Learn Hacking|How to hack

here is my simple method to increse ur d/w speed from ur LAN connection
LAN commection includes, BSNL, Airtel and all dat r connected to ur LAND card of PC

so here is the step by step procedure......

1. open up device manager

Reduced: 59% of original size [ 1024 x 768 ] - Click to view full image

from der
locate to ur network card
and double click it

Reduced: 95% of original size [ 640 x 451 ] - Click to view full image

And in the advanced TAB of ur network tab
locate DUPLEX speed
den on the rght side click for 10MBps HALF DUPLEX

here is the speed dependin upon

[Image]

so try it
and do reply here
wether it worked for u or NOT to increase ur d/w speed

| 0 comments ]

Step #1: Firstly u need to find out your main VOB files that contains the movie only. Do not select any other Menu/Extra VOB files. Highlight the main movie Vobs and click Open.

Reduced: 68% of original size [ 898 x 411 ] - Click to view full image

Step #2: After selecting ur Vobs, click on options and then click on video options:

Step #3: Make sure u *Uncheck* Hyper Scale and choose Scale By Pixels and set ur Resolution to 640x272. For video codec settings, choose XVID Hybrid (One Pass). Make ur screen looks exactly like this screenshot and hit OK:

Step #4: Click on Options again and choose Audio Options:

Step #5: Now this can be tricky, so pay attention. If you do not want to change any settings then simply make sure on Lame Min Bitrate is set to 128Kbps or below. But if u want to change ur Audio container to MP3, then *Uncheck* Use Lame To Encode: and click on Select Audio Codec Defaults and look for MPEG Layer-3.

Step #6: Now go to Options and choose Output Size Option:

Step #7: Make sure ur screen looks exactly like this Screenshot, however if u want a 2CDRip the on Target Size put the value of: 1400 MB:

Step #8: Go to Options and pick: Select Source Range:

Step #9: This is a very important step, so do not screw this up. This screen works just like a Video Splitter but only it's main purpose is to select start to end positions of ur rip. So first click on the 1st bracket and then drag the point all the way to the end and click on the 2nd bracket. Now click Done:

Reduced: 84% of original size [ 728 x 594 ] - Click to view full image

Step #10: Click on Start Encoding. Grab a cup of Coffee/Tea and wait patiently while it encodes for you:

You can check your Statistics anytime you like, it will show you the time remaining and the current % progress:

Remember this Software can be quite useful for professional rippers as well in many ways. So do not think that this is just for starters because there are many things you can do with this encoder.

Enjoy & Have Fun

You can download the Vidomi Encoder on these links, it's a Freeware:

CODE

http://www.megaupload.com/?d=VWXUT9U1
Or
http://rapidshare.com/files/12353967/vidomiinstaller.469.exe.html

Read more >>

Learn TCP/IP ....Video Tuts

| 2 comments ]

http://www.trainsignaltraining.com/free-video-training/tcpip-fundamentals-training-videos/

check the video if u like them plzz leave a comment

| 0 comments ]

This Yahoo messenger virus attack is one of the most powerful Trojan/virus.. If your computer is infected with this virus; It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.

To solve this problem, Just go through the below steps carefully.

What are those links ?:
Nsl-school.org or other (Do not open this url in your browser).

IPB Image

If you are infected with it what is going to happen ?

1: It sets your default IE page to nsl-school.org, you can't even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.

2: It will disables the Task manager / reg edit. So you can't kill the Trojan process anymore.

3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.

You can find these files in windows/ & temp/ directories.

4: It will sends the secured & protected information to attacker

How to remove this manually from your computer ?

1: Close the IE browser. Log out messenger / Remove Internet Cable.

2: To enable Regedit

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

Code: REG add HKCU\Software\Mic*ft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f 3: To enable task manager : (To kill the process we need to enable task manager)

Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code: REG add HKCU\Software\Mic*ft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f 4: Now we need to change the default page of IE though regedit.

Start>Run>Regedit

From the below locations in Regedit chage your default home page to google.com or other

Code: HKEY_CURRENT_USER\SOFTWARE\Mic*ft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Mic*ft\Internet Explorer\Main

HKEY_USERS\Default\Software\Mic*ft\Internet Explorer\Main Just replace the attacker site with google.com or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del

Kill the process svhost32.exe . ( may be more than one process is running.. check properly)

6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.

7: Go to regedit search for svhost and delete all the results you get
Code: Start>Run>Regedit 8: Restart the computer. That's it now you are virus free

| 0 comments ]

A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.
Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.
Interviewed in ITRadio's Risky Business podcast, Boileau said the tool, released to the public today, could "unlock locked Windows machines or login without a password ... merely by plugging in your Firewire cable and running a command".
Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because "Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble".
But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.
To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.
With full access to the memory, the tool can then modify Windows' password protection code, which is stored there, and render it ineffective.
Older desktop computers do not come equipped with Firewire ports, which are needed for the hack to work, but many recent models do. Most laptops made in the last few years include Firewire ports.
Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire.
"If you have a Firewire port, disable it when you aren't using it," Ducklin said.
"That way, if someone does plug into your port unexpectedly, your side of the Firewire link is dead, so they can't interact with your PC, legitimately or otherwise."
Ducklin also advised people to be careful when giving others physical access to their computer.
"I know people who'd think three times about asking passing strangers to take their photo in front of the Opera House in case they did a runner with the camera, yet who are much more casual with their laptop PC, as long as it's software-locked, even though the hardware alone is worth five times as much as the camera," he said.
Microsoft was unavailable for comment at the time of publication.

| 1 comments ]

these are all the tricks available !!
working too!
It cannot go beyond this!!

