Draco Hacker - A Place For All Wanna be Hackers

Disclaimer : The article is written for knowledge sharing purpose and let people know how hackers work. Any wrong use of it will make a criminal offense and you can get caught by cyber criminal investigators.

Hacking with Windows
Hackers used hack through windows in large extent because at the start of hacking unix and linux such system are not easily understandable so hackers hack through telnet of windows
Through telnet we can give access to user who is operating from outside the server or , not connected to the server . Due to this they made a security hole in the system that if one can get the username and password of that telnet client account he gets entry on the server .From this if hacker tries to reak the administrator of the server, though this is not as simple as it looks but there are chances that system get busted by telnet.
So it’s a part of hacking and so I thought I can discuss this topic with you about how they tries try do it.
In this guide you will learn how to telnet, forge email, and use nslookup with Windows XP.
So you have the newest, glitziest, “Fisher Price” version of Windows: XP. How can you use XP in a way that sets you apart from the boring millions of ordinary users?
The key to doing amazing things with XP is as simple as D O S. Yes, that’s right, DOS as in MS-DOS, as in MicroSoft Disk Operating System. Windows XP (as well as NT and 2000) comes with two versions of DOS. Command.com is an old DOS version. Various versions of command.com come with Windows 95, 98, SE, ME, Window 3, and DOS only operating systems.
The other DOS, which comes only with XP, 2000 and NT, is cmd.exe. Usually cmd.exe is better than command.com because it is easier to use, has more commands, and in some ways resembles the bash shell in Linux and other Unix-type operating systems. For example, you can repeat a command by using the up arrow until you back up to the desired command. Unlike bash, however, your DOS command history is erased whenever you shut down cmd.exe. The reason XP has both versions of DOS is that sometimes a program that won?t run right in cmd.exe will work in command.com

So how do you turn on DOS? Click All Programs -> Accessories -> Command Prompt That runs cmd.exe. You should see a black screen with white text on it, saying something like this:
Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.
C:\>
Your first step is to find out what commands you can run in DOS. If you type “help” at the DOS prompt, it gives you a long list of commands. However, this list leaves out all the commands hackers love to use. Here are some of those left out hacker commands.
TCP/IP commands:telnetnetstatnslookuptracertpingftp
NetBIOS commands (just some examples):nbtstatnet usenet viewnet localgroup
TCP/IP stands for transmission control protocol/Internet protocol. As you can guess by the name, TCP/IP is the protocol under which the Internet runs. along with user datagram protocol (UDP). So when you are connected to the Internet, you can try these commands against other Internet computers. Most local area networks also use TCP/IP.
NetBIOS (Net Basic Input/Output System) protocol is another way to communicate between computers. This is often used by Windows computers, and by Unix/Linux type computers running Samba. You can often use NetBIOS commands over the Internet (being carried inside of, so to speak, TCP/IP). In many cases, however, NetBIOS commands will be blocked by firewalls. Also, not many Internet computers run NetBIOS because it is so easy to break in using them. We will cover NetBIOS commands in the next Guide to XP Hacking.
The queen of hacker commands is telnet. To get Windows help for telnet, in the cmd.exe window give the command:
C:\>telnet /?
Here’s what you will get:
telnet [-a][-e escape char][-f log file][-l user][-t term][host[port]]-a Attempt automatic logon. Same as -l option except uses the currently logged on user’s name.-e Escape character to enter telnet client prompt.-f File name for client side logging-l Specifies the user name to log in with on the remote system. Requires that the remote system support the TELNET ENVIRON option.-t Specifies terminal type. Supported term types are vt100, vt52, ansi and vtnt only.host Specifies the hostname or IP address of the remote computer to connect to.port Specifies a port number or service name.

