PwnD: Is this guy a n00b, or what???

[Azurith]

So anyways, a few people may realize that I leech wifi from my neighbor. (Atleast, until tomorrow or whenever I get my broadband up. ^.^) Anyhow, there are 'other' things that I've done.. like, getting his & other's myspace account information and passwords. (I didn't do anything 'evil' with it. I think I still have them somewhere..) And a few other things, including his/her (apparently) 'private' email address.. which honestly wasn't 'that' private.. obviously.

So I decided to try and help them out..
What a waste of my time that turned out to be.

Never give out your password or credit card number in an instant message conversation.
Azurith (...Infinity^Infinity!..) says:Hello! ^.^
SamWorks Revolution Studios says:
helo??
Azurith (...Infinity^Infinity!..) says:
Yes, hello.. you know, a simple greeting?
SamWorks Revolution Studios says:
well just have one question right now, floating inside my head
SamWorks Revolution Studios says:
WHO THE **** ARE YA!
Azurith (...Infinity^Infinity!..) says:
Who am I?
Azurith (...Infinity^Infinity!..) says:
I thought so.. xD Just consider me a 'friend'.
SamWorks Revolution Studios says:
and just what does this friend want
Azurith (...Infinity^Infinity!..) says:
Just to say hi.
SamWorks Revolution Studios says:
i dont say hi to people i dont know
SamWorks Revolution Studios says:
and until i know you, you are no friend of mine
SamWorks Revolution Studios says:
so i can either block you and delete you, or you can tell me who the hell you are
SamWorks Revolution Studios says:
either way, your cal
SamWorks Revolution Studios says:
call*
SamWorks Revolution Studios says:
my patience grows thin
Azurith (...Infinity^Infinity!..) says:
I would just advise against that. I'm not implying anything, of course.
SamWorks Revolution Studios says:
then you have 3 minutes to tell me who you are and what you want and why this has to deal with me
Azurith (...Infinity^Infinity!..) says:
Well, it's like this.. I can either be a friend or an enemy.. it's really your choice.
Azurith (...Infinity^Infinity!..) says:
I'd rather be friendly towards anyone.
SamWorks Revolution Studios says:
im no friend of someone i dont know. so man up to your ''tough guy'' act and tell me who you are, instead of hiding behind a computer screen.
Azurith (...Infinity^Infinity!..) says:
Is this supposed to be a threat?
SamWorks Revolution Studios says:
i could have sworn you were the one making threats earlier. i am not threatening you. i just simply want to know you are and what you want with me
Azurith (...Infinity^Infinity!..) says:
But it really doesn't matter in the end. You'll ignore my advice, and then just block my msn nick, anyways.
SamWorks Revolution Studios says:
the terms were you tell me what you want or who you are, preferably both, and i wont block you
Azurith (...Infinity^Infinity!..) says:
Well, you have a myspace, I believe, correct?
SamWorks Revolution Studios says:
sure
Azurith (...Infinity^Infinity!..) says:
chevy77..?
SamWorks Revolution Studios says:
no
Azurith (...Infinity^Infinity!..) says:
Hmm.. I'll need to look into that later, then.. at anyrate, I just wanted to help you out. You should really disable print/file sharing, unless you really really need it, you know.
Azurith (...Infinity^Infinity!..) says:
And the other things.. *shudders*.
SamWorks Revolution Studios says:
ok?
SamWorks Revolution Studios says:
what do they have to do with
Azurith (...Infinity^Infinity!..) says:
For one, I can see any shared files.. you have.
Azurith (...Infinity^Infinity!..) says:
For two, I can write to the hdd.
SamWorks Revolution Studios says:
so what are you getting at
Azurith (...Infinity^Infinity!..) says:
Your security is shit. You need to disable file/printer sharing, disable netbios sessions altogether, and a few other things.
SamWorks Revolution Studios says:
again, what is your point and why are you here talking to me?
Azurith (...Infinity^Infinity!..) says:
But hey, whatever, man. I'll go leave you alone. As it's apparent you don't want my help.
SamWorks Revolution Studios says:
and where did you get my email
SamWorks Revolution Studios says:
you havent even made a point as to what help you offering
Azurith (...Infinity^Infinity!..) says:
..you simply don't understand. In which case, this is simply pointless.
SamWorks Revolution Studios says:
you have presented nothing to understand. and you still havent said who you are, where you got my email, and what you want from me.
SamWorks Revolution Studios says:
perhaps if you gave some of this information, id be more open to talking
Azurith (...Infinity^Infinity!..) says:
Would you prefere a resume, or do I need to fill out an application..?
SamWorks Revolution Studios says:
just say your name, and/or where you got my email, and what you want with me
Azurith (...Infinity^Infinity!..) says:
Seeing as this is now becoming pointless, just block me, ok? I won't be there to help you, though. 'My name is not important, but let me tell you my mantra: AkuSokuZan!'~~Saito (Rurouni Kenshin)
Azurith (...Infinity^Infinity!..) says:
In the end, you'll just be ****ing yourself, anyways.
Azurith (...Infinity^Infinity!..) says:
So have a nice day. ^.^
SamWorks Revolution Studios says:
just want to know where you got this email, this is a private email
Azurith (...Infinity^Infinity!..) says:
If I knew that it would be this pointless, I wouldn't have bothered trying to help you. Sorry for wasting your time. I' know when my help is not wanted.
Azurith (...Infinity^Infinity!..) says:
Goodday.
SamWorks Revolution Studios says:
bye

