It's not called H A C K I N G -------------------------------------->>> It's EXTENDED ACCESS

What is a Woman: By Olga Lednichenko: Something every thinking guy should know

2008-09-06T20:42:00.001+05:30

http://olgalednichenko.wordpress.com/2008/08/28/olga-math-what-is-a-woman-every-man-should-read-by-olga-lednichenko/

Please visist Olga Lednichenko's Blog: You will get an education on more than many things : and Its by Olga Lednichenko; Russian Israeli Blogger

2008-09-06T20:39:00.004+05:30

Check this out: http://olgalednichenko.wordpress.com/new-photos/

Archive for the 'LEADERHSIP' Category

Left brain or Right brain? What do you drive? by Olga Lednichenko

• September 5, 2008 • No Comments (Edit)

Posted in Career Advise, General Management, Human Psychology, LEADERHSIP, Life Lessons, Life's Musings, MBA Admissions, Olga Lednichenko, management, relationships
Tags: Olga Lednichenko, Life decisions, glory-at-newmail-ru-listening, Left Brain, Right Brain, Left brain versus Right Brain, Thinking, Axons, Decision making

Olga Math: What is Freedom. What is Liberty. By Olga Lednichenko

• September 5, 2008 • No Comments (Edit)

Posted in Buddhism and Eastern Stuff, Human Psychology, LEADERHSIP, Life Lessons, MBA Admissions, Message and Signalling, Olga Lednichenko, Psychology versus Philosophy

Alchemy Exchange liked my defintions on Strategy. Marketing. Leaderhip etc: asked me if I could define what is a Coach: Come on guys help me : By Olga Lednichenko

• September 4, 2008 • 2 Comments (Edit)

Posted in General Management, Human Psychology, International, LEADERHSIP, Life Lessons, MBA Admissions, Olga Lednichenko, management
Tags: Coaching, Executive Coaching, Leadership, Leadership Skills, Leadership versus Strategy Olga Lednichenko Blogger, management, Olga Hiafa Blogger, values and ethics

Strategy.Marketing. Operations. Management. Leadership: Defined -in simple to understand terms: By Olga Lednichenko

• September 3, 2008 • 4 Comments (Edit)

Posted in General Management, Haifa and Nesher, LEADERHSIP, MBA Admissions, Marketing, Olga Lednichenko, STARTEGY, Writing and Editing, management
Tags: Olga Lednichenko, olga-haifa-blogger, Marketing, Leadership, Change Management, Strategy, Business-blog, Manager's Guidelines, Marketing Strategy, Leadership Skills, Operations, General Management, Cute - Olga, Marketing versus Strategy, leadership versus Strategy

Olga Lednichenko: Lessons in Math : Funny. Informative. Yet Phiolophical and Great:

2008-09-06T20:36:00.002+05:30

And boy is she Gorgeous: click here: http://olgalednichenko.wordpress.com/?s=math

Olga Lednichenko has a Kick ass Blog On Security and Hacking :

2008-09-06T19:41:00.004+05:30

Click here: http://olgalednichenko.wordpress.com/2008/09/06/a-basic-approach-attacking-a-remote-computer-by-guest-editor-olga-lednichenko/

2007-06-04T18:19:00.000+05:30

THIS SITE WILL REMAIN UNAVAILABLE FOR FEW WEEKS!!!!!!!!!

PLZ DO NOT MAIL TO ANY OF THE EMAIL ID'S

TNX....

KEYWORDS

2007-05-25T12:16:00.000+05:30

HACKING E BOOKS, PORT SCANNING, KEY LOGGER, E-MAIL PASSWORD HACKING, NETBUS, OPHCRACK, LC5, BRUTUS AET2, REGEDIT, REGISTRY EDITOR, LCP, MASTER CREDIT CARD GENERATOR, CAIN & ABEL

WIRESHARK

2007-05-25T12:06:00.000+05:30

Wireshark (Known as Ethereal) is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, and Linux. It is freely available as open source.

It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).

NETBUS

2007-04-24T17:30:00.000+05:30

NetBus is a program used to control microsoft windows computer systems over a network. (what we say as "Breaking into Computer System")

There are two components in this program a client and a server. The server must be installed and run on the computer that should be remotely controlled.

The client program allows the hacker to control the target system. Some of its features includes-

1). Keystroke Logging.

2). Capturing Screen Shots.

3). Shutting down the system, etc...

It is recognized by most of the anti virus programs......

OPHCRACK

2007-04-24T17:00:00.000+05:30

Ophcrack is an open source program that cracks Windows password (LM HASHES) using rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

It recovers 99.9% of alphanumeric passwords in seconds.

LC 5

2007-04-24T16:01:00.000+05:30

LC 5 supports most password-cracking methods and comes in four versions (professional, administrator, site, and consultant—available features vary depending on version).

LC 5 includes a remote agent that lets you centrally manage audits of multiple cross-domain computers and gather all account information at one location. After completing an audit, you can review risk scores, audit method, and character-set or password-length distribution. LC 5 also lets you disable accounts or force users to reset weak passwords.

HACKING TEST 17

2007-04-24T15:39:00.000+05:30

Reverse Engineering Contd………

How to Clear Hacking Test 5?

Steps…..

1).Open the file in OllyDbg.

2).This program has an option to execute one line at a time (shortcut F8).

3).Keep on pressing F8 and at the same time keep an eye on all the 5 windows (upper left, upper center, upper right, lower left and lower right). Whenever you’ll press F8 you will see some changes in all these 5 windows.

4). Keep on pressing F8 until you reach the following instruction “CMP EAX, -1” followed by “JNZ Short 0040109A”.

What’s happening here?

Here Value in EAX is compared with -1 i.e. FFFFFFFF and if the result is Zero then the JNZ (Jump if not Zero) instruction will not result in a jump and the instruction following JNZ will be executed.

Check out the value stored in the EAX registers (See just above the lower left window), its FFFFFFFF.

So the Jump will not take place and hence the next instruction will get executed which will inevitably take you to “Evaluation period out of date, purchase new license”.

So we need to somehow skip this instruction.

Check out the upper right window, here you can see the flags which are set when the jump instruction is executed. Currently the value of Z flag is 1 so if we change this value to zero then the JNZ instruction will result in a jump (double click on it, the value will be changed to zero).

So, this way we were able to skip this first barrier. Check out the program you’ll find three more of them.

5).Keep on pressing F8 until you reach the following instruction “JNZ SHORT 004010B4” followed by “JMP SHORT 004010F7”.

What’s happening here?

Here you can see that if JNZ instruction will not make a jump then JMP instruction will make a jump to 004010F7 which will inevitably take you to “Keyfile is not valid, Sorry”.

So here again you have to perform the same step just change the value of Z flag from 1 to zero.

So, this way we were again able to skip the second barrier.

6).Keep on pressing F8 until you reach the following instruction “JL SHORT 004010F7”.

What’s happening here?

Here you can see that there is no JNZ instruction but the JL instruction is again making the jump to 004010F7 which will inevitably take you to “Keyfile is not valid, Sorry”.

So here again you have to perform the same step but with a twist just change the value of S flag from 1 to zero. Since, this is the flag which gets affected when the JL instruction is executed.

So this way we were again able to skip the third barrier.

The next jump instruction i.e. JE SHORT 004010D3 is not taking us to any barrier so don’t change any value, and keep on pressing F8, but again we reach the instruction JL SHORT 004010F7 which will again take us to “Keyfile is not valid, Sorry”, but if we are able to skip this instruction then the next jump is to the address 00401205 which stores the value “You really did it! Congratz !!!”.

So all we need to do is just set the S flag to zero and we will reach our destination.

Finalizing the patch-

……………will continue

SUPER SCAN v 4.0

2007-04-24T15:30:00.000+05:30

A Powerful TCP port scanner, pinger, resolver. Here are some of the features in this version-

Superior scanning speed

Support for unlimited IP ranges

Improved host detection using multiple ICMP methods

TCP SYN scanning

UDP scanning (two methods)

IP address import supporting ranges and CIDR formats

Simple HTML report generation

Source port scanning

Fast hostname resolving

Extensive banner grabbing

Massive built-in port list description database

IP and port scan order randomization

A selection of useful tools (ping, traceroute, Whois etc)

Extensive Windows host enumeration capability

HACKING LESSON 18

2007-04-24T15:26:00.000+05:30

Finalizing the patch-

In order to finalize the patch and make an executable running file we need to perform the following steps –
Repeat all the steps that we perform earlier but this time we have to change the instruction instead of flags.

