Your Ad Here

We have moved to http://access-xperia.blogspot.com

ATX If you are this blogs reader, I encourage you to visit and join ATX. This blog will not be discontinued but all the recent updates will be on ATX. ATX brings you a more exciting look, more premium software for free and ofcourse a chance to win invitations of some selected sites.

Visit and readACCESS THE XPERIA

Resource site of Computer software, Phone application, E-books, Programming codes, yahoo tools, tutorials, hacking tools, keylogger, trojan, hacking, MP3 and much more. ::CORE™::

Saturday, September 12, 2009

WINDOWS PASSWORD LOOPHOLE

a. ok now, what you need to do is to run compmgmt.msc

b. and click on local users and groups.

c. once you've gotten here you need to open up the 'users' folder.


at this point i am walking along with you and notice that there are several
major security holes dealing specifically with the password:
1. double clicking on the any user name allows you a list that looks
something like this:
"user name"

full name: -----------------------
|__________________|

description: -----------------------
|__________________|
--
|_| user must change password at next logon

--
|_| user cannot change password

--
|/| password never expires

--
|_| account is disabled

--
|_| account is locked out


"ok" "cancel" "apply"

ok if you can get past my cheesy drawing, i must ask, did you notice that
the "password never expires" box is checked? if you did, then you may have
realized that this means that you can also uncheck it!

2. if ure paying attention, you'll see that the 'user must change password
at next logon' box is unchecked. if you put a check in this box of course,
when you shut down the system will prompt for a new password!

3. going back to step c.,
right click on any account and notice the dialoge that appears:
set password...
all tasks
delete
rename
properties
help

CORE™

WINDOWS PASSWORD LOOPHOLE

a. ok now, what you need to do is to run compmgmt.msc

b. and click on local users and groups.

c. once you've gotten here you need to open up the 'users' folder.


at this point i am walking along with you and notice that there are several
major security holes dealing specifically with the password:
1. double clicking on the any user name allows you a list that looks
something like this:
"user name"

full name: -----------------------
|__________________|

description: -----------------------
|__________________|
--
|_| user must change password at next logon

--
|_| user cannot change password

--
|/| password never expires

--
|_| account is disabled

--
|_| account is locked out


"ok" "cancel" "apply"

ok if you can get past my cheesy drawing, i must ask, did you notice that
the "password never expires" box is checked? if you did, then you may have
realized that this means that you can also uncheck it!

2. if ure paying attention, you'll see that the 'user must change password
at next logon' box is unchecked. if you put a check in this box of course,
when you shut down the system will prompt for a new password!

3. going back to step c.,
right click on any account and notice the dialoge that appears:
set password...
all tasks
delete
rename
properties
help

CORE™

ANTI HACKING - PREVENT YOURSELF

Electronic Eavesdropping…
Are You An Unsuspecting Victim?


ID Theft is the number one crimeas of this writing.

As the smoke clears from the sudden onslaught of computers and the
Internet, millions of people are suddenly discovering their private
information isn’t as private as they thought it was.

In fact, many law enforcement agencies are learning that electronic
information theft is quickly becoming the nation’s number one way that
crooks are using to get their hands on goods and services with the least
chance of getting caught!

Many successful cyber thieves are finding it extremely easy to scour
someone else’s computer for passwords and credit card numbers from
the comfort of their own homes.

Most of the tools used to spy on other people’s computers are freely
bought and sold over the Internet under the guise of legally sold
hardware and software.

This report will expose the most common and least known ways a
criminal can steal from you, without you suspecting a thing.

Law enforcement just can’t keep up with the cyber tide so consumers
and business owners are now in the precarious position of protecting
themselves or else suffer the consequences.

All of us use computers for filing our taxes, running our companies, and
for purchasing everything from prescriptions to automobiles over the
Internet.

Most people don’t know how easy it is for anyone with a computer and
Internet access to “electronically” peer over our shoulder, while we
access our bank accounts, trade stocks or chat with our loved ones.

Our goal here is to expose to you the most used tools of the cyber
criminal and show you how to protect yourself.


Good Or Evil?… You Decide

Many companies are marketing the tools below as an easy way to
watch your children’s Internet use or your employees’ use of your
computers, but keep in mind that these products can be used by
criminals just as easily.

If they are designed to be concealed from the computer operator,
they can be used by the bad guys too…
Covert High Tech Tools

• Hardware Keyloggers - what they are and what they look like.

• Computer Recording Software – what it is and how it’s used to
monitor employees, children and maybe even used to spy on you,
along with examples of such products.

• Computer Recording Software Detectors: what you need to be
sure no one is spying on you, including the most popular spy
software detection products.

• Anonymous Browsers: What they are and how they make anyone
who uses them invisible when they surf the Internet, including
some of the top anonymous browser sites on the Internet.
• Electronic File Shredders – What they are and why everyone

should use them, including websites of the top electronic file
shredders.





Hardware Keyloggers

These types of keyloggers require that the perpetrator have physical
access to your computer. They can easily be installed in less than 5
seconds. They come in the form of USB port connectors, keyboard
connectors and even masquerade as keyboards themselves.

Once installed, a hardware keylogger will capture every keystroke
entered into your keyboard and then store it for future retrieval on the
device itself.

Some hardware keylogger companies boast a two million keystroke
capacity! That’s about 5 years worth of typing for the average computer
user. Whether at home or in the office, you can easily fall victim to this
type of spying. A Hardware Keylogger is installed between your
keyboard and computer




Some hardware keyloggers come in the form of a keyboard, but if you
examine the line going to the computer you can see an irregular bulge as
pictured below. That should make you very suspicious…


They can even come in a USB drive
How do they work?

All hardware keyloggers have to have the following:

• A microcontroller - this interprets the datastream between the
keyboard and computer, processes it, and passes it to the non-
volatile memory
• A non-volatile memory - this stores the recorded data, even when
power is lost

On the whole, typing a special password into a computer text editor
retrieves the recorded data. As the hardware keylogger is plugged in-
between the keyboard and computer, it detects the password has been
typed and then starts presenting the computer with "typed" data to
produce a menu. Beyond text menu some keyloggers offer a high-speed
download to speed up retrieval of stored data, this can be via USB mass-
storage enumeration or with a USB or serial download adapter.


Keylogger Companies

We’ve listed the keylogger companies in order of popularity. This
should give you a good idea what company to deal with should you
decide you have a legitimate use for one of these.

KeyGhost http://www.keyghost.com

At KeyGhost Ltd we work hard developing our products. KeyGhost Ltd
are the inventors and manufacturers of the KeyGhost Hardware
Keylogger range of products.

You can be sure a product purchased from us or one of our distributors
will work flawlessly in every situation. This is due to the extensive real
world testing that takes place before any product is approved for
release into the market place.

KeyKatcher http://www.keykatcheruk.com

KEYKatcher is a discrete, easy-to-use device which monitors all PC
keyboard activity.

Capture everything typed - including email, instant messaging, chat
room activity and web URLs.

Advantages over software loggers: there's no software to install, it uses
no system resources and it works on all operating systems.

Installs in seconds - simply plugs in-between the keyboard and PC.
Ideal for parents, employers or spouses.


DIY Hardware Keylogger http://www.keelog.com/diy.html

Simply plugs in-between the keyboard and PC. This company will give
you complete schematics and everything you need to build your own
should you decide you want to try it.


Either way if you decide you need to watch you kids or employees this
could be the answer.
Computer Recording (Spy) Software

Spy Software is by far the most dangerous…and hard to detect of all
computer monitoring type spy products.

There are what some consider legitimate uses for Surveillance Spy
Software.

They are to watch a child’s Internet activity, or to monitor employees
while in a work environment, or just to see if anyone is using your
computer when you're not there.

Unfortunately, this type of computer recording software is often used
unethically and even illegally by those who want to steal sensitive or
private information from you, or your business, without ever being
caught, or are just curious as to what you do on your computer for all
those hours.
Companies That Sell Spy Software

There are over 500 companies selling this stuff so needless to say we will
list only the most popular. If you want to find more examples, a Google
search for “Spy Software” will reveal plenty.

At the time of this writing there were over 20 million results in Google
for the term spy software.

That should tell you something of the popularity of this type of software
and may also cause you to wonder if your computer hasn’t possibly
been infected by someone who wants to watch you or steal from you.

Spectorsoft http://www.spectorsoft.com
Remote Install & Remote Monitoring Available

This company is the absolute ruler in this market space. They’ve been
on the Forbes 500 list of fastest growing companies the last two years in


a row. Their products are virtually undetectable and if you have it on
your computer there’s MAYBE only a couple of spy software detectors
that can tell you if you’re infected.

Remote Spy http://remotespy.com
Remote Install & Remote Monitoring Available

This software is touted as one of the best undetectable, remotely
installable spy software products on the market today.

My question is why would you need to install spy software on your
computer remotely anyway… unless maybe people are using it on
computers they DON’T have access to… like mine?

Anyway here’s what they say on their website…
Sales Pitch

Spy on Anyone From Anywhere

The most powerful software of it's kind, it's finally here RemoteSpy!
Secretly and covertly monitor and record Pc's without the need of physical
access. Record keystrokes, email, passwords, chats, instant messenger
conversations, websites visited + More in total privacy. Find out the
information you need to know quickly with the most intelligent spy
software available RemoteSpy!

