Ip Addresses Torn Apart
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Ip Addresses Torn Apart as PDF for free.
More details
- Words: 3,769
- Pages: 9
IP Addresses Torn Apart Every system connected to the Internet or connected to a particular network has a unique Internet Protocol Address of an IP Address. Just as in the real world every person has his or her own Home Contact Address, similarly every system connected to the Internet has its own unique IP Address. Your IP Address is the address to which data should be sent to ensure that it reaches your system. The IP Address of a system acts as the system’s unique identity on the net. One of my earlier manuals described an IP Address in the following words: ‘….Like in the real world everyone has got an individual Home Address or telephone number so that, that particular individual can be contacted on that number or address, similarly all computers connected to the Internet are given a unique Internet Protocol or IP address which can be used to contact that particular computer…..’ Now, that you know what exactly an IP Address is, let us move on to the structure of IP Addresses. An Internet Address (IP Address) is a 32-bit address or number, which is normally written as four decimal numbers (of 8 bits each) , each separated from the other by a decimal.. This standard is known as the dotted-decimal notation. Example: A Typical IP Address would be as follows: 202.34.12.23 It can be further broken down as: 203 representing the first 8-bits. 34 representing the next 8-bits. 12 representing the third 8-bits. 23 representing the fourth 8-bits. Thus when considered together 202.34.12.23 represents 32-bits. So basically we can conclude that each decimal in an IP Address represents 1 byte or 8 bits. It is important to note than an IP Address can contain numbers from 0-255. There are a huge number of IP Addresses in use in the present day wired age. All these IP Addresses have some sort of relation with each other and each individual IP Address can reveal a lot of secrets about the Network, of which it is a part. Before we move on to that, we need to understand the fact that all IP Addresses being used are divided into a number of ranges, which are as follows: Class A B C D E
Range 0.0.0.0 to 127.255.255.255 128.0.0.0 to 191.255.255.255 192.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255 240.0.0.0 to 247.255.255.255
So, we can easily conclude that one can find out the Class to which an IP Address belongs to simply by comparing the numeral before the first decimal of the IP Address with the above table. For Example: In The IP Address 203.43.21.12, the number before the first decimal is 203 and the above table tells us that it belongs to Class C of the range of IP addresses. The various IP Addresses are divided into the different classes on the basis of the structure of their Network or in other words on the basis of what the various numbers separated by decimals actually stand for. To understand this, let us refer to the following: Class A B
Information It has the first 8-Bits for Netid and the last 24-bits for Hostid It has the first 16-Bits for Netid and the last 16-bits for Hostid
C D E
It has the first 24-Bits for Netid and the last 8-bits for Hostid It represents a 32-bit multicast Group ID. Currently not being used.
The above table will be clearer after reading the following examples: Examples: An IP Address 203.45.12.34 belonging to Class A means that the network ID is 203 and the host ID is 45.12.34 If the Same IP Address belonged to Class B, then the network ID would become 203.45 and the host ID would become 12.34 And if it belonged to Class C then the network ID would become 203.45.12 and the host ID would become 34. Almost all ISP’s prefer to use a Class B Network. If that is the case then each time you login to your ISP, then the first 2 octets of your IP Address would not change, while the last two are likely to change. However, even if only the last octet changes, and the remaining three remain constant, it is likely that the ISP uses Class B addressing. (Subnetting comes in. Explained later in the manual) ***************** HACKING TRUTH: How do you find out the IP Address of your own system? In order to get your own IP Address all you have do is, follow the below process: Connect to the Internet. Launch MSDOS. Type: netstat –n at the prompt. You will get an output similar to the below: C:\WINDOWS>netstat -n Active Connections Proto Local Address Foreign Address State TCP 203.94.253.183:1025 64.4.13.56:1863 ESTABLISHED TCP 203.94.253.183:1031 209.143.242.119:80 ESTABLISHED The IP Address shown under the Local Address Field denotes the IP address of your system. ***************** An IP Address, which belongs to the Class-A addressing system having a network ID equal to 127, is referred to as the special address. It is actually known as the Loopback Interface. It allows clients and servers on the same system to communicate with each other. The loopback address, which is commonly used, is 127.0.0.1. Almost all systems have also given the loopback address the special name ‘localhost’. Till now we learnt that an IP Address is a decimal notation of a computer’s address in the wired world. However, the address of a computer does not have to necessarily be in the decimal notation form. We will learn about the various forms of an IP Address in the following section. An IP Address does not necessarily have to be represented in the dotted decimal form. There is more than a single way in which one can represent an IP Address. Some of there are as follows-:
1. Decimal System: If an IP Address is being represented in the Decimal system, then it means that it is being represented in the Base 10 system. The normal IP Addresses are represented in the Decimal System. Example: 216.115.108.245
2. Domain Name System: If an IP Address is being represented in the form of human recognizable characters and names then it is said to be in the form of DNS system. Example: www.yahoo.com
3. DWORD Format: DWORD is short for double word. It basically consists of two binary "words" (or lengths) of 16 bits. However, it is almost always represented in the decimal number system i.e. having a base 10. Example: D8736CF5, which when represented in the form of a decimal number system with a Base 10 becomes 3631443189
4. Octal System: If an IP Address is represented in the octal system, then it means that it is being represented in the Base 8. Example: 33034666365
5. Hexadecimal System: If an IP Address is represented in the Hexadecimal System, then it is actually being represented in the Base 16 system.
