dial up hacking by humayun khan

dial up hacking starts with a range on numbers to use with a wardialer. for phones
numbers you might look into getting some cd-roms of local phone books. this can be
a very time consuming process because you would want to dial all numbers within
your area code and maybe some different exchanges. like if your area code was 555
and the exchange was 333 then you would dial all numbers within the 555-333-xxxx
range to look for interesting things. you want the numbers that are connected to a
modem that have carriers. toneloc is good for this. toneloc can create a found.log
file that captures all of the found carriers during a scan. at the conclusion of
the scan, the log is reviewed and the phone numbers are individually dialed with a
computer. the user then attempts to identify the systems, and, depending on the
goals of the wardial, attempts system access. many wardialing tools, depending on
the modem used by the host, can also detect fax machines, private branch exchange
(pbx) access points, and human voice. for more info on wardialing and where you
can get them go here.

port scanning:

by dobromir montauk .
portscanning is the act of probing a computer on a network for open ports. a
useful tool for network administrators, portscanning can also search a computer
for its vulnerabilities. often it is compared to 'casing' a building for burglary,
which is why it is considered intrusive by many computer users. ports are used in
network communications to help sort traffic coming and going from one computer to
another. computers communicate over a network like ships carrying goods. the ships
need to know what city they're going to, and once they get to that city, they also
need to know what dock to go to. similarly, computers sending data need to know
what computer to send the data to, as well as what port on that computer the data
should be metaphorically 'unloaded' on. different programs can open ports,
allowing them access to data coming into their ports. certain programs open ports
only for sending data, some only for getting data, but most programs that
communicate with the internet open ports for both directions. programs such as aol
instant messenger, morpheus, other file-sharing programs, and web servers all
permanently open ports for communication. this is necessary so other computers can
connect and send messages, or share files. naturally, there exist ways of scanning
a computer for open ports. this can allow the scanner to detect which programs are
running on a particular computer (they will not be able to detect all programs,
but they may be able to detect some or even most of them). since many programs
that sit on open ports can be hacked, and thus give an intruder access to the
entire computer, this information is very important to hackers or crackers.
portscanning is almost always the first tool in every intruder's arsenal. thus,
system administrators and computer users often find portscanning very intrusive.
they don't know why they're being scanned, and so they usually expect the worst.
they often get angry and defensive if the same computer repeatedly scans them. for
more in depth details and different types of scans check this out .

netstat:
netstat was developed with open, co-operative computing in mind, but with the rise
of security awareness more systems administrators are choosing to turn services
like netstat off by commenting out the line in/etc/services or equivalent. the
netstat service can tell what computers are on the network. it also lists services
that are running on the computers allowing a cracker to explore and attempt to
take over those services by researching old techniques.
________________________________________________________________

netstat made easy by ankit fadia ankit@bol.net.in

________________________________________________________________

a lot of times, i hear people asking questions like, how to find out the ip of a
friend? or how to find out your own ip? how do i know, which ports are open on my
system? how do i make sure whether my system is infected with a trojan or not?

well, for all above questions (and more) there is one simple answer: the netstat
command.

microsoft has this weird tendency of hiding or making sure that such �useful�
utilities are not easily accessible to the users. however, they fail to understand
that putting a utility in the windows directory and not listing it anywhere does
not make it hidden.

the �netstat� command is accessible through the command line prompt. simply launch
msdos and:

c:\cd windows

c:\windows>

note: normally, well, almost always, dos opens by default in the windows
directory, however, for those of you whose default dos directory is not windows,
the above would prove helpful.

anyway, before we move on, we need to understand what exactly the netstat command
is used for. this command is by default used to get information on the open
connections on your system (ports, protocols being used etc), incoming and
outgoing data and also the ports of remote systems to which we are connected.
�netstat� gets all this networking information by reading the kernel routing
tables in the memory.

according to the rfc on internet tool catalog, �netstat� is defined as:

�netstat is a program that accesses network related data structures within the
kernel, then provides an ascii format at the terminal. netstat can provide
reports on the routing table, tcp connections, tcp and udp "listens", and protocol
memory management.�

anyway, now that we know what netstat is all about, we are in a position to start
using it. once, you have launched msdos, you can read the msdos help on netstat by
giving the following command:
c:\windows>netstat /?

displays protocol statistics and current tcp/ip network connections.

netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a displays all connections and listening ports.

