Site Links

Sunday, 28 September 2014

Hack a Computer Remotely


        Hack Into A Computer Remotely | NetBIOS Command



Hacking computers remotely


In this post I will show you how to hack into computers connected into LAN using NETBIOS.
NetBIOS is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol. In modern networks, NetBIOS normally runs over TCP/IP via the NetBIOS over TCP/IP (NBT) protocol. It is a way for LAN or WAN to share folders, files, drives and printers.

Netbios is one of the easiest way to hack into remote computers. In this tutorial we are going to use a windows based operating system like windows XP, Vista, 7 or 8. 
So without wasting any more time let's start with the tutorial. Follow the steps......

PROCEDURE :



So first we need to find computer connected in our LAN. In this tutorial we are going to exploit those systems which have shared folders or drives in a network.
To find our target we will use a small but very useful program "NETCUT". You may have heard of it even used it. Run "NETCUT" as Administrator or else it may not work as we wanted.
how to hack a computer remotely
This has a built in sniffer which sniffs the ip address of all the machines which are connected in the LAN. See in above pictures.
Select your target from the result that you see in your NETCUT screen. Now as you have selected your target follow the steps below.
Step 1 : 
Open command prompt in your windows system. Click on start menu and go to run, type in cmd and click ok. this will bring up the command prompt.
Step 2 :
In the command prompt type in " ping (ip address of the target)" and hit enter. This we are doing to check whether we are connected to our target or not.
For example : ping 192.168.2.26

This will tell us whether our target is online or not. If you get response as above i.e  you get a reply from the target, it means the target is online. If you don't get a response from the target means the target is not live. If the target is not online then we cannot proceed. So either you select new target or wait for the target to come online.


Step 3 :
Now in the command type : nbtstat -a (target's ip address). Hit enter and observe the command window response. This command will show whether file sharing is enabled on the target system. If the file sharing is enabled it will show us the currently logged user, workgroup and the computer name. See the image below.



In  the above window in the first row after the name column you can see <20>. It means that the file sharing is enabled on Shree420. If there is no <20> that means file sharing is not enabled and we have to choose another target.


Step 4 :

Now after the above step we know that our target is online and also file sharing is enabled on the target system and is ready to be exploited. So it's time to break in. We have to now locate shared files and folders on the target. For this type in the below command in command prompt and hit enter.

"net view \\ (target's ip address)"
  
For example :  net view \\ 192.168.2.26



Now as you can see in the above terminal you can see "Users" is shared  and under the type its shows "Disk". this means we can access his disk and all the data. So all's that is left to do is "map" map the shared drive onto our computer. To do this we will make a drive on our computer and all the content  of the target's computer can be accessed through our network drive.


Step 5 :

Now the final step type in the terminal command type the following and hit enter key.

"net use K: \\ (target's ip address)\(shared drive or folder's name from previous step)

for example : net use K: \\192.168.2.26\Users




In the above command you can see I used letter "K" but it is not mandatory to use K. You can use any letter until it has been used to denote some drive or network devices on your system.
Now to see the contents of the target system open "My Computer" and there you will see the drive that you have recently mapped on you system. 
See the image below :



So now we have successfully completed our hack using NETBIOS command in windows. This hack works on all version of windows. I performed this on Windows 8.1 and it works perfectly. Also don't worry about getting caught because the target will not be aware of any kind of activity on his/her system. 

Note : If you will disconnect from the internet the files in the mapped drive will not be accessible any more. So don't forget to save the files onto your hard drive some safe place.

If you want to be safeguard yourself from this attack please try not to share anything on a public network. If it is necessary to use the sharing feature then after the share is completed turn off the sharing.

Keep visiting for more cool hacking tutorial and avoid yourself getting hacked. If you have any questions or doubts please comment below.

Also  please do remember to like us on  FACEBOOK. Thank You










Read More

Friday, 26 September 2014

Using IP Ping Test For Successful Pentesting

                 Using IP Ping Test Effectively | IP Ping

 

 

ip ping test



Ip Ping is a computer network administrator utility used to test the reliability of a host on an Internet protocol (IP) network and to measure the round-trip time for the messages sent from originating host to destination computer or server.

As a professional Pentester we need to check the reachibility of a computer in the network. Ping is one of the utility that will allow you to test and collect important information like IP Address, maximum packet frame size about the victim computer to help in successful Penetration testing. 

This post will provide insight into the ping command and show how to collect useful information using ping command. In this tutorial we are going to use a windows based operating system like windows 7, windows 8 or windows server 2012.

The ping command sends Internet Control Message Protocol (ICMP) echo request packets to the target host and waits tor an ICMP response. During tins request response process, ping measures the time from transmission to reception, known as die round-trip time, and records any loss of packets.

On your windows system start the command prompt as administrator. In windows 8,  press the windows key on you keyboard and go to apps. There find the command prompt icon and right click on it and run as administrator.

In the command prompt type : ping www.site.com and press enter to find the ip address of the site. The result will look something like this.

ping ip address

You also get information on Ping Statistics, such as packets sent,packets received, packets lost, and Approximate round-trip time.


