32
and paste it in the drive u need.....
then when u run it from the desired hard drive..
u can see the root directory to be the letter of that drive...
or
just press the drive letter followed by the symbol colon ":"
like D:
E:
etc....
-> About IP address....
Everyone that connects to an network, has got a IP address. A IP address looks something like this : 80.65.123.25
Your network card has an IP and your modem has an IP address if you connect to the Internet, but both is diffident because your LAN is not part of the internet.
When you connect to Internet, depending on your connection, you get a fixed ( static ) IP or a dynamic IP. Modem users gets a IP address that changed every time they reconnect to internet, Very useful if you attack people, so if you disconnect, then you get a diffident IP. If you have a ISDN or maybe ADSL connection most of the time you will get a static IP, so whenever you connect to internet you get the same IP every time.
Attack someone without IP spoofing, they will be able to see it is your IP attacking them! They can then go to your ISP ( internet service provider ), check who does this IP belong to and you can get into trouble. This is where modem users are lucky, they don't have a static IP and then can go mad and attack people and so without being caught, well almost... Their ISP can still check who was using the certain IP for a certain time and what telephone number it was coming from, but its too much of a hassle for a simple DOS attack.
IP spoofing is basically when you attack someone and you use a bogus IP. a DOS attack or whatever, it attacks the target, but the target only receives data from bogus IP's. IP's that does not really exist, or it does excist but it is someone else's IP, not yours.
Every network cards has a burned in MAC address. a MAC address looks something like this : 00-40-AH-4E-E0-90, it cannot be changed - well kind of, so if you attack someone and they do a nbstat on you, get your MAC address of your network card, it is a simple way of identifying you as the attacker
Your network card has an IP and your modem has an IP address if you connect to the Internet, but both is diffident because your LAN is not part of the internet.
When you connect to Internet, depending on your connection, you get a fixed ( static ) IP or a dynamic IP. Modem users gets a IP address that changed every time they reconnect to internet, Very useful if you attack people, so if you disconnect, then you get a diffident IP. If you have a ISDN or maybe ADSL connection most of the time you will get a static IP, so whenever you connect to internet you get the same IP every time.
Attack someone without IP spoofing, they will be able to see it is your IP attacking them! They can then go to your ISP ( internet service provider ), check who does this IP belong to and you can get into trouble. This is where modem users are lucky, they don't have a static IP and then can go mad and attack people and so without being caught, well almost... Their ISP can still check who was using the certain IP for a certain time and what telephone number it was coming from, but its too much of a hassle for a simple DOS attack.
IP spoofing is basically when you attack someone and you use a bogus IP. a DOS attack or whatever, it attacks the target, but the target only receives data from bogus IP's. IP's that does not really exist, or it does excist but it is someone else's IP, not yours.
Every network cards has a burned in MAC address. a MAC address looks something like this : 00-40-AH-4E-E0-90, it cannot be changed - well kind of, so if you attack someone and they do a nbstat on you, get your MAC address of your network card, it is a simple way of identifying you as the attacker
->How to get PC name,MAC address...
So you would like to know someone's PC name, or their MAC address of their network card or the username that currently logged onto the PC? It can be very useful to have this info on someone. Their PC name can be their own name or company name. Their MAC address is the address of their network card, which is static, means that it can never change. Their username can also be useful if you would like to know this persons name. All of this can only be retrieved if the person has a network card installed on their PC.
In DOS prompt (Start, Run) type in " nbtstat -a IP"
EX : nbstat -a 196.35.24.15, it will show something like this :
Local Area Connection 3:Node IpAddress: [10.10.10.22] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status---------------------------------------------PCNAME <00> UNIQUE RegisteredDOMAINNAME<00> GROUP RegisteredPCNAME<03> UNIQUE RegisteredPCNAME<20> UNIQUE RegisteredDOMAINNAME <1e> GROUP RegisteredUSERNAME <03> UNIQUE Registered
MAC Address = 00-22-AE-43-33-30
It will show you the PC name, domain name if it is connected to a domain and it will show the user name logged onto the PC. The MAC is static, meaning it never changes, useful for identifying someone. Your buddy attacks you, you check his IP and you do a "nbtstat" on him, and you gets his MAC address. So now if you check on his PC, and see he has got the same MAC address you know it was him attacking you.
In DOS prompt (Start, Run) type in " nbtstat -a IP"
EX : nbstat -a 196.35.24.15, it will show something like this :
Local Area Connection 3:Node IpAddress: [10.10.10.22] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status---------------------------------------------PCNAME <00> UNIQUE RegisteredDOMAINNAME<00> GROUP RegisteredPCNAME<03> UNIQUE RegisteredPCNAME<20> UNIQUE RegisteredDOMAINNAME <1e> GROUP RegisteredUSERNAME <03> UNIQUE Registered
MAC Address = 00-22-AE-43-33-30
It will show you the PC name, domain name if it is connected to a domain and it will show the user name logged onto the PC. The MAC is static, meaning it never changes, useful for identifying someone. Your buddy attacks you, you check his IP and you do a "nbtstat" on him, and you gets his MAC address. So now if you check on his PC, and see he has got the same MAC address you know it was him attacking you.
