The computer has more than 65000 ports, each of which can be used for interaction with the Internet. If any ports of the computer are open – that is are used by any given programs – it is possible to try to be connected to them from the remote computer.
Instruction
1. You should know the IP address of the computer to which you want to be connected. If the domain name is known, it is possible to define ip on one of the services existing on the Internet. For example, here: http://www.all-nettools.com/toolbox/smart-whois.php
Enter a domain name in the www.name.ru format – that is a website name without "http://", click "Submit". You obtain the IP address and all additional information on the website.
2. Now you need to define what ports on the computer interesting you are open. It becomes by scanning with use of special programs – scanners. The most known scanners – Nmap and XSpider. It is better for beginner to select the second, it is possible to find in network both the demoversion, and full version of the program.
3. Open XSpider, conduct the IP address, start scanning. After its termination you receive the list of open ports on the scanned machine. Existence of open port does not mean that you got access to the remote computer and says only that this port is used by some program. For example, port 21 – ftp, 23 – telnet, 4988 – Radmin, 3389 - Remote Desktop , etc. Gather in List of Ports and Their Services search engine, and you obtain detailed information.
4. You received the list of open ports. The next stage – search of an opportunity to get through these ports on remote machine. There is a lot of options, the main – password guessing or search and use of a suitable exploit. The exploit is the program code written under specific vulnerability.
5. If you want to learn to use exploits, download the Metasploit program. Several hundreds of exploits are its part, their structure is constantly updated. As a part of Metasploit there is also a Nmap scanner. Studying the program requires time and patience, but the result is worth it.
6. If you want fast result, download two programs: The VNC scanner with the Gui-interface (vnc_scanner_gui) and Lamescan. The first is very good and fast scanner convenient at scanning of specific port. For example, port 4899 used by the program of remote control Radmin.
7. Start the VNC scanner, specify port 4899, select the necessary country in the list and click "Get diap list". In a window the list of ranges of the IP addresses will appear at the left. Select several ranges (better 2-3), delete the others. Click "Start scan". After the end of process of scanning you receive the text file IPs.txt with the list of the IP addresses of computers at which port 4899 is open. Click "Start parser" - the list will be cleaned from all excess information, there will be only IP addresses.
8. Start the Lamescan program. Click in the Setup — the Basic menu. Put port number 4899. Enter paths to dictionaries of passwords and logins (find them in network). Click "Is ready". Now click a green plus and enter your naskanenny IP addresses into the appeared window and click a green arrow. Process of password guessing to the specified addresses will begin. In most cases selection is unsuccessful, but from one hundred addresses will appear with simple passwords a little.
9. Download and install the Radmin program. Start it, enter the computer address with the picked-up password. In the appeared window enter the password (and the login – if data to the program with the login and the password picked up). There will be a blue icon of connection, and several seconds later you will see at yourself on the screen a desktop of the remote computer.