6. A Cross Breed: If an IP Address is being represented in the mixture of any of the above two systems, then it is said to be a Cross Breed. All the examples portrayed above are some form or the other of the same address of the same system. What I mean to say by this is that typing any of the following in your browser will take you to the same site: http://www.yahoo.com/ , 3631443189, 33034666365 and 216.115.108.245. The Binary form of this address, which is 11011000011100110110110011110101 may also work with certain applications. NOTE: Please note that not all of the above work in all browsers. And if you or your ISP has a Proxy or a firewall installed then some of the above may not work. The author does not hold any responsibility for failure of working on any of the above. Now, that you have seen the various forms in which an IP Address can be represented let us move on to as to how one can convert the domain name into the above different forms. To understand how the conversion works, let us take http://www.yahoo.com/ as the example domain. The first step in our quest to represent http://www.yahoo.com/ in various forms of IP’s is to get its normal decimal-dotted IP Address. One can easily get the IP Address of a domain by various methods like WHOIS, netstat, ping, traceroute etc. In this manual, I have used ping to get the IP: C:\WINDOWS>ping yahoo.com Pinging yahoo.com [216.115.108.245] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. The above screenshot clearly shows that the IP Address of our example target system is 216.115.108.245. Now that we have the IP Address, let us move on to converting it into other forms.
In order to convert a decimal dotted IP Address into its DWORD equivalent, one has to consider each number separated from the other number by a decimal separately. So, in effect, 216.115.108.245 is broken down into: 216.115.108.245= 216 115 108 245 Now, first one has to convert the above decimals into their hexadecimal equivalents. This can easily be done by referring to the below Decimal into Hexadecimal chart (or vis-a-versa):
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 000 016 032 048 064 080 096 112 128 144 160 176 192 208 224 240
1 001 017 033 049 065 081 097 113 129 145 161 177 193 209 225 241
2 002 018 034 050 066 082 098 114 130 146 162 178 194 210 226 242
3 003 019 035 051 067 083 099 115 131 147 163 179 195 211 227 243
4 004 020 036 052 068 084 100 116 132 148 164 180 196 212 228 244
5 005 021 037 053 069 085 101 117 133 149 165 181 197 213 229 245
6 006 022 038 054 070 086 102 118 134 150 166 182 198 214 230 246
7 007 023 039 055 071 087 103 119 135 151 167 183 199 215 231 247
8 008 024 040 056 072 088 104 120 136 152 168 184 200 216 232 248
9 009 025 041 057 073 089 105 121 137 153 169 185 201 217 233 249
A 010 026 042 058 074 090 106 122 138 154 170 186 202 218 234 250
B 011 027 043 059 075 091 107 123 139 155 171 187 203 219 235 251
C 012 028 044 060 076 092 108 124 140 156 172 188 204 220 236 252
D 013 029 045 061 077 093 109 125 141 157 173 189 205 221 237 253
E 014 030 046 062 078 094 110 126 142 158 174 190 206 222 238 254
F. 015 031 047 063 079 095 111 127 143 159 175 191 207 223 239 255
Thus we get: 216=D8 115=73 108=6C 245=F5 As a result, 216.115.108.245 = D8736CF5 It is important to note that D8736CF5 is the Hex equivalent of our IP and would always be a eight character long representation, however, as a DWORD value is represented in the base-10 system, we also need to convert in into the Decimal form. In order to do so, we need to follow the below process: 1. 2. 3. 4.
Click on Start > Programs > Accessories > Calculator. Click on View > Scientific Now, select ‘Hex’ from the right top corner and type in D8736CF5 in the field. Then click on Dec (Decimal). You will find that the value that you typed in would have changed to: 3631443189.
Thus you now have the DWORD value represented in the Base-10 system. Typing http://www.yahoo.com/ or 3631443189 or 216.115.108.245 in your browser would all take you to the same site.
