Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: How do you hack Windows?

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    136

    Talking How do you hack Windows?

    OH yea, I want to know while I stand on 1 foot. LOL Hey, at least I didn't ask how to hack Hotmail.

    Before Negative hits me with the obligatory AO flame, let me explain.

    I'm no newbie. I've been building, configuring and programming puters since the '70s. Security is a new game for me. That's all.

    And, although the topic was a joke, there is a certain amount of validity to it.

    I've been read, read, reading here and some other sites (been a member here for several months) to learn as much as I can but clear info isn't easy to come by.

    There is a lot of talk about how insecure Windows is but not a lot of detail as to exactly why. Hogfly had a nice thread challanging people to spell out why Windows sucks but it didn't get the replys I hoped for.

    Anyway, I'm not a script kiddie looking for it handed to me on a platter. Just trying to find out what you guys recommend for reading.

    More specific. I have a puter on a separate dial-up account. Knowing the IP, this is the box I use to learn. I started out with the simple things like trojans and virii. I could send them to the box and see how a trojan can bypass the virus proggy, etc. (Hey, we all have to start somewhere.)

    Then I learned about the NetBEUI exploit and how to prevent others from utilizing this weakness.

    Now, I have a fresh, default install of Win98SE. NetBEUI and file sharing are disabled. A scan shows ports 1, 11, 15, 79, 111, 119, 139, 143, 540 and 1524 open.

    I have gone to http://advice.networkice.com/Advice/...ts/default.htm and read about the ports and what they mean. I would guess that port 139 is the port I should try first. I have tried to Telnet to it and a few other things with no luck connecting.

    Like I said, I'm just looking for a little guidance. Any help is appreciated.

    BTW, Negative. My comment about you was not meant as a slap. I find your posts both amusing and informative. I especially like your "click here because I'm to lazy to do a search" links.

    I hope someday, I can repay the site by contributing to it's knowledge.

    Thanks again,
    KapperDog

  2. #2
    Senior Member
    Join Date
    Aug 2001
    Posts
    183

    not a flame

    I KNOW you're going to get flamed for that one...since you've been building **** since the 70's I would think you would know how to ask questions of this sort...let me explain to you how you should ask and you won't get flamed nearly as much, just get made fun of a bit.

    When you ask a question, be VERY specific. For example, you might find out about a certain vunerability, but you're not quite sure how to exploit it. So, you might try to find out more about the vunerability, and see if that helps. Then you might try asking suggestions on exploiting the vunerability....
    “People don’t talk about anything.” [Clarisse]
    “Oh, they must!” [Guy]
    “No, not anything. They name a lot of cars or clothes or swimming pools mostly and say how swell! But they all say the same things and nobody says anything different from anyone else. And most of the time in the cafes they have the joke-boxes on and the same jokes most of the time, or the musical wall lit and all the colored patterns running up and down, but it’s only color and all abstract. And at the museums, have you ever been? All abstract. That\'s all there is now...\"
    -A conversation with Clarrise McClellan and Guy Montag from Fahrenheit 451

  3. #3
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    I KNOW you're going to get flamed for that one...
    Damn, you must be psychic. But then again...not.
    since you've been building **** since the 70's I would think you would know how to ask questions of this sort
    U guys build **** in the US of A? And there are like companies making money out of it? What an idea! I guess I'll have to start a shitbuilding factory here in Belgium, too. My compatriots won't know what (s)hits them!
    ...let me explain to you how you should ask and you won't get flamed nearly as much, just get made fun of a bit.
    I guess this is where your extremely technical guideliness come in...not.
    When you ask a question, be VERY specific.
    That's it? I guess I was right about the ...not-part. I must be psychic. But then again...Hey, I am!

    That's all for todays obligatory AO flame.

    As for the OP's questions, which I find extremely clear (interpunction!) and well-formulated.

    Then I learned about the NetBEUI exploit and how to prevent others from utilizing this weakness.
    Just to keep up, I guess this is what you mean:
    If your only aim is to surf and to mail, you bind your dial-up to the TCP/IP-protocol only. If you need File and Printer sharing and stuff, you do not bind your TCP/IP to it; instead, you bind your dial-up to TCP/IP, AND you bind your dial-up to NetBEUI. Then, NetBEUI is binded to File and Printer sharing.
    Something like that?

    Now, I have a fresh, default install of Win98SE. NetBEUI and file sharing are disabled. A scan shows ports 1, 11, 15, 79, 111, 119, 139, 143, 540 and 1524 open.
    Yes...
    FYI: port 79 is used by trojans CDK and Firehotcker and port 119 by Happy99. As far as I know (and I don't know ****, cfr. NoNeckJoe - I'm sure he'll be glad to explain that one more time), the other ports aren't trojan ports.

