Hacking Guide


By: ER.RISHI AGGARWAL (er.rishi.aggarwal@gmail.com)

Windows hacking notes: 1) All the passwords with in an operating system are saved in the file named “ sam” We can locate that file at c:/windows/system32/config/sam. There are basically 2 types of passwords in an operating syatem. 1) Local user 2) Administrator 1) Local user password can be broken by login to admin or any other account “ other than the account which we have to break. Then we have to follow these steps Run: cmd Cmd: net user username *

(User name will be the name of account, which we have to break) type a new password, confirm that , hence you got victory……. 2) For administrator passwords:- as we know that all the passwords are save in the file called sam , so it will be possible for us to break an admin password, by just replacing that file. Boot a win xp cd: give a repair option, after the installation of drivers, when there will be 37 min remaining, press ( shift + f10), which will take you to the command prompt, there we have to type nusrmgr.cpl , it will take you to the admin account properties screen , then after just we have to click , the remove password option.


And you got access to the admin account…. 3) There is one another option to break or reset the passwords of local users: Simply on run command type “ control userpasswords2”

And you get a window to reset the passwords. Windows games: Solitr: alt + shift + 2 Frecell: ctrl + shift + f10

Information gathering
There are many tools to gather the information fro a particular domain. They are explained as following:


1) Ping: this tool is used to convert a domain name to an IP address, to get its actual name, to get TTL value: i.e. Time To Live, and check whether there is connectivity between victim and attacker. Run – cmd -Syntax: ping www.yahoo.com Ping flooding: - ping www.yahoo.com –t

Tool: ping sweep, to ping a series of networks. 2) Trace route: this tool is used to trace the path between an attacker and victim. It tells a total number of router or nodes in between them. It also tells about the location of nodes and firewall. Run – cmd – syntax: tracert www.yahoo.com


Tools: visualware traceroute, 3d information with map. 3) Whois: It tells about the complete information regarding, who has purchased the server, when it was purchased, when it’s going to be expire, domain name server. These are certain sites that contain the information regarding whois.


4) Port scanner: there are basically two types of ports with in a node physical and logical ports, in hacking we deals with logical ports only, these are also known as back doors. With the help of port scanners we came to know about an open ports of a specified node. This tool is freely available on the Internet, where we have to just put, a domain name or its IP address.


5) Telnet: Its also known to be back door entry, with the help of knowing open ports, then we can enter into that port, using telnet. There we will get a banner, called demon banner, which gives information regarding a server. This process is called demon banner grabbing. Run – cmd – Syntax: telnet www.yahoo.com n Where n is a port number, which are open. Example: telnet www.yahoo.com 25

After information gathering , we must make a summary, and find its vulnerabilities from http://www.securityfocus.com/vulnerabilities .

Being Undetectable –Using Proxy server
Proxy Servers are the online utilities that provide us a Possibility of being undetectable by keeping our Internet Protocol Address, secret. This utility also able a user to, hide his own IP address while connecting to the outer world. We can use proxy server in two ways, 3rd party software, like “INVISIBLE BROWSING” or free online web address bars, usually called proxy servers. These can be searched through search engines like , google, AltaVista, yahoo and etc.

Tracing E-mails
Tracing an E-mail is quite interesting process, by this a defender may, trace an exact location, IP address, Operating System, time when Mail was opened, how many times it was open, address bar contents and many more. Basically there are two ways a defender can trace a mail, first is to read the option of “FULL HEADERS” which is associated with each mail, there we can get an information like, originating IP address- a address from where the mail was born, time when mail was sent, an operating system used by the sender, a unique ID associated with each mail, and many more…


Second option is to use 3rd party software or online services, which helps even a layman to trace someone using mail . eg: WWW.READNOTIFY.COM , which provides a online utility to send a mail , which when opened by the victim will retrieve all the information from the node where the mail was opened, or we can say it is an advance version of full headers…

A Phising is a technology by which one HTML literate person can copy a source code of login page, and also add a script by which , when a victim enters his username and password on that screen , it automatically logins the server but also send a copy of that data , to a pre specified place…..

