* TROZENS
Trojan’s are the most dangerous of all types of attacks.
What are Trojans?
Trojans are small programs through which the hacker gain control over your system. Although, most of the Trojans are detected by anti virus programs but the frequency with which these programs are written is far more than the anti virus updating system.
Some common features with Trojans are as follows:
• Capturing screenshots of your computer.
• Recording key strokes and sending files to the hacker
• Giving full Access to all your drives and files.
• Ability to use your computer to do other hacking related activities.
Every Trojan has two parts a Client and a Server. In order to gain access, the server file must be installed in the target computer.
How this is done?
Initially this was done using a simple email. The hacker will send you an email with some sort of attachment (the Server File). The matter of that mail will make you open that attachment, when you double click on it you will see nothing but in the background the server file gets installed on your system.
Now, all the hacker has to do is just use the client file to connect to your system.
But this method became so popular that the hacker has to search for some other technique to achieve the above objective.
How many of you have played small computer games such as “shooting bird”, “catching butterflies”, “slapping some face”, etc
Now, in this technique the hacker joins two exe files into a single file i.e. the server file + the game file.
In this case when you open the attachment you will see the game but at the same time the server also gets installed on your system.
This is just one way; there are many other ways to achieve this objective. So always be careful whenever you are opening an unknown attachment, or while visiting unsafe websites, while chatting, etc.
* KEYLOGGERS
What Are Keyloggers?
Keyloggers are specially devised programs that are installed inside a computer via a Trojan, a virus or a worm. Once inside, the keylogger will auto execute and start recording all the key strokes made by the computer user. Once a determined period of time has gone by, the keylogger will send the keystroke information to the hacker who sent this infectious software.
Then the hacker will start searching key combinations that can lead him to determine the password for determined web pages. This simple and effective method is a favorite among hackers since it can provide them with lots of private information from their victims.
Many computer users have more than one email account, especially if they use the messenger services from multiple providers, like Microsoft's Hotmail, Yahoo's Email or AOL email. It doesn't matter if you have one or many email accounts, every one of them may be a victim of a hacker. Even with the security measures imposed by the companies, Yahoo password hacking or hotmail hacking still exist. And it's very improbable that will disappear.
So, if you want to protect yourself from people who are hacking yahoo accounts or whose whole purpose in life is to do some MSN hacking, then increase the number of special characters in your password and try not to access your email account from a computer that is not yours. And that goes to IM's too. The ability for hacking yahoo messenger or any other IM provider it's a latent danger for all of us.
some of the examples of keyloggers are :
golden keylogger
elite keylogger
perfect keyloggger
family keylogger... and many others... soon i'll be posting their viru free links... keep checking
* NETBIOS
Preface to NetBIOS
Before you begin reading this section, understand that this section was written for the novice to the concept of NetBIOS, but - it also contains information the veteran might find educational. I am prefacing this so that I do not get e-mail like "Why did you start your NetBIOS section off so basic?" - Simple, its written for people that may be coming from an enviroment that does not use NetBIOS, so they would need me to start with basics, thanks.
Whats is NetBIOS?
NetBIOS (Network Basic Input/Output System) was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. Since its creation, NetBIOS has become the basis for many other networking applications. In its strictest sense, NetBIOS is an interface specification for accessing networking services.
NetBIOS, a layer of software developed to link a network operating system with specific hardware, was originally designed as THE network controller for IBM's Network LAN. NetBIOS has now been extended to allow programs written using the NetBIOS interface to operate on the IBM token ring architecture. NetBIOS has since been adopted as an industry standard and now, it is common to refer to NetBIOS-compatible LANs.
It offers network applications a set of "hooks" to carry out inter-application communication and data transfer. In a basic sense, NetBIOS allows applications to talk to the network. Its intention is to isolate application programs from any type of hardware dependancies. It also spares software developers the task of developing network error recovery and low level message addressing or routing. The use of the NetBIOS interface does alot of this work for them.
NetBIOS standardizes the interface between applications and a LANs operating capabilities. With this, it can be specified to which levels of the OSI model the application can write to, making the application transportable to other networks. In a NetBIOS LAN environment, computers are known on the system by a name. Each computer on the network has a permanent name that is programmed in various different ways. These names will be discussed in more detail below.
PC's on a NetBIOS LAN communicate either by establishing a session or by using NetBIOS datagram or broadcast methods. Sessions allow for a larger message to be sent and handle error detection and correction. The communication is on a one-to-one basis. Datagram and broadcast methods allow one computer to communicate with several other computers at the same time, but are limited in message size. There is no error detection or correction using these datagram or broadcast methods. However, datagram communication allows for communication without having to establish a session.