The simplest use of telnet is to log into a remote computer. Give the command:
C:/>telnet targetcomputer.com (substituting the name of the computer you want to telnet into for targetcomputer.com)
If this computer is set up to let people log into accounts, you may get the message:
login:
Type your user name here, making sure to be exact. You can’t swap between lower case and capital letters. For example, user name Guest is not the same as guest.
Then comes the message:
Password:
Again, be exact in typing in your password.
What if this doesn’t work?
Every day people write to me complaining they can’t telnet. That is usually because they try to telnet into a computer, or a port on a computer that is set up to refuse telnet connections. Here’s what it might look like when a computer refuses a telnet connection:
C:\ >telnet 10.0.0.3Connecting To 10.0.0.3…Could not open connection to the host, on port 23. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Or you might see:
C:\ >telnet techbroker.comConnecting To techbroker.com…Could not open connection to the host, on port 23. No connection could be made because the target machine actively refused it.
If you just give the telnet command without giving a port number, it will automatically try to connect on port 23, which sometimes runs a telnet server.
If telnet failed to connect, possibly the computer you were trying to telnet into was down or just plain no longer in existence. Maybe the people who run that computer don’t want you to telnet into it.
Even though you can’t telnet into an account inside some computer, often you can get some information back or get that computer to do something interesting for you. Yes, you can get a telnet connection to succeed -without doing anything illegal –against almost any computer, even if you don’t have permission to log in. There are many legal things you can do to many randomly chosen computers with telnet. For example:
C:/telnet freeshell.org 22 SSH-1.99-OpenSSH_3.4p1
That tells us the target computer is running an SSH server, which enables encrypted connections between computers. If you want to SSH into an account there, you can get a shell account for free at http://freeshell.org . You can get a free SSH client program from http://winfiles.com .

Sometimes a port is running an interesting program, but a firewall won’t let you in. For example, 10.0.0.3, a computer on my local area network, runs an email sending program, (sendmail working together with Postfix, and using Kmail to compose emails). I can use it from an account inside 10.0.0.3 to send emails with headers that hide from where I send things.
If I try to telnet to this email program from outside this computer, here’s what happens:
C:\>telnet 10.0.0.3 25Connecting To 10.0.0.3…Could not open connection to the host, on port 25. No connection could be made because the target machine actively refused it.
However, if I log into an account on 10.0.0.3 and then telnet from inside to port 25, here’s what I get:
Last login: Fri Oct 18 13:56:58 2002 from 10.0.0.1Have a lot of fun…cmeinel@test-box:~> telnet localhost 25Trying ::1…telnet: connect to address ::1: Connection refusedTrying 127.0.0.1… [Carolyn's note: 127.0.0.1 is the numerical address meaning localhost, the same computer you are logged into]Connected to localhost.Escape character is ‘^]’.220 test-box.local ESMTP Postfix
The reason I keep this port 25 hidden behind a firewall is to keep people from using it to try to break in or to forge email. Now the ubergeniuses reading this will start to make fun of me because no Internet address that begins with 10. is reachable from the Internet. However, sometimes I place this “test-box” computer online with a static Internet address, meaning whenever it is on the Internet, it always has the same numerical address. I’m not going to tell you what its Internet address is because I don’t want anyone messing with it. I just want to mess with other people’s computers with it, muhahaha. That’s also why I always keep my Internet address from showing up in the headers of my emails.

Want a computer you can telnet into and mess around with, and not get into trouble no matter what you do to it? I’ve set up my techbroker.com (206.61.52.33) with user xyz, password guest for you to play with. Here’s how to forge email to xyz@techbroker.com using telnet. Start with the command:
C:\>telnet techbroker.com 25Connecting To Techbroker.com
220 Service ready
Now you type in who you want the message to appear to come from:
helo santa@techbroker.comTechbroker.com will answer:
250 host ready
Next type in your mail from address:
mail from:santa@techbroker.com
250 Requested mail action okay, completed
Your next command:
rcpt to:xyz@techbroker.com250 Requested mail action okay, completed
Your next command:data354 Start main input; end with .
Carolyn’s note: just means hit return. In case you can’t see that little period between the s, what you do to end composing your email is to hit enter, type a period, then hit enter again. Anyhow, try typing:
This is a test..250 Requested mail action okay, completedquit221 Service closing transmission channel
Connection to host lost.
Using techbroker’s mail server, even if you enable full headers, the message we just composed looks like:
Status: RX-status: N

