Hacking Using DOS

Microsoft DOS came with some hidden hacking tool that I will discuss here. This tool can be found in the directory c: \ windows if you use Win98, and if you use WinXP then this tool is at C: \ WinXP \ system32. WinXP, Win2000 and WinNT released with some additional Internet tools. So if you are still using Win98 so I suggest replacing it with WinXP. Which of course has the additional securiti features and commands a good internet hacking. In this manual I will discuss about some of the commands found in Win98 and WinXP

So for the user window, the following commands at the DOS hacking.

1. ping
2. tracert
3. telnet
4. ftp
5. netstat

OK, this is the caption.

1. ping

Utiliy is used to find the existence of the remote host. Yan gmengirmkan a SYN signal to a remote host and if the remote host is returned then there is a remote machine.

Try you type this command:

C: \ windows> ping /?

*************
Newbie tip: typing "/?" after the show dos command helpnya. So how do you learn various dos commands. Is not WinXP, WinNT and Win2000 also has command 'help' to display all the dos commands.
*************
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] destination-list

Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Do not Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.



So I can ping any ip address or domain name to check its presence on the internet. For example I type "ping localhost" then I get.


Pinging Chintan [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes = 32 time <10ms TTL = 128
Reply from 127.0.0.1: bytes = 32 time <10ms TTL = 128
Reply from 127.0.0.1: bytes = 32 time <10ms TTL = 128
Reply from 127.0.0.1: bytes = 32 time <10ms TTL = 128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

************
Newbie tip: 'localhost' is the ip 127.0.0.1 and the ip address of our own. Also known as the loopback ip. But when you are connected to the internet you will be given a new ip of your isp as your identification. You can find out your ip by typing "winipcfg" in the Start menu-Run for Win98 users, while others just type in "ipconfig" at the command prompt.
***********

This indicates to me that the 32 bytes of data sent to 127.0.0.1 and returned back to less than 10ms. TTL is Time To Live and values range from 0 to 255 (default 128). Now let's see what happens if I type "ping www.yahoo.com"

Www.yahoo.akadns.net Pinging [66.218.71.87] with 32 bytes of data:

Reply from 66.218.71.87: bytes = 32 time = 3448ms TTL = 54
Reply from 66.218.71.87: bytes = 32 time = 2276ms TTL = 54
Reply from 66.218.71.87: bytes = 32 time = 1799ms TTL = 54
Reply from 66.218.71.87: bytes = 32 time = 2850ms TTL = 54

Ping statistics for 66.218.71.87:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1799ms, Maximum = 3448ms, Average = 2593ms



But how ping is used by hackers? Well, there are two options '|' and '-t' is deadly. - | Is used for specifying the size of the buffer that is sent (default is 32 bytes) what if I type "ping - | 65,600 target.com" this will bring death to 65,600 packets target.com higher than the capacity of the TCP / IP 65535. This action causes a hang target.com and had to be restarted.

And if I type "ping-t target.com" this is going to continue sending 32 bytes of data to target.com to spend resources and cause hangs. Above two types of attacks known as ping Dos attack to the attacker.

***********
Newbie tip: 'Dos' the latter is a denial-of service which was launched by hackers to stop service on the remote machine.
***********
Note: This type of attack is often used in the past, but this time the system has been updated it will not work anymore.

2. Tracert

Tracert command do penjejakan to remote machine. Before you request us to reach remote machine via a different router in between. Tracert tool (known as the 'traceroute' on unix) was originally designed to find where the router is having problems. Command shows the router's ip address through which we request before reaching the remote maching. For example, if I type "tracert http://www.yahoo.com/" at the dos prompt there will be:

Tracing route to www.yahoo.akadns.net [66.218.71.87]
over a maximum of 30 hops:

1 * 2025 ms 2296 ms dialpool-210-214-55-11.maa.sify.net [210.214.55.11]
2 2446 ms 2301 ms 2025 ms dialpool-210-214-55-2.maa.sify.net [210.214.55.2]
3 1899 ms 2066 ms 2450 ms lan-202-144-32-177.maa.sify.net [202.144.32.177]
4 * 2749 ms 2885 ms lan-202-144-83-4.maa.sify.net [202.144.83.4]
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * 3408 ms * www.yahoo.akadns.net [66.218.71.87]
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 482 ms 624 ms 698 ms w8.scd.yahoo.com [66.218.71.87]

Trace complete.

The first line tells us where the trail ip and then the number of hops. The number of hops depends on the number of servers that have them. After starting tracing. My first request via sify.net (name of my ISP's server) and then through different servers and the last to reach w8.scd.yahoo.com. So we can see how long the procedure. Whenever you open a web http://www.yahoo.com/ in the browser, your request is always the first isp (to get the ip from the list http://www.yahoo.com/ of the domain name) then the other servers in the path and Last on yahoo.

So how tracert used by hackers. This command is used to find and disarm a firewall. Tracer is used in conjunction with ip nmap can know where the firewall is installed, then it will disarm hackers. For the example above we see that the process stops at w8.scd.yahoo.com tracing. But this is not the real goal. That's because stopped by a firewall. Regarding the firewall issue will be discussed in a separate article.


3. Telnet

If you are using windows then 'telnet' is the ultimate hacking tool for you. Actually is a terminal that can access the remote machine and use its services. Through telnet you can specify a connection between your machine and remote machine via a specific port.


