Cracking Share passwords
Sometimes when we use "net use k: \\ipaddress\sharename" we are asked for a password. There is a password cracker "PQWAK" . All you have to enter ip address and the share name and it will decrypt the password within seconds. Please note that this can crack only the passwords is the remote operating system is running on -
Windows 95
Windows 98
Windows Me
Using IPC$ to hack Windows NT,2000,XP
Now you must be thinking of something that can crack share passwords on NT based operating systems like Windows NT and Windows 2000.
IPC$ is there to help us. It is not at all a password cracker . It is simply a string that tells the remote operating system to give guest access that is give access without asking for password.
We hackers use IPC$ in this way
c:\windows>net use k: \\123.123.123.123\ipc$ "" /user:""
You may replace k letter by any other letter. If you replace it by "b" (type without quotes) a new drive will be created by a drive letter b.
Please note that you won't be able to get access to victim's shared drives but you you can gather valuable information like names of all the usernames, users that have never logged, and other such information. One such tool that uses the ipc$ method is "Internet Periscope". Another tool is "enum" - its my favorite tool however it is run on command promt.
Penetrating in to the victim's computer
Now that you have access to a remote computer you may be interested in viewing his secret emails, download hismp3 songs , and more...
But if you think like a hard core hacker you would like to play some dirty tricks like you may wish to install a key logger or install a back door entry Trojan like netbus and backorifice or delete or copy some files. All these tasks involves writing to victim's hard disk . For this you need to have write access permission.
Lets Hack - Part 2 Denial of service attack:
This type of attacks are meant to be launched by some computer techies because this type of attack involves using Linux Operating System and compiling C language files. To exploit these vulnerabilities you have to copy exploit code from sites like neworder,securityfocus etc and comiple them.
The two most common vulnerabilities found in NetBIOS are
NetBIOS NULL Name Vulnerability
Bugtraq ID: 1163
Class: Failure to Handle Exceptional Conditions
CVE:
Remote: Yes
Local: Yes
Published: May 02 2000 12:00AM
Updated: May 02 2000 12:00AM
-------------------------------------------------------------------------------
Share Level Password Bypass Vulnerability
Bugtraq ID: 1780
Class: Access Validation Error
CVE:
Remote: Yes
Local: Yes
Published: Oct 10 2000 12:00AM
Updated: Oct 10 2000 12:00AM
Credit: Discovered by the Nsfocus Security Team and publicized in a Microsoft Security Bulletin (MS00-072) on October 10, 2000.
Another vulnerability that has been foud recently is that one can launch a DoS attack against winodws NT,2000,XP,.NET system. For detailed information and pacth plz visit this link http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-045.asp.
I have checked my web servers that are still vulnerable to this type of attack.
If you know how to hack then you will be more secure