This is a test.
That’s a pretty pathetic forged email, huh? No “from”, no date. However, you can make your headers better by using a trick with the data command. After you give it, you can insert as many headers as you choose. The trick is easier to show than explain:
220 Service readyhelo santa@northpole.org250 host readymail from:santa@northpole.com250 Requested mail action okay, completedrcpt to:cmeinel@techbroker.com250 Requested mail action okay, completeddata354 Start main input; end with .from:santa@deer.northpole.orgDate: Mon, 21 Oct 2002 10:09:16 -0500Subject: RudolfThis is a Santa test..250 Requested mail action okay, completedquit221 Service closing transmission channel
Connection to host lost.
The message then looks like:
from:santa@deer.northpole.orgDate: Mon, 21 Oct 2002 10:09:16 -0500Subject: RudolfThis is a Santa test.
The trick is to start each line you want in the headers with one word followed by a colon, and the a line followed by “return”. As soon as you write a line that doesn’t begin this way, the rest of what you type goes into the body of the email.
Notice that the santa@northpole.com from the “mail from:” command didn’t show up in the header. Some mail servers would show both “from” addresses.
You can forge email on techbroker.com within one strict limitation. Your email has to go to someone at techbroker.com. If you can find any way to send email to someone outside techbroker, let us know, because you will have broken our security, muhahaha! Don’t worry, you have my permission.
Next, you can read the email you forge on techbroker.com via telnet:
C:\>telnet techbroker.com 110
+OK <30961.5910984301@techbroker.com> service ready
Give this command:user xyz+OK user is known
Then type in this:pass test+OK mail drop has 2 message(s)
retr 1+OK message followsThis is a test.
If you want to know all possible commands, give this command:
help+OK help list followsUSER userPASS passwordSTATLIST [message]RETR messageDELE messageNOOPRSETQUITAPOP user md5TOP message linesUIDL [message]HELP
Unless you use a weird online provider like AOL, you can use these same tricks to send and receive your own email. Or you can forge email to a friend by telnetting to his or her online provider’s email sending computer(s).
With most online providers you need to get the exact name of their email computer(s). Often it is simply mail.targetcomputer.com (substitute the name of the online provider for targetcomputer). If this doesn’t work, you can find out the name of their email server with the DOS nslookup program, which only runs from cmd.exe. Here’s an example:
C:\ >nslookupDefault Server: DNS1.wurld.netAddress: 206.61.52.11
> set q=mx> dimensional.comServer: DNS1.wurld.netAddress: 206.61.52.11
dimensional.com MX preference = 5, mail exchanger =mail.dimensional.comdimensional.com MX preference = 10, mail exchanger =mx2.dimensional.comdimensional.com MX preference = 20, mail exchanger =mx3.dimensional.comdimensional.com nameserver = ns.dimensional.comdimensional.com nameserver = ns-1.dimensional.comdimensional.com nameserver = ns-2.dimensional.comdimensional.com nameserver = ns-3.dimensional.comdimensional.com nameserver = ns-4.dimensional.commail.dimensional.com internet address = 206.124.0.11mx2.dimensional.com internet address = 206.124.0.30mx3.dimensional.com internet address = 209.98.32.54ns.dimensional.com internet address = 206.124.0.10ns.dimensional.com internet address = 206.124.26.254ns.dimensional.com internet address = 206.124.0.254ns.dimensional.com internet address = 206.124.1.254ns.dimensional.com internet address = 209.98.32.54ns.dimensional.com internet address = 206.124.0.32ns.dimensional.com internet address = 206.124.0.30ns.dimensional.com internet address = 206.124.0.25ns.dimensional.com internet address = 206.124.0.15ns.dimensional.com internet address = 206.124.0.21ns.dimensional.com internet address = 206.124.0.9ns-1.dimensional.com internet address = 206.124.26.254ns-2.dimensional.com internet address = 209.98.32.54ns-3.dimensional.com internet address = 206.124.1.254ns-4.dimensional.com internet address = 206.124.0.254>
The lines that tell you what computers will let you forge email to people with @dimensional.com addresses are:
dimensional.com MX preference = 5, mail exchanger =mail.dimensional.comdimensional.com MX preference = 10, mail exchanger =mx2.dimensional.comdimensional.com MX preference = 20, mail exchanger =mx3.dimensional.com
MX stands for mail exchange. The lower the preference number, the more they would like you to use that address for email.If that lowest number server is too busy, then try another server.
Sometimes when you ask about a mail server, nslookup will give you this kind of error message:
DNS request timed out. timeout was 2 seconds.DNS request timed out. timeout was 2 seconds.

