IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

    
____________________________________________________________



GUIDE TO (mostly) HARMLESS HACKING



Microsoft-only version Number 4



How to Break into Windows 95 from the Internet, continued.

____________________________________________________________



by keydet89@yahoo.com



Hacking from Win95

Accessing shares via the Internet

Alpha Edition:  Oct, 1998



[Protecting Yourself]

[What can they do]

[Getting set up]

[Connecting to shares]

[Final Words]



The purpose of this Guide is to show the reader how to set up

their Win95 computer to use sharing via the Internet.



Readers are encouraged to explore the information provided here,

but only after obtaining permission to do so on the remote

computer.  Get with your friends and try these techniques!



The information in this Guide is meant for use by Win95 users,

as the steps that are outlined are specifically for Win95.  This

same subject for NT has been dealt with in a previous Guide.



Before we start, I should point out that I made extensive use of

a free source of information...the Microsoft KnowledgeBase.  I

searched for a lot of information, and found a lot of good

references, by going to http://support.microsoft.com and

registering my email address.  I will be referencing several

KnowledgeBase throughout this Guide, and you can easily go to

the Support site and print out copies of the articles...just

choose to search for a particular article, rather than by

keyword.



[Protecting yourself]



First, the method of protecting yourself needs to be made

perfectly clear.  DON'T SHARE!!  I can't stress that enough.

If you are a home user, and you are connecting a Win95 computer

to the Internet via some dial-up method, DISABLE SHARING!



If you must share, use a strong password...8 characters minimum,

a mix of upper and lower case letters and numbers, change the

password every now and again.  If you need to transmit the

password to someone, do so over the phone or by written letter.

Another method for exchanging the information is to use PGP, or

'Pretty Good Privacy' (obtaining and installing PGP was covered

in a previous Guide).  Using PGP will not only allow you to

encrypt the information so that only your friend(s) can

decrypt it, but you can also digitally sign the file so that

your friends know that only you could have sent it.



To disable sharing, click on My Computer -> Control Panel ->

Network -> File and Print Sharing.  In the dialogue box that

appears, uncheck both boxes.  It's that easy.  If you are using

NT, disable the Server service to disable sharing...click on

My Computer -> Control Panel -> Services, and disable the

Server service.



[What can they do]



If someone can access you hard drive via the Internet, there are

many things they can do...it all depends upon their knowledge and

their intent.  Given correct access permissions, they could

erase your hard drive...or leave a 'hidden bomb' behind so that

your hard drive is erased the next time you boot up.  Or they

could simply modify your system.ini file so that the next time

your computer boots up, it opens into the old Program Manager

shell from Windows 3.1, instead of the nice friendly Explorer

shell that you are used to.  Or they could just copy your

email mailboxes, some data, and be merrily on their way.



Of course, there are all sorts of pathological uses for DOS

commands like deltree and ctty, and toys like BO...



[Getting set up]



First of all, you need to make sure that your system is set up

correctly to access another win95 machine via the Internet.  The

assumptions made in the following steps are that:



(a) you have your win95 disks or CD, and

(b) you have a modem in your computer.



By assuming that the reader has a modem, we can keep the

Guide simple, but users who are on a LAN should have no trouble

following the Guide.



1.  The first thing you need to do is make sure that you have

the latest version of DUN (Dial-Up Networking) for Win95.  The

current version is DUN v1.3, and can be obtained by going to:



http://www.microsoft.com/msdownload



Choose "Windows95 Shareware and Utilities" from the "Support

Drivers, Patches and Service Packs" section, and then choose

the update from the "Networking & Communications" section.



NOTE:  Feel free to gather any other updates that you may be

interested in, such as TweakUI.  Another useful tool that you

will find here under "Resource Kits" is the Windows95 Resource

Kit Help File and Utilities.



Once you have obtained and installed the DUN update, you should

be ready to begin.



************************************************************

NEWBIE NOTE:  Before you go on, you might want to look at

or print out the following Microsoft KnowledgeBase articles:



Q178729:  How to configure Win95 to dial into a RAS/RRAS

server

http://support.microsoft.com/support/kb/articles/q178/7/29.asp



Q145843:  How to connect to a remote server

http://support.microsoft.com/support/kb/articles/q145/8/43.asp



Q183368:  Requirements to browse network with dial-up

networking

http://support.microsoft.com/support/kb/articles/q183/3/68.asp

************************************************************



Let's get started...



2.  Click on Control Panel -> Network, and open the applet

to the Configuration tab.  You should see the following entries

at a minimum:  Client for Microsoft Networks, DialUp Adapter,

and TCP/IP.



If one or more of these entries aren't there, choose Add, and

select the appropriate choice.  Make sure that you have your

disks or CD-ROM available...just in case.