(server-side connections are normally not shown).

-e displays ethernet statistics. this may be combined with

the -s option.

-n displays addresses and port numbers in numerical form.

-p proto shows connections for the protocol specified by

proto; proto may be tcp or udp. if used with the-soption to
display per-protocol statistics, proto may be tcp, udp, or ip.

-r displays the contents of the routing table.

-s displays per-protocol statistics. by default, statistics are

shown for tcp, udp and ip; the

-p option may be used to specify a subset of the default.

interval redisplays selected statistics, pausing interval
seconds between each display. press ctrl+c to
stop redisplaying statistics. if omitted, netstat will print
the current configuration information once.

however, like always, the help provided by msdos, can be used only as a reference,
it is not at all sufficient for a complete newbie.

so, let us try out each command and see the result and also understand what
exactly happens when we execute it and what all the results displayed mean.

firstly, we will start with the netstat command with the �a argument.

now, the ��a� option is used to display all open connections on the local machine.
it also returns the remote system to which we are connected to, the port numbers
of the remote system we are connected to (and the local machine) and also the type
and state of connection we have with the remote system.

for example,

c:\windows>netstat -a
active connections

proto local address foreign address state

tcp ankit:1031 dwarf.box.sk:ftp established

tcp ankit:1036 dwarf.box.sk:ftp-data time_wait

tcp ankit:1043 banners.egroups.com:80 fin_wait_2

tcp ankit:1045 mail2.mtnl.net.in:pop3 time_wait

tcp ankit:1052 zztop.boxnetwork.net:80 established

tcp ankit:1053 mail2.mtnl.net.in:pop3 time_wait

udp ankit:1025 *:*

udp ankit:nbdatagram *:*

now, let us take a single line from the above output and see what it stands for:

proto local address foreign address state

tcp ankit:1031 dwarf.box.sk:ftp established

now, the above can be arranged as below:

protocol: tcp (this can be transmission control protocol or tcp, user datagram
protocol or udp or sometimes even, ip or internet protocol.)

local system name: ankit (this is the name of the local system that you set during
the windows setup.)

local port opened and being used by this connection: 1031

remote system: dwarf.box.sk (this is the non-numerical form of the system to which
we are connected.)

remote port: ftp (this is the port number of the remote system dwarf.box.sk to
which we are connected.)

state of connection: established

�netstat� with the ��a� argument is normally used, to get a list of open ports on
your own system i.e. on the local system. this can be particularly useful to check
and see whether your system has a trojan installed or not. yes, most good
antiviral software are able to detect the presence of trojans, but, we are
hackers, and need to software to tell us, whether we are infected or not. besides,
it is more fun to do something manually than to simply click on the �scan� button
and let some software do it.

the following is a list of trojans and the port numbers which they use, if you
netstat yourself and find any of the following open, then you can be pretty sure,
that you are infected.

port 12345(tcp) netbus

port 31337(udp) back orifice

for complete list, refer to the tutorial on trojans at:

hackingtruths.box.sk/manuals.htm

***********************

hacking truth: some of you might me wondering, as to what the high port numbers
after the local machine�s name stand for?

eg. ankit:1052

port numbers upto 1024 normally have a specific kind of service running on it.
infact there is a complete rfc on assigned port numbers- rfc 1700.

however, port numbers over 1024 are used by your system to connect to remote
computers. for example, say your browser wants to establish a connection with
http://www.hotmail.com/, then what it will do is, it will take up a random port
number above 1024, open it and use it to communicate with the hotmail server.

