hAcKiNg AnD tWeAkInG.........: 2009

Sunday, December 6, 2009

List of all the SQL Injection Strings

One of the major problems with SQL is its poor security issues surrounding is the login and url strings. This tutorial is not going to go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems .

First SEARCH the following Keywords in Google or any Search Engine:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from…choose one that is Vulnerable

INJECTION STRINGS: How to use it?

This is the easiest part…very simple

On the login page just enter something like

user:admin (you dont even have to put this.)
pass:’ or 1=1–

or

user:’ or 1=1–
admin:’ or 1=1–

Some sites will have just a password so

password:’ or 1=1–

In fact I have compiled a combo list with strings like this to use on my chosen targets . There are plenty of strings in the list below. There are many other strings involving for instance UNION table access via reading the error pages table structure thus an attack with this method will reveal eventually admin U\P paths.

The one I am interested in are quick access to targets

PROGRAM

i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit of success with a combo list formatted this way. Yesteday I loaded 40 eastern targets with 18 positive hits in a few minutes how long would it take to go through 40 sites cutting and pasting each string

combo example:

admin:’ or a=a–
admin:’ or 1=1–

And so on. You don’t have to be admin and still can do anything you want. The most important part is example:’ or 1=1– this is our basic injection string

Now the only trudge part is finding targets to exploit. So I tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

http://www3.google.com/search?hl=en&ie=ISO…G=Google+Search

17,000 possible targets trying various searches spews out plent more

Now using proxy set in my browser I click through interesting targets. Seeing whats what on the site pages if interesting I then cut and paste URL as a possible target. After an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp

and so on. In a couple of hours you can build up quite a list because I don’t select all results or spider for log in pages. I then save the list fire up Ares and enter

1) A Proxy list
2) My Target IP list
3) My Combo list
4) Start.

Now I dont want to go into problems with users using Ares..thing is i know it works for me…

Sit back and wait. Any target vulnerable will show up in the hits box. Now when it finds a target it will spew all the strings on that site as vulnerable. You have to go through each one on the site by cutting and pasting the string till you find the right one. But the thing is you know you CAN access the site. Really I need a program that will return the hit with a click on url and ignore false outputs. I am still looking for it. This will saves quite a bit of time going to each site and each string to find its not exploitable.

There you go you should have access to your vulnerable target by now

Another thing you can use the strings in the urls were user=? edit the url to the = part and paste ‘ or 1=1– so it becomes

user=’ or 1=1– just as quick as login process

Thursday, November 26, 2009

yahoo id hacking

download here:
http://sites.google.com/site/ziddiarain18/Home/Magic-PS-15se.rar?attredirects=0

step 1

step 2:

step 3:

step 4:

step 5:

step 6:

step 7:

Friday, November 20, 2009

Top 100 Underground Hacking Websites

suck-o.com
Hacking/Coding/Web Development - Friendly forums and a huge high quality download section with no dead links. If you are annoyed by oh-so-1337 smattering sites plastered with ads, no useful content and lame forced voting then join our knowledge-pool...we're independent and non-commercial. Receive help on the boards and have fun with our wargames. -SUCK-O V2.0 DEVELOPMENT HAS STARTED-

uNkn0wn.ws

One of the biggest security/hacking forum on the web. Find what you are really looking for: Packers, FUD, Binders, Bots, RATs, etc. Got a hacking question, then simply ask and get a friendly and useful help at any moment. Don't be scared to be flamed, that won't happen. Get daily fresh releases of crypters/packers. Over 32k members, over 150k posts, the forum is updated daily with more than 700 new posts/day, don't be shy and join the uNkn0wn community. You won't regret it. Click here and you will understand why this board is Unique in itself.

3
Hack Hound

Hacking - Security - Programming - Reverse Engineering community.

4

HackSCENE.com - Hacks Exploits and Community Forum
We are a hacking, exploit, and a nice community forum A great place for learning. We also have some gaming and warez sections you can enjoy. Join and get active.

5
FSDWarez.org

Get free rapidshare unlocked accounts. 1000 of downloads, streaming videos, ftp downloads, warez downloads, huge log dumps, Porn Accounts all you need is availible. stealers, crypters, latest tutorials, gfx, every thing you need is here just register and Get.

6
p0ison

p0ison is a New growing community, p0ison is great site to find good tutorials / Releases / Apps / Exploits etc. reading articles can be boring sometimes so why not try our soon to come wargames or get a team together and try our Team Wargames which are coming soon.

7

Hack-Tech Security Forums

Hack-Tech provides Information Security, We cover all aspects of hacking, infosec and network security. We also Offer support for IT security topics including firewalls, encryption and malicious software.

8

NEJC FREE PASSWORDS

Daily custom cracked passwords for TOP ADULT WEBSITES Check out our great members section

9

Hacking Blackploit

Website in spanish dedicated to computer security, new techniques and the latest procedures in hacking.

10

CyberXtreme - Offensive Security and Warez

We are still the best resource on the web for your hacking and warez needs.Movies,Games,Music,Programs,Softwares,Web.Applications,design.Hacking,Cracking.Phishing,Spoofing,SE,RE,SQL Injections,RFI.Tutorials,binders,crypters,stealers Guides. Premium passwords updated daily with new stuff...NO ADS EVER

11

Full free downloads

Full Version Free Softwares,Pc-Psp Games,Latest Hollywood Movies,xxx Videos And Clips,E-books,Cracks,Serials,And Keygens...

12

Antaran Technologies

antaran technologies .. u.f.o. webspace ..Underground Technology Websites

13

Cryptload.biz

German Warez Xvid DvD GameZ AppZ etc. Alles als CCF DLC RSDF auf Rapidshare und Uploaded

14
passpage - pass to unlimited porn

daily new pure quality passwords in members section

15
All hacking tools you need

If you're an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure.

16
xXx.....Hack-The-Porn.....xXx

I found it and now I am sharing it - Hack the porn with ease - these million dollar sites have a loop hole and we can exploit it now

17
Balkan Hack Community

Top Balkan Hack Community.

18
sharingcenters

Welcome to Sharing Centers

19

Elite-HackerZ HackerZ Elite Area
All Type Of Accounts LIke Rapidshare,Megaupload,Hotfile,Megashares,Megashare,Stealers,Crypters,XXX Passes And Logs Are Here.Join n See Ur Self Guys AND GET ALL FREE FROM HERE ANY THING U WANT IF U CANT FIND THEN REQUEST IN REQUEST SECTION WE WILL UPDATED IN SOME HOURS

20

bNegativedotOrg

Australian Hackers - IPTV Show - get raged or die trying, hardcore internet gangsters

21

Lame-Warez.com
The ultimate Yahoo Msn hacking site

The ultimate Yahoo, Msn hacking site where you can get everything in one site. From booters to cracker and to all kinds of hacking tools, fake login scripts of all kinds, msn booters etc. No annoying registration needed everything can be download instantly. We have 1000's of downloads and site update everyday with no borken links. Hack 100's yahoo accounts in a day using fake login. Learn all the secrets to hack a account in just few minutes using fake login scripts. Once you visit us, you will come back everyday. I guarantee you won't be disappointed.

22

Rapidshare4Ever

- The Working Rapidshare Generator
Rapidshare4Ever is the only working rapidshare link generator that doesn't run out of bandwidth We even provide 10 links a day for free Join us today

23

Hacking Library

Hacking programs, tutorials, trojans, keyloggers, downloaders, source codes, password crackers, hack email accounts, websites and more, Check us out

24

Best XXX Movies around at www.final4ever.com

Welcome to the Final4Ever Forums xxx movies, computer, security, network, hack, crack, free, software, warez, serial, program, download, mp3 etc. to the world of wireless. While this technology is constantly growing, replacing the traditional wired world that we live. www.final4ever.com

25

Liquid-Security.Net

We are a growing community of underground dwellers. We have a nice selection of tools as well as hard to find applications, video tutorials, and a very helpful staff. Come give us a look. I'm sure you wont be dissapointed

26

HackerzHub-Best Place For Hackerz

HackerzHub best place for hackerz.The best site where u can share anything and everything.we are giving undetectable crypters,binders,stealers,keyloggers every day.we update our site everyday with new hacking tools.Also we give accounts dumps like Rapidshare premium accounts,Paypal accounts,porn accounts,emails-password and database too UPDATED....so join our site and be part of hacking sharing family...NEW:HackerzHub V.I.P is open now...

27

powered by INDIAN hackers

indishell.in we give best private tools, fud stealer, undetecable crypters, and many more... Premium stuff is available for all Members For Free.. Many kinds of Premium acces like rapidshare megaupload and others account dumps are available. accountdumps and manymore.. recently introduced programming sections for learning teaching coding and more...