1). Keep on pressing F8 until you reach the following instruction “CMP EAX, -1” followed by “JNZ Short 0040109A”.

Double click on “JNZ Short 0040109A”, a window will open. Remember, here we need to perform the jump in order to bypass the barrier so change JNZ to JMP, and click on assemble, rest remains the same.

2). Keep on pressing F8 until you reach the following instruction “JNZ SHORT 004010B4” followed by “JMP SHORT 004010F7”.

Double click on “JNZ Short 004010B4”, a window will open. Here also we need to perform the jump in order to bypass the barrier so change JNZ to JMP, and click on assemble, rest remains the same.

3).Keep on pressing F8 until you reach the following instruction “JL SHORT 004010F7”.

Double click on “JL Short 004010F7”, a window will open. Remember, here we do not need to jump because it will jump directly to the barrier so we need to skip this instruction. Change “JL Short 004010F7” to NOP, click on assemble, rest remains the same.

4).Keep on pressing F8 until you again reach the following instruction “JL SHORT 004010F7”.

Repeat step number 3.

Now all the four patches have been applied, next we need to save these patches and create an executable file.

1).Select the code from where you started applying patches i.e. from the opcode “00401073” to “004010D0”.

2).Right click on the selection and select copy to executable > selection.

3).A new window will open, again right click inside the window and select save file. Make sure it is saved as an executable file.

4). Now click on the new file.

The file is cracked.

2007-04-24T14:08:00.000+05:30

2007-04-24T14:04:00.000+05:30

2007-04-24T14:02:00.000+05:30

2007-04-24T14:00:00.000+05:30

S O L

2007-04-23T18:14:00.000+05:30

This is a new section of our blog where you can just post your query related to anything-----

-Software
-Crack
-Hack, etc.

in the comments field and we will try to answer it within the next 24 hrs.

The format for Posting Query -

Query -
Your Email Id -

Basics Of Assembler

2007-04-23T17:03:00.000+05:30

Pieces, bits and bytes:

BIT - The smallest possible piece of data. It can be either a 0 or a 1. If you put a bunch of bits together, you end up in the 'binary number system'

i.e. 00000001 = 1 00000010 = 2 00000011 = 3 etc.

BYTE - A byte consists of 8 bits. It can have a maximal value of 255 (0-255). To make it easier to read binary numbers, we use the 'hexadecimal number system'. It's a 'base-16 system', while binary is a 'base-2 system'

WORD - A word is just 2 bytes put together or 16 bits. A word can have a maximal value of 0FFFFh (or 65535d).

DOUBLE WORD - A double word is 2 words together or 32 bits. Max value = 0FFFFFFFF (or 4294967295d).

KILOBYTE - 1000 bytes? No, a kilobyte does NOT equal 1000 bytes! Actually, there are 1024 (32*32) bytes.

MEGABYTE - Again, not just 1 million bytes, but 1024*1024 or 1,048,578 bytes.

REGISTERS:

Registers are “special places” in your computer's memory where we can store data. You can see a register as a little box, wherein we can store something: a name, a number, a sentence.

EAX: Extended Accumulator Register
EBX: Extended Base Register
ECX: Extended Counter Register
EDX: Extended Data Register
ESI: Extended Source Index
EDI: Extended Destination Index
EBP: Extended Base Pointer
ESP: Extended Stack Pointer
EIP: Extended Instruction Pointer

Generally the size of the registers is 32bit (=4 bytes). They can hold data from 0-FFFFFFFF (unsigned). In the beginning most registers had certain main functions which the names imply, like ECX = Counter, but in these days you can - nearly - use whichever register you like for a counter or stuff (only the self defined ones, there are counter-functions which need to be used with ECX). The functions of EAX, EBX, ECX, EDX, ESI and EDI will be explained when I explain certain functions that use those registers. So, there are EBP, ESP, EIP left:

EBP: EBP has mostly to do with stack and stack frames. Nothing you really need to worry about, when you start.
ESP: ESP points to the stack of a current process. The stack is the place where data can be stored for later use (for more information, see the explanation of the push/pop instructions)
EIP: EIP always points to the next instruction that is to be executed.

There's one more thing you have to know about registers: although they are all 32bits large, some parts of them (16bit or even 8bit) can not be addressed directly. So, EAX is the name of the 32bit register, AX is the name of the "Low Word" (16bit) of EAX and AL/AH (8bit) are the “names” of the "Low Part" and “High Part” of AX. BTW, 4 bytes is 1 DWORD, 2 bytes is 1 WORD.

The FLAGS:

Z-Flag: It is the most useful flag for cracking. It is used in about 90% of all cases. It can be set (status: 1) or cleared (status: 0) by several opcodes when the last instruction that was performed has 0 as result. You might wonder why "CMP" (more on this later) could set the zero flag, because it compares something - how can the result of the comparison be 0? The answer on this comes later ;)

O-Flag: It is used in about 4% of all cracking attempts. It is set (status: 1) when the last operation changed the highest bit of the register that gets the result of an operation. For example: EAX holds the value 7FFFFFFF. If you use an operation now, which increases EAX by 1 the O-Flag would be set, because the operation changed the highest bit of EAX (which is not set in 7FFFFFFF, but set in 80000000 - use calc.exe to convert hexadecimal values to binary values). Another need for the O-Flag to be set, is that the value of the destination register is neither 0 before the instruction nor after it.

C-Flag: It is used in about 1% of all cracking attempts. It is set, if you add a value to a register, so that it gets bigger than FFFFFFFF or if you subtract a value, so that the register value gets smaller than 0.

The STACK:

The Stack is a part in memory where you can store different things for later use. See t as a pile of books in a chest where the last put in is the first to grab out. Or imagine the stack as a paper basket where you put in sheets. The basket is the stack and a sheet is a memory address (indicated by the stack pointer) in that stack segment. Remember following rule: the last sheet of paper you put in the stack, is the first one you'll take out! The command 'push' saves the contents of a register onto the stack. The command 'pop' grabs the last saved contents of a register from the stack and puts it in a specific register.

INSTRUCTIONS (alphabetical)

Most instructions have two operators (like "add EAX, EBX"), but some have one ("not EAX") or even three ("IMUL EAX, EDX, 64"). When you have an instruction that says something with "DWORD PTR [XXX]" then the DWORD (4 byte) value at memory offset [XXX] is meant. Note that the bytes are saved in reverse order in the memory (WinTel CPUs use the so called “Little Endian” format. The same is for "WORD PTR [XXX]" (2 byte) and "BYTE PTR [XXX]" (1 byte).

--------------------------------------------------------------------------------------------

These are the Basics, for detail reading anyone can contact the blog for material at hackinme@gmail.com

hping

2007-04-23T14:47:00.000+05:30

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

While hping was mainly used as a security tool in the past, it can be used in many ways by people that don't care about security to test networks and hosts. A subset of the stuff you can do using hping:

Firewall testing
Advanced port scanning
Network testing, using different protocols, TOS, fragmentation
Manual path MTU discovery
Advanced traceroute, under all the supported protocols
Remote OS fingerprinting
Remote uptime guessing
TCP/IP stacks auditing
hping can also be useful to students that are learning TCP/IP.

Hping works on the following unix-like systems: Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, Windows.

BRUTUS AET2 PASSWORD CRACKER

2007-04-20T00:20:00.000+05:30

Brutus is one of the fastest and most flexible remote password crackers available for Windows 9x, NT and 2000, there is no UNIX version available. More specifically it is a remote interactive authentication agent. Brutus is used to recover valid access tokens (usually a username and password) for a given target system. Examples of a supported target system might be an FTP server, a password protected web page, a router console a POP3 server etc.

