hi guys here is method to hack a remote pc with ip adress
Cain is an easy application to install and configure. However, there
are several powerful tools that should only be configured after you
fully understand both the capabilities and consequences to the
application and the target network. After all, you can’t very well hack a
network if you take it down. Proceed with caution.
We need to accomplish the following steps to get the admin account:
1. Enumerate the computers on the network
2. connect to a computer and install the Abel remote app
3. Harvest user account information
4. Crack user account information passwords to get the admin account
5. Login to the target machine with the admin account
6. Install the Abel service on the target server
7. Harvest all of the hashes from a server and sent to the cracker
Once we have the admin account on the server, the rest is up to you.
First things first, after you launch the
application you will need configure the Sniffer to use the appropriate
network card. If you have multiple network cards, it might be useful to
know what your MAC address is for your primary connection or the one
that you will be using for Cain network access. You can determine your
MAC address by performing the following steps:
1. Go to “Start”
2. Run
3. enter the “CMD”
4. A black window will appear
5. Enter the following information into the window without the quotes
“Ipconfig /all” and then Enter
6. Determine which one of the Ethernet
adapters you are using and copy the MAC address to notepad. You use this
to help determine which NIC to select in the Cain application
With the Cain application open, select the
Configure menu option on the main menu bar at the top of the
application. The Configuration Dialog box will appear. From the list
select the device with the MAC Address of Ethernet or Wireless network
card that you will be using for hacking. While we are here, let’s review
some of the other tabs and information in the Configuration Dialog Box.
Here is a brief description of each tab and its configuration:
Sniffer Tab: allows the user
to specify the Ethernet interface and the start up options for the
sniffer and ARP features of the application.
ARP Tab: Allows the user to
in effect to lie to the network and tell all of the other hosts that
your IP is actually that of a more important host on the network like a
server or router. This feature is useful in that you can impersonate the
other device and have all traffic for that device “routed” to you
workstation. Keep in mind that servers and routers and designed for
multiple high capacity connections. If the device that you are operating
from can not keep up with traffic generated by this configuration, the
target network will slow down and even come to a halt. This will surly
lead to your detection and eventual demise as a hacker as the event is
easily detected and tracked with the right equipment.
Filters and Ports: Most
standard services on a network operate on predefined ports. These ports
are defined under this tab. If you right click on one of the services
you will be able to change both the TCP and UDP ports. But this will not
be necessary for this tutorial, but will be useful future tutorials.
HTTP Fields: Several
features of the application such as the LSA Secrets dumper, HTTP Sniffer
and ARP-HTTPS will parse the sniffed or stored information from web
pages viewed. Simply put, the more fields that you add to the HTTP and
passwords field, the more likely you are to capture a relevant string
from an HTTP or HTTPS transaction.
Traceroute: trace route or
the ability to determine the path that your data will take from point A
to point B. Cain adds some functionality to the GUI by allowing for
hostname resolution, Net mask resolution, and Whois information
gathering. This feature is key in determining the proper or available
devices to spoof or siphon on your LAN or internetwork.
Console: This is the command
prompt on the remote machine. Anything that you can do on your pc from
the CMD prompt can be done from here. Examples include mapping a drive
back to your pc and copying all the files from the target or adding
local users to the local security groups or anything really. With
windows, everything is possible from the command prompt.
Hashes: Allows for the
enumeration of user accounts and their associated hashes with further
ability to send all harvested information to the cracker.
LSA Secrets: Windows NT and
Windows 2000 support cached logon accounts. The operating system default
is to cache (store locally), the last 10 passwords. There are registry
settings to turn this feature off or restrict the number of accounts
cached. RAS DUN account names and passwords are stored in the registry.
Service account passwords are stored in the registry. The password for
the computers secret account used to communicate in domain access is
stored in the registry. FTP passwords are stored in the registry. All
these secrets are stored in the following registry key:
HKEY_LOCAL_MACHINE SECURITYPolicySecrets
Routes: From this object,
you can determine all of the networks that this device is aware of. This
can be powerful if the device is multihommed on two different networks.
TCP Table: A simple listing of all of the processes and ports that are running and their TCP session status.