->Hacking PC through NetBios...
Finding PCs with shares over a LAN or over internet is very easy.
Choose a certain IP range and use Netscan to search through the IP range for PCs with shares. A PC can only have shares if it is connected to a network or has file and printing enabled, so mostly computers with an network card. If you find a computer with a share, use Windows to connect to that share.
Go START, RUN and type in "\\IP\sharename". Example "\\198.55.67.244\c" or with the PC name "\\pc1\c" - then you will have access to the share, to delete, copy or rename files or directories, depending what it was shared as, but most people share things with full access and no password.
If you find a PC with shares, but when you try and connect to it, it ask you a password, the easy way to crack it is with PQWak, this program brute force cracks the password for you - Win9X only.
Windows NT/XP, works through permissions, so if something is shared, it is shared with permissions to the folder, and permissions is given to an user name. But alot of people make shares with full access to anyone. Win2K/XP accessing an share like the C$ share will ask you an username and password, if there is no password specified by the person who's PC it is.. Trying username as Administrator and password blank. Most people got administrator account password blank, easy way to get onto their shares.
Windows 2000 and XP you can use Venom or Starbrute to brute force or dictionary crack local accounts.
If you gain access to someone's hard drive, copy a trojan server file into their startup folder, and then when they reboot their PC, the trojan will run and you will have access to their PC with the trojan.
Choose a certain IP range and use Netscan to search through the IP range for PCs with shares. A PC can only have shares if it is connected to a network or has file and printing enabled, so mostly computers with an network card. If you find a computer with a share, use Windows to connect to that share.
Go START, RUN and type in "\\IP\sharename". Example "\\198.55.67.244\c" or with the PC name "\\pc1\c" - then you will have access to the share, to delete, copy or rename files or directories, depending what it was shared as, but most people share things with full access and no password.
If you find a PC with shares, but when you try and connect to it, it ask you a password, the easy way to crack it is with PQWak, this program brute force cracks the password for you - Win9X only.
Windows NT/XP, works through permissions, so if something is shared, it is shared with permissions to the folder, and permissions is given to an user name. But alot of people make shares with full access to anyone. Win2K/XP accessing an share like the C$ share will ask you an username and password, if there is no password specified by the person who's PC it is.. Trying username as Administrator and password blank. Most people got administrator account password blank, easy way to get onto their shares.
Windows 2000 and XP you can use Venom or Starbrute to brute force or dictionary crack local accounts.
If you gain access to someone's hard drive, copy a trojan server file into their startup folder, and then when they reboot their PC, the trojan will run and you will have access to their PC with the trojan.
->>Secure your PC....
->Firstly install Windows XP with the latest Service pack.
-> Run Windows update (START, ALL PROGRAMS, WINDOWS UPDATE) and update Windows and all your device drivers. Go download all the latest versions of applications you use like FTP server or proxy or so, old versions of programs is insecure and you could be hacked that way.. Also try Autopatcher to update your Windows.
->Disable the "guest" account on your PC and rename your "administrator" account. Right click My Computer and choose Manage.
->Stop any services you don't use, but be careful not to stop something that u use ( RIGHT CLICK MY COMPUTER, CHOOSE MANAGE, SERVICES AND APPLICATIONS, SERVICES). Stop the MESSENGER and REMOTE REGISTERY services.
->Delete the admin shares, share it as something else and then stop sharing it. Then when you reboot it will not share it automatically again. With these admin shares domain admin's and hackers can access your PC. Make sure to put a complex password on all your accounts. ]
->Make your hard drive NTFS - it is the file system you format your harddrive with.
->Put a password on your BIOS and make sure you change the boot order to boot first with the hard drive, so someone cannot boot up with a CD, delete your SAM file, or crack its password and gain administrator access to your PC..
->Make sure the built in firewall is enabled. Check in control panel for Windows firewall. This firewall may be the cause that some of your hacking applications and tools will stop working, so if you have a problem with an application make sure to add this program to your windows firewall exceptions.
->Install some kind of anti virus program, Norton Anti Virus,Avira,Quick heal etc.,works good, but remember that alot of hacking tools are picked up by Anti Virus, so disable your Anti Virus before running those tools.
->Also install a Spyware removal tools like Spyware Doctor
Spyware is iritating software which is installed onto your PC through files you download from the net or webpages you open which has mallicious code in it. It slows down your PC and might send your information to the spyware creator.
-> Run Windows update (START, ALL PROGRAMS, WINDOWS UPDATE) and update Windows and all your device drivers. Go download all the latest versions of applications you use like FTP server or proxy or so, old versions of programs is insecure and you could be hacked that way.. Also try Autopatcher to update your Windows.
->Disable the "guest" account on your PC and rename your "administrator" account. Right click My Computer and choose Manage.
->Stop any services you don't use, but be careful not to stop something that u use ( RIGHT CLICK MY COMPUTER, CHOOSE MANAGE, SERVICES AND APPLICATIONS, SERVICES). Stop the MESSENGER and REMOTE REGISTERY services.
