Sie sind auf Seite 1von 5

Is is possible to hack windows XP of my friends computer

XP Hacking with Windows XP so you have the newest, glitziest, "Fisher


Price" version of Windows: XP.
How can you use XP in a way that sets you apart from the boring millions of
ordinary users?
The key to doing amazing things with XP is as simple as D O S. Yes, that’s right,
DOS as in MS-DOS, as in Microsoft Disk Operating System.

Windows XP (as well as NT and 2000) comes with two versions of DOS.
Command.com is an old DOS version. Various versions of command.com come
with Windows 95, 98, SE, ME, Window 3, and DOS only operating systems.
The other DOS, which comes only with XP, 2000 and NT, is cmd.exe.

Usually cmd.exe is better than command.com because it is easier to use, has


more commands, and in some ways resembles the bash shell in Linux and other
Unix-type operating systems. For example, you can repeat a command by using
the up arrow until you back up to the desired command. Unlike bash, however,
your DOS command history is erased whenever you shut down cmd.exe. The
reason XP has both versions of DOS is that sometimes a program that won’t run
right in cmd.exe will work in command.com

Note: m not comparing bash to dos DOS is your number one Windows gateway
to the Internet, and the open sesame to local area networks. From DOS,
without needing to download a single hacker program, you can do amazingly
sophisticated explorations and even break into poorly defended computers.

****************You can go to jail warning: Breaking into computers is against the


law if you do not have permission to do so from the owner of that computer.
For example, if your friend gives you permission to break into her Hotmail
account, that won't protect you because Microsoft owns Hotmail and they will
never give you permission.

******************************You can get expelled warning: Some kids have been


kicked out of school just for bringing up a DOS prompt on a computer. Be sure
to get a teacher's WRITTEN permission before demonstrating that you can hack
on a school computer.

****So how do you turn on DOS? Click All Programs -> Accessories -> Command
Prompt that runs cmd.exe. You should see a black screen with white text on it,
saying something like this: Microsoft Windows XP [Version 5.1.2600](C)
Copyright 1985-2001 Microsoft Corp. C:\>Your first step is to find out what
commands you can run in DOS. If you type "help" at the DOS prompt, it gives
you a long list of commands.

However, this list leaves out all the commands hackers love to use. Here are
some of those left out hacker commands. TCP/IP commands: telnet, net stat,
nslookup, tracert, ping, ftp, NetBIOS commands (just some examples):nbt stat
netuse netview net localgroupTCP/IP stands for transmission control
protocol/Internet protocol. As you can guess by the name, TCP/IP is the
protocol under which the Internet runs. Along with user datagram protocol
(UDP). So when you are connected to the Internet, you can try these commands
against other Internet computers. Most local area networks also use TCP/IP.
NetBIOS (Net Basic Input/Output System) protocol is another way to
communicate between computers. This is often used by Windows computers,
and by Unix/ Linux type computers running Samba. You can often use NetBIOS
commands over the Internet (being carried inside of, so to speak, TCP/IP). In
many cases, however, NetBIOS commands will be blocked by firewalls. Also ,
not many Internet computers run NetBIOS because it is so easy to break in using
them. I will cover NetBIOS commands in the next article to XP Hacking. The
queen of hacker commands is telnet. To get Windows help for telnet, in
thecmd.exe window give the

