Moving To a New Site

I have just decided that it's time to move on and have my own domain. All the posts in this blog will be moved to:

www.pinoygeek.org

Personal posts will be transferred to: raldz.pinoygeek.org

Saturday, December 25, 2004

Steps To Deface A Webpage (About Defacers)

by: b0iler

First of all, I do not deface, I never have (besides friends sites as jokes and all in good fun), and never will. So how do I know how to deface? I guess I just picked it up on the way, so I am no expert in this. If I get a thing or two wrong I apoligize. It is pretty simple when you think that defacing is just replacing a file on a computer. Now, finding the exploit in the first place, that takes skill, that takes knowledge, that is what real hackers are made of. I don't encourage that you deface any sites, as this can be used get credit cards, get passwords, get source code, billing info, email databases, etc.. (it is only right to put up some kind of warning. now go have fun ;)

This tutorial will be broken down into 3 main sections, they are as followed:
1. Finding Vuln Hosts.
2. Getting In.
3. Covering Your Tracks

It really is easy, and I will show you how easy it is.

1. Finding Vuln Hosts
This section needs to be further broken down into two catigories of script kiddies: ones who scan the net for a host that is vuln to a certain exploit and ones who search a certain site for any exploit. The ones you see on alldas are the first kind, they scan thousands of sites for a specific exploit. They do not care who they hack, anyone will do. They have no set target and not much of a purpose. In my opinion these people should either have a cause behind what they are doing, ie. "I make sure people keep up to date with security, I am a messanger" or "I am spreading a political message, I use defacments to get media attention". People who deface to get famous or to show off their skills need to grow up and relize there is a better way of going about this (not that I support the ones with other reasons ether). Anyways, the two kinds and what you need to know about them:

Scanning Script Kiddie: You need to know what signs of the hole are, is it a service? A certain OS? A CGI file? How can you tell if they are vuln? What version(s) are vuln? You need to know how to search the net to find targets which are running whatever is vuln. Use altavista.com or google.com for web based exploits. Using a script to scan ip ranges for a certain port that runs the vuln service. Or using netcraft.com to find out what kind of server they are running and what extras it runs (frontpage, php, etc..) nmap and other port scanners allow quick scans of thousands of ips for open ports. This is a favorate technique of those guys you see with mass hacks on alldas.

Targetted Site Script Kiddie: More respectable then the script kiddies who hack any old site. The main step here is gathering as much information about a site as possible. Find out what OS they run at netcraft or by using: telnet www.site.com 80 then GET / HTTP/1.1 Find out what services they run by doing a port scan. Find out the specifics on the services by telnetting to them. Find any cgi script, or other files which could allow access to the server if exploited by checking /cgi /cgi-bin and browsing around the site (remember to index browse)

Wasn't so hard to get the info was it? It may take awhile, but go through the site slowly and get all the information you can.

2. Getting In
Now that we got the info on the site we can find the exploit(s) we can use to get access. If you were a scanning script kiddie you would know the exploit ahead of time. A couple of great places to look for exploits are Security Focus and packetstorm. Once you get the exploit check and make sure that the exploit is for the same version as the service, OS, script, etc.. Exploits mainly come in two languages, the most used are C and perl. Perl scripts will end in .pl or .cgi, while C will end in .c To compile a C file (on *nix systems) do gcc -o exploit12 file.c then: ./exploit12 For perl just do: chmod 700 file.pl (not really needed) then: perl file.pl. If it is not a script it might be a very simple exploit, or just a theory of a possible exploit. Just do alittle research into how to use it. Another thing you need to check is weither the exploit is remote or local. If it is local you must have an account or physical access to the computer. If it is remote you can do it over a network (internet).

Don't go compiling exploits just yet, there is one more important thing you need to know

Covering Your Tracks
So by now you have gotten the info on the host inorder to find an exploit that will allow you to get access. So why not do it? The problem with covering your tracks isn't that it is hard, rather that it is unpredictable. just because you killed the sys logging doesn't mean that they don't have another logger or IDS running somewhere else. (even on another box). Since most script kiddies don't know the skill of the admin they are targetting they have no way of knowing if they have additional loggers or what. Instead the script kiddie makes it very hard (next to impossible) for the admin to track them down. Many use a stolden or second isp account to begin with, so even if they get tracked they won't get caught. If you don't have the luxery of this then you MUST use multiple wingates, shell accounts, or trojans to bounce off of. Linking them together will make it very hard for someone to track you down. Logs on the wingates and shells will most likely be erased after like 2-7 days. That is if logs are kept at all. It is hard enough to even get ahold of one admin in a week, let alone further tracking the script kiddie down to the next wingate or shell and then getting ahold of that admin all before the logs of any are erased. And it is rare for an admin to even notice an attack, even a smaller percent will actively pursue the attacker at all and will just secure their box and forget it ever happend. For the sake of arugment lets just say if you use wingates and shells, don't do anything to piss the admin off too much (which will get them to call authoritizes or try to track you down) and you deleting logs you will be safe. So how do you do it?

We will keep this very short and too the point, so we'll need to get a few wingates. Wingates by nature tend to change IPs or shutdown all the time, so you need an updated list or program to scan the net for them. You can get a list of wingates that is well updated at http://www.cyberarmy.com/lists/wingate/ and you can also get a program called winscan there. Now lets say we have 3 wingates:

212.96.195.33 port 23
202.134.244.215 port 1080
203.87.131.9 port 23

to use them we go to telnet and connect to them on port 23. we should get a responce like this:

CSM Proxy Server >

to connect to the next wingate we just type in it's ip:port

CSM Proxy Server >202.134.244.215:1080
If you get an error it is most likely to be that the proxy you are trying to connect to isn't up, or that you need to login to the proxy. If all goes well you will get the 3 chained together and have a shell account you are able to connect to. Once you are in your shell account you can link shells together by:

[j00@server j00]$ ssh 212.23.53.74

You can get free shells to work with until you get some hacked shells, here is a list of free shell accounts. And please remember to sign up with false information and from a wingate if possible.