THC-Hydra >>> Network Login Hacking Tool

2007-04-18T00:27:00.000+05:30

Hydra is a software project developed by "The Hacker's Choice" (THC) that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different service.

Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that; it is flexible and very fast.

Currently this tool supports:

TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS,
ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2,
Cisco AAA (incorporated in telnet module).

LCP

2007-04-16T00:07:00.000+05:30

LCP program is used for auditing and recovering user account passwords in Windows NT/2000/XP/2003. Some other functions include Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing, etc.

Windows NT / 2000 / XP / 2003 operating systems keeps their password into an encrypted form called "hashes". Passwords cannot be retrieved directly from hashes. To recover passwords it is necessary to compute hashes by possible passwords & compare them to existing hashes. Password auditing includes check of possible ways to retrieve user accounts information.

MASTER CREDIT CARD GENERATOR

2007-04-14T00:06:00.000+05:30

By using a program such as Master Credit Card Generator, hackers could create fictitious credit card numbers to help them set up Internet accounts through online services. Once the online service verified that the credit card number wasn't valid, they would shut down the hacker's account, but with the aid of a few dozen more credit card numbers, hackers could simply create new accounts over and over again.

NMAP

2007-04-12T12:37:00.000+05:30

Considered one of the best scanning tools for probing a system, Nmap incorporates almost every scanning technique known into one single program. Depending on the scanning option you use, Nmap can offer you speed or stealth (to prevent a target computer from knowing it's being probed) using a variety of different protocols (ICMP, UDP, TCP, etc.). You can safely assume that given enough time, Nmap can find an opening in practically any computer.

Nmap runs on UNIX-based operating systems such as Linux and comes with full C/C++ source code that you can study and modify. Nmap is the most powerful scanning tool available to both system administrators and hackers.

HACKING TEST 5

2007-04-11T17:30:00.000+05:30

Since most of the people didn't get what we were trying to do in Hacking Test 4....here is another variant of it....

The process remains the same however the test file and software changes.......

Download the file test5 from following address....

http://www.esnips.com/doc/b7c7760f-8050-4db2-8b35-d4abbc7a5bb2/Test5

Change the file extension to .exe

Open it - you'll see something like this "Evaluation period out of date, purchase new version"

Next - Download "OllyDbg version 1.10"

Read about software functions using inbuilt help menu......
Also read the following topic "Basics of Assembler" posted on the blog........

What is the test?

You have to edit the program using disassembler. After successful editing (cracking) the output of the program changes to "you really did it!! congratz!!"

HACKING TEST 4

2007-04-11T17:00:00.000+05:30

All u need to do is just download the file TEST from -

http://www.esnips.com/doc/72e0692a-e3ea-465e-91bc-113fc8f82adb/Test

After downloading, rename it as test.exe

What is the Test?

Tell us the password of the file. Also, you have to tell the procedure i.e. how did you break it?

Send the solution to - hackinme@gmail.com

Hint: Read Lesson 9 & 10.
Software Required : A Hex Editor.

Best Of luck!!!!!!!

Those who are interested in further reading can contact the blog for material.......
hackinme@gmail.com

HACKING TEST 3

2007-04-11T16:13:00.000+05:30

This one is pretty simple..................

All you need to do is just read LESSON 8 and tell me the procedure by which you can copy the main SAM file from c:\windows\system32\config folder.......

Just write down the procedure and send it to hackinme@gmail.com

Whoever will tell the procedure will move to the next level of the test.....

BEST OF LUCK!!!

HACKING TEST 2

2007-04-11T00:05:00.000+05:30

Check your skills on Chapter Five & Six---------

Make sure you perform every step with caution; a single mistake can crash your system.

Steps:

You have to download a file named “gatekeeper.rar” from the following site-

http://www.esnips.com/doc/331bd453-a377-4154-82ae-f8c5313e0074/gatekeeper

It’s a .rar file so first extract it……….you will see a file gatekeeper.exe in the folder, when you click on it, it will ask whether you accept the terms and condition……once you accept the terms and condition it will ask you to enter a password (two times).

You have to enter the following password – hacking

Once the password is entered, the software is ready to use……now you can lock any folder in your system………………….DONT DO IT……since this software was made years ago so it will not work on Windows XP (will only work on windows 98 and earlier version).

What is the test?

Now you have to search the registry for this software, find it and recover the password in binary form (as this is the form in which it is stored in the registry).

Once you have the password you have to send it to hackinme@gmail.com

Reward: Whoever will crack the password without any further clue will get a cool software.

HACKING TEST 1

2007-04-10T21:34:00.000+05:30

Test your skills on LESSON 1.......

For all those who have read lesson 1....here's a simple way to check how much they understood.

Process-

1).You have to download an excel file (Named - Test) from the following site-

http://www.esnips.com/doc/18dd13cd-8d4e-48e9-b7e6-4b1d15105601/TEST

2).The file is password protected and to make it a little bit difficult i have set an alphanumeric password.

3).What is required?

-You have to find an excel file password cracker on the net.
-Crack the password.
-Send it to hackinme@gmail.com

4).Since it would be difficult for a new learner to find the full version of the software, i have set the password length which can be cracked by a demo version of any password cracker.

REWARD-

Who ever will crack the password will get to learn the way to crack any length password of any type.

Your time starts now....................

OBIWAN - WEB SERVER BRUTE FORCING

2007-04-10T00:35:00.000+05:30

ObiWan is written to check Webserver. The idea behind this is: Webserver with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. In fact this is the point to start from. Every user with a HTTP connection to a host with basic authentication can try username-password combinations as long as he/she like it.

MESSENGER PASSWORD CRACKER GOES PUBLIC

2007-04-08T01:03:00.000+05:30

This Trojan targets MSN's user and the hacking is done in real time i.e. face to face - i mean while you are chatting with someone on a messenger. This Trojan has been made public by “Our Godfather” - just a name - on the Bit Torrent network. And the worst part is that hundreds of people have already installed it.

So from now onwards be a little bit more careful while chatting with an unknown person on messenger.

YOU too CAN Become a VICTIM OF TROJAN.......

TRUTH BEHIND EMAIL PASSWORD HACKING (Lesson 7)

2007-04-07T14:11:00.000+05:30

The basic reason behind writing this article is to make a new comer in this field aware of certain facts and lies.

The very favourite question of every novice – “How can I hack password of Yahoo, Hotmail, Gmail, etc” or should I say that this is the question why most people choose hacking as a hobby?

What’s a general perception about email password hacking?

I have a username now I want to hack his/her password. What I need is a software in which I feed / input the username and the software will take care of the rest (i.e. checking different permutation and combination of passwords – BRUTE FORCE ATTACK) and give me the right password as an output.

Great!!!!!!!! Such software exists in an IDEAL world, not REAL.

Dear Friends, have you ever gave this fact a thought that when you enter a wrong password three consecutive times you are asked to input the letters shown in a picture, and if you again input the wrong password a certain number of times then the account is closed temporarily for about half hour.

So forget about the software which can check for different permutations and combinations because it has to perform certain extra steps mentioned in the above paragraph, which are very hard (almost impossible) to implement.

So does it mean that it’s impossible to crack an email account password?

Well I’d say impossible is an inappropriate word in the above statement, because in hacking nothing is impossible because nothing is perfect.

TRUTH

Every time a software is created, the beta version is launched first to check the flaws in it (In Hacking These Flaws Are Called DOORS). Those which are discovered are closed, but most of the times some doors are left open intentionally or by mistake. So a hacker’s job is to find out these doors and exploit it to solve his purpose.

E.g.: Years ago one open door was found by a hacker in hotmail.

Process: You write a java script (hardly a 2 - 3 line code) in the message field and send it to your target. When your target opens the message the java script is executed and a page is displayed on the targets computer saying “you have been logged out of hotmail please re enter your password and username” (a proxy site) once your target enters the required information it is sent back to you. Pretty Simple!!!!!!!!!

But this method became so popular that hotmail got hold of it and the door was closed.