~cheers~
You need a PC or a Laptop and the required connectivity tools ,ie.,
Serial/USB cable OR Infrared Device OR Bluetooth dongle

1) Activate Airtel Live! ( Itâs FREE so no probs)

2) Create TWO Airtel gprs data accounts (yep TWO) and select the
FIRST as the active profile.

3) Connect your mobile to the PC (or Laptop) and install the driver for
your mobileâs modem.

4) Create a new dial-up connection using the NEW CONNECTION
WIZARD as follows

Connecting Device : Your mobileâs modem
ISP Name : Airtel (or anything you like)
Phone Number : *99***2# / Try 99***1
Username and Password : blank

5) Configure your browser and download manager to use the proxy
100.1.200.99 and port 8080.( My advice is to use Opera since you
can browse both wap and regular websites)

6) Connect to the dial-up account. You will be connected at 115.2
kbps (but remember, that is a bad joke).

7) Pick up your mobile and try to access any site. You will get âAccess
Deniedâ(except for Airtel Live!). IT DOES NOT MATTER.
Keep the mobile down.

8 ) On the PC ( or Laptop) open your browser, enter any address ,
press ENTER andâ¦â¦.WAIT

9) After a few seconds the page will start to load and you have the
WHOLE internet at your disposal. ***************************************************************************************************************

TWO

Under DATA COMM
~~~~~~~~~~~~

APN : airtelfun.com

USERNAME : blank

PASSWORD : blank

PASS REQ : OFF

ALLOW CALLS : AUTOMATIC

IPADDRESS :

DNSADDRESS :

DATA COMP : OFF

HEADER COMP : OFF

Under INTERNET PROFILES
~~~~~~~~~~~~~~~~

INTERNET MODE : HTTP or WAP (both worked for me)

USE PROXY : YES

IP ADDRESS : 100.1.200.99

PORT : 8080

USERNAME :

PASSWORD :

No Risk Here, Try it and Enjoy

Three

1st go to settings menu then to connectivity tab now choose the option Data comm. then "DATA ACCOUNTS" go to new account now the settings r as follows
ACCOUNT TYPE:GPRS
NEW ACCOUNT NAME:A1
APN:airtelfun.com
usr name: (blank)
password: (blank)

now save it
NOW!
go to Internet Setting in connectivity here choose intrnet profile--go to new profile setting are as below
NAME:A1
CONNECT USING:A1(which was created in data comm.)
save it
now u would be able to see it now selest it and take "more" option then select setting here in use proxy option it will be selected no if it is no then change it into yes
now go to proxy adress and give the adress as
100.1.200.99 and then the port number as 8080
Usr name:
password:
now save all the settings u made . come back 2 connectivity
choose streaming settings now in connect using option choose a1 that we created leave the use proxy option as no itself
THESE R THE SETTINGS
now access airtellive! from ur activated SE phone goto VIDEO GALLERY OR VIDEO UNLIMITED(varies according to states) choose live streaming then choose CNBC OR AAJTAK WHILE CONNECTING TO MEDIA SERVER cancel AFTER 9 or 10 sec then type any web adress if it shows access denied then once again select CNBC and wait for a few more sec than before if its fully connected also no prob its free then cancel it or if ur connected then stop it and the internet is ready to take of .GOOD LUCK SE AIRTEL USERS

alternate

For All Airtel Users

Requirements:
1. Airtel live (available 4 free)
2. Nokia series60 handset eg 6600,6630,n series,7610,6670 etc
3. Opera wap browser 4 mobile
Procedure:-

1. Go to ur connection settings and make a new internet profile using the default settings of airtel live. name that new profile as nething(for eg masala); change the home page of that profile to nething u like for eg www.google.com.

2. Go to ur Opera browser and set the default connection as AIRTEL LIVE. this is the original settings u received thru airtel.

3. Go to the services(in n6600) and Web(N6630) and change the default profile for connection as masala (newer one).

**Note: always make sure that ur access point is airtelfun.com

Apply:-

1. Open Opera and u will see that homepage of Airtel Live is opened. Minimize the application.

2. Now open web using the duplicate Profile and u will see that two gprs connections will work simultaneously and at the web or the services page it will show "Unable to connect" or any error. well thats the signal of ur success.

3. Simply go on the Opera with web on and open any site u want for free. No Charges No nothing.

U can also use it through ur computer..........

someone said dis too

The main principle behind this is we hav 2 fool the bsnl techies 2 activate portal and thus get gprs activated / get "G" signal on ur cell as bsnl portal (wap.cellone.in) needs "gprs signal on ur cel (whether gprs is formaly activated/registerd or not (by my method )i dont know)

NORMALLY THEY DONT DO THAT INSPITE OF THE FACT THAT THEY SHOULD ACTIVATE GPRS SIGNAL SERVICE FOR PORTAL!!!
AND THEY WILL GIVE U NO OF REASONS----
---THAT portal is message based , so go to cellone icon in menu and use that sms based portal (what the f**k)
---THAT portal service will be activated when u will activate gprs by filling up form and registering at nearest CCN!!
---THAT ur handset has some problems (if u say that "G" signal is not present)
----etc,etc!!

