hacking-pssword-protected-websites
warning : For educational purpose only
i know dis is lame but just would like to share wid u.
have nothing for next half an hour so typing it.. lol
here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .
Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.
Wednesday, November 21, 2007
PC Security
PC Security
Simple Guide 4 opening files locked by PC Security
Pc security.. one of the most comfortable software to keep ur data protected.. even i use it.. but.. check is out..
First of all the bloody disclaimer
1. Information here is only 4 educational purpose nd u shall be responsible 4 all the damage if any or legal shit that u may Find yourself in ;while using the info here( like an asshole)
2. u understand that u r using the info here 4 yourself only nd not 4 harming anyone in anyway or invading privacy of others. It is also acknowledge that u will not using information here to do anything illegal 4 I shall not be held responsible 4 anything.
What is PC Security?
It is a very good software 4 password protecting ur files , folders , drives ,programs nd 4 that matter the whole computer by www.tropsoft.com.
What can this guide do 4 me ?
Not much but it can help u to open a file protected by PC Security ver.5.1 under
Certain conditions.
What do u mean by "under certain condition" ?
Well u can access file protected by PC Security v5.1 only when the locked file is kept in a folder which is not protected that it is u can see the file kept in a folder nd when u click the file(protected file) it gives u strange messages like " access denied "or the "file is used by another program "which tells u that the file is protected .
How can I unlock files protected by PC Security nd what all do I need 4 it ?
Well all u need is a program called MAGIC FOLDERS nd a cup of coffee to drink while u play. I have used version 1.31You can get MAGIC FOLDERS here www.pc-magic.com
Now find the file that u want to unlock nd see in which folder it is kept nd now
Open magic folders (make sure that u install magic folder before doing all this nd make sure that u don't use the feature called encrypted magic folder which comes with it ;usually it does'nt automatically encrypt the folders but make sure that it does
Not do it automatically (I hope it would 'nt do it automatically as it does'nt do with mine) If you're using a non-english version of Win95/98 u may need the english version of the VB5 runtime files. u can get them at:
http://pc-magic.com/dl.htm if cannot install the magic folder on ur PC u need to download some dll files from above mentioned site.
Now that u have installed magic folder open it nd hide (make that folder invisible )the folder in which locked file is kept nd close the program nd shut down ur computer now when u will reboot then again open the magic folders now u should make the folder that u have just made invisible visible ie. Folder that u have made invisble before rebooting the system now make it visible again nd now open the folder nd click on the file Congrats fh !! the file is opened nd now u have full access to the file.
Simple Guide 4 opening files locked by PC Security
Pc security.. one of the most comfortable software to keep ur data protected.. even i use it.. but.. check is out..
First of all the bloody disclaimer
1. Information here is only 4 educational purpose nd u shall be responsible 4 all the damage if any or legal shit that u may Find yourself in ;while using the info here( like an asshole)
2. u understand that u r using the info here 4 yourself only nd not 4 harming anyone in anyway or invading privacy of others. It is also acknowledge that u will not using information here to do anything illegal 4 I shall not be held responsible 4 anything.
What is PC Security?
It is a very good software 4 password protecting ur files , folders , drives ,programs nd 4 that matter the whole computer by www.tropsoft.com.
What can this guide do 4 me ?
Not much but it can help u to open a file protected by PC Security ver.5.1 under
Certain conditions.
What do u mean by "under certain condition" ?
Well u can access file protected by PC Security v5.1 only when the locked file is kept in a folder which is not protected that it is u can see the file kept in a folder nd when u click the file(protected file) it gives u strange messages like " access denied "or the "file is used by another program "which tells u that the file is protected .
How can I unlock files protected by PC Security nd what all do I need 4 it ?
Well all u need is a program called MAGIC FOLDERS nd a cup of coffee to drink while u play. I have used version 1.31You can get MAGIC FOLDERS here www.pc-magic.com
Now find the file that u want to unlock nd see in which folder it is kept nd now
Open magic folders (make sure that u install magic folder before doing all this nd make sure that u don't use the feature called encrypted magic folder which comes with it ;usually it does'nt automatically encrypt the folders but make sure that it does
Not do it automatically (I hope it would 'nt do it automatically as it does'nt do with mine) If you're using a non-english version of Win95/98 u may need the english version of the VB5 runtime files. u can get them at:
http://pc-magic.com/dl.htm if cannot install the magic folder on ur PC u need to download some dll files from above mentioned site.
Now that u have installed magic folder open it nd hide (make that folder invisible )the folder in which locked file is kept nd close the program nd shut down ur computer now when u will reboot then again open the magic folders now u should make the folder that u have just made invisible visible ie. Folder that u have made invisble before rebooting the system now make it visible again nd now open the folder nd click on the file Congrats fh !! the file is opened nd now u have full access to the file.
tricks-cheats
tricks-cheats
Set Processes Priority
Follow this tip to increase the priority of active processes, this will result in prioritisation of processes using the CPU.
CTRL-SHIFT-ESC
1.Go to the second tab called Processes, right click on one of the active processes, you will see the Set Priority option
2.For example, your Run your CDwriter program , set the priority higher, and guess what, no crashed CD’s
Shutdown Trick !
Imidiate rapid shut down window
while shutting down window. open task manager(Ctr+Alt+Del),
Select shut down tab. and press ' Ctrl ' key while select Turn Off from dis tab.
Count 5 4 3 2 1 Voila!!! U r window will rapidly shut down.
Speed Up Ur Shut down !!
Start Regedit.
Navigate to HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control.
Click on the "Control" Folder.
Select "WaitToKillServiceTimeout"
Right click on it and select Modify.
Set it a value lower than 2000 (Mine is set to 200).
and !
Like previous versions of windows, it takes long time to restart or shutdown windows xp when the "Exit Windows" sound is enabled. to solve this problem you
must disable this useless sound. click start button then go to settings -> control panel -> Sound,Speech and Audio devices -> Sounds and Audio Devices -> Sounds, then under program events and windows menu click on "Exit Windows" sub-menu and highlight it.now from sounds you can select,choose "none" and then click apply and ok. now you can see some improvements when shutting down your system.
**new **
Crazy !!
Hide ur folders.. never known trick !!!!!!!!!! Disguise them to "Recycle Bin"
Rename any folder with extension {645FF040-5081-101B-9F08-00AA002F954E}
eg,
if u've a folder games
press F2,
then type, "games.{645FF040-5081-101B-9F08-00AA002F954E}"
c the magic....
then 2 get to original form,
remove the extension using
"ren games.{645FF040-5081-101B-9F08-00AA002F954E} games" in dos or as a bat file
n u are done..
~cheers~
System information
system up time only for xp professional edition
It boasts how long it can stay up. Whereas previous
versions of Windows were coy about how long they went
between boots, XP is positively proud of its stamina.
Go to the Command Prompt in the Accessories menu from
the All Programs start button option, and then type
'systeminfo'. The computer will produce a lot of
useful info, including the uptime. If you want to keep
these, type 'systeminfo > info.txt'. This creates a
file called info.txt you can look at later with
Notepad. (Professional Edition only).
lock pc just by double clicking mouse
You can lock your XP workstation with two clicks of
the mouse. Create a new shortcut on your desktop using
a right mouse click, and enter 'rundll32.exe
user32.dll,LockWorkStation' in the location field.
Give the shortcut a name you like. That's it -- just
double click on it and your computer will be locked.
And if that's not easy enough, Windows key + L will do
the same.
SPEED UP UR ACROBAT READER (ALMOST LIKE NOTEPAD)
Do u get irritated when acrobat reader takes 5/10 seconds to load when you want to open a pdf document. There is a way to speed up the loading.
1. Go to the installation folder of acrobat reader
(C:\program files\adobe\acrobat\reader\.. whatever)
2. Move all the files and folders from the "plugins" directory to the "Optional" directory. (I repeat.. cut and paste the files NOT copy & paste).
Also make sure that acrobat reader is not open else it will lock the files and not allow you to move the files).
Now your acrobat reader will load very fast
and almost as good as notepad..
Remove Stored username and Passwords !
To remove the Stored User Names and Passwords from your system, try this:
Click Start, Run and type Control keymgr.dll
Remove the entries from the list.
The other ways to access this dialog are:
Type Control Userpasswords2 in RUN box, click Advanced, Manage Passwords
-or-
From Control Panel, select your User Account, click Manage your network passwords
It Works
~ Cheers ~
*
Remove the Username and picture from Windows XP New Start Menu
The User account picture can be removed by turning off the Welcome Screen. Or, by switching to Windows Classic theme. Follow the method described in this article if you want to remove the username and picture from the Start Menu, without disabling the Welcome Screen and Windows XP Theme.
For those who want to remove the user name and user account picture from Start Menu, in order to have a blank blue panel at the top, try this:
Start Windows Explorer and go to this folder:
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures
From that folder, rename the BMP file which corresponds to your user account.
( For example, if your username is Robert, rename Robert.bmp to old_Robert.bmp )
Next, rename the following folder:
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures
to something else, say...
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\No_Default Pictures
To remove the user name, follow these steps
Start regedit.exe and navigate to the this key:
HKEY_CURRENT_USER \ Software \ Microsoft\ Windows \ CurrentVersion \ Policies \ Explorer
In the right-pane, set NoUserNameInStartMenu value-data to 1
Close Regedit.exe and restart Windows.
You'll end up with a blue space at the top of the Start Menu.
To get back the username and the picture, reverse the above procedure.
For the New Start Menu, Windows XP looks for the .bmp file in the folder
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures
If the file is not found, it takes a picture from the "Default Pictures" sub-folder. By renaming the .bmp and the "Default Pictures" folder, you're giving no chance for Windows to fetch an image for the Start Menu
~ Cheers ~.
Notepad Trick ! for complete list move to NOTEPAD TRICKS page !!
Well quite old but here is d complete collection
Step 1: Open Notepad
Step 2: Write following line in the notepad.
this app can break
Step 3: Save this file as xxx.txt
Step 4: Close the notepad.
Step 5: Open the file again.
Voilla!!
or
1> Open Notepad
2> Enter four words separated by spaces, wherein the first word has 4 letters, the next two have three letters, and the last word has five letters
3> DON'T hit enter at the end of the line.
4> Save the file.
5> Close Notepad.
6> Reopen Notepad.
7> Open the file you just saved.
or
Open a note pad
type Bush hid the facts
save that file,
close it
again open and see...
NOTEPAD "world trade centre trick".. :Rahul
Did you know that the flight number of the plane that had hit WTC ...on
9/11 was Q33N ....Open your Notepad in ur computer and type the flight
number i.e Q33N... Increase the Font Size to 72, Change the Font to
Wingdings. U will be amazed by the findings.
log trick !! make ur Notepad a diary !!
Sometimes we want to insert current data and time, whenever we open the file in the notepad. If you are a lazy person like me, who don’t like to press F5 whenever you open a notepad. Then here is a trick to avoid this. Just add a .LOG in the first line of your text file and close it.
Whenever you open the file with that text in the first line in the notepad, it will insert the current date and time at the end of the file. You can start entering your text after that.
WHY?
The reason this happens:
In notepad, any other 4-3-3-5 letter word combo will have the same results.
It is all to do with a limitation in Windows. Text files containing Unicode UTF-16-encoded Unicode are supposed to start with a "Byte-Order Mark" (BOM), which is a two-byte flag that tells a reader how the following UTF-16 data is encoded.
1) You are saving to 8-bit Extended ASCII (Look at the Save As / Encoding format)
2) You are reading from 16-bit UNICODE (You guessed it, look at the Save As / Encoding format)
This is why the 18 8-bit characters are being displayed as 9 (obviously not supported by your codepage) 16-bit UNICODE characters
~ cheers ~
SPEED UP MENU DISPLAY.!!
When using the start menu the you will notice a delay between different tiers of the menu hierarchy. For the fastest computer experience possible I recommend changing this value to zero. This will allow the different tiers to appear instantly.
Start Regedit. If you are unfamiliar with regedit please refer to our FAQ on how to get started.
Navigate to HKEY_CURRENT_USER\Control Panel\Desktop
Select MenuShowDelay from the list on the right.
Right on it and select Modify.
Change the value to 0.
Reboot your computer.
CLICKING * .AVI FILES ON EXPLORER CAUSING 100% CPU USAGE.!!
Well windows seem to have a REALLY big problem when it comes to reading AVI files. It seems that when you click on an AVI file in explorer, it'll try to read the entire AVI file to determine the width,height, etc. of the AVI file (this is displayed in the Properties window). Now the problem with Windows is that if you have a broken/not fully downloaded AVI file that doesnt contain this info, Windows will scan the entire AVI file trying to figure out all these properties which in the process will probably cause 100% CPU usage and heavy memory usage. To solve this problem all you have to do is the following:
1. Open up regedit
2. Goto HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler
3. Delete the "Default" value which should be "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"
Voila! Please not that this will no longer provide you with the windows properties displaying the AVI file information such as width, height, bitrate etc. But its a small price to pay for saving you resources.
NOTE: Please use caution when using regedit. Improper usage may cause windows to behave imcorrectly. Also, I cannot be held resposible. Backup your registry first.
CD ROM STOPS AUTOPLAYING/AUTORUN.!!
And the AutoPlay Tab has disappeared in My Computer, Devices With Removable Storage, Right Click on CDROM, Properties.
Solution: The service: "Shell Hardware Detection" has been set to Manual or Disabled. Go to Control Panel, Administrative Tools, Services. Return this service to "Automatic".
How to make your Desktop Icons Transparent
Go to Control Panel > System, > Advanced > Performance area > Settings button Visual Effects tab "Use drop shadows for icon labels on the Desktop"
DISPLAY MESSAGE ON STARTUP.
Start regedit, if you are unfamiliar with regedit please see our FAQ.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Modify the key legalnoticecaption with what you want to name the window.
Modify the key legalnoticetext with what you want the window to say. Restart
AUTO DELETE TEMPORARY FOLDER.!!
ll what i prefer is %temp% " without quotes.. at Start -> Run..
this opens ur temp folder n den u cal erase it neatly// still try dis one too..
First go into gpedit.msc
Next select -> Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Temporary Folder
Then right click "Do Not Delete Temp Folder Upon Exit"
Go to properties and hit disable. Now next time Windows puts a temp file in that folder it will automatically delete it when its done! Note from Forum Admin: Remember, GPEDIT (Group Policy Editor) is only available in XP Pro.
make ur pdf files to speak
make ur pdf files to speak
here r the shortcuts for hearing pdf files in abobe reader 6.0 or higher
ctrl+shift+b ---->to hear the whole topic
ctrl+shift+v ---->to hear the page
Set Processes Priority
Follow this tip to increase the priority of active processes, this will result in prioritisation of processes using the CPU.
CTRL-SHIFT-ESC
1.Go to the second tab called Processes, right click on one of the active processes, you will see the Set Priority option
2.For example, your Run your CDwriter program , set the priority higher, and guess what, no crashed CD’s
Shutdown Trick !
Imidiate rapid shut down window
while shutting down window. open task manager(Ctr+Alt+Del),
Select shut down tab. and press ' Ctrl ' key while select Turn Off from dis tab.
Count 5 4 3 2 1 Voila!!! U r window will rapidly shut down.
Speed Up Ur Shut down !!
Start Regedit.
Navigate to HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control.
Click on the "Control" Folder.
Select "WaitToKillServiceTimeout"
Right click on it and select Modify.
Set it a value lower than 2000 (Mine is set to 200).
and !
Like previous versions of windows, it takes long time to restart or shutdown windows xp when the "Exit Windows" sound is enabled. to solve this problem you
must disable this useless sound. click start button then go to settings -> control panel -> Sound,Speech and Audio devices -> Sounds and Audio Devices -> Sounds, then under program events and windows menu click on "Exit Windows" sub-menu and highlight it.now from sounds you can select,choose "none" and then click apply and ok. now you can see some improvements when shutting down your system.
**new **
Crazy !!
Hide ur folders.. never known trick !!!!!!!!!! Disguise them to "Recycle Bin"
Rename any folder with extension {645FF040-5081-101B-9F08-00AA002F954E}
eg,
if u've a folder games
press F2,
then type, "games.{645FF040-5081-101B-9F08-00AA002F954E}"
c the magic....
then 2 get to original form,
remove the extension using
"ren games.{645FF040-5081-101B-9F08-00AA002F954E} games" in dos or as a bat file
n u are done..
~cheers~
System information
system up time only for xp professional edition
It boasts how long it can stay up. Whereas previous
versions of Windows were coy about how long they went
between boots, XP is positively proud of its stamina.
