Windows LMHOST Hack by: bT This vulnerability is something I came across in my long learning process. It is a nice thing to know and may come in handy for purposes only you can decide. The first thing I recommend doing is downloading Legion from Rhino9's site (www.rhino9.com). You dont need Legion to do this but it saves alot of time. This hack will allow someone to gain full access to c:\ and any other shared drives and printers. VULNERABILITY CHECK: To see if your target is vulnerable to this hack goto the DOS prompt and type NET VIEW \\. If you see an error 53 than the computer isnt vulnerable and you cannot do the hack. If you see a list of "shares" than your good 2 go. DETAILED INFO: The Lmhost hack is done through somehting called Shares. Shares are what windows uses to share resources from computer to computer. If you wanted to allow yourself to access your computer from work you would setup a share so you could share resources from computer to computer. LMhosts is the mapping of IP addresses to NT computer names (Netbios names). THE HACK: If the computer is vulnerable than you now can exploit it. The first thing you need to do is get the Target IP Netbios names. that can be done by going to the DOS prompt and typing NBTSTAT -A . You should see something like: NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- WORKSTATION14 <00> UNIQUE Registered SMUMN-GRADUATE <00> GROUP Registered WORKSTATION14 <03> UNIQUE Registered STUDENT14 <03> UNIQUE Registered Now Take the first computername which is WORKSTATION14 and write it down. Now in notepad open up LMHOSTS.SAM in c:\windows\ (win95) or LMHOSTS in c:\winNt (NT). Scroll down to the very bottom and add this line to it: Here is an example: Target-IP-addy is 255.255.255.255 and the computer name is WORKSTATION14 than you would add this to lmhosts: 255.255.255.255 WORKSTATION14 Now Save it and close it. Goto Start\Find\Computer and type in the computername which in our example would be WORKSTATION14. It should find it and now youll be able to access their c:\ remotely using win95. USING LEGION: Legion is a Class C subnet scanner which looks for "Shares". It works as a domain scanner would and it searches 255.255.255.XXX . This saves alot of time cause you can scan a whole ISP for vulnerable computers to exploit. The program itself is pretty easy to use so I will not go any farther into detail. HELP: If you need any help you can mail me at sysadm@theglobe.com or find me on IRC in DALNET (irc.dal.net). I hang in #HackerzLair and i run my own channel #MobSquad.