Cmd hacking commands
I am Sure u guys Know All these commands.... I want to Help The Beginners.. So i am Posting This....
Useful Things to do on CMD!
First, open your Network Connection and right click and select Properties. Then Select TCP/IP and click on Properties again. Now Click on Advanced and WINS tab. Select Default for NeBIOS.
Now back to the main Local Area Connection window, select File and Print Sharing for Mic*ft Networks and hit enter.
This is just to make sure you have NetBIOS enabled. We will have some fun with NetBIOS on CMD.
First thing you need to know is some very helpfull commands to use on CMD(Command Prompt).
In case you don't know how to get CMD open in your box, then click on Start, then Run, then type "cmd" (no quotes, off course... you know the drill).
Back to commands:
nslookup
net view
net use
net user
ping
tracert
arp
route
nbtstat
netstat
ipconfig
In case you don't know some of them, then just type the command on CMD and hit enter. A little help will show up in your screen. Read it and understand what the command does.
Lets start easy...
1) ping : This command will allow you to know if the host you pinging is alive, which means if it is up at the time of executing the "ping" command.
ping x.x.x.x (x is the IP address)
or
ping http://www.whatever.com (http://www.whatever.com is the website you want to ping, but you don't know the IP)
OBS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host down.
2) nslookup : This command has many functionalities.
One is for resolving DNS into IP.
Lets say you know the website URL but you don't know its IP(and you want to find out).
nslookup http://www.whatever.com (http://www.whatever.com is the website you want to find out the IP)
Now, another really nice function of nslookup is to find out IP of specific Mail Severs
nslookup (enter)
set type=mx (enter)
yahoo.com
This command will give you the mail server IP of yahoo.com. You can use whatever server you want and if it is listed on DNS, then you get the IP. Simple, isn't it?
OK, now why would you want to have an IP of a mail server?
To send spoofed mail to your friends or even for SE.
In case you looking for "How to spoof email", then look for my "How to spoof email tutorial" http://www.infowar.com/forums/showth...&threadid=2360
3) tracert : This command will give you the hops that a packet will travel to reach its final destination.
OBS: This command is good to know the route a packet takes before it goes to the target box.
tracert x.x.x.x (x is the IP address)
or
tracert http://www.whatever.com (http://www.whatever.com is the website you don't know the IP)
4) arp : This command will show you the arp table. This is good to know if someone is doing arp poisoning in your LAN.
arp -a
5) route : This command will show you the routing table, gateway, interface and metric.
Code:
route print
6) ipconfig : This command will show tons of very helpful things.
Your IP, gateway, dns in use.
Code:
ipconfig
or
Code:
ipconfig /all
this command will give all that info but for all networks you might have it.
Also, in case you have a dynamic IP and want to change it, then type...
Code:
ipconfig /release (this will release your IP)
ipconfig /renew (this will renew your iP)
OBS: Keep in mind that those commands will change your IP, but the new IP will still be tighed up to you. So don't do anything stupid.
7) netstat : This command will show you connection to your box.
Code:
netstat
or
Code:
netstat -a (this will show you all the listening ports and connection with DNS names)
netstat -n (this will show you all the open connection with IP addresses)
netstat -an (this will combined both of the above)
net view x.x.x.x or computername (will list the available sharing folders on the target box)
Now some hints:
Code:
net use \ipaddressipc$ "" /user:administrator
(this command will allow you to connect to the target box as administrator)
Now if you want to connect to the target box and browse the entire C drive, then use this command:
Code:
net use K: \computernameC$
(this will create a virtual drive on your "my computer" folder)
OBS: Keep in mind that this will only works if the target box doesn't have an administrator password set.
And least but not last, the "help" command.
Quote:
whatevercommand /help
or
Quote:
whatevercommand /?
This command will help you to understand what it does and all the switchs available for each command.
Very useful if you know the command, but forgot the right switch.
Welcome To The World Of Exploitation & Ethical Hacking
Live Ddos View
Live DDoS Attack Map | Apakau
Live DDoS Attack Map
This map is the fruit of collaboration between Google Ideas and Arbor Networks in an effort to raise awareness about distributed denial of service attacks in the world everyday.
Exploring the Data
The Digital Attack Map displays global DDoS activity on any given day. Attacks are displayed as dotted lines, scaled to size, and placed according to the source and destination countries of the attack traffic when known. Some features include:
- Use the histogram at the bottom of the map to explore historical data.
- Select a country to view DDoS activity to or from that country.
- Use the color option to view attacks by class, duration, or source/destination port.
- Use the news section to find online reports of attack activity from a specified time.
- View the gallery to explore some examples of days with notable DDoS attacks.
Tuesday, May 19, 2015
Create a CookieLogger and Hack any Account
Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a CookieLogger?