->Delete the admin shares, share it as something else and then stop sharing it. Then when you reboot it will not share it automatically again. With these admin shares domain admin's and hackers can access your PC. Make sure to put a complex password on all your accounts. ]
->Make your hard drive NTFS - it is the file system you format your harddrive with.
->Put a password on your BIOS and make sure you change the boot order to boot first with the hard drive, so someone cannot boot up with a CD, delete your SAM file, or crack its password and gain administrator access to your PC..
->Make sure the built in firewall is enabled. Check in control panel for Windows firewall. This firewall may be the cause that some of your hacking applications and tools will stop working, so if you have a problem with an application make sure to add this program to your windows firewall exceptions.
->Install some kind of anti virus program, Norton Anti Virus,Avira,Quick heal etc.,works good, but remember that alot of hacking tools are picked up by Anti Virus, so disable your Anti Virus before running those tools.
->Also install a Spyware removal tools like Spyware Doctor
Spyware is iritating software which is installed onto your PC through files you download from the net or webpages you open which has mallicious code in it. It slows down your PC and might send your information to the spyware creator.
FAQ's on HACKING windows
How do I hack? - There is no easy way how to hack. Google is your best friend.. REMEMBER THAT! Read any information you can find on hacking. Read hacking forums and check out hacking websites. Learn a programming language like C++. Get a book like Hacking for Dummies which will teach you alot.
What do I need to be able to hack? - Firstly you need to understand how your computers operating system works, networks and protocols works, security settings and general PC knowledge. After you understand how it works you need hacking tools which helps you to hack.
What is command prompt (cmd- the little dos Windows)? - Go START, RUN and type in: "cmd"
What can I do in cmd? - You can can do various things with it like run exploits or do a ping request.
Why does some of the hacking tools I download just close itself when I open them? - Lot's of hacking tools are DOS based and has to be run through CMD. If you double click on the program it will open a DOS box and automaticly close the box. From CMD you can navigate to the directory which your hacking tool is stored in and run it from there. Other hacking tools are GUI ( graphical user interface ) based and it will open like a normal Windows based program.
What is a IP address? - Every computer connected to the Internet or some network has a IP address. Goto START, RUN and type in "cmd" then type in "ipconfig" it will show you your IP adress or adresses. It will look something like this : 81.35.99.84. IP = internet protocol.
How do I find someone's IP adress? - Look further down in this tutorial and use IPSTEALER
What can I do with a IP? - Well you need someone's IP before you can hack, portscan or DOS them.
What is IP ping ? - It's a command you can use to check if someone's IP address is online, to check it they connected to the Internet or a network. In command prompt type in "ping 192.168.0.21" - this will show you something like this :
Pinging 192.168.0.21 with 32 bytes of data:
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128Reply from 192.168.0.21: bytes=32 time<1ms TTL=128Reply from 192.168.0.21: bytes=32 time<1ms TTL=128Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.21:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0ms
That means you can succesfully PING IP 192.168.0.21 which means the IP is online. If you get a message "request timed out" it means the IP is not online.
Bytes=32 is the ammount of data which was sent to the host.
Time<1ms is the time the host took to reply.
Now remember that even though you cannot ping a IP, it does not mean the host is not online, ping requests might just be blocked.
Why can't I ping a certain IP? - Either the IP is not online/ in use or the person your trying to ping is running a firewall which blocks ping requests or maybe your firewall is blocking outgoing ping requests
What is 127.0.0.1 IP? - It is your PC's local loopback IP address.Its default IP of ur system.
Why do I have two IP addresses when I do a ipconfig? - Well if your on a local LAN (Local area network) you will have a IP like 192.168.0.1. If your also connected to the internet you will have another IP address like 80.87.34.56. 192.168.0.1 is your local IP which you use to comunicate with your local internet network (lan) and 80.87.34.56 is your internet IP.
What is a static and dynamic IP address? - Static means permanent set IP address - like a website will have a static IP address, it never changes. Dynamic means temporary IP address - dailing up to the Internet with a modem or most ADSL connections has dynamic IP's. Everytime you logon to the Internet your ISP ( Internet Service Provider ) will issue you a new IP address.
I have sent someone a trojan but I cannot connect to their PC? - Either they are running a firewall which blocks you from connecting to their PC, or they are connected to the internet through a router.
What do I do when someone is behind a router and I want to control their PC with a trojan? - You will need to use a trojan which uses reverse connections - meaning you don't connect to the host, the host connects to you. Bifrost is a trojan which has the mentioned function. Remember when someone is behind a router and your using IPstealer to get hold of their IP address, you are actually getting their routers IP, not their actual PC's IP. The router will have the persons internet IP (WAN IP) and their PC will have a difirent IP - their LAN IP.
How do I check if my own PC is infected with a trojan? - Do a port scan on your PC and check which ports are open. If you find any open ports in this trojan port list you might be infected with a trojan. Download the trojan you think you might be infected with and connect to that specified port.
What is a router? - A device which is used to route data on a network. a Router decides where certain traffic should be sent to.
What is a firewall? - Its a software or hardware device which can block or permit certain ports or IP's or certain kinds of data.