28

BLack CompanY

BLacK CompanY Community CenteR-Hacking tools-Entertaiment-VIP-Mobile World-Site Library - RAT's - PrograminG - Accounts - Forum Update Daily

29

RootwArez.Org
- Fuck You Copyright

Paypal Hack,CC Hack,Rapid Hack,Password Dump,Hacking Tools,Scripts,Sql-Maillist,Template,Private Software,Black Market.

30

RAPIDHACKERZ ------ Get Free Rs MU18 ACs

Most friendly forum and a huge high quality download section also with great staff who ready to help you get free rapidshare, megaupload, megashres accounts and all Premium accounts here, and also premium passes to sites like naughty america, bangbro kamini.tv, and lot of other porn.This is not it, u also get there latest apps, games, movies, hollywood, bollywood, music,ebooks, tutorials, xxx passes.Our vip section is best, we have providers from other popular sites and a hub of good hackers who will give you iuninterrupted accounts supply

31

Fusion Passes

A Hacking.Security.Phishing.Programming forum, which releases private material which no other forum on the web has to offer. We program crypters/stealers/binders

32

Pass8.NET

Free Web Proxy,online proxy,PHProxy,Myspace, Facebook,Friendster,Youtube

33

Free Proxy Lists

Freeproxylists.com is a database of fresh and functioning proxy servers that are tested hourly. We provide many types of proxy servers and information about them.

34

NET WANDERER

Japaneze bizarre linkz site.

35

Top Warez Streaming.

Directory of referencing the best sites of hacking / security / programming / technology, the selection of sites is rigorous sites present on our directories are carefully selected by our publishers.

36

Security Scene Team

Security Scene Team or just SSTeam, is a place where you can find a lots of tools, exploits, tutorials etc... related to Security Hacking.Our forums members and forums administration is working hard to provide with the latest news, updates, tools, etc etc... to help the all people who needs anything which is related to protect their systems.

37

_-_-_-_PAKHAXORS_-_-_-_-_

HACKING CRACKING SQL INJECTION WEB HACKING FORUM HACKING MSN YAHOO ID HACKING PC HACKING PAKISTANI HACKERZ TEAM POWERED BY PAKHAXORS

38
Warez-Hackers TM

Warez-Hacker-We Still Hacking Around---hacking -- cracking -- passwords -- accs.

39

SecurityRules

ThE best Arabic security forum where you can learn how to write your own exploits win32/unix, different kinds of attacks and methodologies, metasploit, shellcodes and much more ARAB ETHICAL HACKING, PENETRATION TESTING WEB APPLICATION SECURITY SYSTEM.

40

Ethical Hacker Network

This free online magazine for the professional pen tester is the home of the Skillz Hack1ng Challenge hosted by Ed Skoudis and Free Monthly Giveaways where 1000s of dollars in prizes have been awarded to top contributors. Calendar of hacker and security cons, forums, tutorials, how-tos, tools, certs, regular columnsists and more.

41

EliteHackers.Info

Hacking Related Information

42

Force Hackerz Share With Force

---:::We Daily Post Rapidshare Other Premuim Accounts,New Hacking Tools Tutorials,Latest Phishers and We Have Warez Spot.Request Anything We will Complete it For You:::---

43

Avhackers

The Leading Computer Security community. Active Discussion of Hacking Tutorials , Active hacking related discussions,hacking tools , hacking tricks , Exploit , 0day , online tools, security tools security measures, Articles Tutorials Papers , proxy , anonymity stuffPremium Rapidshare Acoounts For Free Every Day. And lots more....

44
TEAM AXVIS
TEAM AXVIS is a very Professional Hacking Company Come Join Us.

45

Enigma Group Free Hackers Training

Enigma Group is a legal and safe network security resource where users test their hacking skills on various challenges and learn about hacking and new network security.

46

Popular Hacks

We are a fairly new site for all kinds of Hacks Wares. Feel free to help the community and post any hacks or software you would like to share. Also I'm looking for Mods to help run the site.Register to d/l.

47

.-.-Hackers-Black-Book-.-.__Learn2Hack

Just another hacking site with tutorials. The only thing we have that others dont is how to hack the porn sites. We also have a feature on The Mentor. And one of his original untouched tutorial from back in the days.

48

Cyber Terrorists

Cyberterrorists is a place where you can find all sort of hacking tools and tutorials . Noobs can come here to learn stuff from the masters. The masters are here to show-off what the cyberterrorists crew can do .

49

H4cK3rS-c0MmUn1Ty

Community to discuss and create computer security awareness, you can discuss about advanced hacking concepts here, question like how to hack answered here.

50

SpCial SeCuriTy BL09

Security Tutorials Tools NEW Software Tips Tricks Language English Language Arabic HaCk1n9 Security Tutorials 2009 and inchaalah 2010 By Diablo.... Dot not Forget add your comment

51

CARDED.ME

-----------------------------------CARDED.ME is going to be huge black-market with many trusted members So come to us buy credit cards, accounts, hacking toolz.-----------------------------------You will find there free cardable shops and other free stuff------------------------------------

52

Free anonymous cgi proxy browser

Protect your privacy and surf without leaving any trails

53

PinoySite - Your source of Warez

PinoySite is your source of free quality Warez downloads. We provide application, games, movies, music, script, template, e books and porn stuff

54

FREE XXX PORNO

APPS - GAMES - MP3 - MOVIES - PORN - TORRENTS - CRACKS - KEYGENS - SERIALS

55

. k0d.cc .

First Real Russian Hack Site.--------------For English-speaking: http://forum.k0d.cc/forumdisplay.phpf28--------All about Hack Security: News, article, Software.

56

The Elite Hackers Site

This is the ultimate resource for all of your hacking needs. This is the only site on the web that will invite newbies in, and not let them leave, not until they're elite, anyway.From basic tutorials and setups, to remote protocols, strategies, viruses, and much more, we have everything you need to become one of the elite. All you need is to be 15 and have an open mind.

57

Just-Hack.com

Just-Hack.com is a hacking community for all hackers to come and trade ideas and news about the underground. Radio, Code Bin, Tutorials, Exploits, Tools, Security, News, Hacking, Reverse Engineering.

58

Pirateview

PirateView - Where piracy meets quality is a brand new CLEAN warez site with many options. Download Applications, movies, games, music, resources, templates and much more. Discover our graphic section and meet Intalent Artists. Also, join us in our coding forum for any help and great projects..Our staff is cool very dynamic..Feel free to join us PirateView.

59

iHaxx.Net
Where The Hacking Begins

iHaxx.Net Is A Forum Based Around Hacking Releases Development Join Our Forums For Our Latest Releases, Sections Also Include Warez.

60

Dailile.com

Free Web Proxy,Online proxy server,IE proxy,Proxy IP

61

1337 Humor Division

Over 800 1337 Handpicked computer humor pictures.This section is part of the biggest funny image site on earth with over 12000 funny images . This as mentioned in the title is the 1337 humor division of that site .Feel free to explore the whole site when you are done with the computer humor

62

Underground Library

Underground portal, hacking, cracks, serials, games, downloads, torrents, movies and more links Find out about all the new cool sites everyday

63

PLUTO UNDERGROUND VIP

Daily Updated Passes, Spoofs, Backdoors, Warez, Music, DVDs, Movies, Photographs, Cinema Releases, etcetc.

64

Cyber-Sec.org

Cyber-Sec is an innovative new community which takes pride in it's diverse range of content including programming, networking, systems security and malware analysis, just to name a few. Become a part of this community to be involved in the next great security community

65

SpamFerkel 0nlin3
Download, Warez, Tutorials and more.Secure is only a lie..

66

PirateShares
The new generation of warez. We share free rapidshare and warez all around the world. Get latest apps, movies, music,games, porns and templates. Don't forget to visit our hacking zone where you will get brazzer,megaupload and rapidshare premium account. Also ccv and paypals. Don't avoid us, we are new. Register and make the community grow bigger and bigger.

Saturday, April 4, 2009

Complete Basic Hacking Explained

Hacking Explained

This part will discuise some hacking techniques what is used in the field for some while. Hacking attacks progress in a series of stages, using various tools and techniques. A hacking attack consists of the following stages:

* Target Selection: A hacker identifies a specific computer to attack. To pass this stage, some vector of attack must be available.
* Target Identification: The hacker determines the characteristics of the target before actually engaging it.
* Attack Method Selection: The hacker selects one or more specific attacks to use against the target based on the information gathered in the previous stage.
* Attack Progression: The hacker proceeds with the actual attack or series of attacks

The hacker will attempt to find out more about your network through each successive attack, so the stages above actually feed back into the process as more information is gathered from failed attacks. The major techniques used to accomplish the phases of hacking include:

1. Eaves dropping and snooping
2. Denial-of-service
3. Protocol exploitation
4. Impersonation
5. Man-in-the-middle
6. Hijacking

Once you evaluate your network infrastructure and find weaknesses that a hacker can exploit, you can take measures to shore up your network's defenses.