Go to the Command Prompt in the Accessories menu from
the All Programs start button option, and then type
'systeminfo'. The computer will produce a lot of
useful info, including the uptime. If you want to keep
these, type 'systeminfo > info.txt'. This creates a
file called info.txt you can look at later with
Notepad. (Professional Edition only).
lock pc just by double clicking mouse
You can lock your XP workstation with two clicks of
the mouse. Create a new shortcut on your desktop using
a right mouse click, and enter 'rundll32.exe
user32.dll,LockWorkStation' in the location field.
Give the shortcut a name you like. That's it -- just
double click on it and your computer will be locked.
And if that's not easy enough, Windows key + L will do
the same.
SPEED UP UR ACROBAT READER (ALMOST LIKE NOTEPAD)
Do u get irritated when acrobat reader takes 5/10 seconds to load when you want to open a pdf document. There is a way to speed up the loading.
1. Go to the installation folder of acrobat reader
(C:\program files\adobe\acrobat\reader\.. whatever)
2. Move all the files and folders from the "plugins" directory to the "Optional" directory. (I repeat.. cut and paste the files NOT copy & paste).
Also make sure that acrobat reader is not open else it will lock the files and not allow you to move the files).
Now your acrobat reader will load very fast
and almost as good as notepad..
Remove Stored username and Passwords !
To remove the Stored User Names and Passwords from your system, try this:
Click Start, Run and type Control keymgr.dll
Remove the entries from the list.
The other ways to access this dialog are:
Type Control Userpasswords2 in RUN box, click Advanced, Manage Passwords
-or-
From Control Panel, select your User Account, click Manage your network passwords
It Works
~ Cheers ~
*
Remove the Username and picture from Windows XP New Start Menu
The User account picture can be removed by turning off the Welcome Screen. Or, by switching to Windows Classic theme. Follow the method described in this article if you want to remove the username and picture from the Start Menu, without disabling the Welcome Screen and Windows XP Theme.
For those who want to remove the user name and user account picture from Start Menu, in order to have a blank blue panel at the top, try this:
Start Windows Explorer and go to this folder:
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures
From that folder, rename the BMP file which corresponds to your user account.
( For example, if your username is Robert, rename Robert.bmp to old_Robert.bmp )
Next, rename the following folder:
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures
to something else, say...
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\No_Default Pictures
To remove the user name, follow these steps
Start regedit.exe and navigate to the this key:
HKEY_CURRENT_USER \ Software \ Microsoft\ Windows \ CurrentVersion \ Policies \ Explorer
In the right-pane, set NoUserNameInStartMenu value-data to 1
Close Regedit.exe and restart Windows.
You'll end up with a blue space at the top of the Start Menu.
To get back the username and the picture, reverse the above procedure.
For the New Start Menu, Windows XP looks for the .bmp file in the folder
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures
If the file is not found, it takes a picture from the "Default Pictures" sub-folder. By renaming the .bmp and the "Default Pictures" folder, you're giving no chance for Windows to fetch an image for the Start Menu
~ Cheers ~.
Notepad Trick ! for complete list move to NOTEPAD TRICKS page !!
Well quite old but here is d complete collection
Step 1: Open Notepad
Step 2: Write following line in the notepad.
this app can break
Step 3: Save this file as xxx.txt
Step 4: Close the notepad.
Step 5: Open the file again.
Voilla!!
or
1> Open Notepad
2> Enter four words separated by spaces, wherein the first word has 4 letters, the next two have three letters, and the last word has five letters
3> DON'T hit enter at the end of the line.
4> Save the file.
5> Close Notepad.
6> Reopen Notepad.
7> Open the file you just saved.
or
Open a note pad
type Bush hid the facts
save that file,
close it
again open and see...
NOTEPAD "world trade centre trick".. :Rahul
Did you know that the flight number of the plane that had hit WTC ...on
9/11 was Q33N ....Open your Notepad in ur computer and type the flight
number i.e Q33N... Increase the Font Size to 72, Change the Font to
Wingdings. U will be amazed by the findings.
log trick !! make ur Notepad a diary !!
Sometimes we want to insert current data and time, whenever we open the file in the notepad. If you are a lazy person like me, who don’t like to press F5 whenever you open a notepad. Then here is a trick to avoid this. Just add a .LOG in the first line of your text file and close it.
Whenever you open the file with that text in the first line in the notepad, it will insert the current date and time at the end of the file. You can start entering your text after that.
WHY?
The reason this happens:
In notepad, any other 4-3-3-5 letter word combo will have the same results.
It is all to do with a limitation in Windows. Text files containing Unicode UTF-16-encoded Unicode are supposed to start with a "Byte-Order Mark" (BOM), which is a two-byte flag that tells a reader how the following UTF-16 data is encoded.
1) You are saving to 8-bit Extended ASCII (Look at the Save As / Encoding format)
2) You are reading from 16-bit UNICODE (You guessed it, look at the Save As / Encoding format)
This is why the 18 8-bit characters are being displayed as 9 (obviously not supported by your codepage) 16-bit UNICODE characters
~ cheers ~
SPEED UP MENU DISPLAY.!!
When using the start menu the you will notice a delay between different tiers of the menu hierarchy. For the fastest computer experience possible I recommend changing this value to zero. This will allow the different tiers to appear instantly.
Start Regedit. If you are unfamiliar with regedit please refer to our FAQ on how to get started.
Navigate to HKEY_CURRENT_USER\Control Panel\Desktop
Select MenuShowDelay from the list on the right.
Right on it and select Modify.
Change the value to 0.
Reboot your computer.
CLICKING * .AVI FILES ON EXPLORER CAUSING 100% CPU USAGE.!!
Well windows seem to have a REALLY big problem when it comes to reading AVI files. It seems that when you click on an AVI file in explorer, it'll try to read the entire AVI file to determine the width,height, etc. of the AVI file (this is displayed in the Properties window). Now the problem with Windows is that if you have a broken/not fully downloaded AVI file that doesnt contain this info, Windows will scan the entire AVI file trying to figure out all these properties which in the process will probably cause 100% CPU usage and heavy memory usage. To solve this problem all you have to do is the following:
1. Open up regedit
2. Goto HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler
3. Delete the "Default" value which should be "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"
Voila! Please not that this will no longer provide you with the windows properties displaying the AVI file information such as width, height, bitrate etc. But its a small price to pay for saving you resources.
NOTE: Please use caution when using regedit. Improper usage may cause windows to behave imcorrectly. Also, I cannot be held resposible. Backup your registry first.
CD ROM STOPS AUTOPLAYING/AUTORUN.!!
And the AutoPlay Tab has disappeared in My Computer, Devices With Removable Storage, Right Click on CDROM, Properties.
Solution: The service: "Shell Hardware Detection" has been set to Manual or Disabled. Go to Control Panel, Administrative Tools, Services. Return this service to "Automatic".
How to make your Desktop Icons Transparent
Go to Control Panel > System, > Advanced > Performance area > Settings button Visual Effects tab "Use drop shadows for icon labels on the Desktop"
DISPLAY MESSAGE ON STARTUP.
Start regedit, if you are unfamiliar with regedit please see our FAQ.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Modify the key legalnoticecaption with what you want to name the window.
Modify the key legalnoticetext with what you want the window to say. Restart
AUTO DELETE TEMPORARY FOLDER.!!
ll what i prefer is %temp% " without quotes.. at Start -> Run..
this opens ur temp folder n den u cal erase it neatly// still try dis one too..
First go into gpedit.msc
Next select -> Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Temporary Folder
Then right click "Do Not Delete Temp Folder Upon Exit"
Go to properties and hit disable. Now next time Windows puts a temp file in that folder it will automatically delete it when its done! Note from Forum Admin: Remember, GPEDIT (Group Policy Editor) is only available in XP Pro.
make ur pdf files to speak
make ur pdf files to speak
here r the shortcuts for hearing pdf files in abobe reader 6.0 or higher
ctrl+shift+b ---->to hear the whole topic
ctrl+shift+v ---->to hear the page
windows-password-loophole
windows-password-loophole
a. ok now, what you need to do is to run compmgmt.msc
b. and click on local users and groups.
c. once you've gotten here you need to open up the 'users' folder.
at this point i am walking along with you and notice that there are several
major security holes dealing specifically with the password:
1. double clicking on the any user name allows you a list that looks
something like this:
"user name"
full name: -----------------------
|__________________|
description: -----------------------
|__________________|
--
|_| user must change password at next logon
--
|_| user cannot change password
--
|/| password never expires
--
|_| account is disabled
--
|_| account is locked out
"ok" "cancel" "apply"
ok if you can get past my cheesy drawing, i must ask, did you notice that
the "password never expires" box is checked? if you did, then you may have
realized that this means that you can also uncheck it!
2. if ure paying attention, you'll see that the 'user must change password
at next logon' box is unchecked. if you put a check in this box of course,
when you shut down the system will prompt for a new password!
3. going back to step c.,
right click on any account and notice the dialoge that appears:
set password...
all tasks
delete
rename
properties
help
i think you can handle it from here
ps. i wonder if you can access this data if this stuff is locked to the user
by the admin by going in through the command prompt. i doubt it but if neone
finds a way let me know.
a. ok now, what you need to do is to run compmgmt.msc
b. and click on local users and groups.
c. once you've gotten here you need to open up the 'users' folder.
at this point i am walking along with you and notice that there are several
major security holes dealing specifically with the password:
1. double clicking on the any user name allows you a list that looks
something like this:
"user name"
full name: -----------------------
|__________________|
description: -----------------------
|__________________|
--
|_| user must change password at next logon
--
|_| user cannot change password
--
|/| password never expires
--
|_| account is disabled
--
|_| account is locked out
"ok" "cancel" "apply"
ok if you can get past my cheesy drawing, i must ask, did you notice that
the "password never expires" box is checked? if you did, then you may have
realized that this means that you can also uncheck it!
2. if ure paying attention, you'll see that the 'user must change password
at next logon' box is unchecked. if you put a check in this box of course,
when you shut down the system will prompt for a new password!
3. going back to step c.,
right click on any account and notice the dialoge that appears:
set password...
all tasks
delete
rename
properties
help
i think you can handle it from here
ps. i wonder if you can access this data if this stuff is locked to the user
by the admin by going in through the command prompt. i doubt it but if neone
finds a way let me know.
ethical-hacking-explanation
ethical-hacking-explanation
The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization's secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients.
The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as:
HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
This complimentary description was often extended to the verb form “hacking,” which was used to describe the rapid crafting of a new program or the making of changes to existing, usually complicated software.
As computers became increasingly available at universities, user communities began to extend beyond researchers in engineering or computer science to other individuals who viewed the computer as a curiously flexible tool. Whether they programmed the computers to play games, draw pictures, or to help them with the more mundane aspects of their daily work, once computers were available for use, there was never a lack of individuals wanting to use them.
Because of this increasing popularity of computers and their continued high cost, access to them was usually restricted. When refused access to the computers, some users would challenge the access controls that had been put in place. They would steal passwords or account numbers by looking over someone's shoulder, explore the system for bugs that might get them past the rules, or even take control of the whole system. They would do these things in order to be able to run the programs of their choice, or just to change the limitations under which their programs were running.
Initially these computer intrusions were fairly benign, with the most damage being the theft of computer time. Other times, these recreations would take the form of practical jokes. However, these intrusions did not stay benign for long. Occasionally the less talented, or less careful, intruders would accidentally bring down a system or damage its files, and the system administrators would have to restart it or make repairs. Other times, when these intruders were again denied access once their activities were discovered, they would react with purposefully destructive actions. When the number of these destructive computer intrusions became noticeable, due to the visibility of the system or the extent of the damage inflicted, it became “news” and the news media picked up on the story. Instead of using the more accurate term of “computer criminal,” the media began using the term “hacker” to describe individuals who break into computers for fun, revenge, or profit. Since calling someone a “hacker” was originally meant as a compliment, computer security professionals prefer to use the term “cracker” or “intruder” for those hackers who turn to the dark side of hacking. For clarity, we will use the explicit terms “ethical hacker” and “criminal hacker” for the rest of this paper.
What is ethical hacking?
With the growth of the Internet, computer security has become a major concern for businesses and governments. They want to be able to take advantage of the Internet for electronic commerce, advertising, information distribution and access, and other pursuits, but they are worried about the possibility of being “hacked.” At the same time, the potential customers of these services are worried about maintaining control of personal information that varies from credit card numbers to social security numbers and home addresses.2
In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records. In the case of computer security, these “tiger teams” or “ethical hackers”3 would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. Instead, they would evaluate the target systems' security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them.
This method of evaluating the security of a system has been in use from the early days of computers. In one early ethical hack, the United States Air Force conducted a “security evaluation” of the Multics operating systems for “potential use as a two-level (secret/top secret) system.”4 Their evaluation found that while Multics was “significantly better than other conventional systems,” it also had “ … vulnerabilities in hardware security, software security, and procedural security” that could be uncovered with “a relatively low level of effort.” The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results. There are several other now unclassified reports that describe ethical hacking activities within the U.S. military.5-7
With the growth of computer networking, and of the Internet in particular, computer and network vulnerability studies began to appear outside of the military establishment. Most notable of these was the work by Farmer and Venema,89 in December of 1993. They discussed publicly, perhaps for the first time,10 this idea of using the techniques of the hacker to assess the security of a system. With the goal of raising the overall level of security on the Internet and intranets, they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. which was originally posted to Usenet
Farmer and Venema elected to share their report freely on the Internet in order that everyone could read and learn from it. However, they realized that the testing at which they had become so adept might be too complex, time-consuming, or just too boring for the typical system administrator to perform on a regular basis. For this reason, they gathered up all the tools that they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it.11 Their program, called Security Analysis Tool for Auditing Networks, or SATAN, was met with a great amount of media attention around the world. Most of this early attention was negative, because the tool's capabilities were misunderstood. The tool was not an automated hacker program that would bore into systems and steal their secrets. Rather, the tool performed an audit that both identified the vulnerabilities of a system and provided advice on how to eliminate them. Just as banks have regular audits of their accounts and procedures, computer systems also need regular checking. The SATAN tool provided that auditing capability, but it went one step further: it also advised the user on how to correct the problems it discovered. The tool did not tell the user how the vulnerability might be exploited, because there would be no useful point in doing so.
Who are ethical hackers?
These early efforts provide good examples of ethical hackers. Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. While testing the security of a client's systems, the ethical hacker may discover information about the client that should remain secret. In many cases, this information, if publicized, could lead to real intruders breaking into the systems, possibly leading to financial losses. During an evaluation, the ethical hacker often holds the “keys to the company,” and therefore must be trusted to exercise tight control over any information about a target that could be misused. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the systems being employed by the ethical hackers themselves: limited-access labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing.
Ethical hackers typically have very strong programming and computer networking skills and have been in the computer and networking business for several years. They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., UNIX** or Windows NT**) used on target systems. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. It should be noted that an additional specialization in security is not always necessary, as strong skills in the other areas imply a very good understanding of how the security on various systems is maintained. These systems management skills are necessary for the actual vulnerability testing, but are equally important when preparing the report for the client after the test.
Finally, good candidates for ethical hacking have more drive and patience than most people. Unlike the way someone breaks into a computer in the movies, the work that ethical hackers do demands a lot of time and persistence. This is a critical trait, since criminal hackers are known to be extremely patient and willing to monitor systems for days or weeks while waiting for an opportunity. A typical evaluation may require several days of tedious work that is difficult to automate. Some portions of the evaluations must be done outside of normal working hours to avoid interfering with production at “live” targets or to simulate the timing of a real attack. When they encounter a system with which they are unfamiliar, ethical hackers will spend the time to learn about the system and try to find its weaknesses. Finally, keeping up with the ever-changing world of computer and network security requires continuous education and review.
One might observe that the skills we have described could just as easily belong to a criminal hacker as to an ethical hacker. Just as in sports or warfare, knowledge of the skills and techniques of your opponent is vital to your success. In the computer security realm, the ethical hacker's task is the harder one. With traditional crime anyone can become a shoplifter, graffiti artist, or a mugger. Their potential targets are usually easy to identify and tend to be localized. The local law enforcement agents must know how the criminals ply their trade and how to stop them. On the Internet anyone can download criminal hacker tools and use them to attempt to break into computers anywhere in the world. Ethical hackers have to know the techniques of the criminal hackers, how their activities might be detected, and how to stop them.
Given these qualifications, how does one go about finding such individuals? The best ethical hacker candidates will have successfully published research papers or released popular open-source security software.12 The computer security community is strongly self-policing, given the importance of its work. Most ethical hackers, and many of the better computer and network security experts, did not set out to focus on these issues. Most of them were computer users from various disciplines, such as astronomy and physics, mathematics, computer science, philosophy, or liberal arts, who took it personally when someone disrupted their work with a hack.