For all those of you to whom the above process seems to be extremely cumbersome, the following Perl Script too would do the same process less the calculations: _____________________________ #!/usr/bin/perl # By Ben H. Originally by neeko. # Usage: dword.pl [ -q | --quiet ] host/ip # use Socket; use Math::BigInt; my $quiet, $host, @ip;
# for gethostbyname() # so it fits.. # get some vars started.
if ( $#ARGV < 0 ) { print "$0"; print "Usage: $0 [-q | --quiet] host \n"; exit; } if ( $ARGV[0] =~ /-q|--quiet/ ) { $quiet=1; $name = $ARGV[1]; } else { $name = $ARGV[0]; } @host = gethostbyname( $name ); # get the ip, if a hostname is used $foo = $host[4]; # This parses the result of the gethostbyname into numbers for $n (1..4) { $ip[$n] = ord( substr( $foo , ($n-1) , 1 ) ); } if ($quiet != 1) { print "$name = $ip[1].$ip[2].$ip[3].$ip[4] = "; } for $n (1..4) { $ip[$n] = ( $ip[$n] * ( 2 ** ( ( 3 - ($n-1)) * 8 ) ) ); } print ($ip[1] + $ip[2] + $ip[3] + $ip[4]); print "\n"; exit; ____________________________ ******************* HACKING TRUTH: One can arrive at the DWORD in the base-10 value by the following mathematical formula too: IP Address= 216.115.108.245 (Found out Above) Value of DWORD in Base-10 system: 3631443189 (Calculated) 216 115 108 245
* * * *
(256)3 (256)2 (256)1 (256)0
= 216 = 115 = 108 = 245
* * * *
16777216 65536 256 1
= 3623878656 = 7536640 = 27648 = 245
Adding the last column we get: 3631443189, which is equal to the DWORD value that we calculated earlier. ***************** Without closing the Windows Calculator, one can get the various other forms of the same IP Address (216.115.108.245) by simply selecting the corresponding number system. To get the Binary form of the IP Address, one needs to follow the below process: 1. 2. 3. 4.
Click on Start > Programs > Accessories > Calculator. Click on View > Scientific. Now, select ‘Hex’ from the right top corner and type in D8736CF5 in the field. Then click on Bin (Binary). You will find that the value that you typed in would have changed to: 11011000011100110110110011110101.
Please note that most browsers do not accept IP Addresses in Binary. The only way to use them would be by converting them to their Decimal form, which would actually be nothing but the DWORD form represented in the base-10 system. To get the Binary form of the IP Address (216.115.108.245), one needs to follow the below process: 1. 2. 3. 4. 5.
Click on Start > Programs > Accessories > Calculator. Click on View > Scientific. Now, select ‘Dec’ and type in the first part of the IP Address i.e. 216. Now, select ‘Oct’, this will give you the Octal equivalent (i.e. 324) of the first part of the IP Address. Note this down somewhere and follow the process for all parts of the IP Address.
Thus 216.115.108.245, would become: 216= 330 115=163 108=154 245=365 Now, when you type the Octal equivalent of the IP Address in your browser then you have preeceed each field with a ‘0’. Thus in our example: http://216.115.108.245 becomes http://0330.0163.0154.0365/ One could also have used the below chart for the conversion process:
0 1 2 3 4 5 6 7 8 9 A B
0 000 020 040 060 100 120 140 160 200 220 240 260
1 001 021 041 061 101 121 141 161 201 221 241 261
2 002 022 042 062 102 122 142 162 202 222 242 262
3 003 023 043 063 103 123 143 163 203 223 243 263
4 004 024 044 064 104 134 144 164 204 224 244 264
5 005 025 045 065 105 125 145 165 205 225 245 265
6 006 026 046 066 106 126 146 166 206 226 246 266
7 007 027 047 067 107 127 147 167 207 227 247 267
8 010 030 050 070 110 130 150 170 210 230 250 270
9 011 031 051 071 111 131 151 171 211 231 251 271
A 012 032 052 072 112 132 152 172 212 232 252 272
B 013 033 053 073 113 133 153 173 213 233 253 273
C 014 034 054 074 114 134 154 174 214 234 254 274
D 015 035 055 075 115 135 155 175 215 235 255 275
E 016 036 056 076 116 136 156 176 216 236 256 276
F. 017 037 057 077 117 137 157 177 217 237 257 277
C D E F
300 320 340 360
301 321 341 361
302 322 342 362
303 323 343 363
304 324 344 364
305 325 345 365
306 326 346 366
307 327 347 367
310 330 350 370
311 331 351 371
312 332 352 372
313 333 353 373
314 334 354 374
315 335 355 375
316 336 356 376
317 337 357 377
