Fatal1ty

Cam putine :@ ...

Forta Steaua !!!

Bun venit ! Fugi pe la reguli :@ !

Asa se pare ... Nu-ti fa griji daca respecti regulile de acum vei scapa cu siguranta de avertizare ! Oricum trebuia sa inceapa odata si odata sa dea avertizari la prima gresala pentru ca nimeni numai respecta regulile si asta pentru ca ne-au iertat de prea multe ori (chiar si pe mine :@ ) ! Succes !

Bun venit ! Cred ca ai observat deja ca zilele astea au fost probleme cu nerespectarea regulilor asa ca ai grija , mai bine le citesti si le respecti decat sa primesti avertizare . Crede-ma ! :@

Nu stiu ce sa zic ... Eu nu cred ca ar trebui sa se faca niciun traders group :@ ! Asta e parerea mea !

http://www.antiproxy.com Va puteti cauta proxy in partea dreapta - jos a paginii ! In general portul este 8080 . Nu uitati sa dati un " Check " pentru a vedea daca proxy-ul functioneaza .

Lasa ca altii au cerut si mai multe si in plus m-am gandit ca din 3 comenzi una trebuie sa o aprobe !!!

http://wiki.linux360.ro/wiki/Main_Page enjoy

Comenzi de baza : - cd -> deschidere de director /in acelasi timp si iesi dintr-un director cu ea pana in /home director ; - cd - (minus) -> mergi la directorul anterior - cd dir && command -> / dechide director , executa comanda si se intoarce in directorul precedent . - ls -> afiseaza continutul unui director - ls -lrt -> listeaza rapid fiserele din dir curent aranjandule dupa data modificarii . - pico -> Pe majoritatea sistemelor - editeaza un fisier / de ex ai fisier : mech.set // dai pico mech.set - vi -> similar cu pico doar ca e un program diferit . / de ex : vi mech.set - cat -> nu editeaza ci doar citeste fisere . - gpg -c file -> encripteaza fisiere - gpg file.gpg -> decripteaza un fiser de extensie .gpg - echo 'wget url' | at 01:00 ->echo e ceva gen schedule pe windows -// dai echo si comanda | at time /i love this command - echo I live in <country> -> / afiseaza date despre tara respectiva . - tar c dir/ | bzip2 > dir.tar.bz2 -> arhiveaza directorul introdus . - tar cvzf folder.tgz folder/ - arhiveaza folderul respectiv . - tar -zxvf ( sau tar xzvf) -> dezarhiveaza o arhiva : de ex ai arhiva : emech- darwin.tar.gz // tar xzvf emech-darwin.tar.gz - wget url -> downloadeaza url-ul introdus . - hostname -i -> afiseaza ip-ul serverului respectiv // echivalent cu -> hostname /. - cal -3 -> afiseaza calendar - cal 9 1752 -> afiseaza calendarul pt luna a9a din anul 1752 - date -d fri -> afiseaza data acestei vineri . - w -> listeaza toate conexiunile in momentul respectiv la serverul pe care esti ; - lsof -p $$ -> afiseaza adresele proceselor pornite de userul de pe care esti . - lsof ~ -> afiseaza procesele apelate de cele la care ti s-a aratat adresa cu comanda anterioara . - lynx url -> navighezi pe internet de pe linux - passwd -> meniu de schimbare de parola pt userul pe care esti . - pwd -> afiseaza adresa directorului in care esti . - mkdir -> creeaza director /ex : mkdir stef - mv -> muta un fisier/director intr-o locatie : /ex : mv psybnc.tgz /tmp/.stef