A few interesting bits:
'chevy77' is apparently the n00b's friend's myspace password.. xD I know I have the n00b's also, somewhere around here..

Exactly how much of a n00b IS this person???
I TOLD them blatantly that I could see certain files. I also informed them that I knew that they were running netbios sessions.. (..don't even get me started on netbios.) I also informed him that I KNEW that he used myspace, and then OPENLY stated how 'secure' his machine is.
Just reread the conversation, you'll find it's all there, somewhat subtle.

And the n00b 'threatens' to block my msn nick, which doesn't much matter to me, considering that I've blocked his. xD

So I atleast TRIED to help them. And I really would have, if they had taken my advice and let me help them.

But what the n00b failed to realize is that I have complete and total access to their network..

...exactly.

So the n00b can block my msn nick.. and..?

Having *cough*administrative*cough* access to the network..

I can ban the n00b's machine from their own network.. and thus, ban them from the internetz, completely. Altogether.

And THAT's just the 'EASY' stuff I can do to them..


PS>>> ...but If you happen to have the ip address of **.***.***.**, with a MAC-Address of 00:11:503:A0:78.. and just stumble upon this..
'Thanks for the free interwebz, n00b.'

~~Azurith
'My name is not important, but let me tell you my mantra: AkuSokuZan' ~~Saito

 

[Oblivion wielder]

Impresive 0_0....hope i knew stuff like that ..its kinda cool...

 

[The Midnighter]

Hahahahahaha
..
Ahahahahahaha XD

 

[TheTerrorofDeath]

Azu you are the shit. Would you mind telling me how you do just a bit of this stuff?

 

[Lord n00b]

Omg what the hell? Lmao. =D

Wow. Take me under your wing or something. Teach.

 

[The Midnighter]

There's nothing to teach, his network just isn't secured...

 

[Swag]

oh hell yes. All hail Azu. fcuking n00b lmfao.

 

[TheTerrorofDeath]

TM, I meant how do you hack into their system in the first place?

 

[Banishing Blade]

If some random person told me they could see my shared files, and could write on my HDD, I'd probably be all "WTF, who are you?" too.

 

[Lord n00b]

There's nothing to teach, his network just isn't secured...

Contrary to your thoughts TM, I was referring to him teaching me things in general, based off of how he sort of 'wowed' me with this situation.

Take me under your wing or something. Teach.

