How To Hack Someone By Knowing Their IP

13/07/2011 09:36


1. Welcome to the document created by aCId_rAIn NETBIOS. This document will teach you a few things about NetBIOS, making it, how to use, how to cut with it, and some other simple DOS commands that will be useful for you in the future. This document is only NEWBIE! If you are a beginner then do not go beyond reading this, because if you're smart enough you probably already know this. So do not waste time reading something you already know yurt.

1. Hardware and software version

1a. BIOS

The BIOS stands for Basic Input / Output Services, is the PC control program. He is responsible for starting the computer, transferring control of the system to its operating system, and for handling other low-level functions such as disk access.

Note that the BIOS is not software, since it is not removed from memory when the computer is turned off. It

firmware, which is basically software on a chip.

A little handy feature that most BIOS manufacturers include a password at startup. This prevents access to the system until you enter the correct password.

If you are unable to access the system when the password is entered, then there are many software-based BIOS password extractors common H / D / H / V site.

NetBIOS / nbtstat - What to do?

2. NETBIOS, also known as NBTSTAT is a program that runs on the Windows system and is used to identify a remote network or computer for file sharing is enabled. Operating systems technology that can use this method. This may be old, but the PC at home is sometimes it works just as well. You can use your friend at home or something. I do not like what you do, but remember, you read this document and want to learn. So I'm going to teach. Ok, then ask yourself, "How I can get NBTSTAT?" Well there are two ways, but is faster.

Method 1: Start> Programs> MSDOS> prompt, type nbtstat

Method 2: Start> Run> type command> type nbtstat

(Note: Please, help your poor soul, if it is like feeding a baby with a spoon.)

Ok! Now that you have less than a NBTSTAT DOS, you're probably wondering what all the bullshit is on the screen. These are the commands you can use. I'm just going to give you what you need to know because you will be l33t. Screen should look like this:

NBTSTAT [[remote-name] [IP address] [-c] [-n]

[-R] [-R] [-RR] [-s] [-S] [interval]]

-A (Adapter status) Lists the table name of the remote machine called

A list (adapter status) table name of the remote host given its IP address.

-C (cache) Display the NBT Remote Cache [machine] names and IP addresses

N (s) View local NetBIOS names.

-R (vaguely) Displays the names resolved by broadcast and via WINS

-R (reload) the purges and reloads the remote cache name table

-S (Sessions) Displays the session table with the destination IP addresses

-S (Sessions) Lists sessions table converting destination IP addresses to NetBIOS computer names.

-RR (ReleaseRefresh) sends packages version name to WINS and then upgrade from

name of the remote machine name of the remote server.

IP address Dotted decimal representation of an IP address.

interval reappears selected statistics, pausing interval seconds between each display. Press Ctrl + C to stop redrawing


C: \ WINDOWS \ Desktop>

Only two commands, which will be used, and here they are:

-A (Adapter status) Lists the table name of the remote machine called

-A (adapter status) Lists the table name of the remote machine's IP address.


Now third, one way you write the hostname of the computer of the person, you try to access it. Just in case you have no idea what a host name as is an example.

There are many variations of these addresses. For each address, you will see there is a new ISP assigned to that computer. look at the difference.


these are differnet host names as you can see, and by identifying the last two words, you can say that these are two teams from two different suppliers. Now, here are two host names on the same ISP, but find another server.

IP addresses

4. It resolce these host names if you want the IP address (Internet Protocol)

IP addresses range in different numbers. An IP address looks like this:


Most of the time you can tell if your computer is running a cable connection because the IP address is a number. With faster connections, usually within the first two digits are low. This cable IP.

IP modem connections are higher, like this:

208 148 255 255

notice 208 is greater than 24, which is a cable connection.

Remember, however, not all IP addresses like this.

Some companies make IP addresses like this to fool the hacker into believing it is a modem connection, an attacker could expect something big, like a T3 or OC-18. Anyway This gives you an idea of ​​the IP addresses you want to use the nbtstat command.

Get IP DC (direct connection)

5. In the first place. You are going to need to find its IP address or host name. In both cases it works. If you have mIRC, you can get by typing / whois (nick) ... where (nick) is a nickname for people without parentheses. You can have a host name or IP. copy down. If you do not understand or do not use mIRC, you need direct access to your computer, or you can use smell to find his IP or host name. In fact it is better to do it without the sniffer because most sniffers do not work now-a-days. So you want to create a direct connection to the computer. OK, this is a direct link? When you are in:

Sending a file on their computer, you are directly connected.