As I have said before, erasing any evidence of a break-in is a must for any attacker. This usually will start with erasing their logins, and any possible error messages that may have been generated from their attacks (e.g. a buffer overflow attack will usually leave a message in the system logs), they will want to remove any trace of them being there, secondly they may make changes so that they will not be continued to be logged. This manual will not only try to describe how to erase your tracks, I will also try to explain how log files work, and what to look out for as an admin. Being able to modify the logs will need the privilege of root, if you have root privileges (if you were successful in step one - elevating privileges) then there should not be any problems unless the admins are sneaky (I will discuss what tactics can be used to catch attackers out when logging their attacks in the countermeasures section at the end of the manual). I will give a full example as to how an attacker will remove their traces from a system (Please note this example is not an actual account of an attack - it is just to show you how log files are produced on different events, and how to remove them). Step 1: Joe has the IP address 207.128.56.132, he scans target.nosecurity.org with nmap using the connect() scan, to find the following ports open: 21 - 23'>http://FTP. 23 - Telnet. 25 - SMTP. 79 - Finger. Already Joe has left traces on the system, in three different logs! The log output at present looks like this: Output from /var/log/maillog: Aug 15 23:22:04 gravity sm-mta[204]: g7FNCSnd000204: attackerbox [207.128.56.132] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Aug 15 23:22:04 gravity sm-mta[206]: g7FNCSnd000206: atacker-box [207.128.56.132] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA Output from /var/log/messages: Aug 15 23:12:28 gravity telnetd[205]: ttloop: read: Connection reset by peer Output from /var/log/secure: Aug 15 23:22:04 target in.fingerd[245]: warning: can't get client address: Connection reset by peer Aug 15 23:22:04 target in.fingerd[245]: connect from unknown Aug 15 23:22:04 target in.ftpd[248]: connect from 207.128.56.132 Aug 15 23:22:04 target in.telnetd[249]: warning: can't get client address: Connection reset by peer Aug 15 23:22:04 target in.telnetd[249]: connect from unknown The logs above can strongly suggest to the admins that the computer has been portscanned. ************ Newbie Note: The connect() method as you may have guessed is not very stealthy, and leaves large logs of information, for stealth scanning it is recommended to only use SYN or FIN scanning, this can be achieved in nmap by issuing one of the following commands: nmap -sS [target host] (for SYN Scanning). nmap -sF [target host] (for FIN Scanning). These scans are more stealthy because they do not execute a full connect() - Which are logged by Linux systems. ************ -------------------------------------------------------------------------------- Step 2: Seeing that port 23 is open he decides to Telnet into the system to try password guessing: $ telnet target.nosecurity.org Welcome To target.nosecurity.org: Please enter your usename and password username: root password: root Login Incorrect username: root password: enter Joe is immediately given a root prompt (#). Again Joe's activity has add more information to the system logs, the output is listed below Output from /var/log/secure: Aug 6 23:31:47 target in.telnetd[284]: connect from 207.128.56.132 Output from /var/log/lastlog: - Displays who has logged onto the system and the last time they logged on. root pts/3 Thu Aug 15 23:32:28 +0000 2002 Output from /var/log/faillog: - Displays failed logins, on what terminal, and when. root 0 0 Thu Aug 15 23:31:04 +0000 2002 on pts/3 So now Joe has to erase his scans and entrance in 5 different logs! That's not to mention the entries to lastlog, wtmp and utmp! To try and remain as quiet as possible so the admins won't spot him, he adds a new account called jpark by using the useradd and passwd commands, this jpark account will have the userid of 0 (root), and groupid of 0 (root), so he no longer needs the root account. Again doing this adds two new lines to /var/log/secure. Output from /var/log/secure: Aug 15 23:32:10 target useradd[279]: new user: name=jpark, uid=0, gid=0, home=/root, shell=/bin/bash Aug 15 22:32:38 target passwd[280]: password for `jpark' changed by `root' If an admin catches sight of this they will know they have an attacker in the system, Joe knows he has left a lot of information about his attack, and now he knows he must erase his tracks from the logs. The hardest logs to remove are those from /var/log/wtmp, /var/run/utmp, /var/log/lastlog and /var/log/faillog, because these cannot be edited in plain text with a program like vi or emacs. Programs like wipe or zap are designed to do this for you, these programs can be used to remove entries based on usernames, I have had to modify the code slightly so that it removes entries from faillog - as originally it only removed entries from wtmp, utmp and lastlog. Click here for the zap program source code. You can compile zap by using the command: gcc -o zap zap.c -------------------------------------------------------------------------------- Step 3: Joe has his zap binary, and now erases all information that is logged about the root account during the day, by using the command ./zap root. Below is a before and after table showing what the logs looked like before and after using zap. Before After Lastlog - output from command: lastlog nick tty1 Thu Aug 15 14:06:08 +0000 2002 root pts/3 Thu Aug 15 23:32:28 +0000 2002 nick tty1 Thu Aug 15 14:06:08 +0000 2002 root **Never