Eavesdropping and Snooping
The first and easiest things a hacker can do to gain information about your network is simply to listen, and then to ask your network computers information about themselves. The hacker may not even contact your computers directly but instead communicate with other computers that provide services your computers rely on (Domain Name Service computers on the Internet, for example).Networked computers will volunteer a remarkable amount of information about themselves and how they are configured, especially if they are left in their default configurations as supplied by operating system vendors.

Hackers will attempt to exploit any data or network service that is exposed to them. Common hacking practices include (but are by no means limited to) the following activities:

* Password capture
* Traffic analysis
* Network address scanning
* Port scanning
* Finger, Whois, NSLookup, and DNS range grabbing
* SNMP data gathering

Password Capture
Most hacking activities place the hacker at some risk of being detected. One activity that does not pose this threat is eavesdropping on the local networking medium for logon information

Many networking protocols do not encrypt passwords, allowing any computer on the path between the client and the server to "overhear" the username and password. Not all encrypted logon procedures are safe from eavesdropping either, because (if the logon procedure is naive) a hacker can record the username and encrypted password to send to the server later in a "replay attack" or decrypt the password if the encryption algorithm is flawed or weak.

Eavesdropping requires software that will listen to all of the communications that flow over a network medium, such as Ethernet, rather than just listening to communications that are sent specifically to the hacker's computer. An eavesdropping hacker must also have access to a computer that is situated on a network link with network traffic flowing over it (such as a campus Ethernet or a computer in the server room of an Internet service provider). The more data that flows over the link, the more likely the hacker will capture passwords sent in the clear, i.e. in unencrypted form.

While the 802.11b wireless networking protocol broadcasts data in an easily compromised form, the protocol eliminates unnecessary broadcasts by transmitting only those packets directed to the MAC address of the specific wireless adapter involved in the communication. This means that the wireless access points that connect wireless devices to the wired network act like switches rather than hubs. For that reason, 802.11b adapters do not work in the full "promiscuous mode" required for true Ethernet "sniffing" or eavesdropping.

Physical location will not restrict the eavesdropping ability of a hacker who has penetrated other computers on the network. The hacker can install software on those computers that will allow them to snoop as well. The hacker may be typing at a computer in New York while a compromised computer in San Francisco records everything that goes over that remote network for the hacker's later perusal. A determined network intruder may even physically intrude on an otherwise secure LAN and connect a snooping device to the network cable. Casual hackers who are more interested in network joyriding or in finding a place to store their pirated software will seldom exhibit this level of effort (or brave this degree of risk), but other network intruders who might target your network for financial gain could easily do so if you don't take precautions.

Network eavesdropping is a technique hackers can use regardless of the technology used to implement the network. An IPX wide area network is just as vulnerable to someone eaves dropping on network connections as the Internet or an intranet that uses TCP/IP is.

In case you think it might be difficult to remotely install a network sniffer on someone else's network, consider that some versions of Windows Server operating systems include the Network Monitor, a very capable network monitor that can be remotely controlled and is rather easily exploited from afar. While it only records data flowing through the local server, data flowing through servers is typically what a hacker would be looking for.

Snooping Windows passwords over the Internet is surprisingly easy. Microsoft has built in a password Challenge/Response authentication mechanism into Internet Explorer to make secure Intranets easy to build. This mechanism allows a web server to challenge a client for that client's password. The client will respond with the account name of the logged-on user and that user'sone-way encrypted password. The password can be decrypted by comparing it to a list of pre-computed decrypted English words or through a brute-force key space comparison. At this point, a hacker has your account name and password, but you would have had to go to the hacker's website to compromise it.

That, too, is surprisingly easy to force. Imagine your boss sent you an e-mail with a link to a website embedded in it and a note saying, "Check this out they may be competition, what do you think?" Would you click the link? Voila!! you're compromised. Forging e-mail is so easy, it's child's play. A hacker can make his e-mail look like it's coming from anyone. All it takes to discover the correct names and e-mail addresses are a few business cards.

E-mail from nowhere
Telnet to a mail server by opening a command prompt and typing telnet mailserver 25. Use the mail server configured in your e-mail program if you don't know of another one. Best: Telnet directly to the mail server of the recipient, if you can discover it. To discover it, use the NSLookup tool at the command prompt to look up the MX record associated with the recipient e-mail address's e-mail address.

Type the following at the Telnet prompts, pressing return after each listed line. You won't see text until you press return, and when you type the body text you won't see anything until you press a period by itself and hit enter. Replace the text "YOU@YOURSERVER.COM" with your own e-mailaddress.

MAIL FROM:
RCPT TO:
From:
Subject: Concerning your recent activities
Date: Mon, 1 Jan 2003 00:00:01 .
In case you were wondering, forging e-mail is unethical.

QUIT.
Now that you know how easy it is, you should take forged e-mail warnings very seriously.

Network Traffic Analysis
Passwords aren't the only things a determined hacker will listen for while eavesdropping on network traffic. Quite a bit of information about your network can be determined just from the nature of the traffic in and out of your network (or within your network if the hacker has compromised a computer within your security). Some things a hacker will look for include:

* The IP addresses of the source and destination computers of network traffic.
* The locations of gateways and routers.
* The amount of traffic originating from, being sent to, or flowing through computers identifiedby the hacker.
* Particular kinds of network traffic going to or from a computer that might identify thecomputer's function (DNS requests to one computer, or FTP responses from another, forexample).
* Network service availability broadcasts (such as NetBIOS browse list updates) that (from anexternal to a private network) indicate a network security hole or that (within a network) indicate targets for further attack.

The application proxy or Network Address Translation features of a firewall are the best tools for keeping traffic analysis from revealing too much about your network. The firewall will make all of the Internet (or other public network) traffic appears to come from one computer. A hacker from outside will not be able to determine the true extent of your network behind the firewall. You must also configure your firewall not to pass service availability broadcasts beyond your network boundary.

Network Address Scanning
Nearly all hacking attacks these days start with network address and port scanning. The hacker will specify a beginning and ending address to scan, and then the hacker's computer program will attempt to establish a connection to a computer on each of those network addresses in turn. If a computer answers from any one of those addresses the hacker has found another target.

All network technologies that specify an address of one kind or another for each computer on the network are vulnerable to this kind of attack. TCP/IP is the network technology most often scanned by hackers, and tools to scan TCP/IP are widely available. Other technologies such as NWLink,X.25, and FDDI are equally susceptible, if the hacker is willing to find or create the tools necessary to perform the scan.

The best way to foil this kind of attack is to watch for it. A network administrator who determines that this kind of attack is in progress can take steps to halt it, including configuring gateways or routers to discard network traffic from the offending host(s).

You need to configure gateways, packet filters, and routers to log connection requests to hosts that do not exist on your network. Periodically examine log data for network address scanning, and (if the logging software supports it) configure a network alert that will signal if a scan is in progress.

Port Scanning
Once a hacker has identified a target computer, the hacker will attempt to determine which operating system it is running and what services it is providing to network clients. On a TCP/IP-based network (such as the Internet), services are provided on numbered connections called sockets. The set of sockets to which a computer responds often identifies the operating system and supported services of the target computer

There are a number of tools available on the Internet that a hacker can use to determine which sockets are responding to network connection requests. These tools try each port in turn and report to the hacker which ports refuse connections and which do not. The hacker can then concentrate on ports corresponding to services that are often left unsecured or that have security problems.

Port scanning can reveal which operating system your computer is running because each OS has a different set of default services. For example, by scanning the TCP ports between 0 and 150, a hacker can discern Windows hosts by the presence of port 139 in the scan list, NT/2000/XP hosts by the presence of port 135 in the list, and various Unix hosts simply by the presence of TCP/IP services like port 23 (Telnet), which Windows computers do not install by default. This information tells the hacker which tools to use to further compromise your network.

The defense for port scanning is the same as for network address scanning watch for connection attempts to unsupported ports and then deny access to the computers that are doing the scanning. Periodically examine log data for port scanning, and (if the logging software supports it) configure a network alert that will signal if a scan is in progress. Consider setting up a server whose only purpose is to be exploited (a "honey pot") and then simply log every connection attempt to it. If you don't set a DNS name for it and don't advertise its existence, every connection attempt to it is the result of a hacking attempt.

Finger, Whois, NSLookup, and DNS Zone Transfer
There are a number of network services that hackers will use to gather information, if the ports used by those services are enabled on your Internet host. The Finger and Whois services are hacker favorites because they supply the account name and personal contact information for users of network computers. These are useful services for people who need to contact members of your organization or who need to find an e-mail address for a network user, but hackers will take usernames returned by these services and then attempt to break into those accounts by trying commonly used passwords.