Win-Spy http://www.win-spy.com
Remote Install & Remote Monitoring Available

Sales Pitch

Do you need to know what your child is doing on the computer? Is your
spouse cheating on you? Do you need to monitor what your employees are
doing during work hours? Is someone tampering with your computer
while you are away?

With Win Spy Software you will know exactly what they are doing.


WinSpy is a Complete Stealth Monitoring Software that can both monitor
your Local PC and Remote PC. WinSpy Software also includes Remote
Install. WinSpy Software will capture anything the user sees or types on
the keyboard. Users will be unaware of its existence. A special hotkey is
used to login and access Win Spy Software. Users are unable to terminate
WinSpy. Users are unable to uninstall WinSpy.


Companies That Sell Spy Software Detectors
Cloak Your Computer


Just in case you think that someone may be using the above spy
software on you, there’s a number of spy software detectors.

Additional examples can be found by searching Google for “Detect
Keyloggers” or “Spy Software Detection”.

Most detectors are generic “spyware detectors” which do a great job of
catching adware/trojans, but catching commercial spy software like the
above is not their strong suit.

Spy software companies make their money being “undetectable” and
this creates a problem for most spyware detection companies because
they mainly focus on easily detectable advertising spyware.


There are a handful that do a good job, but there’s only one company
that is dedicated to specifically detecting commercially available spy
software that we know of. That company is SpyCop.

All the others try to catch everything and as a result they end up
catching only a few of each type of malware.






SpyCop http://www.spycop.com
SpyCop® Spy Software Detector is the only company we know of that is
totally dedicated to detecting commercially available spy software like
the above products. In our tests it caught 99% of every spy software
product including Spectorsoft’s e-Blaster… Every other scanner only
caught up to 50% of the spy software products sold which is ok if you
aren’t concerned about commercially available spy software products
infecting your computer.

McAfee http://us.mcafee.com
McAfee® VirusScan® Plus is essential PC protection. It guards your
computer and files against viruses, spyware and intrusion, stopping
hackers automatically. With McAfee's trusted protection you can surf
the Web and download files safely, confident knowing that McAfee is
always on and always protecting you

Spyware Doctor http://www.pctools.com
Spyware Doctor is a top-rated malware & spyware removal utility that
detects, removes and protects your PC from thousands of potential
spyware, adware, trojans, spybots and tracking threats.


Anonymous Browsers

When we surf the Internet we have to use a browser.

Unfortunately many times the browsers we use can be easily
compromised, tracked back to us, and in some instances spy software
can be downloaded to our computers.

If you ever plan on visiting a website that you aren’t sure if they are
legitimate or not, you can use what’s known as an anonymous browser.

In essence you surf through their servers even though you’re on your
computer. These services act as a buffer between you and the websites
you visit.




That means you are invisible to any website you surf to when you use
one of these services.

Below are the top three in the industry but again you can check Google
for more examples.
Anonymous Browser Services


Proxify https://proxify.com
Free & Paid Surfing Available

Proxify® is a web-based anonymous proxy service which allows anyone
to surf the Web privately and securely. Unlike other proxies, there is no
software to install or complicated instructions to follow. Just enter a
URL (website address) in the form above. Through Proxify, you can use
websites but they cannot uniquely identify or track you. Proxify hides
your IP address and our encrypted connection prevents monitoring of
your network traffic. Once using Proxify, you can surf normally and
forget that it is there, protecting you


MegaProxy http://www.megaproxy.com/freesurf
Free & Paid Surfing Available

Anonymous surfing with Megaproxy® Web SSL VPN is as easy as 1-2-
3... no software downloads or installations required

Anonymizer http://anonymizer.com
Free & Paid Surfing Available

This company used to be number one until they went extremely
commercial and started selling everybody’s products they could make a
dime on. Still they were the first to develop a brand in this industry.



Electronic File Shredders

Last but definitely not least are Electronic File Shredders.

These are software programs that go through your computer and delete
ghost files and Internet tracks you may have left the last time you used
the computer.

The problem is that if you don’t delete these files, someone who has
moderate computer skills can go through your system when you’re not
around and pull all sorts of information from your computer that you
never thought anyone could possibly find.

Many times it’s just stuff you forgot about, like the password to your
bank account which could be logged in your auto fill or maybe a credit
card number you used to purchase that new software online.

Here are the top three electronic file shredders.

Evidence Terminator

http://www.spycop.com/spycop-evidence-terminator-product.htm
Evidence Terminator is the most advanced hard disk cleaner in the
world. Its innovative new scripting engine means it customizes itself for
your system, automatically! Files left behind while you surf the web or
while you use your programs can be removed without you giving it a
second thought.

Evidence Eliminator
http://www.evidence-eliminator.com This is an older product, but a
good one. Here’s some copy from the site:

You are being watched... how about your Boss? Do you surf the Internet
and send E-mail at work? Your work PC will be full of evidence. It is
becoming common in the workplace for companies to copy and
investigate the contents of workers computers out of hours - without
your consent or knowledge.


This is perfectly legal and it is happening now! Your job could be at
risk, what would happen to you if you lost your job? People like you are
losing their jobs right now because of their Internet activities in
America and the Uk


Window Washer
http://www.webroot.com/consumer/products/windowwasher

As you work on your computer and browse the Internet, you leave
behind traces of your activity. This information not only takes up
valuable disk space but also jeopardizes your privacy. Window Washer
simply and safely wipes your tracks clean and removes unnecessary files
for complete privacy and improved PC performance.
 
CORE™

ANTI HACKING - PREVENT YOURSELF

Electronic Eavesdropping…
Are You An Unsuspecting Victim?


ID Theft is the number one crimeas of this writing.

As the smoke clears from the sudden onslaught of computers and the
Internet, millions of people are suddenly discovering their private
information isn’t as private as they thought it was.

In fact, many law enforcement agencies are learning that electronic
information theft is quickly becoming the nation’s number one way that
crooks are using to get their hands on goods and services with the least
chance of getting caught!

Many successful cyber thieves are finding it extremely easy to scour
someone else’s computer for passwords and credit card numbers from
the comfort of their own homes.

Most of the tools used to spy on other people’s computers are freely
bought and sold over the Internet under the guise of legally sold
hardware and software.

This report will expose the most common and least known ways a
criminal can steal from you, without you suspecting a thing.

Law enforcement just can’t keep up with the cyber tide so consumers
and business owners are now in the precarious position of protecting
themselves or else suffer the consequences.

All of us use computers for filing our taxes, running our companies, and
for purchasing everything from prescriptions to automobiles over the
Internet.

Most people don’t know how easy it is for anyone with a computer and
Internet access to “electronically” peer over our shoulder, while we
access our bank accounts, trade stocks or chat with our loved ones.

Our goal here is to expose to you the most used tools of the cyber
criminal and show you how to protect yourself.


Good Or Evil?… You Decide

Many companies are marketing the tools below as an easy way to
watch your children’s Internet use or your employees’ use of your
computers, but keep in mind that these products can be used by
criminals just as easily.

If they are designed to be concealed from the computer operator,
they can be used by the bad guys too…
Covert High Tech Tools

• Hardware Keyloggers - what they are and what they look like.

• Computer Recording Software – what it is and how it’s used to
monitor employees, children and maybe even used to spy on you,
along with examples of such products.

• Computer Recording Software Detectors: what you need to be
sure no one is spying on you, including the most popular spy
software detection products.

• Anonymous Browsers: What they are and how they make anyone
who uses them invisible when they surf the Internet, including
some of the top anonymous browser sites on the Internet.
• Electronic File Shredders – What they are and why everyone

should use them, including websites of the top electronic file
shredders.





Hardware Keyloggers

These types of keyloggers require that the perpetrator have physical
access to your computer. They can easily be installed in less than 5
seconds. They come in the form of USB port connectors, keyboard
connectors and even masquerade as keyboards themselves.

Once installed, a hardware keylogger will capture every keystroke
entered into your keyboard and then store it for future retrieval on the
device itself.

Some hardware keylogger companies boast a two million keystroke
capacity! That’s about 5 years worth of typing for the average computer
user. Whether at home or in the office, you can easily fall victim to this
type of spying. A Hardware Keylogger is installed between your
keyboard and computer




Some hardware keyloggers come in the form of a keyboard, but if you
examine the line going to the computer you can see an irregular bulge as
pictured below. That should make you very suspicious…


They can even come in a USB drive
How do they work?

All hardware keyloggers have to have the following:

• A microcontroller - this interprets the datastream between the
keyboard and computer, processes it, and passes it to the non-
volatile memory
• A non-volatile memory - this stores the recorded data, even when
power is lost

On the whole, typing a special password into a computer text editor
retrieves the recorded data. As the hardware keylogger is plugged in-
between the keyboard and computer, it detects the password has been
typed and then starts presenting the computer with "typed" data to
produce a menu. Beyond text menu some keyloggers offer a high-speed
download to speed up retrieval of stored data, this can be via USB mass-
storage enumeration or with a USB or serial download adapter.


Keylogger Companies

We’ve listed the keylogger companies in order of popularity. This
should give you a good idea what company to deal with should you
decide you have a legitimate use for one of these.

KeyGhost http://www.keyghost.com

At KeyGhost Ltd we work hard developing our products. KeyGhost Ltd
are the inventors and manufacturers of the KeyGhost Hardware
Keylogger range of products.

