System intrusion in 15 seconds, that’s right it can be done. If you possess certain security flaws your system can be broken into in less that 15 seconds.
To begin this context I’d like you to do the following. Connect to the Internet using your dial up account if you are on dial up. If you are on dedicated service like High Speed connections (ie, Cable and DSL) then just proceed with the steps below.
1. Click Start
2. Go to Run
3. Click Run (It’s a step by step manual) :-)
4. Type cmd
5. Hit the Enter Key
6. Then Type ipconfig /all
This should bring up a window that looks like the following
What you should see under IP address is a number that looks something like this.
10.16.136.244 (The number will be different.)
Once you have the IP address write it down, then close that window by clicking (OK) and do the following.
1. Click Start
2. Go to Run (Click on Run)
3. Type command then Click OK
At this point you should see a screen that looks like this.
Type the following at the Dos Prompt
• Nbtstat –A IP address
For example: nbtstat –A 10.16.136.244
(Please note that you must type the A in capital letters.)
This will give you a read out that looks like this
NetBIOS Remote Machine Name Table
___________________________________________
Name Type Status
-----------------------------------------------------------------
J-1 <00> UNIQUE Registered
WORK <00> GROUP Registered
J-1 <03> UNIQUE Registered
J-1 <20> UNIQUE Registered
WORK <1e> GROUP Registered
WORK <1d> UNIQUE Registered
__MSBROWSE__.<01>GROUP Registered
(Again info has been omitted due to privacy reasons)
The numbers in the <> are hex code values. What we are interested in is the “Hex Code” number of <20>. If you do not see a hex code of <20> in the list that’s a good thing. If you dohave a hex code <20> then you may have cause for concern. Now you’re probably confused about this so I’ll explain.
A hex code of <20> means you have file and printer sharing turned on. This is how a “hacker” would check to see if you have “file and printer sharing” turned on. If he/she becomes aware of the fact that you do have “file and printer sharing” turned on then they would proceed to attempt to gain access to your system.
(Note: To exit out of the DOS prompt Window, Type Exit and hit Enter)
I’ll show you now how that information can be used to gainaccess to your system. A potential hacker would do a scan on a range of IP address for systems with “File and Printer Sharing” turned on. Once they have encountered a system with sharing turned on the next step would be to find out what is being shared.
This is how:
Net view \\insert ip_address here
Our potential hacker would then get a response that looks something like this.
Shared resources at \\ip_address
Sharename Type Comment
---------------------------------------------------
MY DOCUMENTS Disk
TEMP Disk
The command was completed successfully.
This shows the hacker that his potential victim has their My Documents Folder shared and their Temp directory shared. For the hacker to then get access to those folders his next command will be.
Net use x: \\insert IP address here\temp
If all goes well for the hacker, he/she will then get a response of (The command was completed successfully.)
At this point the hacker now has access to the TEMP directory of his victim.
Not a lot of time to gain access to your machine is it? How many of you had “File and Printer Sharing” turned on?
Ladies and Gentlemen: This is called a Netbios attack. If you are running a home network then the chances are you have file and printer sharing turned on. This may not be the case for all of you but I’m sure there is quite a number of you who probably do. If you are sharing resources please password protect the directories.
Any shared directory you have on your system within your network will have a hand holding the folder. Which looks like this.
You can check to find which folders are shared through Windows Explorer.
• Click On Start
• Scroll Up to Programs
At this point you will see a listing of all the different programs on your system.
Find Windows Explorer and look for any folders that look like the above picture.
Once you have found those folders password protect them.
Netbios is one of the older forms of system attacks that occur. It is usually overlooked because most systems are protected against it. Recently there has been an increase of Netbios Attacks.
Further on in this content we shall cover some prevention methods. For now I wish only to show you the potential security flaws.
To begin this context I’d like you to do the following. Connect to the Internet using your dial up account if you are on dial up. If you are on dedicated service like High Speed connections (ie, Cable and DSL) then just proceed with the steps below.
1. Click Start
2. Go to Run
3. Click Run (It’s a step by step manual) :-)
4. Type cmd
5. Hit the Enter Key
6. Then Type ipconfig /all
This should bring up a window that looks like the following
What you should see under IP address is a number that looks something like this.
10.16.136.244 (The number will be different.)
Once you have the IP address write it down, then close that window by clicking (OK) and do the following.
1. Click Start
2. Go to Run (Click on Run)
3. Type command then Click OK
At this point you should see a screen that looks like this.
Type the following at the Dos Prompt
• Nbtstat –A IP address
For example: nbtstat –A 10.16.136.244
(Please note that you must type the A in capital letters.)
This will give you a read out that looks like this
NetBIOS Remote Machine Name Table
___________________________________________
Name Type Status
-----------------------------------------------------------------
J-1 <00> UNIQUE Registered
WORK <00> GROUP Registered
J-1 <03> UNIQUE Registered
J-1 <20> UNIQUE Registered
WORK <1e> GROUP Registered
WORK <1d> UNIQUE Registered
__MSBROWSE__.<01>GROUP Registered
(Again info has been omitted due to privacy reasons)
The numbers in the <> are hex code values. What we are interested in is the “Hex Code” number of <20>. If you do not see a hex code of <20> in the list that’s a good thing. If you dohave a hex code <20> then you may have cause for concern. Now you’re probably confused about this so I’ll explain.
A hex code of <20> means you have file and printer sharing turned on. This is how a “hacker” would check to see if you have “file and printer sharing” turned on. If he/she becomes aware of the fact that you do have “file and printer sharing” turned on then they would proceed to attempt to gain access to your system.
(Note: To exit out of the DOS prompt Window, Type Exit and hit Enter)
I’ll show you now how that information can be used to gainaccess to your system. A potential hacker would do a scan on a range of IP address for systems with “File and Printer Sharing” turned on. Once they have encountered a system with sharing turned on the next step would be to find out what is being shared.
This is how:
Net view \\insert ip_address here
Our potential hacker would then get a response that looks something like this.
Shared resources at \\ip_address
Sharename Type Comment
---------------------------------------------------
MY DOCUMENTS Disk
TEMP Disk
The command was completed successfully.
This shows the hacker that his potential victim has their My Documents Folder shared and their Temp directory shared. For the hacker to then get access to those folders his next command will be.
Net use x: \\insert IP address here\temp
If all goes well for the hacker, he/she will then get a response of (The command was completed successfully.)
At this point the hacker now has access to the TEMP directory of his victim.
Not a lot of time to gain access to your machine is it? How many of you had “File and Printer Sharing” turned on?
Ladies and Gentlemen: This is called a Netbios attack. If you are running a home network then the chances are you have file and printer sharing turned on. This may not be the case for all of you but I’m sure there is quite a number of you who probably do. If you are sharing resources please password protect the directories.
Any shared directory you have on your system within your network will have a hand holding the folder. Which looks like this.
You can check to find which folders are shared through Windows Explorer.
• Click On Start
• Scroll Up to Programs
At this point you will see a listing of all the different programs on your system.
Find Windows Explorer and look for any folders that look like the above picture.
Once you have found those folders password protect them.
Netbios is one of the older forms of system attacks that occur. It is usually overlooked because most systems are protected against it. Recently there has been an increase of Netbios Attacks.
Further on in this content we shall cover some prevention methods. For now I wish only to show you the potential security flaws.
No comments:
Post a Comment
Write Your valuable comments..........