Creating Viruses
Basically Creating Virus, is just to create a script, which runs a malicious code, without seeing to anybody running that script. In these types of scripts, we use commands of the Windows NT/XP command line. What we have to do is to code them on notepad. While saving them change there extension

from txt to bat file. Save them where we want. And finally send them to victim , using mails, chatting, and any other source.

Eg: rmdir C:\WINDOWS\system32\config –q


While simply remove the config directory from the operating system, which contains the password of xp. We can also work more, with the simple command coding.
ADDUSERS ARP ASSOC ASSOCIAT AT ATTRIB BOOTCFG BROWSTAT CACLS CALL CD CHANGE CHKDSK CHKNTFS CHOICE CIPHER CleanMgr CLEARMEM CLIP CLS CLUSTER Add or list users to/from a CSV file Address Resolution Protocol Change file extension associations One step file association Schedule a command to run at a later time Change file attributes Edit Windows boot settings Get domain, browser and PDC info Change file permissions Call one batch program from another Change Directory - move to a specific Folder Change Terminal Server Session properties Check Disk - check and repair disk problems Check the NTFS file system Accept keyboard input to a batch file Encrypt or Decrypt files/folders Automated cleanup of Temp files, recycle bin Clear memory leaks Copy STDIN to the Windows clipboard. Clear the screen Windows Clustering 11

CMD Start a new CMD shell COLOR Change colors of the CMD window COMP Compare the contents of two files or sets of files COMPACT Compress files or folders on an NTFS partition COMPRESS Compress individual files on an NTFS partition CON2PRT Connect or disconnect a Printer CONVERT Convert a FAT drive to NTFS. COPY Copy one or more files to another location CSVDE Import or Export Active Directory data DATE Display or set the date Dcomcnfg DCOM Configuration Utility DEFRAG Defragment hard drive DEL Delete one or more files DELPROF Delete NT user profiles DELTREE Delete a folder and all subfolders DevCon Device Manager Command Line Utility DIR Display a list of files and folders Display disk usage DIRUSE DISKCOMP Compare the contents of two floppy disks DISKCOPY Copy the contents of one floppy disk to another DNSSTAT DNS Statistics DOSKEY Edit command line, recall commands, and create macros DSADD Add user (computer, group..) to active directory DSQUERY List items in active directory DSMOD Modify user (computer, group..) in active directory ECHO Display message on screen ENDLOCAL End localisation of environment changes in a batch file Delete one or more files ERASE EXIT Quit the CMD shell Uncompress files EXPAND EXTRACT Uncompress CAB files Compare two files FC FDISK Disk Format and partition FIND Search for a text string in a file FINDSTR Search for strings in files FOR /F Loop command: against a set of files FOR /F Loop command: against the results of another command FOR Loop command: all options Files, Directory, List FORFILES Batch process multiple files FORMAT Format a disk FREEDISK Check free disk space (in bytes) FSUTIL File and Volume utilities FTP File Transfer Protocol FTYPE Display or modify file types used in file extension associations 12

GLOBAL Display membership of global groups GOTO Direct a batch program to jump to a labelled line HELP Online Help HFNETCHK Network Security Hotfix Checker IF Conditionally perform a command IFMEMBER Is the current user in an NT Workgroup IPCONFIG Configure IP KILL Remove a program from memory LABEL Edit a disk label LOCAL Display membership of local groups LOGEVENT Write text to the NT event viewer. LOGOFF Log a user off LOGTIME Log the date and time in a file MAPISEND Send email from the command line MEM Display memory usage MD Create new folders MODE Configure a system device Display output, one screen at a time MORE MOUNTVOL Manage a volume mount point MOVE Move files from one folder to another MOVEUSER Move a user from one domain to another MSG Send a message MSIEXEC Microsoft Windows Installer MSINFO Windows NT diagnostics MSTSC Terminal Server Connection (Remote Desktop Protocol) MUNGE Find and Replace text within file(s) MV Copy in-use files NET Manage network resources Domain Manager NETDOM NETSH Configure network protocols NETSVC Command-line Service Controller NBTSTAT Display networking statistics (NetBIOS over TCP/IP) NETSTAT Display networking statistics (TCP/IP) NOW Display the current Date and Time NSLOOKUP Name server lookup NTBACKUP Backup folders to tape NTRIGHTS Edit user account rights PATH Display or set a search path for executable files PATHPING Trace route plus network latency and packet loss PAUSE Suspend processing of a batch file and display a message PERMS Show permissions for a user PERFMON Performance Monitor PING Test a network connection POPD Restore the previous value of the current directory saved by PUSHD PORTQRY Display the status of ports and services PRINT Print a text file 13