**If you don't already have it, add NetBEUI to your system by

choosing Control Panel -> Network -> Add, and choose Protocol.

Select the NetBEUI protocol and install it.



3.  Select TCP/IP, and open the Properties for it.  In the IP

Address tab, you will most likely have the 'Obtain an IP address

automatically' choice selected.



4.  Now double click on My Computer, choose DialUp Networking,

and  double click on icon for the connection to your ISP.  Under

the Server Type tab, you should have the following selections:



Type of Dial-Up Server:  PPP: Windows 95, Windows NT 3.5, Internet



Advanced Options:  'Log on to network' and 'Enable software

compression'



Allowed network protocols:  TCP/IP



5.  Now, click the 'TCP/IP Settings...' button, and you should see

the 'Server assigned IP address' and 'Server assigned name server

addresses' radio buttons selected.  Both 'Use IP header

compression' and 'Use default gateway on remote network' should

be checked.



[Connecting to shares]



6.  Before connecting to shares via the Internet, you need to

make sure that you machine is configured to use the 'lmhosts'

file on your computer to resolve NetBIOS names to IP addresses.

To do this, click Start -> Settings -> Control Panel ->

Network.



On the Configuration tab, click 'TCP/IP', and click 'Properties'.



On the WINS Configuration tab, click 'Disable WINS Resolution'.



Click Ok, then Ok, again.



Reboot your machine.



7.  Now we need to configure lmhosts file entries.  You might

want to start by opening the lmhosts.sam file:



***********************************************************

NEWBIE NOTE:  The lmhosts file is similar to the hosts file

in that it is used to resolve names to IP addresses.  WINS

and lmhosts files are the Microsoft versions of the DNS and

hosts files systems.  DNS/hosts files are used to resolve

Internet names like "www.example.com" to IP addresses.

WINS/lmhosts files are used to resolve NetBIOS names of

machines to their IP addresses.

***********************************************************



c:\windows\lmhosts.sam



..in Notepad and reading through it.  Then from the command

prompt, type:



c:\windows>edit lmhosts



or



c:\windows>notepad lmhosts



The entries in the file should look like:



[IP address] [NetBIOS name]  #PRE



Each entry in the lmhosts file needs to look like this

if you are going to access shares on the machines.



***********************************************************

NEWBIE NOTE:  If you don't have the NetBIOS name of your

friend's computer, you can get it using the nbtstat command.

You have to have the IP address...type:



c:\>nbtstat -A [ip_addr]

**NOTE:  The letter "A" MUST be capitalized!



You should see something similar to:



       NetBIOS Remote Machine Name Table







   Name               Type         Status



---------------------------------------------



Registered Registered Registered Registered Registered



MAC Address = 00-00-00-00-00-00





95_Box        <00>  UNIQUE

95_Box        <20>  UNIQUE

domain        <00>  GROUP

domain        <1C>  GROUP

domain        <1E>  GROUP

95_Box        <03>  UNIQUE



What you are looking for is the line with "<00>

UNIQUE"...the name at the beginning of the line is

the NetBIOS name of the computer.  This is what gets

entered in the lmhosts file.



If you get the error message "Host not found", it may

mean one of several things...your friend is not logged

on, there is a firewall between the two of you, etc.

***********************************************************



8.  Now we need to refresh the NetBIOS cache for your

machine...



In the DOS command window, type:



c:\>nbtstat -R



This command reloads the cache from the lmhosts file you just

created.



Now, click on Start -> Find -> Computer, and type in the NetBIOS

name of the computer...the same one you added to the lmhosts file.

If your attempt to connect to the machine is successful, you should

be presented with a window containing an icon representing your

friend's machine.



You may be presented with a password prompt window; your friend

should have given you the password, but if he didn't just try

guessing it.



[Final words]



Please remember that this file is for instructional purposes only

and is meant to educate the sysadmin and user alike.  Accessing

computers via the Internet that you do not have permission to access

is a violation of federal law in the US.  It is best to use the

information in this Guide and others to pursue the one and only

guaranteed method of gaining root on a system...become the sysadmin!!

________________________________________________________

Where are those back issues of GTMHHs and Happy Hacker Digests? Check out

the official Happy Hacker Web page at http://www.happyhacker.org.

We are against computer crime. We support good, old-fashioned hacking of the

kind that led to the creation of the Internet and a new era of freedom of

information. But we hate computer crime.  So don't email us about any crimes

you have committed!  

To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless

Hacking, please email hacker@techbroker.com with message "subscribe

happy-hacker" in the body of your message. 

Copyright 1998 keydet89.  You may forward, print out or post this

GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave

this notice at the end.

_________________________________________________________