SDF (freeshell.org) - http://sdf.lonestar.org
GREX (cyberspace.org) - http://www.grex.org
NYX - http://www.nxy.net
ShellYeah - http://www.shellyeah.org
HOBBITON.org - http://www.hobbiton.org
FreeShells - http://www.freeshells.net
DucTape - http://www.ductape.net
Free.Net.Pl (Polish server) - http://www.free.net.pl
XOX.pl (Polish server) - http://www.xox.pl
IProtection - http://www.iprotection.com
CORONUS - http://www.coronus.com
ODD.org - http://www.odd.org
MARMOSET - http://www.marmoset.net
flame.org - http://www.flame.org
freeshells - http://freeshells.net.pk
LinuxShell - http://www.linuxshell.org
takiweb - http://www.takiweb.com
FreePort - http://freeport.xenos.net
BSDSHELL - http://free.bsdshell.net
ROOTshell.be - http://www.rootshell.be
shellasylum.com - http://www.shellasylum.com
Daforest - http://www.daforest.org
FreedomShell.com - http://www.freedomshell.com
LuxAdmin - http://www.luxadmin.org
shellweb - http://shellweb.net
blekko - http://blekko.net

once you get on your last shell you can compile the exploit, and you should be safe from being tracked. But lets be even more sure and delete the evidence that we were there.

Alright, there are a few things on the server side that all script kiddies need to be aware of. Mostly these are logs that you must delete or edit. The real script kiddies might even use a rootkit to automaticly delete the logs. Although lets assume you aren't that lame. There are two main logging daemons which I will cover, klogd which is the kernel logs, and syslogd which is the system logs. First step is to kill the daemons so they don't log anymore of your actions.

[root@hacked root]# ps -def | grep syslogd
[root@hacked root]# kill -9 pid_of_syslogd

in the first line we are finding the pid of the syslogd, in the second we are killing the daemon. You can also use /etc/syslog.pid to find the pid of syslogd.

[root@hacked root]# ps -def | grep klogd
[root@hacked root]# kill -9 pid_of_klogd

Same thing happening here with klogd as we did with syslogd.

now that killed the default loggers the script kiddie needs to delete themself from the logs. To find where syslogd puts it's logs check the /etc/syslog.conf file. Of course if you don't care if the admin knows you were there you can delete the logs completely. Lets say you are the lamest of the script kiddies, a defacer, the admin would know that the box has been comprimised since the website was defaced. So there is no point in appending the logs, they would just delete them. The reason we are appending them is so that the admin will not even know a break in has accurd. I'll go over the main reasons people break into a box:


To deface the website. - this is really lame, since it has no point and just damages the system.


To sniff for other network passwords. - there are programs which allow you to sniff other passwords sent from and to the box. If this box is on an ethernet network then you can even sniff packets (which contain passwords) that are destine to any box in that segment.


To mount a DDoS attack. - another lame reason, the admin has a high chance of noticing that you comprimised him once you start sending hundreds of MBs through his connection.


To mount another attack on a box. - this and sniffing is the most commonly used, not lame, reason for exploiting something. Since you now how a rootshell you can mount your attack from this box instead of those crappy freeshells. And you now have control over the logging of the shell.


To get sensitive info. - some corperate boxes have alot of valueable info on them. Credit card databases, source code for software, user/password lists, and other top secret info that a hacker may want to have.


To learn and have fun. - many people do it for the thrill of hacking, and the knowledge you gain. I don't see this as horrible a crime as defacing. as long as you don't destroy anything I don't think this is very bad. Infact some people will even help the admin patch the hole. Still illegal though, and best not to break into anyone's box.


I'll go over the basic log files: utmp, wtmp, lastlog, and .bash_history
These files are usually in /var/log/ but I have heard of them being in /etc/ /usr/bin/ and other places. Since it is different on alot of boxes it is best to just do a find / -iname 'utmp'|find / -iname 'wtmp'|find / -iname 'lastlog'. and also search threw the /usr/ /var/ and /etc/ directories for other logs. Now for the explanation of these 3.

utmp is the log file for who is on the system, I think you can see why this log should be appended. Because you do not want to let anyone know you are in the system. wtmp logs the logins and logouts as well as other info you want to keep away from the admin. Should be appended to show that you never logged in or out. and lastlog is a file which keeps records of all logins. Your shell's history is another file that keeps a log of all the commands you issued, you should look for it in your $ HOME directory and edit it, .sh_history, .history, and .bash_history are the common names. you should only append these log files, not delete them. if you delete them it will be like holding a big sign infront of the admin saying "You've been hacked". Newbie script kiddies often deface and then rm -rf / to be safe. I would avoid this unless you are really freaking out. In this case I would suggest that you never try to exploit a box again. Another way to find log files is to run a script to check for open files (and then manually look at them to determine if they are logs) or do a find for files which have been editted, this command would be: find / -ctime 0 -print

A few popular scripts which can hide your presence from logs include: zap, clear and cloak. Zap will replace your presence in the logs with 0's, clear will clear the logs of your presence, and cloak will replace your presence with different information. acct-cleaner is the only heavily used script in deleting account logging from my experience. Most rootkits have a log cleaning script, and once you installed it logs are not kept of you anyways. If you are on NT the logs are at C:\winNT\system32\LogFiles\, just delete them, nt admins most likely don't check them or don't know what it means if they are deleted.

One final thing about covering your tracks, I won't go to into detail about this because it would require a tutorial all to itself. I am talking about rootkits. What are rootkits? They are a very widely used tool used to cover your tracks once you get into a box. They will make staying hidden painfree and very easy. What they do is replace the binaries like login, ps, and who to not show your presence, ever. They will allow you to login without a password, without being logged by wtmp or lastlog and without even being in the /etc/passwd file. They also make commands like ps not show your processes, so no one knows what programs you are running. They send out fake reports on netstat, ls, and w so that everything looks the way it normally would, except anything you do is missing. But there are some flaws in rootkits, for one some commands produce strange effects because the binary was not made correctly. They also leave fingerprints (ways to tell that the file is from a rootkit). Only smart/good admins check for rootkits, so this isn't the biggest threat, but it should be concidered. Rootkits that come with a LKM (loadable kernel module) are usually the best as they can pretty much make you totally invisible to all others and most admins wouldn't be able to tell they were comprimised.