Another popular method these days is of a Trojan which is used to hack the password of yahoo messenger. The process is quite similar to above. You install a software on your system known as Magic PS 1.5. This software sends the same message to your target (while you are chatting to him / her) that you have been logged out kindly re-enter your username and password. Once your target enters the required information it is sent back to you. Simple Again!!!!!!!!!

So are these the only available ways through which you can hack somebody’s password?

Nobody can guarantee that some other ways do not exist but ITS CERTAINLY NOT A BRUTE FORCE ATTACK.

Important: If somebody says that he knows a way to hack an email password…….please do not send your email address to him/her.

HACKING INTO COMPUTER SYSTEM ON LAN (Lesson 8)

2007-04-07T14:00:00.000+05:30

For Cracker -
In this topic we will se that how we can get access to different user accounts on Local Area Network running Windows 98 / Windows XP.
Here we will discuss the simplest method to crack password i.e. the software way.

You need to have the following software’s –

1). Caine & Abel for Windows 98
2). LC5 for Windows XP

How to use these software’s?

SCENARIO - A LAN in which every system (not necessarily) is running on Windows 98.

Now in order to use the LAN features every user must have a Login Username and Password.

Whenever a user creates an account or enters his username and password (for login purpose) the value is stored or compared from a “PWL” file respectively. This file is saved in c:\windows directory and is easily accessible to every user on the LAN. E.g.: I am a user and my login name is “crack”, so the format or name of the pwl file will be “crack.pwl”.

So all you need to do is copy this pwl file on a floppy, cd, pen drive, or any other medium you desire.

Now open this pwl file in Caine & Abel and run the attack (dictionary or brute force). Depending upon the password length the software will take its time to break the code.

Never run this software on a slow machine as it would take weeks to crack a single password.

In Windows XP the case is little bit difficult. The password is stored in SAM file. There are three copies of SAM file in XP – One in Windows\system32\config, another in Windows\repair and the last one is stored in windows registry.

You will not be able to see or copy these files or values while Windows is running.

So Boot your system using a bootable disk i.e. in dos mode and copy the file.

Once you have the SAM file open it in LC5 and it will take care of the rest.

Another possible way is – Just install LC5 on the target system and it will tell u all the usernames and password stored in that particular system. But it’s not feasible because LC5 can also take days to crack a single password (depending upon the password length).

FOR USER –

In order to safe guard your account all you need to do is just set a lengthy password containing alphabets, numbers and one special character i.e. @#%^*&(*().

And kindly change your password on a periodic basis.

HACKING LESSON 9

2007-04-07T13:00:00.000+05:30

Creating / Generating Software Keys / Serial Numbers

The main aim of this chapter is to clear some basic concepts of using Disassembler i.e. how a cracker generates the registration key or Serial number of a software.

Below is the C program which perform the following function –

1).Prompt for a password

2).Display the comparison.

3).Matches the password character by character.

#include stdio.h
#include string.h
#define PASSWORD_SIZE 100
#define PASSWORD "password\n"

int main ()
int count=0;
char buff [PASSWORD_SIZE];
for (;;)
printf ("Enter password:");
fgets (&buff [0], PASSWORD_SIZE,stdin);
if (strcmp (&buff [0], PASSWORD))
printf ("Wrong password\n");
else break;
if (++count>3) return -1;
}
printf ("Password OK\n");
}

Important: This code is not written by me so i cannot guarantee whether it'll work or not.

HACKING LESSON 10 - 4th MAY 2007

2007-04-07T12:30:00.000+05:30

In the last chapter we saw that how a protection mechanism is created, which was demonstrated using a very simple c program which ask user to input a password and if the password matches the correct value it displays a message “Password OK”.

Now we will see how to crack that password.

Note: This chapter only covers the basic i.e. how these things are done; we do not guarantee that it will work on every program. However, the process remains the same.

What we are trying to do here is called Reverse Engineering. Though we cannot generate the source code from the executable file but we can have an idea what the source code looks like.

There are lots of software’s available which can generate the binary code and assembly instructions from the executable file. Therefore, if the reference password is stored in the program itself (like the one which we created) and is not converted to some other form then it can easily be tracked just by looking at the binary code of the file.

SOFTWARE’S

1). A HEX EDITOR: A hex editor is a computer program that allows a user to edit compiled programs and binary data-files. Hex editors most often present data in hexadecimal format, because it is easier and also because computers tend to work with 8-bit bytes of information. In short, these programs are able to edit the executable files.

2). A DISASSEMBLER: This program can convert the executable file into assembly language. In Short, these programs can help you understand that how a program is working which is necessary to change the way it is working. E.g. if the program will run only after providing the correct password, then by using a Disassembler its function can be changed to accept every password as the correct password.

In order to work with a Disassembler a person needs to have a good understanding of all the assembly language instructions such as JMP, PUSH, POP, etc.

Try Hacking Test 4 in order to know how these software’s are used.

HACKING LESSON 11

2007-04-07T12:10:00.000+05:30

PASSWORD CRACKING USING RAINBOW TABLE

In order to work with rainbow tables and rainbow crack we must first understand the following keywords-

1). LOOKUP TABLE – A lookup table is usually an array which is used to replace a runtime operation (in our case – a real time password cracking) with a simpler LOOKUP operation. This way we can achieve great speed at the cost of memory.

The idea is to pre-calculate hashes of all possible passwords and store them in a table in the memory. These tables are called Rainbow Tables.

The pre computation of hashes takes a long time, but once it is done, this type of password cracking is hundreds of time faster than the traditional Brute Force Attack.

2). SPACE – MEMORY TRADE OFF - It is a situation where the memory use can be reduced at the cost of slower program execution, or vice versa, the computation time can be reduced at the cost of increased memory use

A Classic Example - A space-time tradeoff can be applied to the simple problem of data storage. If data is stored uncompressed, it takes more space but less time than if the data were stored compressed (since compressing the data reduces the amount of space it takes, but it takes time to run the compression algorithm). Depending on the particular instance of the problem, either way is practical.

How to generate a Rainbow Table?

Search for a program called rainbow crack.

Warning: Rainbow tables are very large, can take GB’s of system space.

Definition of Rainbow Crack – Rainbow Crack tool is a hash cracker. A traditional brute force cracker tries all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

HACKING LESSON 13

2007-04-07T01:04:00.000+05:30

THE TROJAN “HORSE”

Trojan’s are the most dangerous of all types of attacks.

What are Trojans?

Trojans are small programs through which the hacker gain control over your system. Although, most of the Trojans are detected by anti virus programs but the frequency with which these programs are written is far more than the anti virus updating system.

Some common features with Trojans are as follows:

• Capturing screenshots of your computer.

• Recording key strokes and sending files to the hacker

• Giving full Access to all your drives and files.

• Ability to use your computer to do other hacking related activities.

Every Trojan has two parts a Client and a Server. In order to gain access, the server file must be installed in the target computer.

How this is done?

Initially this was done using a simple email. The hacker will send you an email with some sort of attachment (the Server File). The matter of that mail will make you open that attachment, when you double click on it you will see nothing but in the background the server file gets installed on your system.

Now, all the hacker has to do is just use the client file to connect to your system.

But this method became so popular that the hacker has to search for some other technique to achieve the above objective.

How many of you have played small computer games such as “shooting bird”, “catching butterflies”, “slapping some face”, etc

Now, in this technique the hacker joins two exe files into a single file i.e. the server file + the game file.

In this case when you open the attachment you will see the game but at the same time the server also gets installed on your system.

This is just one way; there are many other ways to achieve this objective. So always be careful whenever you are opening an unknown attachment, or while visiting unsafe websites, while chatting, etc.

A very famous Trojan Example is NETBUS; the details are posted in “Tool of the Day” section.

HACKING LESSON 14

2007-04-07T01:00:00.000+05:30

V I R U S – Vital Information & Resources Under Siege

Composition of Virus – Every Computer virus must have two parts

First - A Search Routine

Second - Routine to copy itself

The search routine searches for the targets on the disk in order to spread infection i.e. this routine decides what to infect?

The copy routine copies itself to the result of the search routine.