******************** HACKING TRUTH: In an Octal IP Address there can be any number of zeros preceding the numbers, without resulting in a change in the address of the remote system. This means that http://0330.0163.0154.0365/ can also be written as http://000330.000163.000154.000365/ ******************* Typing http://www.yahoo.com/ or 3631443189 or 216.115.108.245 or http://0330.0163.0154.0365/ in your browser would all take you to the same site. One could also represent an IP address in its Hexadecimal form. Remember the Hex value that we obtained while converting 216.115.108.245 into its DWORD equivalent? Well, in this case we make use of that same value. We had calculated that: 216.115.108.245 = D8736CF5 Now, when we write an IP Address in Hexadecimal form, then we do so by writing the following (Preceding each value with a ‘0x’ which denotes that the following value is in Hexadecimal): http://0xd8.0x73.0x6c.0xf5/ The above could also be written as: http://0xd8736cf5/ Note: Most versions of Netscape do not Support Hexadecimal IP Addresses. Thus, typing http://www.yahoo.com/ or 3631443189 or 216.115.108.245 or http://0330.0163.0154.0365/ or http://0xd8.0x73.0x6c.0xf5/ or http://0xd8736cf5/ in your browser would all take you to the same site. You can create a cross breed by combining any one or more of the above formats. However, one has to keep in mind the browser compatibility while doing so. Obtaining the IP Address of other systems The most common method of getting the IP Address of other systems, is through Instant Messaging Software like ICQ, MSN Messenger, Yahoo Messenger, AIM etc. In this manual we briefly discuss them all. I Seek You or ICQ is one of the most popular chatting software around. With it not only comes easy pastime, but also security concerns. ICQ has an inbuilt IP Address Hider, which when enabled is supposedly able to hide your IP from the users you are chatting with. However, like most IP Hiding software, this too is nowhere near good. You can find out the IP Address of any ICQ user, even if IP Hiding has been enabled, by following the below process. 1.)
Launch MSDOS and type Netstat –n to get a list of already open ports and the IP’s of the machines with which a connection has been established. Note down this list somewhere. 2.) Now, launch ICQ and send a message to the victim. 3.) While you are still chatting, go back to DOS and again give the Netstat –n command. You will find that a new IP signifying a new connection. This would be the IP Address of the victim. This method of obtaining the IP Address of the person with whom you are chatting to is quite common. However, it works only with ICQ and other select Instant Messengers. It certainly does not work with MSN
Messenger and Yahoo Messenger etc. The main reason behind this is the difference in the working of ICQ and MSN Messenger. Let us assume that your IP Address is xx.xx.xx.xx and your friend’s IP Address is yy.yy.yy.yy Case I (ICQ): Whenever you start a chat session with your friend in ICQ a direct connection between you and your friend is opened by the ICQ software with the help of the ICQ server. Thus all messages that you type are sent in the following manner: xx.xx.xx.xx ------------------à yy.yy.yy.yy (you) (friend) And all the messages that your friend types, reach you in the following manner: yy.yy.yy.yy-----------------à xx.xx.xx.xx (friend) (you) Thus a direct connection has been established between your system (xx.xx.xx.xx) and your friend’s system (yy.yy.yy.yy) As a result when you give the netstat –n command, you can obtain his IP Address. Case II (MSN Messenger): Whenever you start a chat session with your friend in MSN Messenger an indirect connection between you and your friend is opened via the MSN Server. Thus all messages that you type first go the MSN server which then forwards them to your friend and vis-a-versa. Communication takes place in the following manner: xx.xx.xx.xx ------------------à MSN Server---------------àyy.yy.yy.yy (you) (friend) And all the messages that your friend types, reach you in the following manner: yy.yy.yy.yy-----------------àMSN Server-----------------à xx.xx.xx.xx (friend) (you) Thus as an indirect connection has been established between your system (xx.xx.xx.xx) and your friend’s system (yy.yy.yy.yy) giving the netstat –n command does not give you your friend’s IP, but instead displays the IP address of the MSN server. The same is the case for Yahoo Messenger and also some other Messaging Software. However, even such utilities are vulnerable to giving away the IP Address of the target system on issuing the Netstat –n command. All one has to do is (Please note that I am using MSN Messenger as an example) : 1. 2. 3.
Get the victim to come online. Then use the inbuilt File Transfer Facility to send a file to the victim. When he accepts the file transfer and the transfer starts launch MSDOS and give the netstat –n command. This will reveal his IP because when files are being transferred, a direct connection exists between you and the victim. That is, there is no mediator MSN Server between you and the victim.