AOL Instant Messenger allows direct connection to the user if they are accepted.

ICQ when sending a file or a chat request can sense a direct connection.

Every time you send a file. They are directly connected. (Assuming you know that you are not using a proxy server.)

Voice chat on Yahoo establishes a direct connection.

If you have any of these programs, either, I suggest you get one, get a sniffer, or read this next sentence.

If you have any way to send a link to your site Thema allowing traffic statistics of the site, and you can connect, you can send a link to your site, see the stats and get the IP address of visitors this year. It is a simple and easy I use. It can even fool some smarter hackers, because it takes them unawares. In short, when you are directly

connected through one of two methods that I showed before and get into DOS mode. Type netstat-n. Netstat is a program that is the name stands for net statistics. It will show you all computers connected to yours. (This is also useful if you think you are attacked by a Trojan horse and is a port that you know as seven secondary 27 374). The screen should look like this showing the connections to your computer:

-------------------------------------------------- ----------------------------------------------

C: \ WINDOWS \ Desktop> netstat-n

Active Connections

Proto Local Address Foreign Address State






C: \ WINDOWS \ Desktop>

-------------------------------------------------- ----------------------------------------------

The first line indicates the protocol (language) that is used by both teams.

TCP (Transfer Control Protocol) is used here and is more commonly used.

The local address is the IP address or IP address of the system for you.

The foreign address is the computer.

The state tells you what type of connection ESTABLISHED - means it will be linked to you while you are on the program, or as long as your computer is to allow or require other computers. CLOSE_WAIT means the connection is closed at the time and waits until it is needed or you resume connection to be made again. He who is not on the list is TIME_WAIT which means it is timed. Most of the ads that run on AOL, using state TIME_WAIT.

How do you know the person is directly connected to your computer because of this:

-------------------------------------------------- ----------------------------------------------

C: \ WINDOWS \ Desktop> netstat-n

Active Connections

Proto Local Address Foreign Address State






C: \ WINDOWS \ Desktop>

-------------------------------------------------- ----------------------------------------------

Note the host name is included in the fourth line, instead of the IP address at all. It is almost always the second computer with you. So here, now you have the host name:

If the host name is not listed, and IP addresses so that it is not a problem, either because they work exactly the same thing. I use the hostname as an example. Ok, so now you have the intellectual and / or host name of the remote, you will connect. Time to hack!

Open your DOS command. Open by typing nbtstat nbtstat. Ok, there's this shit again. Well, now time to test what you leanred from this document by testing it on IP and / or hostname of the remote system. Here's everything you need to know.

IMPORTANT, read now!

-A (Adapter status) Lists the table name of the remote machine called

-A (adapter status) Lists the table name of the remote machine's IP address.

Remember this?

Ready for use.

-A will be the host name

-A will be the IP address

How do I know this?

Read testimonials, after-a-A commands. It tells you there what each command takes.

So you find the one you use?


It's time to start.

Using to their advantage

6th Sign this if you have the host name only.

Nbtstat-A (here set hostname without parenthesis)

This type is that it has the IP address.

Nbtstat-A (this position in the IP address without parenthesis)

Now, enter and wait. Now, one of two things became

First Host not found

2nd Something that looks like this:


Local NetBIOS name table

Name Type Status


GMVPS01 <00> UNIQUE Registered


GMVPS01 <03> UNIQUE Registered

GMVPS01 <20> UNIQUE Registered

WORKING GROUP <1E> Group recorded


If the computer responded "Host not found" So one of two things:

You screwed up the first host name.

2. The host is not hacking.

If a number is the case, you're lucky ones. If two, this system is not hackable using the nbtstat command. So try another system.

If you have a table, go up, watch carefully as I described to you each part and its purpose.

Name - The name of this share any equipment

<00> <03> <20>, <1E> - are the hexadecimal value of codes will give you the services available, the share name.

Type - is self-explanatory. It is either turned on or activated by you, or always on.

State - states only that the share name is working and is in use.

See above, and then locate the following line:

GMVPS01 <20> UNIQUE Registered

See it?

