Page 1 of 2

Hacking into a personal computer!

Posted: 16 Apr 2006, 14:10
by Lyecdevf
Let's say that I have gained the IP adress of some home user. Now first I need to be 100% sure that is in fact the adress of some home user and not some webserver of some internet security firm.

So how would I check for that? I know the whois site but I guess that is for checking out company names with webservers. How would you check out a home users IP?

The last part you can ignore but I was just wondering what would you do if you wanted to hack into this computer? I have been learning about hackig into webservers and actually today I realized that I really have no idea how to hack into some home users computer. It is so different. How do you even know when he is online.

Posted: 16 Apr 2006, 16:26
by Gogeta70
Just because someone has an IP doesn't mean they can hack INTO a computer. However, they can do denial of service attacks (dDos) and crash the computer. Most the time, an ip address if only useful if the person is running a server, or you managed to get a trojan virus, which is usually detected by antiviruses, so you don't have to worry too much.

And i don't really know of any way to check the ip except to find the host that belongs to it....

Posted: 16 Apr 2006, 16:40
by DNR
When you scan the IP look at the ports open, PC ports will likely just be 445 or 138. Servers depending what they are used for will likely just have 21,25,80,110 etc open

Also when you do a whois on the IP, if it belongs to a ISP, then its likely an account..

Attacks have to be geared toward the PC rather than server, and your attacks are limited due to the ports open.

DNR

Posted: 16 Apr 2006, 19:02
by CommonStray
some at like ###-.ISP.type.type

for example

1234~.RR.NEO.R

wereas account number through Road Runner.NortheastOhio.Residential

or mabey

1234~.AOL.type.type but you dont see commercial companies using AOL do you?

can be variable :wink:

this is only a generalized thought about your question, ive never delved into the act of identifying a home pc -vs- a business Ip address, if ive got the impulse to hack it, it doesnt matter if its a home pc or a security firm...


try packet intercepting, ping sweeps, port scans, or mabey social (by finding what ports are open will identify an app thats running like YIM or AIM) engineering, do Recon, run Nmap (what type of OS is running), try forward or reverse look-ups, run a tracemap,

http://www.maxmind.com

Posted: 17 Apr 2006, 16:17
by Lyecdevf
Hey, thank you guys! A DoS attack you say!

Heck I have been learning so much about keylogers, and other related stuff that I never bothered to learn much about DoS attacks. I guess if a person gives his friends IP adress on a forum he and his friend are asking for a DoS attack.

Posted: 17 Apr 2006, 16:34
by Gogeta70
Not necessarily. I depends on the average maturity of the user base of that forum.

Posted: 18 Apr 2006, 08:55
by DNR
Ethics and what kind of friends you would like to keep will determine what you'll do.

Friends would ask another if he could port scan or try an attack on that friend's computer. Its a good way to check firewalls and learn how stuff works.
The only problem is your ISP could bear the damage of a DoS attack. You may have had your friend's permission to hit him, but you do not have the permission of the other people on the network.
Always remember there are computers between you and the target.
Hence you have no security or privacy due to that network.

First learn to identify ports and machines, you are getting ahead of yourself.

DNR

Posted: 18 Apr 2006, 14:31
by Lyecdevf
Do not worry! I do not plan to do a DoS attack on this guy. At least not for now. I will keep the IP adress in case some time in the future I decide to give him a little lesson.

Right now I am trying to brute some one but seem to keep getting the same resulsts. It always says that it ucovered exactlly 6 users for what ever IP adress I give him. Basically it fails every time so I figured that I was doing some thing wrong.

Posted: 18 Apr 2006, 14:55
by Stavros
Here's a tip for the wise: If you feel like trolling for IPs, see this thread on how to (with minimal social engineering) get someone's IP address. Although I think it would be more fun to see if you can do it without that trick (i.e. pure social engineering).

Posted: 18 Apr 2006, 15:22
by Lyecdevf
Hey thanks. I know this trick using telnet while chating with some one on MSN to get thier IP. I am not sure wether that still works.

Re: Hacking into a personal computer!