Maybe it gave you the wrong impression. Oh well.

 

[The Midnighter]

Get a wireless card, (Or bluetooth if you're rich) and find an unsecure wireless network ;P Or a WEP Secured one, and get a crack for it ;P

 

[Enigmacy]

Thats pretty funny that he didn't understand what you were saying after you said everything you could say to him. I mean, you were basically saying his account wasn't stable and secured, but he was like," Give me your reason for talkin' to me! I don't get it."

That was funny. You must be a pro at this dude- take me as your apprentice.:drool: :thumbsup:

 

[Azurith]

There's nothing to teach, his network just isn't secured...

Bingo.. and very secured it isn't. xD

(And this is a small list of just a few things I could have access to, do
1. The entire network.
2. The network's router.
3. Access to the target system's network shares. (Shared directories and files.)
4. Access to the guy's netbios sessions..
5. Unrestricted firewall/port access on the router.. (Great for setting up servers.. xD)
6. Certain 'other' machines on this particular network also shared files &/or printers..

Now, with a bit of creative ness, here's what you could theoratically do:
1. Setup an FTP server, and use the target machine as the 'storage' drive.
(Fairly simple.. *this* particular target machine had an extra 21.?+ gigs that I could read/write to.. making an FTP server.... obvious.)
2. Redirect print jobs to the target network printer, from some other network ip/machine. (Allows us to send 'stuff' to someone else's printer on the network.. much fun, indeed.)
3. Alot more.. won't get into that detail.

So, all I would need to do, is create the ftp server, and map the 'ftp shares' to the target machine's shared directories.. and then the machine's shared files are on the net for anyone. (I wouldn't however do this.. I *DO* have ethics.)

Here are a few ways to protect yourself:
1. Do NOT share files &/or printers.
(If you don't need to share either, turn them off in your network settings..)
2. Disable your machine from using netbios sessions.
(It's in the network properties.. and alternative is to disable/firewall ports 137-139. 139 is the primary netbios port.. but not the only one.)
3. If on a wireles network, encrypt your network connections with either a 13 hexpair (26 character) WEP (128bit encryption) key or the preferred WPA/WPA2...
(128bit WEP encryption is enough for most people.. also disable your network from broadcating the SSID's. -.-)
4. Disable all non-neccessary login accounts. (Especially 'guest'.)
5. For the love of all that is good an non-n00b..
CHANGE THE ADMNINISTRATIVE LOGINS/PASSWORDS ON YOUR NETWORK FROM THE DEFAULTS..

That much would actually be helpful to this particular 'noobs' network...

~~Azurith

 

[Savior of Dawn]

Now, with a bit of creative ness, here's what you could theoratically do:
1. Setup an FTP server, and use the target machine as the 'storage' drive.
(Fairly simple.. *this* particular target machine had an extra 21.?+ gigs that I could read/write to.. making an FTP server.... obvious.)
2. Redirect print jobs to the target network printer, from some other network ip/machine. (Allows us to send 'stuff' to someone else's printer on the network.. much fun, indeed.)
3. Alot more.. won't get into that detail.

So, all I would need to do, is create the ftp server, and map the 'ftp shares' to the target machine's shared directories.. and then the machine's shared files are on the net for anyone. (I wouldn't however do this.. I *DO* have ethics.)

Here are a few ways to protect yourself:
1. Do NOT share files &/or printers.
(If you don't need to share either, turn them off in your network settings..)
2. Disable your machine from using netbios sessions.
(It's in the network properties.. and alternative is to disable/firewall ports 137-139. 139 is the primary netbios port.. but not the only one.)
3. If on a wireles network, encrypt your network connections with either a 13 hexpair (26 character) WEP (128bit encryption) key or the preferred WPA/WPA2...
(128bit WEP encryption is enough for most people.. also disable your network from broadcating the SSID's. -.-)
4. Disable all non-neccessary login accounts. (Especially 'guest'.)
5. For the love of all that is good an non-n00b..
CHANGE THE ADMNINISTRATIVE LOGINS/PASSWORDS ON YOUR NETWORK FROM THE DEFAULTS..