You can be sure a product purchased from us or one of our distributors
will work flawlessly in every situation. This is due to the extensive real
world testing that takes place before any product is approved for
release into the market place.

KeyKatcher http://www.keykatcheruk.com

KEYKatcher is a discrete, easy-to-use device which monitors all PC
keyboard activity.

Capture everything typed - including email, instant messaging, chat
room activity and web URLs.

Advantages over software loggers: there's no software to install, it uses
no system resources and it works on all operating systems.

Installs in seconds - simply plugs in-between the keyboard and PC.
Ideal for parents, employers or spouses.


DIY Hardware Keylogger http://www.keelog.com/diy.html

Simply plugs in-between the keyboard and PC. This company will give
you complete schematics and everything you need to build your own
should you decide you want to try it.


Either way if you decide you need to watch you kids or employees this
could be the answer.
Computer Recording (Spy) Software

Spy Software is by far the most dangerous…and hard to detect of all
computer monitoring type spy products.

There are what some consider legitimate uses for Surveillance Spy
Software.

They are to watch a child’s Internet activity, or to monitor employees
while in a work environment, or just to see if anyone is using your
computer when you're not there.

Unfortunately, this type of computer recording software is often used
unethically and even illegally by those who want to steal sensitive or
private information from you, or your business, without ever being
caught, or are just curious as to what you do on your computer for all
those hours.
Companies That Sell Spy Software

There are over 500 companies selling this stuff so needless to say we will
list only the most popular. If you want to find more examples, a Google
search for “Spy Software” will reveal plenty.

At the time of this writing there were over 20 million results in Google
for the term spy software.

That should tell you something of the popularity of this type of software
and may also cause you to wonder if your computer hasn’t possibly
been infected by someone who wants to watch you or steal from you.

Spectorsoft http://www.spectorsoft.com
Remote Install & Remote Monitoring Available

This company is the absolute ruler in this market space. They’ve been
on the Forbes 500 list of fastest growing companies the last two years in


a row. Their products are virtually undetectable and if you have it on
your computer there’s MAYBE only a couple of spy software detectors
that can tell you if you’re infected.

Remote Spy http://remotespy.com
Remote Install & Remote Monitoring Available

This software is touted as one of the best undetectable, remotely
installable spy software products on the market today.

My question is why would you need to install spy software on your
computer remotely anyway… unless maybe people are using it on
computers they DON’T have access to… like mine?

Anyway here’s what they say on their website…
Sales Pitch

Spy on Anyone From Anywhere

The most powerful software of it's kind, it's finally here RemoteSpy!
Secretly and covertly monitor and record Pc's without the need of physical
access. Record keystrokes, email, passwords, chats, instant messenger
conversations, websites visited + More in total privacy. Find out the
information you need to know quickly with the most intelligent spy
software available RemoteSpy!

Win-Spy http://www.win-spy.com
Remote Install & Remote Monitoring Available

Sales Pitch

Do you need to know what your child is doing on the computer? Is your
spouse cheating on you? Do you need to monitor what your employees are
doing during work hours? Is someone tampering with your computer
while you are away?

With Win Spy Software you will know exactly what they are doing.


WinSpy is a Complete Stealth Monitoring Software that can both monitor
your Local PC and Remote PC. WinSpy Software also includes Remote
Install. WinSpy Software will capture anything the user sees or types on
the keyboard. Users will be unaware of its existence. A special hotkey is
used to login and access Win Spy Software. Users are unable to terminate
WinSpy. Users are unable to uninstall WinSpy.


Companies That Sell Spy Software Detectors
Cloak Your Computer


Just in case you think that someone may be using the above spy
software on you, there’s a number of spy software detectors.

Additional examples can be found by searching Google for “Detect
Keyloggers” or “Spy Software Detection”.

Most detectors are generic “spyware detectors” which do a great job of
catching adware/trojans, but catching commercial spy software like the
above is not their strong suit.

Spy software companies make their money being “undetectable” and
this creates a problem for most spyware detection companies because
they mainly focus on easily detectable advertising spyware.


There are a handful that do a good job, but there’s only one company
that is dedicated to specifically detecting commercially available spy
software that we know of. That company is SpyCop.

All the others try to catch everything and as a result they end up
catching only a few of each type of malware.






SpyCop http://www.spycop.com
SpyCop® Spy Software Detector is the only company we know of that is
totally dedicated to detecting commercially available spy software like
the above products. In our tests it caught 99% of every spy software
product including Spectorsoft’s e-Blaster… Every other scanner only
caught up to 50% of the spy software products sold which is ok if you
aren’t concerned about commercially available spy software products
infecting your computer.

McAfee http://us.mcafee.com
McAfee® VirusScan® Plus is essential PC protection. It guards your
computer and files against viruses, spyware and intrusion, stopping
hackers automatically. With McAfee's trusted protection you can surf
the Web and download files safely, confident knowing that McAfee is
always on and always protecting you

Spyware Doctor http://www.pctools.com
Spyware Doctor is a top-rated malware & spyware removal utility that
detects, removes and protects your PC from thousands of potential
spyware, adware, trojans, spybots and tracking threats.


Anonymous Browsers

When we surf the Internet we have to use a browser.

Unfortunately many times the browsers we use can be easily
compromised, tracked back to us, and in some instances spy software
can be downloaded to our computers.

If you ever plan on visiting a website that you aren’t sure if they are
legitimate or not, you can use what’s known as an anonymous browser.

In essence you surf through their servers even though you’re on your
computer. These services act as a buffer between you and the websites
you visit.




That means you are invisible to any website you surf to when you use
one of these services.

Below are the top three in the industry but again you can check Google
for more examples.
Anonymous Browser Services


Proxify https://proxify.com
Free & Paid Surfing Available

Proxify® is a web-based anonymous proxy service which allows anyone
to surf the Web privately and securely. Unlike other proxies, there is no
software to install or complicated instructions to follow. Just enter a
URL (website address) in the form above. Through Proxify, you can use
websites but they cannot uniquely identify or track you. Proxify hides
your IP address and our encrypted connection prevents monitoring of
your network traffic. Once using Proxify, you can surf normally and
forget that it is there, protecting you


MegaProxy http://www.megaproxy.com/freesurf
Free & Paid Surfing Available

Anonymous surfing with Megaproxy® Web SSL VPN is as easy as 1-2-
3... no software downloads or installations required

Anonymizer http://anonymizer.com
Free & Paid Surfing Available

This company used to be number one until they went extremely
commercial and started selling everybody’s products they could make a
dime on. Still they were the first to develop a brand in this industry.



Electronic File Shredders

Last but definitely not least are Electronic File Shredders.

These are software programs that go through your computer and delete
ghost files and Internet tracks you may have left the last time you used
the computer.

The problem is that if you don’t delete these files, someone who has
moderate computer skills can go through your system when you’re not
around and pull all sorts of information from your computer that you
never thought anyone could possibly find.

Many times it’s just stuff you forgot about, like the password to your
bank account which could be logged in your auto fill or maybe a credit
card number you used to purchase that new software online.

Here are the top three electronic file shredders.

Evidence Terminator

http://www.spycop.com/spycop-evidence-terminator-product.htm
Evidence Terminator is the most advanced hard disk cleaner in the
world. Its innovative new scripting engine means it customizes itself for
your system, automatically! Files left behind while you surf the web or
while you use your programs can be removed without you giving it a
second thought.

Evidence Eliminator
http://www.evidence-eliminator.com This is an older product, but a
good one. Here’s some copy from the site:

You are being watched... how about your Boss? Do you surf the Internet
and send E-mail at work? Your work PC will be full of evidence. It is
becoming common in the workplace for companies to copy and
investigate the contents of workers computers out of hours - without
your consent or knowledge.


This is perfectly legal and it is happening now! Your job could be at
risk, what would happen to you if you lost your job? People like you are
losing their jobs right now because of their Internet activities in
America and the Uk


Window Washer
http://www.webroot.com/consumer/products/windowwasher

As you work on your computer and browse the Internet, you leave
behind traces of your activity. This information not only takes up
valuable disk space but also jeopardizes your privacy. Window Washer
simply and safely wipes your tracks clean and removes unnecessary files
for complete privacy and improved PC performance.
 
CORE™

Friday, September 11, 2009

TELNET HACKING

***************************************
In this Article you will learn how to:
* Use telnet from Windows
* Download web pages via telnet
* Get finger information via telnet
* Telnet from the DOS command-line
* Use netcat
* Break into Windows Computers from the Internet
Protecting Yourself
What can they do
The command-line approach
The GUI approach
Final Words 

*****************************************
How to Use Telnet on a Windows Computer


Telnet is great little program for doing a couple of interesting things. In fact, if you want to call yourself a hacker, you absolutely MUST be able to telnet! In this lesson you will find out a few of the cool things a hacker can do with telnet.
If you are using Win95, you can find telnet in the c:\windows directory, and on NT, in the c:\winnt\system32 directory. There isn't a lot of online help concerning the usage of the program, so my goal is to provide some information for new users.
First off, telnet isn't so much an application as it is a protocol. Telnet is protocol that runs over TCP/IP, and was used for connecting to remote computers. It provides a login interface, and you can run command-line programs by typing the commands on your keyboard, and the programs use the resources of the remote machine. The results are displayed in the terminal window on your machine, but the memory and CPU cycles consumed by the program are located on the remote machine. Therefore, telnet functions as a terminal emulation program, emulating a terminal on the remote machine.
Now, telnet runs on your Win95 box as a GUI application...that is to say that you can type "telnet" at the command prompt (in Windows 95 this is the MS-DOS prompt), and assuming that your PATH is set correctly, a window titled "telnet" will open. This differs from your ftp program in that all commands are entered in the DOS window.
Let's begin by opening telnet. Simply open a DOS window by clicking "start", then "programs", then "MS-DOS", and at the command prompt, type:
c:\telnet
The window for telnet will open, and you can browse the features of the program from the menu bar.


