Microsoft DOS comes with some hidden hacking tool which I will discuss here. This tool can be found in the directory c: \ windows if you are using win98 and winxp then if you use this tool located in C: \ winxp \ system32. WinXP, Win2000 and WinNT released with some additional internet tools. So if you are still using win98 then I suggest replacing it with WinXP. Which of course has the additional features and commands securiti good internet hacking. In this manual I will discuss about some of the commands found in Win98 and WinXP
So for the user window, the following commands at the DOS hacking.
1. ping
2. tracert
3. telnet
4. ftp
5. netstat
OK, here's his statement.
1. ping
Utiliy is used to locate remote host. Yan gmengirmkan a SYN signal to the remote host if the remote host and reply it means there is a remote machine. Try you type this command:
C:\windows>ping/?
Try Tip: typing '/?' after the show dos command helpnya. So how do you learn various dos command. Does not WinXP, WinNT and Win2000 also have the command 'help' to display all the dos command.
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] destination-list
Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
So I am able to ping any ip address or domain name to check for its presence on the internet. For example I type "ping localhost" then I get.
Pinging chintan [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Try Tip: 'localhost' is 127.0.0.1 and the ip is the ip address of our own. Also known as the loopback ip. But when you connect to the internet you will be given a new ip by your provider as your self-identification. You can find out the ip address by typing "winipcfg" in the Start menu-Run for Win98 users, while others just type in "ipconfig" at the command prompt.This suggests to me that 32 bytes of data sent to 127.0.0.1 and reply back in less than 10ms. TTL is the Time To Live and values range from 0 to 255 (default 128). Now let's see what happens if I type "ping http://www.yahoo.com"
Pinging http://www.yahoo.akadns.net [66.218.71.87] with 32 bytes of data:
Reply from 66.218.71.87: bytes=32 time=3448ms TTL=54
Reply from 66.218.71.87: bytes=32 time=2276ms TTL=54
Reply from 66.218.71.87: bytes=32 time=1799ms TTL=54
Reply from 66.218.71.87: bytes=32 time=2850ms TTL=54
Ping statistics for 66.218.71.87:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1799ms, Maximum = 3448ms, Average = 2593ms
But how the ping was used by the hackers? Well, there are two options '|' and '-t' deadly. - | Is used to specify the size of the buffer is sent (default is 32 bytes) what if I type "ping - | 65 600 target.com" then this will bring death data packets to target.com 65,600 higher than the capacity of the TCP / IP 65535. This action causes target.com become hangs and must be restarted.
And if I type "ping-t target.com" this will continue sending 32 bytes of data to target.com to spend resources and cause hangs. Two types of attacks on known as ping Dos attack for the attacker.
Try the tips: 'Dos' the latter is a denial of service which was launched by hackers to stop service on remote machine.
2. Tracert
Tracert command to trace to a remote machine. Before we reach the remote machine requests through different routers in between. Tracert tool (known as the 'traceroute' on unix) was originally designed to look for a router which is having problems. The command show ip address router through which we request before it reaches the remote maching. For example, if I type "tracert http://www.yahoo.com" at the dos prompt it will be there:
Tracing route to http://www.yahoo.akadns.net [66.218.71.87]
over a maximum of 30 hops:
1 * 2296 ms 2025 ms dialpool-210-214-55-11.maa.sify.net [210.214.55.11]
2 2446 ms 2025 ms 2301 ms dialpool-210-214-55-2.maa.sify.net [210.214.55.2]
3 1899 ms 2066 ms 2450 ms lan-202-144-32-177.maa.sify.net [202.144.32.177]
4 * 2885 ms 2749 ms lan-202-144-83-4.maa.sify.net [202.144.83.4]
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * 3408 ms * http://www.yahoo.akadns.net [66.218.71.87]
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 482 ms 698 ms 624 ms w8.scd.yahoo.com [66.218.71.87]
dede23
27-07-2006, 01:04 PM
Trace complete.The first line tells us where the track ip, and then the number of hops. The number of hops depends on the number of servers that exist between them. After starting the tracing. My first request through sify.net (name of my ISP's server) and then through a different server and finally reach w8.scd.yahoo.com. So we can see how long the procedure. Whenever you go to http://www.yahoo.com in your web browser, your request is always through the isp first (to get the ip from http://www.yahoo.com from a list of domain names) and then the other servers in the pathway and the last on yahoo.