U HAVE 2 ACTIVATE PORTAL FIRST WHICH IS FREE AND U CAN EAT UP CC'S FOR THIS REASON!!
SO WHAT U HAV 2 DO IS--
1) SEND PORTAL to 3733 AND CONFIRMATION SHD COME WITH 5 MIN AT-MAXIMM !!
2) SEND FOR ATLEAST 20-30 TIMES (CAN B ANY MORE THAN THAT)
JUST S**K UP THE NETWORK(3733) WITH THESE MESSAGES !!!
THAT'S FREE NO!! BOTH ON POST AND PRE!!
3) NOW ALONG ALSO SEND 20-40 SMS AS GPRS TO 3733
(NO OF SMS DIRECTLY PROPORTIONAL 2 HATE FOR BSNL AND HOW EARLY U WNAN GET UR GPRS ACTIVATED) this is also free both on post and pre!!
4) U WILL GET CONFIRMATION IN BOTH CASES AND MSG TELLS U 2 GET SETTINGS FROM 9400024365, THE NO OF CC!!
HERE AT MY PLACE I CAN DIAL 9419024365 ALSO!
BOTH R TOLL FREE AND BOTH R LOCATED IN CHANDIGARH!!!
(((((((AND SOME OF THE CC'S SAY they cant give such sensitive information that where they r located, as if thay have a 3 rd world of their own! and the other dumbs said that they r in chandigarh!!!!)))))

I WOULD ADVISE ALL FIRST, 2 call them once 2 get the settings!!
(most of the times that is incorect but gives u an idea of settings in ur area))
Try and in ur 1 st call only,
talk roughly and tell them u r calling 10-20th time just for settings and is that their service!!!
5) Now when u get them save them AND plz post them here!!!
6) now GET ATLEAST 2-3 COMPLAINTS REGISTERED( each after 1 day) THAT UR PORTAL HAS NOT ACTIVATED AND GET THEIR SERIAL NO.
and in the end bombard them abt the status of all those complaints !!
b4 registering ur complaint they will hesitate much and always say taht they will b sendin new settings which r accurate! but dont belive them and just register complaints!!
6)AFTER THAT, u have 2 only wait until "G" signal is there on ur screen!!

LOOK, WHAT I HAVE WRIITEN ABV IS METHOD by which i got activated my "G" service !!! without fillin any form or such and without any money drain!!
may be since it bypasses the formal way of registeration, that is why this trick is working !!!!!!!!!!!!

U may also Try this

first open ur msg window and type LIVE and send it to 2567 so that after 5 min u get the setting of Airtel Live or if u have already no need for this procedure.
now then open that setting and copy all the settings from it and create one access point manually which has all the settings like Airtel Live has.
now only one change will be there and it would be in access point name which is "Airtelmms.com" instead of originally "Airtelgprs.com".
ok u've done it just active that setting and access free airtel gprs on ur phone.

Another Trick
somya_cse
You need a PC or a Laptop and the required connectivity tools ,ie.,
Serial/USB cable OR Infrared Device OR Bluetooth dongle

1) Activate Airtel Live! ( Its FREE so no probs)

2) Create TWO Airtel gprs data accounts (yep TWO) and select the
FIRST as the active profile.

3) Connect your mobile to the PC (or Laptop) and install the driver for
your mobileâs modem.

4) Create a new dial-up connection using the NEW CONNECTION
WIZARD as follows

Connecting Device : Your mobileâs modem
ISP Name : Airtel (or anything you like)
Phone Number : *99***2#
Username and Password : blank

5) Configure your browser and download manager to use the proxy
100.1.200.99 and port 8080.( My advice is to use Opera since you
can browse both wap and regular websites)

6) Connect to the dial-up account. You will be connected at 115.2
kbps (but remember, that is a bad joke).

7) Pick up your mobile and try to access any site. You will get âAccess
Deniedâ¦â(except for Airtel Live!). IT DOES NOT MATTER.
Keep the mobile down.

8 ) On the PC ( or Laptop) open your browser, enter any address ,
press ENTER andâ¦â¦.WAIT

9) After a few seconds the page will start to load

main thing is the advance initialization command.

Read more >>

nice tutorial on using brutus

| 0 comments ]

This article is designed to demonstrate how to accomplish a brute force attack, and what it looks like from the receiving end. Brute force means password guessing. This can only feasibly be accomplished with the aid of good target reconnaissance and some automated programs. While it is very easy to write your own brute force program, there are several available for free online. I find Brutus to be one of the best brute force tools. You can find it at Hoobie.net.

The first step in a brute force attack (or for that matter, any attack) is target enumeration. This is the process by which we find where and how a target is vulnerable. I use NMAP for almost all of my initial cursory scans of networks. Lets use the target of my own desktop server and run an NMAP scan to find out what we have to play with. The output from my scan follows:

nmap -sS -O 216.25.200.135

Starting nmap V. 2.30BETA17 by fyodor@insecure.org (
http://www.insecure.org/nmap/ )
Interesting ports on ip-216-25-200-135.covad.dsl.fcc.net
(216.25.200.135):
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
135/tcp open loc-srv
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
1025/tcp open listen
1026/tcp open nterm
1031/tcp open iad2

TCP Sequence Prediction: Class=random positive increments
Difficulty=7635 (Worthy challenge)
Remote operating system guess: Windows 2000 RC1 through final release

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

Ok, so we’ve got several services to choose from on this target. The first one that catches my eye is FTP. We can use this to brute force passwords, and we can use smtp to check for user accounts. Now the fun begins. I’ll first try ftp to find if anonymous ftp is enabled (which could potentially make my task a lot easier, there are rare computers with completely open upload/download ftp servers without strong restrictions (allowing you to upload and download to the web root folder)).