Posted: 18 Apr 2006, 15:55
by FrankB
Lyecdevf wrote:Let's say that I have gained the IP adress of some home user. Now first I need to be 100% sure that is in fact the adress of some home user and not some webserver of some internet security firm.
PING the thing .. (thumbrule n° 1)
Lyecdevf wrote: So how would I check for that? I know the whois site but I guess that is for checking out company names with webservers. How would you check out a home users IP?
-NSLOOKUP [options]
-htdig -[flag] [options]
Lyecdevf wrote: The last part you can ignore but I was just wondering what would you do if you wanted to hack into this computer?
..actually :zilch, walou-walou,nothing,zero : like others said in this thread, you can practically do zilch with an IP-address, unless :
a) you know the guy is actually online (he pressed the 'boot' button of his computer)
b) he has no firewall (hahah ha hahaha) and allows you to PING.
note : if you can PING the IP you hit :
1. a switch, point of presence, router, or a f*cking genuine webserver with a d*mn
open LDAP ! Cool,maybe you can fetch some subdomains related to the IPee.
2. A very altruist person who lets anybody PING his `thing' albeit to death, maybe a
radical buddhist or something.

c) he is not behind a proxy, (in most cases : he is : his ISP acts as a proxy most of the time and if it doesn't, you will send your PING packets to the default gateway, that is : ...nowhere...
Lyecdevf wrote: I have been learning about hackig into webservers and actually today I realized that I really have no idea how to hack into some home users computer.
Okay, well you know what -free clue [Bad_Brain, feel free to ommit/edit] :
in fact you shouldn't bother about the hacked computers, you should be concerned by the results and feedback that your `evul' scripts report to you.
I mean : you already started to launch the 'htdigging' scripts and port-scanning robots, don't you ? You should already have a little database of the Who'sWho in that area (IP-area), don't you, you should already have an idea of how the network-servers have that updating IP-address routing-table updated in their appropriate schedule from one ns.255.255.255.255.2xy, ns1.255.255.255.25x:y, don't you ? [ns = nameserver/network server]
You should, ô hacker already have an idea of what kind of IP-class your ahum.. `target' is, don't you ?
You should by know already have re-written your scanning bots not to take into account IP-addresses allocated by a DHCP server and so, make your scripts act like *they* where the DHCP server, don't you ? And how to do that ? Man, man, man, two words :
"throw dices" , if *he* is connected to the Internet :
- find out how he is connected (read suck-o's archives),
- find why he is connected (has he any servces running , mmh .. ;-)
- find out who are his ISP's network servers & nameservers
.. all the rest is the nasty art of FRAUD!
Yes.

--FrankB
if n00b B claims to be better than n00b A, does n00b C have any word in it ?
a: no !

Posted: 18 Apr 2006, 16:15
by CommonStray
3\/!1 :twisted:

good write up FrankB, give em sumthin to read :lol:

Posted: 18 Apr 2006, 17:21
by Lyecdevf
Thanks for all that insight. I really apreciate it.

Some one posted what he claimed was his friends IP adress on the forum so I figured it would be fun to mess with that computer. It was just a thought.

Some one was frightening me of hacking into my computer after he did a netstat scan. I have also heard some one say that a hacker hacked into his computer and deleated his files, formated his disk,...and that he was powerless to stop him. Is that really possible?

Posted: 18 Apr 2006, 17:49
by FrankB
Lyecdevf wrote: Some one posted what he claimed was his friends IP adress on the forum so I figured it would be fun to mess with that computer. It was just a thought.
Well, maybe, it was some legitiimate `test' ... [censored] ..some like to be probed .. [/censored] :-)
Lyecdevf wrote: Some one was frightening me of hacking into my computer after he did a netstat scan.
Look, simple : There's that wise saying that originates from BabyASICians or from the DEC-ians or the PHP-nycians and goes as follows :
[poetry mode=on]
.those who can, they just do,
those who master, also teach whle having others doing the job,
those who cannot, they give lectures and threaten while smoking cuban cigars..

VAX, a.d. -2600.

That means ,Lyecdevf, that you don't have to believe people that threaten you just like that. mostly, morons tackling on a 'new trick' they found on g0Ogle and that everybody already knows.
I admit, if you would be sysadmin at CNN.DOT.COM , you have the benefice of the doubt, but I seriously doubt you are sysadmin at CNN, sooooooo ..,
next.
Lyecdevf wrote:have also heard some one say that a hacker hacked into his computer and deleated his files, formated his disk,...and that he was powerless to stop him. Is that really possible?
Try to do it on your own computer ;-), I mean, 'simulate the situation' :
go to an E-Café, and just try..

Let us know when you fromatted your partitions from a remote computer.

Don't cheat : act as if you didn't know the passwords of your own machine etc..[/code]

Posted: 18 Apr 2006, 18:23
by Lyecdevf
..actually :zilch, walou-walou,nothing,zero : like others said in this thread, you can practically do zilch with an IP-address, unless :

Well, this is where I get kind of confused. First you say that there is absolutelly no way any one can get into your comptuer but than you sort of indicate that there is a slight possibility (I assume safelly behind a firewall). I have heared about the posibility of the firewall some how being breached by a dos attack. So than some one could hack it. So let's leave it at that.

I have promised my self to try hacking into my sisters computer some time soon just like you said. Simplly trying to hack in.