In writting this tutorial I have mixed feelings. I do not want more script kiddies out their scanning hundreds of sites for the next exploit. And I don't want my name on any shouts. I rather would like to have people say "mmm, that defacing crap is pretty lame" especially when people with no lives scan for exploits everyday just to get their name on a site for a few minutes. I feel alot of people are learning everything but what they need to know inorder to break into boxes. Maybe this tutorial cut to the chase alittle and helps people with some knowledge see how simple it is and hopefully make them see that getting into a system is not all it's hyped up to be. It is not by any means a full guide, I did not cover alot of things. I hope admins found this tutorial helpful aswell, learning that no matter what site you run you should always keep on top of the latest exploits and patch them. Protect yourself with IDS and try finding holes on your own system (both with vuln scanners and by hand). Also setting up an external box to log is not a bad idea. Admins should have also seen alittle bit into the mind of a script kiddie and learned a few things he does.. this should help you catch one if they break into your systems.

On one final note, defacing is lame. I know many people who have defaced in the past and regret it now. You will be labeled a script kiddie and a lamer for a long, long time.

Monday, October 11, 2004

Excel Inputs

Here’s how to add spinners, check boxes, and other useful controls to your worksheets.

Even if you’ve used Excel for years, you may not know about its form controls, which let you enter worksheet values using elements like sliders, spinners, list boxes, and check boxes. We’ll show you how these controls work, give you handy tips for customizing them, and look at some applications.

The Spinner Control

The spinner lets you alter the value in a cell by clicking an up or down arrow on the control. The techniques for customizing spinners also apply to scroll-bar controls, so you’re learning two controls in one, effectively.

Create a simple savings worksheet by entering the data shown in the table below. Note that row 6 is blank.

Cell Value

A1 Savings calculator

A2 Interest rate p.a.

B2 6%

A3 Number of years

B3 4

A4 Monthly deposit

B4 -200

A5 Initial balance

B5 -100

A7 Amount saved

B7 =FV(B2/12, B3*12, B4, B5, 0)

This worksheet calculates the amount saved at the end of four years if you start with $100 and save $200 a month at an interest rate of 6 percent compounded monthly. Monies paid out are expressed as negative values, so your starting deposit and the monthly payments are negative. This simple example offers plenty of options for using spinners.

Begin by creating a spinner to adjust the number of years shown in cell B3. Choose View Toolbars Forms to display the Forms toolbar and locate the Spinner control. Click the control and place it by using your mouse to draw a rectangle in cell C3. Right-click the control, choose Format Control..., and select the Control tab. Set the Current value to 4, the Maximum value to 20, and the Cell link to B3, then click OK.

Deselect the spinner by clicking away from it in the worksheet; test the spinner by clicking its up and down arrows. As you click, the value in the linked cell (B3) should increase or decrease within the specified range.

Overcoming Limitations

Spinners are limited to returning integers between 0 and 30,000, but you can get a range of real numbers (including negative numbers) by performing some simple arithmetic on the value returned by the spinner. To show how this is done, we’ll add a second spinner to adjust the interest rate in quarter-point increments.

Place the spinner in cell C2 and right-click on it. Choose Format Control..., select the Control tab, and set the Current value to 24, the Maximum value to 40, and the Cell link to E2, then click OK. Now format cell B2 to show percentage with two decimal places, and alter the cell’s contents to read: =E2/400. When you click the new spinner, you’ll see the value in cell B2 change in increments of .25 percent, from 0 to 10 percent. The new formula in B2 takes the value the spinner returns in cell E2 (a number from 0 to 40) and divides it by 400 to produce the displayed value.

You can also create a spinner to give you the negative value that represents your monthly deposit. Add a third spinner, this time in cell C4. Set the Current value to 200, the Maximum value to 30000, the Incremental change to 10, and the Cell link to E4, then click OK. In cell B4, type -E4 and test the spinner. The E4 value will change in increments of 10 within the range 0 to 30000, giving B4 values ranging from 0 to -30000. You can create a range of values by using a different formula or by modifying parameters like the maximum value.

Check Boxes

Check boxes are controls that return either true or false, depending on whether they are selected or cleared. They are useful for managing options that have only two possible settings, such as on/off, true/false, or 1/0. In our example, the last argument in the formula in cell B7 is currently set to 0, which indicates that the payment (the amount saved each month) is due at the end of every month. Changing this value to 1 alters the calculation to show the result when payments are made at the beginning of each month. This is a good use for a check box.

Click the Check Box control and add a check box into cell B6. Right-click this control and choose Format Control... Control tab. From the Value options choose Unchecked. Set the Cell link to E6 and click OK. Alter the formula in cell B7 to read: =FV(B2/12, B3*12, B4, B5, E6)

Change the check box’s text by right-clicking it and choosing Edit Text. In place of the current text, type: Payments made at beginning of period, then adjust the size of the control so the text can be clearly seen. Test the box by clicking in it; the value in cell B7 should change according to whether the check box is selected or not.

Combo Boxes

The final control we’ll look at is the combo box, which lets you choose an entry from a list. Combo boxes are handy when you have a fixed number of choices and can be used to return more than one piece of data from a table of data.

To understand more about the combo box control (and its close relative, the list box), type these values into a blank worksheet.

Cell Value

A2 J. Brown

B2 CA

C2 10%

A3 P. Smith

B3 NY

C3 12%

A4 J. Peters

B4 TX

C4 9%

A7 Sales

B7 Salesperson

C7 State

D7 Commission

A8 200000

C8 =INDEX(A2:C4,E2,2)

D8 =INDEX(A2:C4,E2,3)*A8

Ignore the errors that appear in cells C8 and D8. Click the Combo Box control and draw a combo box in cell B8. Right-click the control, choose Format Control... and the Control tab, set the Input Range to A2:A4, set the Cell link to cell E2, and click OK. You can now choose a salesperson from the combo box. When you do so, the person’s state will appear in cell C8 and the commission amount will appear in cell D8.