What is a port and what can I do with it? - Every program running on your PC which has some network function uses a specific port to send an receive data though. If you do a port scan you will see which ports are open on the host you scanned. Port 80 is normally a web server. Port 21 a FTP server ect ect.. Trojans also uses ports. Check this list of trojan ports, if you find an open port in this list, the host might be infected with a trojan, download the trojan and try connecting to the port.
How do I do a port scan? - You need a program like superscan to do a portscan. Then all you do is add the ip you want to scan.
Why do you want to scan ports? - If you scan a PC with a port scanner, it will show you which programs or services are running on the PC.
Common ports:
Ping : 7Systat : 11Time : 13NetStat : 15SSH : 22 Telnet : 23SMTP : 25Whois : 43Finger : 79HTTP : 80POP : 110
What is a exploit? - It's a poorly coded piece in software which you can use to gain access to the system. There is many exploits available for the various MS Windows's out there.
How do I use a exploit? - You first need to compile the exploit with a program like Bloodshed C++ compiler. Then you can start the exploit through command prompt and see if the system your trying to exploit is vulnerable to that specific exploit. Scroll down for more information about exploits.
What is a exploit POC? - POC stands for proof of concept and it the proof that a exploit works.
What is a DOS attack? - It is when too much data is being sent to a host and it cannot handle all the data and disconnects from the Internet.
How do I see what connections is currently made to my PC? - In cmd type in "netstat" - it will show you IP addresses of connections to your PC and what port it is using. Also you can use Currports which has a GUI to show current connections and it has option to close the connection on a certain port.
What is a MAC address? - Its a hard coded number, almost like a name which is embedded into a network card. It identifies the manufacturer of the card and a unique number for the card. No two network cards in the world has the same MAC address.
How do I find out my own or someone else's MAC address? -
Your own MAC = Goto cmd and type in "ipconfig /all"
MAC address looks something like this : 00-13-20-A3-0B-4C
Someone else's MAC address you need their IP address and then goto cmd and type in "nbtstat -a 192.168.0.5" or whatever IP they use. This will show you their MAC address as well as their currently logged on user.
What is a Windows Registry and how do I access it? - Its where Windows stores most of the configurations of your operating system and most programs installed. You might used it to make a trojan server file you uploaded to the PC run automaticly when Windows starts up. To access the registry go START, RUN and type in "regedit"
Carefull what you change in the registry, it might screw up you PC.. First make a backup of the registry.
What is IIS? - It is Microsoft's web server. IIS - Internet information server. Most webservers run on port 80.
How do I check if a website is running on IIS? - Telnet to the website URL through CMD - "telnet www.siteyouwanttocheck.com 80"
What is telnet? - Program which can be used to connect to remote computers or routers and to run commands by simply typing them in its window.
How do I hack into a Gmail, Yahoo or Hotmail email account? - Every now and then someone discovers a way to get into those email servers, but the service provider fixes the security hole so fast, there is no straight answer for that. Best way is to install a keylogger on the victims PC and get their login details. Otherwise download THIS program which you can use to brute force a hotmail account.
How do I hack into a POP3 email account? - Hydra 5.3 is a program which you can use to crack POP3 accounts. You will need a wordlist which Hydra will use to crack the POP3 password.
What is a keylogger? - It is a program you install on someone's PC which captures every key that is pressed on their keyboard which is emailed to you or stored into a file.
How do I get the administrator account password while logged in to the PC? - Locally run a program like Adminhack for local administrator account cracking. If you need to do it remotely run a program like Venom or Starbrute.
What is a SAM file? - SAM file is the file which stores all the user accounts and their password hashes like the Administrator account. SAM file is stored in "C:\WINDOWS\system32\config" but it is locked and inaccessable while you are busy using Windows - meaning you can't copy it while your in Windows. You need to boot up with another operating system like NTFSDOS or Linux with NTFS support. When you copied the SAM file you can crack the passwords stored in the SAM file with a program like LC5. With Pwdump6 it is possible to get access to the SAM file while logged into windows. It can also connect to a remote PC and grab the password hashes from the SAM file. Administrator account is needed. Ophcrack live CD uses rainbow tables to crack user account password, and it boots from a CD.
How do I reset a administrator or some other account password on Win2K/WinXP/WinNT/Win2003? - Download Offline NT Password & Registry Editor which you can use to create a bootup disk or CD and then boot up the PC and then you can reset the password. Just remember that this program will not show you the password, you can only change the password.
How do I crack a administrator password? - If you need to crack a administrator password you will need to copy the SAM file to another machine and crack it. Download this NTXP-Cracker program which has included everything you need to boot up the PC, copy the SAM file and crack the SAM file on another machine.
How do I find out what operating system does my target run? - Download Detect and use it against your targets IP address.
Result:
C:\>detect.exe 127.0.0.1[*]------------------------------[*][*] XP/2K OS Detector [*][*] by: illwill & phr0stic [*][*]------------------------------[*]
[+] Finding Host 127.0.0.1[+] Connected to 127.0.0.1[+] Bytes Sent: 222[?] The box seems to be Windows XP
What do I need to be able to hack? - Firstly you need to understand how your computers operating system works, networks and protocols works, security settings and general PC knowledge. After you understand how it works you need hacking tools which helps you to hack.