Now, find out the maximum frame size on the network. In the command prompt type

 

ping www.certifiedhacker.com - f - l 1500 

 

 

The display Packet needs to be fragmented but DF set means that the frame is too large to be on the network and needs to be fragmented.

Since we used -f switch with the ping command, the packet was not sent, and the ping command returned this error. Type
  
ping www.certifiedhacker.com  -f  -l  1400

 

 

You can see that the maximum packet size is less than 1500 bytes and more than 1400 bytes.

So by changing the values in this command and observing the response we can find out the maximum packet size allowed.

Now, find out what happens when TTL (Time to Live) expires. Every frame on the network has TTL defined. If TTL reaches 0, the router discards the packet. This mechanism prevents the loss of packets.
In the command prompt, type 

ping www.certifiedhacker.com -i 1 -n 1



(Use -n 1 in order to produce only one answer, instead of receiving four answers on Windows or pinging forever on Linux.)

We have received the answer from the same IP address in two different steps. This one identifies the packet filter. Some packet filters do not decrement TTL and are therefore invisible.

Repeat the above step until you reach the IP address for your site i.e increase the value after -i by 1 and observe the response. 
The ip address of the site will be when you get answer from same ip address in one step.

Read More

Saturday, 9 August 2014

Kali Linux Password Error

                                        Kali Linux Login Error Solution




Recently installed Latest version of kali linux... Great.....!!!
But what if you are not able to login into your newly installed system.....??? Or if you recently changed your login password but on reboot the system doesnt recognize your password and gives login error....??? or maybe you forgot your login credentials.....

No need to panic or reinstall it again. Here is a solution for your problem. Follow the instruction below and you can get back your system as you wanted it to be. This is a fullproof solution for this kind of problems. Also this same method works for the Backtrack OS. Can't say whether it's a loophole by the Developers or it has been done intentionally. Anyways lets see the method and get back to our system.....

INSTRUCTIONS : 

Step 1 : 
First boot your kali linux and wait  untill the Grub comes to display. Now as you see the grub, simply scroll down to recovery mode using the keyboard arrow keys. Once you have highlighted the (Recovery Mode) then press E.


Step 2 : 
Once you have pressed the E you will see the screen as shown in the image below. 



Here you have to change some words and need to add some sentence as shown in image. After changing it will be like this as in image below...

  
After changing and adding just press F10 or CTRL+X. This will reboot your system.


Step 3 :  
After pressing F10 it will be reboot and you will see this screen, Here you have to type a command passwd root and hit enter. See the image below.



Step 4 :
Then type your new root password, hit enter and again retype your root password and hit enter after that you will see a massage password update successfully.



Step 5 : 
Now power off your laptop/PC power button and switch on it again and login with your new password. Remember that Username is "root" as we have just updated our password.
Congratulations you have successfully updated your password and ready to rock. Enjoy. 
Keep visiting for more updates. Like us and comment.










Read More

Saturday, 2 August 2014

DoS (Denial of Service )



                                               DENIAL OF SERVICE





Before we start, I just want to publish that this is for education purpose only. DOS attack on a website can make you spend more than 10 years in prison and can cost you a huge amount of money, probably in millions.


So lets start.

Denial of Service (DOS) is used to make a machine or network temporarily unavailable to its intended users. In technical terms, DoS is simply sending large packets of data or null packets to the server /network within a short interval of time (sec.). For example, if you keep sending 1gb of data per sec. (for a some amount of time like 30 mins.) over the network, it will cause the network to overload because of the packets it is receiving in a very small time. This will end up making the website or network to be suspended.

However, you cannot DOS a website with a single computer. Only very small websites may be vulnerable to this. But for taking down a good website requires very large number of computers attacking the website at the same time (DDos).


These type of attacks are very serious and can cause a huge damage to the website or the network. Imagine if a DOS attack is performed on a bank’s website, this could lead to temporarily suspension of the website and thus causing a huge amount of loss to the bank.

In this tutorial I will be teaching you an old yet famous method of DOSing a website,  “ping of death”.  This method floods the OS with overlapping TCP/IP fragments and ultimately causing the OS to crash and resource starvation.  You just need a cmd for this attack. So here you go:

First, open command prompt.
Now, we need to know the IP address of our target website. This can be done by typing

ð  ping www.ourtargetwebiste.com

This will give us the target website’s IP address.

Now, for DOSing the target,  

ð  ping –l 65510 192.168.1.5

Here, 192.168.1.5 is the target website’s IP address. Leave the system for some time to complete the attack.

You can also do this by typing, 
ð  ping –t 0.01 –l 65000

-t is the time (sec.) used to repeat the ping recursively and –l is the packet size. So, Vary these digits in order to make your attack more efficient according to the website. The more the –l and less the –t, the higher will be the attack intensity.


Like I said earlier, this attack cannot be used to turn down a good website. You will need many computer bots to attack such websites. 
There are other tools for DOS attack namely HOIC , LOIC, Slowloris and use of some special Trojans.

If you need any help or you have any suggestion, feel free to contact me.

Hacking is not a crime. Its an art. Use it for good. Don't misuse it. Happy Hacking....!!!  




                                                           Article  By : Varun Sharma






Read More
© 2020 ETHICAL HACKING. Designed by Vijay Patel
Powered by Blogger.