Network Hacking Tips !!
Common Ways To Attack a Network
Ping
The IP address gives the attacker’s Internet address. The numerical address like 212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name. PING stands for “Packet Internet Groper” and is delivered with practically every Internet compatible system, including all current Windows versions. Make sure you are logged on to the net.
Open the DOS shell and enter the following PING command:
Ping –a 123.123.12.1
Ping will search the domain name and reveal it. You will often have information on the provider the attacker uses e.g.:
dialup21982.gateway123.provider.com
Pinging is normally the first step involved in hacking the target. Ping uses ICMP (Internet Control Messaging Protocol) to determine whether the target host is reachable or not. Ping sends out ICMP Echo packets to the target host, if the target host is alive it would respond back with ICMP Echo reply packets.
All the versions of Windows also contain the ping tool. To ping a remote host follow the procedure below.
Click Start and then click Run. Now type ping <ip address or hostname>
(For example: ping yahoo.com)
Ping
The IP address gives the attacker’s Internet address. The numerical address like 212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name. PING stands for “Packet Internet Groper” and is delivered with practically every Internet compatible system, including all current Windows versions. Make sure you are logged on to the net.
Open the DOS shell and enter the following PING command:
Ping –a 123.123.12.1
Ping will search the domain name and reveal it. You will often have information on the provider the attacker uses e.g.:
dialup21982.gateway123.provider.com
Pinging is normally the first step involved in hacking the target. Ping uses ICMP (Internet Control Messaging Protocol) to determine whether the target host is reachable or not. Ping sends out ICMP Echo packets to the target host, if the target host is alive it would respond back with ICMP Echo reply packets.
All the versions of Windows also contain the ping tool. To ping a remote host follow the procedure below.
Click Start and then click Run. Now type ping <ip address or hostname>
(For example: ping yahoo.com)
This means that the attacker logged on using
“provider.com”. Unfortunately, there are several IP addresses that
cannot be converted into domain names. For more parameter that could be used with the ping command, go to DOS prompt and type ping /?.
Ping Sweep
If you are undetermined about your target and just want a live system, ping sweep is the solution for you. Ping sweep also uses ICMP to scan for live systems in the specified range of IP addresses. Though Ping sweep is similar to ping but reduces the time involved in pinging a range of IP addresses. Nmap also contains an option to perform ping sweeps.
Tracert:
Tracert is another interesting tool available to find more interesting information about a remote host. Tracert also uses ICMP. Tracert helps you to find out some information about the systems involved in sending data (packets) from source to destination. To perform a tracert follow the procedure below.
Ping Sweep
If you are undetermined about your target and just want a live system, ping sweep is the solution for you. Ping sweep also uses ICMP to scan for live systems in the specified range of IP addresses. Though Ping sweep is similar to ping but reduces the time involved in pinging a range of IP addresses. Nmap also contains an option to perform ping sweeps.
Tracert:
Tracert is another interesting tool available to find more interesting information about a remote host. Tracert also uses ICMP. Tracert helps you to find out some information about the systems involved in sending data (packets) from source to destination. To perform a tracert follow the procedure below.
Tracer
connects to the computer whose IP has been entered and reveals all
stations starting from your Internet connection. Both the IP address as
well as the domain name (if available) is displayed. If PING cannot
reveal a name, Traceroute will possibly deliver the name of the last or
second last station to the attacker, which may enable conclusions
concerning the name of the provider used by the attacker and the region
from which the attacks are coming.
Go to DOS prompt and type tracert <destination address> (For example: tracert yahoo.com). But there are some tools available like Visual Traceroute which help you even to find the geographical location of the routers involved.
http://www.visualware.com/visualroute
Go to DOS prompt and type tracert <destination address> (For example: tracert yahoo.com). But there are some tools available like Visual Traceroute which help you even to find the geographical location of the routers involved.
http://www.visualware.com/visualroute
Port Scanning:-
After you have determined that your target system is alive the next important step would be to perform a port scan on the target system. There are a wide range of port scanners available for free. But many of them uses outdated techniques for port scanning which could be easily recognized by the network administrator. Personally I like to use Nmap (http://www.insecure.org) which has a wide range of options. You can download the NmapWin and its source code from:
http://www.sourceforge.net/projects/nmapwin
Apart from port scanning Nmap is capable of identifying the Operating system being used, Version numbers of various services running, firewalls being used and a lot more.