The same will work if you send a Request for a Call and the victim accepts it.
Besides Instant Messengers, there are some others ways in which one can get someone else’s IP Address. Say you have a site and want to get the IP Addresses of all the people who visit your site then the following script can be modified to create a file which records them all: <SCRIPT> var ip = new java.net.InetAddress.getLocalHost(); var ipStr = new java.lang.String(ip); document.writeln(ipStr.substring(ipStr.indexOf("/")+1)); With that we come to the end of the first edition of the IP Addresses Torn Apart manual. In the next edition we will go deeper into the secrets of IP Addresses and their structures and workings. Hope you liked this manual and do send in your comments. Thanks and till next time, take care.
Range 0.0.0.0 to 127.255.255.255 128.0.0.0 to 191.255.255.255 192.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255 240.0.0.0 to 247.255.255.255
So, we can easily conclude that one can find out the Class to which an IP Address belongs to simply by comparing the numeral before the first decimal of the IP Address with the above table. For Example: In The IP Address 203.43.21.12, the number before the first decimal is 203 and the above table tells us that it belongs to Class C of the range of IP addresses. The various IP Addresses are divided into the different classes on the basis of the structure of their Network or in other words on the basis of what the various numbers separated by decimals actually stand for. To understand this, let us refer to the following: Class A B
Information It has the first 8-Bits for Netid and the last 24-bits for Hostid It has the first 16-Bits for Netid and the last 16-bits for Hostid
C D E
It has the first 24-Bits for Netid and the last 8-bits for Hostid It represents a 32-bit multicast Group ID. Currently not being used.
The above table will be clearer after reading the following examples: Examples: An IP Address 203.45.12.34 belonging to Class A means that the network ID is 203 and the host ID is 45.12.34 If the Same IP Address belonged to Class B, then the network ID would become 203.45 and the host ID would become 12.34 And if it belonged to Class C then the network ID would become 203.45.12 and the host ID would become 34. Almost all ISP’s prefer to use a Class B Network. If that is the case then each time you login to your ISP, then the first 2 octets of your IP Address would not change, while the last two are likely to change. However, even if only the last octet changes, and the remaining three remain constant, it is likely that the ISP uses Class B addressing. (Subnetting comes in. Explained later in the manual) ***************** HACKING TRUTH: How do you find out the IP Address of your own system? In order to get your own IP Address all you have do is, follow the below process: Connect to the Internet. Launch MSDOS. Type: netstat –n at the prompt. You will get an output similar to the below: C:\WINDOWS>netstat -n Active Connections Proto Local Address Foreign Address State TCP 203.94.253.183:1025 64.4.13.56:1863 ESTABLISHED TCP 203.94.253.183:1031 209.143.242.119:80 ESTABLISHED The IP Address shown under the Local Address Field denotes the IP address of your system. ***************** An IP Address, which belongs to the Class-A addressing system having a network ID equal to 127, is referred to as the special address. It is actually known as the Loopback Interface. It allows clients and servers on the same system to communicate with each other. The loopback address, which is commonly used, is 127.0.0.1. Almost all systems have also given the loopback address the special name ‘localhost’. Till now we learnt that an IP Address is a decimal notation of a computer’s address in the wired world. However, the address of a computer does not have to necessarily be in the decimal notation form. We will learn about the various forms of an IP Address in the following section. An IP Address does not necessarily have to be represented in the dotted decimal form. There is more than a single way in which one can represent an IP Address. Some of there are as follows-:
1. Decimal System: If an IP Address is being represented in the Decimal system, then it means that it is being represented in the Base 10 system. The normal IP Addresses are represented in the Decimal System. Example: 216.115.108.245
2. Domain Name System: If an IP Address is being represented in the form of human recognizable characters and names then it is said to be in the form of DNS system. Example: www.yahoo.com
3. DWORD Format: DWORD is short for double word. It basically consists of two binary "words" (or lengths) of 16 bits. However, it is almost always represented in the decimal number system i.e. having a base 10. Example: D8736CF5, which when represented in the form of a decimal number system with a Base 10 becomes 3631443189
4. Octal System: If an IP Address is represented in the octal system, then it means that it is being represented in the Base 8. Example: 33034666365
5. Hexadecimal System: If an IP Address is represented in the Hexadecimal System, then it is actually being represented in the Base 16 system.