By default, Windows does not support Finger or Whois. If you support Unix computers in your network, however, you should either disable these services or curtail the information they return. You can install software for Windows that provides the services, but you probably shouldn't.

Few network users will miss the Finger and Whois services, but the same cannot be said for the DNS service. The DNS service is required by Internet client software to convert human-friendly Internet names such as http://www.microsoft.com/ into computer-friendly IP addresses such as 10.1.1.2. Without the DNS service, the Internet would be useless for public services.

Windows servers do support the DNS service. Most networks that support the use of Internet tools within the network (instead of just the use of Internet tools to connect to services on the Internet) will include support for DNS. A smaller network can rely on an external DNS server to provide Internet name service translation for its clients, but a large IP network or an IP network behind a firewall is difficult to manage without a DNS server of its own. Active directory requires DNS as well.

Hackers can use a DNS service to discover the structure of your network. Since DNS records the IP addresses and Internet names of all of the servers on your network, a hacker can attain a list of the most important computers in your network. The NSLookup tool is a standard Internet program for interrogating DNS servers, and a hacker can craft a program based on the NSLookup that would even make the hacker's computer appear to be a peer DNS server that needs information. Your task is to configure security in a way that allows clients from within to access the DNS server and get the information they need, but also prevents computers from outside your network from getting that information.

You can foil hackers attempting to gather information about the interior of your network by using different public and private DNS servers in your network. Establish internal DNS services for inside clients, and then set your internal DNS servers to forward to an ISP's DNS server for resolution of names not known to your interior DNS machines. Then block inbound DNS requests from the Internet to your inside domain name servers. To publish the names of public servers, either use your ISP's DNS servers or set up an additional pair of outside DNS servers in your DMZ that is used exclusively for public addresses.

The security problem is compounded by the fact that DNS is a hierarchical service. If one DNS server does not have the answer to a query, it will ask the next server up or down the DNS tree. This means that in a traditionally configured network, a DNS service within your firewall will need to be able to communicate with DNS servers outside the firewall. DNS servers are also configured to transfer blocks of Internet name and address data using a feature called Zone Transfer. In addition, many websites will not respond to Internet requests from client computers that don't have DNS reverse mappings, so the Internet servers that run those sites must be able to connect to your DNS server (via their DNS server or the DNS server up the tree from yours) to verify that the DNS reverse mapping exists.

A firewall can solve these problems by handling name translation inside your network. If your network requirements mandate that computers external to your network must be able to resolve IP addresses for computers inside your firewall or vice versa (if you use a software package that does not support use of a proxy server, for example), you should configure your firewall to disallow connections to your DNS server for all external computers except that of the DNS server up the tree from yours. You should also disable zone transfers for all DNS servers except those within your security domain.

SNMP Data Gathering
The Simple Network Management Protocol (SNMP) is an essential tool for managing large TCP/IP networks. SNMP allows the administrator to remotely query the status of and control the operation of network devices that support SNMP. Unfortunately, hackers can also use SNMP to gather data about a network or interfere with the operation of the network

Again, a firewall solves the problem. There's little reason why any computer outside your network should need to query SNMP, so simply block SNMP messages through your firewalls.

Denial of Service
The next easiest attack on your network is to disable some aspect of it or even bring the entire network down. The hacker may be merely interested in inconveniencing your organization, or they may have a more sinister purpose. In any case, you should remember that it is much easier for one computer to impersonate another computer if that other computer is disabled.

There are a number of methods a hacker can use to disable a computer or a service provided by a computer. Most of these methods affect computers using TCP/IP, because TCP/IP is the most widely used inter network protocol and because the most pressing hacker threat is from the Internet.Methods hackers can use to disable computers or computer services include these:

* Ping of Death (malformed ICMP packets)
* SYN (Synchronize Connection Establishments) Attacks and ICMP (Internet ControlMessage Protocol) flooding
* Service Specific Attacks
* DNS Redirection
* Route redirection: RIP (Router Information Protocol), BGP (Border Gateway Protocol), and ICMP
* SNMP reconfiguration

Ping of Death
Perhaps the most ominous sounding of Network layer attacks is the aptly named Ping of Death. A specially constructed ICMP packet that violates the construction rules can cause the recipient computer to crash if that computer's networking software does not check for invalid ICMP packets.

The only solution for computers outside your gateway (or the gateway computer itself) to resist the Ping of Death is to use a version of the operating system that is not susceptible to the Ping of Death. You can shield computers inside your network by not passing ICMP echo packets through your firewall, many new operation systems is protected now for this kind of attacks.

SYN Attacks and ICMP Flooding
Another way hackers disable the networking capability of computers is by overloading the network protocol software of the target computer with connection attempts or information requests. The initial IP packet of a TCP connection attempt is simple and easy to generate (a distinguishing characteristic of these packets is that they have the SYN bit set). Responding to a connection attempt takes more compute time and memory space than generating the packet does, because the receiving computer must record information about the new connection and allocate memory for connection data. An attacker can send one SYN packet after another to a target computer, and that target computer will then be unable to process other connection attempts from legitimate users because all of its available time and memory will be spent processing SYN requests.

A similar network protocol attack is ICMP flooding, in which the hacker sends a constant stream of ICMP echo requests to the target computer. The target computer then spends most of its time responding to the echo requests instead of processing legitimate network traffic.

Keep your firewall and operating system software updated to prevent against these attacks. You should configure your firewalls or servers to log instances of extremely frequent SYN connection attempts or an abnormally high volume of ICMP traffic in order to protect operating systems outside your firewall that may be vulnerable to these attacks.

Service Specific Denial of Service Attacks
Hackers are usually not interested in crashing your computer. The hacker may instead be more interested in shutting down one of the services supported by your network-connected computer.

Although any service provided by your computer may be the target of a service-specific attack ,there are four services that hackers are particularly attracted to, because they are either fundamental components of a TCP/IP network or fundamental components of Windows networking.The four services are RPC, NetBIOS, DNS, and WINS. Other services, such as Chargen or Time, do not provide a sufficiently rich environment for a hacker to have any real chance of using the service to break into or take down your computer.

Network clients connect to specific ports for each network service, and each service expects the network client to send the data to the service in a specific format. The DNS service, for example, expects that data sent to the DNS port from the client is formatted in a different manner than it is forWINS requests, and DNS will not be able to respond properly to WINS requests sent to it.

This is much like real-world services such as those provided by the Department of Motor Vehicles and the Social Security Administration, each of which needs different information from you in order o perform their services, and each of which has different forms for you to fill out. You could send a form requesting a duplicate Social Security card to the DMV, but you would neither get a Social Security card nor a driver's license in return. You must send the right form to the right service.

While the repercussions of sending misleading or incorrect information to government institutions can be severe for the perpetrator, it will have negligible effects on the operation of the government service. However, sending incorrect or nonsense messages to a network service can crash the service, and it is difficult to track back to the hacker.

Many implementations of DNS, RPC, and WINS are particularly vulnerable to receiving random information at their ports. Some implementations of DNS also crash if they receive a DNS response without having first sent a DNS request. You can protect against unsolicited DNS responses by only allowing authorized external hosts to communicate with your DNS server.

The NetBIOS service of Windows is vulnerable to an out-of-band attack sent to the Net-BIOS ports. NetBIOS ports should not be accessible to computers outside your network at all, so the best solution to this problem (after installing the latest version of the operating system software) is not to bind NetBIOS to network adapters that can be reached from outside your network.

DNS Cache Pollution
An additional DNS service attack that deserves special mention is DNS cache pollution. A hacker can observe a computer that provides DNS services and determine the sequence used by the computer to provide query IDs for recursive DNS queries. The hacker can then forge a response to the next DNS query that contains invalid information or information that will redirect Internet traffic to a computer the hacker has already suborned. (The hacker may have to perform a denial-of-service attack on the DNS server being queried in order for the substitution to be accepted by the querying, targeted DNS server.)

This sort of attack can cause client computers that rely on the DNS server to not be able to resolve Internet names into valid IP addresses. That alone can cause problems on a TCP/IP network. More dangerous, however, is when a hacker populates the DNS server with valid IP addresses that are different from the correct IP addresses, especially if the hacker controls the computers at those addresses. A DNS cache pollution attack can therefore be the beginning of an impersonation attack on computers in your network.

Route Redirection (RIP, BGP, ICMP)
A hacker can cause a great deal of havoc in your network if the hacker can get control of your network's routers. Routers direct the flow of information within your network (as well as in and out of it), from information stored in their routing tables. By making changes to those routing tables, a hacker can isolate parts of your network and direct network traffic out of your network.