***********
Newbie tip: Here I am talking about the virtual port. Not physically that you see behind your CPU. Just as the physical port used to connect to the hardware and in the same way the virtual port used to connect to the software. TCP / IP has a virtual port 65.535.
***********
If you mengentik "telnet target.com" then you are connected to target.com to prot no. 23 (telnet port service running). You can also connect to some other port by typing the port number after target.com. for example if I want to connect to port no. 25 (SMTP service) then Shalya would type "telnet target.com 25".
***********
Newbie tip: Each port runs a particular service. For a list of services mendaptkan run on a particular port is open "C: \ windows \ services" on the notepad.
***********
For a moment you are connected to a remote machine on a particular port, a popup window with a telnet daemon that runs the port is waiting for you to type commands. For example "telnet http://www.cyberspace.org/" is like the image below is what I get.




I have to log in there and type a password and I get a linux shell prompt. Well, if you type newuser there to get a LoginId and Password. And I stelah preparing to execute commands remotely.

Well, http://www.cyberspace.org/ Linux servers. So if you are not familiar with Linux you will not be able to use his services.



4. FTP

FTP is File Transfer Protocol. Through this you can download or upload files. And what the hackers want from this? True! Live mengeti "ftp target.com" and the daemon banner will be displayed. But here, with the purpose of showing the first transfer the files you need to login. Some websites allow naonymous login. For example type in login "anonymous" and your email-address as a password. Obviously you need to type in bogus email. Now you can begin downloading and uploading files. But for that you of a command. At the FTP prompt you can type "?". It will be shown as follows:


! delete literal prompt send
? debug ls put status
append dir pwd trace mdelete
ascii disconnect type quit mdir
bell get mget quote user
binary globe mkdir recv verbose
bye hash mls remotehelp
cd help mput rename
close lcd open rmdir

For assistance in various mendaptkan commands delete commands for example, type "? Delete ". Some other important commands are:

1. 'pwd' to know the present directory at the remote machine.
example. ftp> pwd
/ etc / home
2. 'lcd' to change the local directory.
example. ftp> lcd C: \ windows
Local directory now C: \ windows
3. 'cd' to change the remote directory.
example. ftp> cd / etc
Remote directory now / etc
4. 'mput' to send multiple files to a remote machine.
example. ftp> mput *.*
sends all files from C: \ windows to / etc
5. 'mget' to get multiple files from a remote machine.
example. ftp> mget *.*
gets all files from / etc to C: \ windows
6. 'open' to establish a connection with the remote host.
example. ftp> open www.target.com
7. 'bye' closes the connection and quits from the ftp

For other commands from the ftp, please see their help.

Now on the FTP port (prot 21) is open http://www.nosecurity.com/. A hacker will connect to the site using the "ftp http://www.nosecurity.com/" at the dos prompt. Then he will try to log in anonymously. With the assumption that http://www.nosecurity.com/ use linux servers, so hackers will mengtikkan command "get / etc / apsswd" for the password file mendaptkan and mengcracknya. If you are a hacker, so do not forget to delete the log.



5. netstat

You can specify a connection to the remote machine on a particular port, the port is only opened on the remote machine. For example, if you want to specify a connection with http://www.target.com/ on port 23 (telnet) then the port should be open to http://www.target.com/. And all hacking activity typically use an open port. Typing "netstat /?" At the dos prompt to:


Displays protocol statistics and current TCP / IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the-s
option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the-s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the-p option may be used to specify
a subset of the default.
Redisplays interval selected statistics, Pausing interval seconds
between each display. Press CTRL + C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

Options will explain their respective functions. And the most important is the option-a and-n. -A option shows all the open ports on the machine. And if I use the-n option it will show ip address instead of the domain. I get the following if I type "netstat-a" at the command prompt.


Active Connections

Proto Local Address Foreign Address State
TCP Chintan: 1027 0.0.0.0:0 LISTENING
TCP Chintan: 80 0.0.0.0:0 LISTENING
TCP Chintan: 135 0.0.0.0:0 LISTENING
TCP Chintan: 6435 0.0.0.0:0 LISTENING
TCP Chintan: 1025 0.0.0.0:0 LISTENING
TCP Chintan: 1026 0.0.0.0:0 LISTENING
TCP Chintan: 1028 0.0.0.0:0 LISTENING
TCP Chintan: 1309 0.0.0.0:0 LISTENING
TCP Chintan: 1310 0.0.0.0:0 LISTENING
TCP Chintan: 1285 rumcajs.box.sk: 80 ESTABLISHE D
TCP Chintan: the 1296-l 202-144-78-3.maa.sify.net: 80 CLOSE_WAIT
TCP Chintan: 1297 lan-202-144-65-14.sify.net: 80 ESTABLISHE D
TCP Chintan: 1310 CDN-v13.websys.aol.com: 80 ESTABLISHE D
TCP Chintan: 1220 aiedownload.cps.intel.com: ftp ESTABLISHED

"Proto" stated the name of the protocol, "localaddress" gives us Ipaddress and open ports. "Foreign Address" with Namor Ipaddress menyatkaan port connected to us. "State" declared a statement today if a connection is "established" or listening, or just "waiting".

For example if I open it http://www.yahoo.com/ when I run "netstat-a" I'll get input like this:

"ESTABLISHED TCP 203.43.50.81:2034 www.yahoo.com:80"

My computer with the ip 203.43.50.81 port 2034 connected with yahoo on port 80


*************
Newbie tip: Dengna this way you can get the ip chat with someone who is. The first time you run "netstat-an" and look under foreign ip address. Now start private chat with other people. Also run "netstat-an" and you will get an ip foreign lagin eventually. This is the ip person.
*************