6. A Cross Breed: If an IP Address is being represented in the mixture of any of the above two systems, then it is said to be a Cross Breed. All the examples portrayed above are some form or the other of the same address of the same system. What I mean to say by this is that typing any of the following in your browser will take you to the same site: http://www.yahoo.com/ , 3631443189, 33034666365 and 216.115.108.245. The Binary form of this address, which is 11011000011100110110110011110101 may also work with certain applications. NOTE: Please note that not all of the above work in all browsers. And if you or your ISP has a Proxy or a firewall installed then some of the above may not work. The author does not hold any responsibility for failure of working on any of the above. Now, that you have seen the various forms in which an IP Address can be represented let us move on to as to how one can convert the domain name into the above different forms. To understand how the conversion works, let us take http://www.yahoo.com/ as the example domain. The first step in our quest to represent http://www.yahoo.com/ in various forms of IP’s is to get its normal decimal-dotted IP Address. One can easily get the IP Address of a domain by various methods like WHOIS, netstat, ping, traceroute etc. In this manual, I have used ping to get the IP: C:\WINDOWS>ping yahoo.com Pinging yahoo.com [216.115.108.245] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. The above screenshot clearly shows that the IP Address of our example target system is 216.115.108.245. Now that we have the IP Address, let us move on to converting it into other forms.
In order to convert a decimal dotted IP Address into its DWORD equivalent, one has to consider each number separated from the other number by a decimal separately. So, in effect, 216.115.108.245 is broken down into: 216.115.108.245= 216 115 108 245 Now, first one has to convert the above decimals into their hexadecimal equivalents. This can easily be done by referring to the below Decimal into Hexadecimal chart (or vis-a-versa):
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 000 016 032 048 064 080 096 112 128 144 160 176 192 208 224 240
1 001 017 033 049 065 081 097 113 129 145 161 177 193 209 225 241
2 002 018 034 050 066 082 098 114 130 146 162 178 194 210 226 242
3 003 019 035 051 067 083 099 115 131 147 163 179 195 211 227 243
4 004 020 036 052 068 084 100 116 132 148 164 180 196 212 228 244
5 005 021 037 053 069 085 101 117 133 149 165 181 197 213 229 245
6 006 022 038 054 070 086 102 118 134 150 166 182 198 214 230 246
7 007 023 039 055 071 087 103 119 135 151 167 183 199 215 231 247
8 008 024 040 056 072 088 104 120 136 152 168 184 200 216 232 248
9 009 025 041 057 073 089 105 121 137 153 169 185 201 217 233 249
A 010 026 042 058 074 090 106 122 138 154 170 186 202 218 234 250
B 011 027 043 059 075 091 107 123 139 155 171 187 203 219 235 251
C 012 028 044 060 076 092 108 124 140 156 172 188 204 220 236 252
D 013 029 045 061 077 093 109 125 141 157 173 189 205 221 237 253
E 014 030 046 062 078 094 110 126 142 158 174 190 206 222 238 254
F. 015 031 047 063 079 095 111 127 143 159 175 191 207 223 239 255
Thus we get: 216=D8 115=73 108=6C 245=F5 As a result, 216.115.108.245 = D8736CF5 It is important to note that D8736CF5 is the Hex equivalent of our IP and would always be a eight character long representation, however, as a DWORD value is represented in the base-10 system, we also need to convert in into the Decimal form. In order to do so, we need to follow the below process: 1. 2. 3. 4.
Click on Start > Programs > Accessories > Calculator. Click on View > Scientific Now, select ‘Hex’ from the right top corner and type in D8736CF5 in the field. Then click on Dec (Decimal). You will find that the value that you typed in would have changed to: 3631443189.
Thus you now have the DWORD value represented in the Base-10 system. Typing http://www.yahoo.com/ or 3631443189 or 216.115.108.245 in your browser would all take you to the same site.
For all those of you to whom the above process seems to be extremely cumbersome, the following Perl Script too would do the same process less the calculations: _____________________________ #!/usr/bin/perl # By Ben H. Originally by neeko. # Usage: dword.pl [ -q | --quiet ] host/ip # use Socket; use Math::BigInt; my $quiet, $host, @ip;