C:\>ftp 216.25.200.135
Connected to 216.25.200.135.
220 WIN2KSERVER Microsoft FTP Service (Version 5.0).
User (216.25.200.135:(none)): anonymous
331 Password required for anonymous.
Password:foo@nowhere.com
530 User anonymous cannot log in.
Login failed.
ftp> quit
221 Fuck off!

It seems that anonymous ftp isn’t enabled, and not only that the server is quite rude when I leave. The server did give some confirmation that it is running Windows NT, or in this case Windows 2000 (dead giveaway in the machine’s name ‘WIN2KSERVER’). We’ll try the SMTP server now to check for user names.

220 WIN2KSERVER Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966
ready at Fri, 22 Jun 2001 09:08:49 –0400
vrfy smellydell
252 2.1.5 Cannot VRFY user, but will take message for smellydell
vrfy administrator
252 2.1.5 Cannot VRFY user, but will take message for administrator

well, there’s no use in verifying anyone on this server as it seems that the server will give the same message for real and bogus accounts (all NT servers have an ‘administrator’ account, in much the same way that *nix have root accounts). The ‘expn’ command didn’t work at all on this server (replied with ‘unknown command’ at expn postmaster). So at this point I’m S.O.L., but some machines will give a very good list of users and or active accounts using the smtp server.

Ok, so I’m off to brute forcing. The first thing I do is fire up Brutus.

Screenshot of brutus at startup

Next I’ll have to modify my users list (found in users.txt in the Brutus directory) to include users I suspect to be on an NT server. NT always has a ‘Guest’ account and an ‘Administrator’ account. I’ll add a few more guesses. In the end my users list looks like this:

A text file list of users

The next step is to fire Brutus at the target, when configured for an ftp attack, Brutus appears thus:

Configuring brutus

You’ll notice I set the timeout higher than the default. Brutus nicely circumvents connection limits by creating new connections for every request. This is useful because some servers will cut your connection after 3 bad guesses at passwords. Brutus uses the targets ability to take multiple ftp requests and creates a new request for every guess (I have set the program to make 10 requests simultaneously). The timeout is the lag time that the program will allow before it makes a new request. If you don’t set this high enough you are likely to flood the target and either crash its server, or simply hang Brutus. You can use a really high connection and low timeout rate as an effective DoS attack that will knock weak servers completely off the net.

So now I’ll fire Brutus at the target. I’m using the default password list that comes with the program, but there are several larger, and more complete word lists available online. What Brutus will do is try every username listed in the users file with every password in the word list (and can even generate its own random word list to include all combinations of letters, characters, and numbers). Remember that most passwords are 8 characters long, so its usually not worthwhile to try and brute force very short passwords. Here’s what Brutus looks like in action:

Screenshot of brutus attacking a target

Now, the downside to brute forcing is that it is extremely noisy, and even the worst sysadmin should notice it. During my demonstration my server immediately popped an alert that the system log was full. A quick examination of the system log reveals the problem immediately:

Screenshot of an NT event log

All those warnings you see are bad FTP login attempts. A double click on the alert shows:

Screenshot of an event log detail showing the brute force attack

It isn’t hard to figure out exactly what is going on. Even more disturbing is the log file left behind. Here’s a snippit:

13:30:18 216.25.200.135 [5]USER admin 331
13:30:18 216.25.200.135 [6]USER admin 331
13:30:18 216.25.200.135 [7]USER admin 331
13:30:18 216.25.200.135 [8]USER admin 331
13:30:18 216.25.200.135 [9]USER admin 331
13:30:18 216.25.200.135 [10]USER admin 331
13:30:18 216.25.200.135 [11]USER admin 331
13:30:18 216.25.200.135 [12]USER admin 331
13:30:18 216.25.200.135 [13]USER admin 331
13:30:18 216.25.200.135 [4]PASS - 530
13:30:18 216.25.200.135 [14]USER admin 331
13:30:18 216.25.200.135 [5]PASS - 530
13:30:18 216.25.200.135 [6]PASS - 530
13:30:18 216.25.200.135 [7]PASS - 530
13:30:18 216.25.200.135 [8]PASS - 530
13:30:18 216.25.200.135 [9]PASS - 530
13:30:18 216.25.200.135 [10]PASS - 530
13:30:18 216.25.200.135 [11]PASS - 530
13:30:18 216.25.200.135 [15]USER admin 331
13:30:18 216.25.200.135 [16]USER admin 331

Not only do you notice all the tries for the same account, but you can tell it is an automated attempt to brute force because the times of the attempts are so close together (60 or so attempts a second). Even more damning is that my IP address is logged all over the huge log file. Its not hard to spot me or figure out what I’m attempting to do. Be warned if you attempt a brute force that you are probably going to get notice.

Now, I happened to be successful on this attempt and got on username and password. The results are displayed in Brutus under the ‘Positive Authentication Results’ window:

Screenshot showing brutus successfully identifying login information

You can see the username ‘user’ and password ‘charles’ worked on the server. Lets try them out:

C:\>ftp 216.25.200.135
Connected to 216.25.200.135.
220 WIN2KSERVER Microsoft FTP Service (Version 5.0).
User (216.25.200.135:(none)): user
331 Password required for user.
Password: charles
230-Fuck you!
230 User user logged in.
ftp>

Boom, and its just that easy. Now that I’m in my first step should be to attempt to clean up the traces of my attack (i.e. the log files and system event logs). Accomplishing this task takes more explanation than I have time for here, but hopefully you get the idea.