One rule that IBM's ethical hacking effort had from the very beginning was that we would not hire ex-hackers. While some will argue that only a “real hacker” would have the skill to actually do the work, we feel that the requirement for absolute trust eliminated such candidates. We likened the decision to that of hiring a fire marshal for a school district: while a gifted ex-arsonist might indeed know everything about setting and putting out fires, would the parents of the students really feel comfortable with such a choice? This decision was further justified when the service was initially offered: the customers themselves asked that such a restriction be observed. Since IBM's ethical hacking group was formed, there have been numerous ex-hackers who have become security consultants and spokespersons for the news media. While they may very well have turned away from the “dark side,” there will always be a doubt.
What do ethical hackers do?
An ethical hacker's evaluation of a system's security seeks answers to three basic questions:
* What can an intruder see on the target systems?
* What can an intruder do with that information?
* Does anyone at the target notice the intruder's attempts or successes?
While the first and second of these are clearly important, the third is even more important: If the owners or operators of the target systems do not notice when someone is trying to break in, the intruders can, and will, spend weeks or months trying and will usually eventually succeed.
When the client requests an evaluation, there is quite a bit of discussion and paperwork that must be done up front. The discussion begins with the client's answers to questions similar to those posed by Garfinkel and Spafford:13
1. What are you trying to protect?
2. What are you trying to protect against?
3. How much time, effort, and money are you willing to expend to obtain adequate protection?
A surprising number of clients have difficulty precisely answering the first question: a medical center might say “our patient information,” an engineering firm might answer “our new product designs,” and a Web retailer might answer “our customer database.”
All of these answers fall short, since they only describe targets in a general way. The client usually has to be guided to succinctly describe all of the critical information assets for which loss could adversely affect the organization or its clients. These assets should also include secondary information sources, such as employee names and addresses (which are privacy and safety risks), computer and network information (which could provide assistance to an intruder), and other organizations with which this organization collaborates (which provide alternate paths into the target systems through a possibly less secure partner's system).
A complete answer to (2) specifies more than just the loss of the things listed in answer to (1). There are also the issues of system availability, wherein a denial-of-service attack could cost the client actual revenue and customer loss because systems were unavailable. The world became quite familiar with denial-of-service attacks in February of 2000 when attacks were launched against eBay**, Yahoo!**, E*TRADE**, CNN**, and other popular Web sites. During the attacks, customers were unable to reach these Web sites, resulting in loss of revenue and “mind share.” The answers to (1) should contain more than just a list of information assets on the organization's computer. The level of damage to an organization's good image resulting from a successful criminal hack can range from merely embarrassing to a serious threat to revenue. As an example of a hack affecting an organization's image, on January 17, 2000, a U.S. Library of Congress Web site was attacked. The original initial screen is shown in Figure 1, whereas the hacked screen is shown in Figure 2. As is often done, the criminal hacker left his or her nickname, or handle, near the top of the page in order to guarantee credit for the break-in.
Figure 1Figure 1 Figure 2Figure 2
Some clients are under the mistaken impression that their Web site would not be a target. They cite numerous reasons, such as “it has nothing interesting on it” or “hackers have never heard of my company.” What these clients do not realize is that every Web site is a target. The goal of many criminal hackers is simple: Do something spectacular and then make sure that all of your pals know that you did it. Another rebuttal is that many hackers simply do not care who your company or organization is; they hack your Web site because they can. For example, Web administrators at UNICEF (United Nations Children's Fund) might very well have thought that no hacker would attack them. However, in January of 1998, their page was defaced as shown in Figures 3 and 4. Many other examples of hacked Web pages can be found at archival sites around the Web.14
Figure 3Figure 3 Figure 4Figure 4
Answers to the third question are complicated by the fact that computer and network security costs come in three forms. First there are the real monetary costs incurred when obtaining security consulting, hiring personnel, and deploying hardware and software to support security needs. Second, there is the cost of usability: the more secure a system is, the more difficult it can be to make it easy to use. The difficulty can take the form of obscure password selection rules, strict system configuration rules, and limited remote access. Third, there is the cost of computer and network performance. The more time a computer or network spends on security needs, such as strong cryptography and detailed system activity logging, the less time it has to work on user problems. Because of Moore's Law,15 this may be less of an issue for mainframe, desktop, and laptop machines. Yet, it still remains a concern for mobile computing.
The “get out of jail free card”
Once answers to these three questions have been determined, a security evaluation plan is drawn up that identifies the systems to be tested, how they should be tested, and any limitations on that testing. Commonly referred to as a “get out of jail free card,” this is the contractual agreement between the client and the ethical hackers, who typically write it together. This agreement also protects the ethical hackers against prosecution, since much of what they do during the course of an evaluation would be illegal in most countries. The agreement provides a precise description, usually in the form of network addresses or modem telephone numbers, of the systems to be evaluated. Precision on this point is of the utmost importance, since a minor mistake could lead to the evaluation of the wrong system at the client's installation or, in the worst case, the evaluation of some other organization's system.
Once the target systems are identified, the agreement must describe how they should be tested. The best evaluation is done under a “no-holds-barred” approach. This means that the ethical hacker can try anything he or she can think of to attempt to gain access to or disrupt the target system. While this is the most realistic and useful, some clients balk at this level of testing. Clients have several reasons for this, the most common of which is that the target systems are “in production” and interference with their operation could be damaging to the organization's interests. However, it should be pointed out to such clients that these very reasons are precisely why a “no-holds-barred” approach should be employed. An intruder will not be playing by the client's rules. If the systems are that important to the organization's well-being, they should be tested as thoroughly as possible. In either case, the client should be made fully aware of the risks inherent to ethical hacker evaluations. These risks include alarmed staff and unintentional system crashes, degraded network or system performance, denial of service, and log-file size explosions.
Some clients insist that as soon as the ethical hackers gain access to their network or to one of their systems, the evaluation should halt and the client be notified. This sort of ruling should be discouraged, because it prevents the client from learning all that the ethical hackers might discover about their systems. It can also lead to the client's having a false sense of security by thinking that the first security hole found is the only one present. The evaluation should be allowed to proceed, since where there is one exposure there are probably others.
The timing of the evaluations may also be important to the client. The client may wish to avoid affecting systems and networks during regular working hours. While this restriction is not recommended, it reduces the accuracy of the evaluation only somewhat, since most intruders do their work outside of the local regular working hours. However, attacks done during regular working hours may be more easily hidden. Alerts from intrusion detection systems may even be disabled or less carefully monitored during the day. Whatever timing is agreed to, the client should provide contacts within the organization who can respond to calls from the ethical hackers if a system or network appears to have been adversely affected by the evaluation or if an extremely dangerous vulnerability is found that should be immediately corrected.
It is common for potential clients to delay the evaluation of their systems until only a few weeks or days before the systems need to go on-line. Such last-minute evaluations are of little use, since implementations of corrections for discovered security problems might take more time than is available and may introduce new system problems.
In order for the client to receive a valid evaluation, the client must be cautioned to limit prior knowledge of the test as much as possible. Otherwise, the ethical hackers might encounter the electronic equivalent of the client's employees running ahead of them, locking doors and windows. By limiting the number of people at the target organization who know of the impending evaluation, the likelihood that the evaluation will reflect the organization's actual security posture is increased. A related issue that the client must be prepared to address is the relationship of the ethical hackers to the target organization's employees. Employees may view this “surprise inspection” as a threat to their jobs, so the organization's management team must be prepared to take steps to reassure them.
The ethical hack itself
Once the contractual agreement is in place, the testing may begin as defined in the agreement. It should be noted that the testing itself poses some risk to the client, since a criminal hacker monitoring the transmissions of the ethical hackers could learn the same information. If the ethical hackers identify a weakness in the client's security, the criminal hacker could potentially attempt to exploit that vulnerability. This is especially vexing since the activities of the ethical hackers might mask those of the criminal hackers. The best approach to this dilemma is to maintain several addresses around the Internet from which the ethical hacker's transmissions will emanate, and to switch origin addresses often. Complete logs of the tests performed by the ethical hackers are always maintained, both for the final report and in the event that something unusual occurs. In extreme cases, additional intrusion monitoring software can be deployed at the target to ensure that all the tests are coming from the ethical hacker's machines. However, this is difficult to do without tipping off the client's staff and may require the cooperation of the client's Internet service provider.
The line between criminal hacking and computer virus writing is becoming increasingly blurred. When requested by the client, the ethical hacker can perform testing to determine the client's vulnerability to e-mail or Web-based virus vectors. However, it is far better for the client to deploy strong antivirus software, keep it up to date, and have a clear and simple policy in place for the reporting of incidents. IBM's Immune System for Cyberspace16,17 is another approach that provides the additional capability of recognizing new viruses and reporting them to a central lab that automatically analyzes the virus and provides an immediate vaccine.
As dramatized in Figure 5, there are several kinds of testing. Any combination of the following may be called for:
* Remote network. This test simulates the intruder launching an attack across the Internet. The primary defenses that must be defeated here are border firewalls, filtering routers, and Web servers.
* Remote dial-up network. This test simulates the intruder launching an attack against the client's modem pools. The primary defenses that must be defeated here are user authentication schemes. These kinds of tests should be coordinated with the local telephone company.
* Local network. This test simulates an employee or other authorized person who has a legal connection to the organization's network. The primary defenses that must be defeated here are intranet firewalls, internal Web servers, server security measures, and e-mail systems.
* Stolen laptop computer. In this test, the laptop computer of a key employee, such as an upper-level manager or strategist, is taken by the client without warning and given to the ethical hackers. They examine the computer for passwords stored in dial-up software, corporate information assets, personnel information, and the like. Since many busy users will store their passwords on their machine, it is common for the ethical hackers to be able to use this laptop computer to dial into the corporate intranet with the owner's full privileges.
* Social engineering. This test evaluates the target organization's staff as to whether it would leak information to someone. A typical example of this would be an intruder calling the organization's computer help line and asking for the external telephone numbers of the modem pool. Defending against this kind of attack is the hardest, because people and personalities are involved. Most people are basically helpful, so it seems harmless to tell someone who appears to be lost where the computer room is located, or to let someone into the building who “forgot” his or her badge. The only defense against this is to raise security awareness.
* Physical entry. This test acts out a physical penetration of the organization's building. Special arrangements must be made for this, since security guards or police could become involved if the ethical hackers fail to avoid detection. Once inside the building, it is important that the tester not be detected. One technique is for the tester to carry a document with the target company's logo on it. Such a document could be found by digging through trash cans before the ethical hack or by casually picking up a document from a trash can or desk once the tester is inside. The primary defenses here are a strong security policy, security guards, access controls and monitoring, and security awareness.
Figure 5Figure 5
Each of these kinds of testing can be performed from three perspectives: as a total outsider, a “semi-outsider,” or a valid user.
A total outsider has very limited knowledge about the target systems. The only information used is available through public sources on the Internet. This test represents the most commonly perceived threat. A well-defended system should not allow this kind of intruder to do anything.
A semi-outsider has limited access to one or more of the organization's computers or networks. This tests scenarios such as a bank allowing its depositors to use special software and a modem to access information about their accounts. A well-defended system should only allow this kind of intruder to access his or her own account information.
A valid user has valid access to at least some of the organization's computers and networks. This tests whether or not insiders with some access can extend that access beyond what has been prescribed. A well-defended system should allow an insider to access only the areas and resources that the system administrator has assigned to the insider.
The actual evaluation of the client's systems proceeds through several phases, as described previously by Boulanger.18
The final report
The final report is a collection of all of the ethical hacker's discoveries made during the evaluation. Vulnerabilities that were found to exist are explained and avoidance procedures specified. If the ethical hacker's activities were noticed at all, the response of the client's staff is described and suggestions for improvements are made. If social engineering testing exposed problems, advice is offered on how to raise awareness. This is the main point of the whole exercise: it does clients no good just to tell them that they have problems. The report must include specific advice on how to close the vulnerabilities and keep them closed. The actual techniques employed by the testers are never revealed. This is because the person delivering the report can never be sure just who will have access to that report once it is in the client's hands. For example, an employee might want to try out some of the techniques for himself or herself. He or she might choose to test the company's systems, possibly annoying system administrators or even inadvertently hiding a real attack. The employee might also choose to test the systems of another organization, which is a felony in the United States when done without permission.
The actual delivery of the report is also a sensitive issue. If vulnerabilities were found, the report could be extremely dangerous if it fell into the wrong hands. A competitor might use it for corporate espionage, a hacker might use it to break into the client's computers, or a prankster might just post the report's contents on the Web as a joke. The final report is typically delivered directly to an officer of the client organization in hard-copy form. The ethical hackers would have an ongoing responsibility to ensure the safety of any information they retain, so in most cases all information related to the work is destroyed at the end of the contract.
Once the ethical hack is done and the report delivered, the client might ask “So, if I fix these things I'll have perfect security, right?” Unfortunately, this is not the case. People operate the client's computers and networks, and people make mistakes. The longer it has been since the testing was performed, the less can be reliably said about the state of a client's security. A portion of the final report includes recommendations for steps the client should continue to follow in order to reduce the impact of these mistakes in the future.
Conclusions
The idea of testing the security of a system by trying to break into it is not new. Whether an automobile company is crash-testing cars, or an individual is testing his or her skill at martial arts by sparring with a partner, evaluation by testing under attack from a real adversary is widely accepted as prudent. It is, however, not sufficient by itself. As Roger Schell observed nearly 30 years ago:
From a practical standpoint the security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security. As long as there is support for ad hoc fixes and security packages for these inadequate designs and as long as the illusory results of penetration teams are accepted as demonstrations of a computer system security, proper security will not be a reality.19
Regular auditing, vigilant intrusion detection, good system administration practice, and computer security awareness are all essential parts of an organization's security efforts. A single failure in any of these areas could very well expose an organization to cyber-vandalism, embarrassment, loss of revenue or mind share, or worse. Any new technology has its benefits and its risks. While ethical hackers can help clients better understand their security needs, it is up to the clients to keep their guards in place.
The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization's secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients.
The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as:
HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
This complimentary description was often extended to the verb form “hacking,” which was used to describe the rapid crafting of a new program or the making of changes to existing, usually complicated software.
As computers became increasingly available at universities, user communities began to extend beyond researchers in engineering or computer science to other individuals who viewed the computer as a curiously flexible tool. Whether they programmed the computers to play games, draw pictures, or to help them with the more mundane aspects of their daily work, once computers were available for use, there was never a lack of individuals wanting to use them.
Because of this increasing popularity of computers and their continued high cost, access to them was usually restricted. When refused access to the computers, some users would challenge the access controls that had been put in place. They would steal passwords or account numbers by looking over someone's shoulder, explore the system for bugs that might get them past the rules, or even take control of the whole system. They would do these things in order to be able to run the programs of their choice, or just to change the limitations under which their programs were running.
Initially these computer intrusions were fairly benign, with the most damage being the theft of computer time. Other times, these recreations would take the form of practical jokes. However, these intrusions did not stay benign for long. Occasionally the less talented, or less careful, intruders would accidentally bring down a system or damage its files, and the system administrators would have to restart it or make repairs. Other times, when these intruders were again denied access once their activities were discovered, they would react with purposefully destructive actions. When the number of these destructive computer intrusions became noticeable, due to the visibility of the system or the extent of the damage inflicted, it became “news” and the news media picked up on the story. Instead of using the more accurate term of “computer criminal,” the media began using the term “hacker” to describe individuals who break into computers for fun, revenge, or profit. Since calling someone a “hacker” was originally meant as a compliment, computer security professionals prefer to use the term “cracker” or “intruder” for those hackers who turn to the dark side of hacking. For clarity, we will use the explicit terms “ethical hacker” and “criminal hacker” for the rest of this paper.
What is ethical hacking?
With the growth of the Internet, computer security has become a major concern for businesses and governments. They want to be able to take advantage of the Internet for electronic commerce, advertising, information distribution and access, and other pursuits, but they are worried about the possibility of being “hacked.” At the same time, the potential customers of these services are worried about maintaining control of personal information that varies from credit card numbers to social security numbers and home addresses.2
In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records. In the case of computer security, these “tiger teams” or “ethical hackers”3 would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. Instead, they would evaluate the target systems' security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them.