All communication in these environments are presented to NetBIOS in a format called Network Control Blocks (NCB). The allocation of these blocks in memory is dependant on the user program. These NCB's are divided into fields, these are reserved for input and output respectively.
NetBIOS is a very common protocol used in todays environments. NetBIOS is supported on Ethernet, TokenRing, and IBM PC Networks. In its original induction, it was defined as only an interface between the application and the network adapter. Since then, transport like functions have been added to NetBIOS, making it more functional over time.
In NetBIOS, connection (TCP) oriented and connectionless (UDP) communication are both supported. It supports both broadcasts and multicasting and supports three distinct services: Naming, Session, and Datagram.
NetBIOS Names
NetBIOS names are used to identify resources on a network. Applications use these names to start and end sessions. You can configure a single machine with multiple applications, each of which has a unique NetBIOS name. Each PC that supports an application also has a NetBIOS station name that is user defined or that NetBIOS derives by internal means.
NetBIOS can consist of up to 16 alphanumeric characters. The combination of characters must be unique within the entire source routing network. Before a PC that uses NetBIOS can fully function on a network, that PC must register their NetBIOS name.
When a client becomes active, the client advertises their name. A client is considered to be registered when it can successfully advertise itself without any other client claiming it has the same name. The steps of the registration process is as follows:
1. Upon boot up, the client broadcasts itself and its NetBIOS information anywhere from 6 to 10 to ensure every other client on the network receives the information.
2. If another client on the network already has the name, that NetBIOS client issues its own broadcast to indicate that the name is in use. The client who is trying to register the already in use name, stop all attempts to register that name.
3. If no other client on the network objects to the name registration, the client will finish the registration process.
There are two types of names in a NetBIOS enviroment: Unique and Group. A unique name must be unique across the network. A group name does not have to be unique and all processes that have a given group name belong to the group. Each NetBIOS node maintains a table of all names currently owned by that node.
The NetBIOS naming convention allows for 16 characters in a NetBIOS name. Microsoft, however, limits these names to 15 characters and uses the 16th character as a NetBIOS suffix. A NetBIOS suffix is used by Microsoft Networking software to indentify the functionality installed or the registered device or service.
[QuickNote: SMB and NBT (NetBIOS over TCP/IP work very closely together and both use ports 137, 138, 139. Port 137 is NetBIOS name UDP. Port 138 is NetBIOS datagram UDP. Port 139 is NetBIOS session TCP. For further information on NetBIOS, read the paper at the rhino9 website listed above]
The following is a table of NetBIOS suffixes currently used by Microsoft WindowsNT. These suffixes are displayed in hexadecimal format.
Name Number Type Usage
==========================================================================
<\\_MSBROWSE_> 01 G Master Browser
IRISMULTICAST [2F] G Lotus Notes
IRISNAMESERVER [33] G Lotus Notes
Forte_$ND800ZA [20] U DCA Irmalan Gateway Service
Unique (U): The name may have only one IP address assigned to it. On a network device, multiple occurrences of a single name may appear to be registered, but the suffix will be unique, making the entire name unique.
Group (G): A normal group; the single name may exist with many IP addresses.
Multihomed (M): The name is unique, but due to multiple network interfaces on the same computer, this configuration is necessary to permit the registration. Maximum number of addresses is 25.
Internet Group (I): This is a special configuration of the group name used to manage WinNT domain names.
Domain Name (D): New in NT 4.0
For a quick and dirty look at a servers registered NetBIOS names and services, issue the following NBTSTAT command:
nbtstat -A [ipaddress]
nbtstat -a [host]
NetBIOS Sessions
The NetBIOS session service provides a connection-oriented, reliable, full-duplex message service to a user process. NetBIOS requires one process to be the client and the other to be the server. NetBIOS session establishment requires a preordained cooperation between the two stations. One application must have issued a Listen command when another application issues a Call command. The Listen command references a name in its NetBIOS name table (or WINS server), and also the remote name an application must use to qualify as a session partner. If the receiver (listener) is not already listening, the Call will be unsuccessful. If the call is successful, each application receives notification of session establishment with the session-id. The Send and Receive commands the transfer data. At the end of a session, either application can issue a Hang-Up command. There is no real flow control for the session service because it is assumed a LAN is fast enough to carry the required traffic.
NetBIOS Datagrams
Datagrams can be sent to a specific name, sent to all members of a group, or broadcast to the entire LAN. As with other datagram services, the NetBIOS datagrams are connectionless and unreliable. The Send_Datagram command requires the caller to specify the name of the destination. If the destination is a group name, then every member of the group receives the datagram. The caller of the Receive_Datagram command must specify the local name for which it wants to receive datagrams. The Receive_Datagram command also returns the name of the sender, in addition to the actual datagram data. If NetBIOS receives a datagram, but there are no Receive_Datagram commands pending, then the datagram is discarded.