If nothing else, this short article should show you the value of good passwords. If I hadn’t set up the account ‘user’ with such a crappy password this attack most likely would have been unsuccessful. See my article on passwords for a good run down of how to pick a good password to keep your accounts safe from brute force attempts.

Read more >>

Elevator Fun

| 0 comments ]

This on many elevators, but YMMV. To skip zoom past floors that are waiting for an elevator, hold the door close button while pressing the button for your floor. I did this while at training and the look on the other ppls faces as we zipped past their floors was priceless.

Read more >>

How to hack with a ip address

| 0 comments ]

So say somehow somewhere we ended up choosing a target to start wreaking havoc upon. All we need is an IP Address. Theres plenty of papers out there that go into how to obtain an IP Address from the preferred mark of your choice. So I'm not going to go into that subject. Alright so say we got the targets IP Address finally. What do we do with this IP Address. Well first ping the IP Address to make sure that its alive. In otherwords online. Now at the bottom of this document ill include some links where you can obtain some key tools that may help on your journey through the electronic jungle. So we need to find places to get inside of the computer so we can start trying to find a way to "hack" the box. Port Scanners are used to identify the open ports on a machine thats running on a network, whether its a router, or a desktop computer, they will all have ports. Protocols use these ports to communicate with other services and resources on the network.

1) Blues Port Scanner - This program will scan the IP address that you chose and identify open ports that are on the target box.

Example 1:
Idlescan using Zombie (192.150.13.111:80); Class: Incremental
Interesting ports on 208.225.90.120:
(The 65522 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
135/tcp open loc-srv
443/tcp open https 1027/tcp open IIS
1030/tcp open iad1
2306/tcp open unknown
5631/tcp open pcanywheredata
7937/tcp open unknown
7938/tcp open unknown
36890/tcp open unknown

In example 1 now we see that there are a variety of ports open on this box. Take note of all the ports that you see listed before you. Most of them will be paired up with the type of protocol that uses that port (IE. 80-HTTP 25-SMTP Etc Etc...) Simply take all that information and paste it into notepad or the editor of your choice. This is the beginning of your targets record. So now we know what ports are open. These are all theoretical points of entry where we could wiggle into the computer system. But we all know its not that easy. Alright so we dont even know what type of software or what operating system that this system is running.

2) NMAP - Port Scanner - Has unique OS fingerprinting methods so when the program sees a certain series of ports open it uses its best judgement to guess what operating system its running. Generally correct with my experiences.

So we have to figure out what type of software this box is running if we are gonna start hacking the thing right? Many of you have used TELNET for your MUDS and MOOS and weird multiplayer text dungeons and many of you havent even heard of it before period. TELNET is used to open a remote connection to an IP Address through a Port. So what that means is we are accessing their computer from across the internet, all we need is their IP Address and a port number. With that record you are starting to compile, open a TELNET connection to the IP Address and enter one of the OPEN ports that you found on the target.
So say we typed 'TELNET -o xxx.xxx.xxx.xxx 25' This command will open up a connection through port 25 to the IP xxx.xxx.xxx.xxx. Now you may see some text at the very top of the screen. You may think, well what the hell, how is that little string of text going to help me. Well get that list you are starting to write, and copy the banners into your compilation of the information youve gathered on your target. Banners/Headers are what you get when you TELNET to the open ports. Heres an example of a banner from port 25.

220 jesus.gha.chartermi.net ESMTP Sendmail 8.12.8/8.12.8; Fri, 7 Oct 2005 01:22:29 -0400

Now this is a very important part in the enumeration process. You notice it says 'Sendmail 8.12.8/8.12.8' Well what do ya know, we now have discovered a version number. This is where we can start identifying the programs running on the machine. There are some instances in which companies will try and falsify their headers/banners so hackers are unable to find out what programs are truly installed. Now just copy all the banners from all the open ports *Some Ports May Have No Bannners* and organize them in the little record we have of the target. Now we have all the open ports, and a list of the programs running and their version numbers. This is some of the most sensitive information you can come across in the networking world. Other points of interest may be the DNS server, that contains lots of information and if you are able to manipulate it than you can pretend to hotmail, and steal a bunch of peoples email. Well now back to the task at handu. Apart from actual company secrets and secret configurations of the network hardware, you got some good juicy info. http://www.securityfocus.com is a very good resource for looking up software vulnerabilities. If you cant find any vulnerabilities there, search on google. There are many, many, many other sites that post vulnerabilities that their groups find and their affiliates.

At SecurityFocus you can search through vendor and whatnot to try and find your peice of software, or you can use the search box. When i searched SecurityFocus i found a paper on how Sendmail 8.12.8 had a buffer overflow. There was proof of concept code where they wrote the shellcode and everything, so if you ran the code with the right syntax, a command prompt would just spawn. You should notice a (#) on the line where your code is being typed. That pound symbol means that the command prompt window thats currently open was opened as root. The highest privilage on a UNIX/Linux Box. You have just successfully hacked a box. Now that you have a command shell in front of you, you can start doing whatever you want, delete everything if you want to be a fucking jerk, however I dont recommend that. Maybe leave a text file saying how you did it and that they should patch their system.....whoever they are. And many times the best thing you can do is just lay in the shadows, dont let anyone know what you did. More often than not this is the path you are going to want to take to avoid unwanted visits by the authorities.