The combo box control returns the position of the selected item in the Input range list. The first item—J. Brown, in this example—is in position 1. In our sample worksheet, each INDEX function queries the array A2:C4 and returns the value in the row and column specified by the formula. The row number is the value returned in cell E2 by the combo box. The column number is supplied in the INDEX function itself.

Note that the data in column E is necessary but does not have to be visible. You can hide it by right-clicking the column and choosing Hide.

This covers the basics of using form controls on your worksheets. You’ll find other controls on the Forms toolbar, such as the Option Button, the List Box, and the Scroll Bar. Each of these works in a similar way to one of the controls we’ve looked at. Option buttons work like check boxes, but only one at a time can be selected. Scroll bars work like spinners, but also include sliders. List boxes work like combo boxes, but the full list can be visible. Some controls on the toolbar are grayed; these cannot be used on worksheets. See the sidebar for directions to Microsoft Knowledge Base articles that discuss these controls.

Saturday, October 02, 2004

The System Boot Process Explained

The typical computer system boots over and over again with no problems, starting the computer's operating system (OS) and identifying its hardware and software components that all work together to provide the user with the complete computing experience. But what happens between the time that the user powers up the computer and when the GUI icons appear on the desktop?

In order for a computer to successfully boot, its BIOS, operating system and hardware components must all be working properly; failure of any one of these three elements will likely result in a failed boot sequence.

When the computer's power is first turned on, the CPU initializes itself, which is triggered by a series of clock ticks generated by the system clock. Part of the CPU's initialization is to look to the system's ROM BIOS for its first instruction in the startup program. The ROM BIOS stores the first instruction, which is the instruction to run the power-on self test (POST), in a predetermined memory address.

POST begins by checking the BIOS chip and then tests CMOS RAM. If the POST does not detect a battery failure, it then continues to initialize the CPU, checking the inventoried hardware devices (such as the video card), secondary storage devices, such as hard drives and floppy drives, ports and other hardware devices, such as the keyboard and mouse, to ensure they are functioning properly.

Once the POST has determined that all components are functioning properly and the CPU has successfully initialized, the BIOS looks for an OS to load. The BIOS typically looks to the CMOS chip to tell it where to find the OS, and in most PCs, the OS loads from the C drive on the hard drive even though the BIOS has the capability to load the OS from a floppy disk, CD or ZIP drive. The order of drives that the CMOS looks to in order to locate the OS is called the boot sequence, which can be changed by altering the CMOS setup. Looking to the appropriate boot drive, the BIOS will first encounter the boot record, which tells it where to find the beginning of the OS and the subsequent program file that will initialize the OS.

Once the OS initializes, the BIOS copies its files into memory and the OS basically takes over control of the boot process. Now in control, the OS performs another inventory of the system's memory and memory availability (which the BIOS already checked) and loads the device drivers that it needs to control the peripheral devices, such as a printer, scanner, optical drive, mouse and keyboard. This is the final stage in the boot process, after which the user can access the system’s applications to perform tasks.

Source: http://www.webopedia.com

Friday, September 17, 2004

Formatting Nokia 6600 Phone

Format Your Phone - Nokia 6600
by: Zaki

It may happen that a program corrupts the C: drive of your phone. In such case, some data can be lost of course but, more annoying, some applications may not work or work only partially,...

On a Series 60 based phone, two key sequences will allow to restore your phone to a cleaner state:

Normal Reset (*#7780#) : Restores ini files from rom but preserves user data (photos, 3rd party apps etc)

Deep Reset (*#7370#) : This reformats completely the C: drive. All applications and files stored on this drive will be lost and clean default files will be rewritten

In both case, the phone will ask you a confirmation and you will have to enter your security code (12345 by default). In all cases make sure you have at least 3/4 charge of battery power left

Files and applications stored on E: drive are not be affected by these sequences



Useful help: Full phone formatting a 6600!

Here to let everyone know how to perform a FULL phone formatting on a 6600! If you encounter situation like below on your 6600,
1. Blank screen phone unable to reboot
2. Phone only able to boot-up to "Nokia" word screen
3. Install some program but not able to uninstall it after that
4. Unable to delete unwanted files on C drive

Do a Full phone formatting on your 6600! as steps below
1. Make sure you have at least 3/4 charge of battery power left
2. Backup your contacts list and personal files to MMC memory card
3. Switch-off your 6600 phone
4. Press and hold 3 keys; Green dial key, * Star key, no. 3 key on keypad and then press the power on/off to switch on the 6600 phone

Remember, do not let go the 3 press and hold keys until you see a formatting word screen show!

5. After a few minutes when the Full phone formatting completed, your 6600 will back to original system and factory setting.

Wednesday, September 15, 2004

What is Spyware?

Spyware is Internet jargon for Advertising Supported software (Adware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Why is it called "Spyware" ?
While this may be a great concept, the downside is that the advertising companies also install additional tracking software on your system, which is continuously "calling home", using your Internet connection and reports statistical data to the "mothership". While according to the privacy policies of the companies, there will be no sensitive or identifying data collected from your system and you shall remain anonymous, it still remains the fact, that you have a "live" server sitting on your PC that is sending information about you and your surfing habits to a remote location.....

Are all Adware products "Spyware"?
No, but the majority are. There are also products that do display advertising but do not install any tracking mechanism on your system.

Is Spyware illegal?
Even though the name may indicate so, Spyware is not an illegal type of software in any way. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product. This usually involves the tracking and sending of data and statistics via a server installed on the user's PC and the use of your Internet connection in the background.

What's the hype about?
While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement (linked from our database), there is almost no way for the user to actually control what data is being sent. The fact is that the technology is in theory capable of sending much more than just banner statistics - and this is why many people feel uncomfortable with the idea.