This method of evaluating the security of a system has been in use from the early days of computers. In one early ethical hack, the United States Air Force conducted a “security evaluation” of the Multics operating systems for “potential use as a two-level (secret/top secret) system.”4 Their evaluation found that while Multics was “significantly better than other conventional systems,” it also had “ … vulnerabilities in hardware security, software security, and procedural security” that could be uncovered with “a relatively low level of effort.” The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results. There are several other now unclassified reports that describe ethical hacking activities within the U.S. military.5-7
With the growth of computer networking, and of the Internet in particular, computer and network vulnerability studies began to appear outside of the military establishment. Most notable of these was the work by Farmer and Venema,89 in December of 1993. They discussed publicly, perhaps for the first time,10 this idea of using the techniques of the hacker to assess the security of a system. With the goal of raising the overall level of security on the Internet and intranets, they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. which was originally posted to Usenet
Farmer and Venema elected to share their report freely on the Internet in order that everyone could read and learn from it. However, they realized that the testing at which they had become so adept might be too complex, time-consuming, or just too boring for the typical system administrator to perform on a regular basis. For this reason, they gathered up all the tools that they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it.11 Their program, called Security Analysis Tool for Auditing Networks, or SATAN, was met with a great amount of media attention around the world. Most of this early attention was negative, because the tool's capabilities were misunderstood. The tool was not an automated hacker program that would bore into systems and steal their secrets. Rather, the tool performed an audit that both identified the vulnerabilities of a system and provided advice on how to eliminate them. Just as banks have regular audits of their accounts and procedures, computer systems also need regular checking. The SATAN tool provided that auditing capability, but it went one step further: it also advised the user on how to correct the problems it discovered. The tool did not tell the user how the vulnerability might be exploited, because there would be no useful point in doing so.
Who are ethical hackers?
These early efforts provide good examples of ethical hackers. Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. While testing the security of a client's systems, the ethical hacker may discover information about the client that should remain secret. In many cases, this information, if publicized, could lead to real intruders breaking into the systems, possibly leading to financial losses. During an evaluation, the ethical hacker often holds the “keys to the company,” and therefore must be trusted to exercise tight control over any information about a target that could be misused. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the systems being employed by the ethical hackers themselves: limited-access labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing.
Ethical hackers typically have very strong programming and computer networking skills and have been in the computer and networking business for several years. They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., UNIX** or Windows NT**) used on target systems. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. It should be noted that an additional specialization in security is not always necessary, as strong skills in the other areas imply a very good understanding of how the security on various systems is maintained. These systems management skills are necessary for the actual vulnerability testing, but are equally important when preparing the report for the client after the test.
Finally, good candidates for ethical hacking have more drive and patience than most people. Unlike the way someone breaks into a computer in the movies, the work that ethical hackers do demands a lot of time and persistence. This is a critical trait, since criminal hackers are known to be extremely patient and willing to monitor systems for days or weeks while waiting for an opportunity. A typical evaluation may require several days of tedious work that is difficult to automate. Some portions of the evaluations must be done outside of normal working hours to avoid interfering with production at “live” targets or to simulate the timing of a real attack. When they encounter a system with which they are unfamiliar, ethical hackers will spend the time to learn about the system and try to find its weaknesses. Finally, keeping up with the ever-changing world of computer and network security requires continuous education and review.
One might observe that the skills we have described could just as easily belong to a criminal hacker as to an ethical hacker. Just as in sports or warfare, knowledge of the skills and techniques of your opponent is vital to your success. In the computer security realm, the ethical hacker's task is the harder one. With traditional crime anyone can become a shoplifter, graffiti artist, or a mugger. Their potential targets are usually easy to identify and tend to be localized. The local law enforcement agents must know how the criminals ply their trade and how to stop them. On the Internet anyone can download criminal hacker tools and use them to attempt to break into computers anywhere in the world. Ethical hackers have to know the techniques of the criminal hackers, how their activities might be detected, and how to stop them.
Given these qualifications, how does one go about finding such individuals? The best ethical hacker candidates will have successfully published research papers or released popular open-source security software.12 The computer security community is strongly self-policing, given the importance of its work. Most ethical hackers, and many of the better computer and network security experts, did not set out to focus on these issues. Most of them were computer users from various disciplines, such as astronomy and physics, mathematics, computer science, philosophy, or liberal arts, who took it personally when someone disrupted their work with a hack.
One rule that IBM's ethical hacking effort had from the very beginning was that we would not hire ex-hackers. While some will argue that only a “real hacker” would have the skill to actually do the work, we feel that the requirement for absolute trust eliminated such candidates. We likened the decision to that of hiring a fire marshal for a school district: while a gifted ex-arsonist might indeed know everything about setting and putting out fires, would the parents of the students really feel comfortable with such a choice? This decision was further justified when the service was initially offered: the customers themselves asked that such a restriction be observed. Since IBM's ethical hacking group was formed, there have been numerous ex-hackers who have become security consultants and spokespersons for the news media. While they may very well have turned away from the “dark side,” there will always be a doubt.
What do ethical hackers do?
An ethical hacker's evaluation of a system's security seeks answers to three basic questions:
* What can an intruder see on the target systems?
* What can an intruder do with that information?
* Does anyone at the target notice the intruder's attempts or successes?
While the first and second of these are clearly important, the third is even more important: If the owners or operators of the target systems do not notice when someone is trying to break in, the intruders can, and will, spend weeks or months trying and will usually eventually succeed.
When the client requests an evaluation, there is quite a bit of discussion and paperwork that must be done up front. The discussion begins with the client's answers to questions similar to those posed by Garfinkel and Spafford:13
1. What are you trying to protect?
2. What are you trying to protect against?
3. How much time, effort, and money are you willing to expend to obtain adequate protection?
A surprising number of clients have difficulty precisely answering the first question: a medical center might say “our patient information,” an engineering firm might answer “our new product designs,” and a Web retailer might answer “our customer database.”
All of these answers fall short, since they only describe targets in a general way. The client usually has to be guided to succinctly describe all of the critical information assets for which loss could adversely affect the organization or its clients. These assets should also include secondary information sources, such as employee names and addresses (which are privacy and safety risks), computer and network information (which could provide assistance to an intruder), and other organizations with which this organization collaborates (which provide alternate paths into the target systems through a possibly less secure partner's system).
A complete answer to (2) specifies more than just the loss of the things listed in answer to (1). There are also the issues of system availability, wherein a denial-of-service attack could cost the client actual revenue and customer loss because systems were unavailable. The world became quite familiar with denial-of-service attacks in February of 2000 when attacks were launched against eBay**, Yahoo!**, E*TRADE**, CNN**, and other popular Web sites. During the attacks, customers were unable to reach these Web sites, resulting in loss of revenue and “mind share.” The answers to (1) should contain more than just a list of information assets on the organization's computer. The level of damage to an organization's good image resulting from a successful criminal hack can range from merely embarrassing to a serious threat to revenue. As an example of a hack affecting an organization's image, on January 17, 2000, a U.S. Library of Congress Web site was attacked. The original initial screen is shown in Figure 1, whereas the hacked screen is shown in Figure 2. As is often done, the criminal hacker left his or her nickname, or handle, near the top of the page in order to guarantee credit for the break-in.
Figure 1Figure 1 Figure 2Figure 2
Some clients are under the mistaken impression that their Web site would not be a target. They cite numerous reasons, such as “it has nothing interesting on it” or “hackers have never heard of my company.” What these clients do not realize is that every Web site is a target. The goal of many criminal hackers is simple: Do something spectacular and then make sure that all of your pals know that you did it. Another rebuttal is that many hackers simply do not care who your company or organization is; they hack your Web site because they can. For example, Web administrators at UNICEF (United Nations Children's Fund) might very well have thought that no hacker would attack them. However, in January of 1998, their page was defaced as shown in Figures 3 and 4. Many other examples of hacked Web pages can be found at archival sites around the Web.14
Figure 3Figure 3 Figure 4Figure 4
Answers to the third question are complicated by the fact that computer and network security costs come in three forms. First there are the real monetary costs incurred when obtaining security consulting, hiring personnel, and deploying hardware and software to support security needs. Second, there is the cost of usability: the more secure a system is, the more difficult it can be to make it easy to use. The difficulty can take the form of obscure password selection rules, strict system configuration rules, and limited remote access. Third, there is the cost of computer and network performance. The more time a computer or network spends on security needs, such as strong cryptography and detailed system activity logging, the less time it has to work on user problems. Because of Moore's Law,15 this may be less of an issue for mainframe, desktop, and laptop machines. Yet, it still remains a concern for mobile computing.
The “get out of jail free card”
Once answers to these three questions have been determined, a security evaluation plan is drawn up that identifies the systems to be tested, how they should be tested, and any limitations on that testing. Commonly referred to as a “get out of jail free card,” this is the contractual agreement between the client and the ethical hackers, who typically write it together. This agreement also protects the ethical hackers against prosecution, since much of what they do during the course of an evaluation would be illegal in most countries. The agreement provides a precise description, usually in the form of network addresses or modem telephone numbers, of the systems to be evaluated. Precision on this point is of the utmost importance, since a minor mistake could lead to the evaluation of the wrong system at the client's installation or, in the worst case, the evaluation of some other organization's system.
Once the target systems are identified, the agreement must describe how they should be tested. The best evaluation is done under a “no-holds-barred” approach. This means that the ethical hacker can try anything he or she can think of to attempt to gain access to or disrupt the target system. While this is the most realistic and useful, some clients balk at this level of testing. Clients have several reasons for this, the most common of which is that the target systems are “in production” and interference with their operation could be damaging to the organization's interests. However, it should be pointed out to such clients that these very reasons are precisely why a “no-holds-barred” approach should be employed. An intruder will not be playing by the client's rules. If the systems are that important to the organization's well-being, they should be tested as thoroughly as possible. In either case, the client should be made fully aware of the risks inherent to ethical hacker evaluations. These risks include alarmed staff and unintentional system crashes, degraded network or system performance, denial of service, and log-file size explosions.
Some clients insist that as soon as the ethical hackers gain access to their network or to one of their systems, the evaluation should halt and the client be notified. This sort of ruling should be discouraged, because it prevents the client from learning all that the ethical hackers might discover about their systems. It can also lead to the client's having a false sense of security by thinking that the first security hole found is the only one present. The evaluation should be allowed to proceed, since where there is one exposure there are probably others.
The timing of the evaluations may also be important to the client. The client may wish to avoid affecting systems and networks during regular working hours. While this restriction is not recommended, it reduces the accuracy of the evaluation only somewhat, since most intruders do their work outside of the local regular working hours. However, attacks done during regular working hours may be more easily hidden. Alerts from intrusion detection systems may even be disabled or less carefully monitored during the day. Whatever timing is agreed to, the client should provide contacts within the organization who can respond to calls from the ethical hackers if a system or network appears to have been adversely affected by the evaluation or if an extremely dangerous vulnerability is found that should be immediately corrected.
It is common for potential clients to delay the evaluation of their systems until only a few weeks or days before the systems need to go on-line. Such last-minute evaluations are of little use, since implementations of corrections for discovered security problems might take more time than is available and may introduce new system problems.
In order for the client to receive a valid evaluation, the client must be cautioned to limit prior knowledge of the test as much as possible. Otherwise, the ethical hackers might encounter the electronic equivalent of the client's employees running ahead of them, locking doors and windows. By limiting the number of people at the target organization who know of the impending evaluation, the likelihood that the evaluation will reflect the organization's actual security posture is increased. A related issue that the client must be prepared to address is the relationship of the ethical hackers to the target organization's employees. Employees may view this “surprise inspection” as a threat to their jobs, so the organization's management team must be prepared to take steps to reassure them.
The ethical hack itself
Once the contractual agreement is in place, the testing may begin as defined in the agreement. It should be noted that the testing itself poses some risk to the client, since a criminal hacker monitoring the transmissions of the ethical hackers could learn the same information. If the ethical hackers identify a weakness in the client's security, the criminal hacker could potentially attempt to exploit that vulnerability. This is especially vexing since the activities of the ethical hackers might mask those of the criminal hackers. The best approach to this dilemma is to maintain several addresses around the Internet from which the ethical hacker's transmissions will emanate, and to switch origin addresses often. Complete logs of the tests performed by the ethical hackers are always maintained, both for the final report and in the event that something unusual occurs. In extreme cases, additional intrusion monitoring software can be deployed at the target to ensure that all the tests are coming from the ethical hacker's machines. However, this is difficult to do without tipping off the client's staff and may require the cooperation of the client's Internet service provider.
The line between criminal hacking and computer virus writing is becoming increasingly blurred. When requested by the client, the ethical hacker can perform testing to determine the client's vulnerability to e-mail or Web-based virus vectors. However, it is far better for the client to deploy strong antivirus software, keep it up to date, and have a clear and simple policy in place for the reporting of incidents. IBM's Immune System for Cyberspace16,17 is another approach that provides the additional capability of recognizing new viruses and reporting them to a central lab that automatically analyzes the virus and provides an immediate vaccine.
As dramatized in Figure 5, there are several kinds of testing. Any combination of the following may be called for:
* Remote network. This test simulates the intruder launching an attack across the Internet. The primary defenses that must be defeated here are border firewalls, filtering routers, and Web servers.
* Remote dial-up network. This test simulates the intruder launching an attack against the client's modem pools. The primary defenses that must be defeated here are user authentication schemes. These kinds of tests should be coordinated with the local telephone company.
* Local network. This test simulates an employee or other authorized person who has a legal connection to the organization's network. The primary defenses that must be defeated here are intranet firewalls, internal Web servers, server security measures, and e-mail systems.
* Stolen laptop computer. In this test, the laptop computer of a key employee, such as an upper-level manager or strategist, is taken by the client without warning and given to the ethical hackers. They examine the computer for passwords stored in dial-up software, corporate information assets, personnel information, and the like. Since many busy users will store their passwords on their machine, it is common for the ethical hackers to be able to use this laptop computer to dial into the corporate intranet with the owner's full privileges.
* Social engineering. This test evaluates the target organization's staff as to whether it would leak information to someone. A typical example of this would be an intruder calling the organization's computer help line and asking for the external telephone numbers of the modem pool. Defending against this kind of attack is the hardest, because people and personalities are involved. Most people are basically helpful, so it seems harmless to tell someone who appears to be lost where the computer room is located, or to let someone into the building who “forgot” his or her badge. The only defense against this is to raise security awareness.
* Physical entry. This test acts out a physical penetration of the organization's building. Special arrangements must be made for this, since security guards or police could become involved if the ethical hackers fail to avoid detection. Once inside the building, it is important that the tester not be detected. One technique is for the tester to carry a document with the target company's logo on it. Such a document could be found by digging through trash cans before the ethical hack or by casually picking up a document from a trash can or desk once the tester is inside. The primary defenses here are a strong security policy, security guards, access controls and monitoring, and security awareness.
Figure 5Figure 5
Each of these kinds of testing can be performed from three perspectives: as a total outsider, a “semi-outsider,” or a valid user.
A total outsider has very limited knowledge about the target systems. The only information used is available through public sources on the Internet. This test represents the most commonly perceived threat. A well-defended system should not allow this kind of intruder to do anything.
A semi-outsider has limited access to one or more of the organization's computers or networks. This tests scenarios such as a bank allowing its depositors to use special software and a modem to access information about their accounts. A well-defended system should only allow this kind of intruder to access his or her own account information.
A valid user has valid access to at least some of the organization's computers and networks. This tests whether or not insiders with some access can extend that access beyond what has been prescribed. A well-defended system should allow an insider to access only the areas and resources that the system administrator has assigned to the insider.
The actual evaluation of the client's systems proceeds through several phases, as described previously by Boulanger.18
The final report
The final report is a collection of all of the ethical hacker's discoveries made during the evaluation. Vulnerabilities that were found to exist are explained and avoidance procedures specified. If the ethical hacker's activities were noticed at all, the response of the client's staff is described and suggestions for improvements are made. If social engineering testing exposed problems, advice is offered on how to raise awareness. This is the main point of the whole exercise: it does clients no good just to tell them that they have problems. The report must include specific advice on how to close the vulnerabilities and keep them closed. The actual techniques employed by the testers are never revealed. This is because the person delivering the report can never be sure just who will have access to that report once it is in the client's hands. For example, an employee might want to try out some of the techniques for himself or herself. He or she might choose to test the company's systems, possibly annoying system administrators or even inadvertently hiding a real attack. The employee might also choose to test the systems of another organization, which is a felony in the United States when done without permission.
The actual delivery of the report is also a sensitive issue. If vulnerabilities were found, the report could be extremely dangerous if it fell into the wrong hands. A competitor might use it for corporate espionage, a hacker might use it to break into the client's computers, or a prankster might just post the report's contents on the Web as a joke. The final report is typically delivered directly to an officer of the client organization in hard-copy form. The ethical hackers would have an ongoing responsibility to ensure the safety of any information they retain, so in most cases all information related to the work is destroyed at the end of the contract.
