Port Scanning
Every computer connected on internet has a unique Internet Protocol (IP) address that identifies them over the Internet. Hackers use a hacking tool called a scanner to search for a range of IP addresses for a computer to attack.
When the scanner finds a computer at a particular IP address, it then examines the ports on that computer to see which ones could be exploited.
A port represents a specific way for a computer to communicate over the Internet. When a computer connects to the Internet, it needs to know when it's receiving email and when it's accessing a web page. Since information from the Internet flows into the computer through the same physical connection (a telephone line or cable modem), computers create separate ports to accept certain data. This way the computer knows how to handle data.
Each port is assigned a number and every computer connected to the Internet uses ports, which means that ports open up a door that hackers can use to access a computer.
SERVICE | PORT |
File Transfer Protocol (FTP) | 21 |
Telnet | 23 |
Simple Mail Transfer Protocol (SMTP) | 25 |
Gopher | 70 |
Finger | 79 |
Hypertext Transfer Protocol (HTTP) | 80 |
Post Office Protocol, version 3 (POP3) | 110 |
To attack a computer, you need the target computers IP address. There are lots of software’s available on net for this purpose one way is by looking up for the domain name on the Network Solutions website. Once you know a computer's IP address, the next step is to find which ports are open in order to access the target computer.
Ways to check which port is open-----
TCP connect scanning – Hacker sends a SYN packet to the target computer and waits for a return acknowledgment packet (SYN/ACK), and then sends another acknowledgment packet (ACK) to connect. This type of scanning is easily recognized by target computers to alert them of a possible hacker attack.
TCP SYN scanning – Same as above but when the acknowledgement is received the hacker does not sent back the ACK packet to connect. By doing this the hacker knows that the port is listening and hence open. This technique has less chances of getting detected.
TCP FIN scanning – Hacker sends a "No more data from sender" (FIN) packet to a port. A closed port responds with a Reset (RST) message, while an open port simply ignores the FIN packet.
The next task is to find the target computer’s operating system in order to know the commands for guessing the computer's password.
<FIN probing: Hacker sends a FIN ("No more data from sender") packet to a port and waits for a response. Windows responds with RST (Reset) messages.
<FIN/SYN probing: Hacker sends a FIN/SYN packet to a port and waits for a response. Linux systems respond with a FIN/SYN/ACK packet.
<ICMP message quoting: Hacker sends data to a closed port and waits to receive an error message. All computers send back the initial IP header of the data with an additional eight bytes tacked on. Solaris and Linux systems, however, return more than eight bytes.
IMPORTANT TOOLS FOR SECURITY BREACHING
First Step – Finding a computer to attack
Second Step – Breaking into it
Third Step – Crack the password
A hacker can find the password in the following ways:
1).Keystroke Logger-
A Keystroke Logger can record each and everything a person types. A logger can either send the recording to a monitoring computer or saves it to a file in the same computer. The key logger run’s in hidden mode i.e. they hide their presence from the user, although a professional person can check their existence in the computer system.
When the user leaves the target computer, the hacker can recover the log file in which every entry is recorded be it an email id username, password, credit card number, etc. Some key loggers can even mail the log file to the hacker so that they can monitor the target’s activity from another location.
For using a key logger the hacker must have access to target computer system on a regular basis.
2).Desktop-Monitoring Programs-
If the hacker doesn’t have access to the target computer on a regular basis then a desktop monitoring program is the solution. If the hacker is successful in installing this program on the target computer, then, whatever the user types on the target computer will appear on the hacker’s computer screen.
3). Brute-Force Attack-
The brute-force method simply tries every possible combination of alphabets, (small + caps), special characters and numbers of varying lengths. However, this method can take days to crack a password.
Brute-force attacks are very much successful in cracking Windows 98 and UNIX passwords. In windows 98 the user name and password is stored in the windows/*.pwl files whereas most of UNIX systems store the list of account names and passwords in the /etc/passwd file.
A Basic Approach - Attacking a Remote Computer
In this lesson we will try to explain the following topics------
2).The necessary tools used for this purpose.
3).Some tips and tricks.
4).A little description about Trojans, etc…
NetBIOS provides two communication modes: session or datagram. Session mode lets two computers establish a connection for a "conversation," allows larger messages to be handled, and provides error detection and recovery. Datagram mode is "connectionless" (each message is sent independently), messages must be smaller, and the application is responsible for error detection and recovery.
2).NBTSTAT - Nbtstat is designed to help troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.
The nbtstat command removes and corrects preloaded entries using a number of case-sensitive switches. The nbtstat - a <name> command performs a NetBIOS adapter status command on the computer name specified by < name> . The adapter status command returns the local NetBIOS name table for that computer as well as the MAC address of the adapter card. The nbtstat -A < IP address > command performs the same function using a target IP address rather than a name.
3).NET VIEW - The NET VIEW command displays a list of computers in the specified workgroup, or shared resources available on the specified computer.
4).NET USE - Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections.
5).NETSTAT - Netstat provides statistics for the following:
- Local Address - The IP address of the local computer and the port number being used. The name of the local computer that corresponds to the IP address and the name of the port is shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).
- Foreign Address - The IP address and port number of the remote computer to which the socket is connected. The names that corresponds to the IP address and the port are shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).
- State - Indicates the state of a TCP connection. The possible states are as follows: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, and TIME_WAIT.
For all these commands you need to have the IP address of the target computer. Also, you can try all these commands on your own IP address.
Let’s see how NBTSTAT works---
Open command prompt and type NBTSTAT /?, this will show the help for using this command (Note: /? Applies for all other commands also)
If I have the ip address xxx.xxx.xx.x
nbtstat –A xxx.xxx.xx.x
This will give the NetBIOS Remote Machine Name Table.
Net view \\xxx.xxx.xx.x
No comments:
Post a Comment