That much would actually be helpful to this particular 'noobs' network...

~~Azurith

Is all that something you'd have to do to protect your PC, or is that just a general quality security idea?

Me, I just have fancy passwords and don't shut off any security. If I'm searching somewhere, I often set it to automatically refuse all cookies, cache, basically reject anything I don't specifically request, so they can't stick a damn thing on me. But, I don't have a PC, so the same process wouldn't really apply, I guess.

From the looks of this idiot's system, it almost looks like even I could get access to it. You must be very tempted to trash or mess with his system. : P

 

[Vayne Mechanics]

Bingo.. and very secured it isn't. xD

(And this is a small list of just a few things I could have access to, do
1. The entire network.
2. The network's router.
3. Access to the target system's network shares. (Shared directories and files.)
4. Access to the guy's netbios sessions..
5. Unrestricted firewall/port access on the router.. (Great for setting up servers.. xD)
6. Certain 'other' machines on this particular network also shared files &/or printers..

Now, with a bit of creative ness, here's what you could theoratically do:
1. Setup an FTP server, and use the target machine as the 'storage' drive.
(Fairly simple.. *this* particular target machine had an extra 21.?+ gigs that I could read/write to.. making an FTP server.... obvious.)
2. Redirect print jobs to the target network printer, from some other network ip/machine. (Allows us to send 'stuff' to someone else's printer on the network.. much fun, indeed.)
3. Alot more.. won't get into that detail.

So, all I would need to do, is create the ftp server, and map the 'ftp shares' to the target machine's shared directories.. and then the machine's shared files are on the net for anyone. (I wouldn't however do this.. I *DO* have ethics.)

Here are a few ways to protect yourself:
1. Do NOT share files &/or printers.
(If you don't need to share either, turn them off in your network settings..)
2. Disable your machine from using netbios sessions.
(It's in the network properties.. and alternative is to disable/firewall ports 137-139. 139 is the primary netbios port.. but not the only one.)
3. If on a wireles network, encrypt your network connections with either a 13 hexpair (26 character) WEP (128bit encryption) key or the preferred WPA/WPA2...
(128bit WEP encryption is enough for most people.. also disable your network from broadcating the SSID's. -.-)
4. Disable all non-neccessary login accounts. (Especially 'guest'.)
5. For the love of all that is good an non-n00b..
CHANGE THE ADMNINISTRATIVE LOGINS/PASSWORDS ON YOUR NETWORK FROM THE DEFAULTS..

That much would actually be helpful to this particular 'noobs' network...

~~Azurith

>.> I have to share a printer. We have 3 comps, but only 2 comps in which neither of the printers are connected to my comp. And the rest, I have no clue on what they are Dx

 

[Azurith]

>.> I have to share a printer. We have 3 comps, but only 2 comps in which neither of the printers are connected to my comp. And the rest, I have no clue on what they are Dx

You should actually be quite safe, as long as you have disabled file sharing, and aren't on an unencrypted wifi network..

(If you are using CAT5e network cables, the only two ways into your network is for someone to physically connect into the network through a EtherNIC (Ethernet network interface card) or through the internet.. the former being easier.

Now, you shouldn't need to worry about sharing printers, just as long as you are aware of the possibilities of others having access to said device.
(Meaning they could possibly if good enough, print anything they want.)

As long as you firewall yourself, you should be pretty safe.

(File sharing is alot more dangerous than just sharing printers..)

And those tips were just good all-round security tips in general.
Things that you generally would want to do to encrease your network's security.

(Basically, they are the basics of a good secure network. The fundamentals, but not the ONLY things.)

~~Azurith

PS> Also, if using a router (especially wifi routers) or other MAC based protocols, make SURE to ONLY enable the MAC address of *YOUR* MAC addresses, and disable ALL other addresses. (Simple enough in routers.)