command: C:\>telnet /?Here's what you will

get: telnet [-a][-e escape char][-f log file][-l user][-t term][host[port]]-a

Attempt automatic logon. Same as --l option except uses the currently
loggedon user's name.-e Escape character to enter telnet cclient prompt.-f File
name for client side logging-l Specifies the user name to log in with on the
remote system support the TELNET ENVIRON option.-t Specifies terminal type.
Supportedd term types are vt100, vt52, ansi and vtntonly.host Specifies the
hostname or IP address of the remote computer to connect to.port Specifies a
port number or service name.****************Newbie note: what is a port on a
computer? A computer port is sort of like aseaport. It's where things can go in
and/or out of a computer. Some ports areeasy to understand, like keyboard,
monitor, printer and modem. Other ports arevirtual, meaning that they are
created by software. When that modem port ofyours (or LAN or ISDN or DSL) is
connected to the Internet, your computer hasthe ability to open or close any of
over 65,000 different virtual ports, and hasthe ability to connect to any of
these on another computer - if it is runningthat port, and if a firewall doesn?t
block it.********************************Newbie note: How do you address a
computer over the Internet? There are twoways: by number or by
name.****************The simplest use of telnet is to log into a remote computer.
Give the command:C:/>telnet targetcomputer.com (substituting the name of
the computer you want totelnet into for targetcomputer.com)If this computer
is set up to let people log into accounts, you may get themessage:login:Type
your user name here, making sure to be exact. You can't swap between
lowercase and capital letters. For example, user name Guest is not the same as
guest.****************Newbie note: Lots of people email me asking how to learn
what their user nameand password are. Stop laughing, darn it, they really do. If
you don't know youruser name and password, that means whoever runs that
computer didn't give you anaccount and doesn't want you to log
on.****************Then comes the message:Password:Again, be exact in typing in
your password.What if this doesn't work?Every day people write to me
complaining they can't telnet. That is usuallybecause they try to telnet into a
computer, or a port on a computer that is setup to refuse telnet connections.
Here's what it might look like when a computerrefuses a telnet connection:C:\
>telnet 10.0.0.3Connecting To 10.0.0.3...Could not open connection to the
host, on port 23. Aconnection attempt failed because the connected party did
not properly respondafter a period of time, or established connection failed
because connected hosthas failed to respond.Or you might see:C:\ >telnet
hotmail.comConnecting To hotmail.com...Could not open connection to the
host, on port23. No connection could be made because the target machine
actively refused it.If you just give the telnet command without giving a port
number, it willautomatically try to connect on port 23, which sometimes runs a
telnet server.**************Newbie note: your Windows computer has a telnet
client program, meaning it willlet you telnet out of it. However you have to
install a telnet server beforeanyone can telnet into port 23 on your
computer.*************If telnet failed to connect, possibly the computer you were
trying to telnetinto was down or just plain no longer in existence. Maybe the
people who runthat computer don't want you to telnet into it.Even though you
can't telnet into an account inside some computer, often you canget some
information back or get that computer to do something interesting foryou. Yes,
you can get a telnet connection to succeed -without doing anythingillegal --
against almost any computer, even if you don't have permission to login. There
are many legal things you can do to many randomly chosen computerswith
telnet. For example:C:/telnet freeshell.org 22SSH-1.99-OpenSSH_3.4p1That
tells us the target computer is running an SSH server, which enablesencrypted
connections between computers. If you want to SSH into an accountthere, you
can get a shell account for free at http://freeshell.org/ . You canget a free SSH
client program from http://winfiles.com/ .***************You can get punched in
the nose warning: Your online provider might kick you offfor making telnet
probes of other computers. The solution is to get a localonline provider and
make friends with the people who run it, and convince themyou are just doing
harmless, legal explorations.*************Sometimes a port is running an
interesting program, but a firewall won't let youin. For example, 10.0.0.3, a
computer on my local area network, runs an emailsending program, (sendmail
working together with Postfix, and using Kmail tocompose emails). I can use it
from an account inside 10.0.0.3 to send emailswith headers that hide from