Routers must adapt to network conditions in order to maintain network functionality in the face of slowdowns or failures in network links. The routers in your network will exchange information about routing conditions, accept routing updates from network administrative programs, and communicate with routers outside your network if you allow them to. These routing updates are transmitted using a routing protocol, usually RIP, OSPF, or BGP.

RIP has no authentication capability. If a hacker can communicate with a router that uses RIP to update its network information, then the hacker can easily reconfigure the router to deny service to computers in your network or redirect the network traffic from computers in your network. OSPF provides more security than RIP does, and BGP is fairly secure about who it will communicate within order to update routing tables.

Another way a hacker can get your computers to send data to the wrong address is to send ICMP redirect packets to the computer. An ICMP redirect packet instructs the computer that an IP packet is being sent to the wrong router and that there is another route to the destination address that is either more efficient, faster, or capable of avoiding a network problem. It is difficult to forge ICMP packets, however, because they must appear to come from the router closest to the originating computer.

SNMP Reconfiguration
Many network devices, including Windows Server computers (if you install the SNMP service for them) can be managed remotely using SNMP. In addition to data snooping, a hacker can use SNMP to reconfigure your network to deny service to network computers or even to route data out of your network-depending on the SNMP features of the device the hacker gains control of

Protocol Exploitation
Protocol Exploitation is currently the most popular form of hacking on the Internet. Protocol exploitation is an attack based on exploiting a bug in a public service in order to gain more access than would normally be allowed.

Buffer overruns
The most common form of protocol exploitation is the venerable buffer overrun, which is an artifact of the way that modern compilers of certain programming languages create programs

In a C or C++ program, when a function allocates a local variable say, to copy data into that variable is placed on the program's stack (e.g., its temporary data region). Then, when the function calls another function, the subsequent function's return value is placed on the stack behind the local variable of the calling function.

By targeting services that run under "root" (Unix) or "Local System" (Windows) security contexts, the code is then free to perform nearly any task. Typically, the code would simply execute a call to open a security hole for further exploitation, such as patching the registry to allow the command console to receive commands from the web service, or passing a system call to download a fully exploitable Trojan horse.

Most programmers never consider the fact that code other than what they write might be executing inside their program. Why would they? Aside from someone actually maliciously changing their code while it executed, this sort of thing would never occur and therefore usually doesn't need to be checked for, so most programmers who learn to program in the safe context of a University computer lab don't get in the wasteful habit of checking everything. Many programmers also presume that the language or the compiler performs these checks for them, which is true for many languages, but it's not so in the case of C and C++, the languages used to write the vast majority of Internet services.

Impersonation
Impersonation is the next step for a hacker to take if the hacker still doesn't have access to your network computers. The goal of a hacker is to penetrate your network security and get at the information or resources on the computers in your network. These attacks are a lot harder and a lot rarer than protocol exploitation attacks. These attacks are used when a specific target is the goal, rather than when the desired outcome is the random mayhem caused by protocol exploits.

Merely snooping on your network traffic may give the hacker enough information to log on to your network. If that does not work, the hacker may reduce the functionality of your network via a denial-of-service attack, causing computers on your network to reveal enough information to allow the hacker to break in. The hacker might also pursue a denial-of-service attack just to inconvenience users of your network. Ultimately, you may not be susceptible to any well-known protocol exploitation attacks. By impersonating another computer that the computers on your network trust, the hacker's computer may be able to trick your computers into revealing enough information for the hacker to get through your network security. Alternatively, by impersonating another computer, the hacker's computer may be able to trick one of your computers into executing a command that weakens your security enough to let the hacker in. The tactics a hacker may use depend on the computer or service that the hacker is attempting to impersonate, which include the following:

* Source routed attacks
* DHCP, WINS, and DNS service impersonation
* Password playback, server impersonation, and password capture

Source Routed Attacks
The TCP/IP protocol suite includes a little-used option for specifying the exact route a packet should take as it crosses a TCP/IP-based network (such as the Internet). This option is called source routing, and it allows a hacker to send data from one computer and make it look like it came from another (usually more trusted) computer. Source routing is a useful tool for diagnosing network failures and circumventing network problems, but hackers too easily exploit it and so you should not use it in your TCP/IP network. Configure your firewalls to drop all source-routed TCP/IP packets from the Internet.

The hacker can use source routing to impersonate an already connected user and inject additional information into an otherwise benign communication between a server and the authorized client computer. For example, a hacker might detect that an administrator has telnetted onto a server from a client computer. If that administrator is at a command prompt, the hacker could inject a packet into the communications stream would appear to come from the administrator and would tell the server to execute the change password command thereby locking the administrator account and letting the hacker in.

The hacker also might use source routing to impersonate a trusted external DNS server and send DNS updates to your DNS server. This redirects all of the network clients that rely on the DNS server to translate Internet names into IP addresses, so that the client computers go instead to a hostile server under the control of the hacker. The hacker could then use the hostile server to capture passwords

DHCP, WINS, and DNS Service Impersonation
Another tactic a hacker can use to penetrate your network is to impersonate a service that your client computers get configuration information from at boot time. Network clients can be set up toget their configuration (including the location of the default gateway, DNS, and WINS servers) from a DHCP server, so a hacker who can impersonate a DHCP server can redirect your network clients to talk to almost any hostile host. By impersonating a WINS server, the hacker can return invalid or hostile IP addresses for NetBIOS computer names. By impersonating a DNS server, the hacker can return invalid or hostile IP addresses for Internet names as well.

In order for a hacker to impersonate a DHCP, WINS, or DNS server, the hacker must get control of one computer within your network and then initiate a denial-of-service attack against the legitimate DHCP, WINS, or DNS target computer. Once the target computer goes down, the computer controlled by the hacker can begin satisfying DHCP, WINS, or DNS requests in its place. This is just one way that a hacker can use one compromised computer in your network to penetrate your network security further and gain control of other computers in your network.

A DHCP, WINS, or DNS impersonation attack on your network relies on other attack methods to succeed. The hacker must first gather information about your network in order to identify targets, and then cause a denial of service on the service being impersonated. After that succeeds, the hacker must either gain control of at least one computer in your network that will be used to take the place of the server being impersonated, or redirect network traffic to an external computer that can take the place of the server being impersonated. The defensive measures you put in place to stop denial-of-service attacks and to restrict information about your network will help prevent an impersonation attack as well. You should also watch your network traffic for DHCP, WINS, or DNS services being hosted by unauthorized computers in your network, and you should take swift action to shut down any unauthorized servers.

Server Impersonation, Password Capture, and Password Playback
If the hacker has observed an encrypted logon session to one of your computers, they may not know the username and password being used to log on but might be able to fool your system anyway. The hacker might simply record the encrypted logon credentials and send those same credentials to your computer later. It won't matter that the hacker can't discern what the password is, because the receiving computer expects it in encrypted form anyway.

Older networking protocols are vulnerable to this sort of attack. This attack can be defeated by using challenge and response authentication for passwords or by "salting" the password with the current system time so that it can't be decrypted beyond a minute (or whatever the allotted time resolution is) from the original encryption time. Of course, that requires perfectly synchronized clocks, which requires the Network Time Protocol, which is subject to exploitation.

With challenge and response authentication, the password is never transmitted. Rather, the client indicates that she would like to log on. The server transmits a unique number to the client. Both computers encrypt that number using the client's password as a key. The client transmits the encrypted number back to the server. If the encrypted results match, then the same key was usedto perform the encryption and the server knows that the client knows the correct password. By encrypting a random number, the results will be different each time, making it impossible to derive the password used to encrypt it through mechanisms like snooping.

Windows and most modern versions of Unix use this sort of password encryption and authentication by default for NetBIOS connections from network client computers. Unfortunately, Windows also supports an older LAN Manager Authentication protocol. Networking clients may elect to use an older protocol if they inform a Windows server that they do not support the Windows NT Challenge/Response protocol. Hackers can exploit Windows support for this weaker protocol against newer computers by forging a response packet that appears to come from the server (using source routing, rerouting, or a man-in-the-middle position) and that instructs the modern client to use the weaker LAN Manager protocol. This way, the hacker can make the client use an easily cracked password encryption method or even instruct the client not to use password encryption at all. The hacker can then eavesdrop on the resulting logon traffic and capture the password used by the client to log on to the server. The best solution to this security problem is to configure your Windows computers not to accept LAN Manager Authentication.

Many older UNIX protocols, like Telnet, also don't make use of challenge and response authentication. Hackers can simply sniff these passwords off the network. E-mail clients like POP3 and IMAP, as well as Basic AUTH, transmit the user's password in plain text, so users who check e-mail accounts over the Internet are susceptible to having their passwords sniffed as well. If those passwords are the same as their network accounts, their account information is compromised.