***************************************************
NEWBIE NOTE: In this text file, I am referring only to the telnet
program that ships with Win95/NT. If you type "telnet" at the
command prompt and you don't get the telnet window, make sure
that the program is on your hard drive using the Start -> Find ->
Files or Folders command. Also make sure that your path statement includes the Windows directory. There are many other programs available that provide similar functionality, with a lot of other bells and whistles, from any number of software sites.
*************************************************


To learn a bit more about telnet, choose Help -> Contents, or
Help -> Search for help on... from the menu bar. Read through
the files in order to find more detailed explanations of things
you may wish to do. For example, in this explanation, I will
primarily be covering how to use the application and what it can
be used for, but now how to customize the colors for the application.
Now, if you choose Connect -> Remote System, you will be presented with a dialog window that will ask you for the remote host, the port and the terminal type.
****************************************************
NEWBIE NOTE: For most purposes, you can leave the terminal type on
VT100.
****************************************************
In the Connect dialog box, you can enter in the host to which
you wish to connect, and there is a list box of several ports
you can connect to:
daytime: May give you the current time on the server.
echo: May echo back whatever you type in, and will tell you that the computer you have connected to is alive nd running on the Internet. qotd: May provide you with a quote of the day.
chargen: May display a continuous stream of characters, useful for spotting network problems, but may crash your telnet program.
telnet: May present you with a login screen.
These will only work if the server to which you are trying to connect is running these services. However, you are not limited to just those ports...you can type in any port number you wish. (For more on fun ports, see the GTMHH, "Port Surf's Up.") You will only successfully connect to the port if the service in question is available. What occurs after you connect depends upon the protocol for that particular service.
When you are using telnet to connect to the telnet service on a server, you will (in most cases) be presented with a banner and a login prompt.
[Note from Carolyn Meinel: Many people have written saying their telnet program fails to connect no matter what host they try to reach. Here's a way to fix your problem. First -- make sure you are already connected to the Internet. If your telnet program still cannot connect to anything, here's how to fix your problem. Click "start" then "settings" then "control panel." Then click "Internet" then "connection." This screen will have two boxes that may or may not be checked. The top one says "connect to the Internet as needed." If that box is checked, uncheck it -- but only uncheck it if you already have been having problems connecting. The bottom box says "connect through a proxy server." If that box is checked, you probably are on a local area network and your systems administrator doesn't allow you to use telnet.]
*********************************************

NEWBIE NOTE: It's not a good idea to connect to a host on which you don't have a valid account. In your attempts to guess a username and password, all you will do is fill the log files on that host. From there, you can very easily be traced, and your online service provider will probably cancel your account.
**********************************************
Now, you can also use telnet to connect to other ports, such as
ftp (21), smtp (25), pop3 (110), and even http (80). When you
connect to ftp, smtp, and pop3, you will be presented with a
banner, or a line of text that displays some information about the
service. This will give you a clue as to the operating system
running on the host computer, or it may come right out and tell
you what the operating system is...for instance, AIX, Linux,
Solaris, or NT. If you successfully connect to port 80, you will
see a blank screen. This indicates, again, that you have successfully completed the TCP negotiation and you have a connection.
Now, what you do from there is up to you. You can simply disconnect with the knowledge that, yes, there is a service running on port 80, or you can use your knowledge of the HTTP protocol to retrieve the HTML source for web pages on the server.
How to Download Web Pages Via Telnet
To retrieve a web page for a server using telnet, you need to connect to that server on port 80, generally. Some servers may use a different port number, such as 8080, but most web servers run on port 80. The first thing you need to do is click on Terminal -> Preferences and make sure that there is a check in the Local Echo box. Then, since most web pages will generally take up more than a single screen, enable logging by clicking Terminal -> Start Logging... and select a location and filename. Keep in mind that as long as logging is on, and the same file is being logged to, all new information will be appended to the file, rather than overwriting the
original file. This is useful if you want to record several sessions, and edit out the extraneous information using Notepad.
Now, connect the remote host, and if your connection is successful, type in:
GET / HTTP/1.0
and hit enter twice.
**************************************************
NEWBIE NOTE: Make sure that you hit enter twice...this is part
of the HTTP protocol. The single / after GET tells the server
to return the default index file, which is generally "index.html".
However, you can enter other filenames, as well.
*************************************************
You should have seen a bunch of text scroll by on the screen. Now you can open the log file in Notepad, and you will see the HTML
code for the page, just as though you had chosen the View Source
option from your web browser. You will also get some additional
information...the headers for the file will contain some information
about the server. For example:
HTTP/1.0 200 Document follows
Date: Thu, 04 Jun 1998 14:46:46 GMT
Server: NCSA/1.5.2
Last-modified: Thu, 19 Feb 1998 17:44:13 GMT
Content-type: text/html
Content-length: 3196
One particularly interesting piece of information is the server
name. This refers to the web server software that is running
and serving web pages. You may see other names in this field,
such as versions of Microsoft IIS, Purveyor, WebSite, etc.
This will give you a clue as to the underlying operating system
running on the server.
*************************************************
This technique, used in conjunction with a
database of exploits on web servers, can be particularly annoying.
Make sure you keep up on exploits and the appropriate security
patches from your web server and operating system vendors.
*************************************************
*************************************************
NEWBIE NOTE: This technique of gathering web pages is perfectly legal. You aren't attempting to compromise the target system, you are simply doing by hand what your web browser does for you automatically. Of course, this technique will not load images and Java applets for you.
************************************************
Getting Finger Information Via Telnet
By now, you've probably heard or read a lot about finger. It doesn't seem like a very useful service, and many sysadmins disable the service because it provides information on a particular user, information an evil hacker can take advantage of. Win95 doesn't ship with a finger client, but NT does. You can download finger clients for Win95 from any number of software sites. But why do that when you have a readily available client in telnet?
The finger daemon or server runs on port 79, so connect to a remote host on that port. If the service is running, you will be presented with a blank screen.
****************************************************
NEWBIE NOTE: NT doesn't ship with a finger daemon (A daemon is a program on the remote computer which waits for people like you to connect to it), so generally speaking, and server that you find running finger will be a Unix box. I say "generally" because there are third-party finger daemons available and someone may want to run one on their NT computer.
****************************************************
The blank screen indicates that the finger daemon is waiting for input. If you have a particular user that you are interested in, type in the username and hit enter. A response will be provided, and the daemon will disconnect the client. If you don't know a particular username, you can start by simply hitting enter. In some cases, you may get a response such as "No one logged on." Or you may get information of all currently logged on users. It all depends on whether or not the sysadmin has chosen to enable certain features of the daemon. You can also try other names, such as "root", "daemon", "ftp", "bin", etc.
Another neat trick to try out is something that I have seen referred to as "finger forwarding". To try this out, you need two hosts that run finger. Connect to the first host, host1.com, and enter the username that you are interested in. Then go to the second host, and enter:
user@host1.com
You should see the same information! Again, this all depends upon
the configuration of the finger daemon.
Using Telnet from the Command Line
Now, if you want to show your friends that you a "real man" because "real men don't need no stinkin' GUIs", well just open up a DOS window and type:
c:\>telnet
and the program will automatically attempt to connect to the host
on the designated port for you.
Using Netcat
Let me start by giving a mighty big thanks to Weld Pond from L0pht for producing the netcat program for Windows NT. To get a copy of this program, which comes with source code, simply go to:
http://www.l0pht.com/~weld
NOTE: The first character of "l0pht: is the letter "l". The second character is a zero, not an "o".
I know that the program is supposed to run on NT, but I have
seen it run on Win95. It's a great little program that can be used
to do some of the same things as telnet. However, there are
advantages to using netcat...for one, it's a command-line program,
and it can be included in a batch file. In fact, you can automate
multiple calls to netcat in a batch file, saving the results to
a text file.
**************************************************
NEWBIE NOTE: For more information on batch files, see previous versions of the Guide To (mostly) Harmless Hacking, Getting Serious with Windows series ...one of them dealt with basic batch file programming.
**************************************************
Before using netcat, take a look at the readme.txt file provided in
the zipped archive you downloaded. It goes over the instructions
on how to download web pages using netcat, similar to what I
described earlier using telnet.
There are two ways to go about getting finger information using
netcat. The first is in interactive mode. Simply type:
c:\>nc 79
If the daemon is running, you won't get a command prompt back. If this is the case, type in the username and hit enter. Or use the automatic mode by first creating a text file containing the username of interest. For example, I typed:
c:\>edit root
and entered the username "root", without the quotes. Then from
the command prompt, type:
c:\>nc 79 < root
and the response will appear on your screen. You can save the
output to a file by adding the appropriate redirection operator
to the end of the file:
c:\>nc 79 < root > nc.log
to create the file nc.log, or:
c:\>nc 79 < root >> nc.log
to append the response to the end of nc.log. NOTE: Make sure
that you use spaces between the redirection operators.