***********************

ok, now let us move on further, to a variant of the above command, the netstat �n

the netstat �n command is basically the numerical form of the netstat �a command.
the main and probably the only difference between the two is that the former shows
the addresses of the local and remote systems in numerical form (hence �n) while
the latter shows the addresses in non-numerical form.

let us see an example to understand better:

c:\>netstat -n

active connections
 proto local address foreign address state

tcp 203.xx.251.161:1031 194.1.129.227:21 established

tcp 203.xx.251.161:1043 207.138.41.181:80 fin_wait_2

tcp 203.xx.251.161:1053 203.94.243.71:110 time_wait

tcp 203.xx.251.161:1058 194.1.129.227:20 time_wait

tcp 203.xx.251.161:1069 203.94.243.71:110 time_wait

tcp 203.xx.251.161:1071 194.98.93.244:80 established

tcp 203.xx.251.161:1078 203.94.243.71:110 time_wait

although this too gives us similar results, but there are some differences,
mainly-:

instead of the name of the local machine, the actual ip address of the local
machine is shown.
i am not sure, about this, but after testing repeatedly, netstat �n seems to not
return information on non-tcp connections. so, it does not seem to consider udp.

if you read the alt.2600 newsgroup regularly or any other newsgroup for that, they
you would probably have seems atleast 2-3 daily posting whose body read: how do i
find out my own ip?

well, this option of netstat is most commonly used to do just that, find out your
own ip. also, some people somehow seem to feel more comfortable with numbers, than
with understandable hostnames.

this form of netstat does make life easier for us, as the port numbers are
displayed, which makes relating to everything easier.

getting the ip of a person is all, that one needs to be able to damage his system.
so, basically hiding your ip from hackers and getting the ip of the victim is some
of the most important things that people are concerned with. using ip hiding
facilities has become increasingly popular. however, are these so called ip hiding
totally anonymous services or software truly and perfectly anonymous? there is
only one answer: they are nowhere near totally anonymous. consider the following
example, to understand how lame some of such utilities are.

i seek you or icq is one of the most popular chatting software around. with it not
only comes easy pastime, but also security concerns. icq has an inbuilt ip address
hider, which when enabled is supposedly able to hide your ip from the users you
are chatting with. however, like most ip hiding software, this too is nowhere near
good. you can find out the ip address of any icq user, even if ip hiding has been
enabled, by following the below process.

1.) launch msdos and type netstat �n to get a list of already open ports and
the ip�s of the machines with which a connection has been established. note down
this list somewhere.

2.) now, launch icq and send a message to the victim.

3.) while you are still chatting, go back to dos and again give the netstat
�n command. you will find that a new ip signifying a new connection. this would be
the ip address of the victim. get it?

till now, both with the �-a� and �-n� argument, we saw that the connections
returned or displayed on the screen, were not of a particular protocol. this means
that connections of tcp, udp or even ip were shown. however, say you want to see
only those connections which belong to udp, then you make use of the �-p�
argument.

the general format of the netstat command with the �-p� argument is as followed:

netstat �p xxx

where xxx can be either udp or tcp. the usage of this argument will become clearer
with the following example, which demonstrates how to view only tcp connections.

c:\>netstat -p tcp

active connections

proto local address foreign address state

tcp ankit:1031 dwarf.box.sk:ftp established

tcp ankit:1043 banners.egroups.com:80 fin_wait_2

tcp ankit:1069 mail2.mtnl.net.in:pop3 time_wait

tcp ankit:1078 mail2.mtnl.net.in:pop3 time_wait

tcp ankit:1080 mail2.mtnl.net.in:pop3 time_wait

tcp ankit:1081 www.burstnet.com:80 fin_wait_2

tcp ankit:1083 zztop.boxnetwork.net:80 time_wait

this is basically nothing but a variation of the �-a� and �-n� commands.

anyway, so let us move on to the arguments associated with �netstat�.