Once the ethical hack is done and the report delivered, the client might ask “So, if I fix these things I'll have perfect security, right?” Unfortunately, this is not the case. People operate the client's computers and networks, and people make mistakes. The longer it has been since the testing was performed, the less can be reliably said about the state of a client's security. A portion of the final report includes recommendations for steps the client should continue to follow in order to reduce the impact of these mistakes in the future.
Conclusions
The idea of testing the security of a system by trying to break into it is not new. Whether an automobile company is crash-testing cars, or an individual is testing his or her skill at martial arts by sparring with a partner, evaluation by testing under attack from a real adversary is widely accepted as prudent. It is, however, not sufficient by itself. As Roger Schell observed nearly 30 years ago:
From a practical standpoint the security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security. As long as there is support for ad hoc fixes and security packages for these inadequate designs and as long as the illusory results of penetration teams are accepted as demonstrations of a computer system security, proper security will not be a reality.19
Regular auditing, vigilant intrusion detection, good system administration practice, and computer security awareness are all essential parts of an organization's security efforts. A single failure in any of these areas could very well expose an organization to cyber-vandalism, embarrassment, loss of revenue or mind share, or worse. Any new technology has its benefits and its risks. While ethical hackers can help clients better understand their security needs, it is up to the clients to keep their guards in place.
Port names
Port names
Port are divided into three ranges: the Common Ports, the Registered Ports, and Private Ports.
The Common Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Private Ports are those from 49152 through 65535
Common Ports
The Common Ports are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users.
Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port.
Port Assignments for Common Ports:
Port UDP TCP Definition
7 x x echo
9 x x discard
11 x x systat
13 x x daytime
17 x x quote of the day
19 x character generator
20 x ftp - data
21 x ftp - control
23 x telnet
25 x smtp mail transfer
37 x x timeserver
39 x rlp resource location
42 x x nameserver
43 x nicname whois
53 x x dommainlein name server
67 x bootpc bootstrap protocol
68 x bootpc bootstrap protocol
69 x tftp trivial file transfer
70 x gopher
79 x finger
80 x http
88 x x kerberos
101 x hostname nic
102 x iso-tsap class 0
107 x rtelnet
109 x pop2
110 x pop3
111 x x sunrpc
113 x identification protocol
117 x uucp
119 x nntp
123 x ntp
135 x x epmap
137 x x netbios - name service
138 x netbios - dgm
139 x netbios - ssn
143 x imap
158 x pcmail - srv
161 x snmp
162 x snmptrap
170 x print - srv
179 x border gateway protocol
194 x irc internet relay chat
213 x ipx
389 x ldap
443 x x https (ssl)
445 x x microsoft - ds
464 x x kpasswd
500 x isakmp key exchange
512 x x remote execute
513 x x login / who
514 x x shell cmd / syslog
515 x printer spooler
517 x talk
518 x ntalk
520 x x router / efs
525 x timeserver
526 x tempo
530 x rpc
531 x conference chat
532 x netnews newsreader
533 x netwall
540 x uucp
543 x klogin
544 x kshell
550 x new - rwho
556 x remotefs
560 x rmonitor
561 x monitor
636 x ldaps over tls/ssl
666 x x doom id software
749 x x kerberos administration
750 x kerveros version iv
1109 x kpop
1167 x phone
1433 x x ms - sql - server
1434 x x ms - sql - monitor
1512 x x wins
1524 x ingreslock
1701 x l2tp
1723 x pptp point to point
1812 x radius authentication
1813 x radius accounting
2049 x nfs server
2053 x kerberos de - multiplexor
9535 x man remote server
Port are divided into three ranges: the Common Ports, the Registered Ports, and Private Ports.
The Common Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Private Ports are those from 49152 through 65535
Common Ports
The Common Ports are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users.
Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port.
Port Assignments for Common Ports:
Port UDP TCP Definition
7 x x echo
9 x x discard
11 x x systat
13 x x daytime
17 x x quote of the day
19 x character generator
20 x ftp - data
21 x ftp - control
23 x telnet
25 x smtp mail transfer
37 x x timeserver
39 x rlp resource location
42 x x nameserver
43 x nicname whois
53 x x dommainlein name server
67 x bootpc bootstrap protocol
68 x bootpc bootstrap protocol
69 x tftp trivial file transfer
70 x gopher
79 x finger
80 x http
88 x x kerberos
101 x hostname nic
102 x iso-tsap class 0
107 x rtelnet
109 x pop2
110 x pop3
111 x x sunrpc
113 x identification protocol
117 x uucp
119 x nntp
123 x ntp
135 x x epmap
137 x x netbios - name service
138 x netbios - dgm
139 x netbios - ssn
143 x imap
158 x pcmail - srv
161 x snmp
162 x snmptrap
170 x print - srv
179 x border gateway protocol
194 x irc internet relay chat
213 x ipx
389 x ldap
443 x x https (ssl)
445 x x microsoft - ds
464 x x kpasswd
500 x isakmp key exchange
512 x x remote execute
513 x x login / who
514 x x shell cmd / syslog
515 x printer spooler
517 x talk
518 x ntalk
520 x x router / efs
525 x timeserver
526 x tempo
530 x rpc
531 x conference chat
532 x netnews newsreader
533 x netwall
540 x uucp
543 x klogin
544 x kshell
550 x new - rwho
556 x remotefs
560 x rmonitor
561 x monitor
636 x ldaps over tls/ssl
666 x x doom id software
749 x x kerberos administration
750 x kerveros version iv
1109 x kpop
1167 x phone
1433 x x ms - sql - server
1434 x x ms - sql - monitor
1512 x x wins
1524 x ingreslock
1701 x l2tp
1723 x pptp point to point
1812 x radius authentication
1813 x radius accounting
2049 x nfs server
2053 x kerberos de - multiplexor
9535 x man remote server
ip-address-hack-contd
ip-address-hack-contd
Changing your MAC on Windows XP
There are two ways two change your IP on Windows. The easy way, and the hard way. Ill discuss how to do both of them in this tutorial.
Easy Way:
The first way to change it is, if your NIC (Network Interface Card) supports cloning your MAC Address. If this is the case then you go to.
Start > Control Panel > Network Connections
Right Click on your NIC card and goto properties. Then click the button labeled Configure. It should bring up another form. Click on the advanced tab. You should see under Property "Locally Administered Address" or "Network Address". Click the radio button next to the text box, and type in your new MAC address. (note you do not use the "-" when you enter your no MAC Address.
To check and see if it worked or not go to
Start > Run > and type in "cmd"
When the terminal comes up issue the command.
ipconfig /all
-----------------------------------------------------------------------------------------------------------------------------------------------
Hard Way:
To change your MAC Address the hard way, you first go to
Start > Run > and type in "cmd"
Once the terminal comes up type in
"net config rdr"
It should bring up alot of things, but what you are worried about is
NetBT_Tcpip_{ The Numbers Between here}
Copy the numbers in between there and write it down somewhere, seeing that you will need them later.
After you are done with that go to
Start > Run > and type in "regedt32"
That should bring up the windows registry. Once the registry is up go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
Click on the drop down menu and you should see the sub-categories
0000
0001
0002
and so on.
Click on each one and compare the "NetCfgInstanceId" Key with the number you wrote down earlier. Once you find a match double click on the key "NetworkAddress" and change the value to your new MAC address. Hit ok and reboot your system.
There r several ways u can determine ur IP address information:
IPCONFIG
Start / Run / cmd
IPCONFIG /ALL
This opens a command window. One advantage is that u can send the information to a text file (IPCONFIG /ALL > c:\ip.txt)
But sometimes the window shows show much information u need to scroll around to fine it.
VIEW STATUS
Control Panel / Network Connections / Double click the icons 4 ur network (If the network has an icon in the system tray u can also just double click on that icon)
Click on the Support tab
Click on the Details button
:::::::::::::
Make Pictures Smaller Unavailable
When u try nd send pictures through e-mail, u should normally be given the option to make them smaller.
If this option is not available, a DLL file may need to be registered.
Start
Run
regsvr32 shimgvw.dll
:::::::::::::
Creating a Suspend Shortcut
If u would like to create an icon to suspend ur computer,
Right click on the Desktop
New / Shortcut
Enter in rundll32.exe PowrProf.dll, SetSuspendState
Give it whatever name u want
Now when u click on that shortcut, ur computer will shutdown nd suspend
Submitted by Gabe
:::::::::::::
Changing the User Type
Normally in XP Pro, through the Control Panel / User Accounts icon, u r only allowed to create administrators or limited users.
If u want to create
Right click on My Computer
Manage
Local Users nd Groups
Users
Right click on the user u want to change
Properties
Member of tab
Add button
Advanced button
Find Now button
From here u see the full list of possibilities (e.g. Power User, Backup Operator etc.)
:::::::::::::
some more
Determining Which Services r Associated with SVCHOST
Since so many critical services r run with each svchost,
You can see which ones r being used by opening a cmd prompt nd running:
tasklist /svc /fi "imagename eq svchost.exe"
Note: This is available only with XP Pro
:::::::::::::
Identify Faulty Device Drivers
If u r having problems with lockups, blue screens, or can only get to safe mode,
often the problem is due to a faulty device driver.
One way to help identify them is through the use of the Verfier program
Start / Run / Verifier
Keep the default of Create Standard Settings
Select the type of drivers u want to confirm
A list of drivers to be verified on the next boot will be shown.
Reboot
If ur computer stops with a blue screen, u should get an error message with the problem driver
To turn off the Verifier, run verifier /reset
:::::::::::::
Viewing Installed Drivers
If u want to see a list of installed drivers, u can run the driverquery program
There r a lot of available switches to view different types of information.
On use can be to export to a CSV file 4 viewing in Excel
An example would then be:
Changing your MAC on Windows XP
There are two ways two change your IP on Windows. The easy way, and the hard way. Ill discuss how to do both of them in this tutorial.
Easy Way:
The first way to change it is, if your NIC (Network Interface Card) supports cloning your MAC Address. If this is the case then you go to.
Start > Control Panel > Network Connections
Right Click on your NIC card and goto properties. Then click the button labeled Configure. It should bring up another form. Click on the advanced tab. You should see under Property "Locally Administered Address" or "Network Address". Click the radio button next to the text box, and type in your new MAC address. (note you do not use the "-" when you enter your no MAC Address.
To check and see if it worked or not go to
Start > Run > and type in "cmd"
When the terminal comes up issue the command.
ipconfig /all
-----------------------------------------------------------------------------------------------------------------------------------------------
Hard Way:
To change your MAC Address the hard way, you first go to
Start > Run > and type in "cmd"
Once the terminal comes up type in
"net config rdr"
It should bring up alot of things, but what you are worried about is
NetBT_Tcpip_{ The Numbers Between here}
Copy the numbers in between there and write it down somewhere, seeing that you will need them later.
After you are done with that go to
Start > Run > and type in "regedt32"
That should bring up the windows registry. Once the registry is up go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
Click on the drop down menu and you should see the sub-categories
0000
0001
0002
and so on.
Click on each one and compare the "NetCfgInstanceId" Key with the number you wrote down earlier. Once you find a match double click on the key "NetworkAddress" and change the value to your new MAC address. Hit ok and reboot your system.
There r several ways u can determine ur IP address information:
IPCONFIG
Start / Run / cmd
IPCONFIG /ALL
This opens a command window. One advantage is that u can send the information to a text file (IPCONFIG /ALL > c:\ip.txt)
But sometimes the window shows show much information u need to scroll around to fine it.
VIEW STATUS
Control Panel / Network Connections / Double click the icons 4 ur network (If the network has an icon in the system tray u can also just double click on that icon)
Click on the Support tab
Click on the Details button
:::::::::::::
Make Pictures Smaller Unavailable
When u try nd send pictures through e-mail, u should normally be given the option to make them smaller.
If this option is not available, a DLL file may need to be registered.
Start
Run
regsvr32 shimgvw.dll
:::::::::::::
Creating a Suspend Shortcut
If u would like to create an icon to suspend ur computer,
Right click on the Desktop
New / Shortcut
Enter in rundll32.exe PowrProf.dll, SetSuspendState
Give it whatever name u want
Now when u click on that shortcut, ur computer will shutdown nd suspend
Submitted by Gabe
:::::::::::::
Changing the User Type
Normally in XP Pro, through the Control Panel / User Accounts icon, u r only allowed to create administrators or limited users.
If u want to create
Right click on My Computer
Manage
Local Users nd Groups
Users
Right click on the user u want to change
Properties
Member of tab
Add button
Advanced button
Find Now button
From here u see the full list of possibilities (e.g. Power User, Backup Operator etc.)
:::::::::::::
some more
Determining Which Services r Associated with SVCHOST
Since so many critical services r run with each svchost,
You can see which ones r being used by opening a cmd prompt nd running:
tasklist /svc /fi "imagename eq svchost.exe"
Note: This is available only with XP Pro
:::::::::::::
Identify Faulty Device Drivers
If u r having problems with lockups, blue screens, or can only get to safe mode,
often the problem is due to a faulty device driver.
One way to help identify them is through the use of the Verfier program
Start / Run / Verifier
Keep the default of Create Standard Settings
Select the type of drivers u want to confirm
A list of drivers to be verified on the next boot will be shown.
Reboot
If ur computer stops with a blue screen, u should get an error message with the problem driver
To turn off the Verifier, run verifier /reset
:::::::::::::
Viewing Installed Drivers
If u want to see a list of installed drivers, u can run the driverquery program
There r a lot of available switches to view different types of information.
On use can be to export to a CSV file 4 viewing in Excel
An example would then be:
ip-address-hacking
ip-address-hacking
In here I have figure out some very easy but cool ways to trace out the geographical location and various other infos like ISP details etc of a remote computer using its IP.
Well I guess its one of the most important must learn manul for boys out there if you want to impress your friends particularly gals whom you’ll meet online in a chat room and tell them their geographical locations and ISP details and make them surprised and impressed .
In the practical execution of this manual you don’t have to work much as it is very simple only you have to use your brain to understand some symbols and some format of expressions and use your IQ to execute things the right way.
What is IP and how to get the IP of a remote system::
Getting the IP or Internet Protocol of a remote system is the most important and the first step of hacking into it. Probably it is the first thing a hacker do to get info for researching on a system. Well IP is a unique number assigned to each computer on a network. It is this unique address which represents the system on the network. Generally the IP of a particular system changes each time you log on to the network by dialing to your ISP and it is assigned to you by your ISP. IP of a system which is always on the network remains generally the same. Generally those kind of systems are most likely to suffer a hacking attack because of its stable IP. Using IP you can even execute system commands on the victim’s computer.
Lets take the example of the following IP address: 202.144.49.110 Now the first part, the numbers before the first decimal i.e. 209 is the Network number or the Network Prefix.. This means that it identifies the number of the network in which the host is. The second part i.e. 144 is the Host Number that is it identifies the number of the host within the Network. This means that in the same Network, the network number is same. In order to provide flexibility in the size of the Network, here are different classes of IP addresses:
Address Class Dotted Decimal Notation Ranges
Class A ( /8 Prefixes) 1.xxx.xxx.xxx through 126.xxx.xxx.xxx
Class B ( /16 Prefixes) 128.0.xxx.xxx through 191.255.xxx.xxx
Class C ( /24 Prefixes) 192.0.0.xxx through 223.255.255.xxx
The various classes will be clearer after reading the next few lines.
Each Class A Network Address contains a 8 bit Network Prefix followed by a 24-bit host number. They are considered to be primitive. They are referred to as "/8''s" or just "8's" as they have an 8-bit Network prefix.
In a Class B Network Address there is a 16 bit Network Prefix followed by a 16-bit Host number. It is referred to as "16's".
A class C Network address contains a 24-bit Network Prefix and a 8 bit Host number. It is referred to as
"24's" and is commonly used by most ISP's.
Due to the growing size of the Internet the Network Administrators faced many problems. The Internet routing tables were beginning to grow and now the administrators had to request another network number from the Internet before a new network could be installed at their site. This is where sub-netting came in.
Now if your ISP is a big one and if it provides you with dynamic IP addresses then you will most probably see that whenever you log on to the net, your IP address will have the same first 24 bits and only the last 8 bits will keep changing. This is due to the fact that when sub-netting comes in then the IP Addresses structure becomes:
xxx.xxx.zzz.yyy
where the first 2 parts are Network Prefix numbers and the zzz is the Subnet number and the yyy is the host number. So you are always connected to the same Subnet within the same Network. As a result the first 3 parts will remain the same and only the last part i.e. yyy is variable.