On the other hand...
Millions of people are using advertising supported "spyware" products and could not care less about the privacy hype..., in fact some "Spyware" programs are among the most popular downloads on the Internet.


Real spyware...
There are also many PC surveillance tools that allow a user to monitor all kinds of activity on a computer, ranging from keystroke capture, snapshots, email logging, chat logging and just about everything else. These tools are often designed for parents, businesses and similar environments, but can be easily abused if they are installed on your computer without your knowledge.

These tools are perfectly legal in most places, but, just like an ordinary tape recorder, if they are abused, they can seriously violate your privacy.


Facts about "Computer E-mail Viruses"

by: Erick Gerlitz

Does this sound familiar: "Don't read or open any e-mail titled Good Times! It will destroy your computer!" Many of you have received e-mails warning you of reading a specific e-mail sent to you going by a certain name (e.g.- "Good Times," etc.). These warnings tell you your computer will face certain doom if you open these e-mails and read them. THESE WARNINGS ARE A HOAX.

The TRUTH of the matter is, *YOU CAN NOT GET A VIRUS OR ANY SYSTEM DAMAGING SOFTWARE BY READING AN E-MAIL*. E-mails (that is, the ACTUAL message) can not contain viruses. This is why:


>> A virus can not exist in an e-mail text message. They also can NOT exist in USENET (newsgroup) postings or simply "float around" the internet. Viruses must be attached to and infect an executable program (.exe, .com). Viruses and other system-destroying bugs can ONLY exist in EXECUTABLE FILES, and since e-mail is not a system file in that sense, viruses can not exist there. While reading e-mail, you are not executing any malicious code to activate! Thus, no virus can exist. HOWEVER, if you (or your computer) download a FILE attached to an e-mail or USENET posting (i.e.-binary) and RUN it, there IS a chance that file could contain a virus, since a runable file could contain a virus. It is also very important that you DO NOT, under any circumstances, allow your e-mail program to automatically execute an attached file. You risk infection by doing so!

>> Viruses are generally (almost always) OS (operating system)-specific. Meaning, viruses created for a DOS application can do no damage on a Macintosh, and vice-versa. If you take a careful look at these e-mail hoaxs, you'll notice that very few are specific about which system it "infects." There has been one exception to the OS-specific rule, which is called the Microsoft Word Macro Virus, which infects documents instead of the program. This virus can affect both Macintosh and PC computers because of the way the application was written (it contains the same source code on several OS's). In the future, we might see viruses cross OS-boundries because Java, ActiveX programming languages break the typical "rules" of how a virus is OS-specific.

>> If you carefully read these hoax letters, you can pick out strange, non-sensical technical jargon, used to confuse and scare those who aren't computer experts. This jargon usually talks about systems of a computer that don't exist or things that aren't possible.

Saturday, August 21, 2004

1 GB Mailbox

Eversince the launch of GMAIL from GOOGLE, I have craved to have a 1 GB Mailbox, but as of this writing, I haven't got any invites yet.. poor me.. The GMAIL craze has put a hype among web maniacs and free invites was being sold of up to $80 on eBay. I wish I could have an invite and see for myself the features of GMAIL that is threathening to sweep the webmail industry.

But since I want to experience 1GB Mailbox, I have here a list of 1GB email alternatives:

GAWAB (http://www.gawab.com)

Gawab.com Golden membership offers you the following features:
- 1001 MB FREE account
- NO POP/SMTP (Available only on their Silver membership w/c is 15 MB of mailbox)
- 15 Interface Themes
- 14 Different Languages
- SPAM/Virus Protection - Unlimited Number of Folders
The membership in "Gawab Golden" is granted to any Gawab.com user worldwide for FREE.

Rediffmail (http://www.rediff.com)

Rediffmail is free, fast & easy to use email. Rediffmail offers you a storage space of 1 GB. It gives you the facility to send 20 attachments at a time with the total mail size upto 10 MB. The new Rediffmail has several features that makes managing your email simpler. It has powerful spam control.

Spymac (http://www.spymac.com)

Each Spymac membership includes an e-mail account that can be accessed externally via POP3 or with Spymac Mail's web interface. Each account includes a generous 1000 MB of storage space. Spymac Mail sends and receives millions of e-mail messages every year.

Walla! (http://www.walla.com)

Walla! offers 1 GB of email service for free. To keep this service free, Walla! displays an ad banner, the ad banner isn’t obtrusive though. With Walla! you don’t get many of the fancy features found in GAWAB; you won’t get POP access or forwarding, the service is very simple with minimal features and options.


Monday, August 16, 2004

BEGINNERS "STEP BY STEP" SECURITY GUIDE, v0.1.32

By Overlord, © June, 1998. The latest version of this guide is always avaliable from http://www.cyberarmy.com/. You are free to distribute this page on your site, all I ask is that you leave this notice here and place a link to www.cyberarmy.com on your site.......

http://www.hnc3k.com/stepbystephacktute.htm

Crack almost any Windows Password

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program comes in two versions because of the differences and limitations of some API.

http://www.oxid.it/cain.html

Sunday, August 15, 2004

Computer Gender

As you are aware, ships have long been characterized as being female (e.g., "Steady as she goes" or "She's listing to starboard, Captain!")

Recently, a group of computer scientists (all males) announced that computers should also be referred to as being female.

Their reasons for drawing this conclusion follow:

Five reasons to believe computers are female:

1. No one but the Creator understands their internal logic.

2. The native language they use to communicate with other computers is incomprehensible to everyone else.

3. The message "Bad command or file name" is about as informative as, "If you don't know why I'm mad at you, then I'm certainly not going to tell you."

4. Even your smallest mistakes are stored in long-term memory for later retrieval.

5. As soon as you make a commitment to one, you find yourself spending half your paycheck on accessories for it.

However, another group of computer scientists, (all female) think that computers should be referred to as if they were male. Their reasons follow:

Five reasons to believe computers are male:

1. They have a lot of data, but are still clueless.

2. They are supposed to help you solve problems, but half the time they ARE the problem.

3. As soon as you commit to one you realize that, if you had waited a little longer, you could have obtained a better model.