Once you know the domain servers for an online service, set one of them for the server for your nslookup program. Here’s how you do it:
C:\ >nslookupDefault Server: DNS1.wurld.netAddress: 206.61.52.11
Now give the command:
> server 207.217.126.41Default Server: ns1.earthlink.netAddress: 207.217.126.41
Next command should be:> set q=mx> earthlink.netServer: ns1.earthlink.netAddress: 207.217.126.41
earthlink.net MX preference = 5, mail exchanger = mx04.earthlink.netearthlink.net MX preference = 5, mail exchanger = mx05.earthlink.netearthlink.net MX preference = 5, mail exchanger = mx06.earthlink.netearthlink.net MX preference = 5, mail exchanger = mx00.earthlink.netearthlink.net MX preference = 5, mail exchanger = mx01.earthlink.netearthlink.net MX preference = 5, mail exchanger = mx02.earthlink.netearthlink.net MX preference = 5, mail exchanger = mx03.earthlink.netearthlink.net nameserver = ns3.earthlink.netearthlink.net nameserver = ns1.earthlink.netearthlink.net nameserver = ns2.earthlink.netmx00.earthlink.net internet address = 207.217.120.28mx01.earthlink.net internet address = 207.217.120.29mx02.earthlink.net internet address = 207.217.120.79mx03.earthlink.net internet address = 207.217.120.78mx04.earthlink.net internet address = 207.217.120.249mx05.earthlink.net internet address = 207.217.120.31mx06.earthlink.net internet address = 207.217.120.23ns1.earthlink.net internet address = 207.217.126.41ns2.earthlink.net internet address = 207.217.77.42ns3.earthlink.net internet address = 207.217.120.43>
Your own online service will usually not mind and may even be glad if you use telnet to read your email. Sometimes a malicious person or faulty email program will send you a message that is so screwed up that your email program can’t download it. With telnet you can manually delete the bad email. Otherwise tech support has to do it for you.
If you think about it, this ability to forge email is a huge temptation to spammers. How can your online provider keep the bad guys from filling up a victim’s email box with garbage? The first time a bad guy tries this, probably nothing will stop him or her. The second time the online provider might block the bad guy at the firewall, maybe call the bad guy’s online provider and kick him or her and maybe get the bad guy busted or sued.

Now that you know how to read and write email with telnet, you definitely have something you can use to show off with.
Oh, here’s one last goodie for advanced users. Get netcat for Windows. It’s a free program written by Weld Pond and Hobbit, and available from many sites, for examplehttp://www.atstake.com/research/tools/#network_utilities . It is basically telnet on steroids. For example, using netcat, you can set up a port on your Windows computer to allow people to telnet into a DOS shell by using this command:
C:\>nc -L -p 5000 -t -e cmd.exe You can specify a different port number than 5000. Just make sure it doesn’t conflict with another port by checking with the netstat command. Then you and your friends, enemies and random losers can either telnet in or netcat in with the command:
C:\>nc -v [ipaddress of target] [port]
Of course you will probably get hacked for setting up this port. However, if you set up a sniffer to keep track of the action, you can turn this scary back door into a fascinating honeypot. For example, you could run it on port 23 and watch all the hackers who attack with telnet hoping to log in. With some programming you could even fake a unix-like login sequence and play some tricks on your attackers.

The Article is posted for Educational purpose only . We DO not take Any responsibility of using it for illegal purposes