IP to hACK

How Hackers Use Your IP Address to Hack Your Computer & How to Stop It

Your IP (Internet Protocol) address is your extraordinary ID on the web. It's synonymous with your place of residence. Anybody on the planet can contact your PC through its IP address, and send a recover data with it. 

I'm certain at some time you've heard that programmers can hack your PC through your IP address. This is one reason intermediaries and namelessness administrations exist, to shield individuals from taking in your IP address. So how are programmers utilizing only a deliver to get into your PC and make your life damnation?

Open ports. Your PC runs administrations like media sharing on what are called ports. A port is only an opening that an administration utilizes as an interchanges endpoint. There are 65,535 aggregate distributed ports in TCP/UDP. To misuse an administration on a port, a programmer would standard snatch for the product and form. After they discover that data, they would scan locales like Packet Storm for known adventures to keep running against the administration. 

The present Null Byte will exhibit a basic "port sweep" on neighborhood PC utilizing Nmap, and show how a programmer would abuse these administrations, and in addition how to protect ourselves against it. This will be done under Linux, yet Nmap is accessible for all stages. In the event that you can't make sense of how to introduce it in Windows with the GUI installer (no doubt, right), take after along utilizing Cygwin.

Step 1 Download & Install Nmap

Bold words are commands that must be entered in a terminal emulator.
First, we must download Nmap, which is going to be our tool that we use for port scanning and information gathering:
    wget http://nmap.org/dist/nmap-5.51.tar.bz2
Now, extract the archive:
    tar -zxvf nmap-5.51.tar.bz2
Change to the newly made directory:
    cd <directory name>
This is the standard installation procedure:
   ./configure
   make && sudo make install
Nmap should now be installed!

Step 2 Scan for a Target

Let's scan a local computer. I'm going to use a website as an example, rather than a local computer. This is because my firewall is absolutely crazy, and filters out scans. Don't scan a remote computer with the intentions of doing bad deeds. This is for educational purposes only.
Start by mapping out your local network:
    sudo nmap -sP 192.168.1.0/24
That should return a list of hosts that are up for a port scan!

Step 3 Scan Your Individual Target

Out of the returned list of targets, pick one that you would like to scan for services. Let's do a full scan of all the TCP/UDP ports:
    sudo nmap -p 1-65535 -T4 -A -v <target IP goes here>
As you can see, this target has MANY open ports. SSH piques my interest, so let's move on to banner grabbing to learn the software version or our choice of service.

Step 4 Banner Grabbing

For this, you can use the regular ol' telnet client. Telnet comes with Windows and most Linux distros:
    telnet <host IP> <port banner to grab>
From this, I would learn which software version the service is running, then see if I can find a way to exploit it.

How Can I Protect Myself?

Luck for all of you lovely people, I recently made a tutorial on iptables, which will filter out unwanted connections. Also, disable any unnecessary programs that connect to the internet (remote administration, media sharing, etc).
Windows users, install Comodo firewall, it's incredible and uses a simple point and click installation, and will filter ports for you. It has great default settings and it is free.

Comments

Post a Comment

Popular posts from this blog

Fake WAP

Image
Fake WAP There are a horde of things out there that goes under the general name 'hacking.' But what precisely are these demonstrations and what is the completely most effortless one for programmers to finish? This is a stealth assault, similar to a lethal ninja, known as a phony remote access point (Fake WAP). You may likewise know it as a 'man in the center' assault. Programmers can do this effectively enough, taking your information covertly with the goal that you're unaware. More regrettable yet, you'll HELP them do it! A VPN is your vital component to ensuring this doesn't transpire, regardless of the possibility that you do fall into their trap. As a reward, I get the chance to add pictures of ninjas to this post and it absolutely bodes well. What is a fake wireless access point This is the point at which a programmer utilizes a basic bit of programming and a remote system get to card. They will utilize these and go out into the general
Read more

The Secure Socket Tunneling Protocol

Image
The Secure Socket Tunneling Protocol This segment depends on a prerelease adaptation of Windows Server 2008. All data in this is liable to change. Virtual private system (VPN) bolster in Windows XP and Windows Server 2003 enables you to interface with your private intranet over the Internet, similarly as though your PC was connected to a neighborhood Ethernet port. Nonetheless, the VPN conventions in Windows XP and Windows Server 2003 don't work for some firewall arrangements what's more, for some circuitous arrangements, for example, when your PC is behind a Network Address Translator (NAT) or Web intermediary server—in which the movement for VPN associations is being blocked. To determine these challenges, Windows Server® 2008 and Windows Vista Service Pack 1 incorporate help for the new Secure Socket Tunneling Protocol (SSTP). VPN Access Problems In Windows® XP and Windows Server 2003, the VPN conventions that empower remote access associations with an intranet
Read more

Shift cipher

Image
Shift cipher Modular Math and the Shift Cipher The Caesar Cipher is a type of  shift cipher . Shift Ciphers work by using the modulo operator to encrypt and decrypt messages. The Shift Cipher has a  key K , which is an  integer from 0 to 25 . We will only share this key with people that we want to see our message. How to Encrypt: For every letter in the message  M  : 1.  Convert the letter into the number that matches its order in the alphabet starting from 0, and call this number  X . ( A=0, B=1, C=2, ...,Y=24, Z=25) 2.  Calculate:  Y  =  (X + K)  mod  26 3.  Convert the number  Y  into a letter that matches its order in the alphabet starting from 0. (A=0, B=1, C=2, ...,Y=24, Z=25) For Example:  We agree with our friend to use the Shift Cipher with  key K=19 for our message.  We encrypt the message  "KHAN",  as follows:​ So, after applying the Shift Cipher with key K=19 our message t
Read more