|RE:i have been hacked, can anyone help? (modified 0 times) ||amdviaman|
|(I don't discriminate against n00bs, you gotta learn somewhere)|
I recommend doing 2 things, first you should kick his ass, second, you should get a more secure network to help prevent future attacks. Wireless networks, if unencrypted are usually a wide open door for hackers looking to join your LAN (local area network) and attack without firewalls blocking them. I recommend a hard-wired ethernet network unless you really need to be wireless. If you want to hack back, a Winblows XP system is an easy target BUT if he is as you say a geek, he probably has his system well secured and hardened to internet attacks. Since you are on linux, you can use a program called Kismet (a utility that sniffs for wireless access points and connects to them) use Kismet (google search Kismet to download it, it's licensed under the GNU) to join his wireless LAN, this should bypass any firewall that the wireless router has between the LAN and the outer internet. Once Kismet has found his routers signal, it will give you it's MAC address, change your own MAC address with the Linux command ifconfig eth0 hw ether <MAC Address Here> It should auto-configure the network address via DHCP (dynamic host configuration protocol) Once your in, poke around the LAN using variants of the IP you were assigned, for instance, if you were assigned the IP 192.168.1.3, then his IP might be 192.168.1.2. But don't take those numbers as gospel truth, most security-minded admins change their IP ranges, however, most home networking routers only have 4 variants of the IP your computer is assigned, one belongs to the router itself, the rest are assigned to each ethernet port (usually 4 including the one you got) Anyways, once you have found his IP, scan it with Nmap (available from insecure.org) Nmap is the best network exploration tool. If he is security wise, his Win#### XP box might be more secure than your averege idiot's Wincock XP box. I know that whenever I set up a Win#### XP box, I make sure it dosen't hold open a single port (bad when you need auto IP configuration but since i have routers, it's worth the security to spend the time punching in the IP manually so you don't get ####ed in the ass by netBIOS) Back to Nmap, when scanning, look for the following open ports unique to Winbitch XP and variants of WinNT, TCP port 5000 (uPnP) TCP port 139 (NetBIOS SSN) TCP port 445 (Microsuck directory service) <<<quite vulnerable!! If he is running server(s) then you will see TCP port 21 (File transfer Protocol) or TCP port 80 (Webserver) if you see port 21, you can try to attack it in hopes of gaining file system read access (childs play on windope xp if you can get through the FTP's username and password prompts) try the command line ftp client to see if you can get version info, if you can, great, check the internet's exploit resources for possible vulnerabilities. You can find ALOT of exploits for Winjizz and other software at Securityfocus.com and elhacker.net If you see any open ports unique to Winconstipation XP you can most likely attack it's LSASS (or less ass as i call it) and gain remote control NOTE you will need Winasshair 2000 or XP to run most lsass exploits as well as a prog called Netcat, once successfully exploited, you will have about 1 and a half minutes to get in and wreak havoc before XP shuts itself down (should be plenty of time if you know which Winpenis system files to corrupt, don't bother to search for your videos, there will not be enough time to search for them or he may have deleted them. If he still has them, and you wreak his system files, he will probably surrender them to you. Some delicious targets for file corruption on an NT box are ntldr (hidden file, located on the root of the drive) HAL.DLL (required for successful boot, but easilly deleted, it's found in the C:\wincocklick\system32 directory, it's not hidden, either delete it or replace it woth a corrupted version, both work well) Happy Hacking! If you discover a port you do not recognize open on his pc, post it in a reply to this thread, i'll tell you how to attack it.