What is command prompt (cmd- the little dos Windows)? - Go START, RUN and type in: "cmd"
What can I do in cmd? - You can can do various things with it like run exploits or do a ping request.
Why does some of the hacking tools I download just close itself when I open them? - Lot's of hacking tools are DOS based and has to be run through CMD. If you double click on the program it will open a DOS box and automaticly close the box. From CMD you can navigate to the directory which your hacking tool is stored in and run it from there. Other hacking tools are GUI ( graphical user interface ) based and it will open like a normal Windows based program.
What is a IP address? - Every computer connected to the Internet or some network has a IP address. Goto START, RUN and type in "cmd" then type in "ipconfig" it will show you your IP adress or adresses. It will look something like this : 81.35.99.84. IP = internet protocol.
How do I find someone's IP adress? - Look further down in this tutorial and use IPSTEALER
What can I do with a IP? - Well you need someone's IP before you can hack, portscan or DOS them.
What is IP ping ? - It's a command you can use to check if someone's IP address is online, to check it they connected to the Internet or a network. In command prompt type in "ping 192.168.0.21" - this will show you something like this :
Pinging 192.168.0.21 with 32 bytes of data:
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128Reply from 192.168.0.21: bytes=32 time<1ms TTL=128Reply from 192.168.0.21: bytes=32 time<1ms TTL=128Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.21:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0ms
That means you can succesfully PING IP 192.168.0.21 which means the IP is online. If you get a message "request timed out" it means the IP is not online.
Bytes=32 is the ammount of data which was sent to the host.
Time<1ms is the time the host took to reply.
Now remember that even though you cannot ping a IP, it does not mean the host is not online, ping requests might just be blocked.
Why can't I ping a certain IP? - Either the IP is not online/ in use or the person your trying to ping is running a firewall which blocks ping requests or maybe your firewall is blocking outgoing ping requests
What is 127.0.0.1 IP? - It is your PC's local loopback IP address.Its default IP of ur system.
Why do I have two IP addresses when I do a ipconfig? - Well if your on a local LAN (Local area network) you will have a IP like 192.168.0.1. If your also connected to the internet you will have another IP address like 80.87.34.56. 192.168.0.1 is your local IP which you use to comunicate with your local internet network (lan) and 80.87.34.56 is your internet IP.
What is a static and dynamic IP address? - Static means permanent set IP address - like a website will have a static IP address, it never changes. Dynamic means temporary IP address - dailing up to the Internet with a modem or most ADSL connections has dynamic IP's. Everytime you logon to the Internet your ISP ( Internet Service Provider ) will issue you a new IP address.
I have sent someone a trojan but I cannot connect to their PC? - Either they are running a firewall which blocks you from connecting to their PC, or they are connected to the internet through a router.
What do I do when someone is behind a router and I want to control their PC with a trojan? - You will need to use a trojan which uses reverse connections - meaning you don't connect to the host, the host connects to you. Bifrost is a trojan which has the mentioned function. Remember when someone is behind a router and your using IPstealer to get hold of their IP address, you are actually getting their routers IP, not their actual PC's IP. The router will have the persons internet IP (WAN IP) and their PC will have a difirent IP - their LAN IP.
How do I check if my own PC is infected with a trojan? - Do a port scan on your PC and check which ports are open. If you find any open ports in this trojan port list you might be infected with a trojan. Download the trojan you think you might be infected with and connect to that specified port.
What is a router? - A device which is used to route data on a network. a Router decides where certain traffic should be sent to.
What is a firewall? - Its a software or hardware device which can block or permit certain ports or IP's or certain kinds of data.
What is a port and what can I do with it? - Every program running on your PC which has some network function uses a specific port to send an receive data though. If you do a port scan you will see which ports are open on the host you scanned. Port 80 is normally a web server. Port 21 a FTP server ect ect.. Trojans also uses ports. Check this list of trojan ports, if you find an open port in this list, the host might be infected with a trojan, download the trojan and try connecting to the port.
How do I do a port scan? - You need a program like superscan to do a portscan. Then all you do is add the ip you want to scan.
Why do you want to scan ports? - If you scan a PC with a port scanner, it will show you which programs or services are running on the PC.
Common ports:
Ping : 7Systat : 11Time : 13NetStat : 15SSH : 22 Telnet : 23SMTP : 25Whois : 43Finger : 79HTTP : 80POP : 110
What is a exploit? - It's a poorly coded piece in software which you can use to gain access to the system. There is many exploits available for the various MS Windows's out there.
How do I use a exploit? - You first need to compile the exploit with a program like Bloodshed C++ compiler. Then you can start the exploit through command prompt and see if the system your trying to exploit is vulnerable to that specific exploit. Scroll down for more information about exploits.
What is a exploit POC? - POC stands for proof of concept and it the proof that a exploit works.
What is a DOS attack? - It is when too much data is being sent to a host and it cannot handle all the data and disconnects from the Internet.
How do I see what connections is currently made to my PC? - In cmd type in "netstat" - it will show you IP addresses of connections to your PC and what port it is using. Also you can use Currports which has a GUI to show current connections and it has option to close the connection on a certain port.
