What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

The Net View Command
Now let's have some serious fun. Your web browser and your file transfer program, which operates as part of your web browser, uses TCP/IP to connect. What happens if we use NetBIOS instead of your browser to try to download files from Oldguy's webserver/ftp server?
Let's try some more NetBIOS commands:
C:\>net view \\10.0.0.2
System error 53 has occurred.
The network path was not found.
I got this message because my firewall blocked access to Oldguy, giving the message:
The firewall has blocked Internet access to 10.0.0.2 (TCP Port 445) from your computer [TCP Flags: S].
There's a good reason for this. My firewall/IDS is trying to keep me from carelessly making my computer a part of some stranger's LAN. Keep in mind that NetBIOS is a two-way street. However, I want to run this command, so I shut down Zone Alarm and give the command again:
C:\>net view \\10.0.0.2
Shared resources at \\10.0.0.2
Share name Type Used as Comment
--------------------------------------------------------
ftproot Disk
InetPub Disk
wwwroot Disk
The command completed successfully.
This is a list of shared directories. Oooh, look at that, the ftp server is shared. Does this mean I can get in? When setting shares on a Windows NT server, the default choice is to allow access to read, write and delete files to everyone. So sometimes a sysadmin carelessly fails to restrict access to a share. Yes, Windows NT is obsolete. But you would be surprised at how many ancient servers are still on the Internet.
What is really important is that we didn't need a user name or password to get this potentially compromising information.
Let's establish an anonymous connection to Oldguy, meaning we connect without giving it a user name or password:
C:\>net use \\10.0.0.2\ipc$
Local name
Remote name \\10.0.0.2\IPC$
Resource type IPC
Status OK
# Opens 0
# Connections 1
The command completed successfully.
We are connected!
**********************
Newbie note: IPC (ipc$) stands for "Inter Process Connector", used to set up connections across a network between Windows computers using NetBIOS.
**********************
What to Do Once you Are Connected
So far we haven't quite been breaking the law, although we have been getting pretty rude if the owner of that target computer hasn't given us permission to explore. What if we want to stop pushing our luck and decide to disconnect? Just give the message:
C:\>net session \\10.0.0.2 /delete
Of course you would substitute the name or number of the computer to which you are connected for 10.0.0.2.
What if you want to stay connected? Oldguy will let you stay connected even if you do nothing more. By contrast, a login to a Unix/Linux type computer will normally time out and disconnect you if you go too long without doing anything.
Next: How to Break in Using the Windows Graphical User Interface -->



Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group



Return to the index of Guides to (mostly) Harmless Hacking!

© 2013 Happy Hacker All rights reserved.