logged in** WTMP - output from command: who /var/log/wtmp root tty1 Wed Aug 14 10:37 root tty3 Thu Aug 15 09:00 nick tty1 Thu Aug 15 14:12 root pts/3 Thu Aug 15 23:32 root tty1 Wed Aug 14 10:37 nick tty1 Thu Aug 15 14:12 UTMP - output from command: who /var/run/utmp root tty1 Wed Aug 14 10:37 root tty3 Thu Aug 15 09:00 nick tty1 Thu Aug 15 14:12 root pts/3 Thu Aug 15 23:32 root tty1 Wed Aug 14 10:37 nick tty1 Thu Aug 15 14:12 Faillog - output from command: faillog root 0 0 Thu Aug 15 23:31:04 +0000 2002 on pts/3 As you can see the zap program removes all entries of the username in the logs for that day only. If the admin uses the lastlog command they will notice that root has **Never logged in**, if root has logged in before the admins will know that there has been a cracker on the system. Also as you can see root logged in twice on the 15th, once at 9:00 (by the admin) and again at 23:32 (by the attacker). When you use zap, it will remove both entries because they are of the same username and they logged in on the same day, if an admin knows what days they have logged in as root on, they will spot that their previous logins are missing from the logs, and again will know an attacker broke in on that day. -------------------------------------------------------------------------------- Step 4: Now with those logs out the way he still needs to remove data from: messages maillog secure Removing his tracks from maillog, secure and messages are simple enough, these can be edited within your favorite editor. Below is all the information left by Joe in these three logs: All logged information in /var/log/secure from Joe's attacks: Aug 15 23:22:04 target in.fingerd[245]: warning: can't get client address: Connection reset by peer Aug 15 23:22:04 target in.fingerd[245]: connect from unknown Aug 15 23:22:04 target in.ftpd[248]: connect from 207.128.56.132 Aug 15 23:22:04 target in.telnetd[249]: warning: can't get client address: Connection reset by peer Aug 15 23:22:04 target in.telnetd[249]: connect from unknown Aug 6 23:31:47 target in.telnetd[284]: connect from 207.128.56.132 Aug 15 23:32:10 target useradd[279]: new user: name=jpark, uid=0, gid=0, home=/root, shell=/bin/bash Aug 15 22:32:38 target passwd[280]: password for `jpark' changed by `root' All logged information in /var/log/maillog from Joe's attacks: Aug 15 23:22:04 gravity sm-mta[204]: g7FNCSnd000204: attackerbox [207.128.56.132] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Aug 15 23:22:04 gravity sm-mta[206]: g7FNCSnd000206: atacker-box [207.128.56.132] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA Output from /var/log/messages: Aug 15 23:12:28 gravity telnetd[205]: ttloop: read: Connection reset by peer Joe can simply open up each of these three logs in an editor an delete the appropriate lines, it is important not to remove any lines that do not involve your attacks, as missing entries can tip off the admins. -------------------------------------------------------------------------------- Step 5: Just to make sure the admins do not get wind of Joe's attacks he edits the command line history, in this case the admin uses the bash shell, and so Joe edits /root/.bash_history taking out the lines of commands that are in relation to his attacks. Alternatively Joe can delete the .bash_history, then make a symbolic link from /root/.bash_history to /dev/null, this way all his further commands will be thrown into nothingness. Although this may be useful, it just screams to the admins that there is an attacker - so this is not really a good idea, its safer to make that extra effort to remove your commands manually. ************ Newbie Note: You can make a symbolic link from /root/.bash_history to /dev/null by using the command: ln -s /dev/null /root/.bash_history ************ -------------------------------------------------------------------------------- Step 6: If on another system the attacker may notice a directory /var/log/snort, this is a big tip off that Snort is being used on that system to monitor inbound/ outbound packets on the system, or any possible types of attacks, the attacker must remove their presence from these logs also. Snort is not the only type of program you should be wary of - programs like ethereal, any type of log monitoring program (such as swatch or logcheck), or port monitoring programs (such as portsentry or scanlogd) are also dangerous to an attacker, as these leave larger more detailed logs. which may be hard to spot- If you notice that the system is running some type of sniffer/ IDS, and a log scanner, and some type of port monitoring program then there is a big chance that the admin already knows about your activities. As an attacker s/he will need to remove any entries from logs of these programs, this means a lot more work for the attacker - they may have to remove their presence from maybe an extra 4 or 5 logs. ************ Countermeasures: 1) Rebuild syslog so that it logs files to a different directory. 2) Use cron to copy log files to a syslog server at regular intervals. 3) Use a program like swatch or logsentry to watch over your logs, and send e-mails in emergencies. 4) Use a program like chkwtmp, and/ or chklastlog - to check if programs like zap have been used on your system. 5) Make it as difficult for the attacker as possible by logging everything! Edit /etc/login.defs for extra logging features, such as incorrect login timeouts, and logging of successful logins etc. 6) Also install some type of IDS and port watching program to add extra information into your logs about an attacker, the more information that you log about the attacker, the harder it will be for them to spot them and remove every trace of their attack.