# for gethostbyname() # so it fits.. # get some vars started.
if ( $#ARGV < 0 ) { print "$0"; print "Usage: $0 [-q | --quiet] host \n"; exit; } if ( $ARGV[0] =~ /-q|--quiet/ ) { $quiet=1; $name = $ARGV[1]; } else { $name = $ARGV[0]; } @host = gethostbyname( $name ); # get the ip, if a hostname is used $foo = $host[4]; # This parses the result of the gethostbyname into numbers for $n (1..4) { $ip[$n] = ord( substr( $foo , ($n-1) , 1 ) ); } if ($quiet != 1) { print "$name = $ip[1].$ip[2].$ip[3].$ip[4] = "; } for $n (1..4) { $ip[$n] = ( $ip[$n] * ( 2 ** ( ( 3 - ($n-1)) * 8 ) ) ); } print ($ip[1] + $ip[2] + $ip[3] + $ip[4]); print "\n"; exit; ____________________________ ******************* HACKING TRUTH: One can arrive at the DWORD in the base-10 value by the following mathematical formula too: IP Address= 216.115.108.245 (Found out Above) Value of DWORD in Base-10 system: 3631443189 (Calculated) 216 115 108 245
* * * *
(256)3 (256)2 (256)1 (256)0
= 216 = 115 = 108 = 245
* * * *
16777216 65536 256 1
= 3623878656 = 7536640 = 27648 = 245
Adding the last column we get: 3631443189, which is equal to the DWORD value that we calculated earlier. ***************** Without closing the Windows Calculator, one can get the various other forms of the same IP Address (216.115.108.245) by simply selecting the corresponding number system. To get the Binary form of the IP Address, one needs to follow the below process: 1. 2. 3. 4.
Click on Start > Programs > Accessories > Calculator. Click on View > Scientific. Now, select ‘Hex’ from the right top corner and type in D8736CF5 in the field. Then click on Bin (Binary). You will find that the value that you typed in would have changed to: 11011000011100110110110011110101.
Please note that most browsers do not accept IP Addresses in Binary. The only way to use them would be by converting them to their Decimal form, which would actually be nothing but the DWORD form represented in the base-10 system. To get the Binary form of the IP Address (216.115.108.245), one needs to follow the below process: 1. 2. 3. 4. 5.
Click on Start > Programs > Accessories > Calculator. Click on View > Scientific. Now, select ‘Dec’ and type in the first part of the IP Address i.e. 216. Now, select ‘Oct’, this will give you the Octal equivalent (i.e. 324) of the first part of the IP Address. Note this down somewhere and follow the process for all parts of the IP Address.
Thus 216.115.108.245, would become: 216= 330 115=163 108=154 245=365 Now, when you type the Octal equivalent of the IP Address in your browser then you have preeceed each field with a ‘0’. Thus in our example: http://216.115.108.245 becomes http://0330.0163.0154.0365/ One could also have used the below chart for the conversion process:
0 1 2 3 4 5 6 7 8 9 A B
0 000 020 040 060 100 120 140 160 200 220 240 260
1 001 021 041 061 101 121 141 161 201 221 241 261
2 002 022 042 062 102 122 142 162 202 222 242 262
3 003 023 043 063 103 123 143 163 203 223 243 263
4 004 024 044 064 104 134 144 164 204 224 244 264
5 005 025 045 065 105 125 145 165 205 225 245 265
6 006 026 046 066 106 126 146 166 206 226 246 266
7 007 027 047 067 107 127 147 167 207 227 247 267
8 010 030 050 070 110 130 150 170 210 230 250 270
9 011 031 051 071 111 131 151 171 211 231 251 271
A 012 032 052 072 112 132 152 172 212 232 252 272
B 013 033 053 073 113 133 153 173 213 233 253 273
C 014 034 054 074 114 134 154 174 214 234 254 274
D 015 035 055 075 115 135 155 175 215 235 255 275
E 016 036 056 076 116 136 156 176 216 236 256 276
F. 017 037 057 077 117 137 157 177 217 237 257 277
C D E F
300 320 340 360
301 321 341 361
302 322 342 362
303 323 343 363
304 324 344 364
305 325 345 365
306 326 346 366
307 327 347 367
310 330 350 370
311 331 351 371
312 332 352 372
313 333 353 373
314 334 354 374
315 335 355 375
316 336 356 376
317 337 357 377
******************** HACKING TRUTH: In an Octal IP Address there can be any number of zeros preceding the numbers, without resulting in a change in the address of the remote system. This means that http://0330.0163.0154.0365/ can also be written as http://000330.000163.000154.000365/ ******************* Typing http://www.yahoo.com/ or 3631443189 or 216.115.108.245 or http://0330.0163.0154.0365/ in your browser would all take you to the same site. One could also represent an IP address in its Hexadecimal form. Remember the Hex value that we obtained while converting 216.115.108.245 into its DWORD equivalent? Well, in this case we make use of that same value. We had calculated that: 216.115.108.245 = D8736CF5 Now, when we write an IP Address in Hexadecimal form, then we do so by writing the following (Preceding each value with a ‘0x’ which denotes that the following value is in Hexadecimal): http://0xd8.0x73.0x6c.0xf5/ The above could also be written as: http://0xd8736cf5/ Note: Most versions of Netscape do not Support Hexadecimal IP Addresses. Thus, typing http://www.yahoo.com/ or 3631443189 or 216.115.108.245 or http://0330.0163.0154.0365/ or http://0xd8.0x73.0x6c.0xf5/ or http://0xd8736cf5/ in your browser would all take you to the same site. You can create a cross breed by combining any one or more of the above formats. However, one has to keep in mind the browser compatibility while doing so. Obtaining the IP Address of other systems The most common method of getting the IP Address of other systems, is through Instant Messaging Software like ICQ, MSN Messenger, Yahoo Messenger, AIM etc. In this manual we briefly discuss them all. I Seek You or ICQ is one of the most popular chatting software around. With it not only comes easy pastime, but also security concerns. ICQ has an inbuilt IP Address Hider, which when enabled is supposedly able to hide your IP from the users you are chatting with. However, like most IP Hiding software, this too is nowhere near good. You can find out the IP Address of any ICQ user, even if IP Hiding has been enabled, by following the below process. 1.)