***********************
For Example, if say an ISP xyz is given the IP: 203.98.12.xx Network address then you can be awarded any IP, whose first three fields are 203.98.12. Get it?
So, basically this means that each ISP has a particular range in which to allocate all its subscribers. Or in other words, all subscribers or all people connected to the internet using the same ISP, will have to be in this range. This in effect would mean that all people using the same ISP are likely to have the same first three fields of their IP Addresses.
This means that if you have done a lot of (By this I really mean a lot) of research, then you could figure out which ISP a person is using by simply looking at his IP. The ISP name could then be used to figure out the city and the country of the person. Right? Let me take an example to stress as to how cumbersome but easy (once the research is done) the above method can be.
In my country, say there are three main ISP’s:
ISP Name Network Address Allotted
ISP I 203.94.47.xx
ISP II 202.92.12.xx
ISP III 203.91.35.xx
Now, if I get to know the IP of an e-pal of mine, and it reads: 203.91.35.12, then I can pretty easily figure out that he uses ISP III to connect to the internet. Right? You might say that any idiot would be able to do this. Well, yes and no. You see, the above method of finding out the ISP of a person was successful only because we already had the ISP and Network Address Allotted list with us. So, what my point is, that the above method can be successful only after a lot of research and experimentation. And, I do think such research can be helpful sometimes.
Also, this would not work, if you take it all on in larger scale. What if the IP that you have belongs to someone living in a remote igloo in the North Pole? You could not possibly get the Network Addresses of all the ISP’s in the world, could you? If yes please send it to me J.
Well now I guess you have pretty good knowledge about what an IP is and what you can do by knowing the IP of a remote system. Now lets come to the point of finding out the IP of remote system.
Well you can easily figure out the IP of a remote system using the netstat utility available in the microsoft’s version of DOS. The netstat command shows the connections in which your system is engaged to and the ports they are using. Suppose you are checking your mail in hotmail and you want to find out the IP of msn. All you need to do is to open a dos window (command.com) and type netstat. You will see all the open connections of your system. There you will see something :
Proto Local Address Foreign Address State
TCP abhisek:1031 64.4.xx.xx:80 ESTABLISHED
Now you got the IP address of hotmail ass 64.4.xx.xx .
Similarly you can figure out the IP address of most http or ftp connections.
To know your own IP type the following command in a dos windows
C:\netstat –n
[this commands converts the IP name into IP addresses]
this is what you will probably see on typing the above command :
Proto Local Address Foreign Address State
TCP 203.xx.251.161:1031 194.1.129.227:21 ESTABLISHED
TCP 203.xx.251.161:1043 207.138.41.181:80 FIN_WAIT_2
TCP 203.xx.251.161:1053 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1058 194.1.129.227:20 TIME_WAIT
TCP 203.xx.251.161:1069 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1071 194.98.93.244:80 ESTABLISHED
TCP 203.xx.251.161:1078 203.94.243.71:110 TIME_WAIT
Here 203.xx.251.161 is your IP address.
Now lets clarify the format used by netstat :
Proto : It shows the type of protocol the connection with the remote system is using.
Here TCP (transmission control protocol) is the protocol used by my system to connect to other systems.
Local Address : It shows the local address ie the local IP. When the netstat command is executed without –n switch then the name of the local system is displayed and when the netstat is executed with –n switch then the IP of the local system is displayed. Here you can also find out the port used by the connection.
xxx.yyy.zzz.aaa:1024
in this format you will see the local address. Here 1024 is the port to which the remote system is connected in your system
Foreign Address :: It shows the IP address of the remote system to which your system is connected. In this case also if the netstat command is excuted with –n switch then you directly get the IP of the victim but if the netstat is executed without –n switch then you will get the address of the remote system. Something like
C:\netstat
Proto Local Address Foreign Address State
TCP abhisek:1031 msgr.lw4.gs681.hotmail.com:80 ESTABLISHED
Here msgr.lw4.gs681.hotmail.com is the address of the foreign system . putting this address in any IP lookup program and doing a whois lookup will reveal the IP of the remote system.
Note: The port to which your system is connected can be found from this in the same way as I have shown in the case of local address. The difference is that, this is the port of the remote system to which your computer is connected to.
Below I have produced a list of ports and popular services generally found to be running.
21 :: FTP port
80 :: http port
23 :: Telnet port
Note: If your execute the netstat command and find ports like 12345,27374 are open and are in use then make it sure that your sweat heart computer is infected with her boyfriend.. J J J J I mean your computer is infected with some sort of Trojan.
Below I have produced a list of commonly known Trojans and the ports they use by default. So if you find these ports open then get a good virus buster and get these stupid servers of the Trojans kicked out. Well if you want to play with these Trojan by keeping them in your computer but not letting them ruin your system performance then just disble it from the system registry run and they wont be loaded to memory each time when windows starts up[This trick doesn’t work for all Trojans].
Netbus :: 12345(TCP)
Subseven :: 27374(TCP)
Girl Friend :: 21554(TCP)
Back Oriface :: 31337 (UDP)
Well guys and gals I hope you are now well familiar with the term IP and what is the utility of IP in cyber world and how to get the IP of a remote system to which you are connected. I hope you find my writings very easy to undertstand. I know I lack the capacity of explaining myself but I try my level best to make things very easy and clear for you’ll.
How to get the IP of a remote system while chatting through msn messenger ::
This is a tutorial on how to get IP address from MSN messenger. This is actually
a really easy thing to do. It is not like going through the hard time and reversing
MSN messenger like many people think.
The IP address is only given when you accept or are sending a file through MSN
messenger. When you send IM's, the message is sent through the server thus hiding
your victims IP and your. But when you send a file or recieve a file, it is direct
connection between the two computers.
To obtain the IP accept a file transfer or send a file to the victim, when the file
sending is under way from the dos prompt type "netstat" without the quotation marks.
You should get a table like this:
Proto Local Address Foreign Address State
TCP kick:1033 msgr-ns29.msgr.hotmail.com:1863 ESTABLISHED
TCP kick:1040 msgr-sb36.msgr.hotmail.com:1863 ESTABLISHED
TCP kick: ESTABLISHED
The top name in the list is the server's address for IMing. There could be many of
the second name in the list, as a new connection is made to the server for every
room you are IMing to. You are looking for the address of the remote host in
this table it may be something similar to "host63-7-102-226.ppp.cal.vsnl.com" or “203..64.90.6”.
without the quotation marks.
All you need to do now is to put this address in you IP lookup programe and get the IP of the remote system.
Well 50%of the work is done now. Now you know how to get the IP of a remote system, so its time to trace it down and find some details about the IP.
Tracing an IP is quite simple. You can do it the easy way by using some sweet softwares like Visual Trace 6.0b
[ftp://ftp.visualware.com/pub/vr/vr.exe]
Neotrace
[http://www.neoworx.com/download/NTX325.exe]
or by our way ie. Using MS DOS or any other version of DOS.
Well I suggest you to use DOS and its tracert tool for tracing the IP cause using it will give you a clear conception about the art of tracing an IP and I guarantee that you will feel much satisfied on success than using a silly software. Furthur you will know how things work and how the IP is traced down and the different networks associated in this tracing process.
Let us take a look at tracert tool provided for DOS by Microsoft.
It is a very handy tool for peoples need to trace down an IP.
Just open any DOS windows and type tracert.
C:\windows>tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
You will now see a description of the tracert command and the switches associated with it.
Well these switches doesn’t makes much difference. All you can do is to increase the timeout in milliseconds by using –w switch if you are using a slow connection and the –d switch if you wish not resolve address to hostnames by default.
By default tracert performs a maximum of 30 hops trace. Using the –h switch you can specify the number of hops to perform.
Now its time for execution.
Let us trace down the IP yahoo.com [216.115.108.243]
TIP: If you have done a long research (I mean a lot) then simply looking at the IP you can figure out some info from it. For example the IP 203.90.68.8 indicates that the system is in India. In India IPs generally begin with 203 and 202
C:\WINDOWS>tracert yahoo.com
Tracing route to yahoo.com [216.115.108.243] over a maximum of 30 hops:
1 308 ms 142 ms 127 ms 203.94.246.35
2 140 ms 135 ms * 203.94.246.1
3 213 ms 134 ms 132 ms 203.94.255.33
4 134 ms 130 ms 129 ms 203.200.64.29
5 122 ms 135 ms 131 ms 203.200.87.75
6 141 ms 137 ms 121 ms 203.200.87.15
7 143 ms 170 ms 154 ms vsb-delhi-stm1.Bbone.vsnl.net.in [202.54.2.241]
8 565 ms 589 ms 568 ms if-7-0.bb8.NewYork.Teleglobe.net [207.45.198.65]
9 596 ms 584 ms 600 ms if-3-0.core2.NewYork.teleglobe.net [207.45.221.66]
10 * * * Request timed out.
11 703 ms 701 ms 719 ms if-3-0.core2.PaloAlto.Teleglobe.net [64.86.83.205]
12 694 ms 683 ms 681 ms if-6-1.core1.PaloAlto.Teleglobe.net [207.45.202.33]
13 656 ms 677 ms 700 ms ix-5-0.core1.PaloAlto.Teleglobe.net [207.45.196.90]
14 667 ms 673 ms 673 ms ge-1-3-0.msr1.pao.yahoo.com [216.115.100.150]
15 653 ms 673 ms 673 ms vl20.bas1.snv.yahoo.com [216.115.100.225]
16 666 ms 676 ms 674 ms yahoo.com [216.115.108.243]
Trace complete.
Note: Here I have traced yahoo.com. In place of yahoo.com you can give the IP of yahoo or any other IP you want to trace, the result will be the same.
Now carefully looking at the results you can figure out many information about yahoo’s server [216.115.108.243]
First packets of data leave my ISP which is at 203.94.246.35 .Similarly you can find out the different routers through which the packets of data are send and received to and from the target system. Now take a look at the 13th line you’ll see that the router is in PaloAlto.Teleglobe.net from this you can easily figure out that the router is in Palo Alto. Now finally look at the target system ie. Yahoo’s server vl20.bas1.snv.yahoo.com . Now you got the address of yahoo’s server. Now put this address in any IP lookup programe and perform and reverse DNS lookup and you will get most of the info about this address,like the place where it is in.
Well another thing you can find out using the tracert tool is that the number of hops (routers) the target system is away from you. In case of tracerouting yahoo.com we find that the target system ie yahoo’s server is 16 hops away from my system. This indicates that there are 16 routers between my system and yahoo’s server.
Apart from tracing an IP you can find out many usefull details about the target system using the tracert tool.
Firewall Detection
While tracerouting a target system, if you get * as an output then it indicates timeout error. Now if you peform another tracerout to the same taeget system at some other time with a good connection and in this way few times more and if you always get * as the output then take it for sure that the target system is running a firewall which prevents sending of data packets from the target system.
Example
Some days ago I tried to tracert hotmail’s server in plain and simple way using tracert without any trick.This is what I found out :
c:\windows>tracert 64.4.53.7
Tracing route to lc2.law5.hotmail.com [64.4.53.7]
over a maximum of 30 hops:
1 * * * Request timed out.
2 161 ms 147 ms 85 ms 203.90.69.81
3 126 ms 261 ms 219 ms 203.90.66.9
4 121 ms 115 ms 228 ms delswp2.hclinfinet.com [203.90.66.133]
5 727 ms 725 ms 711 ms 203-195-147-250.now-india.net.in [203.195.147.250]
6 1006 ms 794 ms 952 ms core-fae-0-0.now-india.net.in [203.195.147.3]
7 826 ms 731 ms 819 ms 213.232.106.9
8 885 ms 744 ms 930 ms 213.166.3.209
9 851 ms 1020 ms 1080 ms 213.232.64.54
10 1448 ms 765 ms 1114 ms pos8-0.core2.London1.Level3.net [212.113.0.118]
11 748 ms 789 ms 750 ms ge-4-2-1.mp2.London1.Level3.net [212.187.131.146]
12 719 ms 733 ms 846 ms so-3-0-0.mp1.London2.Level3.net [212.187.128.46]
13 775 ms 890 ms 829 ms so-1-0-0.mp2.Weehawken1.Level3.net [212.187.128.138]
14 853 ms 852 ms 823 ms so-3-0-0.mp1.SanJose1.Level3.net [64.159.1.129]
15 889 ms 816 ms 803 ms so-7-0-0.gar1.SanJose1.Level3.net [64.159.1.74]
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
I performed the same tracert many times a day but concluded with the same result. This indicates that the systems after the router SanJose1.Level3.net has firewalls installed which prevents the outgoing of data packets.
Detecting Traceroute Attempts on your System
You can detect that an attacker is performing a traceroute on your system, if you see the following symptoms:
1. If you observe port scans on very high UDP ports. This symptom means that the attacker has performed a traceroute on your system. However, it could also mean a simply port scan. Either way, it signifies the fact that your system is being scanned.
2. If the packet-monitoring tool installed in your network, picks up several outgoing TTL-exceeding messages, then it is yet another sign that someone is doing a traceroute on your system.
3. If in these log files, you also observer an outgoing ICMP port unreachable error message, then it means that since a traceroute was done on your system and as the target system i.e. your system, was reached, it responded with this error message.
You can also find our more information on the attacker (if he performs a traceroute on your system) by simply studying the sniffer log files. If you observer the TTL values, then we can easily figure out the following information on the attacker by making use of OS detection techniques discussed earlier in this white paper:
The Operating System running on the attacker’s target system.
Number of hops away, the attacker is from you.
OKI DOKI that’s all for this article. Hope you will find this article very easy to understand and implement.
do check:
http://hackersclub.focusindia.com
In here I have figure out some very easy but cool ways to trace out the geographical location and various other infos like ISP details etc of a remote computer using its IP.
Well I guess its one of the most important must learn manul for boys out there if you want to impress your friends particularly gals whom you’ll meet online in a chat room and tell them their geographical locations and ISP details and make them surprised and impressed .
In the practical execution of this manual you don’t have to work much as it is very simple only you have to use your brain to understand some symbols and some format of expressions and use your IQ to execute things the right way.
What is IP and how to get the IP of a remote system::
Getting the IP or Internet Protocol of a remote system is the most important and the first step of hacking into it. Probably it is the first thing a hacker do to get info for researching on a system. Well IP is a unique number assigned to each computer on a network. It is this unique address which represents the system on the network. Generally the IP of a particular system changes each time you log on to the network by dialing to your ISP and it is assigned to you by your ISP. IP of a system which is always on the network remains generally the same. Generally those kind of systems are most likely to suffer a hacking attack because of its stable IP. Using IP you can even execute system commands on the victim’s computer.
Lets take the example of the following IP address: 202.144.49.110 Now the first part, the numbers before the first decimal i.e. 209 is the Network number or the Network Prefix.. This means that it identifies the number of the network in which the host is. The second part i.e. 144 is the Host Number that is it identifies the number of the host within the Network. This means that in the same Network, the network number is same. In order to provide flexibility in the size of the Network, here are different classes of IP addresses:
Address Class Dotted Decimal Notation Ranges
Class A ( /8 Prefixes) 1.xxx.xxx.xxx through 126.xxx.xxx.xxx
Class B ( /16 Prefixes) 128.0.xxx.xxx through 191.255.xxx.xxx
Class C ( /24 Prefixes) 192.0.0.xxx through 223.255.255.xxx
The various classes will be clearer after reading the next few lines.
Each Class A Network Address contains a 8 bit Network Prefix followed by a 24-bit host number. They are considered to be primitive. They are referred to as "/8''s" or just "8's" as they have an 8-bit Network prefix.
In a Class B Network Address there is a 16 bit Network Prefix followed by a 16-bit Host number. It is referred to as "16's".
A class C Network address contains a 24-bit Network Prefix and a 8 bit Host number. It is referred to as
"24's" and is commonly used by most ISP's.
Due to the growing size of the Internet the Network Administrators faced many problems. The Internet routing tables were beginning to grow and now the administrators had to request another network number from the Internet before a new network could be installed at their site. This is where sub-netting came in.
Now if your ISP is a big one and if it provides you with dynamic IP addresses then you will most probably see that whenever you log on to the net, your IP address will have the same first 24 bits and only the last 8 bits will keep changing. This is due to the fact that when sub-netting comes in then the IP Addresses structure becomes:
xxx.xxx.zzz.yyy
where the first 2 parts are Network Prefix numbers and the zzz is the Subnet number and the yyy is the host number. So you are always connected to the same Subnet within the same Network. As a result the first 3 parts will remain the same and only the last part i.e. yyy is variable.