This prevents anyone with a MAC that doesn't match one of your machines or router/server access to the network. WEP CAN be cracked quite easily.
(The FBI can do it in around 3 minutes.. 'average joe' probably takes a few hours to upwards of 20 days.)
Still, if someone cracks your WEP key and connects to the network, the MAC address of their equipment won't match, and will be rejected..

Although this won't keep the most dedicated people out, it will ensure that most won't bother. (All it would take is for them to clone the MAC address of the router/server.. and that's it. If you kept the router/server's passwords to default, then they could add a fake MAC, and use that as their own.. then giving them access to your system, either way.)

An extra note: If you have 3 devices and aren't using the other ips, make sure your router/server ONLY uses those ips.
Disabling all other non-essential ips will make sure there isn't an ip on your network that someone can get, and thus prevents access to your network.

 

[+Final Mix+]

I am impressed Azurith. I mean...how could anyone not understand what you were saying? It was pretty damn clear. That made my day waiting aimlessly for a game to ship to me all that much better.

 

[Faith Crest]

Wow, what a n00b. I guess you put him in his place, Azu. I'd feel sorry for the guy, but eh ... it's his own fault this has happened to him.

 

[9890]

Lol,
Well done Azurith. Can you do similar using cmd? If networked to other pc's?

 

[Azurith]

Lol,
Well done Azurith. Can you do similar using cmd? If networked to other pc's?

..well most of the netbios commands are relatively easy to use.. even for someone as yourself.

Probably the only things I used that don't come with WinXP installs are 'nmap' & 'wireshark'.. the rest of the stuff can practically be done with any type of commandline or other shell.

Nmap (Network Map) is a small 'simple' (for me, anyways..) and fast network scanner.
It has probably some of the best abilities for detecting machines on a network of any software.. and it *WAS* used in the 'Matrix'.. (It really was..)
(Wasn't much use, since I *KNEW* all the machines on the network, having access to the router's settings.. only thing it was useful for was scanning ports, which wasn't that necessary.)

'WireShark' was formerly known as 'Ethereal' (Ether-real), and is used to capture 'data'/'packets' over a network.. it's one of the best at this, along with a few others. (Ettercap comes to mind..)

Finally, a good 'ol live linux cd with the 'Auditor' (An advanced network security 'auditing' toolkit.. anything from WiFi (especially) networks, to most other types.)

And lastly.. 'good 'ol ms-dos'..
(The force is strong with this one..)

Firstly, there are many ways to discover 'other' machines on a network.
(Using either nmap, ms-dos ping, or the router configuration come to mind.)

Here are some ms-dos commands that can help.
(Not as powerful as linux bashe (Bourne Again SHEll) commands..)

C:>nbtstat (Parameters) (IP address)
(If target machine has netbios sessions enabled, it will return 'seemingly random' results, that actually give us quite abit of enumeration about the 'target'.)
C:>netstat (Parameters) (IP address)
(Best used to view connections to *your* machine.. at that's the best thing it's good for. IE, netstat -A (*YOUR* IP) will a quick list of all ips connected to your computer.)
C:>net (subcommand) (parameters) (IP address)
'Net help' will show all the available subcommands that you can use with the 'net' command.. very useful are the 'net view', 'net send' (If the user has enabled.. allows messages to be sent to the target machine, but reveals ip of the sender, thus it's ideal to fake your own ip.), 'net use', 'net print', etc.. you get the idea anyways.
C:>telnet (Only useful if the other machine is running a telnet server/service.. can be extorted to give commandline access to the other machine, in certain circumstances.)
C:>ping (IP address/url)
Will send a ping to the entered IP or URL, and also give latency results.

There are many many other commands, and I won't go into them.
These are just the main ones that ms-dos contains.

And that's going to be the end of this thread.. atleast the 'unethical' things, anyways.
Discover the rest on your own, period.

~~Azurith