PRNCNFG Display, configure or rename a printer PRNMNGR Add, delete, list printers set the default printer PROMPT Change the command prompt PsExec Execute process remotely PsFile Show files opened remotely Display the SID of a computer or a user PsGetSid List information about a system PsInfo PsKill Kill processes by name or process ID PsList List detailed information about processes PsLoggedOn Who's logged on (locally or via resource sharing) PsLogList Event log records PsPasswd Change account password PsService View and control services PsShutdown Shutdown or reboot a computer PsSuspend Suspend processes PUSHD Save and then change the current directory Search file(s) for lines that match a given QGREP pattern. RASDIAL Manage RAS connections RASPHONE Manage RAS connections RECOVER Recover a damaged file from a defective disk. REG Read, Set or Delete registry keys and values REGEDIT Import or export registry settings REGSVR32 Register or unregister a DLL REGINI Change Registry Permissions REM Record comments (remarks) in a batch file REN Rename a file or files. REPLACE Replace or update one file with another Delete folder(s) RD RDISK Create a Recovery Disk RMTSHARE Share a folder or a printer ROBOCOPY Robust File and Folder Copy ROUTE Manipulate network routing tables Execute a program under a different user account RUNAS RUNDLL32 Run a DLL command (add/remove print connections) SC Service Control SCHTASKS Create or Edit Scheduled Tasks SCLIST Display NT Services ScriptIt Control GUI applications Display, set, or remove environment variables SET SETLOCAL Control the visibility of environment variables Set environment variables permanently SETX SHARE List or edit a file share or print share Shift the position of replaceable parameters in a SHIFT batch file SHORTCUT Create a windows shortcut (.LNK file) SHOWGRPS List the NT Workgroups a user has joined SHOWMBRS List the Users who are members of a Workgroup SHUTDOWN Shutdown the computer 14

SLEEP Wait for x seconds SOON Schedule a command to run in the near future SORT Sort input START Start a separate window to run a specified program or command SU Switch User SUBINACL Edit file and folder Permissions, Ownership and Domain SUBST Associate a path with a drive letter SYSTEMINFO List system configuration TASKLIST List running applications and services TIME Display or set the system time TIMEOUT Delay processing of a batch file Set the window title for a CMD.EXE session TITLE TOUCH Change file timestamps TRACERT Trace route to a remote host TREE Graphical display of folder structure Display the contents of a text file TYPE USRSTAT List domain usernames and last login VER Display version information VERIFY Verify that files have been saved VOL Display a disk label WHERE Locate and display files in a directory tree WHOAMI Output the current UserName and domain WINDIFF Compare the contents of two files or sets of files WINMSD Windows system diagnostics WINMSDP Windows system diagnostics II WMIC WMI Commands XCACLS Change file permissions Copy files and folders XCOPY


Brute force attack
It a technique by which, an attacker is able to crack the passwords of an un-restricted login prompt. This technology works on the concept of permutation and combination. As we know that we have only 108 basic keys on our key, so it is confirmed that the password must be from these 108 keys. This software uses the combination of these keys to evaluate the password of known username. Demerits of these kind of software are that, they may break a password on 1 min, 1 hour, 1 day, 1 year or may be more then that…

Default password
These are the certain passwords assigned to a hardware or software by the manufacturer by default. Eg: when we work with BIOS, ie. Basic input output system And there might be a password assigned by the administrator. We can even break that password by getting the Bios information , and search its default passwords from the internet.

Key logger
This is an wonderful technology, that deals with monitoring a remote computer in given ways: It can monitor keys typed, sites visited, screen shots, audible, and many more stuff. Just we have to install this techno on the victim’s node, after that we have to assign a password, so that a victim should not be able to enter or alter the setting of his own system. After this one can easily monitor these contents and even can transfer or export the data trough mail, using SMTP, free SMTP service is provided by www.gawab.com.