There are many types of exploits out there, some are Denial of Service exploits, where you shut down a box, or render an application/process unusable. Called denial of service simply because you are denying a service on someones box to everyone trying to access it. Buffer Overflow exploits are involved when a variable inside some code doesnt have any input validation. Each letter you enter in for the string variable will be 1 byte long. Now where the variables are located at when they are in use by a program is called the buffer. Now what do you think overflowing the buffer means. We overflow the buffer so we can get to a totally different memory address. Then people write whats called shellcode in hex. This shellcode is what returns that command prompt when you run the exploit. That wasnt the best description of a buffer overflow, however all you need to remember is that garbage data fills up the data registers so then the buffer overflows and allows for remote execution of almost every command available. There are many, many other types of attacks that cannot all be described here, like man-in-the-middle attacks where you spoof who you are. Performed correctly, the victim will enter http://www.bank.com and his connection will be redirected to your site where you can make a username and password box, make the site look legit. And your poor mark will enter their credentials into your site, when they think its really http://www.bank.com. You need to have a small script set up so it will automatiically display like an error or something once they try and log in with their credentials. This makes it seem like the site is down and the victim doenst give it a second thought and will simply try again later.
__________________________________________________ _______o_________

So as a summary of how to 0Wn a box when you only have an IP Address
Method Works On BOTH *Nix and Windoze

****You can do the same with domain names (IE google.com) than what you can with IP Addresses. Run a WHOIS Lookup or something along those lines. Or check up on InterNIC you should be able to resolve the domain name to an IP address.****

- Port Scan The Address And Record Open Ports
- Telnet To Open Ports To Identify Software Running On Ports

3) netcat - Network swiss army knife. Like TELNET only better and with a lot more functionality. Both can be used when you are trying to fingerprint software on open ports

- Record Banners And Take Note Of The Application Running and The Version Number
- Take A Gander Online At SecurityFocus.com or Eeye.com. If you cant find any vulnerabilities then search google.
- Make a copy of some Proof-Of-Concept code for the vulnerability.

*Read the documentation if there is any, for the proof-of-concept code you will be using for your exploit*

- Run The Exploit Against The Victim.
- Reap The Cheap-Sh0t Ownage
__________________________________________________ _______________
**This document does not go into covering your tracks. If you dare try any of this stuff on a box you dont have consent to hack on, They will simply look at the logs and see your IP Address and then go straight to your ISP. Once you get more 1337 you get to learn how to get away with the nasty deeds. This is what the majority of kode-kiddies do when they perform attacks. The key is to enumerate all the info you can from the machine, the more info you have on the system the better. User accounts can also be enumerated. Once you have a list of account names, you may then proceed to brute-force or perform a cryptanalysis attack to gain control of the account. Then you must work on privilage escalation. Users are not Admins/Root**

Read more >>

Useful Tricks and Securing your Ftp

| 0 comments ]

Getting Ip's:--

To see the ip all computers you are connected to (web servers, people attempting to hack into your computer).
Go to dos (start>run>type command) and run the netstat command. Type netstat /? for details.
Type netstat -r at the command prompt to see the ip of all computers you are connected to

In MSN (and other programs) when you are chatting to someone everything you type goes through the MSN servers first (they act as a proxy) so you see their ip rather than who you are chatting to. You can get round this by sending them a file as MSN doesn't send file through its proxy.
When you type the netstat -r (or -a for a different view) the ip's are under the foreign address table. The ports are separated by a : . Different programs use different ports, so you can work out which ip's are from which program.
Connecting to other computers and what ports are:--

Servers send information. Clients retrieve. Simple.
Windows comes with a built in program to connect to other computers called telnet.
To start Windows telnet Start menu> Run> type Telnet. Click connect> remote system
Ports are doors into computers. Hosts are computer names
(ip number or a name that is translated into the ip automatically)
Different programs open different ports, but they always open the same ports so other computers know which port to connect to. You can get a port list listing all the different ports, but a basic one is:
11 :- Sends info on the computer
21 :- FTP (File transfer program)
23 :- Telnet (Login to the computers command line)
25 :- Smtp (Sends mail)
80 :- Http (Web pages)
There are thousands of different programs using different ports. You can get programs called port scanners which check a computer for all ports up to a certain number, looking for ways in. You can port scan a computer looking for ways-in.
Anyway, back to telnet.
Type http://www.yahoo.com as the host and port as 80 the click connect.
If nothing happens, you're in. Wow. You are connected to Yahoo's server.
You can now type http commands (you are connected to an http server, so it supports http commands). Ie. on an ftp server you can type open and it will do something. On an http server it will just wonder what the hell you are on about.
Type get / http/1.0 then press enter twice to get the file on the server at / (try /index.html) etc.)
Allowing dos and regedit in a restricted Windows

See http://blacksun.box.sk/tutorials/format....ndows.html for some very cool tactics.
A very simple tactic I found after accidentally locking myself out of dos and regedit is to open notepad and type the following:
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp]
"Disabled"=dword:0
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:0

Save it as something.reg then run it. Simple.