Common ports:
Below is a list of some common ports and the respective services running on the ports.
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH
23 Telnet
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Configuration Protocol)
79 Finger
80 HTTP
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
Besides the above ports they are even some ports known as Trojan ports used by Trojans that allow remote access to that system.
Vulnerability Scanning:
Every operating system or the services will have some vulnerabilities due to the programming errors. These vulnerabilities are crucial for a successful hack. Bugtraq is an excellent mailing list discussing the vulnerabilities in the various system. The exploit code writers write exploit codes to exploit these vulnerabilities existing in a system. There are a number of vulnerability scanners available to scan the host for known vulnerabilities. These vulnerability scanners are very important for a network administrator to audit the network security.
Some of such vulnerability scanners include Shadow Security Scanner,Stealth HTTP Scanner, Nessus, etc. Visit http://www.securityfocus.com vulnerabilities and exploit codes of various operating systems. Packet storm security (http://www.packetstormsecurity.com) is also a nice pick.
Sniffing
Data is transmitted over the network in the form of datagrams (packets).These packets contain all the information including the login names,passwords, etc. Ethernet is the most widely used forms of networking computers. In such networks the data packets are sent to all the systems over the network. The packet header contains the destination address for the packet. The host receiving the data packets checks the destination address for the received packet. If the destination address for the packet matches with the hosts IP address the datagram will be accepted else it will be discarded.
Packet sniffers accept all the packets arrived at the host regardless of its destination IP address. So installing packet sniffer on a system in Ethernet we can monitor all the data packets moving across the network. The data may even include the login names and passwords of the users on the network. Not only that sniffing can also reveal some valuable information about the version numbers of the services running on the host, operating system being used, etc.
**NetworkActiv Sniffer is freeware tool available for download.
The following is the data contained in a packet, captured over my network.
(For security reasons I’ve edited the address).
HTTP/1.1 301 Moved Permanently
Content-Length: 150
Content-Type: text/html
Location: http://XXX.XXX.XXX.XXX/new/
Server: Microsoft-IIS/6.0
Date: Wed, 12 Mar 200X 08:17:56 GMT
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a
HREF="http://XXX.XXX.XXX.XXX/new/">here</a></body>
From this we can understand that the source system for the packet has a
Microsoft Operating System installed and is running IIS 6.0 (the
operating system might possibly be Windows 2003 Server as it has IIS
6.0 running).
Social Engineering
This has become one of the hottest topics today and it seems to work out most of the times. Social Engineering doesn’t deal with the network security issues, vulnerabilities, exploits, etc. It just deals withsimple
psychological tricks that help to get the information we want. This really works!! But it requires a lot of patience. We are all talking about network security and fixing the vulnerabilities in networks. But what happens if some internal person of a network accidentally gives out the passwords. After all we are all humans; we are also vulnerable and can be easily exploited and compromised than the computers.
Social Engineering attacks have become most common during the chat sessions. With the increase in use of Instant Messengers, any anonymous person may have a chat with another any where in the world. The most crucial part of this attack is to win the trust of the victim.
It may take a long time (may be in minutes, hours, days or months) for this to happen. But after you are being trusted by the victim he will say you every thing about him. Most of the times his person information will be useful to crack his web accounts like e-mail ids, etc. Even some people are so vulnerable to this attack that they even give their credit card numbers to the strangers (social engineers). Some social engineers stepped one more forward and they send some keyloggers or Trojans to the victims claimed to be as screensavers or pics. These keyloggers when executed gets installed and send back information to the attacker. So be careful with such attacks.