where I send things.If I try to telnet to this email program from outside this
computer, here's whathappens:C:\>telnet 10.0.0.3 25Connecting To
10.0.0.3...Could not open connection to the host, on port 25. No connection
could be made because the target machine actively refused it.However, if I log
into an account on 10.0.0.3 and then telnet from inside toport 25, here's what I
get:Last login: Fri Oct 18 13:56:58 2002 from 10.0.0.1Have a lot of
fun...cmeinel@test-box:~> telnet localhost 25Trying ::1...telnet: connect to
address ::1: Connection refusedTrying 127.0.0.1... [Carolyn's note: 127.0.0.1 is
the numerical address meaninglocalhost, the same computer you are logged
into]Connected to localhost.Escape character is '^]'.220 test-box.local ESMTP
PostfixThe reason I keep this port 25 hidden behind a firewall is to keep people
fromusing it to try to break in or to forge email. Now the ubergeniuses reading
thiswill start to make fun of me because no Internet address that begins with
10. isreachable from the Internet. However, sometimes I place this "test-box"
computeronline with a static Internet address, meaning whenever it is on the
Internet,it always has the same numerical address. I'm not going to tell you
what itsInternet address is because I don't want anyone messing with it. I just
want tomess with other people's computers with it, muhahaha. That's also why
I alwayskeep my Internet address from showing up in the headers of my
emails.***************Newbie note: What is all this about headers? It's stuff at the
beginning of anemail that may - or may not - tell you a lot about where it came
from and when.To see full headers, in Outlook click view -> full headers. In
Eudora, click the"Blah blah blah" icon.****************Want a computer you can
telnet into and mess around with, and not get intotrouble no matter what you
do to it? I've set up my techbroker.com(206.61.52.33) with user xyz, password
guest for you to play with. Here's how toforge email to xyz@techbroker.com
using telnet. Start with the command:C:\>telnet techbroker.com 25Connecting
To Techbroker.com220 Service readyNow you type in who you want the message
to appear to come from:helo santa@techbroker.comTechbroker.com will
answer:250 host readyNext type in your mail from address:mail
from:santa@techbroker.com250 Requested mail action okay, completedYour
next command:rcpt to:xyz@techbroker.com250 Requested mail action okay,
completedYour next command:data354 Start main input; end with .just means
hit return. In case you can't see that littleperiod between the s, what you do to
end composing your email is to hitenter, type a period, then hit enter again.
Anyhow, try typing:This is a test.250 Requested mail action okay,
completedquit221 Service closing transmission channelConnection to host
lost.Using techbroker's mail server, even if you enable full headers, the
message wejust composed looks like:Status: RX-status: NThis is a test.That's a
pretty pathetic forged email, huh? No "from", no date. However, you canmake
your headers better by using a trick with the data command. After you giveit,
you can insert as many headers as you choose. The trick is easier to show than
explain:220 Service readyhelo santa@northpole.org250 host readymail
from:santa@northpole.com250 Requested mail action okay, completedrcpt
to:cmeinel@techbroker.com250 Requested mail action okay, completeddata354
Start main input; end with .from:santa@deer.northpole.orgDate: Mon, 21 Oct
2002 10:09:16 -0500Subject: RudolfThis is a Santa test..250 Requested mail
action okay, completedquit221 Service closing transmission channelConnection
to host lost.The message then looks like:from:santa@deer.northpole.orgDate:
Mon, 21 Oct 2002 10:09:16 -0500Subject: RudolfThis is a Santa test.The trick is
to start each line you want in the headers with one word followedby a colon,
and the a line followed by "return". As soon as you write a linethat doesn't
begin this way, the rest of what you type goes into the body of the emailNotice
that the santa@northpole.com from the "mail from:" command didn't show upin
the header. Some mail servers would show both "from" addresses.You can forge
email on techbroker.com within one strict limitation. Your emailhas to go to
someone at techbroker.com. If you can find any way to send email tosomeone
outside techbroker, let us know, because you will have broken oursecurity,
muhahaha! Don't worry, you have my permission.Next, you can read the email
you forge on techbroker.com via telnet:C:\>telnet techbroker.com 110+OK
<30961.5910984301@techbroker.com> service readyGive this command:user
xyz+OK user is knownThen type in this:pass test+OK mail drop has 2
message(s)retr 1+OK message followsThis is a test.If you want to know all
possible commands, give this command:help+OK help list followsUSER userPASS
passwordSTATLIST [message]RETR messageDELE messageNOOPRSETQUITAPOP
user md5TOP message lines.