    I would guess that port 139 is the port I should try first.
    Good guess, I guess (?). Never heard of telnetting to NetBios, though - correct me if I'm wrong, flame me if you wish to. The easiest solution is to get something like IP-Tools, scan a whole range of ports (pretty childish, and illegal, I know), pick out the open systems, and there you go (telnet, NetBios,...). It's like checking all doors in your street, and only enter the open ones. Of course, you can make things more complicated and try to force the closed ones.

    I hope someday, I can repay the site by contributing to it's knowledge.
    You already did as far as I'm concerned, by stating the benefit of interpunction.

    !!! Soon, in every family in the US of A !!!
    !!! I N T E R P U N C T I O N !!!
    !!! Brought to you by Negative and Kapperdog!!!




  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    136
    OK, I guess this is where it stands. I'm still a ****ing idiot and script kiddie but, I can spell and I display proper puncuation in my posts. LMAO. Not bad for my first post, I guess.

    It's hard to be specific when you really don't know what questions to ask.

    I got a little carried away in my post and started to rant.

    What I'm really looking for is some suggestions as to where a person with a willingness and ability to learn can go to learn more about security. Maybe you could recommend some of your favorite sites.

    I enjoy the personality of AntiOnline and I hope to find more time to spend here. However, there are only so many hours in a day and I have duties at sites elsewhere.

    Anyway, for those who are as of yet, unclear.

    1. Where would you suggest general security topic reading?

    2. Where would you suggest reading specific to exploiting any of the open ports I listed in my post above (1, 11, 15, 79, 111, 119, 139, 143, 540, 1524)?

    Thanks again,
    KapperDog

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    136
    Negative,

    I respect and appreciate your reply but you said,
    Never heard of telnetting to NetBios, though - correct me if I'm wrong,
    I knew I read it somewhere and I just read it again.

    Out of Band (OOB) data attacks: Windows machines that allow access to port 139 may be vulnerable to this type of attack. Essentially, a hacker connects to port 139, usually with telnet, and then sends a specific amount of data to the port. The result is that Windows NT machines will crash and indicates a problem in TCPIP.SYS. Windows 95 machines may or may not crash. In both cases, a simple reboot is usually enough to fix the problem. Microsoft's DNS problem may also be at risk to these types of attacks (on port 53). Read Nt Security's OOB Attacks page for information on this attack and possible fixes and/or workarounds for this vulnerability.
    This paragraph leads me to believe that you can Telnet to port 139. Am I misunderstanding something?

    When trying to connect with Telnet, what TermType should I use?

    Thanks,
    KapperDog

  6. #6
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    The OOB 'nuke' attack is largely fixed now, so it's unlikely to work. I would suggest you check out The Happy Hacker Guides to (Mostly) Harmless Hacking. They're fairly informative for beginning techies. In particular, regarding making manual connections to open shares, check out:

    http://www.happyhacker.org/gtmhh/crackw95.shtml

    Hope it helps.
    [HvC]Terr: L33T Technical Proficiency

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    136
    Thanks, Terr.

    In case anyone is interested, I also found a nice guide here called Digital Voodoo.

  8. #8
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    Kapper, if you are still interested in learning about this stuff....meet me in the chat room tonight. irc.antionline.com #antionline.......U want to hack port 139? piece of cake.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  9. #9
    Senior Member
    Join Date
    Aug 2001
    Posts
    183

    don't let the flames get you down

    Kapper or any newbies for that matter, don't let the flaming get you out of hacking. Everything about hacking is great.
    “People don’t talk about anything.” [Clarisse]
    “Oh, they must!” [Guy]
    “No, not anything. They name a lot of cars or clothes or swimming pools mostly and say how swell! But they all say the same things and nobody says anything different from anyone else. And most of the time in the cafes they have the joke-boxes on and the same jokes most of the time, or the musical wall lit and all the colored patterns running up and down, but it’s only color and all abstract. And at the museums, have you ever been? All abstract. That\'s all there is now...\"
    -A conversation with Clarrise McClellan and Guy Montag from Fahrenheit 451

  10. #10
    Forgotten Ghost RogueSpy's Avatar
    Join Date
    Aug 2001
    Location
    Cyberspace
    Posts
    783

    Post

    A good place to find up-to-date vulnerabilities is http://www.securityfocus.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •