Monday, August 4, 2008

Basic of hacking (eveything about ips) :

Basic of hacking (eveything about ips) :

[size=12] [/size hello friends m posting this tutorial on ips for all the beginners .read it and enjoy. its tough but damn good dont forget to reply guys

Cool


This is a tutorial that gives all information about the internet protocol.

What this tutorial covers?

1.what is an IP address?
2.How do I find my own IP?
3.How do I find out what organization owns an IP?
4.How do I find out the IP address that are connected to me?
5.How do I find what Operating System that owns the IP?
6.How do I find out the IP of my messenger buddies?
7.How do I find out what ports and services are running using IP?
8.How do I find out if an IP is contactable?
9.How do I find out the netbois name from the IP?
10.How do I find out who is logged into a remote Windows system?
11.How do I find out the IP address from the mails received?

1.What is an IP address?
An IP address or Internet Protocol is a 32-bit number address, which is assigned to each (technically called a host) connected to the Internet.
It is the address to which different types of data are sent to your computer. It consists of 4 octets. Each octet equals 8 bits and has a range from 0 to 255.
(Every IP address on the Internet is sectioned off into classes from class A to class E, depending on a different range of numbers, but I won’t go into that here.)
Here is an example of a typical IP address:

207.144.262.77
| | | |
| | | |-- > (4th octet. 8-bits. Ranges from 0 to 255)
| | ------> (3rd octet. 8-bits. Ranges from 0 to 255)
| |----------------> (2nd octet. 8-bits. Ranges from 0 to 255)
|---------------------> (1st octet. 8-bits. Ranges from 0 to 255)

Each octet is separated by a decimal. I said earlier that an IP address is a 32-bit number or address.
There are 4 octets, which are each 8-bits.
So 8-bits + 8-bits + 8-bits + 8-bits = 32-bits.

gnzl-as50-67.eatel.net
| | | |
| | | |----> (domain belongs to a network)
| | |---------> (name of the isp or internet service provider)
| |---------------> The name assigned to that particular host.
|-------------------> (the name of the machine which is located in “gnzl” or gonzales of Louisiana)


Domains could also have suffixes behind them (ex. gnzl-as50-67.eatel.net.uk)
indicating that they are from another country. Example:
.jp = Japan
.uk = United Kingdom
.nl = Netherlands
.it = Italy
.ru = Russia
.fr = France
.eg = Egypt
.in = India

2.How do I find my own IP?
Because the IP your ISP's DHCP server hands you may not always be the same it is handy to be able to quickly find out what your IP is.
Most of the time on a LAN the DHCP server will try to hand a machine the same IP it's MAC address received the last time it requested an address, but not always.
To find out your host IP and other useful information use these commands.

Windows 9X/Me:

Use the "winipcfg" command, this will bring up a GUI dialog with all the info you will need.

Windows NT/2000/XP/etc:

Use the "ipconfig command.

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : se-libg-adrian1
Primary DNS Suffix . . . . . . . : ads.mydomain.edu
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ads.mydomain.edu
mydomains.edu
mydomain.edu

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : mydomains.edu
Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
Controller (3C905C-TX Compatible)
Physical Address. . . . . . . . . : 00-B0-D0-74-A8-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.26.29
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : 192.168.16.100
DHCP Server . . . . . . . . . . . : 192.168.30.254
DNS Servers . . . . . . . . . . . : 192.168.20.1
192.168.25.1
192.168.30.1
129.79.1.1
129.79.5.100
Primary WINS Server . . . . . . . : 192.168.30.254
Secondary WINS Server . . . . . . : 192.168.30.253
Lease Obtained. . . . . . . . . . : Saturday, February 02, 2002 12:03:14
PM
Lease Expires . . . . . . . . . . : Sunday, February 03, 2002 12:03:14 PM

C:\>

Notice that this gives you allsorts of networking information, including your IP, Gateway, MAC Address, DNS server and Host Name.

Linux/Unix:

Use the "ifconfig" command to find the IP of the box.

bash-2.04$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:C0:F0:31:9F:10
inet addr:192.168.30.130 Bcast:192.168.31.255 Mask:255.255.240.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21353979 errors:2 dropped:0 overruns:0 frame:2
TX packets:20342701 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xde00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2234607 errors:0 dropped:0 overruns:0 frame:0
TX packets:2234607 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0

bash-2.04$

If you are SSH/telneting to the box and you want to find the IP you are attaching from use the "finger" command with no parameters.

bash-2.04$ finger
Login Name Tty Idle Login Time Office Office Phone
adrian Adrian Crenshaw pts/3 Feb 2 14:57 (192.168.26.29)
root root pts/0 1:53 Jan 28 17:25 (tux:2)
root root pts/1 4d Jan 25 14:57
root root pts/2 8d Jan 25 14:57 (tux:2)
bash-2.04$

3.How do I find out what organization owns an IP?
By pinging the organization gives the IP of that particular Org.
Here ive pinged Jotti.org which inturns gives there IP 62.194.194.181

C:\Documents and Settings\Cyber_saint>ping www.jotti.org

Pinging www.jotti.org [62.194.194.181] with 32 bytes of data:

Reply from 62.194.194.181: bytes=32 time=429ms TTL=249
Reply from 62.194.194.181: bytes=32 time=429ms TTL=249
Reply from 62.194.194.181: bytes=32 time=430ms TTL=249
Reply from 62.194.194.181: bytes=32 time=428ms TTL=249

Ping statistics for 62.194.194.181:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 428ms, Maximum = 430ms, Average = 429ms

4.How do I find out the IP address that are connected to me?
Here the local address is your IP and the foreign address is the
IP address that you are connected to you.
C:\WINDOWS>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 211.124.228.98:1138 64.4.13.69:1863 ESTABLISHED
TCP 211.124.228.98:1150 64.4.12.190:1863 ESTABLISHED
TCP 211.124.228.98:6891 12.90.50.93:1978 ESTABLISHED

There is a good tool which makes this one easier called Tcpview.

5.How do I find what Operating System that owns the IP?

The easiest way to find this info is to use the "nmap" utility from here.

[root@tux adrian]# nmap -O tux.mydomains.edu or


C:\>nmap -O tux.mydomains.edu

Starting nmap V. 2.54BETA26 ( www.insecure.org/nmap/ )
Adding open port 22/tcp
Adding open port 1024/tcp
Adding open port 25/tcp
Adding open port 80/tcp
Adding open port 110/tcp
Adding open port 993/tcp
Adding open port 6002/tcp
Adding open port 5902/tcp
Adding open port 111/tcp
Adding open port 443/tcp
Adding open port 21/tcp
Adding open port 995/tcp
Adding open port 23/tcp
Adding open port 143/tcp
Adding open port 139/tcp
Adding open port 515/tcp
Interesting ports on tux.mydomains.edu (192.168.30.130):
(The 1532 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
111/tcp open sunrpc
139/tcp open netbios-ssn
143/tcp open imap2
443/tcp open https
515/tcp open printer
993/tcp open imaps
995/tcp open pop3s
1024/tcp open kdm
5902/tcp open vnc-2
6002/tcp open X11:2

Remote operating system guess: Linux Kernel 2.4.0 - 2.4.5 (X86)
Uptime 9.033 days (since Fri Jan 25 14:55:20 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
[root@tux adrian]#


Notice the part in bold indicate the likely OS. Be careful about using tools like "nmap",
the site you are targeting may give your local admin a call asking why you are scanning their site.
Also make sure your copy of Nmap is up to date so it has the newest OS fingerprints, the version I used in the above example is kind of old.

You can also find out sometimes by using the "What's that site running" cgi at Netcraft,
which does a banner grab for you.

Telneting to the host and observing the intro may give you some info:

Red Hat Linux release 7.1 (Seawolf)
Kernel 2.4.2-2 on an i686
login:


and if they only have port 80 open you can telnet to that port and hit enter twice and observe the headers:

[root@tux adrian]# telnet orangutan.mydomains.edu 80
Trying 192.168.28.32...
Connected to orangutan.mydomains.edu.
Escape character is '^]'.


HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.0
Date: Sun, 03 Feb 2002 20:51:47 GMT
Content-Type: text/html
Content-Length: 87

html head title Error /title /head body The parameter is incorrect. /body
/html Connection closed by foreign host.
[root@tux adrian]#

This technique is know as "banner grabbing".

6.How do I find out the IP of my messenger buddies?
You can find out the IP address of ur buddies only if they are
directly connected to you.This is possible only when you send a file
or when a webcam or voice service is on.

YOU------> MSN SERVER/YAHOO SERVER------>OTHER PERSON

During a file transfer or webcam or voice

YOU------>OTHER PERSON

To find the IP do a netstat -n in your command prompt

C:\WINDOWS>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 211.124.228.98:1138 64.4.13.69:1863 ESTABLISHED
TCP 211.124.228.98:1150 64.4.12.190:1863 ESTABLISHED
TCP 211.124.228.98:6891 12.90.50.93:1978 ESTABLISHED

now after sending something a file or a pic and during the transfer or
by establishing a direct voice or webcam ..View the stats again

C:\WINDOWS>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 211.124.228.98:1138 64.4.13.69:1863 ESTABLISHED
TCP 211.124.228.98:1150 64.4.12.190:1863 ESTABLISHED
TCP 211.124.228.98:6891 12.90.50.93:1978 ESTABLISHED
TCP 211.124.228.98:6891 261.184.172.78:1337 ESTABLISHED

There is a new connection that is estabilished and the IP address is
261.184.172.78.

Its better you use Tcpview for this one as you can monitor the connections
seperately for every services.

7.How do I find out what ports and services are running using an IP?

Well there is a load of port scanners available in the net.I recommend
you to use Superscan and to find the services u can just do a netstat in
the command prompt without resolving the IP address

C:\>netstat

Active Connections

Proto Local Address Foreign Address State
TCP se-sscs-cv112b7:1370 se-cser-fs01.mydomains.edu:netbios-ssn ESTABLISHED
TCP se-sscs-cv112b7:1469 ntemail1-tr.mydomains.state.edu:1078 ESTABLISHED
TCP se-sscs-cv112b7:1473 ntemail1-tr.mydomains.state.edu:1091 ESTABLISHED
TCP se-sscs-cv112b7:1495 ntemail1-tr.mydomains.state.edu:1078 ESTABLISHED
TCP se-sscs-cv112b7:1499 ntemail1-tr.mydomains.state.edu:1091 ESTABLISHED
TCP se-sscs-cv112b7:1631 tux.mydomains.edu:telnet ESTABLISHED
TCP se-sscs-cv112b7:1690 bl-uits-adsdc01.ads.mydomain.edu:microsoft-ds TIME_WA
IT
TCP se-sscs-cv112b7:1692 se-cser-app1.mydomains.edu:microsoft-ds ESTABLISHED
TCP se-sscs-cv112b7:1694 bl-uits-adsdc01.ads.mydomain.edu:microsoft-ds TIME_WA
IT
TCP se-sscs-cv112b7:1699 homepages1.mydomains.edu:netbios-ssn TIME_WAIT

For better information, like what binary has a post open use a tool like Fport

C:\>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
1572 inetinfo -> 25 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
1572 inetinfo -> 80 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
1008 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe
4 System -> 139 TCP
1572 inetinfo -> 443 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
4 System -> 445 TCP
1108 svchost -> 1025 TCP C:\WINDOWS\System32\svchost.exe
1572 inetinfo -> 1043 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
776 winlogon -> 1056 TCP \??\C:\WINDOWS\system32\winlogon.exe
4 System -> 1135 TCP
2436 OUTLOOK -> 1162 TCP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 1169 TCP
2436 OUTLOOK -> 1176 TCP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
1232 firefox -> 1219 TCP C:\Program Files\Mozilla Firefox\firefox.exe
1232 firefox -> 1220 TCP C:\Program Files\Mozilla Firefox\firefox.exe
2436 OUTLOOK -> 1221 TCP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 1390 TCP
4 System -> 1451 TCP
4 System -> 1456 TCP
1232 firefox -> 1602 TCP C:\Program Files\Mozilla Firefox\firefox.exe
4 System -> 1634 TCP
0 System -> 1635 TCP
1108 svchost -> 3389 TCP C:\WINDOWS\System32\svchost.exe
1296 -> 5000 TCP
264 WCESCOMM -> 5679 TCP C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

1572 inetinfo -> 135 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
2436 OUTLOOK -> 137 UDP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 138 UDP
1572 inetinfo -> 445 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
1008 svchost -> 500 UDP C:\WINDOWS\system32\svchost.exe
1572 inetinfo -> 1026 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
4 System -> 1027 UDP
1108 svchost -> 1028 UDP C:\WINDOWS\System32\svchost.exe
1572 inetinfo -> 1049 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
776 winlogon -> 1051 UDP \??\C:\WINDOWS\system32\winlogon.exe
4 System -> 1165 UDP
2436 OUTLOOK -> 1558 UDP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 1900 UDP
1232 firefox -> 1900 UDP C:\Program Files\Mozilla Firefox\firefox.exe
2436 OUTLOOK -> 2967 UDP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 3456 UDP


C:\>

Or Netport:

C:\>netport
NetPort v1.1 - A Visual Log Product
Copyright 2004 by Softgears Company
http://www.softgears.com


Pid Process Port Proto Foreign Address Path
1572 inetinfo 25 TCP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
1572 inetinfo 80 TCP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
1008 svchost 135 TCP: LISTENING C:\WINDOWS\system32\svchost.exe
1572 inetinfo 443 TCP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
4 System 445 TCP: LISTENING
1108 svchost 1025 TCP: LISTENING C:\WINDOWS\System32\svchost.exe
1572 inetinfo 1043 TCP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
776 winlogon 1056 TCP: LISTENING \??\C:\WINDOWS\system32\winlogon.exe
4 System 1135 TCP: LISTENING
2436 OUTLOOK 1162 TCP: LISTENING C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System 1169 TCP: LISTENING
2436 OUTLOOK 1176 TCP: LISTENING C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
1232 firefox 1220 TCP: LISTENING C:\Program Files\Mozilla Firefox\firefox.exe
2436 OUTLOOK 1221 TCP: LISTENING C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System 1451 TCP: LISTENING
4 System 1456 TCP: LISTENING
1232 firefox 1602 TCP: LISTENING C:\Program Files\Mozilla Firefox\firefox.exe
1108 svchost 3389 TCP: LISTENING C:\WINDOWS\System32\svchost.exe
1296 System 5000 TCP: LISTENING
264 WCESCOMM 5679 TCP: LISTENING C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
1232 firefox 1219 TCP: LISTENING C:\Program Files\Mozilla Firefox\firefox.exe
1232 firefox 1219 TCP: ESTABLISHED 127.0.0.1:1220 C:\Program Files\Mozilla Firefox\firefox.exe
1232 firefox 1220 TCP: ESTABLISHED 127.0.0.1:1219 C:\Program Files\Mozilla Firefox\firefox.exe
4 System 139 TCP: LISTENING
776 winlogon 1056 TCP: CLOSE_WAIT 134.68.220.157:389 \??\C:\WINDOWS\system32\winlogon.exe
2436 OUTLOOK 1162 TCP: ESTABLISHED 134.68.220.155:1025 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System 1169 TCP: ESTABLISHED 192.168.28.33:445
2436 OUTLOOK 1176 TCP: ESTABLISHED 129.79.1.40:1222 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
2436 OUTLOOK 1221 TCP: ESTABLISHED 129.79.1.214:1249 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System 1390 TCP: LISTENING
4 System 1390 TCP: ESTABLISHED 192.168.30.154:139
4 System 1456 TCP: ESTABLISHED 129.79.6.3:445
1232 firefox 1602 TCP: ESTABLISHED 64.233.167.104:80 C:\Program Files\Mozilla Firefox\firefox.exe
4 System 1634 TCP: LISTENING
4 System 1634 TCP: ESTABLISHED 192.168.30.34:139
1008 svchost 135 UDP: LISTENING C:\WINDOWS\system32\svchost.exe
4 System 445 UDP: LISTENING
836 lsass 500 UDP: LISTENING C:\WINDOWS\system32\lsass.exe
1264 System 1026 UDP: LISTENING
1264 System 1027 UDP: LISTENING
836 lsass 1028 UDP: LISTENING C:\WINDOWS\system32\lsass.exe
1572 inetinfo 1049 UDP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
776 winlogon 1051 UDP: LISTENING \??\C:\WINDOWS\system32\winlogon.exe
2436 OUTLOOK 1165 UDP: LISTENING C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
1640 Rtvscan 2967 UDP: LISTENING C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
1572 inetinfo 3456 UDP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
4064 FRONTPG 1558 UDP: LISTENING C:\PROGRA~1\MICROS~2\Office10\FRONTPG.EXE
1296 System 1900 UDP: LISTENING
4 System 137 UDP: LISTENING
4 System 138 UDP: LISTENING
1296 System 1900 UDP: LISTENING