http://scan.sygate.com/

What is Firewall? How it works? How my Firewall can be defeated? My Firewall works? Useful links References Last word What is a Firewall? A firewall is something like a security guard that guards your computers from intruders from the internet. It only allows selected packets to pass through to the Internet from your computer. There are two types of firewall, software and hardware firewalls. For Examples software firewalls are Sygate Personal Firewall, ZoneAlarm, Norton Firewall, etc... and hardware firewalls are Netgear, D-Link, TRENDware, etc... It is possible two install both firewalls but it is not sure that you have protection from both of them. How a Firewall works? To know how firewall works, you need a basic concept on how data is being transfered accross the Internet. This explanation only gives you general ideas of the whole data transmission process so that you can understand firewalls. To really understand this process you need to read TCP/IP (Transmission Control Protocol/Internet Protocol) documents. The proccess begin with when you start up an Internet application for example internet browser, FTP(File Transfer Protocol) or email client. When you send an email, the email client will transfer the email to the TCP. Then, TCP will break this email data into smaller piece of data which we called it as packets and send it to IP. IP will add a header which contains some info to each of the packets to make sure that they know where they come from, where to go and what port they are using. So, the packets will not lost while they are accross the internet. So, that is how data been transfered. Firewalls work in 3 ways, packet filter, application filter and port filter. When firewall receive packets, it will compares the header information. If the information corrects, the firewall will allow the packets to pass through it. If not, the firewall will discard the packets and leave it. Firewall also can block certain application to pass through it. Its only allow applications that have grant permission to connect to the internet. This permission is set by you. Usually, the permission will set to allow for applications that you always use i.e Internet browser, FTP, AIM, etc. If an application have no permission but want to connect to the internet, the firewall will ask you either to allow it or not. If you set to allow, the firewall will allow to pass through it else the firewall will block it. Beside than that, the firewall also can block or close certain ports. Only certain ports will be open to connect to the internet. For example, port 80 (used for browsing web page), port 25 (used for sending and receiving emails) and port 21 (used for transfer files between your computer and the server) will be open. Other ports will be closed. By shutting unused ports, your computer is safe from intruders from internet because there is no where to break in to your computer. How my Firewall can be defeated? Sometimes, a firewall also can be defeated. This usually cause by misconfigure or manage it incorrectly such as accidently allow an application that should not have an access to the internet or leave unused ports open. Besides than that, a firewall also can be fooled. This tricks called as IP Spoofing. This trick can be done by changing the packets header. So, the firewall thinks that the packets come from trusted system. Another technique is Firewall Tunneling. Firewall Tunneling is dangerous because it uses any ports or protocols that have allows permission to sneak into your computer. Does my firewall work? To make sure that your firewall works, there are many security websites that can run test on your firewall. My suggestion is try to make as many test as you can find in the internet. This is because different website run different test. I had included some links that can help you in Useful Links section. Useful Links More about firewall Code: http://www.howstuffworks.com/firewall.htm http://www.firewall-net.com http://www.firewallguide.com Software firewall Code: http://soho.sygate.com http://www.zonelabs.com http://www.www.symantec.com Hardware firewall Code: http://www.dlink.com http://www.trendware.com http://www.netgear.com Firewall testing Code: http://scan.sygate.com/ http://www.pcflank.com http://www.auditmypc.com References Some texts about firewall Steal This Computer Book 3 Sam's Teach Yourself TCP/IP in 21 days How Stuff Works Last Word Thanks for reading. I hope my grammar is clear and easy to understand. I also had make tutorial about "NetBIOS Based Hacking". I will post it if you want. Feel free to give ideas, suggestions or comments about this text. Thanks for reading!