GOOD! Now what is important to listen. Hexidecimanl Code <20> means that file sharing is enabled on the share name that is in line with the hexadecimal number. This means that file sharing has GMVPS01. So now you want to hack it. Here's how. (This is the hardest part)

LMHOST files

7. This is a file on all Windows systems called LMHOST.sam. Simply add the IP address in the LMHOSTS file because LMHOST acts as a network, it automatically connects to it. Then go to Start, Find, Files or Folders. LMHOST Type and hit enter. when trying to open a text program like WordPad, but make sure not to leave the mark of "always open files with this extension" on that. Just go in the LMHOSTS file to the game:

# This file is compatible with Microsoft LAN Manager 2.x TCP / IP LMHOSTS

# Files and offers the following extensions:

# # PRE

# # DOM:

# # Include



# \ 0xnn (without printing character support)

# Following any entry in the file with the characters "# PRE" will

No. Admission preloaded into the name cache. By default, entries are

# No pre-installed, reconfigured, but only a dynamic name resolution fails.

# Following an entry with "# DOM:" tag will associate

# Enter the specified domain. This affects the way the

# Browser and logon services behave in TCP / IP environments. Preload

# The host name associated with # DOM entry, it is necessary to also add a

# # PRE to the line. It is always preloaded although it will not

# Display the name cache is viewed.

# Specifying "# include" force the RFC NetBIOS (NBT)

# Software to seek specified and analyzed as if it were

Local #. is generally a UNC-based,

# Centralized LMHOSTS file can be maintained on the server.

# It 's always necessary to provide the mapping of IP addresses

Server # before the # include directive. This mapping is used to # PRE directive.

# In addition, the share "public" in the example below, must be

# LanManServer list of "NullSessionShares" client machines

# Being able to read the success LMHOSTS file. This key is

# \ Machine \ System \ CurrentControlSet \ Services \ Server-lanman \ Parameters \ NullSessionShares

# In the log. Simply add "public" to the list from there.

# # # END_ALTERNATE BEGIN_ and keywords allow multiple # include

# Statements to be assembled. Any single successful include

# Get the group to succeed.

# Finally, non-printable characters can be incorporated in the polls by

# First surrounding the NetBIOS name in quotes, then using

# \ 0xnn Ratings specify a hexadecimal value of a print no.

Read this again and again until you understand how you want your connection is resolved. An example of how you can add a POI as I would:

# PRE # DOM: 255102255102 # include

Pre will preload the connection as soon as you log on the web. DOM is the domain or IP address of the host you are connecting. INCLUDE automaticall will put you in this file path. In this case, as soon as I log on the net I'll have access to 255 102 255 102 in C: / drive. The only problem with this is that by the netstat command while you are connected and get IP on your machine. This is why it only works on simple PC machines. Because people these days are computer illiterate and have no idea what these commands can do. They have no idea what is netstat, you can use it to your advantage. Most computer systems are a little hard to hack with this method now because they are safer and can tell when another system is trying to access. In addition, besure you (somehow) know whether they run a firewall or not, because it will block the connection to his computer.


7. After adding this file LMHOST. You are basically done. You just need to go:




Once there, simply type the IP address or hostname of the system. When he arrives, just double click it and boom! There is a GUI for you if you do not have to use the two together. You can use DOS to do it, but is easier and more fun that way, so the only way to put it. When you open the system, you can edit, delete, rename, do anything to any file you want. I would also remove the script file in C: / because you can use if you think someone is on your computer. Or just delete the shortcut. So here is where the programming is very convenient. Instead of using the method of NBTSTAT all the time, you can set your own Trojan horse in its own port number and upload it to the system. Then you will have easier access and you will also have a graphical user interface better with more features. Do not allow more than one connection to the network unless they are on a faster connection.

Most systems do not use a firewall, and do it better, do not know what to do with the firewall, thus leaving a space in the system. To help you in some way, would be a good idea to collect some programming languages ​​to show how the computer reads data from and to learn some things in the TCP / IP (Transfer Control Protocol / Internet Protocol) If you want to find out if they are running a firewall, just jump on the proxy and port scan on their IP. You'll see, if you are running a firewall, since most of the doors are closed. In both cases, you still have a better chance of hacking a system from Microsoft of hacking.

If you download something on your computer, and do not know, and have a slow connection, they may check the netstat command to see what is connected, which shows the IP and make them suspicious. That's it. All of this is. Go out and scan the network or something and find a computer port 21 or something open.