• Strona Główna
• 640 507_3rd
• jps.21896

[ Pobierz całość w formacie PDF ]

Trace complete.
Hey, we finally got all the way through to something we can be pretty certain is an AOL box, and it looks
like it's outside the firewall! But look at how the tracert took a different path this time, going through Atlanta
instead of St. Louis and Reston. But we are still looking at ans.net addresses with T3s, so this last
nameserver is using the same network as the others.
Now what can we do next to get luser@aol.com really wondering if you could actually break into his
account? We're going to do some port surfing on this last AOL domain name server! But to do this we need
to change our telnet settings a bit.
Click on Terminal, then Preferences. In the preferences box you need to check "Local echo." You must do
this, or else you won't be able to see everything that you get while port surfing. For some reason, some of
the messages a remote computer sends to you won't show up on your Win 95 telnet screen unless you
choose the local echo option. However, be warned, in some situations everything you type in will be
doubled. For example, if you type in "hello" the telnet screen may show you "heh lelllo o. This doesn't mean
you mistyped, it just means your typing is getting echoed back at various intervals.
Now click on Connect, then Remote System. Then enter the name of that last AOL domain server, dns-
aol.ans.net. Below it, for Port choose Daytime. It will send back to you the day of the week, date and time of
day in its time zone.
Aha! We now know that dns-aol.ans.net is exposed to the world, with at least one open port, heh, heh. It is
definitely a prospect for further port surfing. And now your friend is wondering, how did you get something
out of that computer?
******************************
Clueless newbie alert: If everyone who reads this telnets to the daytime port of this computer, the sysadmin
will say "Whoa, I'm under heavy attack by hackers!!! There must be some evil exploit for the daytime
service! I'm going to close this port pronto!" Then you'll all email me complaining the hack doesn't work.
Please, try this hack out on different computers and don't all beat up on AOL.
******************************
Now let's check out that Reston computer. I select Remote Host again and enter the name h12.t60-
0.Reston.t3.ans.net. I try some port surfing without success. This is a seriously locked down box! What do
we do next?
So first we remove that "local echo" feature, then we telnet back to whois.internic. We ask about this
ans.net outfit that offers links to AOL:
[vt100] InterNIC > whois ans.net
Connecting to the rs Database . . . . . .
Connected to the rs Database
ANS CO+RE Systems, Inc. (ANS-DOM)
100 Clearbrook Road
Elmsford, NY 10523
Domain Name: ANS.NET
Administrative Contact:
Hershman, Ittai (IH4) ittai@ANS.NET
(914) 789-5337
Technical Contact:
ANS Network Operations Center (ANS-NOC) noc@ans.net
1-800-456-6300
Zone Contact:
ANS Hostmaster (AH-ORG) hostmaster@ANS.NET
(800)456-6300 fax: (914)789-5310
Record last updated on 03-Jan-97.
Record created on 27-Sep-90.
Domain servers in listed order:
NS.ANS.NET 192.103.63.100
NIS.ANS.NET 147.225.1.2
Now if you wanted to be a really evil hacker you could call that 800 number and try to social engineer a
password out of somebody who works for this network. But that wouldn't be nice and there is nothing legal
you can do with ans.net passwords. So I'm not telling you how to social engineer those passwords.
Anyhow, you get the idea of how you can hack around gathering info that leads to the computer that
handles anyone's email.
So what else can you do with your on-line connection and Win 95?
Well... should I tell you about killer ping? It's a good way to lose your job and end up in jail. You do it from
your Windows DOS prompt. Find the gory details in the GTMHH Vol.2 Number 3, which is kept in one of
our archives listed at the end of this lesson. Fortunately most systems administrators have patched things
nowadays so that killer ping won't work. But just in case your ISP or LAN at work or school isn't protected,
don't test it without your sysadmin's approval!
Then there's ordinary ping, also done from DOS. It's sort of like tracert, but all it does is time how long a
message takes from one computer to another, without telling you anything about the computers between
yours and the one you ping.
Other TCP/IP commands hidden in DOS include:
· Arp IP-to-physical address translation tables
· Ftp File transfer protocol. This one is really lame. Don't use it. Get a shareware Ftp program from one of the
download sites listed below.
· Nbtstat Displays current network info -- super to use on your own ISP
· Netstat Similar to Nbstat
· Route Controls router tables -- router hacking is considered extra elite.
Since these are semi-secret commands, you can't get any details on how to use them from the DOS help
menu. But there are help files hidden away for these commands.
· For arp, nbtstat, ping and route, to get help just type in the command and hit enter.
· For netstat you have to give the command "netstat ?" to get help.
· Telnet has a help option on the tool bar.
I haven't been able to figure out a trick to get help for the ftp command.
Now suppose you are at the point where you want to do serious hacking that requires commands other than
these we just covered, but you don't want to use Unix. Shame on you! But, heck, even though I usually
have one or two Unix shell accounts plus Walnut Creek Slackware on my home computer, I still like to hack
from Windows. This is because I'm ornery. So you can be ornery, too.
So what is your next option for doing serious hacking from Windows?
How would you like to crack Win NT server passwords? Download the free Win 95 program NTLocksmith,
an add-on program to NTRecover that allows for the changing of passwords on systems where the
administrative password has been lost. It is reputed to work 100% of the time. Get both NTLocksmith and
NTRecover -- and lots more free hacker tools -- from http://www.ntinternals.com.
**********************************
You can go to jail warning: If you use NTRecover to break into someone else's system, you are just asking
to get busted.
********************************** [ Pobierz całość w formacie PDF ]