What is a MAC address? - Its a hard coded number, almost like a name which is embedded into a network card. It identifies the manufacturer of the card and a unique number for the card. No two network cards in the world has the same MAC address.
How do I find out my own or someone else's MAC address? -
Your own MAC = Goto cmd and type in "ipconfig /all"
MAC address looks something like this : 00-13-20-A3-0B-4C
Someone else's MAC address you need their IP address and then goto cmd and type in "nbtstat -a 192.168.0.5" or whatever IP they use. This will show you their MAC address as well as their currently logged on user.
What is a Windows Registry and how do I access it? - Its where Windows stores most of the configurations of your operating system and most programs installed. You might used it to make a trojan server file you uploaded to the PC run automaticly when Windows starts up. To access the registry go START, RUN and type in "regedit"
Carefull what you change in the registry, it might screw up you PC.. First make a backup of the registry.
What is IIS? - It is Microsoft's web server. IIS - Internet information server. Most webservers run on port 80.
How do I check if a website is running on IIS? - Telnet to the website URL through CMD - "telnet www.siteyouwanttocheck.com 80"
What is telnet? - Program which can be used to connect to remote computers or routers and to run commands by simply typing them in its window.
How do I hack into a Gmail, Yahoo or Hotmail email account? - Every now and then someone discovers a way to get into those email servers, but the service provider fixes the security hole so fast, there is no straight answer for that. Best way is to install a keylogger on the victims PC and get their login details. Otherwise download THIS program which you can use to brute force a hotmail account.
How do I hack into a POP3 email account? - Hydra 5.3 is a program which you can use to crack POP3 accounts. You will need a wordlist which Hydra will use to crack the POP3 password.
What is a keylogger? - It is a program you install on someone's PC which captures every key that is pressed on their keyboard which is emailed to you or stored into a file.
How do I get the administrator account password while logged in to the PC? - Locally run a program like Adminhack for local administrator account cracking. If you need to do it remotely run a program like Venom or Starbrute.
What is a SAM file? - SAM file is the file which stores all the user accounts and their password hashes like the Administrator account. SAM file is stored in "C:\WINDOWS\system32\config" but it is locked and inaccessable while you are busy using Windows - meaning you can't copy it while your in Windows. You need to boot up with another operating system like NTFSDOS or Linux with NTFS support. When you copied the SAM file you can crack the passwords stored in the SAM file with a program like LC5. With Pwdump6 it is possible to get access to the SAM file while logged into windows. It can also connect to a remote PC and grab the password hashes from the SAM file. Administrator account is needed. Ophcrack live CD uses rainbow tables to crack user account password, and it boots from a CD.
How do I reset a administrator or some other account password on Win2K/WinXP/WinNT/Win2003? - Download Offline NT Password & Registry Editor which you can use to create a bootup disk or CD and then boot up the PC and then you can reset the password. Just remember that this program will not show you the password, you can only change the password.
How do I crack a administrator password? - If you need to crack a administrator password you will need to copy the SAM file to another machine and crack it. Download this NTXP-Cracker program which has included everything you need to boot up the PC, copy the SAM file and crack the SAM file on another machine.
How do I find out what operating system does my target run? - Download Detect and use it against your targets IP address.
Result:
C:\>detect.exe 127.0.0.1[*]------------------------------[*][*] XP/2K OS Detector [*][*] by: illwill & phr0stic [*][*]------------------------------[*]
[+] Finding Host 127.0.0.1[+] Connected to 127.0.0.1[+] Bytes Sent: 222[?] The box seems to be Windows XP
Hacking Through Telnet
A Tutorial to Telnet and Hacking
Now you may be looking at this going, "What the hell is Telnet?". If you are, don't worry, I'll explain everything. First of all, Telnet is software that allows you to connect to another Telnet Host.
In windows systems Telnet is usually called Telnet32.exe or Telnet.exe. In newer versions of windows it is Telnet32.exe.
*** Note to Windows XP users: Don't go and get the old version of Telnet, because you have a DOS-Based one. I'll give commands along this guide so you can enjoy it too. You have to either run "Telnet" or "cmd" and then "Telnet".
Telnet is not illegal and is used by thousands of remote computers to interchange data, share connections, and do many other things that would be impossible without it.
The default port for Telnet is port 23. When I say for instance, 'Connect to the sys' I am referring to connecting on the system's default port for Telnet. Sometimes you can't determine a port so you will have to port scan a sys to find the Telnet Ports.
Port 25 is the 'Sendmail Protocol' port. We will be dealing with this port as well.
Telnet Security
Because there are so many problems with Telnet today involving cyber crime and hacking, SysAdmins often restrict anonymous use of their sys's Telnet Proxies. This is cheap and can be bypassed easily.
Most SysAdmins are amatures at what they do and make me laugh. They restrict the Telnet proxies on port 23 and think that we can't telnet to other ports such as 81 and 25 because we can't use the Telnet Proxy. Well they are wrong. We can easily do it and we will. Let me point out a system that has this and was not effective. I will star out the IP for privacy.
Welcome to Microsoft Telnet. Telnet32.exe.
o
202.232.**.**
connecting to 202.232.**.** 23 (The port number)
Connected.