Launch MSDOS and type Netstat –n to get a list of already open ports and the IP’s of the machines with which a connection has been established. Note down this list somewhere. 2.) Now, launch ICQ and send a message to the victim. 3.) While you are still chatting, go back to DOS and again give the Netstat –n command. You will find that a new IP signifying a new connection. This would be the IP Address of the victim. This method of obtaining the IP Address of the person with whom you are chatting to is quite common. However, it works only with ICQ and other select Instant Messengers. It certainly does not work with MSN
Messenger and Yahoo Messenger etc. The main reason behind this is the difference in the working of ICQ and MSN Messenger. Let us assume that your IP Address is xx.xx.xx.xx and your friend’s IP Address is yy.yy.yy.yy Case I (ICQ): Whenever you start a chat session with your friend in ICQ a direct connection between you and your friend is opened by the ICQ software with the help of the ICQ server. Thus all messages that you type are sent in the following manner: xx.xx.xx.xx ------------------à yy.yy.yy.yy (you) (friend) And all the messages that your friend types, reach you in the following manner: yy.yy.yy.yy-----------------à xx.xx.xx.xx (friend) (you) Thus a direct connection has been established between your system (xx.xx.xx.xx) and your friend’s system (yy.yy.yy.yy) As a result when you give the netstat –n command, you can obtain his IP Address. Case II (MSN Messenger): Whenever you start a chat session with your friend in MSN Messenger an indirect connection between you and your friend is opened via the MSN Server. Thus all messages that you type first go the MSN server which then forwards them to your friend and vis-a-versa. Communication takes place in the following manner: xx.xx.xx.xx ------------------à MSN Server---------------àyy.yy.yy.yy (you) (friend) And all the messages that your friend types, reach you in the following manner: yy.yy.yy.yy-----------------àMSN Server-----------------à xx.xx.xx.xx (friend) (you) Thus as an indirect connection has been established between your system (xx.xx.xx.xx) and your friend’s system (yy.yy.yy.yy) giving the netstat –n command does not give you your friend’s IP, but instead displays the IP address of the MSN server. The same is the case for Yahoo Messenger and also some other Messaging Software. However, even such utilities are vulnerable to giving away the IP Address of the target system on issuing the Netstat –n command. All one has to do is (Please note that I am using MSN Messenger as an example) : 1. 2. 3.
Get the victim to come online. Then use the inbuilt File Transfer Facility to send a file to the victim. When he accepts the file transfer and the transfer starts launch MSDOS and give the netstat –n command. This will reveal his IP because when files are being transferred, a direct connection exists between you and the victim. That is, there is no mediator MSN Server between you and the victim.
The same will work if you send a Request for a Call and the victim accepts it.
Besides Instant Messengers, there are some others ways in which one can get someone else’s IP Address. Say you have a site and want to get the IP Addresses of all the people who visit your site then the following script can be modified to create a file which records them all: <SCRIPT> var ip = new java.net.InetAddress.getLocalHost(); var ipStr = new java.lang.String(ip); document.writeln(ipStr.substring(ipStr.indexOf("/")+1)); With that we come to the end of the first edition of the IP Addresses Torn Apart manual. In the next edition we will go deeper into the secrets of IP Addresses and their structures and workings. Hope you liked this manual and do send in your comments. Thanks and till next time, take care.
Related Documents
Ip Addresses Torn Apart
November 2019 16
Base64 Encoding Torn Apart
November 2019 21
Ip Addresses
May 2020 28
Ip Addresses
November 2019 17
Base64 Encoding Torn Apart
November 2019 16