Making non deletable, unreadable folders

Tested on Windows 95/98
By holding down alt, then typing numbers on the number pad (right of the keyboard) you can create special characters. If you hold down alt, then press 1, then let go, you got the ascii character 1. You try some random numbers. This goes all the way up to 255. Open a dos prompt, and type md (alt+1+9+4)some word. md is the dos command to make a directory, now try and open the directory in Windows, you can't. To open it, type ren (alt+1+9+4)some word some word (ren is the dos command to rename)

Proxies

Proxies are computers that you connect through, hiding your computer. Most aren't anonymous, they give away your ip. Some are. Good anonymous proxies: mail.uraltelecom.ru:8080 and 194.247.87.4:8080.
Different programs require different ways of using proxies. To do it in internet explorer 5 go to tools, internet options, connections, settings. In the above proxies they are in the format host:port

Password files
If you lock yourself out of Windows stuff, all passwords are stored in files called *.pwl in C:windows. In Unix, passwords are normally stored at etc/passwd. This can be viewed using the cat command (prints a file to screen): cat etc/passwd. Make sure you're passwords are shadowed (not actually in etc/passwd). Also make sure they aren't in a file called shadow, especially not in a file called etc/shadow.
Unix passwords are encrypted far better than Windows one's (to be fair, Windows 95 isn't designed for users), but can still be cracked through a program called jon.

Securing your website
Ftp Ftp is how you upload your web site, if someone finds out the password they can add/ delete anything. Brute forcing is the most common ftp attack, where a program guesses every possible combination (or from a list of words). An eight letter alpha-numeric word is almost impossible to crack, as the process is slow.
The real problem is with server side scripting. Pages other than plain html (ie. pages that perform commands on the host) are a security risk. The main problems are scripts that write to pages (guest books etc.). If when the guest book is viewed it has a .shtml extension, then it can execute commands. Eg. a malicious visitor could place

Everything happens for a reason, If you didn't make the decisions you made then. You wouldn't be who you are today.
Always Remember...
No Regrets!

Read more >>

VLC Player Vulnerable to Remote Hijack

| 0 comments ]

VLC Player, one of the best and most widely used media players has found to be vulnerable to a remote hijack. The reported vulnerability makes it possible for a malicious user to run arbitrary code, potentially taking remote control of the host machine.

VLC is a popular media player among BitTorrent users. Not just for the fact that it is free, also because it includes a huge number of the video codecs, so it can play virtually every video file available.
Unfortunately, the latest versions of VLC have a security flaw according to a report from Luigi Auriemma. The vulnerability can be exploited to compromise a user’s system, as it leaves it wide open for a malicious user to run arbitrary code.
The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.
Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: “The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.”
“The funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications,” he adds.
For now, the only solutions are not to run any subtitle files, or to grab one of the nightly builds. The downside is, however, that these might not be as stable as the regular releases.

Read more >>

Speed up your torrents

| 0 comments ]

1. Cap your upload (most important)

Limit your upload speed to approximately 80 percent of your maximum upload rate. You can check your upload speed over here (never trust your isp). Once you know your maximum upload speed, change the max upload (to 80%) speed in your torrent client’s preferences.

Don’t get me wrong, everyone should share as much as possible, but if your upload rate reached it’s max, your download rate suffers significantly.

2. Hack the max TCP connections

If you’re on XP sp2, your TCP connections are limited to a maximum of 10. This seriously hurts your downloading speed because it wont let you connect to a high amount of ip numbers. It is supposed to slow down viruses because their spreading strategy is to connect to a high amount of ip numbers, but it also cripples your torrent downloads.
A nice way to fix this is to download this patch, it allows you to set the maximum allowed connections to any number you want. Any number between 50 and 100 is ok (more on this).

3. Check seeds and peers

A simple tip, but o so important. Always look for torrents with the best seed/peer ratio. The more seeds (compared to peers) the better (in general). So 50 seeds and 50 peers is better than 500 seeds and 1000 peers. So, be selective.

4. Change the default port.

By default, BitTorrent uses a port 6881-6999. BitTorrent accounts for a lot of the total internet traffic (1/3), so isp’s like to limit the connection offered on the these ports. So, you should change these to another range. Good clients allow you to do this, just choose anything you like. If you’re behind a router, make sure you have the ports forwarded or UPnP enabled.

5. Disable Windows Firewall

It sucks. Windows Firewall hates P2P and often leads a life of it’s own. So disable it and get yourself a decent firewall, Kerio or Zone Alarm for example.

Last but not least… Buy a faster connection…

| 0 comments ]

Have you ever wondered if it’s truly possible to be able to download up to 500% faster then you currently are? If it’s actually possible to increase your download speeds?… Well truth is that it’s very easy to optimize and tweak your Torrent Client so that you can boost and increase download speeds by up to 500% faster.

Just for today, you can get this great product for just $17!!

Truth is, lots of people are interested in paying for free stuff, offered by sites such as highspeedtorrent.com. This site uses lots of flashy talk to trick the BitTorrent novice into believing that it holds the secrets to super-fast torrents - but it in the end it charges each person $17 for a few guides, easily available for free right here on TorrentFreak.

But surely not many people fall for paying for this sort of ’service’? Well, in fact, that’s an emphatic YES, unfortunately they do. Even with sales talk like this:

Never Again Will A Sale So Kick Ass, So Downright Brilliant, So Disgustingly Good, So Nauseatingly Appealing , And So Unbelievably Cheap, Will Ever Happen Again.

The owner of High Speed Torrent is looking to sell his site and quite profitable it seems too, at a claimed $4000 takings each month. Maybe it’s an over-estimate by an enthusiastic admin in order to get a better return - after all, surely you can’t make money from freely available guides?

Take a look at High Speed Torrent’s PayPal payments received account, hosted on their own site for the benefit of prospective buyers - you decide if it’s profitable or not.

In the meantime, help yourself to some of our guides, hints and tips. There’s 20 more of the best right here.

Read more >>

How To Encrypt BitTorrent Traffic

| 0 comments ]

The list of ISP’s that limit BitTorrent traffic, or plan to do so is growing every day, and according to the BBC, the ‘bandwidth war’ has begun.