How to Break into a Windows machine Connected to the Internet


Disclaimer
The intent of this file is NOT to provide a step-by-step guide to accessing a Win95 computer while it is connected to the Internet. The intent is show you how to protect yourself.

There are no special tools needed to access a remote Win machine...everything you need is right there on your Win system! Two methods will be described...the command-line approach and the GUI approach.

Protecting Yourself

First, the method of protecting yourself needs to be made perfectly clear. DON'T SHARE FILES!! I can't stress that enough. If you are a home user, and you are connecting a Win computer to the Internet via some dial-up method, disable sharing. If you must share, use a strong password...8 characters minimum, a mix of upper and lower case letters and numbers, change the password every now and again. If you need to transmit the
password to someone, do so over the phone or by written letter. To disable sharing, click on My Computer -> Control Panel -> Network -> File and Print Sharing. In the dialog box that appears, uncheck both boxes. It's that easy.

i know lame one

What Can They Do?


What can someone do? Well, lots of stuff, but it largely depends on what shares are available. If someone is able to share a printer from your machine, they can send you annoying letters and messages. This consumes time, your printer ink/toner, and your paper. If they are able to share a disk share, what they can do largely depends upon what's in that share. The share appears as another directory on the attacker's machine, so any programs they run will be consuming their own resources...memory, cpu cycles, etc. But if the attacker has read and write access to those disk shares, then you're in trouble. If you take work home, your files may be vulnerable. Initialization and configuration files can be searched for passwords. Files can be modified and deleted. A particularly nasty thing to do is adding a line to your autoexec.bat file so that the next time your computer is booted, the hard drive is formatted without any prompting from the user. Bad ju-ju, indeed.


** The command-line approach **


Okay, now for the part that should probably be titled "How they do it". All that is needed is the IP address of the remote machine. Now open up a DOS window, and at the command prompt, type:
c:\>nbtstat -A [ip_addr]
If the remote machine is connected to the Internet and the ports used for sharing are not blocked, you should see something like:
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
NAME <00> UNIQUE Registered
DOMAIN <00> GROUP Registered
NAME <03> UNIQUE Registered
USERNAME <03> UNIQUE Registered
MAC Address = 00-00-00-00-00-00
This machine name table shows the machine and domain names, a logged-on username, and the address of the Ethernet adapter (the information has been obfuscated for instructional purposes).
**Note: This machine, if unpatched and not protected with a firewall or packet-filter router, may be vulnerable to a range of denial of service attacks, which seem to be fairly popular, largely because they require no skill or knowledge to perpetrate.
The key piece of information that you are looking for is in the Type column. A machine that has sharing enabled will have a hex code of "<20>".
**Note: With the right tools, it is fairly simple for a sysadmin to write a batch file that combs a subnet or her entire network, looking for client machines with sharing enabled. This batch file can then be run at specific times...every day at 2:00 am, only on Friday evenings or weekends, etc.
If you find a machine with sharing enabled, the next thing to do is type the following command:
c:\>net view \\[ip_addr]
Now, your response may be varied. You may find that there are no shares on the list, or that there are several shares available. Choose which share you would like to connect to, and type the command:
c:\>net use g: \\[ip_addr]\[share_name]
You will likely get a response that the command was completed successfully. If that is the case, type:
c:\>cd g:
or which ever device name you decided to use. You can now view what exists on that share using the dir commands, etc.
Now, you may be presented with a password prompt when you ssue the above command. If that is the case, typical "hacker" (I shudder at that term) methods may be used.
** The GUI approach **
After issuing the nbtstat command, you can opt for the GUI approach to accessing the shares on that machine. To do so, make sure that you leave the DOS window open, or minimized...don't close it. Now, use Notepad to open this file:
c:\windows\lmhosts.sam
Read over the file, and then open create another file in Notepad, called simply "Lmhosts", without an extension. The file should contain the IP address of the host, the NetBIOS name of the host (from the nbtstat command), and #PRE, separated by tabs. Once you have added this information, save it, and minimize the window. In the DOS command window, type:
c:\>nbtstat -R
This command reloads the cache from the Lmhosts file you just created.
Now, click on Start -> Find -> Computer, and type in the NetBIOS name of the computer...the same one you added to the lmhosts file. If your attempt to connect to the machine is successful, you should be presented with a window containing the available shares. You may be presented with a password prompt window, but again, typical "hacker" (again, that term grates on me like fingernails on a chalk board, but today, it seems that it's all folks understand) techniques may be used to break the password.
************************************************
Want to try this stuff without winding up in jail or getting expelled from school? Get a friend to give you permission to try to break in.
First, you will need his or her IP address. Usually this will be different every time your friend logs on. You friend can learn his or her IP address by going to the DOS prompt while online and giving the command "netstat -r". Something like this should show up:
C:\WINDOWS>netstat -r
Route Table
Active Routes:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 198.999.176.84 198.999.176.84 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
198.999.176.0 255.255.255.0 198.999.176.84 198.999.176.84 1
198.999.176.84 255.255.255.255 127.0.0.1 127.0.0.1 1
198.999.176.255 255.255.255.255 198.999.176.84 198.999.176.84 1
224.0.0.0 224.0.0.0 198.999.176.84 198.999.176.84 1
255.255.255.255 255.255.255.255 198.999.176.84 0.0.0.0 1
Your friend's IP address should be under "Gateway Address." Ignore the 127.0.0.1 as this will show up for everyone and simply means "locahost" or "my own computer." If in doubt, break the Internet connection and then get online again. The number that changes is the IP address of your friend's computer.
***************************************************
**************************************************
tip: Here is something really scary. In your shell account give the "netstat" command. If your ISP allows you to use it, you might be able to get the dynamically assigned IP addresses of people from all over the world -- everyone who is browsing a Web site hosted by your ISP, everyone using ftp, spammers you might catch red-handed in the act of forging email on your ISP, guys up at 2AM playing on multiuser dungeons, IRC users, in fact you will see everyone who is connected to your ISP!
****************************************************
****************************************************
YOU CAN GO TO JAIL WARNING: If you find a Windows xp box on the Internet with file sharing enabled and no password protection, you can still get in big trouble for exploiting it. It's just like finding a house whose owner forgot to lock the door -- you still are in trouble if someone catches you inside. Tell temptation to take a hike!
****************************************************

Final Words
Please remember that this Guide is for instructional purposes only and is meant to educate the sysadmin and user alike. If someone uses this information to gain access to a system which they have no permission or business messing with, I cannot be responsible for the outcome. If you are intending to try this information out, do so with the consent and permission of a friend.
If there are questions, comments, or corrections, please feel free to Contact Me


CORE™

TELNET HACKING

***************************************
In this Article you will learn how to:
* Use telnet from Windows
* Download web pages via telnet
* Get finger information via telnet
* Telnet from the DOS command-line
* Use netcat
* Break into Windows Computers from the Internet
Protecting Yourself
What can they do
The command-line approach
The GUI approach
Final Words 

*****************************************
How to Use Telnet on a Windows Computer


Telnet is great little program for doing a couple of interesting things. In fact, if you want to call yourself a hacker, you absolutely MUST be able to telnet! In this lesson you will find out a few of the cool things a hacker can do with telnet.
If you are using Win95, you can find telnet in the c:\windows directory, and on NT, in the c:\winnt\system32 directory. There isn't a lot of online help concerning the usage of the program, so my goal is to provide some information for new users.
First off, telnet isn't so much an application as it is a protocol. Telnet is protocol that runs over TCP/IP, and was used for connecting to remote computers. It provides a login interface, and you can run command-line programs by typing the commands on your keyboard, and the programs use the resources of the remote machine. The results are displayed in the terminal window on your machine, but the memory and CPU cycles consumed by the program are located on the remote machine. Therefore, telnet functions as a terminal emulation program, emulating a terminal on the remote machine.
Now, telnet runs on your Win95 box as a GUI application...that is to say that you can type "telnet" at the command prompt (in Windows 95 this is the MS-DOS prompt), and assuming that your PATH is set correctly, a window titled "telnet" will open. This differs from your ftp program in that all commands are entered in the DOS window.
Let's begin by opening telnet. Simply open a DOS window by clicking "start", then "programs", then "MS-DOS", and at the command prompt, type:
c:\telnet
The window for telnet will open, and you can browse the features of the program from the menu bar.