4. In order to get their attention, you have to turn them on.

5. Big power surges knock them out for the rest of the night.

Is WIndows a Virus? - a joke


Is Windows a Virus No? Windows is not a virus. Here's what viruses do:

1.They replicate quickly - okay, Windows does that.

2.Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.

3.Viruses will, from time to time, trash your hard disk - okay, Windows does that too.

4.Viruses are usually carried, unknown to the user, along with valuable programs and systems. - Sigh.. Windows does that, too.

5.Viruses will occasionally make the user suspect their system is too slow (see 2) and the user will buy new hardware. - Yup, Windows does that, too.

Until now it seems Windows is a virus but there are fundamental differences: Viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.

So Windows is not a virus.

It's a bug
Posted by Hello

Saturday, August 14, 2004

Windows 95/98 Local Hacking

Why would I want to hack windows?
Well, okay stupid question but why would you want to hack windows when there are all those lovely servers to take on? The answer is so simple, it often eludes people altogether. How exactly are you going to take out the server if your workstation is so crippled, you can't even use the run command? Most hacking programs are DOS based. If your friendly Admin has removed MS-DOS access, you're in trouble. You won't be able to run all those nice programs you've collected.

What if they Admin has placed some really horrible backdrop on your machine. You have a great replacement only the display properties aren't available. How do you get round that? Well, that's what this tutorial is all about : Removing restrictions on the local machine so that you can get a shot at the servers or so you can run programs that you otherwise wouldn't be able to.

Are there many restrictions that can be placed on me?
There are a surprising amount of things Admins can do to your computer to make it more restricted. To compromise of course, there are many ways to remove these annoying restrictions, one of which I worked out and removes all the restrictions although it temporarily screws up Internet Explorer's settings. Here is a small list :

Control Panel
Run command
Find command
Missing start menu programs
Fixed backdrop
No DOS access
Removed CDROM and floppy access

All of the above are a real pain in the ass. I'll go through removing these restrictions one by one.

Where do these restrictions come from?
Good question. There are two types of restriction, local and remote. The local restrictions are usually stored in the registry and are fairly easy to get round compared to the remote restrictions. These are restrictions placed on servers and are usually downloaded each time you login. They are VERY hard to get around and most are beyond the scope of this tutorial. However if I do show some of them, I'll point out that they are remote. Sometimes, the remote restrictions are enforced as local ones. This is handy to say the least.

What is the registry?
The registry is a database that Windows uses to store all its information. You can consider it as a directory. Most programs and files are registered here, along with user and system settings. Driver versions and start up programs are also found in here. Without the registry, Windows would be in trouble.

Where is the registry?
The registry consists of two files, user.dat and system.dat . Both are stored in the windows directory. There are backups of both files called user.da0 and system.da0 . If the main two are destroyed, the system copies the new versions over to replace them.

The user.dat file contains user settings. All the different parts of a users settings make up a user profile. It is these profiles that contain the information regarding what restrictions should be enforced. Every user is stored here along with all their access rights. I'll show you how to fool the system into giving you full access the easy way later.

The system.dat file strangely enough contains information about the system. This includes settings for Internet Explorer and other pieces of software such as DirectX, MS Office etc etc.

Can I edit it myself?
Yes you can, using a program called regedit. It is automatically installed and unless your friendly Admin has removed your ability to edit it, you can use this program to set anything in the registry that you want.

NOTE : If you remove the system.dat file ( which you usually have to ) some programs may have problems finding their default settings or refuse to load.

I can't edit the registry. How do I get around this ?
Well the easiest way is to simply remove user.dat and system.dat . When you reset the computer and login, it will come up and tell you that it needs to reset to repair the registry. Ignore this message and use ctrl+alt+del to get it to close without selecting 'ok'. You will see that all the restrictions have been removed. Quickly go to 'Run' and type 'command' without the quotes. This will open a DOS window and for some reason stabilises the system. Windows had a nasty tendency to crash if I didn't open a DOS window for some reason. When you reset the computer, the old registry will kick in and the restrictions will be active again. This isn't so bad because it means you can get a machine back to normal with the minimum of fuss.

I can't get to the registry files to delete them! What now?
Don't panic yet! I'll show you two ways of getting to the files. Normally if the 'Run' command is missing, you're going to have trouble getting to the C:\windows directory which holds those files. Second, you'll find that they are write protected. In the next few sections I'll show you how to get round this.

I have the 'Run' command. What next?
Type "c:\windows\" without the quotes. This will take you to the directory that contains the registry. You will most likely get a message saying that altering the files could be dangerous and could stop windows or other programs from working. Ignore that and select continue or click the hyper link. It will now show you the files.

The evil scum bags have nicked the 'Run' command! Now what?!?
Now you panic........only joking! Most Admins do take out the run command as standard. It stops normal people from going where they shouldn't be. However, we can out smart them here by using the shortcut trick. This trick will get us whatever we need and is just as powerful as the run command, except it is slightly more inconvenient.

So what's this magic shortcut trick then?
This trick is essential to a hackers toolkit. In Windows, you can create a shortcut to just about anything from a folder to a program or even a website! We can use this to our advantage. It also gets round the annoying "Access Denied" messages that explorer likes to give. Right click on the desktop, select new -> shortcut. When it asks what you want to make the shortcut to, type in "c:\windows\" without the quotes and press enter. Hit enter twice more and you will find a nice shortcut on your desktop. Click this twice and it will dump you in the Windows directory. Nice eh?

When I type in the directory in explorer, it returns "Access Denied". Why?
This means that the Admin has told explorer not to accept any requests to that folder, program or website. However for some reason explorer will let you straight through if you make a shortcut to that folder. Security is tight eh?

Okay, I've found the files.....only I can't delete them! Windows says that are protected!
When windows says protected, it means write protected. This is when you can't write or alter a file. This is done for safety reasons. No one wants to accidentally delete the registry. However because we're evil we want to and Windows is stopping us. Don't worry, the protection is lame. Right click on the file and hit properties. Once in, untick the little box next to write protected and click apply then okay. Now try deleting the file. You should find that it goes without any hassle. This works with both registry files.