Are you not sure if your traffic is being throttled Check the list of bad ISP’s.

But there is a solution. Encrypting your torrents will prevent throttling ISP’s from shaping your traffic. I will explain how to enable encryption in Azureus, uTorrent, and Bitcomet, the three most popular torrent clients.

What does encryption Do?

The RC4 encryption obfuscates not only the header but the entire stream. This means that it’s very hard for your ISP to detect that the traffic you are generating comes from BitTorrent.

Note that RC4 uses more CPU time than the plain encryption or no encryption. It is however harder to identify for traffic shaping devices

How can I do this?

This is different for all clients; check the setting for your favorite client below.

Azureus

azureus bit torrent

1. Go to: Tools > Options > Connection > Transport Encryption

2. Check the ‘require encrypted transport’ box.

3. Choose RC4 in the ‘minimum encryption’ dropdown box

note that RC4 uses more CPU time than the plain encryption or no encryption. It is however harder to identify for traffic shaping devices
4. You can choose to tick the ‘Allow non-encrypted outgoing connections if encrypted connection attempt fails’ box. This will ensure compatibility with clients that are not using encryption. However, it makes it easier for your ISP to detect BitTorrent traffic. I recommend that you try to tick this box first. If you are still not getting proper speeds untick it

5. Tick the ‘Allow non-encrypted incoming connections’ box

azureus bit torrent

That’s it, your BitTorrent traffic is encrypted now.

Bitcomet

bitcomet bit torrent

1. Go to: Options > Preferences > Advanced > Connection

2. Go to: ‘Protocol encryption’ You can choose between ‘auto detect’ and ‘always’. Auto detect will give you more connections but offers less protection against traffic shapers.

I would recommend to try auto detect first, if that doesn’t increase your speeds you need to switch to always

bitcomet bit torrent

That’s it, your BitTorrent traffic is encrypted now.

uTorrent

utorrent bit torrent

1. Go to: Options > Preferences > BitTorrent

2. Go to ‘Protocol encryption’, you can choose between ‘enabled’ and ‘forced’. ‘Enabled’ will give you more connections but offers less protection against traffic shapers.

I would recommend to try ‘enabled’ first, if that doesn’t increase your speeds you need to swich to ‘forced’.

3. Ticking ‘Allow legacy incoming connections’ allows non ecrypted clients to connect to you. This improves compatibility between clients but makes you more vulnerable to traffic shapers.

I would recommend to tick this box, but if that doesn’t increase your speeds, untick it!

utorrent bit torrent

That’s it, your BitTorrent traffic is encrypted now.

Read more >>

Start your own BitTorrent tracker

| 0 comments ]

To the novice, setting up a BitTorrent tracker is a hugely complex task. Within minutes of making the decision to even attempt such a thing, it becomes crystal clear that without specialist coding knowledge the project is doomed to fail, probably before it even starts. In order for BitTorrent tracker ownership to be accessible to all, the technical roadblocks need to be overcome.

The team behind XBTIT (previously BTiTracker) are hoping to achieve just that with their latest beta version.

XBTIT enables potential site administrators to quickly and easily set up their own BitTorrent tracker, something that was previously only available to people with some coding skills.

In order to make the process as user-friendly as possible, the team are offering some major upgrades and features:
Optional SMF Forum Integration

SMF is a fully featured bulletin board system which is very easy to set up. Downloaded and installed separately, user accounts are fully integrated with XBTIT after installation so there is no need for multiple log ins.
Optional XBT Tracker Integration

XBT Tracker is a BitTorrent tracker written in C++. The advantages of using this is that you can have many more peers than a traditional PHP based tracker while consuming very few resources on your server, making ownership of a very large tracker a reality.
One Click Hack/Modification Installation

All the best trackers have great modifications designed to bring additional functionality to the site. However, installing these can still be quite a task for the experienced - and absolutely mind-blowing for the novice. XBTIT offers One-Click-Hack which means no more having to hack away at lines of code to install the latest modifications for your tracker. An automated system for hack installation is included which is great news for the novice.
Fully Customizable Template System

This means there is no requirement to hack away at code to change the look of your site. Templates are now totally separate from the tracker source so it’s possible to tinker with the look of the site without worrying about breaking anything. New templates will be available with the final version of the software.
Updated Installation Routine

The new installation routine takes care of everything that previously had to be done by hand, saving much time when installing a new tracker.

The XBTIT team told us they are proud to be leading the way with what they believe is the most customizable and accessible tracker to date, and they are inviting any interested TorrentFreak readers to apply for beta testing at www.btiteam.org

| 0 comments ]

The Swedish Pirate Party introduced a completely anonymous internet service called relakks. Relakks makes it possible to browse the web, and use p2p-applications (like BitTorrent) without being monitored by your ISP or anti-piracy gangs like the MPAA and RIAA.

“There are many legitimate reasons to want to be completely anonymous on the Internet,” says Rickard Falkvinge, chairman of the Pirate Party. “If the government can check everything each citizen does, nobody can keep the government in check. The right to exchange information in private is fundamental to the democratic society. Without a safe and convenient way of accessing the Internet anonymously, this right is rendered null and void.

Subscriptions cost EUR 5.00 per month or EUR 50.00 for 12 months

Read more >>

Check my New site

Get Updates By Email

Recent posts

Learn Hacking

Labels

Translate This Blog

Get Alerts my Sms

Followers

Follow by Twitter

Blogroll

entrecard