The size of the Virus depends on the target and the speed to spread infection

Viruses are written in assembly language because it provides all the necessary functionality to the program for jumping from one target to other. It does not mean that one cannot code a virus in High level languages such as C, Pascal, Basic, etc., but assembly language provides control over computer resources easily and hence we can use them our way.

Note: If you are not familiar with Assembly Language instructions then this and the next two or three articles are of no use for you.

The aim of this article is to just give you a feel of virus programming; No effort will be made to teach anyone full fledged virus programming.

In order to explain the process we are taking the example of a very simple virus which infects .COM files.

In order to understand the programming we must first learn some of the basic DOS functions i.e. how DOS works?

Open the DOS prompt and type anything in it which does not exist for e.g.: type “vedjhwe” you will get the following result “‘yedjhwe’ is not recognized as an internal or external command, operable program or batch file”.

This means that whenever a user enters a name of the program at the DOS prompt, DOS begins to look for that file - first for a “.com” extension (Command file), then “.exe” extension (Operable Program), then “.bat” extension (Batch File) and if it does not found any of these then it displays the above message OR “Bad Command or file name”.

In order to execute a COM file DOS first check whether there is enough memory to execute the program and if there is memory available DOS loads the program. Also, DOS records how much memory it is giving to the program so there isn’t any memory clash. Next DOS builds PSP at the offset 0 (Program Segment Prefix – a block of memory). Finally, the program is loaded into the memory just above the PSP, starting at the offset 100H. Some of the registers in the CPU must be set to a predetermined value for the COM program to run properly. After all this initial work is done DOS passes the control to the program.

Designing the Virus---------

In order for a virus to reside inside a COM file, it must get the controls passed to its own code. So, the easiest way to take control of the program will be at the very beginning of the program, because after the program is executed it’s very difficult to gain control over it.

To gain control over the program the virus must replace the first few bytes in the COM file with a jump instruction to the virus code, which can be attached at the end of the COM file. So, when the COM file is executed, it jumps to the virus code, which in turn starts looking for more similar type of files in order to spread the infection. When the virus is ready, it returns control to the host program (COM Program), restore the initial few bytes which it replaced, and then jump back to offset 100 Hex, where the original program begins.

………………..will continue

HACKING LESSON 15

2007-04-07T00:58:00.000+05:30

The Search Mechanism-

In order to write the search mechanism for the virus (to search files for infecting) we must first understand the following things…

The information about every file on disk is stored in two areas on disk, known as the directory and the File Allocation Table (FAT). The directory contains a 32 byte file descriptor record for each file -
File Descriptor contains - the file’s name, size, date and time of creation, & the file attribute.

The FAT is a map of the entire disk, which simply informs the operating system which areas are occupied by which files.

Let us consider a simple example of calling a file and opening it for reading purpose only –

mov ds,SEG FNAME
mov dx,OFFSET FNAME
xor al,al
mov ah,3DH
int 21H

DOS is told what to do using Interrupt Service Routines (ISR). Interrupt 21H is the main DOS ISR. This program tells DOS to locate the file (FNAME) and prepare it for reading into memory. The “int 21H” instruction transfers control to DOS to perform the task. When DOS is finished opening the file, control returns to the statement immediately after the “int 21H”.

The register ah contains the function number, which tells DOS what to do. ds:dx register pair is used to point to the memory location where the name of the file to open is stored. The register al tells DOS to open the file for reading only.

To write a routine which searches for other files to infect, the DOS search functions are used (DOS has a pair of searching functions incorporated into it called Search First and Search Next). In order to search for a specific file in a particular directory an ASCIIZ string is used.

For example:

DB ’\system\hyper.*’,0

This string will set up the search function to search for all files with the name hyper, and any possible extent, in the subdirectory named system. DOS might find files like hyper.c, hyper.jpg, hyper.exe, etc. After setting up this ASCIIZ string, one must perform the following steps –

1).Set the registers ds and dx up to the segment and offset of this ASCIIZ string in memory.

2).Register cl must be set to a file attribute mask which will tell DOS which file attributes to allow in the search, and which to exclude.

3).Finally, to call the Search First function, one must set ah = 4E Hex.

If the search first function is successful, it returns with register al = 0 and it formats 43 bytes of data in the Disk Transfer Area, or DTA. This data provides the name of the file, its attribute, its size and its date of creation to the search program. If the search cannot find a matching file, DOS returns al non-zero, with no data in the DTA. Since the calling program knows the address of the DTA, it can go examine that area for the file information after DOS has stored it there.

Example: Suppose we want to find all the files in the currently logged directory with an extent “COM”, including hidden and system files.

SRCH_FIRST:
mov dx,OFFSET COMFILE ;set offset of asciiz string
mov cl,00000110B ;set hidden and system attributes
mov ah,4EH ;search first function
int 21H ;call DOS
or al,al ;check to see if successful
jnz NOFILE ;go handle no file found condition

FOUND: ;come here if file found

COMFILE DB ’*.COM’,0

In comparison with the Search First function, the Search Next is easy, because all of the data has already been set up by the Search First. Just set ah = 4F hex and call DOS interrupt 21H:

mov ah,4FH ;search next function
int 21H ;call DOS
or al,al ;see if a file was found
jnz NOFILE ;no, go handle no file found
FOUND2: ;else process the file

If another file is found the data in the DTA will be updated with the new file name, and ah will be set to zero on return. If no more matches are found, DOS will set ah to something besides zero on return. One must be careful here so the data in the DTA is not altered between the call to Search First and later calls to Search Next, because the Search Next expects the data from the last search call to be there.

………………will continue

HACKING LESSON 16

2007-04-07T00:50:00.001+05:30

If our search mechanism as a whole also uses the z flag to tell the main controlling program that it has found a file to infect (z=file found, nz=no file found) then our completed search function can be written like this:

FIND_FILE:
mov dx,OFFSET COMFILE
mov al,00000110B
mov ah,4EH ;perform search first
int 21H

FF_LOOP:
or al,al ;any possibilities found?
jnz FF_DONE ;no - exit with z reset
call FILE_OK ;yes, go check if we can infect it
jz FF_DONE ;yes - exit with z set
mov ah,4FH ;no - search for another file
int 21H
jmp FF_LOOP ;go back up and see what happened

FF_DONE:
ret ;return to main virus control routine

Study this search routine carefully. If it tells the virus to infect a program which does not have room for the virus, then the newly infected program may be inadvertently ruined. A good FILE_OK routine must perform two checks:

(1) It must check a file to see if it is too long to attach the virus to, and
(2) It must check to see if the virus is already there. If the file is short enough, and the virus is not present, FILE_OK should return a “go ahead” to the search routine.

On entry to FILE_OK, the search function has set up the DTA with 43 bytes of information about the file to check, including its size and its name. Suppose that we have defined two labels, FSIZE and FNAME in the DTA to access the file size and file name respectively. Then checking the file size to see if the virus will fit is a simple matter. Since the file size of a COM file is always less than 64 kilobytes, we may load the size of the file we want to infect into the ax register:

mov ax,WORD PTR [FSIZE]

Next we add the number of bytes the virus will have to add to this file, plus 100H. The 100H is needed because DOS will also allocate room for the PSP, and load the program file at offset 100H. To determine the number of bytes the virus will need automatically, we simply put a label VIRUS at the start of the virus code we are writing and a label END_VIRUS at the end of it, and take the difference. If we add these bytes to ax, and ax overflows, then the file which the search routine has found is too large to permit a successful infection. An overflow will cause the carry flag c to be set, so the file size check will look something like this:

FILE_OK:
mov ax,WORD PTR [FSIZE]
add ax,OFFSET END_VIRUS - OFFSET VIRUS + 100H
jc BAD_FILE
..
GOOD_FILE:
xor al,al
ret

BAD_FILE:
mov al,1
or al,al
ret

The next problem that the FILE_OK routine must deal with is how to avoid infecting a file that has already been infected. This can only be accomplished if the virus has some understanding of how it goes about infecting a file. We have replaced the first few bytes of the host program with a jump to the viral code. Thus, the FILE_OK procedure can go out and read the file which is a candidate for infection to determine whether its first instruction is a jump. If it isn’t, then the virus obviously has not infected that file yet. There are two kinds of jump instructions which might be encountered in a COM file, known as a near jump and a short jump. The virus we create here will always use a near jump to gain control when the program starts. Since a short jump only has a range of 128 bytes, we could not use it to infect a COM file larger than 128 bytes. The near jump allows a range of 64 kilobytes. Thus it can always be used to jump from the beginning of a COM file to the virus, at the end of the program, no matter how big the COM file is (as long as it is really a valid COM file). A near jump is represented in machine language with the byte E9 Hex, followed by two bytes which tell the CPU how far to jump.