Connection to host lost (unauthorized use of Telnet Proxy(ies).
o
202.232.**.** 25
Connecting to 202.232.**.** 25 (Watch this..)
Welcome to ********.net Sendmail Program. Welcome to all staff.
vrfy bin
..550
vrfy sys
..550
vrfy root
..550
vrfy admin
..550
vrfy games
..550
vrfy uucp
..550
q
..550
c
Connection to host lost on command.
okay people is there a problem there? How many addys did I get? Am I supposed to have those? Do I care? No. I am just demonstrating how sh1tty Unix-System security is and how easy it is to use the Telnet Proxy to your advantage. Here, I wil list some commands for all of you running under DOS.
C - Close the Current Connection
D - Display the sys's operating paremeters
O - Connect to a host name (on default port 23) [port]
q - Quit (Exit Telnet).
Set- Set Options
Send - Send data/strings to server
Telnet, as you know so far, is a very useful tool for hackers. Hell, if you can't connect to a computer, you can't hack it. Its that simple.
Now the best thing about Telnet is that virtually every Windows computer has it, comes with it, and is able to run it.
THINGS GOING WRONG ON HACKING OR TELNET
I have a Windows 98 computer and I am running Telnet. It gives me a lot more options when connecting to a computer, and these commands don’t go anywhere! What do I do? I get the hostname part and all that, just what does Term-Type mean?
okay people, so many people have asked me this I'm ready to start getting an auto-flame response on my e-mail box LoL. Anyway, here goes:
Term Type means Terminal Type. It is the version of the Telnet Terminal that the host or server is running. You have to specify this, Telnet is not hacker-friendly.
In Windows 98/95/ME you are not running a DOS-Based version of Telnet. You get a client program, somewhat considered shite for me. I like the DOS based one and frankly, I find it a lot easier to use.
I can't connect to the host!
Well, the host either doesn't exist, does not support Telnet Packets or Connections, or is currently restricting proxy access or usage from your addy or all addresses.
I went further than you because I thought I knew what I was doing! I got this message saying my hacking attempt was logged! Am I going to go to jail!?!?!
Don’t worry, as long as its not with the extension .log or .hlog or .hacklog you're fine, as 95 percent of these messages are BS and lies.
IF THEY'RE LIES, how come they knew I was hacking them?
They don't. They simply search for incoming connections not recognized by the server. If the SysAdmins didn't modify the message, you would have gotten this:
"Error 229292: Data not recognized 8191: Distinct Remote Service Lost or Corrupt."
They just modified it. Breath in, breath out, relax.
My dad or mom found out I was hacking, and my dad's an expert on computers! He made it so I can't view anything on AOL. What the hell's going on! Give me a trick to evade this!
Sure thing. Connect to AOL, ping the site you're trying to view, and type in the IP address. You will get to the homepage, but this isn't that good a trick because you can't ping sub-addys and you're going to get text for the sub-urls. This might or might now work.
I was screwing around with my friends computer. I think I left my information somewhere, but where?
Usually, you have a critical system log. If you delete a system file (which unless you're 133t you'd NEVER EVER do) the computer's going to boot and give you a log of what happened before the deletion of the file so you know what went wrong. If you did happen to delete it, it will list something like "deletion from x.x.x.x. (your IP)". If it does, damn, you're busted. But there are ways of getting rid of this "hacker-knock out". First off, get a WAN-Controller, or any sort of program that lets you input screen or Hardware input by the output. This means you can control their computer with yours. But you can't boot this computer, because it will break the connection.
Access the log files usually in system or system32 (both system files located in C:/Windows or C:/). There, you will see encrypted sh1t. CTRL+A will select it all and delete it all. If you do delete this file, (after you do), try recovering the system file. WHATEVER YOU DO DON'T DO A SYSTEM RESTORE, YOU HAVE BEEN WARNED.
Some hacker has my IP and hacks it every time I log on. It's static, which means it doesn't change. How do I make him stop? I don't know what his IP is, either!
Go to start, run, "netstat -a". Hacking is almost equivalent to connecting, if he's hacking you your connected to him and he's connected to you. Netstat -a is a command that allows you to see all your connections to hosts and servers, associated with TCP/IP. If you see a hostname that you don't recognize, log it. In fact, click Print Screen, go to paint, CTRL+V, Crop the image of the DOS window for Netstat, and save it. That should be quite easy.
Now you may be looking at this going, "What the hell is Telnet?". If you are, don't worry, I'll explain everything. First of all, Telnet is software that allows you to connect to another Telnet Host.
In windows systems Telnet is usually called Telnet32.exe or Telnet.exe. In newer versions of windows it is Telnet32.exe.
*** Note to Windows XP users: Don't go and get the old version of Telnet, because you have a DOS-Based one. I'll give commands along this guide so you can enjoy it too. You have to either run "Telnet" or "cmd" and then "Telnet".
Telnet is not illegal and is used by thousands of remote computers to interchange data, share connections, and do many other things that would be impossible without it.
The default port for Telnet is port 23. When I say for instance, 'Connect to the sys' I am referring to connecting on the system's default port for Telnet. Sometimes you can't determine a port so you will have to port scan a sys to find the Telnet Ports.