After you have determined that your target system is alive the next important step would be to perform a port scan on the target system. There are a wide range of port scanners available for free. But many of them uses outdated techniques for port scanning which could be easily recognized by the network administrator. Personally I like to use Nmap (http://www.insecure.org) which has a wide range of options. You can download the NmapWin and its source code from:
http://www.sourceforge.net/projects/nmapwin
Apart from port scanning Nmap is capable of identifying the Operating system being used, Version numbers of various services running, firewalls being used and a lot more.
Common ports:
Below is a list of some common ports and the respective services running on the ports.
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH
23 Telnet
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Configuration Protocol)
79 Finger
80 HTTP
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
Besides the above ports they are even some ports known as Trojan ports used by Trojans that allow remote access to that system.
Vulnerability Scanning:
Every operating system or the services will have some vulnerabilities due to the programming errors. These vulnerabilities are crucial for a successful hack. Bugtraq is an excellent mailing list discussing the vulnerabilities in the various system. The exploit code writers write exploit codes to exploit these vulnerabilities existing in a system. There are a number of vulnerability scanners available to scan the host for known vulnerabilities. These vulnerability scanners are very important for a network administrator to audit the network security.
Some of such vulnerability scanners include Shadow Security Scanner,Stealth HTTP Scanner, Nessus, etc. Visit http://www.securityfocus.com vulnerabilities and exploit codes of various operating systems. Packet storm security (http://www.packetstormsecurity.com) is also a nice pick.
Sniffing
Data is transmitted over the network in the form of datagrams (packets).These packets contain all the information including the login names,passwords, etc. Ethernet is the most widely used forms of networking computers. In such networks the data packets are sent to all the systems over the network. The packet header contains the destination address for the packet. The host receiving the data packets checks the destination address for the received packet. If the destination address for the packet matches with the hosts IP address the datagram will be accepted else it will be discarded.
Packet sniffers accept all the packets arrived at the host regardless of its destination IP address. So installing packet sniffer on a system in Ethernet we can monitor all the data packets moving across the network. The data may even include the login names and passwords of the users on the network. Not only that sniffing can also reveal some valuable information about the version numbers of the services running on the host, operating system being used, etc.
**NetworkActiv Sniffer is freeware tool available for download.
The following is the data contained in a packet, captured over my network.
(For security reasons I’ve edited the address).
HTTP/1.1 301 Moved Permanently
Content-Length: 150
Content-Type: text/html
Location: http://XXX.XXX.XXX.XXX/new/
Server: Microsoft-IIS/6.0
Date: Wed, 12 Mar 200X 08:17:56 GMT
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a
HREF="http://XXX.XXX.XXX.XXX/new/">here</a></body>
From this we can understand that the source system for the packet has a
Microsoft Operating System installed and is running IIS 6.0 (the
operating system might possibly be Windows 2003 Server as it has IIS
6.0 running).
Social Engineering
This has become one of the hottest topics today and it seems to work out most of the times. Social Engineering doesn’t deal with the network security issues, vulnerabilities, exploits, etc. It just deals withsimple
psychological tricks that help to get the information we want. This really works!! But it requires a lot of patience. We are all talking about network security and fixing the vulnerabilities in networks. But what happens if some internal person of a network accidentally gives out the passwords. After all we are all humans; we are also vulnerable and can be easily exploited and compromised than the computers.
Social Engineering attacks have become most common during the chat sessions. With the increase in use of Instant Messengers, any anonymous person may have a chat with another any where in the world. The most crucial part of this attack is to win the trust of the victim.
It may take a long time (may be in minutes, hours, days or months) for this to happen. But after you are being trusted by the victim he will say you every thing about him. Most of the times his person information will be useful to crack his web accounts like e-mail ids, etc. Even some people are so vulnerable to this attack that they even give their credit card numbers to the strangers (social engineers). Some social engineers stepped one more forward and they send some keyloggers or Trojans to the victims claimed to be as screensavers or pics. These keyloggers when executed gets installed and send back information to the attacker. So be careful with such attacks.
0 comments:
Post a Comment