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today I am going to show How to make your own Cookie Logger…Hope you will enjoy Reading it …
Step 1: Save the notepad file from the link below and Rename it as Fun.gif:
Step 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php:
Step 3: Create a new Notepad File and Save it as logfile.txt
Step 4: Upload this file to your server
cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif
If you don’t have any Website then you can use the following Website to get a Free Website which has php support :
http://0fees.net
step 5: Go to the victim forum and insert this code in the signature or a post :
![[​IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uEqN8B9Hwsw1zDfmHbbnvayqjEi55psLSm_znrMtjqLcYORSABNAKiAqTUA2lirFLx35slpiGkLg=s0-d)
Step 6: When the victim see the post he view the image u uploaded but when he click the image he has a Temporary Error and you will get his cookie in log.txt . The Cookie Would Look as Follows:
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9
Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.
Step 8: Goto the Website whose Account you have just hacked and You will find that you are logged in as the Victim and now you can change the victim’s account information.
Note : Make Sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.
Disclaimer: I don’t take Responsibility for what you do with this script, served for Educational purpose only. …
What is a CookieLogger?
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today I am going to show How to make your own Cookie Logger…Hope you will enjoy Reading it …
Step 1: Save the notepad file from the link below and Rename it as Fun.gif:
UnHidden Content:
http://crocko.com/1702516956.html
Step 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php:
Step 3: Create a new Notepad File and Save it as logfile.txt
Step 4: Upload this file to your server
cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif
If you don’t have any Website then you can use the following Website to get a Free Website which has php support :
http://0fees.net
step 5: Go to the victim forum and insert this code in the signature or a post :
UnHidden Content:
http://crocko.com/1702516964.html
![[​IMG]](http://www.yoursite.com/fun.gif)
Step 6: When the victim see the post he view the image u uploaded but when he click the image he has a Temporary Error and you will get his cookie in log.txt . The Cookie Would Look as Follows:
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9
Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.
Step 8: Goto the Website whose Account you have just hacked and You will find that you are logged in as the Victim and now you can change the victim’s account information.
Note : Make Sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.
Disclaimer: I don’t take Responsibility for what you do with this script, served for Educational purpose only. …
Hacking Any PC Using IP Address
Literally, hacking is to get something or someone on the internet without
their consent or interest. While speaking of a short, hacking is a very easy
job, it is as if instead of the using front door, finding a hidden door of a
house and the seizure of valuables(hijacking the precious things). Among
the main hacking, hacking through the IP address is one of the most
common yet with a powerful beggining.
You may want to hack the website and put your advertisement there or grab
some database information.
In this type of hacking, you are playing with the web server’s computer
instead of the administrator’s computer.
Because for eg. www.website.com is in a separate Web server instead of
the personal computer.
Another might be to access the computer of your friend from your home.
Again, based on IP, and it is only possible when your friend’s computer is
online. If it is off or not connected to the Internet, allowing external IP
hacking(remote IP Hacking) is quite impossible.
Well, both have the same process. So Let's summarize what we should do.
First Of All Confirm the site or the computer you wanna hack.
1. Discover or trace their IP addresses.
2. Verify that the IP address is online
3. Scan open ports
4. Check the doors Venerability(for venerable ports)
5. Access through the door(probably the port).
6. Brute force username and password
Now let me just briefly describe the basic steps that a child can also
understand if you didnt get.
First, get the IP address of the victim.
To get the IP address of the victim's website, ping for it in command
prompt.
For example,
ping www.google.com
=>
To retrieve the IP address of google.com
That's how we can get the IP address of the victim's website.
What about your friend's PC? You can't do www.yourfriendname.com, huh?
Finding the IP address of your friend's PC is a bit complicated and most
difficult, if it has a dynamic IP address, which changes constantly.
A common method to detect the IP address of your friend is talking to him.
Go Here From your Friend's Computer:
http://www.tracemyip.org/
From Here You Can Check Out His IP-Address & Note It Down somewhere.
Now, did you have the IP address?
If yes then do check it out if he/she's online? ITo know the online status just
ping the IP address, if it is online it will reply.
If the IP address is online, scan for the open ports. Open ports are like
closed doors, without locks, you can get in and out easily.
Use the Advanced Port Scanner to scan all open and venerable ports/doors.
Now that you have the IP address and open port of the victim, now you can
use telnet to try to access it.
Make sure you have telnet enabled on your computer or install it from:
Control Panel > Add or Remove Programs > Add Windows Components
Then open command prompt and use the telnet command to access the IP
address.
Use the following syntax for the connection.
You will be prompted for login information.
If you can easily guess the information then it's okay. Or you can use some
brute force tools below.
1. Brutus
Brutus is one of the fastest, most flexible remote password crackers you can
get your hands on - is also free. It 'available for Windows 9x, NT and 2000,
there is no UN * X version available although it is possible at some point in
the future. This Windows-only cracker bangs against network services of
remote systems trying to guess passwords using a dictionary and its
permutations. It supports HTTP, POP3, FTP, SMB, Telnet, IMAP, NTP, and
more.