Right, I've sabotaged the files. What next?
To prevent Windows catching on, just turn off the computer and switch it on again. If it starts up and the registry fixing program starts, you'll have to repeat the procedure. Sometimes it gets you, some times it doesn't. If it keeps coming up, see the next section.

My plans are being thwarted by this stupid registry checker! HELP!
This nasty little program kept catching me out. It is called regcheck and is usually found in the windows or windows\system directory. It is called from an ini file called regcheck.ini or regchck.ini . The name seems to vary from system to system though I can't see any reason why it should. You can alter the .ini file and remove the checking program. The script will complete and still the registry won't have been restored!! Tee hee!

The network is on the Internet but Cyber patrol won't let me access any hacking sites!
Cyber patrol is a royal pain in the ass! However, it is very easy to remove. Press ctrl+alt+del to bring up the task list. Select Cyber Patrol and press enter. Cyber Patrol will now bring up a window asking for a password. Damn, we've been beaten! Not so, press ctrl+alt+del again. This time because Cyber Patrol has ALREADY answered windows, it won't access again. Thus Windows thoughtfully lets us close the program. Bye bye stupid restrictions!

I can't access the disk drive or the CDROM yet I see the Admins doing it! How can I ?
This can be quite annoying. You have lots of stuff on disk or CD but you just can't access them. Why? Because some sod has removed their icons from 'My Computer'. *Sigh* I guess its no go then right? Wrong! Although you can't see the drives, they are still there. Load up ole faithful Internet Explorer and type "D:\" without the quotes and press Enter. It should display a list of the files on the CD. If it comes up with "Access Denied" or " Permission Denied" then simply make a shortcut to it. That way, you will see all the files.

When I try to access A: , the whole machine crashes on me! Why?
This happens when the floppy drive has been disabled in the BIOS ( Basic Input Output System). When you try to access it, Windows will hang and force you to reboot. There is a nice easy way of testing if the drive is open before you crash your machine. When you log in or out, check the light on the drive. If it flashes, the drive is available even if you can't see it in the drive list. If it doesn't flash, the drive has been disabled.

I MUST have floppy access! How do I get it?
The only way to get disk access is to enable the floppy drive in BIOS. This is almost ALWAYS passworded ( if not you're really lucky ). You will need a BIOS cracker and there are loads on the Internet. Check what BIOS the machine has when it boots up ( Award, AmiBIOS etc etc). Get a program for that. Obviously you will somehow need to get it on the Network and there is a cunning way to do that to!

Sneaking files onto a Network
This trick is so simple and yet so effective. Create a document that you could pass off as school work or something. Make sure it has an image file in it. Drag and drop the program file into your document and then place the Image file over it. Save as a .doc file and put it on a disk. Ask your friendly Admin to copy the file for you. Most will just copy it and those that check will just see a document with a piccy. They won't see your program. To get the program back, you need to open the document on your workstation. Drag the program back out and put it on your desktop. This trick works with any file of any type.

Right, I've got the program. What now ?
Run the program. It should give you a password. Write this down and reset the machine. As the machine checks its memory press the 'Del' button. It will then take you into the BIOS where it will prompt for the password. Enter the password that you got from the program. It should let you in. Go into the Basic options and look for floppy drive. Go to the first one. It probably says "Not Installed". Change it so it says "3 1/2 inch floppy". Quit the BIOS and save changes. When it boots up, the floppy drive will be active. Do the reverse to disable it again to stop Admins finding you and changing the password.

How can I get back all those nice programs that they removed from my start menu?
This is also quite easy. There is a program called groupconv.exe . By running this, you'll restore the default star menu along with all the usual programs and accessories. Useful if the Admin has removed some program that you prefer or want to use like Paint brush. You'll need paint to pull off the next trick.

How do I change this cursed background without using the display properties?
Not so useful perhaps but nice to have none the less. No one likes the default backgrounds but Admins tend to remove the ability to change them which is rather upsetting. To pull this off, you need access to paint. Normally this isn't removed. Open your bitmap of choice into paint. From the 'File' menu, select "Set as background". This will set your bitmap as the background. Normally this won't stay the same and will change back next time you login. Still, you get a decent background for the duration of your session.

The 'Net Plug' trick
This is a nice easy way of getting Admin rights. I've taken this from my other tutorial and pasted it here because I don't want to have to type it out again. It is a very useful technique which is why I'm duplicating it here.

This is an attack that I worked out myself before I was given Admin status. It always works and I've yet to see it fail. Make sure you are at a windows 95 or 98 machine. I doubt NT would be fooled by this trick but I don't have any NT machines so I can't test it for you.

Note : Most Admins, believe that they are the most knowledgeable about their system. Many also believe that no one else knows much about computers. In other words, for whatever reasons, they are not too concerned about us i.e. the idiots attacking their servers. Why? Because we aren't good enough. So why waste valuable time configuring security that won't be needed eh? I think I've made my point. They don't see us as a threat. You don't consider a house spider a threat so you don't go round putting up netting to keep them out. Why? You can't be bothered. The same rule applies here. Even if you are a computer genius, play it dumb. Admins like to lecture the uninitiated and would love to appear smarter than you. This is the way you want it. The Admins will think you're a nice guy or gal, totally harmless. This sometimes gives you more leverage because they like you, they'll be willing to help you. They also won't expect you to launch a huge assault on their servers either However sometimes there are some smart people out there who will notice your talents and pull you over to their side. This isn't a bad place to be and can be advantageous later.

First of all, login as yourself. Crash your computer and reset it . Walk over to your favourite admin (the one that hates you most is the best choice ) and apologise for being an idiot but the computer won't let you login and could s/he please come and take a look for you. Mumbling and grumbling they'll come over. The best way to test if it is the machine is for them to login. Of course, they'll log in as an admin or equivalent. They'll check your account and see that your account is fine. They'll tell you to log onto another machine and your account will be okay. They'll now log off and walk off in disgust thinking you are a computer moron. Not so my friend, we've just done them good and proper!