For Linux:-

Use the "lsof -i" command:

[root@balrog root]# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhclient 467 root 4u IPv4 777 UDP *:bootpc
portmap 533 rpc 3u IPv4 898 UDP *:sunrpc
portmap 533 rpc 4u IPv4 901 TCP *:sunrpc (LISTEN)
rpc.statd 552 rpcuser 4u IPv4 972 UDP *:32768
rpc.statd 552 rpcuser 5u IPv4 939 UDP *:728
rpc.statd 552 rpcuser 6u IPv4 975 TCP *:32768 (LISTEN)
sshd 642 root 3u IPv4 1287 TCP *:ssh (LISTEN)
xinetd 657 root 5u IPv4 1313 TCP localhost.localdomain:32769 (LISTEN)
sendmail 682 root 4u IPv4 1377 TCP localhost.localdomain:smtp (LISTEN)
httpd 712 root 3u IPv4 1422 TCP *:http (LISTEN)
httpd 712 root 4u IPv4 1423 TCP *:https (LISTEN)
sshd 8498 root 4u IPv4 323188 TCP balrog.ius.edu:ssh->winxpe:1644 (ESTABLISHED)
httpd 31094 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31094 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31095 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31095 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31096 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31096 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31097 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31097 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31098 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31098 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31099 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31099 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31100 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31100 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31101 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31101 apache 4u IPv4 1423 TCP *:https (LISTEN)
[root@balrog root]#

8.How do I find out if an IP is contactable?

If the host is not blocking ICMP echo requests (type 8, code 0) try using the "ping" command, it should work from any Unix like OS and from Windows.

UP:

C:\>ping 192.168.1.162

Pinging 192.168.1.162 with 32 bytes of data:

Reply from 192.168.30.130: bytes=32 time<10ms TTL=255
Reply from 192.168.30.130: bytes=32 time<10ms TTL=255
Reply from 192.168.30.130: bytes=32 time<10ms TTL=255
Reply from 192.168.30.130: bytes=32 time<10ms>

Not Up

C:\>ping 192.168.1.162

Pinging 192.168.1.162 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.162:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

9.How do I find out the netbois name from the IP?

