Hacking Windows 2000

 

Syngress.com   security-focus.com

Hacking Windows 2000:

 

-online resources : www.hackingexposed.com/win2k

 

-in Windows we can use  the command : net view to check if the computer is on a network .

 

net use \\192.168.234.44\ipc$ password  /u:Administrator

--------- | | -------------------------------------/u:domain\Administrator

 

user2id:

 

user2sid Administrator (www.chem.msu.su/~rudnyi/welcome.html )

 

whoami /all

 

dumpTokenInfo  (www.windowsecurity.com/Articles/Index.cfm?ArticleID=15989 )

 

FootPrinting:

SamSpade   ( www.samespade.org  )

 

 

Scanning:

Ping www.victim.com   - to see if host alive.

 

Port scanning performs a series of these connects to arbitrary ports and attempts  to negotiate the 3-way hand-shake and obtain any initial layer data if available ( termed banner grabbing)

 

Tools: www.insecure.org/nmap

 

Portscanning tools:  netscantools pro 2001

                                 Superscan 2.06 (www.foundstone.com )

 

Fscan –bqr –c  300 –p 1-445,3389 –u 88,135-137,161,500 10.0.0.1 –99

 

Banner Grabbing

Netcat

            Nc –vv victim.com 80

            ------|| -------------------<head.txt

www.eeye.com/html/Research/tools/index.html

www.nwpsw.com  (netscan tools pro 2001)

 

OS detection : insecure.org/nmap/nmap-fingerprinting-article.html

 

 

Enumeration :

 

%systemroot%\system32\drivers\etc\LMHOSTS

 

check what’s on the wire: net view /domain

 

net view /domain:corleone

 

NetBios NameTable: nbtstat –A 192.168.202.33

 

Nbtscan 192.168.234.0/24

 

 

Windows 2000 DNS enumeration:

 

-nslookup

-net use  \\192.168.202.33\IPC$  “” /u: “”

 

-net view \\vito

 

userinfo \\victim.com Administrator

 

 

 

nbtscan    download from   inetcat.org/software/nbtscan.html

 

epdump                                   security-solutions.net

rpcdump   //razor.bindview.com

netviewx  ibt.ku.dk/jesper/Nttools

winfo               ntsecurity.nu

 

nbtdump  atstake.com/research/tools/nbtdump.exe

 

dumpsec    somarsoft.com

enum   //razor.bindview.com

nete  //pr0n.newhackcity.net/~sd/netbios.html

sid2user/user2id   chem.msu.su:8080/~rudnyi/NT/sid.txt?

 

userinfo/userdump  hammerfgod.com/download.htm   ?

getacct securityfriday.com

 

walksam //razor.bindview.com

 

//netgroup-serv.polito.it/winpcap

 

securityfocus.com/tools/1969

 

Tools  

 

Eventlog Monitor :www.tntsoftware.com

Eventadmin  aelita.com

Network associates

CyberCop Scanner   nai.com

 

Lopthcrack 3:   atstake.com/research/lc3

 

Exploit devastates WinNT/Win2k Security:

    Theregister.co.uk/content/8/18370.html

 

Pipeupadmin  dogsmile.com/files  ?

 

Netddemsg.cpp   atstake.com

 

Gocsi.com      sans.org

 

Pipewin  sysinternals.com/files/pipelist.zip

 

Netcat for NT  atstake.com/research/tools/nc11nt/zip

 

VNC uk.research.att.com/vnc

 

 

COM Tools

Tinysoftware.com   winroute

 

Vision(port to mapper) foundstone.com

 

Microsoft.com/windows2000/techinfo/reskit/default.asp

 

Openwall.com/john

 

Free SSHD for Win:  //marvin.criadvantage.com/Caspian/Software/SSHD-NT/default.asp

Or     http://caspian.dotconf.net/menu/Software/

 

Fpipe  founstone.com/rdlabs/tools.php

 

Fport  - tells you what is listening on the port    --- foundstone.com

 

 

Fakegina.Trojan logon screen – ntsecurity.nu/toolbox/fakegina

 

Subseven      //subseven.slak.org or   http://euyulio.org/

 

 

BoDetect v.201  //packetstorm.securify.com/Trojans/bo/BoDetect_StandAlone.zip

 

Rootkit.com

 

Elitewrap  holodeck.fg.co.uk/elitewrap/index.html  or 

http://homepage.ntlworld.com/chawmp/elitewrap/

 

Elslove  www.ibt.ku.dk/jesper/Nttools

 

Forensic toolkit -- foundstone.com

 

Cygwin  //sources.redhat.com/cygwin

Thecleaner   www.moosoft.com

 

Buffer overflow:   phrack.org

                                    Cultdeadcow.org/cDc-files/cDc-351  ???

 

 

Denial of Service:

Zombie Zapper  //razor.bindview.com/tools

DdosPing   foundstone.com