***********************
For Example, if say an ISP xyz is given the IP: 203.98.12.xx Network address then you can be awarded any IP, whose first three fields are 203.98.12. Get it?
So, basically this means that each ISP has a particular range in which to allocate all its subscribers. Or in other words, all subscribers or all people connected to the internet using the same ISP, will have to be in this range. This in effect would mean that all people using the same ISP are likely to have the same first three fields of their IP Addresses.
This means that if you have done a lot of (By this I really mean a lot) of research, then you could figure out which ISP a person is using by simply looking at his IP. The ISP name could then be used to figure out the city and the country of the person. Right? Let me take an example to stress as to how cumbersome but easy (once the research is done) the above method can be.
In my country, say there are three main ISP’s:
ISP Name Network Address Allotted
ISP I 203.94.47.xx
ISP II 202.92.12.xx
ISP III 203.91.35.xx
Now, if I get to know the IP of an e-pal of mine, and it reads: 203.91.35.12, then I can pretty easily figure out that he uses ISP III to connect to the internet. Right? You might say that any idiot would be able to do this. Well, yes and no. You see, the above method of finding out the ISP of a person was successful only because we already had the ISP and Network Address Allotted list with us. So, what my point is, that the above method can be successful only after a lot of research and experimentation. And, I do think such research can be helpful sometimes.
Also, this would not work, if you take it all on in larger scale. What if the IP that you have belongs to someone living in a remote igloo in the North Pole? You could not possibly get the Network Addresses of all the ISP’s in the world, could you? If yes please send it to me J.
Well now I guess you have pretty good knowledge about what an IP is and what you can do by knowing the IP of a remote system. Now lets come to the point of finding out the IP of remote system.
Well you can easily figure out the IP of a remote system using the netstat utility available in the microsoft’s version of DOS. The netstat command shows the connections in which your system is engaged to and the ports they are using. Suppose you are checking your mail in hotmail and you want to find out the IP of msn. All you need to do is to open a dos window (command.com) and type netstat. You will see all the open connections of your system. There you will see something :
Proto Local Address Foreign Address State
TCP abhisek:1031 64.4.xx.xx:80 ESTABLISHED
Now you got the IP address of hotmail ass 64.4.xx.xx .
Similarly you can figure out the IP address of most http or ftp connections.
To know your own IP type the following command in a dos windows
C:\netstat –n
[this commands converts the IP name into IP addresses]
this is what you will probably see on typing the above command :
Proto Local Address Foreign Address State
TCP 203.xx.251.161:1031 194.1.129.227:21 ESTABLISHED
TCP 203.xx.251.161:1043 207.138.41.181:80 FIN_WAIT_2
TCP 203.xx.251.161:1053 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1058 194.1.129.227:20 TIME_WAIT
TCP 203.xx.251.161:1069 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1071 194.98.93.244:80 ESTABLISHED
TCP 203.xx.251.161:1078 203.94.243.71:110 TIME_WAIT
Here 203.xx.251.161 is your IP address.
Now lets clarify the format used by netstat :
Proto : It shows the type of protocol the connection with the remote system is using.
Here TCP (transmission control protocol) is the protocol used by my system to connect to other systems.
Local Address : It shows the local address ie the local IP. When the netstat command is executed without –n switch then the name of the local system is displayed and when the netstat is executed with –n switch then the IP of the local system is displayed. Here you can also find out the port used by the connection.
xxx.yyy.zzz.aaa:1024
in this format you will see the local address. Here 1024 is the port to which the remote system is connected in your system
Foreign Address :: It shows the IP address of the remote system to which your system is connected. In this case also if the netstat command is excuted with –n switch then you directly get the IP of the victim but if the netstat is executed without –n switch then you will get the address of the remote system. Something like
C:\netstat
Proto Local Address Foreign Address State
TCP abhisek:1031 msgr.lw4.gs681.hotmail.com:80 ESTABLISHED
Here msgr.lw4.gs681.hotmail.com is the address of the foreign system . putting this address in any IP lookup program and doing a whois lookup will reveal the IP of the remote system.
Note: The port to which your system is connected can be found from this in the same way as I have shown in the case of local address. The difference is that, this is the port of the remote system to which your computer is connected to.
Below I have produced a list of ports and popular services generally found to be running.
21 :: FTP port
80 :: http port
23 :: Telnet port
Note: If your execute the netstat command and find ports like 12345,27374 are open and are in use then make it sure that your sweat heart computer is infected with her boyfriend.. J J J J I mean your computer is infected with some sort of Trojan.
Below I have produced a list of commonly known Trojans and the ports they use by default. So if you find these ports open then get a good virus buster and get these stupid servers of the Trojans kicked out. Well if you want to play with these Trojan by keeping them in your computer but not letting them ruin your system performance then just disble it from the system registry run and they wont be loaded to memory each time when windows starts up[This trick doesn’t work for all Trojans].
Netbus :: 12345(TCP)
Subseven :: 27374(TCP)
Girl Friend :: 21554(TCP)
Back Oriface :: 31337 (UDP)
Well guys and gals I hope you are now well familiar with the term IP and what is the utility of IP in cyber world and how to get the IP of a remote system to which you are connected. I hope you find my writings very easy to undertstand. I know I lack the capacity of explaining myself but I try my level best to make things very easy and clear for you’ll.
How to get the IP of a remote system while chatting through msn messenger ::
This is a tutorial on how to get IP address from MSN messenger. This is actually
a really easy thing to do. It is not like going through the hard time and reversing
MSN messenger like many people think.
The IP address is only given when you accept or are sending a file through MSN
messenger. When you send IM's, the message is sent through the server thus hiding
your victims IP and your. But when you send a file or recieve a file, it is direct
connection between the two computers.
To obtain the IP accept a file transfer or send a file to the victim, when the file
sending is under way from the dos prompt type "netstat" without the quotation marks.
You should get a table like this:
Proto Local Address Foreign Address State
TCP kick:1033 msgr-ns29.msgr.hotmail.com:1863 ESTABLISHED
TCP kick:1040 msgr-sb36.msgr.hotmail.com:1863 ESTABLISHED
TCP kick: ESTABLISHED
The top name in the list is the server's address for IMing. There could be many of
the second name in the list, as a new connection is made to the server for every
room you are IMing to. You are looking for the address of the remote host in
this table it may be something similar to "host63-7-102-226.ppp.cal.vsnl.com" or “203..64.90.6”.
without the quotation marks.
All you need to do now is to put this address in you IP lookup programe and get the IP of the remote system.
Well 50%of the work is done now. Now you know how to get the IP of a remote system, so its time to trace it down and find some details about the IP.
Tracing an IP is quite simple. You can do it the easy way by using some sweet softwares like Visual Trace 6.0b
[ftp://ftp.visualware.com/pub/vr/vr.exe]
Neotrace
[http://www.neoworx.com/download/NTX325.exe]
or by our way ie. Using MS DOS or any other version of DOS.
Well I suggest you to use DOS and its tracert tool for tracing the IP cause using it will give you a clear conception about the art of tracing an IP and I guarantee that you will feel much satisfied on success than using a silly software. Furthur you will know how things work and how the IP is traced down and the different networks associated in this tracing process.
Let us take a look at tracert tool provided for DOS by Microsoft.
It is a very handy tool for peoples need to trace down an IP.
Just open any DOS windows and type tracert.
C:\windows>tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
You will now see a description of the tracert command and the switches associated with it.
Well these switches doesn’t makes much difference. All you can do is to increase the timeout in milliseconds by using –w switch if you are using a slow connection and the –d switch if you wish not resolve address to hostnames by default.
By default tracert performs a maximum of 30 hops trace. Using the –h switch you can specify the number of hops to perform.
Now its time for execution.
Let us trace down the IP yahoo.com [216.115.108.243]
TIP: If you have done a long research (I mean a lot) then simply looking at the IP you can figure out some info from it. For example the IP 203.90.68.8 indicates that the system is in India. In India IPs generally begin with 203 and 202
C:\WINDOWS>tracert yahoo.com
Tracing route to yahoo.com [216.115.108.243] over a maximum of 30 hops:
1 308 ms 142 ms 127 ms 203.94.246.35
2 140 ms 135 ms * 203.94.246.1
3 213 ms 134 ms 132 ms 203.94.255.33
4 134 ms 130 ms 129 ms 203.200.64.29
5 122 ms 135 ms 131 ms 203.200.87.75
6 141 ms 137 ms 121 ms 203.200.87.15
7 143 ms 170 ms 154 ms vsb-delhi-stm1.Bbone.vsnl.net.in [202.54.2.241]
8 565 ms 589 ms 568 ms if-7-0.bb8.NewYork.Teleglobe.net [207.45.198.65]
9 596 ms 584 ms 600 ms if-3-0.core2.NewYork.teleglobe.net [207.45.221.66]
10 * * * Request timed out.
11 703 ms 701 ms 719 ms if-3-0.core2.PaloAlto.Teleglobe.net [64.86.83.205]
12 694 ms 683 ms 681 ms if-6-1.core1.PaloAlto.Teleglobe.net [207.45.202.33]
13 656 ms 677 ms 700 ms ix-5-0.core1.PaloAlto.Teleglobe.net [207.45.196.90]
14 667 ms 673 ms 673 ms ge-1-3-0.msr1.pao.yahoo.com [216.115.100.150]
15 653 ms 673 ms 673 ms vl20.bas1.snv.yahoo.com [216.115.100.225]
16 666 ms 676 ms 674 ms yahoo.com [216.115.108.243]
Trace complete.
Note: Here I have traced yahoo.com. In place of yahoo.com you can give the IP of yahoo or any other IP you want to trace, the result will be the same.
Now carefully looking at the results you can figure out many information about yahoo’s server [216.115.108.243]
First packets of data leave my ISP which is at 203.94.246.35 .Similarly you can find out the different routers through which the packets of data are send and received to and from the target system. Now take a look at the 13th line you’ll see that the router is in PaloAlto.Teleglobe.net from this you can easily figure out that the router is in Palo Alto. Now finally look at the target system ie. Yahoo’s server vl20.bas1.snv.yahoo.com . Now you got the address of yahoo’s server. Now put this address in any IP lookup programe and perform and reverse DNS lookup and you will get most of the info about this address,like the place where it is in.
Well another thing you can find out using the tracert tool is that the number of hops (routers) the target system is away from you. In case of tracerouting yahoo.com we find that the target system ie yahoo’s server is 16 hops away from my system. This indicates that there are 16 routers between my system and yahoo’s server.
Apart from tracing an IP you can find out many usefull details about the target system using the tracert tool.
Firewall Detection
While tracerouting a target system, if you get * as an output then it indicates timeout error. Now if you peform another tracerout to the same taeget system at some other time with a good connection and in this way few times more and if you always get * as the output then take it for sure that the target system is running a firewall which prevents sending of data packets from the target system.
Example
Some days ago I tried to tracert hotmail’s server in plain and simple way using tracert without any trick.This is what I found out :
c:\windows>tracert 64.4.53.7
Tracing route to lc2.law5.hotmail.com [64.4.53.7]
over a maximum of 30 hops:
1 * * * Request timed out.
2 161 ms 147 ms 85 ms 203.90.69.81
3 126 ms 261 ms 219 ms 203.90.66.9
4 121 ms 115 ms 228 ms delswp2.hclinfinet.com [203.90.66.133]
5 727 ms 725 ms 711 ms 203-195-147-250.now-india.net.in [203.195.147.250]
6 1006 ms 794 ms 952 ms core-fae-0-0.now-india.net.in [203.195.147.3]
7 826 ms 731 ms 819 ms 213.232.106.9
8 885 ms 744 ms 930 ms 213.166.3.209
9 851 ms 1020 ms 1080 ms 213.232.64.54
10 1448 ms 765 ms 1114 ms pos8-0.core2.London1.Level3.net [212.113.0.118]
11 748 ms 789 ms 750 ms ge-4-2-1.mp2.London1.Level3.net [212.187.131.146]
12 719 ms 733 ms 846 ms so-3-0-0.mp1.London2.Level3.net [212.187.128.46]
13 775 ms 890 ms 829 ms so-1-0-0.mp2.Weehawken1.Level3.net [212.187.128.138]
14 853 ms 852 ms 823 ms so-3-0-0.mp1.SanJose1.Level3.net [64.159.1.129]
15 889 ms 816 ms 803 ms so-7-0-0.gar1.SanJose1.Level3.net [64.159.1.74]
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
I performed the same tracert many times a day but concluded with the same result. This indicates that the systems after the router SanJose1.Level3.net has firewalls installed which prevents the outgoing of data packets.
Detecting Traceroute Attempts on your System
You can detect that an attacker is performing a traceroute on your system, if you see the following symptoms:
1. If you observe port scans on very high UDP ports. This symptom means that the attacker has performed a traceroute on your system. However, it could also mean a simply port scan. Either way, it signifies the fact that your system is being scanned.
2. If the packet-monitoring tool installed in your network, picks up several outgoing TTL-exceeding messages, then it is yet another sign that someone is doing a traceroute on your system.
3. If in these log files, you also observer an outgoing ICMP port unreachable error message, then it means that since a traceroute was done on your system and as the target system i.e. your system, was reached, it responded with this error message.
You can also find our more information on the attacker (if he performs a traceroute on your system) by simply studying the sniffer log files. If you observer the TTL values, then we can easily figure out the following information on the attacker by making use of OS detection techniques discussed earlier in this white paper:
The Operating System running on the attacker’s target system.
Number of hops away, the attacker is from you.
OKI DOKI that’s all for this article. Hope you will find this article very easy to understand and implement.
do check:
http://hackersclub.focusindia.com
how-to-break-into-email-accounts
how-to-break-into-email-accounts
Disclaimer :
I do not endorse Hacking !
This is meant for educational purpose only !
I want u to know how others can try break into your Personal life !
Beware !!
This is a Genuine Article.
Will try to add in as much as possible
keep posting !
comment on this article !
Introduction
I have written this tutorial to address a question that is all too commonly asked in any channel/chat room with "hack" in the title (asked in frequency to the point of harrassment really). So since this is a question that so many people ask, then I believe that there should at least be an answer available (regardless of the morality or "lameness" of such a question). So you as the reader are most likely reading this because you want to break into somebody's email account.
Well, you must understand that there is no 1-2-3 process to anything. I will give you options to consider when persuing such a task, but it will ultimately be up to you to do this. This is what you want to do, and no matter what sort of offers you throw up at anybody, nobody is going to do this for you. There is no program that is going to do all this for you. Also don't forget that nobody is going to hold your hand and lead you through this. I'm offering you as the reader suggestions for ways you can address this task, and that is about all the help you are going to get from anybody. So now that I've made all that clear, let's begin...
Things You Should Know
As I mentioned in the previous section, there is no program that will do all this for you. Almost all the crackers you see out there will not work, because services like Hotmail, Yahoo!, etc. have it set so that it will lock you from that account after a certain number of login attempts. There are some rare exceptions, like some crackers for Yahoo! that are made for cracking "illegal" accounts, but the thing you must understand about those types of crackers is that they are built to crack SPECIFICALLY "illegal" names. They can not be used to target a specific account on Yahoo!, so don't try to use them for this purpose. Another thing you must know if you ask this question in any "hacker" chat room/channel (which I highly discourage), or if you read something on this topic, and you hear that you have to email some address and in any way have to give up your password in the process, do NOT believe this. This is a con used to trick gullible people into handing over their passwords. So don't fall for this. Well that concludes this section, now lets get to what you want to know.
If You Have Physical Access
I will start off with options you have if you have physical access to the computer of the user that you are targeting, because it is a lot easier if you do. One option you have, that you will hear a lot if you ask this question, and anybody bothers to answer is to use a keylogger. A keylogger is an excellent option, and probably the easiest. There are a lot of keyloggers out there, ranging from hardware keyloggers, to software keyloggers. For this task, you won't need to buy a hardware keylogger, since the only advantage to a hardware one is that you can grab passwords that are given to access a certain local user on the operating system used. There are a lot of software keyloggers out there, and you can feel free to check out www.google.com to look at your options. I will go ahead and toss a couple of keyloggers out to try for those of you who seem allergic to search engines.
One option you have that is good for a free keylogger is Perfect Keylogger (which you can find at www.blazingtools.com/bpk.html). It works just fine, and has some nice options to keep it hidden from your average end user (computer user).
Another option you have, which is probably the best one you can get is Ghost Keylogger. It has a lot of options that will allow you to get the results of this program remotely (it will email you the results). However, this is not a free keylogger, so if you are wanting to get a copy you can look on the file sharing networks for a copy of the program, and the serial number for it (look on www.zeropaid.com for different file sharing clients you can try).