Thus, our first test to see if infection has already occurred is to check to see if the first byte in the file is E9 Hex. If it is anything else, the virus is clear to go ahead and infect. Looking for E9 Hex is not enough though. Many COM files are designed so the first instruction is a jump to begin with. Thus the virus may encounter files which start with an E9 Hex even though they have never been infected. The virus cannot assume that a file has been infected just because it starts with an E9. It must go farther. It must have a way of telling whether a file has been infected even when it does start with E9. If we do not incorporate this extra step into the FILE_OK routine, the virus will pass by many good COM files which it could infect because it thinks they have already been infected. While failure to incorporate such a feature into FILE_OK will not cause the virus to fail, it will limit its functionality.

One way to make this test simple and yet very reliable is to change a couple more bytes than necessary at the beginning of the host program. The near jump will require three bytes, so we might take two more, and encode them in a unique way so the virus can be pretty sure the file is infected if those bytes are properly encoded. The simplest scheme is to just set them to some fixed value. We’ll use the two characters “VI” here. Thus, when a file begins with a near jump followed by the bytes “V”=56H and “I”=49H, we can be almost positive that the virus is there, and otherwise it is not. To read the first five bytes of the file, we open it with DOS Interrupt 21H function 3D Hex. This function requires us to set ds:dx to point to the file name (FNAME) and to specify the access rights which we desire in the al register. In the FILE_OK routine the virus only needs to read the file. Yet there we will try to open it with read/write access, rather than read-only access. If the file attribute is set to read-only, an attempt to open in read/write mode will result in an error (which DOS signals by setting the carry flag on return from INT 21H). This will allow the virus to detect read-only files and avoid them, since the virus must write to a file to infect it. It is much better to find out that the file is read-only here, in the search routine, than to assume the file is good to infect and then have the virus fail when it actually attempts infection. Thus, when opening the file, we set al = 2 to tell DOS to open it in read/write mode. If DOS opens the file successfully, it returns a filehandle in ax. This is just a number which DOS uses to refer to the file in all future requests. The code to open the file looks like this:

mov ax,3D02H
mov dx,OFFSET FNAME
int 21H
jc BAD_FILE

Once the file is open, the virus may perform the actual read operation, DOS function 3F Hex. To read a file, one must set bx equal to the file handle number and cx to the number of bytes to read from the file. Also ds:dx must be set to the location in memory where the data read from the file should be stored (which we will call START_IMAGE). DOS stores an internal file pointer for each open file which keeps track of where in the file DOS is going to do its reading and writing from. The file pointer is just a four byte long integer, which specifies which byte in the selected file a read or write operation refers to. This file pointer starts out pointing to the first byte in the file (file pointer = 0), and it is automatically advanced by DOS as the file is read from or written to. Since it starts at the beginning of the file, and the FILE_OK procedure must read the first five bytes of the file, there is no need to touch the file pointer right now. However, you should be aware that it is there, hidden away by DOS. It is an essential part of any file reading and writing we may want to do. When it comes time for the virus to infect the file, it will have to modify this file pointer to grab a few bytes here and put them there, etc. Doing that is much faster (and hence, less noticeable) than reading a whole file into memory, manipulating it in memory, and then writing it back to disk. For now, though, the actual reading of the file is fairly simple. It looks like this:

mov bx,ax ;put handle in bx
mov cx,5 ;prepare to read 5 bytes
mov dx,OFFSET START_IMAGE ;to START_IMAGE
mov ah,3FH
int 21H ;go do it

We will not worry about the possibility of an error in reading five bytes here. The only possible error is that the file is not long enough to read five bytes, and we are pretty safe in assuming that most COM files will have more than four bytes in them. Finally, to close the file, we use DOS function 3E Hex and put the file handle in bx. Putting it all together, the FILE_OK procedure looks like this:

FILE_OK:
mov dx,OFFSET FNAME ;first open the file
mov ax,3D02H ;r/w access open file
int 21H
jc FOK_NZEND ;error opening file - file can’t be used
mov bx,ax ;put file handle in bx
push bx ;and save it on the stack
mov cx,5 ;read 5 bytes at the start of the program
mov dx,OFFSET START_IMAGE ;and store them here
mov ah,3FH ;DOS read function
int 21H
pop bx ;restore the file handle
mov ah,3EH
int 21H ;and close the file
mov ax,WORD PTR [FSIZE] ;get the file size of the host
add ax,OFFSET ENDVIRUS - OFFSET VIRUS ;and add size of virus to it
jc FOK_NZEND ;c set if ax overflows (size > 64k)
cmp BYTE PTR [START_IMAGE],0E9H ;size ok-is first byte a near jmp?
jnz FOK_ZEND ;not near jmp, file must be ok, exit with z
cmp WORD PTR [START_IMAGE+3],4956H ;ok, is ’VI’ in positions 3 & 4?
jnz FOK_ZEND ;no, file can be infected, return with Z set

FOK_NZEND:
mov al,1 ;we’d better not infect this file
or al,al ;so return with z reset
ret

FOK_ZEND:
xor al,al ;ok to infect, return with z set
ret

This completes our discussion of the search mechanism for the virus.

MAKING ONLINE MONEY IN INDIA

2007-04-06T23:16:00.000+05:30

Paid Surveys -----

The most frequently asked question today is --- Can I really get paid to take online surveys in India?

Yes, you can really get paid to take online surveys, but the situation is little different for Indians as compared to American's however the situation is changing and in near future there will be tremendous opportunities for Indians to earn money Online.

However, in todays scenario also there are several paid survey companies that are open to Indian citizens. They all pay you to participate in paid surveys. The earning from these surveys ranges from 20 Rs to 100 Rs per survey and can be more. But you need to be patient because these survey companies are not sending surveys on a daily basis. Depending on your profile u will be invited to participate. There can be a chance that you receive only one survey per month.

And be aware of articles saying that you can earn an easy money of Rs 15K to 30K per month just by filling survey forms....its not that easy....A simple survey itself will take around 15 to 30 mins...even if u complete a survey in less time than a predetermined minimum – usually in the range of 8-10 minutes that would normally take 20 minutes to complete....u wont get paid....

A nominal amount that a person can earn per month would be around 1500 Rs to 2000 Rs per month per company........

Due to some legal requirements we cannot directly paste the link to the survey companies here....whoever is interested in joining the panel can send an email to hackinme@gmail.com, within 24 hrs you will receive an invitation from the company itself.

$

Fire Master 2.1 - Firefox Master Password Recovery Tool

2007-04-06T00:47:00.000+05:30

If you have forgotten the master password, then using FireMaster you can find out the master password and get back your lost information. It uses various methods such as dictionary, hybrid and brute force attack to crack the password.

SEARCHING SEARCH ENGINE (Lesson 1)

2007-04-05T20:39:00.000+05:30

Most of the people uses search engine by just dropping in some keywords and then looking for what turns up. Whereas if you use make proper use of some syntaxes you can easily get what you are looking for.

Here we cannot promote the name of any search engine so i'm using the letter "G" to denote the search engine name.

Boolean function-

AND - This function is default i.e. if u search for anything without using a function, G will search for all of them. E.g.: hacking black book - u will get the result for all of em can be in a single document can be in different document some containing "hacking", some containing "black" and some "book".

OR - If you want that either word is acceptable. E.g.: Hacking or black or book

" " - If you want the exact phrase you group your search with parentheses. E.g.: "hacking black book" will show all the pages where all three of them are together and in same sequence.