now, we come to the �-e� option of �netstat�. let us set what dos returns, when
this command is given:
c:\>netstat -e

interface statistics

received sent

bytes 135121 123418

unicast packets 419 476

non-unicast packets 40 40

discards 0 0

errors 0 0

unknown protocols 0

well, sometimes the number of data packets sent and received is not shown properly
by some faulty or un-compatible modems. during, such cases, this command comes
handy. the output returned by it, is quite obvious. also, it can be used to check
for faulty downloads, or errors, which might have occurred during the tcp/ip,
transfer process.

with this we come to the last argument associated with netstat, the �-r� argument.
this is not commonly used, and is a bit difficult to understand. i will simply
give you an example of it in this manual. a proper and detailed description would
be provided in another manual. hacking using routing tables is considered to be
very elite and not many people are comfortable using it. however, like all things
associated with computers, it is not as difficult as it is projected to be.

c:\windows>netstat -r

route table

active routes:

network address netmask gateway address

interface metric

0.0.0.0 0.0.0.0 203.94.251.161 203.94.251.161

1

127.0.0.0 255.0.0.0 127.0.0.1

127.0.0.1 1

203.94.251.0 255.255.255.0 203.94.251.161

203.94.251.161 1

203.94.251.161 255.255.255.255 127.0.0.1

127.0.0.1 1

203.94.251.255 255.255.255.255 203.94.251.161

203.94.251.161 1

224.0.0.0 224.0.0.0
203.94.251.161 &sitepics/hackingpicsnbsp; 203.94.251.161 1

255.255.255.255 255.255.255.255 203.94.251.161

203.94.251.161 1

network address netmask gateway address

interface metric

0.0.0.0 0.0.0.0 203.94.251.161

203.94.251.161 1

127.0.0.0 255.0.0.0 127.0.0.1

127.0.0.1 1

203.94.251.0 255.255.255.0 203.94.251.161

203.94.251.161 1

203.94.251.161 255.255.255.255 127.0.0.1

127.0.0.1 1

203.94.251.255 255.255.255.255 203.94.251.161

203.94.251.161 1

224.0.0.0 224.0.0.0
203.94.251.161 203.94.251.161 1

255.255.255.255 255.255.255.255 203.94.251.161

203.94.251.161 1

active connections

proto local address foreign address state

tcp ankit:1031 dwarf.box.sk:ftp established

tcp ankit:1043 banners.egroups.com:80 fin_wait_2

tcp ankit:1081 www.burstnet.com:80 fin_wait_2

tcp ankit:1093 zztop.boxnetwork.net:80 time_wait

tcp ankit:1094 zztop.boxnetwork.net:80 time_wait

tcp ankit:1095 mail2.mtnl.net.in:pop3 time_wait

tcp ankit:1096 zztop.boxnetwork.net:80 time_wait

 tcp ankit:1097 zztop.boxnetwork.net:80 time_wait

tcp ankit:1098 colo88.acedsl.com:80 established

tcp ankit:1099 mail2.mtnl.net.in:pop3 time_wait

well, i hope you liked this manual. even if not, then you better do. ; ) bye.

humayun khan

humayunmailbox@gmail.com (i answer all my mails, however, not promptly.)

telnet:
for dial-up hacking check out telenet by l.o.d.

the telnet protocol has been implemented on a variety of systems. each is

different, so specific commands depend on your version. however, all versions
function similarly, so there are a few general guidelines to follow. the one
common element across the disparate environments of the internet is the tcp/ip
software protocol suite, the basis of communications. telnet, the terminal-handler
portion of the tcp/ip protocol suite, is the cornerstone of this striking
communications technology. telnet handles the remote login to another internet
host, so it is useful to know something about the way it works. telnet operates in
a client/server environment in which one host (the computer you are using, running
client (user) telnet) negotiates opening a session on another computer (the remote
host, running server telnet). during the behind-the-scenes negotiation process,
the two computers agree on the parameters governing the session. one of the first
things they settle is the terminal type to be used -- in general, a line-by-line
network virtual terminal, for simplicity's sake. virtual terminal, in this
context, refers to a set of terminal characteristics and sequences that both sides
of a network connection agree to use to transmit data from terminals across the
network, regardless of the terminal used.