UDP Table: A simple listing of all of the processes and ports that are running and their UDP session status.
Dictionary Cracking – Select
all of the hashes and select Dictionary Attack (LM). You could select
the NTLM but the process is slower and with few exceptions the NTLM and
NT passwords are the same and NT cracks (Guesses) faster. In the
Dictionary window, you will need to populate the File window with each
of you dictionary files.you have to download the tables.and copy them to
cain installation directory, Check the following boxes: As is Password,
Reverse, Lowercase, uppercase, and two numbers.)
Dictionary Cracking processClick start and watch Cain work. The more
lists and words that you have, the longer it will take. When Cain is
finished, click exit and then look at the NT password column. All of the
passwords cracked will show up next to the now
here> owned accounts.
Take a second to look carefully at the accounts and passwords in the
list. Look for patterns like the use of letters and characters in
sequence. Many administrators use reoccurring patterns to help users
remember their passwords. Example: Ramius password reset in November
would have a user account of RAMNOV. If you can identify patterns like
this you can use word generators to create all possible combinations and
shorten the window.
Cryptanalysis attacking Alright then… Resort your hashes so single
out the accounts that you have left to crack. Now select all of the
un-cracked or guessed accounts and right click on the accounts again and
select Cryptanalysis (LM). Add the tables that you downloaded from the
net to the Cain LM hashes Cryptanalysis Sorted rainbow tables window.
Click start. This should go pretty quick. Take a second to review your
progress and look for additional patterns.
At this point, use program like sam grab
that has the ability to determine which accounts are members of the
domain administrators group to see if you have gotten any admin level
accounts. Once you move to the next step, which is bruting, most of what
you have left are long passwords that are going to be difficult and
time consuming. Any time saver applications that you can find will be
helpful.
Bruting Repeat the same process for selecting the
accounts. Here is the first time that you will actually have to use your
brain Bruting can be extremely time consuming. Look closely at all of
the passwords that you have cracked and look for patterns. First do you
see any special characters in any of the passwords cracked. How about
numbers? A lot of all upper case of all lower case? Use what you see to
help you determine what parameters to include when you are bruting. As
you will see, the addition of a single character or symbol can take you
from hours to days or even years to crack a password. The goal is to use
the least amount of characters and symbols to get the account that you
need. So lets finish it off. Select all of the un cracked accounts and
follow the previous steps and select Brute Force (LM). The default for
LM is A-Z and 0-9. This is because that is due nature of LM hashes and
the way that they are stored. Another note is that sometimes you will
see a “?” or several “????” and then some numbers or letters. This is
also due to the nature of NT versus NTLM and the method that NT used to
store passwords. If not see if you can find a repeating structure that
is based on the number 7. Anyway, based on the other passwords and those
accounts with an “*” in the <8 field on how many characters to
specify in the password length pull down box. Make your selection and
have at it. 123749997 years to completion. If you see this, then you
should rethink the need for this account. However, working with the
application, rainbow tables and password generators can help your narrow
down to reasonable time frames to get the job done.
Some definition
MAC: Media Access Control –
In computer networking a media access control address (MAC address) is a
code on most forms of networking equipment that allows for that device
to be uniquely identified. Each manufacturer for Network Cards has been
assigned a predefined range or block of numbers.
Sniffing: Sniffing is the
act or process of “Listening” to some or all of the information that is
being transmitted on the same network segment that a device is on. On an
OSI Model Layer 1 network, even the most basic Sniffers are capable of
“hearing” all of the traffic that is sent across a LAN. Moving to a
Layer 2 network complicates the process somewhat, however tools like
Cain allow for the spanning of all ports to allow the exploitation of
layer 2 switched networks.
ARP: Address Resolution
Protocol – Address Resolution Protocol; a TCP/IP function for
associating an IP address with a link-level address. Understanding ARP
and its functions and capabilities are key skills for hackers and
security professionals alike. A basic understanding of ARP is necessary
to properly utilize all of the functions that Cain is capable of.
so enjoy hacking aastalavista baby
19/08/21, 12:24 am by 
Subject: hacking remote pc 