Turn off the computer and pull out the network lead. Turn it back on again. The computer will detect that you aren't on a network and will dump you at a desktop with restrictions of the last user. If this user is the admin then chances are that he or she will have full access to everything including DOS and drive access. Perfect for installing all those really kewl programs you have on a disk in your pocket......

But you aren't on the network now. That's no fun is it? Shove the lead back in and try to access a network drive. This is the bit where you hope the Admins are sloppy or not computer geniuses. Windows by default caches ALL passwords so unless the Admins have told it not to ( a key deep in the registry) then windows will have a nice copy of their password. Go into 'My Computer' and click on a drive. Whoop with glee as Netware logs you in as an Admin. Why does this happen? Well windows still holds the username and password last used to access the drive. You are logged into windows as Admin and windows knows what credentials you last gave to the server. So it supplies them for you. Likewise because you are now authenticated you know have full access to the NDS tree. Not only can you read but you can no write, modify delete etc etc. Much more fun!

Now, this is the bit where you have to be sneaky. You have to make a new account for yourself or upgrade your old one. There are pros and cons to each of your choices. If you alter your existing account and they check it for some reason ( maybe you got locked out? ) they'll notice you have admin rights and shoot you. If you make a new user, it might get found quicker but there is no way to point to you ( it was created by user admin after all tee hee ). The choice is yours. You can always do both.

I still need DOS access to run the programs. How can I get it?
Not all Admins actually remove the ability to run DOS programs, simply because they are needed. It is likely though that the shortcuts and the run command will have been removed. Also I doubt you will be able to shutdown into MS-DOS mode. So how do you call up the window?

Well, we can use our usual shortcut trick. The program that opens the DOS windows is called "command.exe" . To run the program, simply make a shortcut to "command" without the quotes. Double clicking on the shortcut will pull up the MS-DOS prompt.

I've done that but I get "This has been disabled by your system Administrator
If you get this, your Admin has locked out the ability for your user to run DOS programs. Windows is suprisingly tight on DOS access. There is only ONE way that I currently know of ( I'm always searching for new ones though) to bypass this whilst logged in as yourself. To do this, you need a program called "poledit.exe".

What the hell is poledit?
Poledit ( short for policy editor ) is the program used to alter user settings on any given computer. This program edits the user.dat file that we saw earlier. It might have occured to some Admins to block access but I have yet to see it done. Normally registry editing is barred but that seems to be only when using regedit.

Poledit is NOT installed by default. You will find it on the Windows 98 CD in the resource kit folder. The file itself isn't very big and it doesn't need any support files. You can sneak it onto the network by hiding it in a Word file. If you have CDROM access, you could just load it in, or burn the program to CD.

Poledit controls ALL the access rights such as control panel access, display properties, find and run commands, DOS access, shutting down to MSDOS mode etc etc. This tool can give them all back to you!

Okay, I've managed to get poledit onto the network. now what?
Right, run the program. It will bring up a list of users and their policies. There will probably be two policies stored there ( at least). One will be called Admin or similar and the other default. You will be user default. Now, alter the settings to whatever you want and save them. Quit the program and you should find that your access has been increased!

I think it worked but when I logged back onto the network, the old settings kicked in.
This is a pain because it means your settings are stored on the server too. When it logs in, it activates the settings you updated and then overlays the new ones from the server. Annoying huh? Well there isn't all that much you can do about it apart from use the Net Plug trick.

How does it help us here? Well, turn off the computer, unplug the network lead and turn it back on. It will automatically log you in as the last user, i.e yourself. However because there is no server, it will pull its restrictions from the local file ( which we edited of course). Plug the network lead back into the computer and try to access the drives. Even if it asks you to login again ( to access the network ), Windows isn't clever enough to pull off the updated policy files. You're home free!!

NetBIOS Hacking

Introduction

NetBIOS stands for Network Basic Input Output System. It's an API than enables DOS BIOS to perform special functions for LAN's. Most LAN's for PCs are based on NetBIOS.

NetBIOS Hacking

This is one of the most simple methods of hacking. It will allow you to connect to a remote PC which has file and print sharing on. You only need that PCs IP.

To see if a certain PC has file and print sharing on use the nbtstat command in the DOS Prompt.

e.g nbtstat -a IP (e.g. 192.168.0.0)

If the PC doesn't have file and print sharing on you'll get:

"Host not found"

Otherwise you'll get:

NetBIOS Remote Machine Name Table

                         

Name Type Status
--------------------------------------------
Host <20> UNIQUE Registered
Workgroup <1e> GROUP Registered
System <03> UNIQUE Registered



The only thing you get from this is the name of the host which has a code of 20. (the other codes can be diffrent, but they don't matter anyway) Now you must search for a file which is called lmhost. With win 9x/me it should be in the windir, so x:\windir\lmhost, (this file has no extension, so when you search for it make shure you have *.* set as file type.)

With Win NT/2000/XP this file is situated in the
x:\windir\system32\drivers\etc\lmhost

Once you have found the file open it in notepad.

There will be lots of text and info which isn't important at the moment. Just scroll to the end of it and type in the name of the host, press tab and type in it's IP. It should look like this:

host IP (e.g. 192.168.0.0)

Save and close the file. Now you need to seach for the PC. Do this with Find and the Computer with win 9x/ME or Search for computer or people with win 2000/XP. Type it's IP (e.g. 192.168.0.0) as the search criterium and you should get a result with the host as the PCs name. (sometimes it's just the IP instead the hosts name, this depends on windows)
Double click on it. You're on your targets pc now and can browse it as your own.

Friday, August 13, 2004

Creating and Configuring Web Sites in Windows Server 2003

Creating and Configuring Web Sites in Windows Server 2003

Since broadband connection is widely used today, many small business to private users prefer to host their sites from their personal computers in their home. The above link is an article on setting up web sites using Windows Server 2003.

My Tech Page

This is blog will be my page for technology related articles.