***************************************************
NEWBIE NOTE: In this text file, I am referring only to the telnet
program that ships with Win95/NT. If you type "telnet" at the
command prompt and you don't get the telnet window, make sure
that the program is on your hard drive using the Start -> Find ->
Files or Folders command. Also make sure that your path statement includes the Windows directory. There are many other programs available that provide similar functionality, with a lot of other bells and whistles, from any number of software sites.
*************************************************


To learn a bit more about telnet, choose Help -> Contents, or
Help -> Search for help on... from the menu bar. Read through
the files in order to find more detailed explanations of things
you may wish to do. For example, in this explanation, I will
primarily be covering how to use the application and what it can
be used for, but now how to customize the colors for the application.
Now, if you choose Connect -> Remote System, you will be presented with a dialog window that will ask you for the remote host, the port and the terminal type.
****************************************************
NEWBIE NOTE: For most purposes, you can leave the terminal type on
VT100.
****************************************************
In the Connect dialog box, you can enter in the host to which
you wish to connect, and there is a list box of several ports
you can connect to:
daytime: May give you the current time on the server.
echo: May echo back whatever you type in, and will tell you that the computer you have connected to is alive nd running on the Internet. qotd: May provide you with a quote of the day.
chargen: May display a continuous stream of characters, useful for spotting network problems, but may crash your telnet program.
telnet: May present you with a login screen.
These will only work if the server to which you are trying to connect is running these services. However, you are not limited to just those ports...you can type in any port number you wish. (For more on fun ports, see the GTMHH, "Port Surf's Up.") You will only successfully connect to the port if the service in question is available. What occurs after you connect depends upon the protocol for that particular service.
When you are using telnet to connect to the telnet service on a server, you will (in most cases) be presented with a banner and a login prompt.
[Note from Carolyn Meinel: Many people have written saying their telnet program fails to connect no matter what host they try to reach. Here's a way to fix your problem. First -- make sure you are already connected to the Internet. If your telnet program still cannot connect to anything, here's how to fix your problem. Click "start" then "settings" then "control panel." Then click "Internet" then "connection." This screen will have two boxes that may or may not be checked. The top one says "connect to the Internet as needed." If that box is checked, uncheck it -- but only uncheck it if you already have been having problems connecting. The bottom box says "connect through a proxy server." If that box is checked, you probably are on a local area network and your systems administrator doesn't allow you to use telnet.]
*********************************************

NEWBIE NOTE: It's not a good idea to connect to a host on which you don't have a valid account. In your attempts to guess a username and password, all you will do is fill the log files on that host. From there, you can very easily be traced, and your online service provider will probably cancel your account.
**********************************************
Now, you can also use telnet to connect to other ports, such as
ftp (21), smtp (25), pop3 (110), and even http (80). When you
connect to ftp, smtp, and pop3, you will be presented with a
banner, or a line of text that displays some information about the
service. This will give you a clue as to the operating system
running on the host computer, or it may come right out and tell
you what the operating system is...for instance, AIX, Linux,
Solaris, or NT. If you successfully connect to port 80, you will
see a blank screen. This indicates, again, that you have successfully completed the TCP negotiation and you have a connection.
Now, what you do from there is up to you. You can simply disconnect with the knowledge that, yes, there is a service running on port 80, or you can use your knowledge of the HTTP protocol to retrieve the HTML source for web pages on the server.
How to Download Web Pages Via Telnet
To retrieve a web page for a server using telnet, you need to connect to that server on port 80, generally. Some servers may use a different port number, such as 8080, but most web servers run on port 80. The first thing you need to do is click on Terminal -> Preferences and make sure that there is a check in the Local Echo box. Then, since most web pages will generally take up more than a single screen, enable logging by clicking Terminal -> Start Logging... and select a location and filename. Keep in mind that as long as logging is on, and the same file is being logged to, all new information will be appended to the file, rather than overwriting the
original file. This is useful if you want to record several sessions, and edit out the extraneous information using Notepad.
Now, connect the remote host, and if your connection is successful, type in:
GET / HTTP/1.0
and hit enter twice.
**************************************************
NEWBIE NOTE: Make sure that you hit enter twice...this is part
of the HTTP protocol. The single / after GET tells the server
to return the default index file, which is generally "index.html".
However, you can enter other filenames, as well.
*************************************************
You should have seen a bunch of text scroll by on the screen. Now you can open the log file in Notepad, and you will see the HTML
code for the page, just as though you had chosen the View Source
option from your web browser. You will also get some additional
information...the headers for the file will contain some information
about the server. For example:
HTTP/1.0 200 Document follows
Date: Thu, 04 Jun 1998 14:46:46 GMT
Server: NCSA/1.5.2
Last-modified: Thu, 19 Feb 1998 17:44:13 GMT
Content-type: text/html
Content-length: 3196
One particularly interesting piece of information is the server
name. This refers to the web server software that is running
and serving web pages. You may see other names in this field,
such as versions of Microsoft IIS, Purveyor, WebSite, etc.
This will give you a clue as to the underlying operating system
running on the server.
*************************************************
This technique, used in conjunction with a
database of exploits on web servers, can be particularly annoying.
Make sure you keep up on exploits and the appropriate security
patches from your web server and operating system vendors.
*************************************************
*************************************************
NEWBIE NOTE: This technique of gathering web pages is perfectly legal. You aren't attempting to compromise the target system, you are simply doing by hand what your web browser does for you automatically. Of course, this technique will not load images and Java applets for you.
************************************************
Getting Finger Information Via Telnet
By now, you've probably heard or read a lot about finger. It doesn't seem like a very useful service, and many sysadmins disable the service because it provides information on a particular user, information an evil hacker can take advantage of. Win95 doesn't ship with a finger client, but NT does. You can download finger clients for Win95 from any number of software sites. But why do that when you have a readily available client in telnet?
The finger daemon or server runs on port 79, so connect to a remote host on that port. If the service is running, you will be presented with a blank screen.
****************************************************
NEWBIE NOTE: NT doesn't ship with a finger daemon (A daemon is a program on the remote computer which waits for people like you to connect to it), so generally speaking, and server that you find running finger will be a Unix box. I say "generally" because there are third-party finger daemons available and someone may want to run one on their NT computer.
****************************************************
The blank screen indicates that the finger daemon is waiting for input. If you have a particular user that you are interested in, type in the username and hit enter. A response will be provided, and the daemon will disconnect the client. If you don't know a particular username, you can start by simply hitting enter. In some cases, you may get a response such as "No one logged on." Or you may get information of all currently logged on users. It all depends on whether or not the sysadmin has chosen to enable certain features of the daemon. You can also try other names, such as "root", "daemon", "ftp", "bin", etc.
Another neat trick to try out is something that I have seen referred to as "finger forwarding". To try this out, you need two hosts that run finger. Connect to the first host, host1.com, and enter the username that you are interested in. Then go to the second host, and enter:
user@host1.com
You should see the same information! Again, this all depends upon
the configuration of the finger daemon.
Using Telnet from the Command Line
Now, if you want to show your friends that you a "real man" because "real men don't need no stinkin' GUIs", well just open up a DOS window and type:
c:\>telnet
and the program will automatically attempt to connect to the host
on the designated port for you.
Using Netcat
Let me start by giving a mighty big thanks to Weld Pond from L0pht for producing the netcat program for Windows NT. To get a copy of this program, which comes with source code, simply go to:
http://www.l0pht.com/~weld
NOTE: The first character of "l0pht: is the letter "l". The second character is a zero, not an "o".
I know that the program is supposed to run on NT, but I have
seen it run on Win95. It's a great little program that can be used
to do some of the same things as telnet. However, there are
advantages to using netcat...for one, it's a command-line program,
and it can be included in a batch file. In fact, you can automate
multiple calls to netcat in a batch file, saving the results to
a text file.
**************************************************
NEWBIE NOTE: For more information on batch files, see previous versions of the Guide To (mostly) Harmless Hacking, Getting Serious with Windows series ...one of them dealt with basic batch file programming.
**************************************************
Before using netcat, take a look at the readme.txt file provided in
the zipped archive you downloaded. It goes over the instructions
on how to download web pages using netcat, similar to what I
described earlier using telnet.
There are two ways to go about getting finger information using
netcat. The first is in interactive mode. Simply type:
c:\>nc 79
If the daemon is running, you won't get a command prompt back. If this is the case, type in the username and hit enter. Or use the automatic mode by first creating a text file containing the username of interest. For example, I typed:
c:\>edit root
and entered the username "root", without the quotes. Then from
the command prompt, type:
c:\>nc 79 < root
and the response will appear on your screen. You can save the
output to a file by adding the appropriate redirection operator
to the end of the file:
c:\>nc 79 < root > nc.log
to create the file nc.log, or:
c:\>nc 79 < root >> nc.log
to append the response to the end of nc.log. NOTE: Make sure
that you use spaces between the redirection operators.

How to Break into a Windows machine Connected to the Internet


Disclaimer
The intent of this file is NOT to provide a step-by-step guide to accessing a Win95 computer while it is connected to the Internet. The intent is show you how to protect yourself.

There are no special tools needed to access a remote Win machine...everything you need is right there on your Win system! Two methods will be described...the command-line approach and the GUI approach.

Protecting Yourself

First, the method of protecting yourself needs to be made perfectly clear. DON'T SHARE FILES!! I can't stress that enough. If you are a home user, and you are connecting a Win computer to the Internet via some dial-up method, disable sharing. If you must share, use a strong password...8 characters minimum, a mix of upper and lower case letters and numbers, change the password every now and again. If you need to transmit the
password to someone, do so over the phone or by written letter. To disable sharing, click on My Computer -> Control Panel -> Network -> File and Print Sharing. In the dialog box that appears, uncheck both boxes. It's that easy.

i know lame one

What Can They Do?