So how tracert is used by the hackers. This command is used to find the firewall and disable it. Tracer used in conjunction with nmap can know exactly where ip firewall installed, then the hacker will disarm him. For the above example we see that the process of tracing stopped at w8.scd.yahoo.com. But this is not the real goal. That's because stopped by the firewall. Regarding the firewall issue will be discussed in a separate article.
3. Telnet
If you are using windows then 'telnet' is the greatest of hacking tools for you. Actually is a terminal that can access the remote machine and use the service. Via telnet you can specify a connection between your machine and remote machine via a specific port. Before performing remote connection we must ensure we are on the target is really connected by pinging the ip address of the target or targets. Cone which I take is using the ip and open ports.
C:\Documents and Settings\Administrator>ping 192.168.16.8
Pinging 192.168.16.8 with 32 bytes of data:
Request timed out.
Reply from 192.168.16.8: bytes=32 time<1ms TTL=128
Reply from 192.168.16.8: bytes=32 time<1ms TTL=128
Request timed out.
Ping statistics for 192.168.16.8:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Once completely new is we do connect remotely using telnet in a way
C:\Documents and Settings\Administrator>telnet 192.168.16.8
Welcome to Microsoft Telnet Client
Escape Character is ‘CTRL+]’
You are about to send your password information to a remote computer in Internet
zone. This might not be safe. Do you want to send anyway(y/n): n (n inputs, then enter)
Welcome to Microsoft Telnet Service
login: admin (User input that has been given permission to do telnet and password)
password:******
after we managed to get into it a hacker is free to do inginndi activities.Try the tips: here And I'm also talking about the virtual port. Not physically that you see behind your CPU. Just as the physical port used to connect to the hardware and the same way virtual port used to connect to the software. TCP / IP has a 65.535 virtual port.
If you mengentik "telnet target.com" then you are connected to target.com the prot no. 23 (telnet port service running). You can also connect to some other port by typing the port number after target.com. for example if I want to connect to port no. 25 (SMTP service) then I would be typing "telnet target.com 25".
Try the tips: Each port is running a particular service. To get a list of services that run on a specific port open "C: \ windows \ services" on a notepad.
Moment you connect to a remote machine on a particular port, a popup window with a telnet daemon that runs the port is waiting for you to type commands. For example "telnet http://www.cyberspace.org" as shown below then this is what I get.
I have to login there and type a password and I get a linux shell prompt. Well if you type the newuser there to get a loginid and Password. And it's my account after setting up the command to execute remotely.
Well, http://www.cyberspace.org have a Linux server. So if you are not familiar with Linux you will not be able to use the service.
4. FTP
FTP is File Transfer Protocol. Through this you can download or upload files. And what the hackers want from this? Right! Stay typing "ftp target.com" and the daemon banner will be displayed. But here, with the purpose of displaying the file transfer you must first login. Some websites allow the naonymous login. For example typing in the login "anonymous" and your email-address as a password. Of course you have to type in a fake email. Now you can begin downloading and uploading files. But for that you the existence of a command. At the FTP prompt you can type "?". Then it will be shown as follows:! delete literal prompt send
? debug ls put status
append dir mdelete pwd trace
ascii disconnect mdir quit type
bell get mget quote user
binary globe mkdir recv verbose
bye hash mls remotehelp
cd help mput rename
close lcd open rmdir
To mendaptkan help on various commands delete command for example, typing "? Delete ". A few other important commands are:
1. 'pwd' to know the present directory at the remote machine.