Port 25 is the 'Sendmail Protocol' port. We will be dealing with this port as well.
Telnet Security
Because there are so many problems with Telnet today involving cyber crime and hacking, SysAdmins often restrict anonymous use of their sys's Telnet Proxies. This is cheap and can be bypassed easily.
Most SysAdmins are amatures at what they do and make me laugh. They restrict the Telnet proxies on port 23 and think that we can't telnet to other ports such as 81 and 25 because we can't use the Telnet Proxy. Well they are wrong. We can easily do it and we will. Let me point out a system that has this and was not effective. I will star out the IP for privacy.
Welcome to Microsoft Telnet. Telnet32.exe.
o
connecting to 202.232.**.** 23 (The port number)
Connected.
Connection to host lost (unauthorized use of Telnet Proxy(ies).
o
Connecting to 202.232.**.** 25 (Watch this..)
Welcome to ********.net Sendmail Program. Welcome to all staff.
vrfy bin
..550
vrfy sys
..550
vrfy root
..550
vrfy admin
..550
vrfy games
..550
vrfy uucp
..550
q
..550
c
Connection to host lost on command.
okay people is there a problem there? How many addys did I get? Am I supposed to have those? Do I care? No. I am just demonstrating how sh1tty Unix-System security is and how easy it is to use the Telnet Proxy to your advantage. Here, I wil list some commands for all of you running under DOS.
C - Close the Current Connection
D - Display the sys's operating paremeters
O - Connect to a host name (on default port 23) [port]
q - Quit (Exit Telnet).
Set- Set Options
Send - Send data/strings to server
Telnet, as you know so far, is a very useful tool for hackers. Hell, if you can't connect to a computer, you can't hack it. Its that simple.
Now the best thing about Telnet is that virtually every Windows computer has it, comes with it, and is able to run it.
THINGS GOING WRONG ON HACKING OR TELNET
I have a Windows 98 computer and I am running Telnet. It gives me a lot more options when connecting to a computer, and these commands don’t go anywhere! What do I do? I get the hostname part and all that, just what does Term-Type mean?
okay people, so many people have asked me this I'm ready to start getting an auto-flame response on my e-mail box LoL. Anyway, here goes:
Term Type means Terminal Type. It is the version of the Telnet Terminal that the host or server is running. You have to specify this, Telnet is not hacker-friendly.
In Windows 98/95/ME you are not running a DOS-Based version of Telnet. You get a client program, somewhat considered shite for me. I like the DOS based one and frankly, I find it a lot easier to use.
I can't connect to the host!
Well, the host either doesn't exist, does not support Telnet Packets or Connections, or is currently restricting proxy access or usage from your addy or all addresses.
I went further than you because I thought I knew what I was doing! I got this message saying my hacking attempt was logged! Am I going to go to jail!?!?!
Don’t worry, as long as its not with the extension .log or .hlog or .hacklog you're fine, as 95 percent of these messages are BS and lies.
IF THEY'RE LIES, how come they knew I was hacking them?
They don't. They simply search for incoming connections not recognized by the server. If the SysAdmins didn't modify the message, you would have gotten this:
"Error 229292: Data not recognized 8191: Distinct Remote Service Lost or Corrupt."
They just modified it. Breath in, breath out, relax.
My dad or mom found out I was hacking, and my dad's an expert on computers! He made it so I can't view anything on AOL. What the hell's going on! Give me a trick to evade this!
Sure thing. Connect to AOL, ping the site you're trying to view, and type in the IP address. You will get to the homepage, but this isn't that good a trick because you can't ping sub-addys and you're going to get text for the sub-urls. This might or might now work.
I was screwing around with my friends computer. I think I left my information somewhere, but where?
Usually, you have a critical system log. If you delete a system file (which unless you're 133t you'd NEVER EVER do) the computer's going to boot and give you a log of what happened before the deletion of the file so you know what went wrong. If you did happen to delete it, it will list something like "deletion from x.x.x.x. (your IP)". If it does, damn, you're busted. But there are ways of getting rid of this "hacker-knock out". First off, get a WAN-Controller, or any sort of program that lets you input screen or Hardware input by the output. This means you can control their computer with yours. But you can't boot this computer, because it will break the connection.
Access the log files usually in system or system32 (both system files located in C:/Windows or C:/). There, you will see encrypted sh1t. CTRL+A will select it all and delete it all. If you do delete this file, (after you do), try recovering the system file. WHATEVER YOU DO DON'T DO A SYSTEM RESTORE, YOU HAVE BEEN WARNED.
Some hacker has my IP and hacks it every time I log on. It's static, which means it doesn't change. How do I make him stop? I don't know what his IP is, either!
Go to start, run, "netstat -a". Hacking is almost equivalent to connecting, if he's hacking you your connected to him and he's connected to you. Netstat -a is a command that allows you to see all your connections to hosts and servers, associated with TCP/IP. If you see a hostname that you don't recognize, log it. In fact, click Print Screen, go to paint, CTRL+V, Crop the image of the DOS window for Netstat, and save it. That should be quite easy.