Man-in-the-Middle
A special case of the impersonation attack is the man-in-the-middle attack, where the hacker operates between two computers on your network, or between a client computer on the Internet or other WAN network and your server computer in your secure LAN. When the client computer opens a connection to the server computer, the hacker's computer intercepts it (perhaps via a DNS or DHCP impersonation attack or by rerouting the IP traffic from the client to a compromised computer). The hacker computer opens a connection on behalf of the client computer to the server computer. Ideally (from the hacker's point of view), the client will think he is communicating with the server, the server will think it is communicating with the client, and the hacker computer in the middle will be able to observe and alter all of the communications between them.

Depending on the nature of the communications, the hacker computer may be able to use a man-in-the-middle attack to gain greater access to your network. For example, if the connection is an administrator-level Telnet session into a server computer from a client computer, the hacker computer in the middle could (after passing through the logon credentials to gain entry to the server) download the password file from the server to the hacker computer, instead of uploading HTML pages that the administrator may wish to place on the server computer.

On an insecure network such as the Internet, it is difficult to defend against a man-in-the-middle attack. Fortunately, a successful man-in-the-middle attack is also difficult to construct. The measures you take to protect your network against data gathering, denial-of-service, andimpersonation will help protect you from a man-in-the-middle attack. Nevertheless, you should never connect to your network using an administrative account over an insecure network.

Hijacking
One last hacker trick is the hijacking of an already established and authenticated networking connection. This can occur at two layers of the networking protocol at the TCP connection layer and at the SMB or NFS Session layer. In order for a hacker on the Internet to hijack a network share connection, the hacker will have to do both, because SMB uses TCP ports to make the connection.

In order to hijack an existing TCP connection, a hacker must be able to predict TCP sequence numbers, which the two communicating computers use to keep IP packets in order and to ensure that they all arrive at the destination. The hacker must also be able to redirect the TCP/IP connection to the hacker computer, and also launch a denial-of-service attack against the client computer so that the client computer does not indicate to the server that something is wrong. In order to hijack an SMB session (such as a drive mapping to a file share), the hacker must also be able to predict the correct NetBIOS Frame ID, Tree ID, and the correct user ID at the server level of an existing NetBIOS communications link

Wireless Scanning Wardriving / Warchalking
Wireless scanning is a method to find an available wireless network access point. It allows you to identify wireless networks through the use of WNIC (wireless network interface card) running in promiscuous mode and a software that will probe for access points. Once an open wireless access point is found, the wardriver usually maps it, so at the end he would have a map of access points with their properties (SSID, WEP, MAC etc.). Whenever the attacker wants to return into the network, he/she usually logs packets for later analysis, or to run them though a WEP key cracker when a weak key is being used. There are many different types of wireless scanning. The most known and used scanning method is Wardriving, next comes Warchalking. There are many other methods such as Warstrolling, Warflying etc., however this articles deals with Wardriving and Warchalking only.

Why War?
The term war, which is used in Wardriving, Warchalking etc., was taken from the old days of WarDialing. WarDialing, the hacking practice of phoning up every extension of a phone network until the number associated with a modem is hit upon, has been replaced by WarDriving with the introduction of wireless LANS.

WarDriving Lets take a drive
Wardriving is the first and well known method used to find available wireless networks (means unsecured). It is usually done with a mobile device such as a laptop or iPaq. Wardriving scanning is accomplished in an easy way: the attacker takes the device with him/her into a car, and detects networks (NetStumbler for Windows, BSD-AriTools for BSD, and airsnort for Linux). Once an open access point is detected, the attacker maps it, explores, or stumbles into a pipe to the internet.

The equipment necessary to WarDrive is: A wireless network interface card (PCMCIA), a device capable of locating itself on a map (GPS, not always necessary), a laptop or any other mobile device, Linux Red Hat or Debian (Windows is not recommended), Wireless tools (WEPCrack, AirSnort etc.)

The equipment is all off the shelf and pretty inexpensive.

WarChalking The hobo language

Now a new "language" is developing, WarChalking. The idea is based on the "hobo symbols" and is there to tell persons on the street where there is an open wireless network node, and what the settings are. It may look like incomprehensible squiggles, and most people would walk past thinking it is odd graffiti, but it conveys a lot of info that is understood by the hackers. Furthermore, it is now being adopted by those that are sharing networks voluntarily as a way to give the info out to the community." Zig

WarChalking was conceived by a group of friends in June 2002, and published by Matt Jones.

WarChalking is simply drawing a chalk symbol on a wall or pavement to indicate the presence of a wireless network, so that other can easily notice it and the details about it. WarChalking is a the modern version of the hobo sign language, which was used by low-tech kings of the road to alert each other to shelter, food and potential trouble. The chalks symbols are nothing more than giving a visual cue to of a wireless network.

The following are the WarChalking symbols:

Symbol Key
SSID Open Node )(
Bandwidth
SSID Closed Node ()
WEP Node SSID Access Contact ( W )
Bandwidth
Example for a WarChalking symbol:
Retina )( 1.5

This symbol indicates a open node with SSID Retina and bandwidth equal to 1.5MBps.
With the use of these symbols, wardrivers can a lot about the node, and whether this is a worth network. Anyone initiated in the ways of WarChalking will recognize what it means, and get online.

Securing WLANs
Securing a wireless network is much simpler than securing a wired network. Building a secure wireless network can be done within few steps. So, you ask yourself why then its easy to break into a wireless network? the answer is very simple. Whenever a company wants to connect their employees wirelessly into the company network, the administrators often forget to change the default settings of a router, firewall, access point, enabling WEP and more.

Further more, far too many systems administrators forget that the wireless network extends beyond the walls of a building. There may be security guards at the door, and firewalls on the fixed cable network, but the wireless back door is wide open.

The Wireless network security issues are not discussed in this article. WLANs security issues were discussed in my previous article Wireless Security & Hacking.

Links & Sources

* http://www.wifimaps.com - Map server listing wireless access points.

* http://www.kraftvoll.at/software/index.shtml - GPS driving software for Linux.

* http://www.kismetwireless.net - Wireless console bases sniffer. It supports GPS and has a lot of features.

* http://airsnort.shmoo.com - Wireless GUI sniffer for breaking WEP keys.

* http://tp.cs.pdx.edu/pub/mobile - FreeBSD WScan

* http://www.blackbeltjones.com/warchalking/warchalking0_9.pdf - WarChalking Symbols

* http://wepcrack.sourceforge.net - WEPCrack Linux

* http://www.blackalchemy.to/Projects/fakeap/fake-ap.html - Fake AP - Linux

* http://prismstumbler.sourceforge.net/ - PrismStumbler Linux

* http://www.techm.com/font2.html - Hobo Symbol Type Font

Hack Tools

Hack Tools

Rapidshare hackers

pass: mechodownload

MSN HACK

PC HACKING

Password Hacking AIO

Sub7 For Experts
!!Download Ultimate Hcking Tool "Sub7 legends"!!!!
Not for beginners!!!!! use carefully!!! Tutorial provided inside zip

password: 123456

click to get

YAHOO BOOTER

1) Double click the .exe file. Labeled "Colts 1Bot YaHell.exe". A window containing the main forum labeled "Colts 1Bot YaHell" should pop up.

2) Now we need to enter the bot name in the label titled "Y! Name" and the password into the label titled "Y! Pass"

3) Pretty much self explanitory...hit the "login button"

4) Now you type your nameyou want to boot into the label titled "Lamer" and choose one of your three booting options. Which include PM Bomb, Imv Bomb, and Buzz Bomb

Yahoo Magic Pass
use this one really easy

mAgic Password |Sender

How to disable Yahoo from tracking you

Yahoo! has hidden this option way deep inside somewhere but I'm declaring it here in case there are people who want it anyway

1) Go to the address http://privacy.yahoo.com/privacy & click the "Cookies" link under the "Special Topics" column.
2) Click the "Web Beacons" link under the "Reference Links" Column.
3) On this page, click the "click here to opt out" link toward the end of the third paragraph under the "Outside the Yahoo! Network" title.
4) After a while, a page that says you have been out of the monitoring program will load. Without doing anything, close that page or continue your usual urfing by typing another address in the address bar. (Do NOT click the "Cancel Opt-out" button, your action will be cancelled!).
5) You're done! Now Yahoo! will not record what you're doing during surfing.

CMD HACKING COMMANDS

CMD HACKING COMMANDS
I am Sure u guys Know All these commands.... I want to Help The Beginers.. So i am Posting This....

Useful Things to do on CMD!

First, open your Network Connection and right click and select Properties. Then Select TCP/IP and click on Properties again. Now Click on Advanced and WINS tab. Select Default for NeBIOS.

Now back to the main Local Area Connection window, select File and Print Sharing for Mic*ft Networks and hit enter.

This is just to make sure you have NetBIOS enabled. We will have some fun with NetBIOS on CMD.