Using * - Searching for " hack * book" in G would give results as "hacking black book", "hacking blue book", "hacking red book" and so on.

intitle: Restricts the search to the TITLES of web pages.

allintitle: Restricts the search to pages where all specified words make up the title of the web page.

inurl: Restricts your search to the URLs of web pages.

allinurl: Restricts the search to pages where all specified words make up the URL of the web page.

intext: Searches only body text (i.e., ignores link text, URLs, and titles).

allintext: Searches for all specified words in the body of text

inanchor: Searches for text in a page's link anchors. A link anchor is the descriptive text of a link.

site: Searches for the exact site. E.g.: site: hackingme.blogspot.com

link: Returns a list of pages linked to the specified url.

cache: Finds a copy of the page that G indexed, even if that page is no longer exists. This type of search is necessary for pages that change often.

daterange: Restricts your search to a particular date or range of dates that a page was indexed. Works perfect with Julian and not Gregorian dates (the calendar we use every day.) The Gregorian/Julian converters are available online.

filetype: Searches the suffixes or filename extensions.
E.g.: hacking black book.pdf, hacking black book.doc, etc.

related: Finds pages that are related to the specified page. E.g.: related: google.com

info: Provides a page of links to more information about a specified URL...

phonebook: Looks up phone numbers.

TORRENTS - A POWERFUL SEARCH ENGINE (Lesson 2)

2007-04-04T21:02:00.000+05:30

Searching password cracker’s or full version of software’s is a bit difficult when a person is using a search engine like google, altavista, etc.

For e.g.: If a person is searching for a password cracker that can crack Microsoft office password’s on a search engine, then the initial few sites that he would get are the companies that spends lot of money on SEO (Search Engine Optimization) and their target segment is not a hacker. These websites are looking for people or companies which actually pay for there software’s and hence these are not our target sites as well.

Make a note of one point that NO SEARCH ENGINE IS PERFECT, though they can provide you with good result 80% of time but still there is a gap of 20% and from a hacker’s point of view these 20% are most important.

So where a SEARCH ENGINE fails TORRENT’S pass.

What are Torrents?

When you browse the web, the pages you look have to be downloaded to your computer. This transferring of web pages to your computer relies on the Hyper Text Transfer Protocol (HTTP - just a standard way of transferring web pages to your computer).

Another Protocol is File Transfer Protocol (FTP - a standard way to transfer files between computers).

There are different browsers which are HTTP compliant such as - Internet Explorer, Netscape, Firefox, etc. The same holds true for torrents and hence there are many different programs that are "Torrent Compliant", which means they will be able to connect and transfer files using the Torrent method.

So in case of torrents there are two things a TORRENT PROGRAM and a TORRENT FILE. A Torrent file just contains a bunch of information that define where to connect (the system address), what to download, etc.

Some of the torrents program available free of cost on net are - BIT TORRENT, AZUREUS, etc.

How to use a Torrent? (The process is very much similar to that of a Download Manager program)

Steps involved-

1). Download the torrent program from internet.

2). Install it on your system.

3). Search for the torrent file.

- Either on a normal search engine – google, altavista, etc.

- Or on a torrent search engine such as isohunt, demonoid, etc.

The size of a torrent file is in KB’s so not a big deal to download. Once you have downloaded the torrent file just click on it, it will automatically open in the torrent program or choose from the “open with” option to open it in the torrent program on your system.

Rest is like download manager.

E.g.:

-I want to download Microsoft office password cracker. I tried google but couldn’t get the full version.

-I downloaded a program called AZUREUS, then I downloaded the additional software required to run it which is a java client.

-I opened a torrent search engine and typed Microsoft office password cracker. I got around 100 results. But what the hell is this “S” and “L” written in front of every result.

>S is a seed which in turn is a computer that has a complete file available for other computers to download (so the torrent file with maximum number of seeds is the best file to download)

>L is leeching which specifies the number of users who are currently downloading the file.

-I downloaded the file with maximum number of seeds but it took only 2 secs whereas the file size mentioned was 5 MB.

>The file size mentioned was the original file size of the password cracker. The size of a torrent file will never be more than a few KB.

-I clicked on the torrent file and it automatically opened in the program. I then specified the directory path where I want to download the password cracker and the download starts instantaneously. If I switch off the system and then again switch it on the download will start from the same point where it stopped.

Torrent method can generate unexpected results provided you must have your own personal computer with a good connection speed.

John the Ripper

2007-04-04T15:19:00.000+05:30

John the Ripper is another fast password cracker available for Unix, DOS, Win32, etc.. Its primary purpose is to detect weak Unix passwords.

PORT SCANNING (Lesson 5)

2007-04-03T21:13:00.000+05:30

Every computer connected on internet has a unique Internet Protocol (IP) address that identifies them over the Internet. Hackers use a hacking tool called a scanner to search for a range of IP addresses for a computer to attack.

When the scanner finds a computer at a particular IP address, it then examines the ports on that computer to see which ones could be exploited.

A port represents a specific way for a computer to communicate over the Internet. When a computer connects to the Internet, it needs to know when it's receiving email and when it's accessing a web page. Since information from the Internet flows into the computer through the same physical connection (a telephone line or cable modem), computers create separate ports to accept certain data. This way the computer knows how to handle data.

Each port is assigned a number and every computer connected to the Internet uses ports, which means that ports open up a door that hackers can use to access a computer.

SERVICE	PORT

File Transfer Protocol (FTP)	21
Telnet	23
Simple Mail Transfer Protocol (SMTP)	25
Gopher	70
Finger	79
Hypertext Transfer Protocol (HTTP)	80
Post Office Protocol, version 3 (POP3)	110

To attack a computer, you need the target computers IP address. There are lots of software’s available on net for this purpose one way is by looking up for the domain name on the Network Solutions website. Once you know a computer's IP address, the next step is to find which ports are open in order to access the target computer.

Ways to check which port is open-----

TCP connect scanning – Hacker sends a SYN packet to the target computer and waits for a return acknowledgment packet (SYN/ACK), and then sends another acknowledgment packet (ACK) to connect. This type of scanning is easily recognized by target computers to alert them of a possible hacker attack.

TCP SYN scanning – Same as above but when the acknowledgement is received the hacker does not sent back the ACK packet to connect . By doing this the hacker knows that the port is listening and hence open. This technique has less chances of getting detected.

TCP FIN scanning – Hacker sends a "No more data from sender" (FIN) packet to a port. A closed port responds with a Reset (RST) message, while an open port simply ignores the FIN packet.

The next task is to find the target computer’s operating system in order to know the commands for guessing the computer's password.

<FIN probing: Hacker sends a FIN ("No more data from sender") packet to a port and waits for a response. Windows responds with RST (Reset) messages .

<FIN/SYN probing: Hacker sends a FIN/SYN packet to a port and waits for a response. Linux systems respond with a FIN/SYN/ACK packet.

<ICMP message quoting: Hacker sends data to a closed port and waits to receive an error message. All computers send back the initial IP header of the data with an additional eight bytes tacked on. Solaris and Linux systems, however, return more than eight bytes.

Once a hacker knows the IP address, the open ports available, and the type of operating system for a target computer, the hacker can plan his strategy for breaking into the computer.

COMPANIES & PLACEMENT CONSULTANTS

2007-04-03T13:40:00.000+05:30

Get the database of companies and placement consultants all over INDIA with contact email - id's.

Leave your email in the comments field or send a mail to hackinme@gmail.com >>>

Regards
$

IMPORTANT TOOLS FOR SECURITY BREACHING (Lesson 6)

2007-04-02T21:21:00.000+05:30

First Step – Finding a computer to attack

Second Step – Breaking into it

Third Step – Crack the password

A hacker can find the password in the following ways:

1).Keystroke Logger-

A Keystroke Logger can record each and everything a person types. A logger can either send the recording to a monitoring computer or saves it to a file in the same computer. The key logger run’s in hidden mode i.e. they hide their presence from the user, although a professional person can check their existence in the computer system.

When the user leaves the target computer, the hacker can recover the log file in which every entry is recorded be it an email id username, password, credit card number, etc. Some key loggers can even mail the log file to the hacker so that they can monitor the target’s activity from another location.