NOTICE: This article' s intention is not to influence illegal activity but to educate the user of the theory behind brute forcing. This is a very important topic. Many software tools today utilise brute force techniques to acccomplish their task. Whether it be a portscanner, ip scanner, phreaking scanner or finally what interests us most(password cracker). It has many legitimate uses in society, particularly tools involved in security analysis. Now before we start, this paper is not a paper covering a huge topic so it will be fairly short. Brute force is simply taken to mean to try every possible combination of characters or nos in use in what we are dealing with until theres no more to try. For example say we have a secret number that has to be 2 nos. To know it we will need to try every no from 00-99(assuming base 10) until we encounter the correct one or one of those in the case of password cracking will be the correct password. Each digit could have anything from 0-9. An ip scanner will scan every node in a specific subnet/s. Each subnet has 255 nodes. That would be brute forcing the subnet. Three factors influence how long it will take to try every combination and they are: 1. The number base (or char range in our ascii passwd) 2. The length of the character string we are cracking 3. What the minimum pass length we start at and end with. This rule applies to either remote cracking or local. Obviously cpu speed and bandwidth would account but the above are more important and should be abided for any box fast or slow or speed of your communication. Now lets get to the point. Password cracking(brute force) is very similar to ip scanning. Except we increment the ASCII character code for each character at some point instead of the node no. In ip scanning, you know the way when the last octet of ip has reached 255 ? That the octet next to it is incremented by 1 and last octet set to 0 again and this continues on until 255 has been reached again and the whole cycle repeats itself. Checking for 255 is the condition used to determine when we have to reset the node back to 1 again. Well thats similar with password cracking also but because its not directly nos we are dealing with it will be slightly different. As a practical example lets try and crack a 3 char pass. To start off we must set each char to an ASCII code of 32(anything below this is control characters) and then stop at 127 because this is all our byte allows us(non extended ASCII), which is all of the possible chars allowed on our keyboard including meta-symbols(special chars). for(x=0; x<=passlen-1; x++) pass[x]=32; Now that thats done. Heres an example of what the brute force cycle must look like. INside the brackets represent our ASCII code. char 2(32) char 1(32) char 0(32) <----- first try char 2(32) char 1(32) char 0(33) <----- second try *we will skip and assume 127 of char 0 has been reached* char 2(32) char 1(32) char 0(127) <----- 95th try ^ |________ Max allowed code char 2(32) char 1(33) char 0(32) <----- 96th try ^ ^ | | | ------- set back to 32 ----------- incremented by 1 char 2(32) char 1(33) char 0(33) <------ 97th try ^ | ------ incremented by 1 *we will now skip and assume char 1 has reached 127* char 2(32) char 1(127) char 0(127) char 2(33) char 1(32) char 0(32) ^ | ------------------- Notice the change Not only have we changed position 2 but we also have reverted char 0 and 1 to code 32 again. This is how password cracking must be done in order to try all possible combinations. This will keep going in these steps. Once one of the chars has reached 127 then the char next to the left will get incremented by one and the char before one to left and all previous chars set back to 32 again. Now it should be plain to see that to brute force the above with a bitta maths in order it would take approximatelly (127-32)^3= 884736 trys. As the string length is increased, so is how long it will take to brute force. Can you imagine cracking a 12 char pass which would take around.. (127-32)^12= 540360087662636962890625 possible combinations And this is assuming you know the password is exactly 12 chars. If you start at a minimum of 8 and try every possible combination for each string length until 12 has been reached that is: (127-32)^8 + (127-32)^9 + (127-32)^10 + (127-32)^11 + (127-32)^12 Now this process is not very considerable if you intend to make a remote password cracker(but it is a realistic approach over a period of time), but if you have a local encryption string you can brute force it(with the speed of your own cpu cycles) if you know the encryption scheme being used and assuming its one way. You also have to rememeber if the password is stored in encrypted form then each combination generated in our iteration must be encrypted, tryed and checked against the ciphertext to see if it matches correct pass. This is the only methodology we can make use since all passwords used in authentication are one way. Although i do not do this in ma example. I do however show how to try every possible combination and the rules involved to achieve this. You could also reduce the time to brute it by reducing the char range from 32 - 127 to something like a range that only has uppercase and lowercase letters of the alphabet but we will not go into that here. Its just a possibility. Heres the final brute force engine i wrote for the purpose of this example. ---- cut ------ /* No of trys was 15264728.. Time elapsed = 0.751000 seconds CPU: intel celeron 1.2ghz ALso, a 5 char pass took amazingly 75 seconds No of trys was 1355121658.. Time elapsed = 75.208000 seconds Trys per second was 18018317.971492 When you add the encryption algorithm the time required to crack should be drastically increased. */ #include #include #include #include #include char *bruteforce(int passmax, int passmin); int count=0; char *passwd; #define MAXCHAR 127 #define MINCHAR 33 /* this code is copyrighted by Hi_tech_assassin, see pscode.com */ char *bruteforce(int passmax, int passmin) { char *pass=(char*)malloc(passmin); int position,x,found; /* since we can only do one increment per iteration we need a way of controling this*/ memset(pass, MINCHAR, passmin); pass[passmin]=' '; for(x=passmin;x<=passmax;x++) { if(x>passmin) { realloc(pass, x); memset(pass, MINCHAR, x); pass[x]=' '; } while(pass[0] ", argv[0]); return 0; } start = clock(); passwd=argv[1]; printf(" Attempting to brute force "%s" ",passwd); printf("Should take approximatelly around %.0f trys ",pow(MAXCHAR-MINCHAR,strlen(passwd))); if(pass=bruteforce(strlen(passwd), strlen(passwd)))printf("The correct password is "%s"", pass); elseprintf("Hard luck "); printf(" No of trys was %d ", count); end = clock(); elapsed = ((double) (end - start)) / CLOCKS_PER_SEC; printf("Time elapsed = %f seconds ",elapsed); if(elapsed >= 1)printf("Trys per second was %f ", count / elapsed); else printf(" "); return 0; } ---- cut ----- Should give you an idea of what we are talking about. Do remember when selecting passwords make sure they are as long as possible. The chars should be both uppercase and lowercase along with a few meta symbols. There is a trick actually that would make it almost impossible to crack ANY password. Most crackers do not include chars below 32 in brute force mode. Since its difficult to include these at any login prompt. But by doing so you have a way of eluding most brute force tools today if your password has one of these but it is very inconvenient.