First thing you need to know is some very helpfull commands to use on CMD(Command Prompt).

In case you don't know how to get CMD open in your box, then click on Start, then Run, then type "cmd" (no quotes, off course... you know the drill).

Back to commands:
nslookup
net view
net use
net user
ping
tracert
arp
route
nbtstat
netstat
ipconfig

In case you don't know some of them, then just type the command on CMD and hit enter. A little help will show up in your screen. Read it and understand what the command does.

Lets start easy...

1) ping : This command will allow you to know if the host you pinging is alive, which means if it is up at the time of executing the "ping" command.

ping x.x.x.x (x is the IP address)

or

ping www.whatever.com (www.whatever.com is the website you want to ping, but you don't know the IP)

OBS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host down.

2) nslookup : This command has many functionalities.
One is for resolving DNS into IP.
Lets say you know the website URL but you don't know its IP(and you want to find out).

nslookup www.whatever.com (www.whatever.com is the website you want to find out the IP)

Now, another really nice function of nslookup is to find out IP of specific Mail Severs

nslookup (enter)
set type=mx (enter)
yahoo.com

This command will give you the mail server IP of yahoo.com. You can use whatever server you want and if it is listed on DNS, then you get the IP. Simple, isn't it?

OK, now why would you want to have an IP of a mail server?
To send spoofed mail to your friends or even for SE.
In case you looking for "How to spoof email", then look for my "How to spoof email tutorial" http://www.infowar.com/forums/showthread.php?s=&threadid=2360

3) tracert : This command will give you the hops that a packet will travel to reach its final destination.

OBS: This command is good to know the route a packet takes before it goes to the target box.

tracert x.x.x.x (x is the IP address)

or

tracert www.whatever.com (www.whatever.com is the website you don't know the IP)

4) arp : This command will show you the arp table. This is good to know if someone is doing arp poisoning in your LAN.

arp -a

5) route : This command will show you the routing table, gateway, interface and metric.

Code:
route print

6) ipconfig : This command will show tons of very helpful things.
Your IP, gateway, dns in use.

Code:
ipconfig
or

Code:
ipconfig /all

this command will give all that info but for all networks you might have it.

Also, in case you have a dynamic IP and want to change it, then type...

Code:
ipconfig /release (this will release your IP)

ipconfig /renew (this will renew your iP)

OBS: Keep in mind that those commands will change your IP, but the new IP will still be tighed up to you. So don't do anything stupid.

7) netstat : This command will show you connection to your box.

Code:
netstat

or

Code:
netstat -a (this will show you all the listening ports and connection with DNS names)
netstat -n (this will show you all the open connection with IP addresses)
netstat -an (this will combined both of the above)

net view x.x.x.x or computername (will list the available sharing folders on the target box)

Now some hints:

Code:
net use \ipaddressipc$ "" /user:administrator

(this command will allow you to connect to the target box as administrator)

Now if you want to connect to the target box and browse the entire C drive, then use this command:

Code:
net use K: \computernameC$
(this will create a virtual drive on your "my computer" folder)

OBS: Keep in mind that this will only works if the target box doesn't have an administrator password set.

And least but not last, the "help" command.

Quote:
whatevercommand /help

or

Quote:
whatevercommand /?

This command will help you to understand what it does and all the switchs available for each command.
Very useful if you know the command, but forgot the right switch.

Monday, February 9, 2009

Fake shutdown trick

There are many easy and prank windows tricks which you can play with your friends and classmates to make them fool . This one is one of my favorite trick which I used to play in my institute and even got punished for it . We will create fake internet explorer icon and whenever someone try to open IE with that icon it will shutdown whole system automatically . Follow these few easy steps :-

1. Right click on desktop and create new shortcut

2. Then one new pop up will appear , just type these words in it shutdown -s -t 00

3. Now click next and delete shutdown.exe name and type a name for this shortcut like internet explorer and than click finish . This will be the name of that prank icon which will be displayed on desktop .

4. Now lets make it look like original IE icon by replacing shortcut icon image . Right click on that icon than properties and than change icon . Now again you will find one pop up , just click ok and select IE image from option and click ok after selecting it .

Now you will see that shortcut link will look like Internet Explorer icon and whenever someone click on that icon to open internet explorer it will result as shutdown

Friday, February 6, 2009

All keyboard Shortcuts

Windows Shortcuts

*

Shift + F10 right-clicks.
*

Win + L (XP Only): Locks keyboard. Similar to Lock Workstation.
*

Win + F or F3: Open Find dialog. (All Files) F3 may not work in some applications which use F3 for their own find dialogs.
*

Win + Control + F: Open Find dialog. (Computers)
*

Win + U: Open Utility Manager.
*

Win + F1: Open Windows help.
*

Win + Pause: Open System Properties dialog.
*

Win + Tab: Cycle through taskbar buttons. Enter clicks, AppsKey or Shift + F10 right-clicks.
*

Win + Shift + Tab: Cycle through taskbar buttons in reverse.
*

Alt + Tab: Display Cool Switch. More commonly known as the AltTab dialog.
*

Alt + Shift + Tab: Display Cool Switch; go in reverse.
*

Alt + Escape: Send active window to the bottom of the z-order.
*

Alt + Shift + Escape: Activate the window at the bottom of the z-order.
*

Alt + F4: Close active window; or, if all windows are closed, open shutdown dialog.
*

Shift while a CD is loading: Bypass AutoPlay.
*

Shift while login: Bypass startup folder. Only those applications will be ignored which are in the startup folder, not those started from the registry (Microsoft\Windows\CurrentVersion\Run\)
*

Ctrl + Alt + Delete or Ctrl + Alt + NumpadDel (Both NumLock states): Invoke the Task Manager or NT Security dialog.
*

Ctrl + Shift + Escape (2000/XP ) or (Ctrl + Alt + NumpadDot) : Invoke the task manager. On earlier OSes, acts like Ctrl + Escape.
*

Print screen: Copy screenshot of current screen to clipboard.
*

Alt + Print screen: Copy screenshot of current active window to clipboard.
*

Ctrl + Alt + Down Arrow: Invert screen. Untested on OS's other than XP.
*

Ctrl + Alt + Up Arrow: Undo inversion.
*

Win + B : Move focus to systray icons.

General

*

Ctrl + C or Ctrl + Insert: Copy.
*

Ctrl + X or Shift + Delete: Cut.
*

Ctrl + V or Shift + Insert: Paste/Move.
*

Ctrl + N: New... File, Tab, Entry, etc.
*

Ctrl + S: Save.
*

Ctrl + O: Open...
*

Ctrl + P: Print.
*

Ctrl + Z: Undo.
*

Ctrl + A: Select all.
*

Ctrl + F: Find...
*

Ctrl+W : to close the current window
*

Ctrl + F4: Close tab or child window.
*

F1: Open help.
*

F11: Toggle full screen mode.
*

Alt or F10: Activate menu bar.
*

Alt + Space: Display system menu. Same as clicking the icon on the titlebar.
*

Escape: Remove focus from current control/menu, or close dialog box.

General Navigation

*

Tab: Forward one item.
*

Shift + Tab: Backward one item.
*

Ctrl + Tab: Cycle through tabs/child windows.
*

Ctrl + Shift + Tab: Cycle backwards through tabs/child windows.
*

Enter: If a button's selected, click it, otherwise, click default button.
*

Space: Toggle items such as radio buttons or checkboxes.
*

Alt + (Letter): Activate item corresponding to (Letter). (Letter) is the underlined letter on the item's name.
*

Ctrl + Left: Move cursor to the beginning of previous word.
*

Ctrl + Right: Move cursor to the beginning of next word.
*

Ctrl + Up: Move cursor to beginning of previous paragraph. This and all subsequent Up/Down hotkeys in this section have only been known to work in Rich Edit controls.
*

Ctrl + Down: Move cursor to beginning of next paragraph.
*

Shift + Left: Highlight one character to the left.
*

Shift + Right: Highlight one character to the right.
*

Shift + Up: Highlight from current cursor position, to one line up.
*

Shift + Down: Highlight from current cursor position, to one line down.
*

Ctrl + Shift + Left: Highlight to beginning of previous word.
*

Ctrl + Shift + Right: Highlight to beginning of next word.
*

Ctrl + Shift + Up: Highlight to beginning of previous paragraph.
*

Ctrl + Shift + Down: Highlight to beginning of next paragraph.
*

Home: Move cursor to top of a scrollable control.
*

End: Move cursor to bottom of a scrollable control.