On Windows:

C:\>nbtstat -a 192.168.22.68

Local Area Connection:
Node IpAddress: [192.168.22.68] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
SE-SSCS-CV112C8<00> UNIQUE Registered
ADS <00> GROUP Registered
SE-SSCS-CV112C8<03> UNIQUE Registered
SE-SSCS-CV112C8<20> UNIQUE Registered
ADS <1E> GROUP Registered
ADRIAN <03> UNIQUE Registered


MAC Address = 00-04-76-39-B6-D9

C:\>

On Unix (if you have nbtstat installed):
[root@tux /root]# nbtstat 192.168.22.68
received data:
A2 48 84 00 00 00 00 01 00 00 00 00 20 43 4B 41 .H.......... CKA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
00 01 00 00 00 00 00 9B 06 53 45 2D 53 53 43 53 .........SE-SSCS
2D 43 56 31 31 32 43 38 00 44 00 41 44 53 20 20 -CV112C8.D.ADS
20 20 20 20 20 20 20 20 20 20 00 C4 00 53 45 2D ...SE-
53 53 43 53 2D 43 56 31 31 32 43 38 03 44 00 53 SSCS-CV112C8.D.S
45 2D 53 53 43 53 2D 43 56 31 31 32 43 38 20 44 E-SSCS-CV112C8 D
00 41 44 53 20 20 20 20 20 20 20 20 20 20 20 20 .ADS
1E C4 00 41 44 52 49 41 4E 20 20 20 20 20 20 20 ...ADRIAN
20 20 03 44 00 00 04 76 39 B6 D9 00 00 00 00 00 .D...v9.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 8C .....
6 names in response
SE-SSCS-CV112C8<0x00> Unique Workstation Service
ADS <0x00> Group Domain Name
SE-SSCS-CV112C8<0x03> Unique Messenger Service
SE-SSCS-CV112C8<0x20> Unique File Server Service
ADS <0x1e> Group Potential Master Browser
ADRIAN <0x03> Unique Messenger Service
[root@tux /root]#

and the vice versa could be done by:-

On Windows:

C:\>nbtstat -a se-sscs-cv112c8

Local Area Connection:
Node IpAddress: [192.168.22.68] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
SE-SSCS-CV112C8<00> UNIQUE Registered
ADS <00> GROUP Registered
SE-SSCS-CV112C8<03> UNIQUE Registered
SE-SSCS-CV112C8<20> UNIQUE Registered
ADS <1E> GROUP Registered
ADRIAN <03> UNIQUE Registered

MAC Address = 00-04-76-39-B6-D9
C:\>


On Unix:

[root@tux /root]# nmblookup se-sscs-cv112c8
querying se-sscs-cv112c8 on 192.168.31.255
192.168.22.68 se-sscs-cv112c8<00>
[root@tux /root]#

10.How do I find out who is logged into a remote Windows system?

On Windows you can try:

C:\>nbtstat -a somesystem
Local Area Connection:

Node IpAddress: [192.168.22.68] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
SE-SSCS-CV112C5<00> UNIQUE Registered
ADS <00> GROUP Registered
SE-SSCS-CV112C5<03> UNIQUE Registered
ADS <1E> GROUP Registered
JDOE <03> UNIQUE Registered

MAC Address = 00-04-76-39-A9-F9
C:\>

But if Netbios over TCP/IP it turned off it won't work.
In that case you may have to use a WMI script, but you would have to be an Admin on the remote box.
On Unix:

bash-2.05# nmblookup -S somebox
querying se-sscs-cv112c5 on 192.168.31.255
192.168.22.59 somebox <00>
Looking up status of 192.168.22.59
SE-SSCS-CV112C5 <00> - M
ADS <00> - M
SE-SSCS-CV112C5 <03> - M
ADS <1e> - M
JDOE <03> - M

bash-2.05#
The above will only work is the Windows box has Netbios over TCP/IP it turned on.

11.How do I find out the IP address from the mails received?

Iam just going to explain two of the most popular mail servers
1.Yahoo
2.Hotmail

1.Yahoo

To find the Ip address from the mails recieved we must find the header
of the mail.To enable it do the following.

After signin in your id and password .You are in the page where it welcomes you
On the right top conner you can find Options .Just click it.
So here you are in a page where you can find Anti-Spam Resource Centre,
Block Addresses,Filters,General Preferences,Signature...ect

Click General Preferences
Under Messages you can find Headers,Font size ect
Click the option Show all headers on imcoming messages
and click the save button at the bottom.