for example. ftp> pwd
/ etc / home
2. 'lcd' to change the local directory.
for example. ftp> lcd c: \ windows
Local directory now C: \ windows
for example. ftp> lcd c: \ windows
Local directory now C: \ windows
3. 'cd' to change the remote directory.
for example. ftp> cd / etc
now the remote directory / etc
for example. ftp> cd / etc
now the remote directory / etc
4. 'mput' to send multiple files to a remote machine.
for example. ftp> mput *.*
sends all files from C: \ windows to / etc
for example. ftp> mput *.*
sends all files from C: \ windows to / etc
5. 'mget' to get multiple files from a remote machine.
for example. ftp> mget *.*
gets all files from / etc to C: \ windows
for example. ftp> mget *.*
gets all files from / etc to C: \ windows
6. 'open' to Establish a connection with the remote host.
for example. ftp> open http://www.target.com
for example. ftp> open http://www.target.com
7. 'bye' closes the connection and quits from the ftp
For other commands from the ftp please refer to help them.
Now on the FTP port (prot 21) is open http://www.nosecurity.com. A hacker will connect to the site using "ftp http://www.nosecurity.com" at the dos prompt. Then he will try to login anonymously. Assuming that http://www.nosecurity.com using linux server, then the hacker will be mengtikkan command "get / etc / apsswd" to mendaptkan and to crack the password file. If you are a hacker, then do not forget to delete the log.
5. netstat
You can specify a connection to the remote machine on a particular port, only when the port is opened on the remote machine. For example, if you want to specify a connection with http://www.target.com on port 23 (telnet) then the port should be open at http://www.target.com. And all hacking activities generally use an open port. Typing "netstat /?" At the dos prompt gives:
Displays protocol statistics and current TCP/IP network connections.
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP,UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
Options will explain their respective functions. And most importantly the option-a and-n.
-a option displays all open ports on the machine. And if I use the-n option it will show the ip address instead of the domain. I get the following if I type "netstat-a" at the command prompt.
Active Connections
Proto Local Address Foreign Address State
TCP chintan:1027 0.0.0.0:0 LISTENING
TCP chintan:80 0.0.0.0:0 LISTENING
TCP chintan:135 0.0.0.0:0 LISTENING
TCP chintan:6435 0.0.0.0:0 LISTENING
TCP chintan:1025 0.0.0.0:0 LISTENING
TCP chintan:1026 0.0.0.0:0 LISTENING
TCP chintan:1028 0.0.0.0:0 LISTENING
TCP chintan:1309 0.0.0.0:0 LISTENING
TCP chintan:1310 0.0.0.0:0 LISTENING
TCP chintan:1285 rumcajs.box.sk:80 ESTABLISHED
TCP chintan:1296 l an-202-144-78-3.maa.sify.net:80 CLOSE_WAIT
TCP chintan:1297 lan-202-144-65-14.sify.net:80 ESTABLISHED
TCP chintan:1310 cdn-v13.websys.aol.com:80 ESTABLISHED
TCP chintan:1220 aiedownload.cps.intel.com:ftp ESTABLISHED
"Proto" states the name of the protocol, "localaddress" gives us ipaddress and the ports are open. "Foreign Address" specifies the ipaddress with Namor ports are connected to us. "State" declared a statement at this time if a connection is "established" or listening or just "waiting".
For example if I open http://www.yahoo.com then when I run "netstat-a" I'll get input like this:
"TCP 203.43.50.81:2034 http://www.yahoo.com:80 ESTABLISHED"
My computer with ip 203.43.50.81 port 2034 connected with yahoo on port 80
Try the tips: This way you can get the ip chat with someone there. The first time you run "netstat-an" and look under foreign ip address. Now start a private chat with other people. Also run "netstat-an" and you'll get one eventually lagin foreign ip. This is the ip person
