-
November 1st, 2002, 07:54 PM
#1
Member
Open ports, hackers heaven?
okay so from last post i came to know that if one knows my ip address he could break in my system using netbios ports. I want to ask but i m afraid that people here might take my curiosity as an attempt to gain hacking knowledge. what ever i want to ask i've an open netbios port(not a trojan port of course). In case when i've no trojan like subseven installed on my systemHow hacker can use this open port to connect to my system, and what would be his tools using which he will connect to my system(like in case of subseven, subseven client is the tool to connect to victim system). Again i explain i m asking all this just for information. i hope for some good response.
-
November 1st, 2002, 07:54 PM
#2
Member
Open ports, hackers heaven?
okay so from last post i came to know that if one knows my ip address he could break in my system using netbios ports. I want to ask but i m afraid that people here might take my curiosity as an attempt to gain hacking knowledge. what ever i want to ask i've an open netbios port(not a trojan port of course). In case when i've no trojan like subseven installed on my systemHow hacker can use this open port to connect to my system, and what would be his tools using which he will connect to my system(like in case of subseven, subseven client is the tool to connect to victim system). Again i explain i m asking all this just for information. i hope for some good response.
-
November 1st, 2002, 08:06 PM
#3
Senior Member
Depending on what version of Windows you are using there are several ways to connect. There is a nebios connection that uses IPC$, basically this is a system share that can be connected via Netbios without using a user name or password. There are many tools that will use some netbios commands and the nice little netbios services will tell the user all sorts of information about the computer.
There is a good article, that I can't seem to locate. Go to the SANS institue and look up netbios or IPC$ there is some good information there. Best way to prevent this is to upgrade to the latest service packs and / or releases of M$ Windows. The XP and 2000 versions have improved greatly over the NT, ME, 98 & 95.
OR you can disable Netbios this will close ports 137, 138, 139. You can still connect to shares using IP addresses and it uses port 445 once connected. I may not be 100% correct here, but there is some good references on SANS and google.
-
November 1st, 2002, 08:06 PM
#4
Senior Member
Depending on what version of Windows you are using there are several ways to connect. There is a nebios connection that uses IPC$, basically this is a system share that can be connected via Netbios without using a user name or password. There are many tools that will use some netbios commands and the nice little netbios services will tell the user all sorts of information about the computer.
There is a good article, that I can't seem to locate. Go to the SANS institue and look up netbios or IPC$ there is some good information there. Best way to prevent this is to upgrade to the latest service packs and / or releases of M$ Windows. The XP and 2000 versions have improved greatly over the NT, ME, 98 & 95.
OR you can disable Netbios this will close ports 137, 138, 139. You can still connect to shares using IP addresses and it uses port 445 once connected. I may not be 100% correct here, but there is some good references on SANS and google.
-
November 1st, 2002, 08:15 PM
#5
Senior Member
The exploitation is that of a misconfigured system. No default install of windows should have any public file/print shares. On the victom's side, someone would have had to allow print and file sharing and set up a directory or more to be shared.
Normally if you must share files or printers you would want to have configured a password, and set it up to restrict access to only the systems which require access. That of course doesn't make it fool proof. You may still be left vulnerable by a spoofing attack, social engineering and any vulnerabilities that might exist in the file/print sharing server (which in this case is built into the OS).
-
November 1st, 2002, 08:15 PM
#6
Senior Member
The exploitation is that of a misconfigured system. No default install of windows should have any public file/print shares. On the victom's side, someone would have had to allow print and file sharing and set up a directory or more to be shared.
Normally if you must share files or printers you would want to have configured a password, and set it up to restrict access to only the systems which require access. That of course doesn't make it fool proof. You may still be left vulnerable by a spoofing attack, social engineering and any vulnerabilities that might exist in the file/print sharing server (which in this case is built into the OS).
-
November 1st, 2002, 08:22 PM
#7
-
November 1st, 2002, 08:22 PM
#8
-
November 1st, 2002, 10:51 PM
#9
By Default Most Windows OS's will install hidden shares for any drives that exist (e.g. if you have a c: drive you have a c$ share, there will also be an IPC$ share, and an Admin$ share). Now, I believe that Windows NT, 2000, and XP all have NetBios activated by default, so if you connect to the Internet and don`t have the Netbios ports blocked (or have netbios disabled) then there is a danger that someone can connect to them (I`m not going to explain it all here but you can find it out easily enough, check out some of the 'Windows hacking' tutorials that exist,I think there was one by Rhino 9, they all assume that NetBios is accessible.)
The IPC$ share is used for Null session connections, these allow the attacker to see the users that exist on the system and what other shares there are. Often tagged onto this will be remote access to the registry, from which your attacker will try and gain the SAM file and then run it through L0pht crack and find your password. If remote registry accessible is not possible then there are still ways to increase what is accessible to the attacker and then he has your password.
Now, going back to the hidden shares, these have to be manually removed (and it's open to discussion how much this ever works), using your username/pword an attacker can connect to your C$ share and then has access to whatever they want, and from there can do what they like to your machine, including installing trojans.
Oh, and the hidden shares are often required by virus scanners that are sent updates from a central server.
And as for the tools needed, Windows will suffice, the network commands are all you need.
Hope this helps.
Quis custodiet ipsos custodes
-
November 1st, 2002, 10:51 PM
#10
By Default Most Windows OS's will install hidden shares for any drives that exist (e.g. if you have a c: drive you have a c$ share, there will also be an IPC$ share, and an Admin$ share). Now, I believe that Windows NT, 2000, and XP all have NetBios activated by default, so if you connect to the Internet and don`t have the Netbios ports blocked (or have netbios disabled) then there is a danger that someone can connect to them (I`m not going to explain it all here but you can find it out easily enough, check out some of the 'Windows hacking' tutorials that exist,I think there was one by Rhino 9, they all assume that NetBios is accessible.)
The IPC$ share is used for Null session connections, these allow the attacker to see the users that exist on the system and what other shares there are. Often tagged onto this will be remote access to the registry, from which your attacker will try and gain the SAM file and then run it through L0pht crack and find your password. If remote registry accessible is not possible then there are still ways to increase what is accessible to the attacker and then he has your password.
Now, going back to the hidden shares, these have to be manually removed (and it's open to discussion how much this ever works), using your username/pword an attacker can connect to your C$ share and then has access to whatever they want, and from there can do what they like to your machine, including installing trojans.
Oh, and the hidden shares are often required by virus scanners that are sent updates from a central server.
And as for the tools needed, Windows will suffice, the network commands are all you need.
Hope this helps.
Quis custodiet ipsos custodes
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|