For using a key logger the hacker must have access to target computer system on a regular basis.

2).Desktop-Monitoring Programs-

If the hacker doesn’t have access to the target computer on a regular basis then a desktop monitoring program is the solution. If the hacker is successful in installing this program on the target computer, then, whatever the user types on the target computer will appear on the hacker’s computer screen.

3). Brute-Force Attack-

The brute-force method simply tries every possible combination of alphabets, (small + caps), special characters and numbers of varying lengths. However, this method can take days to crack a password.

Brute-force attacks are very much successful in cracking Windows 98 and UNIX passwords. In windows 98 the user name and password is stored in the windows/*.pwl files whereas most of UNIX systems store the list of account names and passwords in the /etc/passwd file.

To gain access to the target computer the hackers simply copy the /etc/passwd file or the *.pwl file to their own computer so that they can run a brute-force attack on that file at their convenience, without any risk.

CAIN & ABEL

2007-04-02T21:16:00.000+05:30

My favorite password cracking tool.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

HACKING LESSON 12

2007-04-02T21:00:00.000+05:30

A Basic Approach - Attacking a Remote Computer

In this lesson we will try to explain the following topics------

1).Basic commands through which the hackers get into your system.

2).The necessary tools used for this purpose.

3).Some tips and tricks.

4).A little description about Trojans, etc…

We will also try to explain how to catch someone who is trying to get into your system…..

Let us first start with the commands…..

1).NETBIOS - NetBIOS (Network Basic Input/Output System) is a program that allows applications on different computers to communicate within a local area network (LAN).

NetBIOS provides two communication modes: session or datagram. Session mode lets two computers establish a connection for a "conversation," allows larger messages to be handled, and provides error detection and recovery. Datagram mode is "connectionless" (each message is sent independently), messages must be smaller, and the application is responsible for error detection and recovery.

2).NBTSTAT - Nbtstat is designed to help troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.

The nbtstat command removes and corrects preloaded entries using a number of case-sensitive switches. The nbtstat - a <name> command performs a NetBIOS adapter status command on the computer name specified by < name> . The adapter status command returns the local NetBIOS name table for that computer as well as the MAC address of the adapter card. The nbtstat -A < IP address > command performs the same function using a target IP address rather than a name.

3).NET VIEW - The NET VIEW command displays a list of computers in the specified workgroup, or shared resources available on the specified computer.

4).NET USE - Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections.

5).NETSTAT - Netstat provides statistics for the following:

Proto - The name of the protocol ((TCP or UDP).

Local Address - The IP address of the local computer and the port number being used. The name of the local computer that corresponds to the IP address and the name of the port is shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).

Foreign Address - The IP address and port number of the remote computer to which the socket is connected. The names that corresponds to the IP address and the port are shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).

State - Indicates the state of a TCP connection. The possible states are as follows: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, and TIME_WAIT.

For all these commands you need to have the IP address of the target computer. Also, you can try all these commands on your own IP address.

Let’s see how NBTSTAT works---

Open command prompt and type NBTSTAT /?, this will show the help for using this command (Note: /? Applies for all other commands also)

If I have the ip address xxx.xxx.xx.x

nbtstat –A xxx.xxx.xx.x

This will give the NetBIOS Remote Machine Name Table.

In front of every name you will see some numbers written like this <20>, <03>….These numbers tells the status of the remote computer. <20> signifies that the target computer’s file and printer sharing is on.

Once we have this information the next step is to use the command net view……..

Net view \\xxx.xxx.xx.x

This will give the name of shared resources, like My Documents, Temp folder, etc…

The final command required now is Net Use. This command will connect you to the target computers shared resources i.e. my documents, temp folder, etc.

This process is called the NETBIOS attack.

BOOKS SECTION

2007-04-02T15:44:00.000+05:30

Current Uploads -

PROCEDURE TO START

2007-04-01T23:10:00.000+05:30

In order to post, first of all every user need to register....for which he/she should send a mail to the following id hackinme@gmail.com or leave your email id in the comments field of this post. Once your email is added then you can easily access the blog....post your queries and receive the answers accordingly.

What can you learn here-------

1). How to make use of search engines in most effective way?
2). What is the use of different types of softwares?
3). From what sources you can get these softwares?
4). Using Windows registry, and all the other features of your system.....
5). How to earn online?
6). PLUS A LOT MORE............

Looking forward for a wonderful experience.........

Regards
$

HACKING MADE EASY

2007-04-01T22:57:00.000+05:30

Be aware that there are restrictions here for asking and posting about the following topics:

1) Hacking yahoo, hotmail, orkut, gmail, MSN, etc.
2) Links to porn or viruses.
3) Hacking Credit card/bank account/paypal, etc.

Regards
$

WINDOWS REGISTRY (Lesson 3 & 4)

2007-04-01T21:25:00.000+05:30

The Windows Registry Editor is the tool that enables you to make changes to your system registry, which stores information about how the hardware and software on your computer runs. Generally, you will not and should not edit your system registry unless it is absolutely necessary. Most changes are made to the registry without your knowing they are happening. For example, installing a new application or adding a new printer to your system will update the registry. If there is an error in your registry, your computer may become unstable or nonfunctional. With a good backup, you can restore the registry to its state before any changes were made.

To access the system registry, click Start > Run, type Regedit and press the Enter key. This will open the Registry Editor.

Inside the Registry Editor – There are 5 Keys on the left side of the screen

Hkey_Classes_Root - This key displays information about OLE and associated mappings to support drag-and-drop operations.

Hkey_Current_User - This points to a branch of Hkey_Users for the currently logged on user.

Hkey_Local_Machine - This contains computer specific information including installed hardware and software. This is the one I tend to spend the most time in.

Hkey_Users - This contains information about users that have logged on to the computer

Hkey_Current_Config - This key points to a branch of Hkey_Local_Machine \ Config and has information such as display fonts and printers.

TIPS- All these tricks listed below are for Windows 95 many of them work with XP also, but make sure of one thing….before changing, deleting or creating any value…or to be on a safer side before TOUCHING the registry make sure that you have taken a back up (Go to File > Export for back up) of the registry. One wrong step can crash your system.

CAUTION: The backup that will be created will be a .REG file and is executable. Therefore double-clicking it will replace your current registry with the registry contained in the .REG file. This can be extremely dangerous. Be certain this is what you really want to do.

- Changing the Location of Special Folders

You can modify the registry to change the location of special folders like:

My Documents
Favorites
My Pictures
Personal

Start Regedit
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Double click on any locations you want to change and alter the path
Logoff or restart for the changes to go into effect

Eliminating the Right Click on the Taskbar

To eliminate the right click on the taskbar:

Start Regedit
Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer
Add a DWORD and give it a name of NoTrayContextMenu
Give it a value of 1
Reboot

Eliminating the Right Click on the Desktop

To eliminate the right click on the desktop:

Start Regedit
Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer
Add a DWORD and give it a name of NoViewContextMenu
Give it a value of 1
Reboot

These are only three tricks…..there are many more available on net…..the idea here is not to teach you how to disable right click or how to change the color, fonts, looks, etc…..The basic reason why we post this chapter is to teach that if registry is the place where all the information is stored then why cant we brake passwords from here???

E.g. I install a software on my system to guard some folders which contain material which I want to hide. In order to access the folder I have to input a password, and if it is right only then I can see the content of the folder.

From this example it is clear that the password is stored somewhere in the system from where the software compares the value which I enter in the password field.

For this example as well as for every other software which asks for password to access the system features including the windows login password, all these values are stored in windows registry. Whenever the user enters a password, it is compared with the value stored in the system registry, and if it is found correct only then the user is allowed to access the feature.

In Windows registry we can search for specific items, keys, values or software’s using the search function in edit menu. But there is one problem the password is not stored in its original form, it is converted to some other format so that no one can recognize it. E.g.; If I set the password as “hacking” it is stored as “6167453291” or may be some other form depending upon the software.

In such cases what we can do is reset the password i.e. delete the value (whatever it is). Once the value is deleted there is no password and our purpose is solved.