What can someone do? Well, lots of stuff, but it largely depends on what shares are available. If someone is able to share a printer from your machine, they can send you annoying letters and messages. This consumes time, your printer ink/toner, and your paper. If they are able to share a disk share, what they can do largely depends upon what's in that share. The share appears as another directory on the attacker's machine, so any programs they run will be consuming their own resources...memory, cpu cycles, etc. But if the attacker has read and write access to those disk shares, then you're in trouble. If you take work home, your files may be vulnerable. Initialization and configuration files can be searched for passwords. Files can be modified and deleted. A particularly nasty thing to do is adding a line to your autoexec.bat file so that the next time your computer is booted, the hard drive is formatted without any prompting from the user. Bad ju-ju, indeed.


** The command-line approach **


Okay, now for the part that should probably be titled "How they do it". All that is needed is the IP address of the remote machine. Now open up a DOS window, and at the command prompt, type:
c:\>nbtstat -A [ip_addr]
If the remote machine is connected to the Internet and the ports used for sharing are not blocked, you should see something like:
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
NAME <00> UNIQUE Registered
DOMAIN <00> GROUP Registered
NAME <03> UNIQUE Registered
USERNAME <03> UNIQUE Registered
MAC Address = 00-00-00-00-00-00
This machine name table shows the machine and domain names, a logged-on username, and the address of the Ethernet adapter (the information has been obfuscated for instructional purposes).
**Note: This machine, if unpatched and not protected with a firewall or packet-filter router, may be vulnerable to a range of denial of service attacks, which seem to be fairly popular, largely because they require no skill or knowledge to perpetrate.
The key piece of information that you are looking for is in the Type column. A machine that has sharing enabled will have a hex code of "<20>".
**Note: With the right tools, it is fairly simple for a sysadmin to write a batch file that combs a subnet or her entire network, looking for client machines with sharing enabled. This batch file can then be run at specific times...every day at 2:00 am, only on Friday evenings or weekends, etc.
If you find a machine with sharing enabled, the next thing to do is type the following command:
c:\>net view \\[ip_addr]
Now, your response may be varied. You may find that there are no shares on the list, or that there are several shares available. Choose which share you would like to connect to, and type the command:
c:\>net use g: \\[ip_addr]\[share_name]
You will likely get a response that the command was completed successfully. If that is the case, type:
c:\>cd g:
or which ever device name you decided to use. You can now view what exists on that share using the dir commands, etc.
Now, you may be presented with a password prompt when you ssue the above command. If that is the case, typical "hacker" (I shudder at that term) methods may be used.
** The GUI approach **
After issuing the nbtstat command, you can opt for the GUI approach to accessing the shares on that machine. To do so, make sure that you leave the DOS window open, or minimized...don't close it. Now, use Notepad to open this file:
c:\windows\lmhosts.sam
Read over the file, and then open create another file in Notepad, called simply "Lmhosts", without an extension. The file should contain the IP address of the host, the NetBIOS name of the host (from the nbtstat command), and #PRE, separated by tabs. Once you have added this information, save it, and minimize the window. In the DOS command window, type:
c:\>nbtstat -R
This command reloads the cache from the Lmhosts file you just created.
Now, click on Start -> Find -> Computer, and type in the NetBIOS name of the computer...the same one you added to the lmhosts file. If your attempt to connect to the machine is successful, you should be presented with a window containing the available shares. You may be presented with a password prompt window, but again, typical "hacker" (again, that term grates on me like fingernails on a chalk board, but today, it seems that it's all folks understand) techniques may be used to break the password.
************************************************
Want to try this stuff without winding up in jail or getting expelled from school? Get a friend to give you permission to try to break in.
First, you will need his or her IP address. Usually this will be different every time your friend logs on. You friend can learn his or her IP address by going to the DOS prompt while online and giving the command "netstat -r". Something like this should show up:
C:\WINDOWS>netstat -r
Route Table
Active Routes:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 198.999.176.84 198.999.176.84 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
198.999.176.0 255.255.255.0 198.999.176.84 198.999.176.84 1
198.999.176.84 255.255.255.255 127.0.0.1 127.0.0.1 1
198.999.176.255 255.255.255.255 198.999.176.84 198.999.176.84 1
224.0.0.0 224.0.0.0 198.999.176.84 198.999.176.84 1
255.255.255.255 255.255.255.255 198.999.176.84 0.0.0.0 1
Your friend's IP address should be under "Gateway Address." Ignore the 127.0.0.1 as this will show up for everyone and simply means "locahost" or "my own computer." If in doubt, break the Internet connection and then get online again. The number that changes is the IP address of your friend's computer.
***************************************************
**************************************************
tip: Here is something really scary. In your shell account give the "netstat" command. If your ISP allows you to use it, you might be able to get the dynamically assigned IP addresses of people from all over the world -- everyone who is browsing a Web site hosted by your ISP, everyone using ftp, spammers you might catch red-handed in the act of forging email on your ISP, guys up at 2AM playing on multiuser dungeons, IRC users, in fact you will see everyone who is connected to your ISP!
****************************************************
****************************************************
YOU CAN GO TO JAIL WARNING: If you find a Windows xp box on the Internet with file sharing enabled and no password protection, you can still get in big trouble for exploiting it. It's just like finding a house whose owner forgot to lock the door -- you still are in trouble if someone catches you inside. Tell temptation to take a hike!
****************************************************

Final Words
Please remember that this Guide is for instructional purposes only and is meant to educate the sysadmin and user alike. If someone uses this information to gain access to a system which they have no permission or business messing with, I cannot be responsible for the outcome. If you are intending to try this information out, do so with the consent and permission of a friend.
If there are questions, comments, or corrections, please feel free to Contact Me


CORE™

Enable Right Clicks on The Sites That Have Disabled it

Lots of web sites have disabled the right click function of the mouse button... it's really, really annoying. This is done so that you don't steal (via right-click->save picture) their photos or images or any other goodies. Unfortunately, it disables ALL right-click functionality: copy, paste, open in new window.

It's easy to change, assuming your using IE 6:
Click "Tools"->"Internet Options"
Click the "Security" tab
Click "Custom Level"
Scroll down to the "Scripting" section
Set "Active Scripting" to "disable"
Click "Ok" a couple of times.

You'll probably want to turn this back to "enable" when your done... 'cause generally the javascript enhances a website.
 

CORE™

Enable Right Clicks on The Sites That Have Disabled it

Lots of web sites have disabled the right click function of the mouse button... it's really, really annoying. This is done so that you don't steal (via right-click->save picture) their photos or images or any other goodies. Unfortunately, it disables ALL right-click functionality: copy, paste, open in new window.

It's easy to change, assuming your using IE 6:
Click "Tools"->"Internet Options"
Click the "Security" tab
Click "Custom Level"
Scroll down to the "Scripting" section
Set "Active Scripting" to "disable"
Click "Ok" a couple of times.

You'll probably want to turn this back to "enable" when your done... 'cause generally the javascript enhances a website.
 

CORE™

Change Yahoo Messenger Title Bar

Hey guys you can change the yahoo messenger title bar...
For this just find the folder messenger in the drive in which the messenger is installed. Then search a file named "ymsgr". In this file just go to the end and write the following code:
[APP TITLE]
CAPTION=Red Devil

Here you can write any name in place of Red Devil... then see the fun.... You can have your own name being placed in yahoo messenger title bar.
 

CORE™

Change Yahoo Messenger Title Bar

Hey guys you can change the yahoo messenger title bar...
For this just find the folder messenger in the drive in which the messenger is installed. Then search a file named "ymsgr". In this file just go to the end and write the following code:
[APP TITLE]
CAPTION=Red Devil

Here you can write any name in place of Red Devil... then see the fun.... You can have your own name being placed in yahoo messenger title bar.
 

