Copyright 2004: www.hackersbook.com

www.hackersbook.com

Dear customer,

thanks for your order and your download from the online reader’s area ofthe chapter „Common ways to attack a network“.

We hope, you enjoy reading this chapter on your computer screen beforeyou receive the copy of our book.

Please do not give this file or prints of this file to third parties. It’s only forour customers!

Best regards,

Ingo Haese

Copyright 2004: www.hackersbook.com

Common ways to attack a network

Exclusively for Hacker‘s Black Book by anonymous

PingPinging is normally the first step involved in hacking the target. Ping usesICMP (Internet Control Messaging Protocol) to determine whether thetarget host is reachable or not. Ping sends out ICMP Echo packets to thetarget host, if the target host is alive it would respond back with ICMPEcho reply packets.

All the versions of Windows also contain the ping tool. To ping a remotehost follow the procedure below.

Click Start and then click Run. Now type ping <ip address or hostname>(For example: ping yahoo.com). Now you should get the reply as shownbelow.

For more parameter that could be used with the ping command, go toDOS prompt and type ping /?.

Ping SweepIf you are undetermined about your target and just want a live system,ping sweep is the solution for you. Ping sweep also uses ICMP to scanfor live systems in the specified range of IP addresses. Though Pingsweep is similar to ping but reduces the time involved in pinging a rangeof IP addresses. Nmap (http://www.insecure.org) also contains an optionto perform ping sweeps.

Tracert: Tracert is another interesting tool available to find moreinteresting information about a remote host. Tracert also uses ICMP.Tracert helps you to find out some information about the systemsinvolved in sending data (packets) from source to destination. To performa tracert follow the procedure below.

Copyright 2004: www.hackersbook.com

Go to DOS prompt and type tracert <destination address> (Forexample: tracert yahoo.com).

But there are some tools available like Visual Traceroute which help youeven to find the geographical location of the routers involved.

http://www.visualware.com/visualroute

Port ScanningAfter you have determined that your target system is alive the nextimportant step would be to perform a port scan on the target system.There are a wide range of port scanners available for free. But many ofthem uses outdated techniques for port scanning which could be easilyrecognized by the network administrator. Personally I like to use Nmap(http://www.insecure.org) which has a wide range of options. You candownload the NmapWin and its source code from:

http://www.sourceforge.net/projects/nmapwin.

Apart from port scanning Nmap is capable of identifying the Operatingsystem being used, Version numbers of various services running,firewalls being used and a lot more.

Copyright 2004: www.hackersbook.com

Common ports:Below is a list of some common ports and the respective servicesrunning on the ports.

20 FTP data (File Transfer Protocol)21 FTP (File Transfer Protocol)22 SSH23 Telnet25 SMTP (Simple Mail Transfer Protocol)53 DNS (Domain Name Service)68 DHCP (Dynamic host Configuration Protocol)79 Finger80 HTTP110 POP3 (Post Office Protocol, version 3)137 NetBIOS-ns138 NetBIOS-dgm139 NetBIOS143 IMAP (Internet Message Access Protocol)161 SNMP (Simple Network Management Protocol)194 IRC (Internet Relay Chat)220 IMAP3 (Internet Message Access Protocol 3)389 LDAP443 SSL (Secure Socket Layer)445 SMB (NetBIOS over TCP)

Besides the above ports they are even some ports known as Trojanports used by Trojans that allow remote access to that system.

Vulnerability Scanning:Every operating system or the services will have some vulnerabilities dueto the programming errors. These vulnerabilities are crucial for asuccessful hack. Bugtraq is an excellent mailing list discussing thevulnerabilities in the various system. The exploit code writers writeexploit codes to exploit these vulnerabilities existing in a system.

There are a number of vulnerability scanners available to scan the hostfor known vulnerabilities. These vulnerability scanners are very importantfor a network administrator to audit the network security.

Some of such vulnerability scanners include Shadow Security Scanner,Stealth HTTP Scanner, Nessus, etc.