File Browser

*

Arrow Keys: Navigate.
*

Shift + Arrow Keys: Select multiple items.
*

Ctrl + Arrow Keys: Change focus without changing selection. "Focus" is the object that will run on Enter. Space toggles selection of the focused item.
*

(Letter): Select first found item that begins with (Letter).
*

BackSpace: Go up one level to the parent directory.
*

Alt + Left: Go back one folder.
*

Alt + Right: Go forward one folder.
*

Enter: Activate (Double-click) selected item(s).
*

Alt + Enter: View properties for selected item.
*

F2: Rename selected item(s).
*

Ctrl + NumpadPlus: In a Details view, resizes all columns to fit the longest item in each one.
*

Delete: Delete selected item(s).
*

Shift + Delete: Delete selected item(s); bypass Recycle Bin.
*

Ctrl while dragging item(s): Copy.
*

Ctrl + Shift while dragging item(s): Create shortcut(s).
*

In tree pane, if any:
*

Left: Collapse the current selection if expanded, or select the parent folder.
*

Right: Expand the current selection if collapsed, or select the first subfolder.
*

Numpad Asterisk: Expand currently selected directory and all subdirectories. No undo.
*

Numpad Plus: Expand currently selected directory.
*

Numpad Minus: Collapse currently selected directory.

Accessibility

*

Right Shift for eight seconds: Toggle FilterKeys on and off. FilterKeys must be enabled.
*

Left Alt + Left Shift + PrintScreen: Toggle High Contrast on and off. High Contrast must be enabled.
*

Left Alt + Left Shift + NumLock: Toggle MouseKeys on and off. MouseKeys must be enabled.
*

NumLock for five seconds: Toggle ToggleKeys on and off. ToggleKeys must be enabled.
*

Shift five times: Toggle StickyKeys on and off. StickyKeys must be enabled.
*

6.) Microsoft Natural Keyboard with IntelliType Software Installed
*

Win + L: Log off Windows.
*

Win + P: Open Print Manager.
*

Win + C: Open control panel.
*

Win + V: Open clipboard.
*

Win + K: Open keyboard properties.
*

Win + I: Open mouse properties.
*

Win + A: Open Accessibility properties.
*

Win + Space: Displays the list of Microsoft IntelliType shortcut keys.
*

Win + S: Toggle CapsLock on and off.

Remote Desktop Connection Navigation

*

Ctrl + Alt + End: Open the NT Security dialog.
*

Alt + PageUp: Switch between programs.
*

Alt + PageDown: Switch between programs in reverse.
*

Alt + Insert: Cycle through the programs in most recently used order.
*

Alt + Home: Display start menu.
*

Ctrl + Alt + Break: Switch the client computer between a window and a full screen.
*

Alt + Delete: Display the Windows menu.
*

Ctrl + Alt + NumpadMinus: Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing Alt + PrintScreen on a local computer.
*

Ctrl + Alt + NumpadPlus: Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PrintScreen on a local computer.

Mozilla Firefox Shortcuts

*

Ctrl + Tab or Ctrl + PageDown: Cycle through tabs.
*

Ctrl + Shift + Tab or Ctrl + PageUp: Cycle through tabs in reverse.
*

Ctrl + (1-9): Switch to tab corresponding to number.
*

Ctrl + N: New window.
*

Ctrl + T: New tab.
*

Ctrl + L or Alt + D or F6: Switch focus to location bar.
*

Ctrl + Enter: Open location in new tab.
*

Shift + Enter: Open location in new window.
*

Ctrl + K or Ctrl + E: Switch focus to search bar.
*

Ctrl + O: Open a local file.
*

Ctrl + W: Close tab, or window if there's only one tab open.
*

Ctrl + Shift + W: Close window.
*

Ctrl + S: Save page as a local file.
*

Ctrl + P: Print page.
*

Ctrl + F or F3: Open find toolbar.
*

Ctrl + G or F3: Find next...
*

Ctrl + Shift + G or Shift + F3: Find previous...
*

Ctrl + B or Ctrl + I: Open Bookmarks sidebar.
*

Ctrl + H: Open History sidebar.
*

Escape: Stop loading page.
*

Ctrl + R or F5: Reload current page.
*

Ctrl + Shift + R or Ctrl + F5: Reload current page; bypass cache.
*

Ctrl + U: View page source.
*

Ctrl + D: Bookmark current page.
*

Ctrl + NumpadPlus or Ctrl + Equals (+/=): Increase text size.
*

Ctrl + NumpadMinus or Ctrl + Minus: Decrease text size.
*

Ctrl + Numpad0 or Ctrl + 0: Set text size to default.
*

Alt + Left or Backspace: Back.
*

Alt + Right or Shift + Backspace: Forward.
*

Alt + Home: Open home page.
*

Ctrl + M: Open new message in integrated mail client.
*

Ctrl + J: Open Downloads dialog.
*

F6: Switch to next frame. You must have selected something on the page already, e.g. by use of Tab.
*

Shift + F6: Switch to previous frame.
*

Apostrophe ('): Find link as you type.
*

Slash (/): Find text as you type.

Gmail Shortcuts

*

Note: Must have "keyboard shortcuts" on in settings.
*

C: Compose new message.
*

Shift + C: Open new window to compose new message.
*

Slash (/): Switch focus to search box.
*

K: Switch focus to the next most recent email. Enter or "O" opens focused email.
*

J: Switch focus to the next oldest email.
*

N: Switch focus to the next message in the "conversation." Enter or "O" expands/collapses messages.
*

P: Switch focus to the previous message.
*

U: Takes you back to the inbox and checks for new mail.
*

Y: Various actions depending on current view:
*

Has no effect in "Sent" and "All Mail" views.
*

Inbox: Archive email or message.
*

Starred: Unstar email or message.
*

Spam: Unmark as spam and move back to "Inbox."
*

Trash: Move back to "Inbox."
*

Any label: Remove the label.
*

X: "Check" an email. Various actions can be performed against all checked emails.
*

S: "Star" an email. Identical to the more familiar term, "flagging."
*

R: Reply to the email.
*

A: Reply to all recipients of the email.
*

F: Forward an email.
*

Shift + R: Reply to the email in a new window.
*

Shift + A: Reply to all recipients of the email in a new window.
*

Shift + F: Forward an email in a new window.
*

Shift + 1 (!): Mark an email as spam and remove it from the inbox.
*

G then I: Switch to "Inbox" view.
*

G then S: Switch to "Starred" view.
*

G then A: Switch to "All Mail" view.
*

G then C: Switch to "Contacts" view.
*

G then S: Switch to "Drafts" view.

List of F1-F9 Key Commands for the Command Prompt

*

F1 / right arrow: Repeats the letters of the last command line, one by one.
*

F2: Displays a dialog asking user to "enter the char to copy up to" of the last command line
*

F3: Repeats the last command line
*

F4: Displays a dialog asking user to "enter the char to delete up to" of the last command line
*

F5: Goes back one command line
*

F6: Enters the traditional CTRL+Z (^z)
*

F7: Displays a menu with the command line history
*

F8: Cycles back through previous command lines (beginning with most recent)
*

F9: Displays a dialog asking user to enter a command number, where 0 is for first command line entered.
*

Alt+Enter: toggle full Screen mode.
*

up/down: scroll thru/repeat previous entries
*

Esc: delete line
*

Note: The buffer allows a maximum of 50 command lines. After this number is reached, the first line will be replaced in sequence.

Helpful accessibility keyboard shortcuts

*

Switch FilterKeys on and off. Right SHIFT for eight seconds
*

Switch High Contrast on and off. Left ALT +left SHIFT +PRINT SCREEN
*

Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
*

Switch StickyKeys on and off. SHIFT five times
*

Switch ToggleKeys on and off. NUM LOCK for five seconds

REGEDIT Keyboard Shortcuts

"Ctrl+F" -- Opens the Find dialog box.
"F3" -- Repeats the last search.

Browsing
"Keypad +" -- Expands the selected branch.
"Keypad -" -- Collapses the selected branch.
"Keypad *" -- Expands all the selected branch's sub keys.
"Up Arrow" -- Selects the previous key.
"Down Arrow" -- Selects the next key.
"Left Arrow" -- Collapses the selected branch if it's not collapsed; otherwise, selects the parent key.
"Right Arrow" -- Expands the selected branch if it's not already expanded; otherwise, selects the key's first sub key.
"Home" -- Selects My Computer.
"End" -- Selects the last key that's visible in the key pane.
"Page Up" -- Moves up one page in the key pane.
"Page Down" -- Moves down one page in the key pane.
"Tab" -- Moves between the key and value panes.
"F6" -- Moves between the key and value panes.
"Delete" -- Deletes the select branch or value.
"F1" -- Opens Regedit's Help.
"F2" -- Renames the selected key or value.
"F5" -- Refreshes the key and value panes.
"F10" -- Opens Regedit's menu bar.
"Shift+F10" -- Opens the shortcut menu for the selected key or value.
"Alt+F4" -- Closes Regedit.