CORE™

Wednesday, September 9, 2009

How To Make Keygens

How to make key generators?
-===========================-
Introduction
------------
I take no responsibility of the usage of this information.
This tutorial, is for educational knowledge ONLY.
Hi there, in this tutorial, I intend to teach you how to make a pretty
simple keygen, of a program called W3Filer 32 V1.1.3.
W3Filer is a pretty good web downloader...
I guess some of you might know the program.
I`ll assume you know:
A.How to use debugger (in this case, SoftIce).
B.How to crack, generally (finding protection routines,patching them,etc...).
C.How to use Disassembler (This knowledge can help).
D.Assembly.
E.How to code in Turbo Pascal (tm).
Tools you`ll need:
A.SoftIce 3.00/01 or newer.
B.WD32Asm. (Not a must).
C.The program W3Filer V1.13 (if not provided in this package), can be found in
www.windows95.com I believe.
D.Turbo Pascal (ANY version).
Well, enough blah blah, let's go cracking...
Run W3Filer 32.
A nag screen pops, and , demands registration (Hmm, this sux ;-)) Now,
We notice this program has some kind of serial number (Mine is 873977046),
Let's keep the serial in mind, I bet we`ll meet it again while we're on
the debugger.
Well, now, let's put your name and a dummy reg code...
set a BP on GetDlgItemTextA, and, press OK.
We pop inside GetDlgItemTextA, Lets find the registration routine...
I`ll save you the work, the registration routine is this:
:00404DB2 8D95A8FAFFFF lea edx, dword ptr [ebp+FFFFFAA8]
:00404DB8 52 push edx ---> Your user name here.
:00404DB9 E80B550000 call 0040A2C9 ---> Registration routine.
:00404DBE 83C408 add esp, 00000008 ---> Dunno exactly what is it.
:00404DC1 85C0 test eax, eax ---> Boolean identifier, 0 if
:00404DC3 7D17 jge 00404DDC ---> registration failed, 1 if
OK.
Well, Let's enter the CALL 40A2C9, and see what's inside it:
(Please read my comments in the code).
* Referenced by a CALL at Addresses:
|:00404DB9 , :00407F76
|
:0040A2C9 55 push ebp
:0040A2CA 8BEC mov ebp, esp
:0040A2CC 81C4B0FEFFFF add esp, FFFFFEB0
:0040A2D2 53 push ebx
:0040A2D3 56 push esi
:0040A2D4 57 push edi
:0040A2D5 8B5508 mov edx, dword ptr [ebp+08]
:0040A2D8 8DB500FFFFFF lea esi, dword ptr [ebp+FFFFFF00]
:0040A2DE 33C0 xor eax, eax
:0040A2E0 EB16 jmp 0040A2F8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A2FB(C)
|
:0040A2E2 0FBE0A movsx ecx, byte ptr [edx] ----> Here Starts the
interesting part.
:0040A2E5 83F920 cmp ecx, 00000020 ----> ECX is the the current
char in the user name, Hmm, 20h=' '...
:0040A2E8 740D je 0040A2F7 ----> Let's see,
:0040A2EA 8A0A mov cl, byte ptr [edx] ----> Generally, all this loop
does, is copying
the user name from
[EDX], to [ESI], WITHOUT the spaces!
(Keep this in mind! ).
:0040A2EC 880C06 mov byte ptr [esi+eax], cl
:0040A2EF 42 inc edx
:0040A2F0 40 inc eax
:0040A2F1 C6040600 mov byte ptr [esi+eax], 00
:0040A2F5 EB01 jmp 0040A2F8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A2E8(C)
|
:0040A2F7 42 inc edx
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040A2E0(U), :0040A2F5(U)
|
:0040A2F8 803A00 cmp byte ptr [edx], 00
:0040A2FB 75E5 jne 0040A2E2 ----------------> This is the loop , we got
what it does,
Let's continue tracing
the code...
:0040A2FD 56 push esi --------> The user name is pushed, in order
to
Upcase it's chars.
* Reference To: USER32.CharUpperA, Ord:0000h
|
:0040A2FE E80F330000 Call User!CharUpper ---> After this, our name is in
upper case.
:0040A303 56 push esi -----> Our name in upper case here.
* Reference To: cw3220mt._strlen, Ord:0000h
|
:0040A304 E86F300000 Call 0040D378 ---> This is the length of our name.
:0040A309 59 pop ecx
:0040A30A 8BC8 mov ecx, eax ---> ECX=Length.
:0040A30C 83F904 cmp ecx, 00000004 ---> Length>=4 (MUST).
:0040A30F 7D05 jge 0040A316 ---> Let's go to this address...
:0040A311 83C8FF or eax, FFFFFFFF
:0040A314 EB67 jmp 0040A37D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A30F(C)
|
:0040A316 33D2 xor edx, edx
:0040A318 33C0 xor eax, eax
:0040A31A 3BC8 cmp ecx, eax
:0040A31C 7E17 jle 0040A335 ---> (Not important, just another useless
checking).
===================================================================================
============ FROM HERE AND ON, THE IMPORTANT CODE, PAY ATTENTION ==================
===================================================================================
One thing before we continue, EDX = 00000000h as we enter to the next instructions.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A333(C)
|
:0040A31E 0FBE1C06 movsx ebx, byte ptr [esi+eax] ---> EBX <--- char in user
name, offset EAX.
:0040A322 C1E303 shl ebx, 03 -----> Hmm, it shl's the char by 03h...
(Remember that).
:0040A325 0FBE3C06 movsx edi, byte ptr [esi+eax] ---> Now EDI <--- Char in
user name , offset EAX.
:0040A329 0FAFF8 imul edi, eax -----> It multiplies the char by the
offset in user name! (Remember that).
:0040A32C 03DF add ebx, edi -----> Adds the result to EBX (That was
Shelled (Ding Dong =)).
:0040A32E 03D3 add edx, ebx -----> EDX=EDX+EBX!!! - This is the CORE
of this registration routine!!!
:0040A330 40 inc eax -----> Increase EAX by one (next char).
:0040A331 3BC8 cmp ecx, eax
:0040A333 7FE9 jg 0040A31E ----> If ECX
loop.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A31C(C)
|
:0040A335 A120674100 mov eax, dword ptr [00416720] ---> HMMMMMM, What's in
here?????
:0040A33A C1F803 sar eax, 03 ---------> WAIT! Please type in SIce '?
EAX'
Does this number in EAX look
familiar to us? ;-)
If you still don`t understand,
than, It's
our SERIAL NUMBER! (PLEASE, take
your time, and check by
yourself - don`t trust me!). OK,
so now we know,
That it SHR's EAX by 03 (SAR is
almost identical to SHR).
:0040A33D 03D0 add edx, eax ---------> Hmm, it adds the result from the
loop, the serial number shr'd by 03h
:0040A33F 52 push edx -------> Let's continue. (At this point, I
can tell you , the reg number, is
in EDX - only that the reg number
is in HEX --> That's how you enter it).
* Possible StringData Ref from Data Obj ->"%lx"
|
:0040A340 685EF54000 push 0040F55E
:0040A345 8D95B0FEFFFF lea edx, dword ptr [ebp+FFFFFEB0]
:0040A34B 52 push edx
* Reference To: USER32.wsprintfA, Ord:0000h
|
:0040A34C E8E5320000 Call 0040D636 -------> This one, does HEX2STR (Takes
the value from EDX, and turns it to an hex string).
:0040A351 83C40C add esp, 0000000C
:0040A354 8D8DB0FEFFFF lea ecx, dword ptr [ebp+FFFFFEB0] -----> type 'd ecx' -
THIS is the reg number! That's enough for us, the rest of
the code, is
just for comparing the correct reg code with ours.
:0040A35A 51 push ecx
* Reference To: USER32.CharLowerA, Ord:0000h
|
:0040A35B E8B8320000 Call 0040D618
:0040A360 8D85B0FEFFFF lea eax, dword ptr [ebp+FFFFFEB0]
:0040A366 50 push eax
:0040A367 FF750C push [ebp+0C]
* Reference To: cw3220mt._strcmp, Ord:0000h
|
:0040A36A E875300000 Call 0040D3E4
:0040A36F 83C408 add esp, 00000008
:0040A372 85C0 test eax, eax
:0040A374 7405 je 0040A37B
:0040A376 83C8FF or eax, FFFFFFFF
:0040A379 EB02 jmp 0040A37D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A374(C)
|
:0040A37B 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040A314(U), :0040A379(U)
|
:0040A37D 5F pop edi
:0040A37E 5E pop esi
:0040A37F 5B pop ebx
:0040A380 8BE5 mov esp, ebp
:0040A382 5D pop ebp
:0040A383 C3 ret
Making the actual Keygen
~~~~~~~~~~~~~~~~~~~~~~~~
Now, after I've explained how does the program calculate the registration
code, you can either write your own keymaker, without looking at my code, or
look at my code (in Turbo Pascal - sorry for all you C lovers ;-) Next time).
That's it, here's the source of my keygen:
------------------- Cut here ---------------------------------------------
Program W3FilerKeygen;
var
Key,SerialNum,EB,ED,digit:Longint;
I,x:Byte;
Name,KeyHex:String;
begin
Writeln(' W3Filer32 V1.1.3 Keymaker');
writeln('Cracked by ^pain^ ''97 / Rebels!');
Write('Your Name:'); { Read the name }
readln(Name);
Write('Serial Number:');
readln(SerialNum); {Yes, we need the serial number for the calculation!}
Key:=0;
x:=0;
For I:=1 to length(Name) do
begin
Name[I]:=upcase(Name[i]);
If Name[I]<>' ' then begin
eb:=ord(Name[I]) shl 3; {EB = Name[I] Shl 03h}
Ed:=ord(Name[I]); {ED = Name[I]}
ed:=ed*(x); {ED=ED*Offset}
inc(x);
eb:=eb+ed; {Add ED to EB}
Key:=Key+EB; {Add EB to KEY}
end;
end;
Key:=Key+(SerialNum shr 3); { Add SerialNum shr 03h to Key}
{ From here, this is just HEX2STRING --> I`m quite sure it's
Self explaintory, else - go and learn number bases again! ;-)}
KeyHex:='';
repeat
digit:=Key mod 16;
key:=key div 16;
If digit<10 then KeyHex:=Chr(Digit+ord('0'))+KeyHex;
If digit>10 then KeyHex:=Chr(Digit-10+ord('a'))+KeyHex;
until key=0;
writeln('Your Key:',KeyHex);
writeln(' Enjoy!');
end.



CORE™


Related Posts with Thumbnails
 

Featured

Widget by Blog Godown

Popular

Center of Reverse Engineering™ Copyright © 2009 Premium Blogger Dashboard Designed by SAER

ss_blog_claim=982832c1e8ace00c1392e8b9a7a4bbfd ss_blog_claim=982832c1e8ace00c1392e8b9a7a4bbfd