You can subscribe to Bugtraq mailing list by sending an e-mail tobugtraq-subscribe@securityfocus.com. Visithttp://www.securityfocus.com vulnerabilities and exploit codes of various

Copyright 2004: www.hackersbook.com

operating systems. Packet storm security(http://www.packetstormsecurity.com) is also a nice pick.

SniffingData is transmitted over the network in the form of datagrams (packets).These packets contain all the information including the login names,passwords, etc. Ethernet is the most widely used forms of networkingcomputers. In such networks the data packets are sent to all the systemsover the network. The packet header contains the destination address forthe packet. The host receiving the data packets checks the destinationaddress for the received packet. If the destination address for the packetmatches with the hosts IP address the datagram will be accepted else itwill be discarded.

Packet sniffers accept all the packets arrived at the host regardless of itsdestination IP address. So installing packet sniffer on a system inEthernet we can monitor all the data packets moving across the network.The data may even include the login names and passwords of the userson the network. Not only that sniffing can also reveal some valuableinformation about the version numbers of the services running on thehost, operating system being used, etc.

NetworkActiv Sniffer is freeware tool available for download athttp://www.networkactiv.com. The following is the data contained in apacket, captured over my network. (For security reasons I’ve edited theaddresses).

HTTP/1.1 301 Moved Permanently

Content-Length: 150

Content-Type: text/html

Location: http://XXX.XXX.XXX.XXX/new/

Server: Microsoft-IIS/6.0

Date: Wed, 12 Mar 200X 08:17:56 GMT

<head><title>Document Moved</title></head>

<body><h1>Object Moved</h1>This document may be found <aHREF="http://XXX.XXX.XXX.XXX/new/">here</a></body>

Copyright 2004: www.hackersbook.com

From this we can understand that the source system for the packet has aMicrosoft Operating System installed and is running IIS 6.0 (theoperating system might possibly be Windows 2003 Server as it has IIS6.0 running).

Social EngineeringThis has become one of the hottest topics today and it seems to work outmost of the times. Social Engineering doesn’t deal with the networksecurity issues, vulnerabilities, exploits, etc. It just deals with simplepsychological tricks that help to get the information we want. This reallyworks!! But it requires a lot of patience.

We are all talking about network security and fixing the vulnerabilities innetworks. But what happens if some internal person of a networkaccidentally gives out the passwords. After all we are all humans; we arealso vulnerable and can be easily exploited and compromised than thecomputers.

Social Engineering attacks have become most common during the chatsessions. With the increase in use of Instant Messengers, anyanonymous person may have a chat with another any where in theworld. The most crucial part of this attack is to win the trust of the victim.It may take a long time (may be in minutes, hours, days or months) forthis to happen. But after you are being trusted by the victim he will sayyou every thing about him. Most of the times his person information willbe useful to crack his web accounts like e-mail ids, etc. Even somepeople are so vulnerable to this attack that they even give their creditcard numbers to the strangers (social engineers).

Some social engineers stepped one more forward and they send somekeyloggers or Trojans to the victims claimed to be as screensavers orpics. These keyloggers when executed gets installed and send backinformation to the attacker. So be careful with such attacks.

Copyright 2004: www.hackersbook.com

Prevention:

1) Don’t believe everyone you meet on the net and tell them everything about you. Don’t even accidentally say answers to thequestions like “What’s you pet’s name?”, “What is your mother-maiden’s name?”, etc. which are particularly used by your webaccount providers to remind your passwords.

2) Don’t give your credit card details to even your near and dearthrough instant messengers. Remember, it’s not a hard deal for anattacker to crack an e-mail id and chat with you like your friend.Also data through IMs can be easily sniffed.

3) Don’t accept executable files (like *.exe, *.bat, *.vbs, *.scr, etc.)from unknown persons you meet on the net. They might be virusesor Trojans.

Please act carefully, use security software and ask professionals forhelp.