Now check your mail and it will look something like this

X-Apparently-To: boo_iggers@yahoo.com via 68.142.207.223; Sat, 08 Oct 2005 00:16:20 -0700
X-Originating-IP: [66.163.179.108]
Return-Path:
Authentication-Results: mta251.mail.mud.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 66.163.179.108 (HELO web35314.mail.mud.yahoo.com) (66.163.179.108) by mta251.mail.mud.yahoo.com with SMTP; Sat, 08 Oct 2005 00:16:20 -0700
Received: (qmail 59981 invoked by uid 60001); 8 Oct 2005 07:16:04 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=y/8AiVLdM96BbwqqWGE4jVGW9HvwN3HPkeChVmy75EKnxDer6AHQYZo V0HtC9PkFQS1AseKIaxvHyf9N9YMwhCSLzo3Of4AsQzF2KWQ3ZdxxOQLlL1LBryd5cfSIgu6wuP3TDEPSJZDPCAR1kZ138L7sd24SUOoj7AoDTV60150= ; Message-ID: <20051008071604>
Received: from [59.92.35.72] by web35314.mail.mud.yahoo.com via HTTP; Sat, 08 Oct 2005 00:16:03 PDT
Date: Sat, 8 Oct 2005 00:16:03 -0700 (PDT)
From: "james carner" Add to Address Book Add Mobile Alert
Yahoo! DomainKeys has confirmed that this message was sent by yahoo.com. Learn more
Subject: Fwd: collegelife
To: raam_naam_satya_hai@yahoo.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-714430323-1128755763=:58781"
Content-Transfer-Encoding: 8bit
Content-Length: 417230


Received: from [59.92.35.72] by web35314.mail.mud.yahoo.com via HTTP; Sat, 08 Oct 2005 00:16:03 PDT

where 59.92.35.72 is the ip of the one send this mail usually in [..]

2.Hotmail

After Loggin on the Right top corner you can find Options.Just Click it.
And then click the Mail on the left under personal and click mail display settings.
Select full in message Headers and click ok

Then in the mail you can see something like this

MIME-Version: 1.0
Received: from web32514.mail.mud.yahoo.com ([68.142.207.224]) by bay0-mc1-f15.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 20 Dec 2005 02:01:10 -0800
Received: (qmail 48874 invoked by uid 60001); 20 Dec 2005 10:01:09 -0000
Received: from [59.92.97.178] by web32514.mail.mud.yahoo.com via HTTP; Tue, 20 Dec 2005 02:01:09 PST
X-Message-Info: JGTYoYF78jGeFkOXv4J7uO2ag1L4jHLrO91IFQszAj4=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=ChOifmyOhue+LKXKIxMj9fnDxP56wkOvrq0jwgf+H558LTYsjEBKd0sTlmqcHqVAjv/0ormxPKAsb252f4nSweX/36aKWe30b7OnaCqk1Z8ZxytmQVSY19LC5MI42T/s7hpiTb7tbIg8nipPJTtA8+xzXNkoUKzMI+PQVKXFFmk= ;
Return-Path: raam_naam_satya_hai@yahoo.com
X-OriginalArrivalTime: 20 Dec 2005 10:01:10.0963 (UTC) FILETIME=[4DEC6830:01C6054C]

Received: from [59.92.97.178] by web32514.mail.mud.yahoo.com via HTTP; Tue, 20 Dec 2005 02:01:09 PST

Here 59.92.97.178 is the IP of the one who send this mail to me.

=============================================================

A video On Completely Taking Over A Remote PC :

Hiya Hackerz,
Here i m posting another video made by me that shows how 2 get into a remote pc n completely take over d pc. Twisted Evil
Shocked!! but this is true...............
Check it out.............

Click here to download this video
SAUV :windows nt and xp ae based on the concept of sam.
All the pass and other things are stored in the form of sam files...
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)