TechiWarehouse.Com


Top 3 Products & Services

1.
2.
3.

Dated: Aug. 13, 2004

Related Categories

Network Security

Disclaimer

The authors of this manual will like to express our concerns about the issue of the information contained in this manual. By purchasing this manual you agree to the following stipulations. Any actions and or activities related to the material contained within this manual are solely your responsibility.

The misuse of the information in this manual can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this manual to break the law.

Note: This manual was created for Information purposes only.

 

Introduction

The internet is ever growing and you and I are truly pebbles in a vast ocean of information. They say what you don't know can't hurt you. When it comes to the Internet believe quite the opposite. On the Internet there a millions and millions of computer users logging on and off on a daily basis.

Information is transferred from one point to another in a heartbeat. Amongst those millions upon millions of users, there are people like you. As humble a user you may be of the Internet, you are pitted against the sharks of the information super highway daily. Problem with that is the stealth by which it happens. Currently about 30-40% of all users are aware of the happenings on their computer. The others simply either don't care or don't have the proper "know how" to recognize if their system is under attack and or being used.

You're reading this tutorial because you are concerned about your privacy on the Internet. As well you should be. On the Internet nothing is quite what it appears to be. The uninformed will get hurt in many ways.

Note: This tutorial is made to help users of Win98 and WinXP both so we will supply examples for both. So keep your eyes open to not make any mistakes.

System Intrusion In 15 Seconds

System intrusion in 15 seconds, that's right it can be done. If you possess certain security flaws your system can be broken into in less than 15 seconds.

To begin this tutorial I'd like you to do the following. Connect to the Internet using your dial up account if you are on dial up. If you are on dedicated service like High Speed connections (i.e., Cable and DSL) then just proceed with the steps below.

In Windows 98
Click Start
Go to Run
Click Run (It's a step by step tutorial) :-)
Type Winipcfg
Hit the Enter Key

In Windows XP
Click Start
Go to Run
Click Run (It's a step by step tutorial) :-)
Type cmd
Hit the Enter Key

In Windows 98
This should bring up a window that looks like the following:

Winipcfg

What you should see under IP address is a number that looks something like this.

192.168.1.151 (Your number may be different.)

In Windows XP
This should bring up a window that looks like the following:

cmd command

Now to see your IP address you must type in: ipconfig

In Windows 98
If you use Dial Up Internet Access then you will find your IP address under PPP adapter. If you have dedicated access you will find your IP address under another adapter name like (PCI Busmaster, SMC Adapter, etc.) You can see a list by clicking on the down arrow.

Getting IP Info From Winipcfg

In Windows XP

At this point it won't matter much.

In Windows 98

Once you have the IP address write it down, then close that window by clicking (OK) and do the following.

Click Start
Go to Run (Click on Run)
Type command then Click OK

At this point you should see a screen that looks like this:

DOS Command Prompt Screen

In Windows XP
We've already covered getting to the DOS Prompt.

In Windows 98 and Windows XP
From here on, users of both OS will start to work very similarly.

Type the following at the Dos Prompt:

Nbtstat -A IP address

For example: Nbtstat -A 192.168.1.151

(Please note that you must type the A in capitol letters.)

This will give you a read out that looks like this:

NetBIOS Remote Machine Name Table
Name Type Status

J-1                            <00> UNIQUE Registered
WORK                    <00> GROUP Registered
J-1                            <03> UNIQUE Registered
J-1                            <20> GROUP Registered
WORK                    <1E> UNIQUE Registered
WORK                    <1D> UNIQUE Registered
__MSBROWSE__.<01> GROUP Registered

(Again info has been omitted due to privacy reasons)

The numbers in the <> are hex code values. What we are interested in is the "Hex Code" number of <20>. If you do not see a hex code of <20> in the list that's a good thing. If you do have a hex code <20> then you may have cause for concern. Now you're probably confused about this so I'll explain.

A hex code of <20> means you have file and printer sharing turned on. This is how a "hacker" would check to see if you have "file and printer sharing" turned on. If he/she becomes aware of the fact that you do have "file and printer sharing" turned on then they would proceed to attempt to gain access to your system.

(Note: To exit out of the DOS prompt Window, Type Exit and hit Enter)

I'll show you now how that information can be used to gain access to your system.

A potential hacker would do a scan on a range of IP address for systems with "File and Printer Sharing" turned on. Once they have encountered a system with sharing turned on the next step would be to find out what is being shared.

This is how:

Net view \\

Our potential hacker would then get a response that looks something like this.

Shared resources at \\ip_address

Sharename Type Comment

My Documents Disk  
TEMP Disk  

The command completed successfully.

This shows the hacker that his potential victim has their My Documents Folder shared and their Temp directory shared. For the hacker to then get access to those folders his next command will be.

Net use \\insert IP address here\temp

If all goes well for the hacker, he/she will then get a response of (The command was completed successfully.)

At this point the hacker now has access to the TEMP directory of his victim.

Q. The approximate time it takes for the average hacker to do this attack?

R. 15 seconds or less.

Not a lot of time to gain access to your machine is it? How many of you had "File and Printer Sharing" turned on?

Ladies and Gentlemen: This is called a NetBIOS attack. If you are running a home network then the chances are you have file and printer sharing turned on. This may not be the case for all of you but I'm sure there are quite a number of you who probably do. If you are sharing resources please password protect the directories.

Any shared directory you have on your system within your network will have a hand holding the folder. This hand icon looks like this in Windows 98:
Shared Folder Icon
and this in Windows XP:
Shared Folder Icon

You can check to find which folders are shared through Windows Explorer.

Click On Start
Scroll Up to Programs

At this point you will see a listing of all the different programs on your system Find Windows Explorer and look for any folders that look like the above picture.

Once you have found those folders password protect them. Don't worry I'll show you how to accomplish this later on in a visual step by step instruction format.

NetBIOS is one of the older forms of system attacks that occur. It is usually overlooked because most systems are protected against it. Recently there has been an increase of NetBIOS Attacks.

Further on in this series of tutorials we shall cover some prevention methods. For now I wish only to show you the potential security flaws.

Now that you've gotten free know-how on this topic, try to grow your skills even faster with online video training. Then finally, put these skills to the test and make a name for yourself by offering these skills to others by becoming a freelancer. There are literally 2000+ new projects that are posted every single freakin' day, no lie!


Previous Article

Next Article


jk's Comment
A+ Questions
17 Mon Jan 2011
Admin's Reply:

Huh?