Eu mi-am facut 3 conturi . Pe 2 conturi am comandat cate 5 cd-uri si pe al treilea cont am comandat 50 de cd-uri . :@

Bun venit ! In ultimul timp regulile au fost uitate asa ca te rog sa ai grija de acest aspect inainte sa fie prea tarziu !

Eu zic ca dupa cum se vede si dupa nume (eBaySeller), e clar ca a intrat pe forum special pentru a vinde usere de eBay si consider ca ar trebui sa fie banat ! :?

dap e chiar super bv encoded

[DBIM] Connection Failed: Too many connections Type: 256 File: /home/scriptsb/public_html/modules/core/dbim.php Line: 44 Debug Level: 1 eu mai intai am dat pe thank link si apoi am incercat

Eu n-am poze si nici nu prea ma mandresc cu tastatura si mouse-ul meu :@ .

cica ftp cu tutoriale : http://...... ))))))))))))))))))))))))))))))))))) :@ :@ :@ :@ :@ :@ :@ asai koltzu tare faza auzi la mine )))))) ftp :@

Welcome man enjoy your stay

p[ai u trebuie sa te conectezi la el nu el la tine

pai nu prea ai cum sa pui greetz pt ca eu am luat asta de pe h4ky0u iar acolo la postat CyberPhreak dar probabil ca si el la luat din alta parte deci nu la facut el .... dak toti ar dak credit adik si primul care copiaza du[a autor si tot asa am stii cine este adevaratul autor si iam putea oferii credit bucurosi

o sa iti spun eu zilele astea dupa ce il instalez ca nu lam mai avut ... sau dak la mai folosit cineva sa ne spuna>?