- NetBIOS
- ICMP Ping
- FTP
- rpc.statd
- HTTP
NetBIOS
NetBIOS hacks are the worst kind, since they don’t require you to have any hidden backdoor program running on your computer. This kind of hack exploits a bug in Windows 9x. NetBIOS is meant to be used on local area networks, so machines on that network can share information. Unfortunately, the bug is that NetBIOS can also be used across the Internet - so a hacker can access your machine remotely.
ICMP ‘Ping’ (Internet Control Message Protocol)
ICMP is one of the main protocols that make the Internet work. It standards for Internet Control Message Protocol. ‘Ping’ is one of the commands that can be sent to a computer using ICMP. Ordinarily, a computer would respond to this ping, telling the sender that the computer does exist. This is all pings are meant to do. Pings may seem harmless enough, but a large number of pings can make a Denial-of-Service attack, which overloads a computer. Also, hackers can use pings to see if a computer exists and does not have a firewall (firewalls can block pings). If a computer responds to a ping, then the hacker could then launch a more serious form of attack against a computer.
FTP (File Transfer Protocol)
FTP is a standard Internet protocol, standing for File Transfer Protocol. You may use it for file downloads from some websites. If you have a web page of your own, you may use FTP to upload it from your home computer to the web server. However, FTP can also be used by some hackers… FTP normally requires some form of authentication for access to private files, or for writing to files
FTP backdoor programs, such as-
- Doly Trojan
- Fore
- Blade Runner
simply turn your computer into an FTP server, without any authentication.
rpc.statd
This is a problem specific to Linux and Unix. The problem is the infamous unchecked buffer overflow problem. This is where a fixed amount of memory is set aside for storage of data. If data is received that is larger than this buffer, the program should truncate the data or send back an error, or at least do something other than ignore the problem. Unfortunately, the data overflows the memory that has been allocated to it, and the data is written into parts of memory it shouldn’t be in. This can cause crashes of various different kinds. However, a skilled hacker could write bits of program code into memory that may be executed to perform the hacker’s evil deeds.
HTTP – HTTP stands for HyperText Transfer Protocol..
HTTP hacks can only be harmful if you are using Microsoft web server software, such as Personal Web Server. There is a bug in this software called an ‘unchecked buffer overflow’. If a user makes a request for a file on the web server with a very long name, part of the request gets written into parts of memory that contain active program code. A malicious user could use this to run any program they want on the server.
Where and how to start Hacking
After you get yourself a good scanner, scan some prefixes and find some cool dialups, then do the following:
First Method
- From your terminal, dial the number you found.
- You will hear a series of Beeps. (Telling you that you are connecting to a remote computer.
- After few seconds you will hear something like “CONNECT 9600”.
- It then identifies the system you are on.
- If nothing happens after it says “CONNECT 9600” try hitting ENTER a number of times.
- If you get a bunch of garbage adjust your parity, data bits, stop bits etc. until it becomes clear.
- Now when you get connected to the server you can apply either of the above mentioned methods.
Second Method
The TELNET way
- Get your local dialups.
- Then you dial the number from your terminal & connect.
- Press Enter and wait for a few seconds.
- Then it will say “Terminal =”.
- Type your terminal emulation.
- If you don’t know what it is hit ENTER.
- It will give you a prompt @.
- Type ‘c’(connects to the host)
- Type NAU (Network user address) that you want to connect.
- Find out the type of system you are on UNIX, VAX/VSM, PRIME.
Here is a list of some Telenet commands and their functions.
- c Connect to a host.
- stat Shows network port.
- Full Network echo.
- half Terminal echo.
- Telemail Mail. (need ID and password)
- mail Mail. (need ID and password)
- set Select PAD parameters
- cont Continue.
- d Disconnect.
- hangup Hangs up.
- access Telenet account. (ID and password
No comments:
Post a Comment