Platform: Windows
2. THC-HYDRA
This tool enables the rapid dictionary attacks against systems connecting to
the network, including FTP, POP3, IMAP, Net-bios, Telnet, HTTP
authentication, LDAP NNTP, VNC, ICQ, SOCKS5, PCNFS, and more. Includes
SSL support and is apparently now part of Nessus.
Platform: UNIX , Windows
3. TSGrinder
TSGrinder terminal server is the first gross instrument of force. The main
idea is that the administrator account, since it cannot be locked out for local
logons, can be brute forced. And having an encrypted channel for the
process of TS Logon that helps to keep IDS from catching the attempts.
This is a "dictionary" based attack tool, but has some interesting features
like "1337" conversion and supports multiple attack windows from a single
dictionary file. It supports multiple password attempts in the same way, and
lets you specify how often you try a combination of username / password
on a particular connection.
Platform: Windows
In this way, you will be able to hack remote computer using just the IP
address . !!
Enjoy With Us
#DarkSec
their consent or interest. While speaking of a short, hacking is a very easy
job, it is as if instead of the using front door, finding a hidden door of a
house and the seizure of valuables(hijacking the precious things). Among
the main hacking, hacking through the IP address is one of the most
common yet with a powerful beggining.
You may want to hack the website and put your advertisement there or grab
some database information.
In this type of hacking, you are playing with the web server’s computer
instead of the administrator’s computer.
Because for eg. www.website.com is in a separate Web server instead of
the personal computer.
Another might be to access the computer of your friend from your home.
Again, based on IP, and it is only possible when your friend’s computer is
online. If it is off or not connected to the Internet, allowing external IP
hacking(remote IP Hacking) is quite impossible.
Well, both have the same process. So Let's summarize what we should do.
First Of All Confirm the site or the computer you wanna hack.
1. Discover or trace their IP addresses.
2. Verify that the IP address is online
3. Scan open ports
4. Check the doors Venerability(for venerable ports)
5. Access through the door(probably the port).
6. Brute force username and password
Now let me just briefly describe the basic steps that a child can also
understand if you didnt get.
First, get the IP address of the victim.
To get the IP address of the victim's website, ping for it in command
prompt.
For example,
ping www.google.com
=>
To retrieve the IP address of google.com
That's how we can get the IP address of the victim's website.
What about your friend's PC? You can't do www.yourfriendname.com, huh?
Finding the IP address of your friend's PC is a bit complicated and most
difficult, if it has a dynamic IP address, which changes constantly.
A common method to detect the IP address of your friend is talking to him.
Go Here From your Friend's Computer:
http://www.tracemyip.org/
From Here You Can Check Out His IP-Address & Note It Down somewhere.
Now, did you have the IP address?
If yes then do check it out if he/she's online? ITo know the online status just
ping the IP address, if it is online it will reply.
If the IP address is online, scan for the open ports. Open ports are like
closed doors, without locks, you can get in and out easily.
Use the Advanced Port Scanner to scan all open and venerable ports/doors.
Now that you have the IP address and open port of the victim, now you can
use telnet to try to access it.
Make sure you have telnet enabled on your computer or install it from:
Control Panel > Add or Remove Programs > Add Windows Components
Then open command prompt and use the telnet command to access the IP
address.
Use the following syntax for the connection.
You will be prompted for login information.
If you can easily guess the information then it's okay. Or you can use some
brute force tools below.
1. Brutus
Brutus is one of the fastest, most flexible remote password crackers you can
get your hands on - is also free. It 'available for Windows 9x, NT and 2000,
there is no UN * X version available although it is possible at some point in
the future. This Windows-only cracker bangs against network services of
remote systems trying to guess passwords using a dictionary and its
permutations. It supports HTTP, POP3, FTP, SMB, Telnet, IMAP, NTP, and
more.
Platform: Windows
2. THC-HYDRA
This tool enables the rapid dictionary attacks against systems connecting to
the network, including FTP, POP3, IMAP, Net-bios, Telnet, HTTP
authentication, LDAP NNTP, VNC, ICQ, SOCKS5, PCNFS, and more. Includes
SSL support and is apparently now part of Nessus.
Platform: UNIX , Windows
3. TSGrinder
TSGrinder terminal server is the first gross instrument of force. The main
idea is that the administrator account, since it cannot be locked out for local
logons, can be brute forced. And having an encrypted channel for the
process of TS Logon that helps to keep IDS from catching the attempts.
This is a "dictionary" based attack tool, but has some interesting features
like "1337" conversion and supports multiple attack windows from a single
dictionary file. It supports multiple password attempts in the same way, and
lets you specify how often you try a combination of username / password
on a particular connection.
Platform: Windows
In this way, you will be able to hack remote computer using just the IP
address . !!
Enjoy With Us
#DarkSec
Subscribe to:
Posts (Atom)