Once you have whatever keylogger you are going to use downloaded, just install it onto the computer you are wanting to monitor, and wait till next time they login to their email account. You will then have the password for the account. Another option you have if they use Outlook to access their email account, is to copy the *.dbx files for their Outlook account onto a floppy, and extract the emails at home (the dbx file stores the files stored in each Outlook folder on a given account, meaning the received and sent emails). When you are on the computer of the user you are targeting, look in
C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\ OutlookExpress\ and copy all the .dbx files onto a floppy. Then when you take the .dbx files back to your house, use DBXtract to extract the messages from these files. Check out the link below to download this program....
www.download-freeware-shareware.com/Freeware-Internet.php?Type=4171
Another option you have if you have physical access is to execute a RAT (Remote Administration Tool, you may know these programs as trojans) server on the computer. Of course, you do not have to have physical access to go this route, but it helps. What you must understand is that these tools are known threats, and the popular ones are quickly detected by antivirus software, and thusly taken care of. Even ISPs block incoming/outgoing traffic from the most popular ports used by these programs.
One newcomer in the RAT market that you should know about is Project Leviathan. This program uses already existing services to host it's service, instead of opening up an entirely new port. This allows it to hide itself from any port detection tool/software firewall that may be in place. This of course will not guarantee that it's server program will not be detected by any antivirus software used (actually, if the user has kept up with his/her signature tables, then it WILL be detected), but it will give you more of a chance of holding access. Search the engines to download Project Leviathan...
Once you have downloaded this tool, follow the instructions listed to install and use this program. However, since this RAT is a command line tool, you will still need another program set up on the user's computer in order to catch the desired password. For this, you can use Password Logger.. Google it
Once you have this downloaded, set it up on the targeted computer. The program will remain hidden, while logging any types of passwords into a .lst file in the same directory that you executed it on. Therefore, you can access this *.lst file through Project Leviathan remotely in order to retrieve the user's email password remotely. Well that pretty much concludes it for this section. At this very moment I can practically hear a lot of you thinking to yourselves "But, but I don't HAVE physical access!". No reason to worry, that's what the next section is for...
If You Don't Have Physical Access
Well of course most of you out there will say that you don't have physical access to your target's computer. That's fine, there still are ways you can gain access into the desired email account without having to have any sort of physical access. For this we are going to go back onto the RAT topic, to explain methods that can be used to fool the user into running the server portion of the RAT (again, a RAT is a trojan) of your choice. Well first we will discuss the basic "send file" technique. This is simply convincing the user of the account you want to access to execute the server portion of your RAT.
To make this convincing, what you will want to do is bind the server.exe to another *.exe file in order to not raise any doubt when the program appears to do nothing when it is executed. For this you can use the tool like any exe file to bind it into another program (make it something like a small game)...
On a side note, make sure the RAT of your choice is a good choice. The program mentioned in the previous section would not be good in this case, since you do need physical access in order to set it up. You will have to find the program of your choice yourself (meaning please don't ask around for any, people consider that annoying behavior).
If you don't like any of those, I'm afraid you are going to have to go to www.google.com, and look for some yourself. Search for something like "optix pro download", or any specific trojan. If you look long enough, among all the virus notification/help pages, you should come across a site with a list of RATs for you to use (you are going to eventually have to learn how to navigate a search engine, you can't depend on handouts forever). Now back to the topic at hand, you will want to send this file to the specified user through an instant messaging service.
The reason why is that you need the ip address of the user in order to connect with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't matter. What you will do is send the file to the user. Now while this transfer is going on you will go to Start, then Run, type in "command", and press Enter. Once the msdos prompt is open, type in "netstat -n", and again, press enter. You will see a list of ip addresses from left to right. The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using. With MSN Messenger it will be remote port 6891, with AOL Instant Messenger it will be remote port 2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo! Messenger it will be remote port 1614.
So once you spot the established connection with the file transfer remote port, then you will take note of the ip address associated with that port. So once the transfer is complete, and the user has executed the server portion of the RAT, then you can use the client portion to sniff out his/her password the next time he/she logs on to his/her account.
Don't think you can get him/her to accept a file from you? Can you at least get him/her to access a certain web page? Then maybe this next technique is something you should look into.
Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and execute .exe files via malicious scripting within an html document. For this what you will want to do is set up a web page, make sure to actually put something within this page so that the visitor doesn't get too entirely suspicious, and then imbed the below script into your web page so that the server portion of the RAT of your choice is dropped and executed onto the victim's computer...
While you are at it, you will also want to set up an ip logger on the web page so that you can grab the ip address of the user so that you can connect to the newly established server. Here is the source for a php ip logger you can use on your page...
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8
Just insert this source into your page along with the exedrop script, and you are set. Just convince the user to go to this page, and wait till the next time they type in their email password. However, what do you do if you can not contact this user in any way to do any of the above tricks. Well, then you definately have your work cut out for you. It doesn't make the task impossible, but it makes it pretty damn close to it. For this we will want to try info cracking. Info cracking is the process of trying to gather enough information on the user to go through the "Forgot my Password" page, to gain access into the email account.
If you happen to know the user personally, then it helps out a lot. You would then be able to get through the birthday/ zipcode questions with ease, and with a little mental backtracking, or social engineering (talking) out the information from the user be able to get past the secret question. However, what do you do if you do not have this luxury? Well in this case you will have to do a little detective work to fish out the information you need.
First off, if a profile is available for the user, look at the profile to see if you can get any information from the profile. Many times users will put information into their profile, that may help you with cracking the account through the "Forgot my Password" page (where they live, their age, their birthday if you are lucky). If no information is provided then what you will want to do is get on an account that the user does not know about, and try to strike conversation with the user. Just talk to him/her for a little while, and inconspicuously get this information out of the user (inconspicuously as in don't act like you are trying to put together a census, just make casual talk with the user and every once in a while ask questions like "When is your birthday?" and "Where do you live?", and then respond with simple, casual answers).
Once you have enough information to get past the first page, fill those parts out, and go to the next page to find out what the secret question is. Once you have the secret question, you will want to keep making casual conversation with the user and SLOWLY build up to asking a question that would help you answer the secret question. Don't try to get all the information you need in one night or you will look suspicious. Patience is a virtue when info cracking. Just slowly build up to this question. For example, if the secret question is something like "What is my dog's name?", then you would keep talking with the user, and eventually ask him/her "So how many dogs do you have? ...Oh, that's nice. What are their names?". The user will most likely not even remember anything about his/her secret question, so will most likely not find such a question suspicious at all (as long as you keep it inconspicuous). So there you go, with a few choice words and a little given time, you have just gotten the user to tell you everything you need to know to break into his/her email account. The problem with this method is that once you go through the "Forgot my Password" page, the password will be changed, and the new password will be given to you. This will of course deny the original user access to his/her own account. But the point of this task is to get YOU access, so it really shouldn't matter. Anyways, that concludes it for this tutorial. Good luck...
Disclaimer :
I do not endorse Hacking !
This is meant for educational purpose only !
I want u to know how others can try break into your Personal life !
Beware !!
This is a Genuine Article.
Will try to add in as much as possible
keep posting !
comment on this article !
Introduction
I have written this tutorial to address a question that is all too commonly asked in any channel/chat room with "hack" in the title (asked in frequency to the point of harrassment really). So since this is a question that so many people ask, then I believe that there should at least be an answer available (regardless of the morality or "lameness" of such a question). So you as the reader are most likely reading this because you want to break into somebody's email account.
Well, you must understand that there is no 1-2-3 process to anything. I will give you options to consider when persuing such a task, but it will ultimately be up to you to do this. This is what you want to do, and no matter what sort of offers you throw up at anybody, nobody is going to do this for you. There is no program that is going to do all this for you. Also don't forget that nobody is going to hold your hand and lead you through this. I'm offering you as the reader suggestions for ways you can address this task, and that is about all the help you are going to get from anybody. So now that I've made all that clear, let's begin...
Things You Should Know
As I mentioned in the previous section, there is no program that will do all this for you. Almost all the crackers you see out there will not work, because services like Hotmail, Yahoo!, etc. have it set so that it will lock you from that account after a certain number of login attempts. There are some rare exceptions, like some crackers for Yahoo! that are made for cracking "illegal" accounts, but the thing you must understand about those types of crackers is that they are built to crack SPECIFICALLY "illegal" names. They can not be used to target a specific account on Yahoo!, so don't try to use them for this purpose. Another thing you must know if you ask this question in any "hacker" chat room/channel (which I highly discourage), or if you read something on this topic, and you hear that you have to email some address and in any way have to give up your password in the process, do NOT believe this. This is a con used to trick gullible people into handing over their passwords. So don't fall for this. Well that concludes this section, now lets get to what you want to know.
If You Have Physical Access
I will start off with options you have if you have physical access to the computer of the user that you are targeting, because it is a lot easier if you do. One option you have, that you will hear a lot if you ask this question, and anybody bothers to answer is to use a keylogger. A keylogger is an excellent option, and probably the easiest. There are a lot of keyloggers out there, ranging from hardware keyloggers, to software keyloggers. For this task, you won't need to buy a hardware keylogger, since the only advantage to a hardware one is that you can grab passwords that are given to access a certain local user on the operating system used. There are a lot of software keyloggers out there, and you can feel free to check out www.google.com to look at your options. I will go ahead and toss a couple of keyloggers out to try for those of you who seem allergic to search engines.
One option you have that is good for a free keylogger is Perfect Keylogger (which you can find at www.blazingtools.com/bpk.html). It works just fine, and has some nice options to keep it hidden from your average end user (computer user).
Another option you have, which is probably the best one you can get is Ghost Keylogger. It has a lot of options that will allow you to get the results of this program remotely (it will email you the results). However, this is not a free keylogger, so if you are wanting to get a copy you can look on the file sharing networks for a copy of the program, and the serial number for it (look on www.zeropaid.com for different file sharing clients you can try).
Once you have whatever keylogger you are going to use downloaded, just install it onto the computer you are wanting to monitor, and wait till next time they login to their email account. You will then have the password for the account. Another option you have if they use Outlook to access their email account, is to copy the *.dbx files for their Outlook account onto a floppy, and extract the emails at home (the dbx file stores the files stored in each Outlook folder on a given account, meaning the received and sent emails). When you are on the computer of the user you are targeting, look in
C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\ OutlookExpress\ and copy all the .dbx files onto a floppy. Then when you take the .dbx files back to your house, use DBXtract to extract the messages from these files. Check out the link below to download this program....
www.download-freeware-shareware.com/Freeware-Internet.php?Type=4171
Another option you have if you have physical access is to execute a RAT (Remote Administration Tool, you may know these programs as trojans) server on the computer. Of course, you do not have to have physical access to go this route, but it helps. What you must understand is that these tools are known threats, and the popular ones are quickly detected by antivirus software, and thusly taken care of. Even ISPs block incoming/outgoing traffic from the most popular ports used by these programs.
One newcomer in the RAT market that you should know about is Project Leviathan. This program uses already existing services to host it's service, instead of opening up an entirely new port. This allows it to hide itself from any port detection tool/software firewall that may be in place. This of course will not guarantee that it's server program will not be detected by any antivirus software used (actually, if the user has kept up with his/her signature tables, then it WILL be detected), but it will give you more of a chance of holding access. Search the engines to download Project Leviathan...
Once you have downloaded this tool, follow the instructions listed to install and use this program. However, since this RAT is a command line tool, you will still need another program set up on the user's computer in order to catch the desired password. For this, you can use Password Logger.. Google it
Once you have this downloaded, set it up on the targeted computer. The program will remain hidden, while logging any types of passwords into a .lst file in the same directory that you executed it on. Therefore, you can access this *.lst file through Project Leviathan remotely in order to retrieve the user's email password remotely. Well that pretty much concludes it for this section. At this very moment I can practically hear a lot of you thinking to yourselves "But, but I don't HAVE physical access!". No reason to worry, that's what the next section is for...
If You Don't Have Physical Access
Well of course most of you out there will say that you don't have physical access to your target's computer. That's fine, there still are ways you can gain access into the desired email account without having to have any sort of physical access. For this we are going to go back onto the RAT topic, to explain methods that can be used to fool the user into running the server portion of the RAT (again, a RAT is a trojan) of your choice. Well first we will discuss the basic "send file" technique. This is simply convincing the user of the account you want to access to execute the server portion of your RAT.
To make this convincing, what you will want to do is bind the server.exe to another *.exe file in order to not raise any doubt when the program appears to do nothing when it is executed. For this you can use the tool like any exe file to bind it into another program (make it something like a small game)...
On a side note, make sure the RAT of your choice is a good choice. The program mentioned in the previous section would not be good in this case, since you do need physical access in order to set it up. You will have to find the program of your choice yourself (meaning please don't ask around for any, people consider that annoying behavior).
If you don't like any of those, I'm afraid you are going to have to go to www.google.com, and look for some yourself. Search for something like "optix pro download", or any specific trojan. If you look long enough, among all the virus notification/help pages, you should come across a site with a list of RATs for you to use (you are going to eventually have to learn how to navigate a search engine, you can't depend on handouts forever). Now back to the topic at hand, you will want to send this file to the specified user through an instant messaging service.
The reason why is that you need the ip address of the user in order to connect with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't matter. What you will do is send the file to the user. Now while this transfer is going on you will go to Start, then Run, type in "command", and press Enter. Once the msdos prompt is open, type in "netstat -n", and again, press enter. You will see a list of ip addresses from left to right. The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using. With MSN Messenger it will be remote port 6891, with AOL Instant Messenger it will be remote port 2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo! Messenger it will be remote port 1614.
So once you spot the established connection with the file transfer remote port, then you will take note of the ip address associated with that port. So once the transfer is complete, and the user has executed the server portion of the RAT, then you can use the client portion to sniff out his/her password the next time he/she logs on to his/her account.
Don't think you can get him/her to accept a file from you? Can you at least get him/her to access a certain web page? Then maybe this next technique is something you should look into.
Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and execute .exe files via malicious scripting within an html document. For this what you will want to do is set up a web page, make sure to actually put something within this page so that the visitor doesn't get too entirely suspicious, and then imbed the below script into your web page so that the server portion of the RAT of your choice is dropped and executed onto the victim's computer...
While you are at it, you will also want to set up an ip logger on the web page so that you can grab the ip address of the user so that you can connect to the newly established server. Here is the source for a php ip logger you can use on your page...
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8
Just insert this source into your page along with the exedrop script, and you are set. Just convince the user to go to this page, and wait till the next time they type in their email password. However, what do you do if you can not contact this user in any way to do any of the above tricks. Well, then you definately have your work cut out for you. It doesn't make the task impossible, but it makes it pretty damn close to it. For this we will want to try info cracking. Info cracking is the process of trying to gather enough information on the user to go through the "Forgot my Password" page, to gain access into the email account.
If you happen to know the user personally, then it helps out a lot. You would then be able to get through the birthday/ zipcode questions with ease, and with a little mental backtracking, or social engineering (talking) out the information from the user be able to get past the secret question. However, what do you do if you do not have this luxury? Well in this case you will have to do a little detective work to fish out the information you need.
First off, if a profile is available for the user, look at the profile to see if you can get any information from the profile. Many times users will put information into their profile, that may help you with cracking the account through the "Forgot my Password" page (where they live, their age, their birthday if you are lucky). If no information is provided then what you will want to do is get on an account that the user does not know about, and try to strike conversation with the user. Just talk to him/her for a little while, and inconspicuously get this information out of the user (inconspicuously as in don't act like you are trying to put together a census, just make casual talk with the user and every once in a while ask questions like "When is your birthday?" and "Where do you live?", and then respond with simple, casual answers).
Once you have enough information to get past the first page, fill those parts out, and go to the next page to find out what the secret question is. Once you have the secret question, you will want to keep making casual conversation with the user and SLOWLY build up to asking a question that would help you answer the secret question. Don't try to get all the information you need in one night or you will look suspicious. Patience is a virtue when info cracking. Just slowly build up to this question. For example, if the secret question is something like "What is my dog's name?", then you would keep talking with the user, and eventually ask him/her "So how many dogs do you have? ...Oh, that's nice. What are their names?". The user will most likely not even remember anything about his/her secret question, so will most likely not find such a question suspicious at all (as long as you keep it inconspicuous). So there you go, with a few choice words and a little given time, you have just gotten the user to tell you everything you need to know to break into his/her email account. The problem with this method is that once you go through the "Forgot my Password" page, the password will be changed, and the new password will be given to you. This will of course deny the original user access to his/her own account. But the point of this task is to get YOU access, so it really shouldn't matter. Anyways, that concludes it for this tutorial. Good luck...
Subscribe to:
Posts (Atom)