The Send_Broadcast_Datagram command sends the message to every NetBIOS system on the local network. When a broadcast datagram is received by a NetBIOS node, every process that has issued a Receive_Broadcast_Datagram command receives the datagram. If none of these commands are outstanding when the broadcast datagram is received, the datagram is discarded.
NetBIOS enables an application to establish a session with another device and lets the network redirector and transaction protocols pass a request to and from another machine. NetBIOS does not actually manipulate the data. The NetBIOS specification defines an interface to the network protocol used to reach those services, not the protocol itself. Historically, has been paired with a network protocol called NetBEUI (network extended user interface). The association of the interface and the protocol has sometimes caused confusion, but the two are different.
Network protocols always provide at least one method for locating and connecting to a particular service on a network. This is usually accomplished by converting a node or service name to a network address (name resolution). NetBIOS service names must be resolved to an IP address before connections can be established with TCP/IP. Most NetBIOS implementations for TCP/IP accomplish name address resolution by using either broadcast or LMHOSTS files. In a Microsoft enviroment, you would probably also use a NetBIOS Namer Server known as WINS.
NetBEUI Explained
NetBEUI is an enhanced version of the NetBIOS protocol used by network operating systems. It formalizes the transport frame that was never standardized in NetBIOS and adds additional functions. The transport layer driver frequently used by Microsofts LAN Manager. NetBEUI implements the OSI LLC2 protocol. NetBEUI is the original PC networking protocol and interface designed by IBM for the LanManger Server. This protocol was later adopted by Microsoft for their networking products. It specifies the way that higher level software sends and receives messages over the NetBIOS frame protocol. This protocol runs over the standard 802.2 data-link protocol layer.
NetBIOS Scopes
A NetBIOS Scope ID provides an extended naming service for the NetBIOS over TCP/IP (Known as NBT) module. The primary purpose of a NetBIOS scope ID is to isolate NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID. The NetBIOS scope ID is a character string that is appended to the NetBIOS name. The NetBIOS scope ID on two hosts must match, or the two hosts will not be able to communicate. The NetBIOS Scope ID also allows computers to use the same computer namee as they have different scope IDs. The Scope ID becomes a part of the NetBIOS name, making the name unique.
* PORT NAMES
Common PortsThe Common Ports are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users.
Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port.
Port Assignments for Common Ports:
Port UDP TCP Definition
7 x x echo
9 x x discard
11 x x systat
13 x x daytime
17 x x quote of the day
19 x character generator
20 x ftp - data
21 x ftp - control
23 x telnet
25 x smtp mail transfer
37 x x timeserver
39 x rlp resource location
42 x x nameserver
43 x nicname whois
53 x x dommainlein name server
67 x bootpc bootstrap protocol
68 x bootpc bootstrap protocol
69 x tftp trivial file transfer
70 x gopher
79 x finger
80 x http
88 x x kerberos
101 x hostname nic
102 x iso-tsap class 0
107 x rtelnet
109 x pop2
110 x pop3
111 x x sunrpc
113 x identification protocol
117 x uucp
119 x nntp
123 x ntp
135 x x epmap
137 x x netbios - name service
138 x netbios - dgm
139 x netbios - ssn
143 x imap
158 x pcmail - srv
161 x snmp
162 x snmptrap
170 x print - srv
179 x border gateway protocol
194 x irc internet relay chat
213 x ipx
389 x ldap
443 x x https (ssl)
445 x x microsoft - ds
464 x x kpasswd
500 x isakmp key exchange
512 x x remote execute
513 x x login / who
514 x x shell cmd / syslog
515 x printer spooler
517 x talk
518 x ntalk
520 x x router / efs
525 x timeserver
526 x tempo
530 x rpc
531 x conference chat
532 x netnews newsreader
533 x netwall
540 x uucp
543 x klogin
544 x kshell
550 x new - rwho
556 x remotefs
560 x rmonitor
561 x monitor
636 x ldaps over tls/ssl
666 x x doom id software
749 x x kerberos administration
750 x kerveros version iv
1109 x kpop
1167 x phone
1433 x x ms - sql - server
1434 x x ms - sql - monitor
1512 x x wins
1524 x ingreslock
1701 x l2tp
1723 x pptp point to point
1812 x radius authentication
1813 x radius accounting
2049 x nfs server
2053 x kerberos de - multiplexor
9535 x man remote serveR
0 comments