Ways To Attack a Network:
The IP address gives the attacker’s Internet address. The numerical address like 220.127.116.11 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name. PING stands for “Packet Internet Groper” and is delivered with practically every
Internet compatible system, including all current Windows versions.
Make sure you are logged on to the net. Open the DOS shell and enter
the following PING command:
Ping –a 18.104.22.168
Ping will search the domain name and reveal it. You will often have information on the provider the attacker uses e.g.:
Pinging is normally the first step involved in hacking the target. Ping uses
ICMP (Internet Control Messaging Protocol) to determine
whether the target host is reachable or not. Ping sends out ICMP Echo packets to the target host, if the target host is alive it would respond
back with ICMP
All the versions of Windows also contain the ping tool. To ping a remote host follow the procedure below.
Click Start and then click Run. Now type ping <ip address or hostname>
(For example: ping yahoo.com)
This means that the attacker logged on using “provider.com”.
Unfortunately, there are several IP addresses that cannot be converted
into domain names.
For more parameter that could be used with the ping command, go to
DOS prompt and type ping /?.
If you are undetermined about your target and just want a
live system, ping sweep is the solution for you. Ping sweep also uses
ICMP to scan for live systems in the specified range of IP addresses.
Though Ping sweep is similar to ping but reduces the time involved in pinging a range of IP addresses. Nmap (http://www.insecure.org) also
contains an option
Tracert is another interesting tool
available to find more interesting information about a remote host. Tracert also
Tracer connects to the computer whose IP has been entered and reveals all stations starting from your Internet connection. Both the IP address as well as the domain name (if available) is displayed.
If PING cannot reveal a name, Traceroute will possibly deliver the name of the last or second last station to the attacker, which may enable conclusions concerning the name of the provider used by the attacker and the region from which the attacks are coming.
Go to DOS prompt and type tracert <destination address>
(For example: tracert yahoo.com).
But there are some tools available like Visual Traceroute which help you
even to find the geographical location of the routers involved.
After you have determined that your target system is alive the next important step would be to perform a port scan on the target system.
There are a wide range of port scanners available for free. But many of them uses outdated techniques for port scanning which could be easily recognized by the network administrator. Personally I like to use Nmap (http://www.insecure.org) which has a wide range of options. You can download the NmapWin and its source code from:
Apart from port scanning Nmap is capable of identifying the Operating system being used, Version numbers of various services running,
firewalls being used and a lot more.
Below is a list of some common ports and the respective services
running on the ports.
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Configuration Protocol)
110 POP3 (Post Office Protocol, version 3)
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
Besides the above ports they are even some ports known as Trojan
ports used by Trojans that allow remote access to that system.
Vulnerability Scanning:Every operating system or the services will have some vulnerabilities due to the
programming errors. These vulnerabilities are crucial for a successful hack. Bugtraq is
an excellent mailing list discussing the vulnerabilities in the various system. The
exploit code writers write exploit codes to exploit these vulnerabilities existing in a system.
There are a number of vulnerability scanners available to scan the host for known vulnerabilities. These vulnerability scanners are very important for a network administrator to audit the network security.
Some of such vulnerability scanners include Shadow Security Scanner,Stealth HTTP Scanner, Nessus, etc. Visit
http://www.securityfocus.com vulnerabilities and exploit codes of various
operating systems. Packet storm security
(http://www.packetstormsecurity.com) is also a nice pick.
I think everyone has heard of this one, recently evolved into the 4.x series.
(Network Mapper) is a free open source utility for network exploration
be used by beginners (-sT) or by pros alike (packet_trace). A very
Get Nmap Here - http://www.insecure.org/nmap/download.html
2. Nessus Remote Security Scanner
went closed source, but is still essentially free. Works with a client-
is the worlds most popular vulnerability scanner used in over 75,000
Get Nessus Here - http://www.nessus.org/download/
3. John the Ripper
Yes, JTR 1.7 was recently released!
the Ripper is a fast password cracker, currently available for many
You can get JTR Here - http://www.openwall.com/john/
is an Open Source (GPL) web server scanner which performs comprehensive
is a good CGI scanner, there are some other tools that go well with Nikto
Get Nikto Here - http://www.cirt.net/code/nikto.shtml
TCP port scanner, pinger, resolver. SuperScan 4 is an update of the
you need an alternative for nmap on Windows with a decent interface, I
SuperScan Here - http://www.foundstone.com/index.htm
v2 is a versatile passive OS fingerprinting tool. P0f can identify the
machines that connect to your box (SYN mode),
it can fingerprint anything, just by listening, it doesn’t make ANY
Get p0f Here - http://lcamtuf.coredump.cx/p0f/p0f.shtml
7. Wireshark (Formely Ethereal)
is a GTK+-based network protocol analyzer, or sniffer, that lets you
great on both Linux and Windows (with a GUI), easy to use and can
Get Wireshark Here - http://www.wireshark.org/
is a network tool designed to take advantage of some weakeness in
The best Layer 2 kit there is.
Get Yersinia Here - http://yersinia.sourceforge.net/
is an advanced security tool (for Windows), which allows you to
excellent tool for keeping your data really safe, if you’ve deleted it..make
Get Eraser Here - http://www.heidi.ie/eraser/download.php
is a free implementation of Telnet and SSH for Win32 and Unix platforms,
Get PuTTY Here. - http://www.chiark.greenend.org.uk/~sgtatham/putty/
purpose of LCP program is user account passwords auditing and recovery in
A good free alternative to L0phtcrack.
was briefly mentioned in our well read Rainbow Tables and RainbowCrack
Get LCP Here - http://www.lcpsoft.com/english/download.htm
12. Cain and Abel
My personal favourite for password cracking of any kind.
& Abel is a password recovery tool for Microsoft Operating Systems. It
Get Cain and Abel Here - http://www.oxid.it/cain.html
is an 802.11 layer2 wireless network detector, sniffer, and intrusion
good wireless tool as long as your card supports rfmon (look for an orinocco
Get Kismet Here - http://www.kismetwireless.net/download.shtml
a decent wireless tool for Windows! Sadly not as powerful as it’s Linux
is a tool for Windows that allows you to detect Wireless Local Area
that your network is set up the way you intended.
Get NetStumbler Here - http://www.stumbler.net/
finish off, something a little more advanced if you want to test your TCP/IP
is a command-line oriented TCP/IP packet assembler/analyzer. The
Get hping Here - http://www.hping.org/